About & References – Learning Outcomes

✅ What Was Built

Project Overview

This project implements a hybrid post-quantum encrypted file transfer web application — entirely in the browser using HTML, CSS, and JavaScript with the Web Crypto API.

The goal was to demonstrate that cutting-edge cryptography, while mathematically complex, can be made accessible and interactive. By showing the actual matrix operations, hex keys, and step-by-step process, students can understand the mechanics behind NIST's 2024 post-quantum standards.

✓

Real ECDH key exchange (Web Crypto API, P-256)

Not a simulation — actual browser cryptography

✓

Simplified but mathematically correct LWE (n=4, q=97)

Real matrix operations, error sampling, correctness proof

✓

Hybrid key derivation via SHA-256

Domain-separated combination of both secrets

✓

Real AES-256-GCM file encryption + download

Authenticated encryption, custom .hpqc file format

✓

Interactive noise demo (correctness failure visualization)

Increase η to break decryption — shows parameter importance

📦 Project Stats

Total files 16 files

Pages 6 pages

Crypto library Web Crypto API (native)

Backend required None (pure frontend)

Math rendering KaTeX (CDN)

Encryption AES-256-GCM (real)

JS dependencies Zero (no npm)

🎓 What I Learned

Learning Outcomes

🔮

Lattice-Based Cryptography

Deep understanding of LWE, its connection to lattice hard problems (SVP, SIVP), and why random errors create computational hardness. The mathematical reduction from LWE to worst-case lattice problems is elegant and non-trivial.

📜

NIST Standardization

Followed the NIST PQC competition (2016-2024). Kyber (ML-KEM, FIPS 203) emerged as the primary KEM standard. Understanding the design philosophy: security proofs, efficiency trade-offs, implementation simplicity.

🔀

Hybrid Cryptography

Why hybrid is NIST's recommendation for the transition period (2024-2030+). The composability of KEMs: if either component is secure, the combined key is secure. Domain separation via labeled hashing.

💻

Web Crypto API

The browser's native crypto API is powerful: ECDH, AES-GCM, SHA-256 all natively available. The API is subtly different from Node.js's crypto module — promise-based, with strict key extractability policies.

⚡ Challenges

Challenges Faced

Challenge 1

LWE Parameter Selection

Finding parameters (n, q, η) small enough to display in a demo but large enough to show that decryption actually works — and fails instructively when noise is too high. The n=4, q=97 choice required careful analysis of the correctness bound $|\delta| < q/4$.

Challenge 2

Error Distribution Sampling

JavaScript's Math.random() is not cryptographically secure. All sampling uses crypto.getRandomValues() for uniform bits, then constructs the centered binomial distribution from uniform bits. This mirrors how real Kyber samples its error distribution.

Challenge 3

Key Non-Extractability in Web Crypto

AES-GCM keys imported via crypto.subtle.importKey(..., false, ...) are non-extractable by design — you can't read the raw bytes back. This required careful design: derive the key bytes first (for display), then import separately for encryption operations.

Challenge 4

LWE vs Kyber Simplification

Real Kyber uses polynomial arithmetic in $\mathbb{Z}_q[x]/(x^n + 1)$ with NTT (Number Theoretic Transform) for efficiency. Representing this accurately in a demo without becoming incomprehensible required careful scoping: plain LWE captures all the key ideas without polynomial rings.

🚀 What's Next

Future Work

🔮

Real Kyber via liboqs-WASM

Compile the Open Quantum Safe's liboqs library to WebAssembly. This would give a production-grade Kyber-768 implementation running in the browser, with n=256, q=3329 — real security parameters.

Medium difficulty

🌐

Real Network Transfer

Add a WebSocket server (Node.js + ws) so Alice and Bob can actually transfer files over a network. The key exchange would run over the WebSocket, demonstrating a real-world use case.

Medium difficulty

📜

PQ-TLS Integration

Integrate into TLS via HKDF and proper KEM transport. Real hybrid PQC in TLS 1.3 uses X25519Kyber768 — the ECDH + Kyber combination as a single KEM. This is already deployed by Cloudflare and Google.

High difficulty

📚 References

Academic References

On Lattices, Learning with Errors, Random Linear Codes, and Cryptography.

Oded Regev. STOC 2005, J. ACM 56(6), 2009.

The foundational paper introducing LWE and proving it is as hard as worst-case lattice problems (SIVP, GapSVP). Essential reading for understanding the security foundation.

View Paper →

CRYSTALS-Kyber: A CCA-Secure Module-Lattice-Based KEM.

J. Bos, L. Ducas, E. Kiltz, T. Lepoint, V. Lyubashevsky, J.M. Schanck, P. Schwabe, G. Seiler, D. Stehlé. EuroS&P 2018.

The Kyber paper. Introduces the module-LWE approach for efficient KEM construction and provides the security proof for Kyber.CPA and Kyber.CCA2 security.

IACR ePrint →

Module-Lattice-Based Key-Encapsulation Mechanism Standard (FIPS 203).

NIST, August 2024.

The official NIST standard for ML-KEM (based on Kyber). Defines the exact parameter sets, algorithms, and security requirements. This is the algorithm that production systems should implement.

NIST Standard →

Post-Quantum Cryptography.

Daniel J. Bernstein, Tanja Lange. Nature 549, 188–194 (2017).

An accessible survey of the post-quantum landscape, covering lattice, code-based, hash-based, and multivariate approaches. Excellent starting point for understanding the field.

View Article →

Open Quantum Safe (OQS) Project.

University of Waterloo, 2016–present.

The liboqs library implements production-grade post-quantum algorithms including Kyber, Dilithium, and others. Used by OpenSSL, OpenSSH, and other major projects for hybrid PQC integration.

OQS Project →

Web Cryptography API (W3C Recommendation).

W3C, 2017. MDN Documentation — continuously updated.

The cryptographic API used in this demo for ECDH, AES-256-GCM, and SHA-256. Provides native, hardware-accelerated cryptography in all modern browsers without any dependencies.

MDN Reference →

About This Project