HomeHow It Works Math DetailsSecurity AboutTry Demo
โšก Interactive Demo

Hybrid PQC File Transfer Demo

Encrypt a real message or file using hybrid ECDH + LWE/Kyber cryptography โ€” all in your browser. No data ever leaves your device.

โšก One-Click Demo

Skips to the end โ€” runs the full hybrid key exchange + encryption automatically with a demo message.

Progress
Security Info
๐Ÿ” ECDH: P-256
๐Ÿ”ฎ LWE: n=4, q=97
๐Ÿ”€ KDF: SHA-256
๐Ÿ”’ AES-256-GCM
โœ“ All crypto runs locally
๐Ÿ”

Step 1: Choose Your Input

Step 1 of 5

Choose what you'd like to encrypt โ€” type a message or upload a file (max 5 MB).

โœ๏ธ
Type a Message
๐Ÿ“
Upload a File

Watch as Alice (Sender) and Bob (Receiver) perform two parallel key exchanges โ€” ECDH (classical) and LWE (post-quantum) โ€” to arrive at the same hybrid key.

A
Alice
Sender
ECDH Public Key
Waitingโ€ฆ
LWE Ciphertext u = Aแต€r + eโ‚
Waitingโ€ฆ
Alice's ECDH Shared Secret
Waitingโ€ฆ
Alice's LWE Key = bยทr mod q
Waitingโ€ฆ
โŸท
Public channel
โŸท
B
Bob
Receiver
ECDH Public Key
Waitingโ€ฆ
LWE Public Key (A, b)
Waitingโ€ฆ
๐Ÿ”ฎ LWE Matrix Operations (n=4, q=97)
Matrix A (public)
Awaiting key generationโ€ฆ
ร— secret s
โ€”
+
error e
โ€”
=
b (public)
โ€”
โš  LWE decryption failure! Noise bound exceeded. This is expected when ฮท is too large โ€” it shows why parameter selection matters in real Kyber.
๐Ÿ”€ Hybrid Key = SHA-256(ECDH_secret โ€– LWE_secret โ€– "HybridPQC-v1")
Run the key exchange to see the derived hybrid keyโ€ฆ
๐ŸŽ› LWE Noise Bound (ฮท) 1

ฮท = 1 (safe). Increase beyond 3 to trigger correcntess failure. Real Kyber: ฮท = 2โ€“3 with much larger q.

โš  Noise ฮท > 3 โ€” correctness bound may be exceeded. Decryption will likely fail!

Using the hybrid key, encrypt your file with AES-256-GCM. This is real, production-grade symmetric encryption.

Hybrid Key Ready

256-bit key derived from ECDH + LWE:

โ€”
Random IV Generated

A fresh 96-bit random nonce (IV) is generated for each encryption. Never reused.

Awaiting encryptionโ€ฆ
AES-256-GCM Ciphertext

Your file encrypted + 128-bit authentication tag:

โ€” Encrypt to see ciphertext โ€”

Size: โ€”  |  Format: HPQC magic (4B) + IV (12B) + Ciphertext + Tag (16B)

๐Ÿ“ฆ

Encrypted File Ready!

Your file has been encrypted with hybrid post-quantum cryptography. Download the .hpqc file โ€” only someone with the hybrid key can decrypt it.

โœ“ ECDH Protected
โœ“ LWE Protected
โœ“ AES-256-GCM Authenticated
๐Ÿ’ก
What's in the .hpqc file?

The .hpqc file is a JSON file containing your Base64-encoded ciphertext โ€” this means it opens cleanly in any text editor and uploads reliably across all browsers. Structure:

{
  "format": "HybridPQC-v1",
  "algorithm": "AES-256-GCM",
  "iv": "<base64 nonce>",
  "ciphertext": "<base64 encrypted data + GCM tag>",
  "originalSize": <bytes>
}

The key is NOT stored in the file โ€” it lives only in the key exchange session.

Upload an encrypted .hpqc file to decrypt it. The hybrid key from this session will be used automatically.

Load Encrypted File
๐Ÿ”

Drop your .hpqc file here, or click to browse

(The .hpqc file is a JSON file โ€” upload it exactly as downloaded)

Choose File
Decrypted Content
Decrypted content will appear hereโ€ฆ
View Security Analysis โ†’

๐Ÿ–ฅ Computation Log

[init] HybridPQC Demo initialized. Web Crypto API: available โœ“
[info] LWE parameters: n=4, q=97, ฯ‡ = centered binomial B(2,0.5)-1
[info] ECDH: P-256 (secp256r1) via Web Crypto API โ€” real cryptography!
[info] AES-256-GCM: Web Crypto API โ€” authenticated encryption.
[ready] Ready. Complete Step 1 to begin.
๐Ÿ”‘

Real ECDH

This demo uses the browser's Web Crypto API for actual ECDH key exchange. The shared secret is a real P-256 Diffie-Hellman output, not a simulation.

๐Ÿ”ฎ

Simplified LWE

LWE uses n=4, q=97 โ€” tiny but mathematically correct. The actual matrix operations, error addition, and decapsulation all work exactly as in Kyber, just at tiny scale.

๐Ÿ”’

Real AES-256-GCM

File encryption uses the real AES-256-GCM algorithm from Web Crypto API. Your file is genuinely encrypted and can only be decrypted with the correct hybrid key.