Cradicle Explorer
Kyber-OTP-Distributor
/ README.md
README.md
  1  # Kyber-OTP-Distributor
  2  
  3  **Kyber-OTP-Distributor** is a post-quantumโ€“secure key distribution system designed for **GhostLine**, a multi-participant chat platform based on **information-theoretic One-Time Pad (OTP) encryption**.
  4  
  5  The project addresses the primary unsolved problem of practical OTP deployment: **securely distributing identical key material to multiple participants without physical key exchange**, while preserving both **perfect secrecy** and **post-quantum resilience**.
  6  
  7  The system enables a single administrator to distribute *cryptographically identical OTPs* to multiple participants. Each participant receives a **unique cryptographic package** which deterministically decrypts to the same shared OTP, enabling group communication with provable secrecy guarantees.
  8  
  9  ![GUI and QR code Image](images/kiber2.jpg)
 10  
 11  ---
 12  
 13  ## ๐Ÿš€ Why Kyber-OTP-Distributor?
 14  
 15  - **Information-theoretic secrecy** via One-Time Pads  
 16  - **Post-quantum secure distribution** using Kyber-1024  
 17  - **No physical meetings or couriers required**  
 18  - **Per-recipient cryptographic isolation**  
 19  - **Single-distribution, multi-recipient OTP delivery**  
 20  
 21  ---
 22  
 23  ## ๐Ÿ” Problem Statement
 24  
 25  GhostLine requires all participants to share an *identical OTP* to maintain information-theoretic security. Traditional OTP distribution relies on physical exchange or trusted couriers, which do not scale and fail under realistic threat models.
 26  
 27  Kyber-OTP-Distributor enables secure, network-based OTP distribution without weakening OTP assumptions.
 28  
 29  ---
 30  
 31  ## ๐Ÿง  Cryptographic Design: Wrap-Then-Encrypt
 32  
 33  ### Construction Overview
 34  
 35  1. **Session Key Generation**  
 36     Generate a fresh random AES-256 session key (`K_session`).
 37  
 38  2. **OTP Encryption**  
 39     Encrypt OTP material once using **AES-256-GCM**, producing `E_otp` (shared by all recipients).
 40  
 41  3. **Per-Recipient Key Encapsulation**  
 42     - Kyber-1024 KEM establishes a unique shared secret  
 43     - SHAKE256 derives a wrapping key  
 44     - `K_session` is encrypted per recipient  
 45  
 46  4. **Distribution**  
 47     Each participant receives a unique wrapped session key plus the common OTP ciphertext.
 48  
 49  ---
 50  
 51  ## ๐Ÿ›ก Security Model & Threat Assumptions
 52  
 53  ### Adversary Capabilities
 54  
 55  - Full network interception and modification  
 56  - Long-term ciphertext storage  
 57  - Post-quantum computational resources  
 58  
 59  ### Security Guarantees
 60  
 61  - Perfect secrecy of OTPs (under correct usage)
 62  - Post-quantum confidentiality via Kyber-1024
 63  - Recipient compromise isolation
 64  - Distribution-level forward secrecy
 65  
 66  ### Non-Goals
 67  
 68  - Endpoint compromise protection
 69  - OTP misuse mitigation
 70  - Identity authentication beyond key possession
 71  
 72  ---
 73  
 74  ## ๐Ÿงช Cryptographic Review Alignment
 75  
 76  - No custom primitives  
 77  - Conservative parameter choices  
 78  - Explicit threat model  
 79  - No entropy amplification claims  
 80  - Clean separation of cryptographic roles  
 81  
 82  ---
 83  
 84  ## ๐Ÿ›  Installation
 85  
 86  ### Prerequisites
 87  
 88  - Rust 1.70+
 89  - True entropy source
 90  
 91  ### Build
 92  
 93  ```bash
 94  git clone https://github.com/yourusername/kyber-otp-distributor
 95  cd kyber-otp-distributor
 96  cargo build --release
 97  ```
 98  
 99  ---
100  
101  ## ๐Ÿ’ป Usage
102  
103  ### Participant Key Generation
104  
105  ```bash
106  cd client-tool
107  cargo run --bin keygen -- --name alice
108  ```
109  
110  ### Administrator Distribution
111  
112  ```bash
113  cd admin_tool
114  cargo run --   --otp /path/to/entropy.bin   --pubkeys /directory/of/keys   --output ./distribution
115  ```
116  
117  ### Participant Decryption
118  
119  ```bash
120  cd friend_tool
121  cargo run --bin decrypt --   --secret alice_secret.key   --package ./alice   --common ./common   --output ghostline_otp.bin
122  ```
123  
124  ---
125  
126  ## ๐Ÿ“œ License
127  
128  Unrestricted use, modification, and redistribution.
129  
130  ---
131  
132  ## ๐Ÿ“ฌ Contact
133  
134  - Website: https://enkryp.duckdns.org
135  - Email: battosai@dnmx.su
136  - PGP: public-key.asc
137  
138  ### LXMF
139  
140  ```
141  1b634f9ac2aee34bec3276ad17f52d11
142  ```
143  
144  ### Briar
145  
146  ```
147  briar://ac4jkk7rqcb7vbvjudzvoav64lcypoo3qaj3b5wnndcvvsdpz3fvs
148  ```