Kyber-OTP-Distributor
Quantum-safe distribution system for One-Time Pad keys
rad:zRg6jPAex2gzAEtkX92R1vMB3PY9
Visibility
public
Delegates
did:key:z6MkkzoSd5p9d5ZKFf3BRrG247towTjepZtER71QFFkMvgs6
Default branch
master → 99c0a561146078a263c36d8fb51eb1c321582401 (Thu Jan 29 00:39:30 2026)
Threshold
1
README.md
# Kyber-OTP-Distributor **Kyber-OTP-Distributor** is a post-quantumโsecure key distribution system designed for **GhostLine**, a multi-participant chat platform based on **information-theoretic One-Time Pad (OTP) encryption**. The project addresses the primary unsolved problem of practical OTP deployment: **securely distributing identical key material to multiple participants without physical key exchange**, while preserving both **perfect secrecy** and **post-quantum resilience**. The system enables a single administrator to distribute *cryptographically identical OTPs* to multiple participants. Each participant receives a **unique cryptographic package** which deterministically decrypts to the same shared OTP, enabling group communication with provable secrecy guarantees.  --- ## ๐ Why Kyber-OTP-Distributor? - **Information-theoretic secrecy** via One-Time Pads - **Post-quantum secure distribution** using Kyber-1024 - **No physical meetings or couriers required** - **Per-recipient cryptographic isolation** - **Single-distribution, multi-recipient OTP delivery** --- ## ๐ Problem Statement GhostLine requires all participants to share an *identical OTP* to maintain information-theoretic security. Traditional OTP distribution relies on physical exchange or trusted couriers, which do not scale and fail under realistic threat models. Kyber-OTP-Distributor enables secure, network-based OTP distribution without weakening OTP assumptions. --- ## ๐ง Cryptographic Design: Wrap-Then-Encrypt ### Construction Overview 1. **Session Key Generation** Generate a fresh random AES-256 session key (`K_session`). 2. **OTP Encryption** Encrypt OTP material once using **AES-256-GCM**, producing `E_otp` (shared by all recipients). 3. **Per-Recipient Key Encapsulation** - Kyber-1024 KEM establishes a unique shared secret - SHAKE256 derives a wrapping key - `K_session` is encrypted per recipient 4. **Distribution** Each participant receives a unique wrapped session key plus the common OTP ciphertext. --- ## ๐ก Security Model & Threat Assumptions ### Adversary Capabilities - Full network interception and modification - Long-term ciphertext storage - Post-quantum computational resources ### Security Guarantees - Perfect secrecy of OTPs (under correct usage) - Post-quantum confidentiality via Kyber-1024 - Recipient compromise isolation - Distribution-level forward secrecy ### Non-Goals - Endpoint compromise protection - OTP misuse mitigation - Identity authentication beyond key possession --- ## ๐งช Cryptographic Review Alignment - No custom primitives - Conservative parameter choices - Explicit threat model - No entropy amplification claims - Clean separation of cryptographic roles --- ## ๐ Installation ### Prerequisites - Rust 1.70+ - True entropy source ### Build ```bash git clone https://github.com/yourusername/kyber-otp-distributor cd kyber-otp-distributor cargo build --release ``` --- ## ๐ป Usage ### Participant Key Generation ```bash cd client-tool cargo run --bin keygen -- --name alice ``` ### Administrator Distribution ```bash cd admin_tool cargo run -- --otp /path/to/entropy.bin --pubkeys /directory/of/keys --output ./distribution ``` ### Participant Decryption ```bash cd friend_tool cargo run --bin decrypt -- --secret alice_secret.key --package ./alice --common ./common --output ghostline_otp.bin ``` --- ## ๐ License Unrestricted use, modification, and redistribution. --- ## ๐ฌ Contact - Website: https://enkryp.duckdns.org - Email: battosai@dnmx.su - PGP: public-key.asc ### LXMF ``` 1b634f9ac2aee34bec3276ad17f52d11 ``` ### Briar ``` briar://ac4jkk7rqcb7vbvjudzvoav64lcypoo3qaj3b5wnndcvvsdpz3fvs ```