Algorithm overview

About algorithm

QuarkDash it is a hybrid cryptographic protocol (algorithm) that provides post-quantum security using Ring‑LWE, high performance, and attack resistance. QuarkDash Crypto combines asymmetric key exchange (sessions) and symmetric encryption via ChaCha20 (best for cross-platform development) or Gimli (best for IoT).

QuarkDash it is a hybrid post-quantum protocol that combines:

1. Asymmetric key exchange based on Ring-LWE (resistant to quantum attacks);
2. Symmetric encryption with a choice of stream ciphers (ChaCha20 or Gimli);
3. Quantum-resistant KDF based on SHAKE256;
4. Message authentication via SHAKE256-MAC;
5. Protection against replay attacks using timestamps and sequence numbers;

This protocol is recommended for systems that require long-term data confidentiality (archives, financial transactions, government communications), as well as for high-load real-time applications.

⭐ Key Features

• Quantum stability – not broken by Shor and Grover's algorithms;
• Performance – encryption up to 2.8 GB/s, session establishment ~10 ms;
• Forward secrecy – compromising a long-term key does not reveal past sessions.
• Built-in protection against replay, timing attacks, and counterfeiting.
• Flexibility – choice of cipher (ChaCha20/Gimli), synchronous and asynchronous API.

---

Brief description of the algorithm steps

Let's look at Step-by-step algorithm:

1. Key pair generation (Ring-LWE):

• Select polynomials: uniform a, small s and e.
• Calculate b = a ⊗ s + e.
• Public key: (a, b), private: s.

2. Session establishment (KEM):

• Initiator (for example client):
• • Generates small s', e', calculates u = a ⊗ s' + e'.
• • Calculates w = b ⊗ s', rounds to bits → shared secret ss.
• • Sends u (ciphertext).
• Recipient (for example server):
• • Given s, calculates w' = u ⊗ s, rounds to bits → same ss.

3. Session Key Derivation (KDF):

• keyMaterial = SHAKE256(salt || ss || "session-key", 64).
• Split into sessionKey (32 bytes) and macKey (32 bytes).

4. Message Encryption (AEAD):

• A header (12 bytes) is generated: timestamp (8) + sequence (4).
• Encryption: ciphertext = streamCipher.encrypt(plaintext) (XOR with gamma).
• mac = SHAKE256(macKey || header || ciphertext, 32).
• Resulting message: header || ciphertext || mac.

5. Decryption:

• Header, ciphertext, and mac are extracted.
• The mac (constant-time) is checked.
• The timestamp (with a 5-minute tolerance) and sequence (for replay protection) are checked.
• plaintext = streamCipher.decrypt(ciphertext).

More detailed infomration can be found here

---

Difference in ciphers

Below is a simple explanation of the differences in cipher you can use in QuarkDash.

ChaCha20

• State: 16 words of 32 bits.
• Rounds: 20.
• Gamma: 64 bytes per block.
• Features: Standardized (RFC 7539), high speed on all platforms, protection against timing attacks.

Gimli

• State: 12 words of 32 bits.
• Rounds: 24.
• Gamma: 48 bytes per block.
• Features: Lightweight, designed for embedded systems, yet provides 256-bit security. NIST-audited.