j3g
/
lum_ccc_rust
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
lum_ccc_rust/docs/encryption_implementation_u...

247 lines
11 KiB
ReStructuredText
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

================================================================================
Ultra Mode Encryption Specification Hydra Apocalypse Ratchet
================================================================================
**Project**: World's Most Secure Messaging App
**Mode**: Ultra Secret Mode (opt-in per channel)
**Codename**: Hydra Apocalypse Ratchet Ultra Mode
**Author**: JohnΞ (@j3g)
**Date**: February 18, 2026
**Version**: 1.0 Complete, implementation-ready specification for Ultra Mode (Dart + Flutter + Hive + gRPC)
**Primary Design Goal (Non-Negotiable)**
=======================================
This is the **world's most secure messaging app**.
Ultra Mode exists for users who assume nation-states have already backdoored or broken major primitives (AES, Kyber, McEliece, etc.).
It forces an attacker to break **many independent cryptographic lineages simultaneously** while guessing a **secret per-channel, per-message cascade sequence** that is never sent over the wire.
Ultra Mode is **always stronger** than Normal Mode and **stronger than any known protocol** (Signal, PQXDH, etc.) in the threat model of "one primitive family is secretly rotten".
Executive Summary
=================
Ultra Mode = **Triple-Compound Ratchet**:
1. Inner configurable PQ Hybrid Double Ratchet (user-defined via CCCData)
2. Massive secret cascade of 1624 layers (from user-chosen providers + algorithms)
3. Per-message cascade sequence mutation (deterministic, never sent on wire)
Everything is defined at **channel creation time** in CCCData.
No ratchet_public, no metadata leaks, no server influence.
gRPC is used for device ↔ relay transport (but relay remains stateless/ephemeral RAM forwarder).
CCCData Ultra Mode Extension (Dart + Hive)
============================================
.. code-block:: dart
@HiveType(typeId: 42)
class CCCData extends HiveObject {
@HiveField(0) final int version = 1;
@HiveField(1) final String mode = 'ultra'; // 'normal' or 'ultra'
// Providers (user selects which libraries are allowed)
@HiveField(2) final List<String> enabledProviders; // ['wolfssl', 'boringssl', 'libsodium', 'openssl']
// Modular category configs (user picks ordered lists per category)
@HiveField(3) final Map<String, List<CryptoSelection>> kemConfigs;
@HiveField(4) final Map<String, List<CryptoSelection>> aeadConfigs; // inner + outer
@HiveField(5) final Map<String, List<CryptoSelection>> kdfConfigs;
@HiveField(6) final Map<String, List<CryptoSelection>> hashConfigs;
// ULTRA-SPECIFIC SETTINGS (user configurable)
@HiveField(20) final int cascadeLength; // 1624 (default 20)
@HiveField(21) final int cascadePoolSize; // 4864 (default 56)
@HiveField(22) final String cascadeOrdering; // 'strongest_first' (default), 'random', 'user_defined'
@HiveField(23) final bool cascadeReKeyAfter; // re-key inner root after cascade (default true)
@HiveField(24) final int sequenceRatchetStrength; // bits of KMAC output used for permutation seed (default 256)
// Shared ratchet settings (same as Normal Mode)
@HiveField(7) final int ratchetFrequency;
@HiveField(8) final bool symmetricRatchetEveryMessage;
@HiveField(9) final int rekeyInterval;
@HiveField(10) final String rekeyMode;
// Padding & anti-distinguisher
@HiveField(11) final int minPaddingBytes; // default 64
@HiveField(12) final int blockSize; // default 64
// Channel identifiers
@HiveField(13) final Uint8List groupId; // 32 bytes
@HiveField(14) final int createdAt;
@HiveField(15) final Uint8List creatorDeviceId;
CCCData({ /* all required fields */ });
}
@HiveType(typeId: 43)
class CryptoSelection extends HiveObject {
@HiveField(0) String provider;
@HiveField(1) String algorithm; // 'AES256GCM', 'Kyber1024', 'Serpent256CTR', 'ClassicMcEliece460896', etc.
@HiveField(2) int priority; // round-robin order
}
**How the Cascade Pool is Built** (at channel load time):
- For every enabledProvider, query the provider's registry for algorithms in these categories: symmetric, aead, pq_kem, pq_signature, hash_based.
- Build a flat list of 4864 unique (provider, algorithm) pairs.
- User can override the pool via advanced UI (future).
Channel Creation & Sharing
==========================
1. User selects "Ultra Secret" → opens advanced CCCData editor (all fields editable).
2. App generates groupId, groupMasterSeed (512-bit), initial ratchet states.
3. CCCData + groupMasterSeed stored in Hive (encrypted with device master key).
4. Invite: encrypt entire CCCData + groupMasterSeed under recipient's public key → send as single blob.
5. Recipient imports → verifies groupId matches → stores in Hive → both have identical crypto config forever.
gRPC Wire Protocol (RelayMessage)
=================================
.. code-block:: proto
service RelayService {
rpc SendMessage(RelayMessage) returns (Empty);
rpc SubscribeToChannel(ChanSubscribe) returns (stream RelayMessage);
}
message RelayMessage {
uint32 from_rly_user_id = 1;
uint32 to_rly_chan_id = 2;
uint32 options = 3; // backwards compat (will be removed)
bytes data = 4; // FULL E2EE ciphertext blob
uint64 server_seq = 5; // backwards compat (will be removed)
}
**data** field contains (serialized, then encrypted):
- timestamp (for UI)
- message JSON / content
- padding
- rekey payload (if any)
- Everything else
Ultra Mode Triple-Compound Ratchet (Dart Implementation)
========================================================
```dart
class UltraRatchet {
final CCCData ccc;
final Uint8List groupMasterSeed;
// Per-sender chains (inner Double Ratchet)
Map<int, ChainState> sendingChains = {};
Map<int, ChainState> receivingChains = {};
// Current sequence seed (mutates per message)
Uint8List currentSequenceSeed = Uint8List(32);
Uint8List getBaseMessageKey(int fromRlyUserId, int senderCounter, bool isSending) {
// 1. Advance inner symmetric ratchet
final chain = isSending ? sendingChains[fromRlyUserId]! : receivingChains[fromRlyUserId]!;
Uint8List baseKey = KDF(ccc.kdfConfigs, chain.currentKey, senderCounter.toBytes());
// 2. Derive seq_seed for this message
final seqSeed = KMAC256(baseKey, utf8.encode('seq-seed') + groupId + senderCounter.toBytes(8));
// 3. Generate secret cascade permutation (16-24 layers)
final cascadeSequence = deterministicPermutation(seqSeed, ccc.cascadePoolSize, ccc.cascadeLength);
// 4. (Optional) re-key inner root after cascade later in flow
return baseKey;
}
List<int> deterministicPermutation(Uint8List seed, int poolSize, int length) {
final rng = ChaCha20(seed); // seeded CSPRNG
var indices = List.generate(poolSize, (i) => i);
// Fisher-Yates shuffle using rng
for (int i = poolSize - 1; i > 0; i--) {
final j = rng.nextInt(i + 1);
final temp = indices[i];
indices[i] = indices[j];
indices[j] = temp;
}
return indices.sublist(0, length); // return ordered indices into pool
}
Uint8List cascadeEncrypt(Uint8List plaintext, List<int> sequence, Uint8List baseKey, int senderCounter) {
Uint8List ct = plaintext;
for (int i = 0; i < sequence.length; i++) {
final selection = cascadePool[sequence[i]]; // global pool built from CCCData
final layerInfo = utf8.encode('layer-$i') + groupId + senderCounter.toBytes(8);
final layerKey = HKDF(ccc.kdfConfigs, baseKey, layerInfo, selection.keyLength);
ct = encryptOneLayer(selection.provider, selection.algorithm, layerKey, ct);
}
return ct;
}
// Decrypt is reverse order
}
```
Message Sending Flow (Ultra Mode) Step-by-Step
================================================
1. Load CCCData + build cascadePool from enabledProviders.
2. Advance inner ratchet → base_message_key + seqSeed.
3. Generate secret cascadeSequence (1624 layers).
4. Pad plaintext: padToMultipleOf(ccc.blockSize) + random(ccc.minPaddingBytes) from KDF(baseKey).
5. Inner AEAD: round-robin using ccc.aeadConfigs on padded plaintext → innerCt.
6. Cascade encrypt innerCt → cascadeCt.
7. If ccc.cascadeReKeyAfter: newInnerRoot = KMAC256(cascadeCt + oldRoot).
8. Outer AEAD (fast fixed from aeadConfigs) on cascadeCt → finalData.
9. Build RelayMessage → send via gRPC.
Message Receiving Flow
======================
1. Receive RelayMessage via gRPC stream.
2. Immediately persist raw RelayMessage to Hive 'messages' box (key = groupId + fromRlyUserId + senderCounter).
3. Load CCCData → advance receiving inner ratchet → derive baseKey + seqSeed + cascadeSequence.
4. Decrypt finalData (outer AEAD) → cascadeCt.
5. Cascade decrypt (reverse order) → innerCt.
6. Inner AEAD decrypt → plaintext + timestamp.
7. If RekeyPayload present → apply new root secrets.
Local Hive Storage (Ultra Mode)
===============================
Same as Normal Mode + extra fields for debugging:
- rawRelayMessage (full protobuf bytes)
- encryptedBaseMessageKey (AES-GCM under device master key)
- cascadeSequenceCache (optional, for fast reload encrypted)
- plaintextCache (optional)
Rekey Flow (PCS)
================
- Triggered by user button or ccc.rekeyInterval.
- Generate fresh hybrid KEM secret (using ccc.kemConfigs).
- Create RekeyPayload inside the encrypted data field.
- Recipient applies after decrypt → future messages use new root.
Security Analysis Why Ultra Mode Is Unbeatable
=================================================
- Attacker must break 1624 diverse primitives (different providers, different math) in unknown secret order that changes every message.
- Combinatorial explosion per message per channel.
- No public material on wire → zero metadata beyond absolute minimum.
- User controls every provider and algorithm.
- Survives secret break of any single family (AES, Kyber, McEliece, etc.).
Implementation Checklist (Dart/Flutter + gRPC + Hive)
=====================================================
1. Extend CryptoProvider registry with all libraries (wolfssl_flutter, boringssl, libsodium_flutter, etc.).
2. Hive adapters for CCCData, CryptoSelection, StoredMessage.
3. UltraRatchet class with cascadePool builder + deterministicPermutation.
4. gRPC client/service with RelayMessage.
5. Channel creation screen with Ultra toggle + advanced tabs for cascade settings.
6. Cascade encrypt/decrypt dispatcher (test with 4 layers first, then full 20).
7. Rekey UI button + auto logic.
8. Full end-to-end tests with different CCCData combinations.
9. Performance benchmarking on real devices (Ultra mode is heavy show battery warning).
Reference in New Issue View Git Blame Copy Permalink