Discover the cryptographic ingenuity behind SARE—a hybrid post-quantum encryption project that uses a 128-byte master seed to derive all keys, merging classical and quantum-resistant algorithms. Learn how this approach simplifies key management while offering unprecedented brute-force resistance.
The Hybrid Encryption Imperative
As quantum computing advances, traditional encryption methods face existential threats. Zola Gonano's SARE (Safe At Rest Encryption) project tackles this by fusing post-quantum algorithms with classical cryptography—a hybrid approach ensuring fallback security if one layer fails. But this duality introduced a complex problem: managing multiple cryptographic keys without overwhelming users.
The Key Explosion Problem
SARE's architecture requires four distinct key pairs:
- Post-quantum KEM (Key Encapsulation Mechanism) for establishing shared secrets
- Classical Diffie-Hellman (X25519) for key exchange
- Post-quantum signature algorithm (e.g., Dilithium)
- Classical elliptic-curve signature (Ed25519)
Storing these separately would create usability nightmares. Gonano's solution? A single 128-byte master seed serving as the cryptographic root for all derived keys.
// Seed structure in SARE
pub struct Seed {
raw_seed: SecretVec<u8>,
}
impl Seed {
pub fn generate() -> Self {
let mut raw_seed_buffer = vec![0u8; 128];
OsRng.fill_bytes(&mut raw_seed_buffer);
Seed { raw_seed: SecretVec::from(raw_seed_buffer) }
}
}
Alien-Proof Security
Why 128 bytes? At 1,024 bits, SARE's seed offers brute-force resistance orders of magnitude beyond AES-256:
- AES-256: 2²⁵⁶ possible keys
- SARE seed: 2¹⁰²⁴ possible combinations
That's 2⁷⁶⁸ times more permutations than AES-256—a number larger than the atoms in the observable universe.
Practical Key Management
The seed converts to a 96-word mnemonic for human-readable backup:
pub fn to_mnemonic(&self) -> SecretString {
let seed_chunks = self.raw_seed.expose_secret().chunks_exact(32);
let mut mnemonic_phrase = String::new();
for chunk in seed_chunks {
let mnemonic = Mnemonic::from_entropy(chunk, Language::English).unwrap();
mnemonic_phrase.push_str(mnemonic.phrase());
mnemonic_phrase.push(' ');
}
SecretString::from(mnemonic_phrase.trim_end().to_string())
}
Users can store this seed encrypted via AES-Key-Wrap (AES-KW) or—less advised—in plaintext.
Algorithm-Agnostic Derivation
Magic bytes enable deterministic key generation for different algorithms:
const ED25519_MAGIC_BYTES: [u8; 4] = [25, 85, 210, 14];
const KYBER768_MAGIC_BYTES: [u8; 4] = [104, 7, 0, 0];
HKDF-SHA256/512 derives keys by combining the seed with algorithm-specific identifiers. This design ensures backward compatibility—new algorithms simply get new magic bytes without seed rotation.
Why This Matters
SARE's seed-centric architecture solves critical real-world problems:
- Usability: No juggling multiple private keys
- Future-proofing: Algorithm upgrades don't require rekeying
- Graceful failure: Hybrid design maintains security even if one algorithm is compromised
As Gonano revives the project, SARE represents a pragmatic blueprint for post-quantum migration—where robust cryptography meets deployable engineering.
Source: Making of SARE: Master Seeds in Hybrid Post-Quantum Encryption by Zola Gonano. SARE is available on GitHub.
Comments
Please log in or register to join the discussion