Skip to content

QRCS-CORP/DKTP

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

23 Commits
.github
.github
 
 
Source
Source
 
 
docs
docs
 
 
.gitattributes
.gitattributes
 
 
CMakeLists.txt
CMakeLists.txt
 
 
License.txt
License.txt
 
 
README.md
README.md
 
 

Repository files navigation

Dual Key Tunneling Protocol (DKTP)

Introduction

Build CodeQL CodeFactor Platforms Security Policy License: QRCS License Language docs GitHub release GitHub Last Commit Custom: Standard Custom: Target

DKTP is a next-generation tunnel protocol that achieves 512-bit cryptographic security by fusing asymmetric key exchange with directional pre-shared secrets. It enables post-quantum secure, mutually authenticated, high-assurance communications between peers without requiring PKI or persistent root trust.

DKTP Help Documentation
DKTP Summary Document
DKTP Protocol Specification
DKTP Formal Analysis
DKTP Implementation Analysis
DKTP Integration Guide

Overview

DKTP combines post-quantum asymmetric key exchange, directional pre-shared secrets, and symmetric authenticated encryption to create a dual-entropy secure tunnel that offers:

  • Mutual authentication without a central certificate authority
  • Forward and post-compromise secrecy, with ratcheting PSKs
  • Separate transmit/receive channels, each independently keyed
  • 512-bit cryptographic strength, RCS-512, SHAKE-512, SHA3-512, and KMAC-512
  • Perfect configuration binding via signed session cookies

DKTP is especially suited for critical infrastructure, embedded systems, offline and sovereign networks, or any deployment needing long-term assurance without runtime PKI.

Design Philosophy

DKTP was created to:

  • Eliminate legacy dependencies by removing RSA, ECDH, X.509, and TLS-style complexity
  • Deliver full quantum resilience using NIST-standardized asymmetric primitives and sponge-based symmetric constructs
  • Protect at every lifecycle phase, from key exchange to session update, with multiple layers of entropy and ratchet progression
  • Enable secure tunnels in zero-trust and sovereign environments where no centralized trust model is available

DKTP is implemented with deterministic, low-footprint logic suitable for embedded and high-assurance systems and verified using the QSC cryptographic library.

Cryptographic Primitives

DKTP integrates post-quantum secure algorithms in all phases of the handshake and channel encryption process.

Asymmetric Cryptography

  • Key Encapsulation:

    • McEliece: Supports aggressive parameter sets (e.g., mceliece6960119, 400+ bits PQ security)
    • Kyber: Optional support using FIPS 203-compliant modes

  • Digital Signature:

    • SPHINCS+-SHAKE256 and SHAKE512 parameter sets
    • Dilithium: Supported for faster signing where required

Symmetric Cryptography

  • Cipher:

    • RCS: Wide-block AEAD stream cipher based on Rijndael with a cSHAKE key schedule and KMAC authentication, with dual-channel separation and strong entropy mixing

  • KDF / Hashing / MACs:

    • SHAKE for all key derivation
    • SHA3 for all cryptographic hashes and message structure integrity
    • KMAC for authenticated encryption and message validation

  • Entropy & Nonce:

    • Keccak-based PRNG + system randomness (via ACP)

Protocol Overview

DKTP defines a six-stage tunnel lifecycle that includes:

  1. Connect Request client initiates with configuration string and signed session hash
  2. Connect Response server provides signed ephemeral key
  3. Exchange Request client encapsulates session secret
  4. Exchange Response server responds with reciprocal ciphertext and signature
  5. Establish Request client confirms tunnel keys via encrypted proof
  6. Establish Response server verifies and finalizes session state

Each session:

  • Uses ephemeral asymmetric key pairs
  • Mixes static pre-shared keys with KEM-derived secrets
  • Generates two symmetric keys, one for each direction
  • Evolves the PSK after each session using psk' = H(psk || tck)

This design achieves:

  • Directional keying
  • Session separation
  • Authentication binding
  • Replay protection via timestamps
  • Channel ratcheting for post-compromise recovery

Use Cases

  • Sovereign device-to-device tunnels with no runtime key validation
  • Air-gapped infrastructure communications (e.g., SCADA/ICS)
  • High-security enclave channels for financial institutions or embedded OEMs
  • Hardware root-of-trust tunnels using passphrase-unlocked PSK modules
  • Post-quantum secure VPN overlays and tunnel brokers

DKTP can replace traditional PKI-bound VPNs, TLS-based client/server tunnels, or shared-key-only protocols like IPsec with a next-generation mutual-auth, post-quantum secure, certificate-free tunnel.

Compilation and Deployment

DKTP is implemented using the QSC library for all cryptographic primitives. It supports compilation on:

  • Windows (MSVC 2022+)
  • macOS (Clang)
  • Linux (GCC, Clang)

Prerequisites

  • CMake 3.15+
  • QSC cryptographic library
  • AVX2/AVX-512 (recommended for best performance)

Building DKTP

Use the included Visual Studio or Eclipse project files.

Windows:

  • Open the solution
  • Ensure QSC is referenced in client/server builds
  • Match AVX instruction sets in debug/release configs

Linux/macOS (Eclipse):

  • Use included .project and .cproject files
  • Choose correct OS settings under /Eclipse/Ubuntu or /Eclipse/MacOS
  • Compile QSC, then DKTP, then tunnel components

Example flag sets:

  • -msse2 -mavx2 -maes -mpclmul -mrdrnd -mbmi2 — AVX2+AES-NI
  • -mavx512f -mavx512bw -mvaes — full AVX-512+VAES

Keywords

Cryptography, Post-Quantum, Tunnel Protocol, Key Exchange, Dual-Entropy, Symmetric Ratchet, Mutual Authentication, SHAKE-512, KMAC, McEliece, SPHINCS+, RCS-512, Secure Communication, AVX, Embedded Security, Certificate-Free, High-Assurance, DKTP.

License

INVESTMENT INQUIRIES: QRCS is currently seeking a corporate investor for this technology. Parties interested in licensing or investment should connect to us at: contact@qrcscorp.ca
Visit https://www.qrcscorp.ca for a full inventory of our products and services.

PATENT NOTICE:
One or more patent applications covering DKTP have been filed.
Unauthorized use may result in patent liability.

License and Use Notice (2025-2026)
This repository contains cryptographic reference implementations, test code, and supporting materials published by Quantum Resistant Cryptographic Solutions Corporation (QRCS) for the purposes of public review, cryptographic analysis, interoperability testing, and evaluation.
All source code and materials in this repository are provided under the Quantum Resistant Cryptographic Solutions Public Research and Evaluation License (QRCS-PREL), 2025-2026, unless explicitly stated otherwise.
This license permits public access and non commercial research, evaluation, and testing use only. It does not permit production deployment, operational use, or incorporation into any commercial product or service without a separate written agreement executed with QRCS.
The public availability of this repository is intentional and is provided to support cryptographic transparency, independent security assessment, and compliance with applicable cryptographic publication and export regulations.
Commercial use, production deployment, supported builds, certified implementations, and integration into products or services require a separate commercial license and support agreement.
For licensing inquiries, supported implementations, or commercial use, contact: licensing@qrcscorp.ca
Quantum Resistant Cryptographic Solutions Corporation, 2026.
All rights reserved by QRCS Corp. 2026.

About

Dual Key Tunneling Protocol

Resources

Readme

License

View license

Security policy

Security policy
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases 1

2025-08-25 Latest
Aug 25, 2025

Packages

No packages published

Languages