Ecliptix Protection Protocol
Hybrid post-quantum protocol: Double Ratchet + X3DH + ML-KEM (Kyber-768). End-to-end encryption with quantum resilience.
What is Ecliptix Protection Protocol?
A cryptographic communication protection protocol implementing hybrid post-quantum end-to-end encryption. The architecture is based on the Double Ratchet algorithm with X3DH (Extended Triple Diffie-Hellman) extension, augmented by NIST-standardized ML-KEM (Kyber-768) key encapsulation mechanism to ensure cryptographic resilience against HNDL (Harvest Now, Decrypt Later) attacks in the era of quantum computing.
Hybrid Post-Quantum Cryptography
HNDL attack mitigation through hybrid X25519 + ML-KEM (Kyber-768) protocol with dual key derivation
Post-Compromise Security
Automatic cryptographic material rotation via asymmetric ratchet operation with adaptive interval
Perfect Forward Secrecy
Deterministic ephemeral key derivation through symmetric ratchet with immediate destruction of predecessors
Mutual Cryptographic Authentication
Bilateral verification through cryptographic binding of identifiers to session context with SHA-256 hashing
Cryptographic Secret Isolation
Key material protection through page-locked memory with deterministic zeroing upon deallocation
Protocol Features
Ecliptix Protection Protocol provides comprehensive communication protection at every level
Forward Secrecy
Compromise of current keys cannot decrypt past messages. Old keys are automatically destroyed.
Break-in Recovery
Fresh keys on every direction change. 1-step classical PCS, 2-step hybrid PCS. Automatic security restoration.
Hybrid Quantum-Safe
X25519 + Kyber-768 hybrid construction. Secure if either classical OR post-quantum crypto is unbroken.
Identity Binding
Messages cryptographically bound to both parties' identities. Prevents identity substitution attacks.
Out-of-Order Support
Messages can arrive out of sequence. Skipped key cache handles network reordering gracefully.
Secure Memory
All secrets in guarded memory. RAM-locked, automatically zeroed on destruction. No memory fragmentation.
Key Types & Sizes
Four-level key hierarchy with hybrid post-quantum protection. From long-term identity keys based on elliptic curves and lattices to short-lived symmetric message keys — each level ensures protection for its communication stage.
Identity Level
Long-term identity cryptographic keys for asymmetric authentication and trust establishment between participants. Combination of classical elliptic curve cryptography (Ed25519/X25519) and post-quantum lattice-based cryptography (Kyber-768).
Classical Cryptography
Post-Quantum Cryptography
Session Level
Medium-term session establishment keys with limited lifetime. Signed pre-keys and one-time ephemeral keys for secure channel initialization with forward secrecy.
Session Establishment Keys
Encryption Level
Short-lived symmetric encryption keys with automatic rotation. Root/Chain/Message keys for Double Ratchet algorithm with per-message forward secrecy and post-compromise security.
Encryption & Rotation Keys
Session State Structure
Integration of OPAQUE and Protection Protocol ensures protection from authentication to message delivery
Identity Verification
User initiates access — system verifies identity without collecting or storing password in any form
- session_id 16 bytes
- root_key 32 bytes
- send_chain_key 32 bytes
- recv_chain_key 32 bytes
- dh_local_private 32 bytes
- dh_local_public 32 bytes
Zero-Knowledge Authentication
OPAQUE protocol performs asymmetric key exchange — server never receives or stores password, eliminating database breach risk
- kyber_local_secret 2,400 bytes
- kyber_local_public 1,184 bytes
- kyber_remote_public 1,184 bytes
- dh_remote_public 32 bytes
- identity_binding_hash 32 bytes
- metadata_key 32 bytes
Message Envelope Structure
SecureEnvelope format for encrypted message transport
Nonce Construction
AES-256-GCM-SIV 12-byte nonce format ensuring uniqueness
X3DH Key Agreement
Hybrid X3DH + Kyber-768
Initial Key Exchange
Diffie-Hellman Computations
4× ECDH + post-quantum KEM
Double Ratchet Protocol
Symmetric Ratchet (Per Message)
Asymmetric Ratchet (Per Direction Change)
Additional Authenticated Data (AAD)
AAD binds ciphertext to session context, preventing cross-session attacks
Metadata AAD (60 bytes)
Payload AAD (68 bytes)
Full Protocol Flow
From session initialization to message encryption
Cryptographic Stack
Cryptographic Guarantees
Formal security properties proven by the protocol
Forward Secrecy
Each message uses a unique encryption key derived from the ratchet. Past messages remain secure even if long-term keys are compromised.
Post-Compromise Security
Break-in recovery on every direction change via hybrid ratchet. 1-step classical PCS (fresh X25519 DH), 2-step hybrid PCS (+ fresh Kyber-768 KEM).
Quantum Resistance
Hybrid construction with Kyber-768 ensures security against both classical and quantum attackers. NIST-standardized algorithms.
Identity Binding
SHA-256 hash of all identity keys binds every message to both parties. Prevents identity misbinding attacks.
Protocol Comparison
Technical comparison with Signal protocol variants — the industry baseline for secure messaging
| Feature | Ecliptix | Signal PQXDH | Signal X3DH |
|---|---|---|---|
| Per-Ratchet PQ Protection | ✓ | ✗ | ✗ |
| Handshake PQ (Kyber-768) | ✓ | ✓ | ✗ |
| Metadata Encryption | Per-epoch rotating key | Sealed Sender | Sealed Sender |
| AEAD Cipher | AES-256-GCM-SIV | AES-256-CBC + HMAC | AES-256-CBC + HMAC |
| Nonce-Misuse Resistance | ✓ | ✗ | ✗ |
| Post-Compromise Recovery | 1-step DH / 2-step hybrid | 1-step DH only | 1-step DH only |
| Perfect Forward Secrecy | ✓ | ✓ | ✓ |
| Formal Proofs | 6 theorems + 10 Tamarin lemmas | High-level analysis | eCK sketch |
| Cryptographic Identity Binding | ✓ | ✓ | ✓ |
Formal Verification
All security properties verified by three independent methods: symbolic provers (Tamarin, ProVerif) and game-based reductions under a Dolev-Yao adversary with quantum oracle
Tamarin Prover 1.10.0
10 / 10 lemmas verified (handshake 6 + ratchet 4)
ProVerif 2.05
4 / 6 queries verified (Q5/Q6: known DH overapproximation)
Game-Based Proofs
6 theorems + 8 lemmas with concrete security bounds
Session Key Secrecy
The hybrid root secret remains computationally indistinguishable from random for any PPT adversary, provided neither party's long-term key is compromised during the handshake.
SKC(A,B,sk) ∧ ¬Corrupt(A) ∧ ¬Corrupt(B) ⟹ ¬K(sk)Mutual Authentication
Bilateral HMAC-SHA256 key confirmation prevents Unknown Key Share (UKS) attacks. Both parties derive identical session keys and confirm via MAC exchange.
Confirm(A,B,mac) ⟹ ∃ Session(A,B,sk) ∧ Session(B,A,sk)Hybrid Forward Secrecy
Compromise of long-term X25519 keys after session completion does not break past sessions. Ephemeral keys are zeroized; Kyber-768 KEM provides quantum-resilient FS.
SKC(A,B,sk)@i ∧ Corrupt(A)@j ∧ i < j ⟹ ¬K(sk)Key Confirmation
Both initiator and responder derive identical root keys from the same X3DH + KEM inputs. HMAC confirmation ensures key agreement before any message encryption.
Confirm(A→B) ∧ Confirm(B→A) ⟹ RK_A = RK_BPost-Compromise Security
After full state compromise, security recovers in 1 step for classical (fresh X25519 DH) and 2 steps for hybrid (fresh DH + fresh Kyber-768 KEM). Each direction change triggers ratchet.
Compromise(A)@i ∧ Ratchet(A)@j ∧ i < j ⟹ ¬K(mk_j)Ratchet Key Secrecy
Each ratchet step derives a fresh root key via HKDF over new DH + KEM secrets. The ratchet key remains secret unless both parties' states are simultaneously compromised.
RatchetKey(A,B,rk) ∧ ¬(Corrupt(A) ∧ Corrupt(B)) ⟹ ¬K(rk)Key Agreement
Both parties derive the same root key from the hybrid X3DH output. Session ID binding and identity hashes prevent cross-session and misbinding attacks.
Session(A,B,sid) ⟹ RK_A(sid) = RK_B(sid)Message Confidentiality
Per-message keys derived via symmetric ratchet (HKDF-SHA256) provide IND-CPA+ security under AES-256-GCM-SIV (MRAE). Keys are destroyed immediately after use.
Adv^{IND-CPA+} ≤ Adv^{eCK} + q·Adv^{PRF} + Adv^{MRAE}Replay Resistance
Bounded nonce cache (2048 entries) with monotonic counters prevents message replay. INT-CTXT of AES-256-GCM-SIV ensures ciphertext integrity.
Adv^{Replay} ≤ Adv^{INT-CTXT} + 2^{-n_cache}Nonce-Misuse Resistance
AES-256-GCM-SIV (RFC 8452) degrades gracefully on nonce reuse — only leaks equality of plaintexts, not plaintext content. SIV construction provides MRAE security.
NonceMisuse(n) ⟹ Leak ≤ EqualityOracle(m₁,m₂)Threat Model
Dolev-Yao adversary with full network control, adaptive long-term key corruption, and quantum oracle breaking classical Diffie-Hellman. Hybrid combiner follows the OR-model: security holds if EITHER X25519 (Gap-CDH) OR Kyber-768 (IND-CCA2) remains unbroken.
Use Cases
The Ecliptix protocol is ideal for industries with the highest privacy requirements
The Future of Communication is Quantum-Safe
Implement next-generation cryptography into your messaging infrastructure
Discuss Integration