sqep-lite
| Crates.io | sqep-lite |
| lib.rs | sqep-lite |
| version | 0.4.2 |
| created_at | 2025-11-20 22:22:33.277163+00 |
| updated_at | 2025-11-21 16:43:26.910841+00 |
| description | SQEP Lite — ZeroshieldCipher: a modern AEAD+HKDF cryptography primitive. |
| homepage | |
| repository | https://github.com/ElevitaX/sqep-lite |
| max_upload_size | |
| id | 1942683 |
| size | 87,142 |
(ElevitaX)
documentation
README
SQEP Lite — Secure Quantum Encryption Protocol (Lite Edition)
SQEP Lite is a modern symmetric-encryption primitive built on:
- HKDF-SHA256 (domain-separated)
- ChaCha20-Poly1305 AEAD
- Deterministic keyed XOR stream (HKDF-seeded ChaCha20Rng)
- Self-contained, audited, no-unsafe Rust code
This crate provides the public, MIT-licensed, fully-auditable core of the SQEP ecosystem.
Author: Herbert Manfred Fulgence Vaty
Organization: ElevitaX
License: MIT
Repository: https://github.com/ElevitaX/sqep-lite
Contents
- Why SQEP Lite?
- Security Model
- Quick Start
- File Encryption
- Seal Metadata
- Design Overview
- Backwards Compatibility
- Crate Features
- What SQEP Lite Is Not
- Auditing & Verification
- Versioning & Roadmap
- License
Why SQEP Lite?
SQEP Lite is designed with these goals:
✔ Modern, robust cryptography
Uses proven NIST-grade primitives:
ChaCha20-Poly1305for authenticated encryptionHKDF-SHA256for key derivation & domain separation- Zero-unsafe Rust implementation
✔ Stable, deterministic, reversible pre-AEAD transform
A self‑inverse keyed XOR layer adds structure, strengthens error detection, and provides consistent framing.
✔ High performance
Only standard Rust + ring + sha2 + rand_chacha.
Zero allocations outside ciphertext buffers.
✔ Fully auditable
All code required for Lite security is visible in src/lite.rs.
Security Model
Encryption Pipeline
plaintext
│
▼
HKDF-bound XOR mask (ChaCha20Rng stream)
│
▼
ChaCha20-Poly1305 AEAD
│
▼
HEADER || NONCE || AEAD_CIPHERTEXT
│
▼
SealMeta { timestamp, sha256(payload) }
Guarantees
✔ Confidentiality
✔ Integrity (AEAD tag)
✔ Replay-safe framing (nonce + magic header)
✔ Tamper detection (metadata hash)
Quick Start
use sqep_lite::prelude::*;
fn main() {
let cipher = ZeroshieldCipher::new();
let (encrypted, meta) = cipher.encrypt_with_meta(b"hello SQEP!");
println!("Encrypted bytes: {:?}", encrypted);
println!("Metadata: {:?}", meta);
let decrypted = cipher.decrypt(&encrypted).unwrap();
assert_eq!(&decrypted, b"hello SQEP!");
}
File Encryption
use sqep_lite::ZeroshieldCipher;
fn main() -> std::io::Result<()> {
let cipher = ZeroshieldCipher::new();
let meta = cipher.encrypt_file("secret.txt", "secret.sqep")?;
println!("Encrypted at: {}, hash={}", meta.timestamp, meta.hash);
cipher.decrypt_file("secret.sqep", "recovered.txt")?;
Ok(())
}
Seal Metadata
Every encryption returns:
pub struct SealMeta {
pub timestamp: u64,
pub hash: String,
}
timestamp= seconds since UNIX epochhash= SHA-256 of the full ciphertext frame
Used for logging, replay detection, or integrity verification.
Design Overview
1. Keyed XOR Mask
Uses HKDF-SHA256 with domain separation:
salt = nonce
ikm = 32-byte symmetric key
info = "SQEP:LITE:QT:v1"
Produces a 32-byte seed → ChaCha20Rng → deterministic keystream.
2. ChaCha20-Poly1305
Official AEAD encryption via ring.
3. Structured Frame
[ HEADER (SQEP4.0-LITE) | 12-byte Nonce | Ciphertext+Tag ]
4. Self-contained
No external config. No unsafe. No system calls.
Backwards Compatibility
Older helper names are provided but deprecated:
quantum_transform()
inverse_quantum_transform()
Both are identity transforms now.
Crate Features
Default: lite
- Only symmetric primitive (
ZeroshieldCipher) - 100% MIT licensed
- No external calls
Optional: plus (NOT included in public crate)
This crate excludes all SQEP Plus files via Cargo.toml.
What SQEP Lite Is Not
To preserve security and avoid misuse:
❌ Not a PQ-safe KEM (stub only)
❌ Not a full hybrid key exchange
❌ Not a TLS replacement
❌ Not a zero-knowledge system
❌ Not a blockchain proof primitive
For those features, SQEP Plus / SQEP Zero are separate products.
Auditing & Verification
The entire Lite cryptography surface is:
src/
└─ lite.rs
Recommended tools:
- cargo-audit
- cargo-crev
- cargo-tarpaulin
- cargo-geiger
Versioning & Roadmap
v0.4.x – public stabilization
- HKDF+AEAD foundation
- Deterministic XOR mask
- Header framing
- Deprecated API cleanup
v0.5.x – docs & examples
v1.0 – stable cryptographic API
License
MIT License
Copyright (c) 2025
Herbert Manfred Fulgence Vaty — ElevitaX
Need SQEP Plus?
Contact: elevitax@gmail.com Enterprise licensing & early access available.