nexus-crypt 1.0.0__tar.gz

nexus_crypt-1.0.0/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2025 Harshith Madhavaram
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

nexus_crypt-1.0.0/MANIFEST.in

@@ -0,0 +1,5 @@
+include README.md
+include LICENSE
+include requirements.txt
+recursive-include examples *.py
+recursive-include tests *.py

nexus_crypt-1.0.0/PKG-INFO

@@ -0,0 +1,133 @@
+Metadata-Version: 2.4
+Name: nexus-crypt
+Version: 1.0.0
+Summary: Post-quantum cryptographic suite with PFS, encryption, signatures, and hashing
+Home-page: https://github.com/Harshith2412/nexus-crypt
+Author: Harshith Madhavaram
+Author-email: madhavaram.harshith2412@gmail.com
+Classifier: Development Status :: 4 - Beta
+Classifier: Intended Audience :: Developers
+Classifier: Topic :: Security :: Cryptography
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Programming Language :: Python :: 3.8
+Classifier: Programming Language :: Python :: 3.9
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Requires-Python: >=3.8
+Description-Content-Type: text/markdown
+License-File: LICENSE
+Requires-Dist: pycryptodome>=3.19.0
+Requires-Dist: pqcrypto>=0.1.0
+Requires-Dist: numpy>=1.24.0
+Provides-Extra: dev
+Requires-Dist: pytest>=7.0; extra == "dev"
+Requires-Dist: black; extra == "dev"
+Requires-Dist: mypy; extra == "dev"
+Dynamic: author
+Dynamic: author-email
+Dynamic: classifier
+Dynamic: description
+Dynamic: description-content-type
+Dynamic: home-page
+Dynamic: license-file
+Dynamic: provides-extra
+Dynamic: requires-dist
+Dynamic: requires-python
+Dynamic: summary
+
+NEXUS-Crypt
+
+Post-Quantum Cryptographic Suite with Perfect Forward Secrecy
+
+NEXUS-Crypt is a unified cryptographic library combining:
+- NEXUS-Cipher: Custom lattice based symmetric encryption
+- ML-KEM (Kyber): Key encapsulation for Perfect Forward Secrecy
+- ML-DSA (Dilithium): Post-quantum digital signatures
+- SHA-256: Cryptographic hashing
+
+Features
+
+Post-quantum secure (resistant to quantum computer attacks)  
+Perfect Forward Secrecy (PFS) via ML-KEM  
+Authenticated encryption with ML-DSA signatures   
+Constant time operations (side-channel resistant)  
+Easy to use API  
+
+## Installation
+```bash
+pip install nexus-crypt
+```
+
+## Quick Start
+```python
+from nexus import NEXUS
+
+nexus = NEXUS(key_size=256)
+
+kem_pk, kem_sk = nexus.generate_kem_keypair()
+sign_pk, sign_sk = nexus.generate_signing_keypair()
+
+ciphertext, shared_secret = nexus.establish_session(kem_pk)
+
+message = b"Secret data"
+package = nexus.encrypt_and_sign(message, sign_sk)
+
+plaintext = nexus.verify_and_decrypt(package, sign_pk)
+```
+
+## Security Properties
+
+- Quantum Resistance: Based on lattice problems (LWE, NTRU)
+- Key Sizes: 256, 384, or 512 bits
+- Block Size: 512 bits (64 bytes)
+- Rounds: 20-24 depending on key size
+
+## Use Cases
+
+- Automotive CAN bus encryption
+- OTA firmware updates
+- V2X communication
+- IoT device security
+- Secure messaging
+
+## License
+
+MIT License
+
+## Author
+
+Harshith Madhavaram 
+MS Cybersecurity '2027
+Northeastern University, Boston
+```
+
+---
+
+## `.gitignore`**
+```
+__pycache__/
+*.py[cod]
+*$py.class
+*.so
+.Python
+build/
+develop-eggs/
+dist/
+downloads/
+eggs/
+.eggs/
+lib/
+lib64/
+parts/
+sdist/
+var/
+wheels/
+*.egg-info/
+.installed.cfg
+*.egg
+.pytest_cache/
+.coverage
+htmlcov/
+.env
+venv/
+ENV/

nexus_crypt-1.0.0/README.md

@@ -0,0 +1,96 @@
+NEXUS-Crypt
+
+Post-Quantum Cryptographic Suite with Perfect Forward Secrecy
+
+NEXUS-Crypt is a unified cryptographic library combining:
+- NEXUS-Cipher: Custom lattice based symmetric encryption
+- ML-KEM (Kyber): Key encapsulation for Perfect Forward Secrecy
+- ML-DSA (Dilithium): Post-quantum digital signatures
+- SHA-256: Cryptographic hashing
+
+Features
+
+Post-quantum secure (resistant to quantum computer attacks)  
+Perfect Forward Secrecy (PFS) via ML-KEM  
+Authenticated encryption with ML-DSA signatures   
+Constant time operations (side-channel resistant)  
+Easy to use API  
+
+## Installation
+```bash
+pip install nexus-crypt
+```
+
+## Quick Start
+```python
+from nexus import NEXUS
+
+nexus = NEXUS(key_size=256)
+
+kem_pk, kem_sk = nexus.generate_kem_keypair()
+sign_pk, sign_sk = nexus.generate_signing_keypair()
+
+ciphertext, shared_secret = nexus.establish_session(kem_pk)
+
+message = b"Secret data"
+package = nexus.encrypt_and_sign(message, sign_sk)
+
+plaintext = nexus.verify_and_decrypt(package, sign_pk)
+```
+
+## Security Properties
+
+- Quantum Resistance: Based on lattice problems (LWE, NTRU)
+- Key Sizes: 256, 384, or 512 bits
+- Block Size: 512 bits (64 bytes)
+- Rounds: 20-24 depending on key size
+
+## Use Cases
+
+- Automotive CAN bus encryption
+- OTA firmware updates
+- V2X communication
+- IoT device security
+- Secure messaging
+
+## License
+
+MIT License
+
+## Author
+
+Harshith Madhavaram 
+MS Cybersecurity '2027
+Northeastern University, Boston
+```
+
+---
+
+## `.gitignore`**
+```
+__pycache__/
+*.py[cod]
+*$py.class
+*.so
+.Python
+build/
+develop-eggs/
+dist/
+downloads/
+eggs/
+.eggs/
+lib/
+lib64/
+parts/
+sdist/
+var/
+wheels/
+*.egg-info/
+.installed.cfg
+*.egg
+.pytest_cache/
+.coverage
+htmlcov/
+.env
+venv/
+ENV/

nexus_crypt-1.0.0/examples/basic_usage.py

@@ -0,0 +1,50 @@
+"""Basic usage example for NEXUS-Crypt"""
+
+from nexus import NEXUS
+
+def main():
+    print("=== NEXUS-Crypt Demo ===\n")
+    
+   
+    nexus = NEXUS(key_size=256)
+    
+  
+    print("1. Generating keys...")
+    alice_kem_pk, alice_kem_sk = nexus.generate_kem_keypair()
+    alice_sign_pk, alice_sign_sk = nexus.generate_signing_keypair()
+    
+    bob_kem_pk, bob_kem_sk = nexus.generate_kem_keypair()
+    bob_sign_pk, bob_sign_sk = nexus.generate_signing_keypair()
+    print("Keys generated\n")
+    
+
+    print("2. Alice establishing session with Bob...")
+    alice_nexus = NEXUS(key_size=256)
+    kem_ciphertext, alice_shared = alice_nexus.establish_session(bob_kem_pk)
+    print(f"Session established (shared secret: {alice_shared[:8].hex()}...)\n")
+    
+    print("3. Bob accepting session...")
+    bob_nexus = NEXUS(key_size=256)
+    bob_shared = bob_nexus.accept_session(kem_ciphertext, bob_kem_sk)
+    print(f" Session accepted (shared secret: {bob_shared[:8].hex()}...)\n")
+ 
+    assert alice_shared == bob_shared, "Shared secrets don't match!"
+    
+   
+    print("4. Alice encrypting and signing message...")
+    message = b"Hello Bob! This is a secure message using NEXUS-Crypt with PFS!"
+    package = alice_nexus.encrypt_and_sign(message, alice_sign_sk)
+    print(f" Message encrypted ({len(package['ciphertext'])} bytes)")
+    print(f"Signature generated ({len(package['signature'])} bytes)\n")
+    
+    print("5. Bob verifying and decrypting...")
+    decrypted = bob_nexus.verify_and_decrypt(package, alice_sign_pk)
+    print(f" Signature verified")
+    print(f" Message decrypted: {decrypted.decode()}\n")
+
+    assert decrypted == message, "Decryption failed!"
+    
+    print("=== All tests passed! ===")
+
+if __name__ == "__main__":
+    main()

nexus_crypt-1.0.0/nexus/__init__.py

@@ -0,0 +1,14 @@
+
+__version__ = "1.0.0"
+__author__ = "Harshith Madhavaram"
+
+from .core import NEXUSCipher, NEXUS
+from .exceptions import NEXUSError, DecryptionError, SignatureVerificationError
+
+__all__ = [
+    "NEXUS",
+    "NEXUSCipher",
+    "NEXUSError",
+    "DecryptionError",
+    "SignatureVerificationError",
+]

nexus_crypt-1.0.0/nexus/constants.py

@@ -0,0 +1,28 @@
+
+
+STATE_SIZE = 512  
+WORD_SIZE = 128   
+NUM_WORDS = 4
+BLOCK_SIZE = 64   
+
+ROUNDS_256 = 20
+ROUNDS_384 = 22
+ROUNDS_512 = 24
+
+PRIME_ROTATIONS = [17, 31, 61, 127]
+
+GF128_POLY = 0b10000111
+
+LWE_MODULUS = 257
+LWE_ERROR_SIGMA = 3.2
+SBOX_COUNT = 8
+SBOX_SIZE = 256
+
+SBOX_REGEN_BYTES = 1024 * 1024  
+
+
+NTRU_N = 512
+NTRU_Q = 2**128
+
+
+NONCE_SIZE = 16  

nexus_crypt-1.0.0/nexus/core.py

@@ -0,0 +1,232 @@
+import secrets
+import hashlib
+from typing import List, Tuple
+from .math_utils import *
+from .constants import *
+from .exceptions import *
+
+class NEXUSCipher:
+
+    def __init__(self, key: bytes, key_size: int = 256):
+        if key_size not in [256, 384, 512]:
+            raise NEXUSError("Key size must be 256, 384, or 512 bits")
+        
+        expected_len = key_size // 8
+        if len(key) != expected_len:
+            raise NEXUSError(f"Key must be {expected_len} bytes for {key_size}-bit security")
+        
+        self.key = key
+        self.key_size = key_size
+        self.rounds = self._get_rounds()
+        self.round_keys = self._derive_round_keys()
+        self.sboxes = [generate_lwe_sbox(key, i, 0) for i in range(SBOX_COUNT)]
+        self.sbox_counter = 0
+        self.bytes_processed = 0
+        self.gf_matrices = self._generate_gf_matrices()
+    
+    def _get_rounds(self) -> int:
+        return {256: ROUNDS_256, 384: ROUNDS_384, 512: ROUNDS_512}[self.key_size]
+    
+    def _derive_round_keys(self) -> List[List[int]]:
+        key_material = hkdf_sha256(self.key, self.rounds * 64, b"NEXUS-ROUND-KEYS")
+        round_keys = []
+        for i in range(self.rounds):
+            round_key_bytes = key_material[i*64:(i+1)*64]
+            round_key_words = bytes_to_words(round_key_bytes)
+            round_keys.append(round_key_words)
+        return round_keys
+    
+    def _generate_gf_matrices(self) -> List[int]:
+        matrices = []
+        for i in range(NUM_WORDS):
+            h = hashlib.sha256()
+            h.update(self.key)
+            h.update(b"GF-MATRIX")
+            h.update(i.to_bytes(1, 'big'))
+            matrix_element = int.from_bytes(h.digest()[:16], 'big')
+            matrices.append(matrix_element)
+        return matrices
+    
+    def _regenerate_sboxes_if_needed(self):
+        if self.bytes_processed >= SBOX_REGEN_BYTES:
+            self.sbox_counter += 1
+            self.sboxes = [generate_lwe_sbox(self.key, i, self.sbox_counter) for i in range(SBOX_COUNT)]
+            self.bytes_processed = 0
+    
+    def _nexus_round(self, state: List[int], round_num: int) -> List[int]:
+        for i in range(NUM_WORDS):
+            state[i] = (state[i] + self.round_keys[round_num][i]) & ((1 << 128) - 1)
+            state[i] = rol(state[i], PRIME_ROTATIONS[i], 128)
+            lattice_const = generate_lattice_constant(round_num, i)
+            state[i] ^= lattice_const
+        
+        state_bytes = bytearray(words_to_bytes(state))
+        for byte_idx in range(len(state_bytes)):
+            sbox_id = byte_idx % SBOX_COUNT
+            state_bytes[byte_idx] = self.sboxes[sbox_id][state_bytes[byte_idx]]
+        state = bytes_to_words(bytes(state_bytes))
+        
+        for i in range(NUM_WORDS):
+            state[i] = gf128_multiply(state[i], self.gf_matrices[i])
+        
+        state_bits = []
+        for word in state:
+            for bit_pos in range(128):
+                state_bits.append((word >> bit_pos) & 1)
+        
+        ntru_perm = generate_ntru_permutation(self.key, round_num)
+        permuted_bits = [state_bits[ntru_perm[i]] for i in range(NTRU_N)]
+        
+        state = []
+        for word_idx in range(NUM_WORDS):
+            word = 0
+            for bit_idx in range(128):
+                bit_pos = word_idx * 128 + bit_idx
+                word |= (permuted_bits[bit_pos] << bit_idx)
+            state.append(word)
+        
+        return state
+    
+    def _generate_keystream(self, nonce: bytes) -> bytes:
+        state = [0] * NUM_WORDS
+        nonce_extended = nonce + nonce + nonce + nonce
+        nonce_words = bytes_to_words(nonce_extended)
+        
+        for i in range(NUM_WORDS):
+            state[i] ^= nonce_words[i]
+        
+        for round_num in range(self.rounds):
+            state = self._nexus_round(state, round_num)
+        
+        return words_to_bytes(state)
+    
+    def encrypt_block(self, plaintext: bytes, nonce: bytes) -> bytes:
+        if len(plaintext) != BLOCK_SIZE:
+            raise NEXUSError(f"Block must be {BLOCK_SIZE} bytes")
+        if len(nonce) != NONCE_SIZE:
+            raise NEXUSError(f"Nonce must be {NONCE_SIZE} bytes")
+        
+        keystream = self._generate_keystream(nonce)
+        ciphertext = bytes([p ^ k for p, k in zip(plaintext, keystream)])
+        self.bytes_processed += BLOCK_SIZE
+        self._regenerate_sboxes_if_needed()
+        return ciphertext
+    
+    def decrypt_block(self, ciphertext: bytes, nonce: bytes) -> bytes:
+        if len(ciphertext) != BLOCK_SIZE:
+            raise NEXUSError(f"Block must be {BLOCK_SIZE} bytes")
+        if len(nonce) != NONCE_SIZE:
+            raise NEXUSError(f"Nonce must be {NONCE_SIZE} bytes")
+        
+        keystream = self._generate_keystream(nonce)
+        plaintext = bytes([c ^ k for c, k in zip(ciphertext, keystream)])
+        self.bytes_processed += BLOCK_SIZE
+        self._regenerate_sboxes_if_needed()
+        return plaintext
+    
+    def encrypt(self, plaintext: bytes, nonce: bytes = None) -> Tuple[bytes, bytes]:
+        if nonce is None:
+            nonce = secrets.token_bytes(NONCE_SIZE)
+        
+        pad_len = BLOCK_SIZE - (len(plaintext) % BLOCK_SIZE)
+        plaintext += bytes([pad_len] * pad_len)
+        
+        ciphertext = b''
+        for i in range(0, len(plaintext), BLOCK_SIZE):
+            block = plaintext[i:i+BLOCK_SIZE]
+            block_nonce = nonce + i.to_bytes(16, 'big')
+            block_nonce = hashlib.sha256(block_nonce).digest()[:NONCE_SIZE]
+            encrypted_block = self.encrypt_block(block, block_nonce)
+            ciphertext += encrypted_block
+        
+        return ciphertext, nonce
+    
+    def decrypt(self, ciphertext: bytes, nonce: bytes) -> bytes:
+        if len(ciphertext) % BLOCK_SIZE != 0:
+            raise DecryptionError("Invalid ciphertext length")
+        
+        plaintext = b''
+        for i in range(0, len(ciphertext), BLOCK_SIZE):
+            block = ciphertext[i:i+BLOCK_SIZE]
+            block_nonce = nonce + i.to_bytes(16, 'big')
+            block_nonce = hashlib.sha256(block_nonce).digest()[:NONCE_SIZE]
+            decrypted_block = self.decrypt_block(block, block_nonce)
+            plaintext += decrypted_block
+        
+        pad_len = plaintext[-1]
+        if pad_len <= BLOCK_SIZE and pad_len > 0:
+            plaintext = plaintext[:-pad_len]
+        
+        return plaintext
+
+
+class NEXUS:
+
+    def __init__(self, key_size: int = 256):
+        self.key_size = key_size
+        self.cipher = None
+        
+        try:
+            from pqcrypto.kem.ml_kem_768 import generate_keypair as kyber_keygen
+            from pqcrypto.kem.ml_kem_768 import encrypt as kyber_encrypt
+            from pqcrypto.kem.ml_kem_768 import decrypt as kyber_decrypt
+            from pqcrypto.sign.ml_dsa_65 import generate_keypair as dilithium_keygen
+            from pqcrypto.sign.ml_dsa_65 import sign as dilithium_sign
+            from pqcrypto.sign.ml_dsa_65 import verify as dilithium_verify
+            
+            self.kyber_keygen = kyber_keygen
+            self.kyber_encrypt = kyber_encrypt
+            self.kyber_decrypt = kyber_decrypt
+            self.dilithium_keygen = dilithium_keygen
+            self.dilithium_sign = dilithium_sign
+            self.dilithium_verify = dilithium_verify
+        except ImportError:
+            raise NEXUSError("Please install pqcrypto: pip install pqcrypto")
+    
+    def generate_kem_keypair(self) -> Tuple[bytes, bytes]:
+        public_key, secret_key = self.kyber_keygen()
+        return public_key, secret_key
+    
+    def generate_signing_keypair(self) -> Tuple[bytes, bytes]:
+        public_key, secret_key = self.dilithium_keygen()
+        return public_key, secret_key
+    
+    def establish_session(self, peer_public_key: bytes) -> Tuple[bytes, bytes]:
+        ciphertext, shared_secret = self.kyber_encrypt(peer_public_key)
+        enc_key = hkdf_sha256(shared_secret, self.key_size // 8, b"NEXUS-ENC")
+        self.cipher = NEXUSCipher(enc_key, self.key_size)
+        return ciphertext, shared_secret
+    
+    def accept_session(self, ciphertext: bytes, secret_key: bytes) -> bytes:
+        shared_secret = self.kyber_decrypt(secret_key, ciphertext)
+        enc_key = hkdf_sha256(shared_secret, self.key_size // 8, b"NEXUS-ENC")
+        self.cipher = NEXUSCipher(enc_key, self.key_size)
+        return shared_secret
+    
+    def hash(self, data: bytes) -> bytes:
+        return hashlib.sha256(data).digest()
+    
+    def encrypt_and_sign(self, plaintext: bytes, signing_key: bytes) -> dict:
+        if self.cipher is None:
+            raise NEXUSError("Session not established. Call establish_session first.")
+        
+        ciphertext, nonce = self.cipher.encrypt(plaintext)
+        digest = self.hash(ciphertext)
+        signature = self.dilithium_sign(signing_key, digest)
+        
+        return {'ciphertext': ciphertext, 'nonce': nonce, 'signature': signature}
+    
+    def verify_and_decrypt(self, package: dict, verify_key: bytes) -> bytes:
+        if self.cipher is None:
+            raise NEXUSError("Session not established.")
+        
+        digest = self.hash(package['ciphertext'])
+        try:
+            is_valid = self.dilithium_verify(verify_key, digest, package['signature'])
+            if not is_valid:
+                raise SignatureVerificationError("Signature verification failed")
+        except Exception as e:
+            raise SignatureVerificationError(f"Signature verification failed: {e}")
+        
+        plaintext = self.cipher.decrypt(package['ciphertext'], package['nonce'])
+        return plaintext

nexus_crypt-1.0.0/nexus/exceptions.py

@@ -0,0 +1,11 @@
+class NEXUSError(Exception):
+    pass
+
+class DecryptionError(NEXUSError):
+    pass
+
+class SignatureVerificationError(NEXUSError):
+    pass
+
+class KeyGenerationError(NEXUSError):
+    pass

nexus_crypt-1.0.0/nexus/kem.py

@@ -0,0 +1,25 @@
+from typing import Tuple
+class MLKEM:
+
+    
+    def __init__(self):
+        try:
+            from pqcrypto.kem.kyber768 import (
+                generate_keypair,
+                encrypt,
+                decrypt
+            )
+            self.generate_keypair = generate_keypair
+            self.encrypt = encrypt
+            self.decrypt = decrypt
+        except ImportError:
+            raise ImportError("pqcrypto not installed")
+    
+    def keygen(self) -> Tuple[bytes, bytes]:
+        return self.generate_keypair()
+    
+    def encapsulate(self, public_key: bytes) -> Tuple[bytes, bytes]:
+        return self.encrypt(public_key)
+    
+    def decapsulate(self, ciphertext: bytes, secret_key: bytes) -> bytes:
+        return self.decrypt(ciphertext, secret_key)