You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The *`Strandlock`* Protocol is a composite encryption protocol designed to intertwine multiple cryptographic primitives to achieve robust security. Its purpose is to ensure that the compromise of one, two, or even three different cryptographic primitives does not jeopardize the confidentiality or integrity of messages.
17
17
18
-
The protocol retains high-availability asynchronous behaviour, without reducing security and or privacy like similar protocols.
18
+
The protocol retains high-availability asynchronous behaviour, but it does require stateful managing, and it achieves so without reducing security and or privacy like similar protocols.
19
19
20
20
If `ML-KEM-1024` and `Classic McEliece-8192128` are broken, messages remain secure, provided that the initial `SMP` verification request is not intercepted. If the initial SMP request is intercepted, security is maintained as long as the SMP answer retains sufficient entropy.
21
21
@@ -525,6 +525,20 @@ Under the stated model and assuming correct implementation:
525
525
526
526
- If the initial SMP secret has sufficient entropy, active MITM during first contact is prevented. If it is weak, MITM may succeed to pull TOFU-style MITM attack during setup to spoof the per-contact signing key.
527
527
528
+
#### 7.6. Conditional OTP Guarantee.
529
+
If, and only if, the following conditions hold for a given OTP batch:
530
+
531
+
- The OTP batch was generated from at least one source of entropy that is unpredictable to the adversary at the time of generation (i.e., high-quality TRNG or equivalent with documented entropy)
532
+
533
+
- The OTP batch was delivered to the recipient without being intercepted by the adversary (adversary had no on-path access during the OTP batch delivery)
534
+
- The implementation enforces the pad lifecycle rules in this specification (immediate truncation, secure zeroization, atomic state updates, and crash-consistent journaling),
535
+
then all messages encrypted with that OTP batch enjoy information-theoretic confidentiality (Shannon secrecy) for the lifetime of the consumed pads.
536
+
537
+
Fallback Guarantee.
538
+
- If any of the above conditions do not hold (e.g., the OTP batch was intercepted, the entropy source was compromised, or pad lifecycle rules were violated), confidentiality for affected messages degrades to the computational security provided by the layered primitives: xChaCha20-Poly1305 AEAD combined with the hybrid KEMs (ML-KEM-1024 and Classic-McEliece-8192128). In this degraded case, the security assumptions are the standard computational hardness assumptions for the listed primitives.
539
+
540
+
- Implementers must not claim absolute, unconditional OTP security; instead they must present the conditional guarantee above and provide evidence that the OTP-batch conditions were satisfied.
0 commit comments