A simulation environment for testing and benchmarking post-quantum cryptography implementations against traditional cryptographic methods.
This project provides a sandbox for experimenting with post-quantum cryptographic algorithms (specifically ML-KEM and ML-DSA) compared to traditional elliptic curve cryptography (NaCl/TweetNaCl). It simulates a collaborative document editing environment where users encrypt, decrypt, sign, and verify messages, allowing for performance and security analysis.
- Dual Cryptography Support: Implements both post-quantum and traditional cryptography providers
- Multiple Encryption Paradigms: Supports mailbox (direct user-to-user) and team-based encryption models
- Realistic Simulation: Models collaborative document editing with configurable parameters
- Performance Analytics: Collects and visualizes encryption, decryption, signing, and verification times
- Configurable Environment: Easily modify user counts, document distribution, and activity levels
- Implements ML-KEM (CRYSTALS-Kyber) for key encapsulation
- Implements ML-DSA (CRYSTALS-Dilithium) for digital signatures
- Uses AES-GCM for symmetric encryption
- Uses Curve25519 for asymmetric encryption
- Uses Ed25519 for digital signatures
- Compatible with existing CryptPad encryption models
The system is built around these core components:
- Crypto Providers: Modular implementations of cryptographic primitives
- User Model: Simulates users with their own key pairs who perform cryptographic operations
- Document Model: Represents shared documents with multiple editors
- Document Server: Facilitates message broadcasting between users
- Simulation Engine: Orchestrates the entire simulation process
import { runSimulation } from './scripts/simulation/Simulation.js';
// Configure the simulation parameters
const simulationParams = {
numUsers: 30,
numDocuments: 30,
maxEditsPerUser: 100,
logFrequency: 20,
useDistribution: true,
cryptoScheme: 'pqc', // or 'nacl'
encryptorType: 'mailbox' // or 'team'
};
// Run the simulation
const results = await runSimulation(simulationParams);numUsers: Number of users to createnumDocuments: Number of documents to createmaxEditsPerUser: Maximum number of edits per userlogFrequency: How often to log progressuseDistribution: Whether to use statistical distributions for realistic user behaviorcryptoScheme: Cryptography implementation to use ('pqc' or 'nacl')encryptorType: Encryption model to use ('mailbox' or 'team')
When running simulations:
- Post-quantum algorithms typically have larger key sizes and may be computationally more intensive
- Team-based encryption reduces the number of encryption operations but may have higher initial overhead
- For large simulations, consider increasing log frequency to reduce UI updates
The system supports two approaches for sending encrypted messages to multiple recipients:
- Mailbox encryption: Each message is individually encrypted for each recipient
- Team encryption: Messages are encrypted once with a shared team key
For both providers, the encryption process works in layers:
- Generate or retrieve asymmetric key pairs
- Perform key encapsulation or key exchange
- Use the resulting shared secret for symmetric encryption
- Sign the message with the sender's private signing key
To implement a new cryptographic provider:
- Create a new provider class implementing the required methods
- Register it in
cryptoProvider.js - Update the
CRYPTO_SCHEMESenum with the new scheme name
Required provider methods: (maintain name for compatibility with existing code)
init()generateKEMKeyPair()generateDSAKeyPair()createMailboxEncryptor(keys)createTeamEncryptor(keys)
- Add support for additional post-quantum algorithms
- Add more detailed analysis of message sizes and bandwidth usage
- Create visual comparisons of cryptographic performance
- Add automated testing suite for cryptographic correctness
This project is provided as is under the GNU Affero General Public License v3.0.