Making of SARE: Master Seeds in Hybrid Post-Quantum Encryption
A few years ago, I started working on a project called the Sare Project. Sare stands for Safe At Rest Encryption. I wanted to make a hybrid post-quantum encryption library and tool to be a post-quantum replacement for GPG.
I have been away from this project for almost a year, and when I opened the codebase I didn’t know what I had done. So I thought as I read my own old code, I could explain why I did certain things and what ideas led me down those paths.
The first issue was that I wanted something hybrid, meaning it would be the best of both worlds. If the post-quantum algorithms failed, we’d still have our normal algorithms like elliptic curves.
The issue was that I needed one post-quantum KEM (Key Encapsulation Mechanism) for encapsulation. Encapsulation in cryptography is a method to securely establish a shared secret key between two parties over an insecure channel, using asymmetric (public-key) cryptography.
The way that these KEMs work is that they generate a public key and a secret key. Then, using the recipient’s public key, a ciphertext (called an “encapsulation”) and a shared secret are produced. On decapsulation, the recipient uses their secret key to recover the shared secret from the ciphertext.
