Wiki home / Technology

Cryptography

Status: Draft Audience: Administrators and technical users

This page explains the cryptographic building blocks used by DNA-Nexus in practical terms. It is intended as a central reference for post-quantum sharing, local browser decryption, file integrity and related security concepts.

Post-quantum sharing

DNA-Nexus can use post-quantum protected invite links for sensitive file sharing. The recipient opens the invite in a browser, enrolls a local device key and then decrypts the protected file locally before download.

ML-KEM-768

ML-KEM-768 is a post-quantum key encapsulation mechanism. In DNA-Nexus, it is used for protected sharing: the recipient browser has a local ML-KEM-768 device key, and the shared file key can be opened only by that enrolled browser/device key.

ML-KEM-768 is not used to encrypt the whole file directly. Instead, it is used to protect or open a smaller file key. The actual file content is then encrypted with a symmetric encryption algorithm such as AES-256-GCM.

ML-KEM-768 targets NIST security category 3. In simple terms, this is intended to give a security level comparable to about 192-bit symmetric security. A 192-bit search space is 2192, which is about 6.28 × 1057 possible values.

Scale comparison: even if you imagined a huge sand pile containing 1022 grains of sand, a 2192 space would still be about 6.28 × 1035 times larger than that grain count. Even a hypothetical machine trying 1018 candidates every second would need about 2 × 1032 years to count through the full 2192 space.

It is still better to describe ML-KEM as lattice-based security rather than “trying every key.” Its real security comes from hard lattice problems, not from a simple password-style key search.

AES-256-GCM

AES-256-GCM is used for encrypting file content. AES-256 provides a 256-bit secret key, and GCM adds authenticated encryption. This means the browser can both decrypt the file and verify that the encrypted content has not been modified.

The AES-256 key space is 2256 possible keys. Written out, that is approximately 1.16 × 1077 possible keys. This is far beyond practical brute force.

Scale comparison: a 2256 key space is 264 times larger than a 2192 space. That is about 18.4 quintillion times larger. Even at 1018 guesses per second, counting through the full AES-256 key space would take about 3.7 × 1051 years.

GCM also uses a nonce, commonly 96 bits. A 96-bit nonce space contains 296 possible values, about 7.92 × 1028. The important rule is that the same nonce must not be reused with the same AES key.

Scale comparison: 296 is not meant to be a brute-force security level in GCM. It is a uniqueness space for nonces. Even so, counting through 296 values at one trillion new values per second would take about 2.5 billion years. The real rule is simpler: never reuse the same nonce with the same AES key.

GCM typically uses a 128-bit authentication tag. A random successful forgery attempt has roughly a 1 in 2128 chance, about 1 in 3.40 × 1038, assuming correct use of the algorithm.

Scale comparison: a 128-bit authentication tag has about 3.40 × 1038 possible tag values. A random successful forgery is like guessing the right one out of that entire space. Even at one trillion random attempts per second, the expected time for one random hit would be on the order of 1019 years, assuming ideal random guessing.

Local device key

A recipient browser can hold a local device key protected by a passphrase. The passphrase is not sent to the server. If the passphrase is lost, that browser cannot unlock older shares tied to the previous local device key.

Content encryption

Protected share content is encrypted separately from the invite flow. The browser opens the file key and decrypts the file locally before handing the file to the user.

File integrity

DNA-Nexus can show and copy file checksums such as SHA-256 so that users can identify files and verify integrity-sensitive workflows.