A public summary of HybridCipher's security posture, protections, and known limitations
HybridCipher is an end-to-end encrypted group file sharing system with hybrid post-quantum key delivery. We publish this summary to set clear expectations and keep our security posture transparent as the system evolves.
Servers should never see plaintext file contents or epoch keys. All sensitive data remains encrypted end-to-end.
Files, group state, and key-delivery messages are authenticated. Tampering is detectable through cryptographic verification.
Rekeying, recovery, and transparency logs help detect or limit damage from compromise.
The following assets are protected by HybridCipher's security architecture:
Asymmetric password-authenticated key exchange that avoids reusable password hashes. The server never sees your password.
X25519 + ML-KEM-768 for Welcome payloads. Provides both classical and post-quantum securityβif either algorithm fails, the other still protects.
AEAD encryption with domain separation for file contents. High-performance, no hardware acceleration required.
Digital signatures for Welcome payloads and snapshot roots ensure authenticity and non-repudiation.
Coverage and membership snapshots are cryptographically verifiable via Merkle tree proofs.
Secure recovery with OTP verification and automatic session invalidation for compromised devices.
Detect unexpected server history modifications through cryptographic audit trails.
Server-side protections against brute force attacks and comprehensive audit logging.
Passive and active attackers including MITM, replay, and downgrade attacks on network traffic.
Malicious or compromised server attempting to access plaintext data or forge group state.
Malicious or compromised group member or device attempting unauthorized access.
Attacker with access to a user's local machine attempting to extract keys or data.
Attacker with access to the recovery channel (email inbox) attempting account takeover.
Attacker with access to signing keys attempting to forge certificates or transparency proofs.
Adversaries with access to cryptographically relevant quantum computers. Our hybrid approach (X25519 + ML-KEM-768) provides long-term protection. Note: TLS remains classical today.
If a device is infected or the mountpoint is exposed, plaintext can be stolen.
Metadata (timing, size, group membership) can still leak.
There is no built-in escrow for decrypting user data.
Recovery depends on user-managed recovery material; loss can be unrecoverable.
Operational controls and audits are still required for regulated environments.
OS integrity, local storage, and device access controls are intact.
Proper TLS setup is enforced by thirdβparty infrastructure.
KMS/HSM custody and IAM controls are in place.
Checkpoint delivery works; storage, CDN, and DNS services stay available.
Recovery codes and backup artifacts are stored safely by users/admins.
HybridCipher provides strong cryptographic protections and hybrid post-quantum key delivery. We publish this summary to set clear expectations and to keep our security posture transparent as the system evolves.