Quantum Protection Overview

ByteHide Storage implements post-quantum cryptography (PQC) to protect your data against both classical and quantum computer attacks.

Zero-Knowledge Architecture

ByteHide Storage is designed with a zero-knowledge architecture, meaning:

Key Management: While ByteHide Storage manages the PQC key infrastructure automatically, the master encryption phrase remains exclusively under your control.
Data Privacy: ByteHide cannot decrypt your files - only you have access through your master phrase.
Security Model: Even if ByteHide's infrastructure were compromised, your data remains secure.

Master Phrase Security

Your master encryption phrase is critical for data access. If lost, your encrypted files cannot be recovered. We strongly recommend using ByteHide Secrets for secure phrase management.

See our Zero-Knowledge Encryption guide for detailed information.

What is Post-Quantum Cryptography?

Post-quantum cryptography refers to cryptographic algorithms that are believed to be secure against attacks by both classical and quantum computers. As quantum computers evolve, they pose a significant threat to traditional encryption methods. ByteHide's quantum protection ensures your data remains secure even in a post-quantum world.

Available Algorithms

ByteHide Storage supports multiple quantum-resistant algorithms:

Kyber Family

Kyber512 - Balanced performance
Kyber768 - Enhanced security
Kyber1024 - Maximum security (Default)

MLKEM Family

MLKEM512 - Alternative balanced option
MLKEM768 - Alternative enhanced security
MLKEM1024 - Alternative maximum security

Additional Options

Sntrup761 - NIST finalist
FrodoKem1344Shake - Conservative choice

Using Quantum Protection

Enable quantum protection in your storage operations:

// Initialize with default (Kyber1024) and master phrase
var secrets = new SecretsManager("<secrets_token>");
string masterPhrase = await secrets.Get("storage_master_phrase");

var storage = new StorageManager("<token>", masterPhrase);

// Specify algorithm with secure phrase management
var storage = new StorageManager(
    "<token>", 
    masterPhrase,
    quantumAlgorithm: QuantumAlgorithmType.Kyber1024
);

// Enable quantum encryption for operations
await storage
    .EncryptWithQuantum()
    .Set("secure/data.dat", sensitiveData);

Secure Key Management

Always use secure key management practices:

Store your master phrase in ByteHide Secrets
Never hardcode the phrase in your code
Use different phrases for different environments
Implement proper key rotation procedures

Algorithm Selection Guide

Choose your algorithm based on your security needs:

Security Level	Recommended Algorithm	Use Case
Standard	Kyber512	General purpose, good performance
Enhanced	Kyber768	Sensitive data, balanced approach
Maximum	Kyber1024	Critical data, future-proof security
Conservative	FrodoKem1344Shake	Highest security margin

Default Choice

Kyber1024 is the default algorithm, providing maximum security while maintaining good performance. This is suitable for most use cases.

Performance Considerations

Algorithm performance comparison:

// Faster, good security
var fastStorage = new StorageManager(
    quantumAlgorithm: QuantumAlgorithmType.Kyber512
);

// Maximum security, slightly slower
var secureStorage = new StorageManager(
    quantumAlgorithm: QuantumAlgorithmType.Kyber1024
);

Security Note

All supported algorithms provide post-quantum security
Higher security levels may impact performance
Choose based on your specific security requirements
Consider using different algorithms for different data types

Best Practices

Key Management
- Use ByteHide Secrets for master phrase storage
- Implement proper key rotation procedures
- Keep backup of master phrases in a secure location
- Use different phrases for different environments
Algorithm Selection
- Use Kyber1024 for critical data
- Consider Kyber512 for frequent operations
- Use FrodoKem for maximum security margin
Implementation
- Enable quantum protection for sensitive data
- Combine with standard encryption for layers of security
- Document your algorithm choices
Security Architecture
- Understand the zero-knowledge design
- Plan for key recovery scenarios
- Document your security architecture
- Regular security audits

Critical Security Note

Remember that ByteHide's zero-knowledge architecture means:

Only you can decrypt your files
Your master phrase cannot be recovered if lost
ByteHide cannot access your encrypted data
Proper key management is crucial

Learn More

Explore specific algorithm documentation for detailed information about security parameters, performance characteristics, and implementation details.