Description:DESCRIPTION:
Field of the invention:
[0001] The present disclosure generally relates to the technical field of cryptography, and in specific relates to symmetric key encryption methods and systems that are resistant to quantum computing-based attacks, and pertains to a quantum-resistant block cipher mode of operation.
Background of the invention:
[0002] The rapid advancement of quantum computing presents a formidable challenge to conventional cryptographic systems. Quantum algorithms, especially Grover’s algorithm, threaten the foundational security assumptions of symmetric encryption schemes by drastically reducing the time required to brute-force cryptographic keys. As such, there is an urgent need to develop new encryption modes that can withstand the computational power of future quantum adversaries without imposing impractical demands on performance or compatibility with existing systems.
[0003] Symmetric encryption schemes, such as DES and AES, have long been considered secure in classical computing environments. However, the emergence of quantum computing undermines this confidence. Grover’s algorithm, for instance, can reduce the effective security of a 128-bit key to just 64 bits—rendering previously robust ciphers vulnerable. This poses a critical risk for data that requires long-term confidentiality, such as state secrets and sensitive industrial information. Even more alarming is the fate of legacy systems, which still rely on shorter key lengths (e.g., 56-bit DES), becoming trivial to compromise within minutes using quantum hardware.
[0004] Another significant issue arises from the natural response to quantum threats: increasing key length. While this can improve security, it also brings substantial performance drawbacks. Longer keys and repeated encryption cycles can lead to latency and resource constraints, especially in real-time or embedded systems. Furthermore, systems not originally designed to support longer key sizes may face compatibility challenges, making upgrades costly or infeasible.
[0005] Researchers and cryptographers have proposed several strategies to enhance quantum resilience in symmetric encryption. Designs such as AES-256 or newer ciphers like Saturnin adopt larger key and block sizes to offset Grover’s algorithm’s quadratic speedup. Systems like Double-AES and QuEME apply multiple encryption layers to boost security, combining key alternation with mixing steps. Approaches like DBST integrate key-dependent S-boxes to prevent adversaries from exploiting static cipher structures. These combine symmetric ciphers with quantum-resistant asymmetric algorithms (e.g., lattice-based schemes) to build comprehensive security frameworks.
[0006] Despite these efforts, current solutions exhibit critical shortcomings. While AES-256 offers improved resistance, it only restores effective security to 128 bits. Future advances in quantum hardware could further narrow this margin. Techniques such as double encryption and longer keys dramatically increase computational overhead. In scenarios demanding low latency or operating under power constraints, such as IoT and embedded devices, these measures are often impractical. Most existing schemes have a fixed cost-performance balance and cannot adapt to evolving threat models. They lack a tunable parameter that would allow users to calibrate security based on the sensitivity of the data and expected longevity of protection. Many solutions demand structural changes to the cipher or require adopting entirely new cryptographic primitives, making them unsuitable for backward compatibility or constrained environments.
[0007] Therefore, there is a need for symmetric key encryption methods and systems that are resistant to quantum computing-based attacks, and pertains to a quantum-resistant block cipher mode of operation. There is also a need for a system for quantum-resistant symmetric encryption using block cipher operations.
Objectives of the invention:
[0008] The primary objective of the invention is to provide a system with a quantum-resistant encryption mode that significantly enhances the brute-force resilience of existing symmetric-key algorithms—without requiring larger keys or cryptographic primitives, thereby preserving compatibility with legacy systems.
[0009] The other objective of the invention is to provide a system that strengthen symmetric-key encryption against quantum attacks by introducing structural mechanisms that are computationally expensive and inherently sequential, thus resistant to quantum acceleration.
[0010] The other objective of the invention is to provide a system that implement a double-locking encryption scheme wherein two encryption operations—each using the same secret key but applied differently—are used in conjunction to secure the cipher text header and the data payload, thereby adding multiple layers of cryptographic complexity.
[0011] Another objective of the invention is to provide a system that dynamically generate key-dependent S-boxes per encryption session using a computationally expensive process based on SHA-512 hashing and iterative permutation.
[0012] The other objective of the invention is to provide a system that introduces a tunable configuration parameter, which allows users to balance security and performance by adjusting the intensity of S-box generation.
[0013] Yet another objective of the invention is to provide a system optionally extends the key space by 8 bits and introducing confusion for brute-force attackers who must guess both the key and the configuration.
[0014] Another objective of the invention is to provide a system that maintains compatibility with standard block ciphers, allowing seamless integration of QRBCM into existing encryption systems without changing the underlying encryption algorithm or key format, thereby reducing the cost of adoption.
Summary of the invention:
[0015] The present disclosure proposes a system for quantum-resistant symmetric encryption using block cipher operations and method thereof. The following presents a simplified summary in order to provide a basic understanding of some aspects of the claimed subject matter. This summary is not an extensive overview. It is not intended to identify key/critical elements or to delineate the scope of the claimed subject matter. Its sole purpose is to present some concepts in a simplified form as a prelude to the more detailed description that is presented later.
[0016] In order to overcome the above deficiencies of the prior art, the present disclosure is to solve the technical problem to provide symmetric key encryption methods and systems that are resistant to quantum computing-based attacks, and pertains to a quantum-resistant block cipher mode of operation.
[0017] According to an aspect, the invention provides a system for quantum-resistant symmetric encryption using block cipher operations. The system comprises a computing device having a processor and a memory for storing instructions, and plurality of modules executable by the processor to perform quantum-resistant symmetric encryption.
[0018] In one embodiment, the computing device is in communication of a server through a network. The plurality of modules comprises an input module, a generation module, a double lock header module, a tweak generation module, a block masking module, and an output module.
[0019] In one embodiment, the input module is configured to receive encryption input data, which comprises a secret key, a configuration parameter, plurality of plaintext data blocks, and a seed value. In one embodiment, the system is configured to operate selectively in a secret configuration mode, and a public configuration mode. The configuration parameter is accessible to adversarial entities in the public configuration mode. The configuration parameter is accessible to a sender and a receiver.
[0020] In one embodiment, the generation module is configured to generate a first random value, a second random value, and a session-specific substitution box based on the secret key, the configuration parameter, and the seed value. In one embodiment, the generation module is configured to perform a cryptographic hash on the secret key and the seed value to obtain a hash output. Then, generate a transformation list from the hash output using a bit-wise operation and modular operations. Later, perform a series of iterative permutation functions to an identity of the session-specific substitution box for a definite number of rounds.
[0021] In one embodiment, the configuration parameter is an 8-bit value that adjusts number of the session-specific substitution box generation. The processor is configured to precompute and store plurality of session-specific substitution box for plurality of seed values corresponding to a fixed configuration parameter to eliminate runtime latency.
[0022] In one embodiment, the double lock header module is configured to encrypt the first random value using a block cipher, and the secret key to generate a first encryption header block. Further, the double lock header module is configured to encrypt the second random value, using the block cipher, and the secret key, and substituting the session-specific substitution box to generate a second encryption header block.
[0023] In one embodiment, the tweak generation module is configured to generate a tweak value for each plaintext data block. In one embodiment, the block masking module is configured to mask the plaintext data block with the respective tweak value to obtain a masked data block. Further, the block masking module is configured to encrypt the masked data block using the secret key and the block cipher to obtain an encrypted data block.
[0024] In one embodiment, the output module is configured to generate a ciphertext, which comprises the first encryption header block, the second encryption header block, and the encrypted data blocks. In one embodiment, the processor is configured to perform decryption operation by decrypting the first encryption header block to recover the first random value and extract the seed value. Then, the session-specific substitution box is regenerated based on the seed value, the configuration parameter, and the secret key. Later, the regenerated session-specific substitution box is applied to the second encryption header block and decrypting to obtain the second random value.
[0025] According to another aspect, the invention provides a method for performing quantum-resistant symmetric encryption. First, the secret key, the configuration parameter, the seed value and plurality of plaintext data blocks are received by the input module. Next, the first random value is generated by the generation module. At one least significant byte of the first random value comprises the seed value.
[0026] Next, the second random value is generated by the generation module. Further, the generation module generates the session-specific substitution box based on the secret key, the configuration parameter, and the seed value. Next, the first random value is encrypted by the double lock header module using a block cipher and the secret key to generate the first encryption header block. Next, the second random value is encrypted by the double lock header module with the secret key using the block cipher to obtain an encryption output. Later, the session-specific substitution box is applied to the encryption output to generate the second encryption header block.
[0027] Next, the tweak value of each plaintext data block is generated by the tweak generation module based on a block index and the second random value. Next, each plaintext block is masked by the block masking module using the respective tweak value to obtain a masked data block. Followed by encrypting the masked data block using the secret key and the block cipher to obtain an encrypted data block. Later, the ciphertext is generated by the output module. The ciphertext comprises the first encryption header block, the second encryption header block, and the encrypted data blocks.
[0028] Further, objects and advantages of the present invention will be apparent from a study of the following portion of the specification, the claims, and the attached drawings.
Detailed description of drawings:
[0029] The accompanying drawings, which are incorporated in and constitute a part of the specification, illustrate an embodiment of the invention, and, together with the description, explain the principles of the invention.
[0030] FIG. 1 illustrates a block diagram of a system for quantum-resistant symmetric encryption using block cipher operations, in accordance to an exemplary embodiment of the invention.
[0031] FIG. 2 illustrates a QRBCM encryption architecture of the system, in accordance to an exemplary embodiment of the invention.
[0032] FIG. 3A illustrates a flowchart for a process of S-box generation in the QRBCM mode of operation, in accordance to an exemplary embodiment of the invention.
[0033] FIG. 3B illustrates a flowchart depicting the operation of an iterate S-Box function.
[0034] FIG. 4 illustrates a flowchart depicting a complete process of data block encryption, in accordance to an exemplary embodiment of the invention.
[0035] FIG. 5 illustrates a flowchart of overall decryption workflow, in accordance to an exemplary embodiment of the invention.
[0036] FIG. 6 illustrates a flowchart of a method for performing quantum-resistant symmetric encryption, in accordance to an exemplary embodiment of the invention.
Detailed invention disclosure:
[0037] Various embodiments of the present invention will be described in reference to the accompanying drawings. Wherever possible, same or similar reference numerals are used in the drawings and the description to refer to the same or like parts or steps.
[0038] The present disclosure has been made with a view towards solving the problem with the prior art described above, and it is an object of the present invention to provide symmetric key encryption methods and systems that are resistant to quantum computing-based attacks, and pertains to a quantum-resistant block cipher mode of operation.
[0039] According to an exemplary embodiment of the invention, FIG. 1 refers to a block diagram of a system 100 for quantum-resistant symmetric encryption using block cipher operations. The system 100 comprises a computing device 102 having a processor 104 and a memory 106 for storing instructions, and plurality of modules 108 executable by the processor 104 to perform quantum-resistant symmetric encryption.
[0040] In one embodiment herein, the system 100 is referred as quantum resistant block cipher mode (QRBCM) system. The computing device 102 is in communication of a server 122 through a network 124. The plurality of modules 108 comprises an input module 110, a generation module 112, a double lock header module 114, a tweak generation module 116, a block masking module 118, and an output module 120.
[0041] In one embodiment, the input module 110 is configured to receive encryption input data, which comprises a secret key (K), a configuration parameter (T), plurality of plaintext data blocks, and a seed value (Q). In one embodiment, the system 100 is configured to operate selectively in at least one of a secret configuration mode, and a public configuration mode. In the public configuration mode, the configuration parameter (T) is openly accessible and may be known to adversarial entities. In contrast, in the secret configuration mode, the configuration parameter (T) is known only to a sender and an intended receiver, and is not disclosed or inferable by external observers.
[0042] In one embodiment, the system 100 enables the configuration parameter (T) to function either as a non-secret value, analogous to a selection model (e.g., QRBCM with AES as the base cipher), or as a confidential component shared exclusively between communicating parties. When operating in the secret configuration mode, the parameter (T) is treated as an extension of the cryptographic key, effectively increasing the key space by 2⁸ (i.e., 256 possible values), equivalent to adding 8 bits of entropy. Although this extension may appear modest in terms of key length, it imposes a non-trivial computational penalty on brute-force adversaries.
[0043] In one embodiment, the generation module 112 is configured to generate a first random value (R1), a second random value (R2), and a session-specific substitution box (S-box) based on the secret key, the configuration parameter, and the seed value. In one embodiment, the generation module 112 is configured to perform a cryptographic hash on the secret key and the seed value to obtain a hash output. Then, generate a transformation list from the hash output using a bit-wise operation and modular operations. Later, perform a series of iterative permutation functions to an identity of the session-specific substitution box for a definite number of rounds.
[0044] In one embodiment, the configuration parameter (T) is an 8-bit value that adjusts number of the session-specific substitution box generation. The processor 104 is configured to precompute and store plurality of session-specific substitution box for plurality of seed values corresponding to a fixed configuration parameter to eliminate runtime latency. In one embodiment, any incorrect assumption of the configuration parameter (T) during a brute-force attempt results in the generation of an entirely incorrect dynamic substitution box (S-box), causing the decryption process to fail even if the correct key (K) is guessed. This characteristic significantly hinders brute-force verification techniques by confounding result validation and thereby increases the effective difficulty of key recovery attacks.
[0045] In one embodiment, both the sender and the receiver agree upon a configuration parameter (T), which is an 8-bit value ranging from 0 to 255 and can be stored in a single byte. In public configuration mode, the value of T is assumed to be known to potential adversaries, similar to how the underlying encryption model and cipher block mode are typically considered public knowledge. In secret configuration mode, the configuration parameter (T) is shared exclusively between the sender and the receiver and is not disclosed to any external parties. In this mode, T effectively serves as an extension of the cryptographic key, increasing the key space by an additional byte (8 bits) and thereby enhancing resistance to brute-force attacks.
[0046] Table 1:
Feature / Metric
DES-CBC DES-QRBCM (T = 0)
Public Configuration Mode DES-QRBCM (T =
255) Public Configuration Mode DES-QRBCM
Secret Configuration Mode
Key Size 56 bits 56 bits 56 bits 56 bits
Quantum Brute-Force 2²⁸ key 2²⁸ key 2²⁸ key 2²⁸ key
Time 4.5 minutes 15 days 16.36 years 1,297 years

[0047] In one embodiment, the double lock header module 114 is configured to encrypt the first random value (R1) using a block cipher, and the secret key (K) to generate a first encryption header block (E1). Further, the double lock header module 114 is configured to encrypt the second random value (R2), using the block cipher, and the secret key (K), and substituting the session-specific substitution box to generate a second encryption header block (E2).
[0048] In one embodiment, the tweak generation module 116 is configured to generate a tweak value for each plaintext data block. In one embodiment, the block masking module 118 is configured to mask the plaintext data block with the respective tweak value to obtain a masked data block. In specific, each plaintext data block is masked by using a bitwise XOR operation with the tweak value. Further, the block masking module 118 is configured to encrypt the masked data block using the secret key and the block cipher to obtain an encrypted data block. In one embodiment, the output module 120 is configured to generate a ciphertext, which comprises the first encryption header block (E1), the second encryption header block (E2), and the encrypted data blocks.
[0049] In one embodiment, the processor 104 is configured to perform decryption operation by decrypting the first encryption header block to recover the first random value and extract the seed value. Then, the session-specific substitution box is regenerated based on the seed value, the configuration parameter, and the secret key. Later, the regenerated session-specific substitution box is applied to the second encryption header block (E2) and decrypting to obtain the second random value. In one embodiment, the processor 104 is configured to treat the configuration parameter (T) between a sender and a receiver, thereby adding 8 bits of entropy to an effective key space.
[0050] According to another exemplary embodiment of the invention, FIG. 2 refers to a QRBCM encryption architecture 200 of the system 100. The system 100 employs two sequential encryption "locks" on the data, rather than a single encryption operation. A first lock produces at least two encryption headers, and a second lock involves the actual data blocks. Both locks use a single secret key and a dynamically generated session-specific substitution box that is unique per encryption session.
[0051] In one embodiment, the system 100 generates a unique, session-specific S-box for each encryption instance, derived from the secret key (K), a random seed (Q), and a configurable parameter (T). This generation process involves computationally intensive hashing (SHA-512) and iterative byte-wise permutations, integrating key-derivation-like complexity directly into the mode of operation. As a result, an attacker must regenerate the expensive S-box for every key guess, preventing pre-computation and significantly increasing the cost of brute-force attacks. While keyed S-boxes have appeared in academic designs, QRBCM’s method of linking the S-box to both a tunable parameter and a random seed to introduce controllable computational latency is a novel contribution in the context of block cipher modes.
[0052] In one embodiment, the generation module 112 is configured to dynamically generate the session-specific substitution box that is used during the encryption and decryption process. The configurable parameter T (an 8-bit value ranging 0–255) which controls the complexity of S-box generation. This is essentially a user-controlled knob to adjust the security vs. performance trade-off. This provides fine grained control over the encryption’s computational hardness. If T=0, the S-box generation model runs for a baseline number of iterations. If T is higher, the generation module 112 performs additional rounds of hashing and permutation, thereby increasing the computation time. There are 256 distinct configurations (Configuration-0 up to Configuration-255) in the system 100, each corresponding to a different “strength” of S-box mixing.
[0053] This concept of a configurable encryption mode that scales its computational workload is unprecedented among traditional block cipher modes. Conventional modes of operation (such as CBC, CTR, or GCM) offer fixed behavior and lack configurable parameters. In contrast, the system 100 introduces a tunable configuration parameter (T) that allows the encryption workload—and thus, the level of brute-force resistance—to be explicitly adjusted. This scalability is a key innovation: users can select a lightweight configuration (low T) for performance-sensitive environments or opt for a heavyweight setting (high T) where maximum security is required and some computational latency is acceptable.
[0054] Moreover, the configuration parameter T can optionally be kept secret, further extending the effective key space and increasing resistance to brute-force attacks. The presence of this tunable setting marks a deliberate departure from the one-size-fits-all model of classical cipher modes. It reflects an adaptive security paradigm, enabling the same encryption system to serve a broad range of operational requirements—from embedded devices to high-security archival storage—without modifying the base cipher or protocol.
[0055] In one embodiment, the configuration parameter T in the QRBCM encryption architecture 200 serves as an integer-valued control input that governs the number of hash and permutation rounds applied during session-specific dynamic S-box generation. As such, T directly determines the computational work factor required to generate the S-box, which in turn impacts both performance and brute-force resistance.
[0056] In effect, the value of T allows the user to tune the cryptographic hardness of the system 100. A lower T value results in fewer rounds and faster setup time, while a higher T value increases the number of transformation rounds, thereby introducing significant computational overhead for any entity attempting to test candidate keys.
[0057] In one embodiment, the minimum configuration is defined as T = 0, which results in two total rounds of hashing and permutation during S-box generation. This configuration provides low-latency operation, suitable for constrained devices, while still introducing a non-trivial delay for key-testing adversaries. For instance, in our prototype implementation, brute-forcing with T = 0 incurs an estimated cost of approximately 8 seconds per key trial in unoptimized Python, which can be significantly reduced in compiled implementations but remains a deterrent at scale.
[0058] At the opposite extreme, T = 255 results in 256 rounds of S-box transformation. This substantially increases the computational cost of each key trial, making brute-force attacks computationally infeasible—even when leveraging quantum search models such as Grover's model, due to the serial, hash-intensive nature of S-box generation. The associated one-time delay during encryption is acceptable for high-security use cases and can be amortized through offline pre-computation.
[0059] The ability to configure T allows QRBCM encryption architecture 200 to adapt to a wide range of deployment scenarios. Devices with limited processing power or real-time performance constraints may select a lower T, while applications demanding maximum long-term confidentiality against quantum adversaries (e.g., government archives, financial records, or classified research) can opt for a higher T. This configurability enables a security-performance tradeoff tailored to the sensitivity and lifespan of the data.
[0060] In summary, the QRBCM encryption architecture 200 leverages a double-lock architecture and dynamically generated S-boxes to augment a block cipher with key K such that any key verification attempt requires solving an S-box generation puzzle, in addition to the standard decryption operation. With appropriately chosen values of T, this mechanism elevates even legacy ciphers to quantum-resistant security levels, without modifying the key length or underlying block cipher.
[0061] The QRBCM encryption architecture 200 comprises two fundamental components: (i) the dynamic S-box generation model, and (ii) the encryption/decryption process. During encryption, the sender selects a seed value (Q), which is an 8-bit integer ranging from 0 to 255. This seed value is embedded within the encryption header to enable regeneration of session-specific parameters during decryption. Using the combination of the seed value (Q), the configuration parameter (T), and the secret key (K), the generation module 112 generates a session-specific dynamic substitution box (S-box). This S-box serves as a key-dependent nonlinear transformation table that introduces computational hardness and session uniqueness into the encryption process.
[0062] The system 100 employs a dynamically generated substitution box (S-box) that is derived from a combination of the secret key (K), the seed value (Q), and the configuration parameter (T). The S-box is constructed through a computationally intensive process involving repeated SHA-512 hashing and multiple rounds of byte-level permutations and transformations. This session-specific S-box is used to obfuscate one of the intermediate encryption values, enhancing diffusion and resistance to analysis. Crucially, the cost of generating the S-box is intentionally high, which serves to dramatically increase the computational burden on an adversary performing brute-force key search. Since a new S-box must be regenerated for every attempted key, the work factor scales with each trial. In contrast, legitimate users who possess the correct key and configuration parameters may precompute or cache the S-box, thereby amortizing the computational overhead without impacting encryption or decryption performance.
[0063] In one embodiment, to perform encryption under a QRBCM mode, the system 100 utilizes two independently generated random values: R1 and R2. The first random value, R1, is encrypted using the secret key K to produce the first encryption header block, E1. The second random value, R2, is also encrypted using the same key K, and the resulting ciphertext is then passed through a session-specific dynamic substitution box (S-box) to yield the second encryption header block, E2. Both E1 and E2 are included in the ciphertext as a header and are required by the receiver for successful decryption.
[0064] The subsequent encryption of the plaintext data blocks D₀, D₁, ..., Dₙ₋₁ is performed using the chosen base cipher (e.g., AES or DES) under the same key K. Prior to encryption, each block is masked by an XOR operation between the block's index i and the random value R2, producing a position-dependent tweak. This mechanism introduces an additional layer of diffusion and non-repeatability, even when encrypting identical plaintext under the same key.
[0065] Conceptually, the QRBCM mode of operation is structured into three distinct stages. The first stage involves the generation of a dynamic substitution box (S-box), derived from the secret key (K), a session-specific seed value (Q), and a configurable security parameter (T). The second stage comprises the encryption of data blocks, which includes the construction of the encryption header blocks (E1 and E2) followed by the encryption of plaintext blocks, each of which is masked using a tweak value, which is computed from R2 and the corresponding block index. The third stage is the decryption process, wherein the S-box is reconstructed using the same key, seed, and configuration parameters, and the ciphertext blocks are decrypted and unmasked to accurately reconstruct the original plaintext.
[0066] According to another exemplary embodiment of the invention, FIG. 3A refers to a flowchart 300 for a process of S-box generation in the QRBCM mode of operation. The construction dynamic S-box generation model takes as input a triplet (K, T, Q), where K is the secret key, the configuration parameter (T), and Q is the session-specific seed value. These three values collectively define the entropy and computational cost associated with generating a unique, session-specific substitution box.
[0067] The generation begins with the initialization of an identity S-box, such that for each index i in the range 0 to 255, the substitution box is initialized as S-Box[i] = i. This results in a linear mapping that represents the standard identity permutation. This identity S-box then undergoes multiple rounds of cryptographically intensive transformations—parameterized by Q and T—to produce a non-linear, key-dependent, and session-unique S-box that is computationally expensive to reconstruct, especially in the context of brute-force or quantum attacks.
[0068] At first stage, the dynamic S-box generation model in the system 100 takes as input the secret key (K), the configuration parameter (T), and the seed value (Q), and produces a 256-byte substitution box (SQ,T), which is a permutation of integers from 0 to 255. The dynamic S-box generation model begins by initializing an array S to the identity permutation, such that S[i] = i for i ranging from 0 to 255. A key state, K_state, is then constructed by concatenating the key K with the byte representations of T and Q.
[0069] Next, the dynamic S-box generation model proceeds iteratively for (Q + 1) × (T + 1) rounds. In each round, a SHA-512 hash of the current key state is computed, producing 64 bytes (B[0…63]).
[0070] From these bytes, a transformation list L is derived by iterating through all unique byte pairs (i, j) where i < j, and computing both B[i] XOR B[j] and B[i] modular sum B[j] mod 256. These results populate the array L with 4032 transformation values. L[t] = B[i] XOR B[j]; increment t ← t + 1. L[t] = (B[i] + B[j]) mod 256; increment t ← t + 1.
[0071] Next, the S-box is permuted using L: for each adjacent pair (L[i], L[i+1]), the corresponding S-box entries are swapped if the indices differ. Following this, each value in L is used as input to an iterative S-box transformation function, which applies advanced byte-wise permutation strategies such as chunk reversal, interleaving, and value-index guided swaps to further randomize S.
[0072] After completing each round, the key state K_state is updated to the hash value H to ensure round-wise entropy diffusion. Upon completion of all (Q + 1)(T + 1) iterations, the final S-box SQ,T is output. This procedure ensures that S-box generation is both computationally expensive and unique per session, contributing significantly to QRBCM's quantum-resistant properties.
[0073] According to another exemplary embodiment of the invention, FIG. 3B refers to a flowchart 302 depicting the operation of an iterate S-Box function. The iterate S-Box function is a key component in the dynamic S-box generation process of the system 100. This function applies a sequence of three deterministic yet nonlinear byte-level permutation routines designed to introduce high diffusion and computational cost. The first stage, Byte_Permute_1, systematically reverses segments of the S-box across multiple scales to disrupt both local and global byte ordering. Specifically, the S-box is processed using chunk sizes of increasing powers of two—ranging from 2 to 128 bytes—where each chunk is reversed in place. This multi-scale chunk reversal ensures that predictable structural patterns in the S-box are eliminated across varying levels of granularity.
[0074] Following this, the second stage—Byte_Permute_2—reshapes the S-box through interleaving. The 256-byte S-box is divided into two equal halves, and the bytes are recombined in an alternating pattern (one byte from each half in sequence), thereby maximizing cross-block mixing. This operation enhances the avalanche effect and introduces significant positional entropy by bringing distant bytes into immediate proximity.
[0075] The third and final stage, Value_Index_Guided_Swap, strengthens internal diffusion by performing value-dependent swaps. The function iterates over the S-box in adjacent pairs, using the byte values of each pair as index pointers to perform swap operations elsewhere within the S-box. This self-referential mechanism causes the permutation behavior to be dynamically shaped by the current state of the S-box itself.
[0076] These three sub-stages are executed in sequence once for every element in the transformation array L, effectively chaining their effects. As a result, the overall Iterate_S-Box_Function injects a high degree of non-linearity and state dependency into the S-box. Because these operations are deliberately designed to be sequential and resistant to parallelization, they introduce substantial computational overhead, particularly in the context of key guessing attacks. When applied repeatedly across (Q + 1)(T + 1) rounds, this approach ensures that the final S-box is deeply entangled with the secret key (K), configuration parameter (T), seed value (Q), and intermediate hash states, thereby enhancing both confusion and diffusion. The resulting design effectively impedes pre-computation and quantum speedups, reinforcing resistance of the system 100 to brute-force attacks.
[0077] According to another exemplary embodiment of the invention, FIG. 4 refers to for a flowchart 400 depicting a complete process of data block encryption. Prior to encrypting the actual message data, the encryption process begins with the generation of a double-lock header based on two independent random values, R1 and R2. The first random value, R1, is constructed such that its least significant byte is explicitly set to the seed value Q, while the remaining bits are filled with high-entropy random data. This ensures that the seed Q, which is required for session-specific S-box regeneration, is securely embedded within R1 and can be recovered by the recipient upon decryption. As a result, R1 functions as a secure transport mechanism for Q, encapsulated within encrypted form.
[0078] The second random value, R2, is an independently generated N-bit block containing uniformly random data. The second random value plays a dual role in the encryption process. The second random value serves as the basis for generating per-block tweak values. The second random value participates in the construction of the second component of the double-lock header.
[0079] The double-lock header is generated as follows E1 encrypts Encipher (K, R1), the direct encryption of R1 using the block cipher and the secret key K. E2 encrypts S-Box_Substitution (Encipher (K, R2)), R2 is first encrypted using K, and the resulting ciphertext is then passed through the session-specific dynamic S-box (generated from K, T, and Q). Each byte of the encrypted R2 is substituted using the S-box, introducing an additional layer of key dependence, non-linearity, and resistance to differential and linear cryptanalysis. Both E1 and E2 form the header and are prepended to the ciphertext stream.
[0080] Following the generation of E1 and E2, the sender proceeds to encrypt the actual plaintext message blocks using the Quantum Resistant Block Cipher Mode (QRBCM). This mode enhances security by applying a per-block, position-dependent tweak derived from R2 and the block index, introducing data whitening and structural diffusion even before encryption.
[0081] For each plaintext block D[i], where i ∈ {0, 1, ..., n−1}, a unique tweak value is computed as follows:

[0082] Here, N represents the cipher block size in bits (e.g., 128 for AES). This tweak function ensures that even identical plaintext blocks at different positions result in different ciphertexts, thereby strengthening resistance against block replay and known-plaintext attacks. Each plaintext block is then masked using an XOR operation with the computed tweak:

[0083] This XOR-based masking step obscures plaintext structure and eliminates input redundancy, functioning as a lightweight whitening mechanism to improve cryptanalytic resistance. The masked block D′[i] is then encrypted using the block cipher under the same secret key:

[0084] The output ciphertext blocks are indexed starting from C[2], with the first two ciphertext slots reserved for E1 and E2, the double-lock header components. These two header blocks must be transmitted alongside the encrypted message to enable correct decryption.
[0085] FIG. 4 illustrates this complete process of data block encryption, including tweak generation, XOR masking, and block-wise encryption using the underlying cipher in the QRBCM mode. The structure ensures that successful plaintext recovery requires not only possession of the correct decryption key but also knowledge of the secret tweak value R2. In the absence of R2, an adversary—despite having the correct key—would be unable to reverse the XOR-based masking applied to each ciphertext block. As a result, the output of the decryption process remains unintelligible, thereby reinforcing confidentiality and impeding key validation during brute-force attacks.
[0086] According to another exemplary embodiment of the invention, FIG. 5 refers to a flowchart 500 of overall decryption workflow. The decryption process in the Quantum Resistant Block Cipher Mode (QRBCM) is designed to securely and deterministically reverse the multi-layered transformations applied during encryption. This process follows a staged architecture, ensuring that without access to both encryption header components and the shared secret key, the protected data blocks remain cryptographically inaccessible.
[0087] The process begins by retrieving and decrypting the header blocks, which carry the embedded session-specific parameters required to regenerate the dynamic substitution box (S-box) and to recover the tweak value used in block-level data masking. Specifically, the recipient first decrypts the E1 using the shared secret key K, yielding the original random value R1. During encryption, R1 was constructed such that its least significant byte contains the seed value Q. By extracting this byte from R1, the recipient deterministically recovers Q, which is essential for reproducing the exact S-box configuration used during encryption. This method ensures that Q is never transmitted in plaintext, but rather securely embedded within a key-encrypted block, protecting it from exposure.
[0088] Using the recovered value of Q, along with the shared key K and configuration parameter T, the recipient regenerates the session-specific dynamic substitution box S_Q,T by executing the same SHA-512-based hash and permutation model used during encryption. The next phase involves reversing the transformation of the E2, which was originally derived by encrypting R2 and then applying the session-specific S-box. To reverse this, the recipient first applies the inverse S-box to E2, thereby recovering the original block cipher output. This intermediate value is then decrypted using key K, yielding the original random number R2.
[0089] The recovered R2 serves as a critical secret tweak, tightly coupling the data blocks to the encryption header and to their positional indices. Even if the ciphertext blocks were somehow decrypted by an attacker, the data could not be correctly reconstructed without access to R2. With R2 now recovered, the recipient proceeds to decrypt each ciphertext data block. For each block index i, the corresponding ciphertext block C[i+2] is first decrypted using the key K, yielding a masked intermediate block. The recipient then recomputes the position-dependent tweak value, defined as:

[0090] Where N is the block size in bits (e.g., 128 bits for AES). This tweak is XORed with the intermediate block to fully recover the original plaintext:

[0091] This double-lock structure ensures that each data block remains uniquely bound to both its position and the tweak value R2, thereby preventing block rearrangement, replay attacks, pattern inference, or brute-force trials. Taken together, the decryption process of the system 100 offers a robust multi-phase defense model: an attacker must not only compromise the base block cipher, but also correctly recover Q and R2, regenerate the correct S-box, apply the inverse substitution, and finally reverse the tweak masking operation. This layered construction renders brute-force key searches computationally impractical, particularly under quantum attack models, while ensuring full reversibility and efficiency for legitimate users. It is important to note that both encryption and decryption require access to the generated S-box, whose construction introduces an initial latency due to the computational intensity of the model. This latency period can range from 1 second to approximately 35 minutes, depending on the specific values of Q and T. However, this cost can be eliminated or amortized by precomputing the S-box on both the sender and receiver sides. Table 2 provides detailed measurements of S-box pre-computation times for configurations where Q = 255 and T ranges from 0 to 255.
[0092] Table 2:
0 1 2 3 4 5 6 7 8 9 A B C D E F
0 8.3 17.5 26.8 36.1 45.3 54.6 63.9 73.2 82.4 91.7 101 110.2 119.5 128.8 138.1 147.3
1 156.6 165.9 175.2 184.4 193.7 203 212.2 221.5 230.8 240.1 249.3 258.6 267.9 277.2 286.4 295.7
2 305 314.2 323.5 332.8 342.1 351.3 360.6 369.9 379.2 388.4 397.7 407 416.2 425.5 434.8 444.1
3 453.3 462.6 471.9 481.1 490.4 499.7 509 518.2 527.5 536.8 546.1 555.3 564.6 573.9 583.1 592.4
4 601.7 611 620.2 629.5 638.8 648.1 657.3 666.6 675.9 685.1 694.4 703.7 713 722.2 731.5 740.8
5 750.1 759.3 768.6 777.9 787.1 796.4 805.7 815 824.2 833.5 842.8 852 861.3 870.6 879.9 889.1
6 898.4 907.7 917 926.2 935.5 944.8 954 963.3 972.6 981.9 991.1 1000.4 1009.7 1019 1028.2 1037.5
7 1046.8 1056 1065.3 1074.6 1083.9 1093.1 1102.4 1111.7 1120.9 1130.2 1139.5 1148.8 1158 1167.3 1176.6 1185.9
8 1195.1 1204.4 1213.7 1222.9 1232.2 1241.5 1250.8 1260 1269.3 1278.6 1287.9 1297.1 1306.4 1315.7 1324.9 1334.2
9 1343.5 1352.8 1362 1371.3 1380.6 1389.9 1399.1 1408.4 1417.7 1426.9 1436.2 1445.5 1454.8 1464 1473.3 1482.6
A 1491.8 1501.1 1510.4 1519.7 1528.9 1538.2 1547.5 1556.8 1566 1575.3 1584.6 1593.8 1603.1 1612.4 1621.7 1630.9
B 1640.2 1649.5 1658.8 1668 1677.3 1686.6 1695.8 1705.1 1714.4 1723.7 1732.9 1742.2 1751.5 1760.8 1770 1779.3
C 1788.6 1797.8 1807.1 1816.4 1825.7 1834.9 1844.2 1853.5 1862.7 1872 1881.3 1890.6 1899.8 1909.1 1918.4 1927.7
D 1936.9 1946.2 1955.5 1964.7 1974 1983.3 1992.6 2001.8 2011.1 2020.4 2029.7 2038.9 2048.2 2057.5 2066.7 2076
E 2085.3 2094.6 2103.8 2113.1 2122.4 2131.7 2140.9 2150.2 2159.5 2168.7 2178 2187.3 2196.6 2205.8 2215.1 2224.4
F 2233.6 2242.9 2252.2 2261.5 2270.7 2280 2289.3 2298.6 2307.8 2317.1 2326.4 2335.6 2344.9 2354.2 2363.5 2372.7

[0093] Table 2 presents pre-computation times for the dynamic S-box across all configuration values T = 0 to T = 255, displayed in a two-digit hexadecimal grid format. In this table, the row header corresponds to the high-order hex digit (0 to F), while the column header corresponds to the low-order digit. For example, the cell located at row 2 and column A corresponds to configuration T = 0x2A, which is equivalent to decimal 42.
[0094] To eliminate latency associated with dynamic S-box generation during encryption or decryption, both the sender and the receiver may precompute and store all 256 S-box instances corresponding to every possible seed value Q ∈ [0, 255], for a fixed configuration value T. Once a configuration is agreed upon, this pre-computation allows the sender to randomly select a seed Q at the time of encryption and immediately retrieve the corresponding S-box from memory, eliminating the need to generate it in real-time.
[0095] On the receiver side, the process is symmetric, upon decrypting the E1, the recipient extracts the seed value Q, which is embedded in the least significant byte of the decrypted block. Using this Q and the shared configuration T, the receiver can retrieve the precomputed S-box from its local store and proceed with decrypting E2 and the encrypted message blocks. This optimization eliminates the S-box generation latency entirely, enabling low-latency, high-throughput encryption and decryption.
[0096] The primary trade-off for this performance gain is memory usage: each S-box occupies 256 bytes, so storing all 256 S-boxes for a given T requires 64 KB of memory. However, in most modern systems, this is a modest requirement and can be readily supported even on constrained embedded devices. Furthermore, since the S-boxes are fixed once Q and T are set, both encryption and decryption operations can proceed independently and in parallel, significantly enhancing scalability and performance in multithreaded or hardware-accelerated implementations.
[0097] The primary advantage of the Quantum Resistant Block Cipher Mode (QRBCM) lies in its enhanced resistance to brute-force attacks, particularly those accelerated by quantum computing. Table 3 demonstrates the impact of quantum brute-force attacks on AES-128, assuming a quantum system capable of performing 100 trillion operations per second (10¹⁴ ops/sec) using Grover’s model. The comparison highlights the substantial increase in work factor when AES-128 is used in conjunction with the system 100, as opposed to standard cipher block chaining (CBC) mode.
[0098] In a baseline scenario, AES-128 in CBC mode is theoretically vulnerable to quantum brute-force decryption in approximately 2.13 days, due to Grover’s quadratic speedup, which effectively reduces the key search space from 2¹²⁸ to 2⁶⁴. In contrast, when AES-128 is operated under the system 100 with increasing values of the configuration parameter T, the required decryption time increases dramatically—even under identical quantum computational conditions. For instance, AES128-QRBCM with T = 0 already introduces non-negligible overhead per key trial due to mandatory S-box generation. At the high-security setting of T = 255, the brute-force decryption time scales to millions of years, rendering such attacks computationally impractical.
[0099] This security amplification arises from the mandatory regeneration of the dynamic S-box per key guess, a process that cannot be efficiently parallelized and introduces a key-dependent computational bottleneck. As a result, the system 100 transforms brute-force key searching from a pure decryption problem into a computational puzzle, significantly increasing the cost per attempt and offering a strong post-quantum defense mechanism without changing the base cipher or key length.
[00100] Table 3:
Feature / Metric AES128-CBC AES128-QRBCM (T= 0) Public Configuration Mode AES128-QRBCM (T=255) Public Configuration Mode AES128-QRBCM Secret Configuration Mode
Key Size 128 bits 128 bits 128 bits 128 bits
Quantum Brute 264 key 264 key 264 key 264 key
Time 584,542 years 2.924×1012 years 1.123 × 10¹⁵ years 8.89 × 10¹⁶ years

[00101] The public mode with T=0 requires approximately 29,240 years, and with T=255, the time increases to over 11.23 million years. The most secure option, the secret configuration mode, offers exceptional quantum resistance, requiring around 889 million years to break. This demonstrates that AES128-QRBCM, particularly in secret configuration, provides robust protection against even highly advanced quantum attacks.
[00102] Table 4:
Feature /Metric AES128-CBC AES128-QRBCM (T= 0) Public Configuration Mode AES128-QRBCM (T=255) Public Configuration Mode AES128-QRBCM Secret Configuration Mode
Key Size 128 bits 128 bits 128 bits 128 bits
Quantum Brute 264 key 264 key 264 key 264 key
Time 2.13 days 29,240 years 11.23 million years 889 million years

[00103] Table 4 presents a comparative analysis of the quantum brute-force resilience of various AES-128 encryption modes, assuming access to a quantum computer capable of executing 100 trillion operations per second (10¹⁴ ops/sec). Although all configurations utilize a 128-bit key, which corresponds to a theoretical quantum key search complexity of 2⁶⁴ operations under Grover’s model, the actual time required to execute a full brute-force attack varies significantly depending on the cipher mode and configuration.
[00104] The standard AES-128 in CBC mode represents the baseline and is the most susceptible under this quantum threat model, with a key search expected to complete in approximately 2.13 days. In stark contrast, the AES128-QRBCM (Quantum-Resistant Block Cipher Mode) variants exhibit dramatically enhanced resistance due to the computational overhead introduced by dynamic S-box generation and session-specific masking.
[00105] For example, in public configuration mode with T = 0, which reflects minimal but non-negligible S-box generation effort, the estimated time to complete a brute-force attack increases to approximately 29,240 years. When the configuration parameter is maximized to T = 255, the required time escalates to over 11.23 million years. The most robust configuration is achieved in the secret configuration mode, where T is treated as a hidden extension of the secret key. In this case, the quantum brute-force effort is further compounded by the need to correctly guess the configuration parameter, yielding an estimated 889 million years to break the encryption through brute-force means.
[00106] These results underscore the capability of the system 100 to transform a conventional cipher into a quantum-resilient encryption system by introducing non-parallelizable, key-dependent computational barriers, without modifying the underlying cipher or key length. This approach delivers scalable post-quantum security benefits while maintaining compatibility with existing cryptographic primitives.
[00107] According to another exemplary embodiment of the invention, FIG. 6 refers to a flowchart 600 of a method for performing quantum-resistant symmetric encryption. At step 602, the secret key (K), the configuration parameter (T), the seed value (Q) and plurality of plaintext data blocks are received by the input module 110. At step 604, the first random value (R1) is generated by the generation module 112. At one least significant byte of the first random value comprises the seed value (Q). At step 606, the second random value (R2) is generated by the generation module 112. Further, the generation module 112 generates the session-specific substitution box based on the secret key, the configuration parameter (T), and the seed value (Q).
[00108] At step 608, the first random value (R1) is encrypted by the double lock header module 114 using a block cipher and the secret key (K) to generate the first encryption header block (E1). At step 610, the second random value (R2) is encrypted by the double lock header module 114 with the secret key using the block cipher to obtain an encryption output. Later, the session-specific substitution box is applied to the encryption output to generate the second encryption header block (E2).
[00109] At step 612, the tweak value of each plaintext data block is generated by the tweak generation module 116 based on a block index and the second random value (R2). At step 614, each plaintext block is masked by the block masking module 118 using the respective tweak value to obtain a masked data block. Followed by encrypting the masked data block using the secret key and the block cipher to obtain an encrypted data block. At step 616, the ciphertext is generated by the output module 120. The ciphertext comprises the first encryption header block (E1), the second encryption header block (E2), and the encrypted data blocks.
[00110] Numerous advantages of the present disclosure may be apparent from the discussion above. In accordance with the present disclosure, symmetric key encryption methods and systems that are resistant to quantum computing-based attacks, and pertains to a quantum-resistant block cipher mode of operation.
[00111] The system 100 dramatically increases the computational effort required to perform brute-force key searches, particularly in the presence of quantum adversaries. Unlike conventional cipher modes, each key guess under the system 100 incurs a significant overhead from dynamic S-box generation in addition to multiple cipher operations, making brute-force attempts substantially more expensive. For instance, with Configuration-0 (T = 0), a DES key that could be cracked in approximately 4.5 minutes using Grover’s algorithm would instead require around 15 days.
[00112] Under Configuration-255 (T = 255), the same attack would take over 16 years. This represents a quantitative leap in post-quantum security. The system 100 thus enables weaker algorithms like DES to regain cryptographic viability and significantly strengthens robust ciphers like AES, rendering them effectively immune to quantum brute-force attacks within any practical timeframe. Critically, this is achieved without modifying the base cipher, allowing organizations to continue using standard symmetric encryption (e.g., AES) with enhanced quantum resistance. The tunable parameter T offers flexibility, enabling security levels to be scaled in response to future advances in quantum computing.
[00113] The system 100 introduces configurable security tunability through the parameter T, allowing adopters to balance performance and cryptographic strength according to their specific use case. This tunable overhead enables precise cost-benefit analysis: in low-power or real-time applications, a small T (even T = 0) can be selected to minimize latency while still providing a measurable security uplift—especially when T is treated as secret, contributing to key entropy. Conversely, for highly sensitive or long-term data at rest, a high T value can be chosen, accepting longer setup times in exchange for making brute-force attacks computationally impractical, even under quantum threat models.
[00114] The system 100 supports 256 discrete configuration levels provides fine-grained control over security and performance—offering more than a binary secure/insecure choice. This makes the system inherently future-proof: as quantum computing capabilities advance, the configuration T can be increased incrementally without altering the underlying encryption algorithm or infrastructure. In practical terms, this flexibility enables resource optimization, allowing organizations to assign higher computation and security settings to critical data while using lower-cost configurations for less sensitive assets—all within a unified encryption framework.
[00115] The system 100 with a quantum-resistant encryption mode that significantly enhances the brute-force resilience of existing symmetric-key algorithms—without requiring larger keys or cryptographic primitives, thereby preserving compatibility with legacy systems. The system 100 strengthen symmetric-key encryption against quantum attacks, especially those leveraging Grover’s algorithm, by introducing structural mechanisms that are computationally expensive and inherently sequential, thus resistant to quantum acceleration.
[00116] The system 100 implements a double-locking encryption scheme wherein two encryption operations—each using the same secret key but applied differently—are used in conjunction to secure the cipher text header and the data payload, thereby adding multiple layers of cryptographic complexity. The system 100 dynamically generates key-dependent S-boxes per encryption session using a computationally expensive process based on SHA-512 hashing and iterative permutation.
[00117] The system 100 introduces a tunable configuration parameter, which allows users to balance security and performance by adjusting the intensity of S-box generation. The system 100 with a flexible operational mode where the configuration parameter T can be public or secret, thereby optionally extending the key space by 8 bits and introducing confusion for brute-force attackers who must guess both the key and the configuration.
[00118] The system 100 maintains compatibility with standard block ciphers (e.g., AES, DES), allowing seamless integration of QRBCM into existing encryption systems without changing the underlying encryption algorithm or key format, thereby reducing the cost of adoption. The system 100 pre-computes and cache dynamic S-boxes for all possible seeds (Q values), thereby eliminating latency overhead during encryption and decryption while still retaining strong resistance to quantum attacks. The system 100 enables long-term data confidentiality, particularly for information that must remain secure for decades, by substantially extending brute-force resistance against adversaries with large-scale quantum computing capabilities.
[00119] Even with quantum acceleration (e.g., 10¹⁴ operations/sec), the system 100 significantly slows down brute-force attacks. For instance, while AES128-CBC can be broken in ~2 days, AES128-QRBCM in secret configuration may require over 889 million years to break. The configurable parameter T offers fine-grained control over encryption hardness, allowing system designers to optimize for either performance or security depending on the application. The system 100 allows enhanced security without requiring changes to key size or encryption algorithm, making it suitable for resource-constrained devices or older infrastructure.
[00120] The design of dynamic S-box generation is deliberately serial and non-parallelizable, rendering it immune to speedups via quantum search or parallel GPU acceleration. Treating the configuration parameter as secret effectively extends the key space, compounding the difficulty of brute-force key recovery. The one-time latency for S-box generation can be precomputed and shared between sender and receiver, maintaining encryption speed in real-time applications. The system 100 can be applied to existing ciphers such as AES or DES, enabling organizations to reuse validated cryptographic infrastructure with enhanced post-quantum security.
[00121] It will readily be apparent that numerous modifications and alterations can be made to the processes described in the foregoing examples without departing from the principles underlying the invention, and all such modifications and alterations are intended to be embraced by this application.
, Claims:CLAIMS:
I / We Claim:
1. A system (100) for quantum-resistant symmetric encryption using block cipher operations, comprising:
a computing device (102) having a processor (104) and a memory (106) for storing instructions, and plurality of modules (108) executable by the processor (104) to perform quantum-resistant symmetric encryption,
wherein the computing device (102) is in communication of a server (122) through a network (124),
wherein the plurality of modules (108) comprises:
an input module (110) configured to receive encryption input data, which comprises a secret key, a configuration parameter, plurality of plaintext data blocks, and a seed value;
a generation module (112) configured to generate a first random value, a second random value, and a session-specific substitution box based on the secret key, the configuration parameter, and the seed value;
a double lock header module (114) configured to:
encrypt the first random value using a block cipher, and the secret key to generate a first encryption header block, and
encrypt the second random value, using the block cipher, and the secret key, and substituting the session-specific substitution box to generate a second encryption header block;
a tweak generation module (116) configured to generate a tweak value for each plaintext data block;
a block masking module (118) configured to:
mask the plaintext data block with the respective tweak value to obtain a masked data block, and
encrypt the masked data block using the secret key and the block cipher to obtain an encrypted data block; and
an output module (120) configured to generate a cipher text, which comprises the first encryption header block, the second encryption header block, and the encrypted data blocks.
2. The system (100) for quantum-resistant symmetric encryption using block cipher operations as claimed in claim 1, wherein the system (100) is configured to operate selectively in a secret configuration mode, and a public configuration mode, wherein the configuration parameter is accessible to adversarial entities in the public configuration mode, wherein the configuration parameter is accessible to a sender and a receiver.
3. The system (100) for quantum-resistant symmetric encryption using block cipher operations as claimed in claim 1, wherein the generation module (112) is configured to:
perform a cryptographic hash on the secret key and the seed value to obtain a hash output,
generate a transformation list from the hash output using a bit-wise operation and modular operations, and
perform a series of iterative permutation functions to an identity of the session-specific substitution box for a definite number of rounds.
4. The system (100) for quantum-resistant symmetric encryption using block cipher operations as claimed in claim 1, wherein the configuration parameter is an 8-bit value that adjusts number of the session-specific substitution box generation.
5. The system (100) for quantum-resistant symmetric encryption using block cipher operations as claimed in claim 1, wherein the processor (104) is configured to precompute and store plurality of session-specific substitution box for plurality of seed values corresponding to a fixed configuration parameter to eliminate runtime latency.
6. The system (100) for quantum-resistant symmetric encryption using block cipher operations as claimed in claim 1, wherein the processor (104) is configured to perform decryption operation by:
decrypting the first encryption header block to recover the first random value and extract the seed value,
regenerating the session-specific substitution box based on the seed value, the configuration parameter, and the secret key, and
applying the regenerated session-specific substitution box to the second encryption header block and decrypting to obtain the second random value.
7. A method for performing quantum-resistant symmetric encryption, comprising:
receiving, by an input module (110), a secret key, a configuration parameter, a seed value and plurality of plaintext data blocks;
generating, by a generation module (112), a first random value, wherein at one least significant byte of the first random value comprises the seed value;
generating, by the generation module (112), a second random value, followed by generating a session-specific substitution box based on the secret key, the configuration parameter, and the seed value;
encrypting, by a double lock header module (114), the first random value using a block cipher and the secret key to generate a first encryption header block;
encrypting, by the double lock header module (114), the second random value with the secret key using the block cipher to obtain an encryption output and applying the session-specific substitution box to the encryption output to generate a second encryption header block;
generating, by a tweak generation module (116), a tweak value of each plaintext data block based on a block index and the second random value;
masking, by a block masking module (118), each plaintext block using the respective tweak value to obtain a masked data block, followed by encrypting the masked data block using the secret key and the block cipher to obtain an encrypted data block; and
generating, by an output module (120), a cipher text, which comprises the first encryption header block, the second encryption header block, and the encrypted data blocks.