Introduction
1.1 The Problem Space
Modern communications face adversaries operating at scale. State actors, corporate espionage networks, and automated threat systems share three primary attack vectors: (1) intercept traffic in transit, (2) compromise endpoints to read plaintext before encryption or after decryption, and (3) subpoena infrastructure providers who hold server-side keys.
Existing end-to-end encrypted solutions address (1) but systematically fail on (3) through centralized key management and server-side identity registries. More subtly, all current solutions fail on a fourth vector: (4) traffic analysis. Even when message content is encrypted, the size, timing, and frequency of packets reveals conversation patterns, active contacts, and communication behavior.
1.2 Scope of This Document
This document specifies the full cryptographic architecture of two products built on the HYVE protocol:
HYVE — a secure communications app for Android providing encrypted messaging, media transfer, and voice/video calls. No server holds any encryption key material at any time. All key generation occurs on-device.
HYVEGuard — a full-device VPN for Android that captures all IP traffic via the Android VpnService TUN interface, fragments it into HYVE cells, and routes it through the HYVE relay to a trusted peer exit node. The relay sees only ciphertext.
1.3 Quantum-Analogous Cryptography (QAC)
Quantum Key Distribution (QKD) provides security rooted in the laws of physics: any eavesdropper disturbs the quantum state, making interception detectable. However, QKD requires dedicated fiber-optic infrastructure, specialized hardware, operates only over short distances, and costs orders of magnitude more than classical systems.
HYVE does not use quantum mechanics. Instead, HYVE achieves the same six observable security properties through a layered classical architecture — Quantum-Analogous Cryptography. Two of these properties (§6.1 and §6.3) are provably information-theoretically secure, meaning they hold independent of any computational assumption, including future quantum computers.
Cryptographic Primitives
HYVE uses only well-audited, standardized primitives. No novel or proprietary cryptographic algorithms are employed. The security of the system depends entirely on the composition of these primitives, not on any single algorithm.
| Primitive | Algorithm | Key Size | Use in HYVE |
|---|---|---|---|
| Asymmetric KX | X25519 (Curve25519) | 256-bit | X3DH key agreement, DH ratchet steps |
| Digital Signing | Ed25519 | 256-bit | Identity verification, OPK signing |
| Key Derivation | HKDF-SHA256 | — | All KDF operations (RK, CK, MK, BRT, Cell) |
| Cell AEAD | ChaCha20-Poly1305 | 256-bit | 420-byte cell payload encryption |
| Message AEAD | AES-256-GCM | 256-bit | Message-level encryption (inner layer) |
| Secret Sharing | Shamir over GF(2⁸) | — | Key sharding — HYVE-CST (AES poly 0x11B) |
| Vault KDF | PBKDF2-SHA256 | — | PIN-to-KEK derivation (100,000 iterations) |
| Hardware Enc. | Android Keystore | 256-bit | Biometric key wrapping (TEE / StrongBox) |
The HYVE Cell
The fundamental unit of HYVE is the cell — a fixed 512-byte packet carrying exactly one fragment of one message (or cover noise). Every packet transmitted through the HYVE relay is exactly 512 bytes, regardless of content type.
3.1 Cell Layout
HYVE Cell — 512 bytes total ──────────────────────────────────────────────── Bytes Size Field Description ──────────────────────────────────────────────── [0-63] 64B Header / AAD Unencrypted; authenticated via AEAD AAD [0] 1B version Protocol version (0x01) [1] 1B flags CellFlags (cover | final | file | video) [2-17] 16B swarm_id Random 16-byte swarm identifier [18-21] 4B epoch DH ratchet epoch (uint32 big-endian) [22-23] 2B cell_seq Cell position within swarm (uint16) [24-25] 2B total_cells N for Shamir split (uint16) [26] 1B shamir_k K threshold for reconstruction [27-31] 5B reserved Zero-padded [32-63] 32B routing_token One-time blind routing token (HYVE-BRT) ──────────────────────────────────────────────── [64-75] 12B AEAD Nonce Random per-cell nonce (ChaCha20-Poly1305) [76-495] 420B Encrypted Payload [0] 1B shamir_x Shamir share x-coordinate (0 = cover cell) [1-32] 32B shamir_share Shamir share value (zeros for cover) [33-419] 387B message_payload Message bytes or random cover noise [496-511] 16B Poly1305 Tag Authentication tag ──────────────────────────────────────────────── Total: 64 + 12 + 420 + 16 = 512 bytes ✓
3.2 Authentication
The 64-byte header is used as AEAD additional data (AAD). This means the header fields — version, flags, swarm ID, epoch, cell sequence, routing token — are authenticated but not encrypted. A relay can read the routing token to forward the cell without being able to decrypt the payload. Any modification of the header causes the Poly1305 tag to fail, and the cell is silently dropped.
3.3 Cover Cells
Two cover cells are added to every swarm. A cover cell sets flags = isCover, shamir_x = 0, shamir_share = zeros, and fills message_payload with cryptographically random bytes. The cell key for cover cells is derived from the same chain key as data cells — making cover cells computationally indistinguishable from real data without knowledge of the chain key.
Five Protocol Innovations
4.1 HYVE-CST — Cellular Shamir Transport
The message encryption key (MK) is never transmitted whole. Before any message is sent, the 32-byte MK is split using Shamir Secret Sharing over GF(2⁸) into N=5 shares with K=3 threshold. Each share is placed in the encrypted payload of one data cell.
// Split: polynomial evaluation over GF(2^8)
For each byte b in secret[0..31]:
p(x) = b + r₁·x + r₂·x² + ... + r_{k-1}·x^{k-1} (mod 0x11B)
share_i.y[b] = p(i) for i = 1..N
// Reconstruct: Lagrange interpolation over GF(2^8)
For each byte position b:
secret[b] = Σᵢ share_i.y[b] · ∏_{j≠i} xⱼ / (xᵢ ⊕ xⱼ) (mod 0x11B)Guarantee: K−1 Shares Yield Zero Information
4.2 HYVE-BRT — Blind Routing Tokens
Every cell carries a unique 32-byte routing token in its header. The relay uses the first 8 bytes of this token as a session lookup key to forward the cell to the correct inbox. The relay never holds a decryption key.
// Token derivation token = HKDF-SHA256( ikm = chainKey ‖ swarmId ‖ cellSeq, info = "HYVE BRT v1.0", len = 32 ) // Relay sees: routing_token[0:8] → inbox prefix // Relay does NOT see: chainKey, message content, sender identity
Tokens are single-use and forward-secret: the token for cell N cannot be derived from any information available after the chain key advances. The relay is architecturally blind — it cannot link any two messages to the same conversation or sender even if all relay traffic is recorded.
4.3 HYVE-UT — Uniform Traffic
All traffic — text messages, image fragments, video chunks, signaling data, and cover noise — is transmitted as fixed 512-byte cells. There is no distinguishing feature in cell size, structure, or timing pattern that reveals whether a cell carries real data or noise.
This defeats traffic analysis attacks: an observer on the network cannot determine from packet metadata alone whether a user is actively messaging or the device is generating cover traffic.
4.4 HYVE-Ratchet — Cell-Aware Double Ratchet
HYVE uses a modified Signal Double Ratchet with three enhancements: (1) key derivation is per-swarm rather than per-message, (2) the chain key seed is exposed to the BRT routing token derivation, and (3) epoch tracking enables explicit forward-secrecy boundaries.
// Session initialization (Alice, post-X3DH) RK, CK_s = HKDF(X3DH_shared_secret ‖ DH(alice_dh, bob_dh_pub)) // Sending ratchet step (per swarm) MK = HKDF(CK_s, "HYVE MK v1.0") // message key → Shamir split CK_s_new = HKDF(CK_s, "HYVE CK v1.0") // advance chain CK_s.zero() // zero old chain key // DH ratchet step (on new remote pubkey) DH_out = X25519(my_keypair, remote_pub) RK_new, CK = HKDF(RK ‖ DH_out, "HYVE RK v1.0" / "HYVE CK Boot v1.0") RK.zero(); my_keypair = new_X25519_keypair() epoch++
Guarantee: Deleted Keys Are Unrecoverable
4.5 HYVE-Vault — Hardware-Backed Key Storage
HYVE uses a two-layer key hierarchy to protect the master encryption key (Data Encryption Key / DEK) at rest. The DEK encrypts all conversation keys stored on device. The DEK is itself encrypted under a Key Encryption Key (KEK).
// Two-layer key hierarchy KEK_bio ← Android Keystore (TEE / StrongBox, biometric-gated) KEK_pin ← PBKDF2-SHA256(PIN, salt, 100,000 iterations) DEK ← random 256-bit, encrypted under KEK_bio XOR KEK_pin // Offline attacker with device: // - Cannot extract KEK_bio without biometric (hardware-enforced) // - PBKDF2-100k raises PIN brute-force cost to ~5s/attempt on-device // - Without both KEK_bio AND KEK_pin, DEK is inaccessible
The Android Keystore key never leaves the Trusted Execution Environment (TEE) or StrongBox secure enclave. An offline attacker with a rooted device cannot extract the key material used to decrypt the KEK, as it is bound to the hardware security module.
HYVEGuard — Full-Device VPN
HYVEGuard extends the HYVE cell architecture to the network layer. Using Android'sVpnServiceAPI, HYVEGuard captures all IP traffic from all applications on the device, encrypts it into HYVE cells, and tunnels it through the HYVE relay to a trusted peer device acting as the exit node.
5.1 TUN Interface
Android's VpnService creates a virtual TUN (tunnel) network interface. By routing 0.0.0.0/0 through this interface and assigning a virtual IP address (10.0.0.2/24), all IPv4 traffic from all apps on the device flows through HYVEGuard's packet processing loop — including apps that are not HYVE-aware.
// TUN setup (Android VpnService.Builder)
builder
.addAddress("10.0.0.2", 24) // virtual device IP
.addRoute("0.0.0.0", 0) // capture ALL IPv4
.addDnsServer("1.1.1.1") // Cloudflare DNS
.addDnsServer("8.8.8.8") // Google DNS fallback
.setSession("HYVE Shield")
.establish() // returns ParcelFileDescriptor5.2 Cell Encapsulation
Raw IP packets read from the TUN file descriptor are fragmented into 359-byte chunks (fitting in the message_payload field after nonce and tag overhead). Each chunk is wrapped in a HYVEGuard cell — a simplified 512-byte cell format sharing the same header structure as HYVE messaging cells.
// HYVEGuard cell differences from HYVE messaging cells: // - Header bytes [0-31]: zero-padded (no Shamir fields needed for VPN) // - Header bytes [32-39]: 8-byte routing prefix (inbox lookup) // - Header bytes [40-63]: zero-padded // - Payload: 436-byte ChaCha20-Poly1305 encrypted IP fragment // Total: 512 bytes — identical on-wire size to messaging cells
5.3 Key Derivation
Both peers independently derive the same symmetric VPN session key without transmitting it. The key is derived from both peer HYVE IDs, ensuring symmetry regardless of which peer initiates:
// Shared VPN key (both peers compute identically) sorted = sorted([myHyveId, peerHyveId]) // lexicographic sort combined = SHA-256(sorted[0] + "|" + sorted[1]) vpnKey = HKDF-SHA256(combined, "HYVE-VPN-KEY-v1.0", 32) // Per-direction keys outboundKey = HKDF-SHA256(vpnKey, "HYVE-VPN-OUT-v1.0", 32) inboundKey = HKDF-SHA256(vpnKey, "HYVE-VPN-IN-v1.0", 32)
5.4 Relay Bypass Socket
The WebSocket connection to the HYVE relay must not itself be routed through the TUN interface (which would create an infinite tunnel loop). HYVEGuard uses a custom BypassSocketFactory that calls VpnService.protect(socket) on every OkHttp socket before connection, marking it as exempt from the TUN routing table.
5.5 Peer Exit Node Model
Unlike commercial VPNs where the VPN provider operates the exit servers, HYVEGuard's exit node is the trusted peer's own device. The relay sees only HYVE cells (ciphertext) and routes them to the peer's inbox prefix. The peer device decrypts the IP packet and forwards it to the public internet on behalf of the originating device, then returns the response through the same path. The relay operator sees zero plaintext at any point.
Quantum-Analogous Properties
The following table maps the six core security properties of quantum key distribution to their HYVE classical analogs. For each property, we describe the quantum mechanism and the HYVE protocol element that achieves the same observable security outcome.
Quantum (Superposition)
A qubit exists in a superposition of states until measured. Any eavesdropper must collapse the superposition, producing a detectable disturbance.
HYVE Analog — HYVE-UT
HYVE-UT: Every cell is identical in size (512 bytes). Messages, files, video fragments, and random noise are indistinguishable. An observer cannot determine whether they are observing real communication or cover traffic — the traffic exists in a superposition of possible interpretations.
Quantum (No-Cloning Theorem)
Quantum states cannot be copied. An eavesdropper cannot intercept a quantum key without possessing it exclusively — the act of copying destroys the original.
HYVE Analog — HYVE-CST
HYVE-CST: Any set of fewer than K=3 cells is mathematically useless for reconstructing the message key (information-theoretic guarantee). An adversary who intercepts 1 or 2 cells has captured worthless fragments — no copy of the key can be made from insufficient shares.
Quantum (State Collapse)
Once a quantum state is measured, it collapses irreversibly. Past quantum states are unrecoverable.
HYVE Analog — HYVE-Ratchet
HYVE-Ratchet: Every chain key is immediately zeroed after advancing. HKDF is a one-way function — the collapsed (zeroed) state is information-theoretically unrecoverable. No future state of the ratchet can reproduce past message keys.
Quantum (Quantum Entanglement)
Entangled particles share state instantaneously without a classical channel. No intermediary can observe the correlation without disrupting it.
HYVE Analog — HYVE-BRT
HYVE-BRT + Blind Relay: The sender and receiver share ratchet state (their 'entanglement'). The relay sees only one-time tokens derived from that shared state. The relay cannot observe, correlate, or manipulate the underlying key relationship — it is architecturally excluded from the communication channel.
Quantum (Heisenberg Uncertainty)
Measuring one quantum property with precision necessarily disturbs the complementary property. Precise eavesdropping necessarily corrupts the transmission.
HYVE Analog — HYVE-BRT + HYVE-UT
HYVE-BRT + HYVE-UT: An observer who attempts to intercept and analyze cells (gaining information about the routing token) must forward modified cells — which will fail Poly1305 authentication at the receiver. An observer who does not modify cells gains only: (a) a one-time routing token that expires with the message, and (b) a 512-byte ciphertext with no metadata. Any attempt to gain more information necessarily triggers detectable authentication failure.
Quantum (Quantum Noise)
Quantum channels introduce irreducible noise that is indistinguishable from eavesdropping noise, making passive observation statistically undetectable only for legitimate parties.
HYVE Analog — HYVEGuard
HYVEGuard: All VPN traffic is normalized to 512-byte cells regardless of the original IP packet size. Real packets and padding are indistinguishable. Traffic analysis across the TUN interface reveals nothing about application behavior, destination servers, or data types — analogous to the irreducible noise floor of a quantum channel.
Comparison: QKD vs. HYVE
| Property | QKD | HYVE |
|---|---|---|
| Eavesdrop detection | Physical (quantum state disturbance) | Cryptographic (Poly1305 AEAD authentication) |
| Forward secrecy | Per-key (new QKD session per key) | Per-cell (ratchet advances per swarm, ITT on deletion) |
| Key interception | Physically impossible (no-cloning) | Mathematically impossible below K threshold (Shamir ITT) |
| Traffic analysis | Inherent quantum noise floor | 512B uniform cells + cover traffic injection |
| Relay trust | Classical infrastructure required | Zero — relay is architecturally blind (BRT tokens) |
| Quantum-safe | By definition | Partially — Shamir/HKDF ITT guarantees hold; X25519/ECDH susceptible to Shor's algorithm |
| Hardware required | Dedicated quantum hardware, fiber | Any Android 8.0+ device |
| Range | ~100km fiber (without repeaters) | Global (internet) |
| Cost | $100,000+ per endpoint | $0 (open source) |
| Deployability | Specialized infrastructure | APK install, 30 seconds |
Security Analysis
8.1 What HYVE Protects Against
Network-level interception: All traffic is encrypted ChaCha20-Poly1305. The relay sees only ciphertext and routing tokens. A network observer sees only 512-byte cells with no content or metadata.
Relay compromise: The relay holds no keys and cannot decrypt any cell. A compromised relay can observe routing token usage (which is unlinkable across messages) and can attempt to drop or delay cells. It cannot read, modify (AEAD prevents undetected modification), or replay messages.
Server subpoena: No HYVE server holds any user encryption key, message content, or conversation data. The identity server (id.hyveapp.co) holds only public keys and FCM tokens. A legal order to produce encryption keys against HYVE servers would produce nothing usable.
Offline device theft: The DEK is protected by KEK_bio (hardware-bound, biometric-gated) XOR KEK_pin (PBKDF2-100k). An attacker without the user's biometric cannot extract KEK_bio from the TEE.
8.2 What HYVE Does NOT Protect Against
8.3 Information-Theoretic Guarantee Summary
Shamir K−1 Guarantee
Any attacker with fewer than K=3 Shamir shares has zero information about the message key, regardless of computational resources. This holds unconditionally — no computational assumption required.
Key Deletion Guarantee
A chain key that has been zeroed and whose memory has been freed is unrecoverable via HKDF inversion. Past message keys cannot be derived from any future ratchet state. This holds unconditionally.
Replicable Advantage
The fundamental commercial advantage of HYVE over QKD is deployability. Achieving quantum-analogous security properties requires:
QKD Requirements
Dedicated single-mode fiber or line-of-sight free-space optical link
Cryogenically cooled photon detectors ($50K–$500K)
Low-loss optical switches and polarization controllers
Classical authenticated channel running in parallel
Distance limit: ~100km without quantum repeaters
Specialized technical staff for maintenance
HYVE Requirements
Any Android 8.0+ smartphone
Standard internet connection (WiFi or mobile data)
HYVE APK (open source, free)
30-second first-time setup
Global reach — works over any internet connection
Zero infrastructure to maintain
HYVE does not claim to replace QKD for high-assurance government or defense applications where quantum-physical guarantees are legally mandated. HYVE claims to deliver equivalent observable security properties at five orders of magnitude lower cost and with global internet deployability — making quantum-analogous privacy accessible to individuals, journalists, activists, and enterprises operating in adversarial environments worldwide.
Conclusion
HYVE demonstrates that quantum-analogous security properties are achievable on classical hardware through architectural innovation rather than physical principles. The five-layer HYVE protocol stack — HYVE-CST, HYVE-BRT, HYVE-UT, HYVE-Ratchet, and HYVE-Vault — collectively replicate the six key security properties of quantum key distribution without quantum hardware.
Two of these properties (HYVE-CST Shamir K−1 guarantee and HYVE-Ratchet key deletion guarantee) are provably information-theoretically secure and will remain so regardless of advances in classical or quantum computing.
HYVEGuard extends this architecture to the network layer, providing full-device IP traffic encryption with a trusted peer exit node model that eliminates the need to trust any VPN provider infrastructure.
All components described in this document are implemented in production code, have been tested on physical Android devices, and are available for review. The architecture is designed to be auditable, with no proprietary algorithms and no server-side key material.
For security review, partnership, or licensing inquiries:
Anthony S. Owens, Vibe Software Solutions Inc.
vibesoftwaresolutions@gmail.com
Appendix A
HYVE Key Derivation Hierarchy
X3DH Shared Secret (64 bytes)
│
├─ HKDF("HYVE RK Init v1.0") → RK_seed (32B)
│ └─ DH Ratchet Step(RK_seed, X25519_DH_output)
│ ├─ HKDF("HYVE RK v1.0") → Root Key (RK)
│ └─ HKDF("HYVE CK Boot v1.0") → Send Chain Key (CK_s)
│
└─ HKDF("HYVE CK Init v1.0") → Recv Chain Key (CK_r, initial)
For each outgoing swarm:
CK_s
├─ HKDF("HYVE MK v1.0") → Message Key (MK) → Shamir split across cells
└─ HKDF("HYVE CK v1.0") → CK_s_next (CK_s.zero(); advance)
For each cell within swarm:
HKDF(CK_s ‖ swarm_id ‖ cell_seq, "HYVE BRT v1.0") → routing_token (32B)
HKDF(CK_s ‖ routing_token, "HYVE Cell Key v1.0") → cell_key (32B)Appendix B
HYVEGuard Key Derivation
// Symmetric session key (both peers compute identically) sorted = lexicographic_sort([myHyveId, peerHyveId]) combined = SHA-256(sorted[0] + "|" + sorted[1]) vpnKey = HKDF-SHA256(combined, "HYVE-VPN-KEY-v1.0", 32) // Directional keys outKey = HKDF-SHA256(vpnKey, "HYVE-VPN-OUT-v1.0", 32) inKey = HKDF-SHA256(vpnKey, "HYVE-VPN-IN-v1.0", 32) // Routing prefix (peer inbox lookup) inboxPfx = HKDF-SHA256(SHA-256(peerBundleJson), "HYVE Inbox v1.0")[0:8] // HYVEGuard cell per IP fragment: nonce = random(12) ciphertext = ChaCha20-Poly1305(outKey, nonce, ip_fragment_chunk[0:359]) header = [0x00×32 | inboxPfx | 0x00×24] // 64 bytes cell = header ‖ nonce ‖ ciphertext // 512 bytes
Appendix C
Primitive Specifications
| Algorithm | Standard | Security Level | Notes |
|---|---|---|---|
| X25519 | RFC 7748 | 128-bit classical | DH over Curve25519; cofactor = 8 handled by clamp |
| Ed25519 | RFC 8032 | 128-bit classical | Deterministic signatures; no k reuse vulnerability |
| ChaCha20-Poly1305 | RFC 8439 | 256-bit | Software-constant-time; preferred on non-AES HW |
| AES-256-GCM | NIST SP 800-38D | 256-bit | HW accelerated on modern ARM; 12-byte random nonce |
| HKDF-SHA256 | RFC 5869 | 256-bit | Extract-then-expand; salt=zeros when absent |
| PBKDF2-SHA256 | RFC 8018 | → key space | 100,000 iterations; salt = random 32B per vault |
| Shamir SS | GF(2⁸) / 0x11B | ITT below K | AES field polynomial; x∈[1,255]; K≥2 |
All products created by Anthony S. Owens · Vibe Software Solutions Inc.