Algorithm Security APIs
Comprehensive security-focused API documentation for all MetaMUI Crypto algorithms.
Total Algorithms: 49 - Complete coverage of all cryptographic primitives in the MetaMUI suite.
Post-Quantum Algorithms (19 algorithms)
NIST Standardized PQC - FIPS 203 (Key Encapsulation)
ML-KEM-512
- Security Level: 128-bit quantum-resistant
- Side-channel Protection: Constant-time NTT operations
- Memory Security: Automatic key clearing
- View Full Security API
ML-KEM-768 (Kyber)
- Security Level: 192-bit quantum-resistant
- Side-channel Protection: Constant-time NTT operations
- Memory Security: Automatic key clearing
- View Full Security API
ML-KEM-1024
- Security Level: 256-bit quantum-resistant
- Side-channel Protection: Constant-time NTT operations
- Memory Security: Automatic key clearing
- View Full Security API
NIST Standardized PQC - FIPS 204 (Digital Signatures)
ML-DSA-44 (Dilithium2)
- Security Level: 128-bit quantum-resistant
- Side-channel Protection: Constant-time polynomial operations
- Memory Security: Secure key generation
- View Full Security API
ML-DSA-65 (Dilithium3)
- Security Level: 192-bit quantum-resistant
- Side-channel Protection: Constant-time polynomial operations
- Memory Security: Secure key generation
- View Full Security API
ML-DSA-87 (Dilithium5)
- Security Level: 256-bit quantum-resistant
- Side-channel Protection: Constant-time polynomial operations
- Memory Security: Secure key generation
- View Full Security API
NIST Standardized PQC - FIPS 205 (Hash-based Signatures)
SLH-DSA-SHA2-128f (SPHINCS+)
- Security Level: 128-bit quantum-resistant
- Side-channel Protection: Hash-based construction
- Memory Security: Stateless operation
- View Full Security API
SLH-DSA-SHAKE-256f (SPHINCS+)
- Security Level: 256-bit quantum-resistant
- Side-channel Protection: Hash-based construction
- Memory Security: Stateless operation
- View Full Security API
NIST Round 4 Additional Signatures
Falcon-512
- Security Level: 128-bit quantum-resistant
- Side-channel Protection: Floating-point free implementation
- Memory Security: Stack clearing after operations
- View Full Security API
Falcon-1024
- Security Level: 256-bit quantum-resistant
- Side-channel Protection: Floating-point free implementation
- Memory Security: Stack clearing after operations
- View Full Security API
Korean Post-Quantum Cryptography (KPQC)
SMAUG-T
- Security Level: 128/192/256-bit (T1/T3/T5)
- Side-channel Protection: Lattice-based constant-time operations
- Memory Security: Polynomial clearing
- View Full Security API
Haetae
- Security Level: 128/192/256-bit (Level 2/3/5)
- Side-channel Protection: Lattice-based signature scheme
- Memory Security: Secure polynomial operations
- View Full Security API
AIMer
- Security Level: 128/192/256-bit (128f/192f/256f)
- Side-channel Protection: MPC-in-the-head construction
- Memory Security: Commitment clearing
- View Full Security API
NTRU+
- Security Level: 128-256 bit (576/768/864/1152)
- Side-channel Protection: NTRU variant optimizations
- Memory Security: Polynomial clearing
- View Full Security API
Stateful Hash-Based Signatures
XMSS
- Security Level: 128/192/256-bit configurable
- Side-channel Protection: Hash-based construction
- Memory Security: State management critical
- View Full Security API
LMS
- Security Level: 128/192/256-bit configurable
- Side-channel Protection: Hash-based construction
- Memory Security: State management critical
- View Full Security API
Code-Based KEMs
HQC-128
- Security Level: 128-bit quantum-resistant
- Side-channel Protection: Hamming Quasi-Cyclic codes
- Memory Security: Syndrome clearing
- View Full Security API
Classic McEliece
- Security Level: 128-256 bit variants
- Side-channel Protection: Niederreiter cryptosystem
- Memory Security: Matrix clearing
- View Full Security API
Additional Lattice-Based KEMs
FrodoKEM-640
- Security Level: 128-bit quantum-resistant
- Side-channel Protection: LWE-based constant-time
- Memory Security: Matrix clearing
- View Full Security API
FrodoKEM-976
- Security Level: 192-bit quantum-resistant
- Side-channel Protection: LWE-based constant-time
- Memory Security: Matrix clearing
- View Full Security API
NTRU Prime
- Security Level: 128-256 bit
- Side-channel Protection: Constant-time inversion
- Memory Security: Polynomial clearing
- View Full Security API
Classical Algorithms (30 algorithms)
Hash Functions (11 algorithms)
SHA-256
- Security Level: 128-bit collision resistance
- Side-channel Protection: Constant-time compression
- Memory Security: State clearing
- View Full Security API
SHA-384
- Security Level: 192-bit collision resistance
- Side-channel Protection: Constant-time compression
- Memory Security: State clearing
- View Full Security API
SHA-512
- Security Level: 256-bit collision resistance
- Side-channel Protection: Constant-time compression
- Memory Security: State clearing
- View Full Security API
SHA3-256/512
- Security Level: 128/256-bit collision resistance
- Side-channel Protection: Keccak sponge construction
- Memory Security: State clearing
- View Full Security API
Keccak-256
- Security Level: 128-bit collision resistance
- Side-channel Protection: Original Keccak (Ethereum compatible)
- Memory Security: State clearing
- View Full Security API
Blake2b-256/512
- Security Level: Up to 256-bit
- Side-channel Protection: Constant-time mixing
- Memory Security: State clearing
- View Full Security API
Blake2s
- Security Level: Up to 128-bit
- Side-channel Protection: Constant-time mixing
- Memory Security: State clearing
- View Full Security API
Blake3
- Security Level: 128-bit minimum
- Side-channel Protection: Constant-time compression
- Memory Security: Chunk state clearing
- View Full Security API
SHAKE-256
- Security Level: 128-bit
- Side-channel Protection: Constant-time sponge
- Memory Security: State clearing
- View Full Security API
SipHash
- Security Level: 64/128-bit
- Side-channel Protection: Constant-time rounds
- Memory Security: Key clearing
- View Full Security API
FlatHash
- Security Level: Application-specific
- Side-channel Protection: Fast flat structure hashing
- Memory Security: Buffer clearing
- View Full Security API
Message Authentication Codes (4 algorithms)
HMAC-SHA256
- Security Level: 128-bit
- Side-channel Protection: Constant-time HMAC
- Memory Security: Key clearing
- View Full Security API
HMAC-SHA512
- Security Level: 256-bit
- Side-channel Protection: Constant-time HMAC
- Memory Security: Key clearing
- View Full Security API
Poly1305
- Security Level: 128-bit MAC
- Side-channel Protection: Constant-time polynomial evaluation
- Memory Security: Key clearing
- View Full Security API
CMAC
- Security Level: 128-bit with AES
- Side-channel Protection: Constant-time block operations
- Memory Security: Key clearing
- View Full Security API
Key Derivation Functions (4 algorithms)
HKDF-SHA256
- Security Level: Depends on hash function
- Side-channel Protection: Constant-time expand
- Memory Security: PRK clearing
- View Full Security API
PBKDF2
- Security Level: Depends on hash function
- Side-channel Protection: Constant-time HMAC
- Memory Security: Key clearing
- View Full Security API
Argon2id
- Security Level: Configurable
- Side-channel Protection: Data-independent addressing
- Memory Security: Memory overwriting
- View Full Security API
BLAKE3-KDF
- Security Level: 128-bit minimum
- Side-channel Protection: Constant-time derivation
- Memory Security: Context clearing
- View Full Security API
Symmetric Encryption (8 algorithms)
AES-256-GCM
- Security Level: 256-bit
- Side-channel Protection: Constant-time S-box operations
- Memory Security: Key schedule clearing
- View Full Security API
AES-256-CTR
- Security Level: 256-bit
- Side-channel Protection: Constant-time counter mode
- Memory Security: Key schedule clearing
- View Full Security API
ChaCha20
- Security Level: 256-bit
- Side-channel Protection: Constant-time quarter-round
- Memory Security: State clearing
- View Full Security API
ChaCha20-Poly1305
- Security Level: 256-bit AEAD
- Side-channel Protection: Constant-time MAC
- Memory Security: Key and nonce clearing
- View Full Security API
Ascon-128/128a
- Security Level: 128-bit
- Side-channel Protection: Lightweight constant-time
- Memory Security: State clearing
- View Full Security API
ARIA-256
- Security Level: 256-bit
- Side-channel Protection: Constant-time substitution
- Memory Security: Round key clearing
- View Full Security API
Camellia-256
- Security Level: 256-bit
- Side-channel Protection: Constant-time F-function
- Memory Security: Subkey clearing
- View Full Security API
Deoxys-II
- Security Level: 128-bit
- Side-channel Protection: Tweakable block cipher
- Memory Security: Tweak clearing
- View Full Security API
Digital Signatures (4 algorithms)
Ed25519
- Security Level: 128-bit
- Side-channel Protection: Constant-time scalar multiplication
- Memory Security: Private key protection
- View Full Security API
Ed25519-ZIP215
- Security Level: 128-bit
- Side-channel Protection: ZIP-215 compliant verification
- Memory Security: Same as Ed25519
- View Full Security API
Sr25519
- Security Level: 128-bit
- Side-channel Protection: Schnorrkel constant-time operations
- Memory Security: VRF key protection
- View Full Security API
RSA-2048 ⚠️ TRANSITIONAL
- Security Level: 112-bit classical (0-bit quantum)
- Side-channel Protection: CRT blinding, OAEP/PSS padding
- Memory Security: Private key clearing
- WARNING: Vulnerable to quantum attacks - migrate to PQC by 2030
- View Full Security API
Key Exchange
X25519
- Security Level: 128-bit
- Side-channel Protection: Constant-time Montgomery ladder
- Memory Security: Scalar clearing
- View Full Security API
Random Number Generation
HMAC-DRBG
- Security Level: Depends on hash function
- Side-channel Protection: Constant-time generate
- Memory Security: State clearing
- View Full Security API
Utility
BIP39
- Security Level: 128-256 bit entropy
- Side-channel Protection: Mnemonic generation
- Memory Security: Entropy clearing
- View Full Security API
Security Utilities
Core Security Infrastructure
Algorithm Categories Summary
| Category | Classical | Post-Quantum | Total |
|---|---|---|---|
| Hash Functions | 11 | 0 | 11 |
| Message Authentication | 4 | 0 | 4 |
| Key Derivation | 4 | 0 | 4 |
| Symmetric Encryption | 8 | 0 | 8 |
| Digital Signatures | 4 | 10 | 14 |
| Key Encapsulation | 0 | 11 | 11 |
| Key Exchange | 1 | 0 | 1 |
| Random Generation | 1 | 0 | 1 |
| Utility | 1 | 0 | 1 |
| Total | 30 | 19 | 49 |
Security Considerations
All algorithms in the MetaMUI suite implement:
- Constant-time operations to prevent timing attacks
- Automatic memory clearing for sensitive data
- Side-channel resistance appropriate to their security level
- Cross-platform compatibility across 10 programming languages
For detailed security analysis and implementation guidelines, refer to: