QShield Documentation
Get started with our API and integration guides. Explore our comprehensive resources to implement quantum-resistant cryptography in your Game smart contracts.
Currently we are providing a free sample in plans. Please click on 'create account' after choosing a Secret Phrase and a Master Password. Safely store them both on a piece of paper or a vault service, and also save your api key. If you lose these, your data can NEVER be recovered.
Go to the form and fill it up with the EXACT details asked and press send. We usually get back to you within 3 days.
If you store user scores in your Smart Contract as a mapping that is (address => uint), add a similar one for (string => uint). This is what we will have the users populate while submitting their scores. We also have an option to help you deploy our recommended smart contract.
Please make sure you store and retrieve your API Key and Master Password for this securely.
Install the official qshield node library with "npm install qshield-js"
Use this repository as reference for how to use QShield in your frontend.
Once it's time to declare a winner, please use our decrypt function for any candidate to reveal if the score entry is authentic.
Please DO NOT share your master password, api key, or other details with anyone, because that would allow them to delete your account, and reverse engineer your encryption giving them the ability to create entries that align with your code without actually playing your game and registering "authentic" scores.
QShield using multiple encryption algorithms, and decoy mechanics to ensure the safety of your data, and its resistance to hacking and unauthorized access, even when pitted against Quantum Computers. The technology involves Kyber1024, Fernet-like, and decoy based encryption.
Kyber 1024: Kyber is an IND-CCA2-secure key encapsulation mechanism (KEM)[1], whose security is based on the hardness of solving the learning-with-errors (LWE) problem over module lattices. Kyber is one of the finalists in the NIST post-quantum cryptography project. The submission lists three different parameter sets aiming at different security levels. Specifically, Kyber-512 aims at security roughly equivalent to AES-128, Kyber-768 aims at security roughly equivalent to AES-192, and Kyber-1024 aims at security roughly equivalent to AES-256.
The design of the Kyber encryption is rooted in the seminal LWE-based encryption scheme of Regev. Since Regev's original work, the practical efficiency of LWE encryption schemes has been improved by observing that the secret in LWE can come from the same distribution as the noise and also noticing that "LWE-like" schemes can be built by using a square (rather than a rectangular) matrix as the public key. Another improvement was applying an idea originally used in the NTRU cryptosystem to define the Ring-LWE and Module-LWE problems that used polynomial rings rather than integers. The CCA-secure KEM Kyber is built on top of a CPA-secure cryptosystem that is based on the hardness of Module-LWE.
Fernet-like Encryption: Fernet guarantees that a message encrypted using it cannot be manipulated or read without the key. Fernet is an implementation of symmetric (also known as “secret key”) authenticated cryptography. Fernet also has support for implementing key rotation via MultiFernet. [2]
It uses the following processes internally:
-AES in CBC mode with a 128-bit key for encryption; using PKCS7 padding.
-HMAC using SHA256 for authentication.
-Initialization vectors are generated using random number generators.
Since the original implementation of Fernet is in Python, QShield calls its method "Fernet-like Encryption" because it is built in a different language (javascript), and uses additional safety checks to make it even more robust.
Decoy-based Encryption: This is a unique implementation, specially created in-house by the QShield cryptographers. It involves generating a key, and using it as an operand in a formula, instead of directly giving it to the client for end usage. This ensures that the public keys cannot be bulk generated and tried with different testing datasets to "guess" the private key. The exact algorithm and implementation is black boxed to ensure that malicious parties can't break past this additional layer of security.