Integrity Protected Crypto: A Four-Layer Hybrid Cryptosystem with ECC-Based Key Derivation and Tunable n-Byte Key Splitting

Abstract

Sanjay Ramkumar

This paper presents Integrity Protected Crypto, a novel open-source four-layer hybrid cryptosystem that combines AES256-CBC, simulated Two fish key wrapping, ChaCha20 stream cipher with ECDH-derived keys, and optional ECDSA signatures to deliver confidentiality, integrity, authenticity, and perfect forward secrecy. The central contribution is a tunable n-byte key-splitting mechanism applied to the Two fish key: only the first n bytes are encrypted using ChaCha20 with a session key derived via ephemeral-static ECDH, while the remaining bytes are transmitted in cleartext. This design creates a configurable security parameter that exponentially increases resistance against partial key recovery attacks. The entire ciphertext bundle is protected using HMAC-SHA256 or SHA-512 with constant-time comparison. Implemented in Python using the cryptography library, the system was rigorously evaluated across message sizes from 1 KB to 1 MB and n [8,256]. Results demonstrate 100% tamper detection, perfect plaintext recovery, and brute force resistance exceeding 1010 years even at n = 32, while maintaining average encryption/decryption times of 42–45 ms per 1 MB payload.

PDF