Building an AI-Resistant Post-Quantum VPN in Rust 🦀 (With an Open Crypto Challenge)

aditya kachhdiya — Sun, 14 Jun 2026 20:17:55 +0000

Hello Dev.to! 👋
I'm the architect of an experimental post-quantum VPN protocol called QCRA (Quantum-Chess Routing Architecture). It’s written entirely in Rust (250K+ lines, 46 passing test suites).
Today, I’m open-sourcing the protocol specification along with a Cryptographic Open Challenge for anyone who wants to try and break the math.

🚨 The Threat: AI-Driven Traffic Analysis

The standard approach to post-quantum networking today is to take ML-KEM (Kyber), wrap it in a TLS-like handshake, and call it a day. While this protects against Shor's algorithm on future quantum computers, it ignores an entirely different, very modern threat vector: AI-Driven Traffic Analysis.
Modern machine learning classifiers can identify encrypted VPN traffic with >99% accuracy. They don't need to decrypt your packets; they exploit statistical discontinuities, packet timing, and size patterns.

To counter this, I built three novel cryptographic layers on top of a standard Signal-style Double Ratchet.

🔬 The 3 Novel Defenses

1. P-Adic (Non-Archimedean) Key Derivation

Most key derivation functions operate in standard Euclidean space. I moved the key evolution into p-adic space (specifically using the prime p=104729).
Because p-adic numbers use the ultrametric inequality instead of the triangle inequality, distances behave completely differently. Gradient-descent-based ML attacks cannot define a meaningful continuous loss function over this key space. The AI literally cannot converge on a pattern.

2. SO(3) Rotation Key Evolution

Instead of flat KDF chains, the key state in QCRA lives on the SO(3) manifold (the 3D rotation group). Evolution uses quaternion SLERP (Spherical Linear Interpolation) along geodesics. By utilizing a 6D continuous representation (Zhou et al. 2019), we eliminate the statistical discontinuities that AI classifiers usually exploit to fingerprint traffic.

3. Lorenz Chaotic Mixer

To inject true non-linear entropy into the transmission, the protocol uses a deterministic Lorenz chaotic attractor (σ=10, ρ=28, β=8/3) integrated via Runge-Kutta (RK4). Seeded by the shared secret, the system has a positive Lyapunov exponent (≈0.906), meaning any deviation in initial conditions produces completely different trajectories. It literally mixes chaos into the ChaCha20 key stream.

🎯 The Open Challenge

I know that "novel cryptography" is usually a huge red flag. The #1 rule of applied cryptography is Don't roll your own crypto.
That is exactly why I am putting this out here. I want the hardest scrutiny from the community before making any production claims. The protocol is currently at TRL-4 (lab-validated).
I've published a challenge repository containing:

5 sequential encrypted messages between Alice and Bob
A fully armed Quantum Layer (ML-KEM-1024 + X25519 + P-Adic + SO(3) + Lorenz)
All public keys and session parameters
The full protocol pseudocode and academic whitepaper 🏆 Your Goal: Recover the plaintext of Message #5 and verify it against the published SHA-256 hash. 🔗 GitHub Repository: QCRA-Challenge --- ## 🗣️ What I want to know from you:
Is the P-Adic AI-resistance claim (Theorem 3.1 in the whitepaper) mathematically sound, or am I fooling myself?
Does the SO(3) key evolution actually add security, or is it security theater after the BLAKE3 hashing phase?
Can you find statistical bias in the ciphertexts.hex file?
Are there obvious protocol-level attacks I'm missing? If you are a Rust developer, a math nerd, or a security researcher: Roast my math, break my protocol, tell me I'm wrong. That's the whole point. Let me know what you think in the comments! 👇

DEV Community: aditya kachhdiya