Post-Quantum Secure · End-to-End Encrypted · Switchable Algorithms
Based on the Kyber-768 (NIST FIPS 203 standard) key exchange algorithm, it resists cracking attacks from existing and future quantum computers, mitigating the "harvest now, decrypt later" risk.
The data encryption layer supports both AES-256-CTR (international standard, hardware-accelerated) and SM4-CTR (Chinese national cryptography standard), flexible via configuration for different compliance scenarios.
Keys are generated and stored only at the two communicating ends, never transmitted in plaintext or stored persistently. Even if traffic is intercepted, no valid keys or plaintext data can be obtained.
Complies with NIST post-quantum cryptography standards and natively supports Perfect Forward Secrecy (PFS). Leakage of a single session key does not compromise other sessions, meeting high-security scenario requirements.
Keys only at both ends, no plaintext in transit
Keys generated and retained solely at endpoints, no plaintext transmission
Keys never stored persistently, destroyed immediately after session
Server cannot decrypt transmitted content
Compromise of one session key does not affect other sessions
Kyber is the official post-quantum cryptography standard selected by NIST (FIPS 203, also known as ML-KEM), belonging to the lattice-based cryptography system. Link-s uses the Kyber-768 parameter set, providing security strength equivalent to AES-192, maintaining reliable key exchange security even in the quantum computing era.
Kyber-768 NIST FIPS 203 Quantum-Resistant
Traditional RSA/ECC becomes vulnerable to quantum computers. Kyber-768 is based on lattice problems, unbreakable by any known quantum algorithms in feasible time. Key negotiation requires no pre-shared keys and natively supports forward secrecy.
Link-s uses CTR (Counter) stream cipher mode at the data encryption layer, enabling streaming processing — encrypting during transmission and decrypting upon reception without waiting for complete files, greatly improving large-file transfer efficiency.
Link-s adopts a Post-Quantum Hybrid Encryption Architecture:
This design ensures post-quantum security for key exchange while maximizing the high-performance advantages of symmetric encryption (AES hardware acceleration / SM4 compliance), balancing international standards and Chinese compliance via switchable algorithms.
Key Lifecycle Management
Server Zero-Knowledge: Signaling servers only handle connection negotiation and session management, with no access to key materials. Relay servers forward encrypted data streams across networks and cannot decrypt content. Only communicating parties can decrypt data across the entire transmission chain.
Link-s natively supports Perfect Forward Secrecy. Each transfer session generates a brand-new ephemeral key pair, independent of each other. Even if one session key is compromised, it does not affect the security of other sessions or enable decryption of historical transmission content.