No demos found.
Stream Cipher
Snow 2
A modern Rust reimplementation of SNOW with AEAD support, Argon2id-derived keys, and steganographic output options.
Post-Quantum
Quantum Vault KpqC
Threshold file encryption using secret sharing and Korean post-quantum cryptography, compiled to WASM for direct browser use.
Stateless Passwords
Phantom Vault
Derive any password from a master passphrase using HMAC-DRBG. Nothing stored, nothing synced, nothing left behind to breach.
Backdoored RNG
Corrupted Oracle
A live Dual_EC_DRBG backdoor demo showing state recovery and future-output prediction while standard statistical tests still appear clean.
CSPRNG
DRBG Arena
HMAC_DRBG, CTR_DRBG, and Hash_DRBG with state visualizers, seeding, reseeding, and live NIST SP 800-22 statistical tests. The correct-case companion to Corrupted Oracle.
Post-Quantum Key Distribution
BB84
Quantum key distribution with photon polarization, basis sifting, QBER eavesdropper detection, and privacy amplification before AES-256-GCM message encryption.
Post-Quantum Cryptanalysis
Shor
Modular period finding with QFT and continued fractions to recover integer factors, showing why RSA, ECC, and Diffie-Hellman must migrate to post-quantum alternatives.
Post-Quantum Cryptanalysis
Grover
Amplitude amplification and oracle phase kickback for symmetric-key search, with live probability oscillation and concrete key-size impact (AES-128 to AES-256).
Cryptanalysis
Model Breach
A HiAE threat-model case study showing candidate enumeration, MITM state recovery, and guess-and-determine attacks when assumptions drift from deployment reality.
Asymmetric Encryption
Iron Letter
ECIES P-256 and RSA-OAEP compared side by side with live timing, key-size tradeoffs, and a simple sealed-letter mental model.
Deniable Encryption
Shadow Vault
One container, two passphrases, two messages. A practical demonstration of plausible deniability, forensic ambiguity, and browser-first UX around serious primitives.
Zero-Knowledge Proofs
ZK Proof Lab
Six exhibits from Ali Baba cave to zk-SNARK intuition, with real Schnorr arithmetic, commitments, and replayable transcripts instead of vague metaphors.
Zero-Knowledge Proofs
STARK Tower
AIR constraints, FRI polynomial commitments, and end-to-end Fibonacci proof. No trusted setup, post-quantum secure. The protocol behind StarkNet, StarkEx, and Risc Zero.
Zero-Knowledge Proofs
SNARK Arena
Groth16 vs PLONK — trusted setup ceremonies, proof size comparison, the toxic waste problem, and production deployments in Zcash, Polygon zkEVM, WorldID, and zkLogin.
Homomorphic Encryption
Blind Oracle
A server computes on encrypted values without seeing the plaintext. A concise, live introduction to FHE using TFHE-rs.
Homomorphic Encryption
CKKS Lab
Approximate FHE for encrypted floating-point arithmetic, homomorphic neural network inference, rescaling, and the complete FHE trilogy (TFHE + BGV/BFV + CKKS).
Homomorphic Encryption
FHE Arena
BGV/BFV integer FHE — homomorphic addition and multiplication, live noise budget visualizer, relinearization, SIMD batching, and real-world deployments in private genomics and encrypted databases.
Encrypted Morse
Dad Mode Morse
AES-GCM encrypted messaging delivered as Morse code with audio playback and browser decoding. Intentionally playful, still grounded in real primitives.
Library Privacy
Patron Shield
Information-theoretic private information retrieval applied to catalog privacy. A direct bridge from library ethics to concrete mathematical guarantees.
Verifiable Secret Sharing
VSS Gate
Feldman VSS and Pedersen VSS — verifiable secret sharing with live cheating dealer detection, commitment verification, and the layer beneath FROST and threshold wallets.
Secure MPC
Garbled Gate
Yao’s Garbled Circuits — gate-by-gate garbling, oblivious transfer for input wires, and the Millionaire’s Problem solved end-to-end. The foundational two-party MPC protocol.
Secure MPC
Silent Tally
Five hospitals compute a combined enrollment total without revealing any individual counts, demonstrating additive-homomorphic MPC in the browser.
Threshold Signatures
FROST Threshold
A browser-based FROST (RFC 9591) walkthrough where any qualified signer subset can produce one standard Ed25519 signature without key reassembly.
Post-Quantum Signatures
Dilithium Seal
CRYSTALS-Dilithium (ML-DSA) digital signatures in the browser. Generate lattice-based key pairs, sign documents, and verify — all post-quantum safe.
Forward-Secret Messaging
Ratchet Wire
A live walkthrough of the Double Ratchet protocol powering Signal-style messaging, with per-message key derivation and forward secrecy guarantees.
Post-Quantum KEM
Kyber Vault
CRYSTALS-Kyber (ML-KEM) key encapsulation in the browser. Encapsulate, decapsulate, and compare lattice-based key exchange against classical ECDH.
Block Cipher
Iron Serpent
The Serpent block cipher — AES finalist with a deeper security margin. Live encryption rounds, S-box visualization, and side-by-side AES comparison.
Block Cipher
World Ciphers
Camellia (Japan), ARIA (South Korea), SM4 (China), and Kuznyechik (Russia) side by side with AES. Encrypt/decrypt playgrounds, S-box analysis, and geopolitical compliance context.
Secret Sharing
Shamir Gate
Split a secret into shares using Shamir's Secret Sharing and reconstruct with any qualified threshold subset. Polynomial interpolation made tangible.
Historical Cipher
Dead Sea Cipher
Ancient substitution and transposition ciphers rooted in historical cryptographic traditions. Encode, decode, and explore classical cryptanalysis techniques.
Hash-Based Signatures
SPHINCS+ Ledger
Stateless hash-based signatures (SLH-DSA) in the browser. A post-quantum signing scheme that relies only on the security of hash functions.
Differential Cryptanalysis
Biham Lens
A live differential cryptanalysis attack on a toy SPN cipher — the technique co-invented by Biham and Shamir that broke DES. DDT visualization and last-round key recovery.
Hybrid Key Exchange
Hybrid Wire
X25519 + ML-KEM-768 hybrid post-quantum key exchange as deployed in Chrome 124+, Cloudflare, and Signal. Six-step handshake visualization and encrypted chat.
Hash Functions
Babel Hash
SHA-256, SHA3-256, and BLAKE3 side by side with live avalanche visualization, length extension attack demo, and HMAC defense.
Block Cipher Modes
AES Modes
ECB, CBC, CTR, GCM, and CCM with live padding oracle attack. Real WebCrypto operations, ECB penguin visualization, and authenticated encryption comparison.
Public-Key Cryptography
RSA Forge
Textbook RSA, OAEP, PSS signatures, and live attacks including small exponent, Bleichenbacher PKCS#1 v1.5 oracle, and padding oracle. Real WebCrypto operations.
Elliptic Curves
Curve Lens
Point addition, scalar multiplication, and live ECDH across P-256, Curve25519, and secp256k1. Real field arithmetic visualized step by step.
Asynchronous Key Agreement
X3DH Wire
The asynchronous handshake behind Signal. Real X25519 arithmetic, four DH operations, and HKDF-SHA-256 key derivation — no backends, no simulated math.
Noise Protocol Framework
Noise Pipe
NN, XX, IK, and IKpsk2 handshake patterns with real X25519 arithmetic, live transport encryption, and a WireGuard deep dive.
Message Authentication
MAC Race
HMAC, CMAC, Poly1305, and GHASH compared with live length extension attack, timing attack, and nonce reuse demonstrations. Real WebCrypto operations.
Key Derivation
KDF Chain
HKDF, PBKDF2, scrypt, and Argon2id compared side by side with live parameter tuning, real timing measurements, and a KDF decision tree.
Format-Preserving Encryption
Format Ward
FF1 and FF3-1 live tokenization of credit cards, SSNs, and phone numbers. Real AES-256 Feistel rounds. PCI-DSS compliant format preservation.
CBC Padding Oracle
Padding Oracle
Full Vaudenay 2002 chosen-ciphertext attack with real AES-CBC, byte-by-byte plaintext recovery, and coverage of ASP.NET, Lucky Thirteen, and POODLE.
Timing Side-Channel
Timing Oracle
String comparison leakage, HMAC verification timing, RSA private key bit leakage, and cache-timing attacks with real performance.now() measurements.
Post-Quantum KEM
McEliece Gate
The oldest post-quantum KEM (1978). Binary Goppa codes, visceral 261KB public key visualization, and four-way comparison against ML-KEM, BIKE, and HQC.
Post-Quantum KEM
Frodo Vault
Conservative post-quantum KEM using plain LWE with no ring structure. LWE from first principles, error distribution, and side-by-side comparison against ML-KEM.
Code-Based KEM
BIKE Vault
Code-based post-quantum KEM using QC-MDPC codes, Black-Gray-Flip decoding, and side-by-side comparison against ML-KEM. NIST Round 4 alternate candidate.
Code-Based KEM
HQC Vault
Hamming Quasi-Cyclic post-quantum KEM with perfect correctness, Reed-Muller/Reed-Solomon decoding, and three-way comparison against BIKE and ML-KEM.
Post-Quantum Signatures
Falcon Seal
Compact NTRU lattice signatures with Fast Fourier Sampling, side-by-side comparison against ML-DSA and SLH-DSA, and implementation security warnings.
Stream Cipher
ChaCha20 Stream
Quarter-round stepper, keystream visualizer, nonce reuse attack demo, and encrypt/decrypt playground. ARX design, no AES-NI required.
Digital Signatures
Ed25519 Forge
Keypair generation, signing, and signature verification — deterministic nonces, tamper detection, ZIP215 cofactor handling, and 64-byte compact signatures.
Hash Construction
Hash Zoo
SHA-256 vs SHA3-256 vs BLAKE3 internals — live avalanche analysis, Merkle-Damgård/sponge/tree construction diagrams, and timing benchmarks.
Hash Functions
World Hashes
SM3 (China), Streebog (Russia), and Kupyna (Ukraine) alongside SHA-256 and SHA-3. Five-way simultaneous hashing, avalanche analysis, and cryptographic sovereignty context.
KDF Benchmarks
KDF Arena
Live timing and memory comparison of HKDF, PBKDF2, scrypt, and Argon2id with adjustable cost parameters and bar chart visualization.
MAC Primitive
Poly1305 MAC
Polynomial evaluation over GF(2¹³⁰−5), constant-time tag verification, key-reuse attack visualizer, and Polynomial Stepper.
Oblivious Transfer
OT Gate
1-of-2 Oblivious Transfer using the Simplest OT protocol (Chou-Orlandi 2015) over Curve25519 with real X25519 arithmetic and AES-256-GCM encryption. Foundational primitive for secure MPC.
Stateful Hash-Based Signatures
LMS Ledger
LMS/HSS stateful hash-based signatures (NIST SP 800-208) — W-OTS+ key state grid, one-time key reuse attack with real forgery demo, and CNSA 2.0 firmware signing context.
Merkle Trees
Merkle Vault
Build Merkle trees up to 16 leaves with real SHA-256, generate O(log n) inclusion proofs, tamper any leaf and watch the root change. Git, Bitcoin, and Certificate Transparency walkthroughs.
Nonce Misuse Resistance
Nonce Guard
AES-GCM vs AES-GCM-SIV comparison — live nonce reuse attack showing keystream XOR recovery and GHASH key extraction, synthetic IV construction, and misuse-resistance comparison. RFC 8452.
Pairing Cryptography
Pairing Gate
BLS12-381 bilinear pairing — BLS signature sign/verify with real @noble/curves arithmetic, signature aggregation visualizer (up to 100 signers → 1 proof), and rogue key attack demo. Powers Ethereum 2.0 and Zcash.
IT-PIR
Oblivious Shelf
2-server XOR Private Information Retrieval (Chor et al. 1995) — a patron retrieves any book from a 16-item catalog without the server learning which one was requested. Step-by-step query walkthrough and privacy audit.
Steganography
Stego Suite
LSB substitution, DCT-domain hiding, and adaptive embedding with live chi-squared steganalysis. Hide the message, not just the content.
Threshold ECDSA
GG20 Wallet
GG20 threshold ECDSA — Paillier encryption, distributed key generation, and joint signing without any party holding the full private key. The protocol behind Fireblocks and Coinbase MPC.
Password Hashing
Bcrypt Forge
Bcrypt anatomy, cost factor benchmarking, timing-safe verification, and a real-world breach simulation. The workhorse password hash, dissected.
Blind Signatures
Blind Sign
Chaum RSA blind signatures and Schnorr EC blind signatures — anonymous e-cash, private voting, and unlinkability proofs. The signer signs without seeing the message.
Commitment Schemes
Commit Gate
Hash commitments and Pedersen commitments — binding, hiding, sealed-bid auction, and homomorphic addition. The primitive beneath ZKPs, MPC, and VSS.
PKI & Certificates
PKI Chain
X.509 certificate chains, trust store validation, CA compromise cascades, Certificate Transparency with Merkle inclusion proofs, and post-quantum migration to ML-DSA.
Protocol Composition
Protocol Compose
MAC-then-Encrypt vs Encrypt-then-MAC, padding oracle attack, CRIME, and the composition failures that drove TLS 1.3. Safe primitives composed unsafely break everything.
Ring Signatures
Ring Sign
LSAG ring signatures — key image linkability, double-spend detection, group signatures with manager opening, and Monero transaction privacy. Sign as one-of-many without revealing which.
Threshold Decryption
Threshold Decrypt
ElGamal over P-256 — distributed key generation, verifiable partial decryptions with NIZK proofs, and t-of-n combination without any party holding the full private key.
Steganography
J-UNIWARD
JPEG steganography via Universal Wavelet Relative Distortion — adaptive DCT coefficient embedding that minimizes wavelet-domain detectability. The state-of-the-art in content-adaptive JPEG steganography.
Quantum Threat
Harvest Vault
HNDL pressure, Mosca's theorem, migration windows, and concrete post-quantum planning for the systems being recorded today and decrypted later.
Post-Quantum Isogeny
Isogeny Gate
Elliptic-curve isogenies with toy SIDH over GF(71), supersingular graph walks, the Castryck-Decru break, and the surviving branches of the field in CSIDH and SQIsign.
Post-Quantum Side-Channel
Lattice Fault
Implementation attacks on lattice PQC: NTT power leakage, rejection-sampling fault bypass, KyberSlash timing, and faulty KECCAK seed injection. The math survives; sloppy implementations do not.
Post-Quantum Cryptanalysis
LLL Break
Step-by-step LLL and BKZ lattice reduction with Gram-Schmidt views, Lovasz condition checks, and a toy LWE primal attack that shows why Kyber-sized parameters do not fall the same way.
Post-Quantum Signatures
MPCitH Sign
Post-quantum signatures from MPC-in-the-Head with additive secret sharing, SHA-256 commitments, Merkle proofs, Fiat-Shamir, and hidden-view challenges over a toy PERK-style witness.
Password-Authenticated Key Exchange
OPAQUE Gate
RFC 9807 OPAQUE aPAKE with live OPRF blind/evaluate/unblind flow, credential envelope sealing, 3DH mutual authentication, and server-breach simulation showing the password never reaches the server.
Verifiable Randomness
VRF Gate
ECVRF prove/verify, Wesolowski VDF repeated squaring, and a RANDAO-plus-VDF beacon simulation that shows how verifiable randomness resists last-reveal manipulation.
Authenticated Encryption
AEGIS Gate
AEGIS-256 from the CFRG draft with AES round-function state updates, six-register sponge flow, tag derivation, and official test-vector verification in the browser.
Lightweight Cryptography
Ascon
NIST's lightweight cryptography standard with Ascon-AEAD128, Ascon-Hash256, avalanche analysis, and side-by-side comparison against AES-GCM and ChaCha20-Poly1305.
High-Security Curves
Curve448
X448 key exchange and Ed448 signatures side by side with Curve25519 and Ed25519, covering the 224-bit security tier for long-lived keys.
ML-DSA Internals
Dilithium Reject
An ML-DSA rejection-sampling lab with live acceptance histograms, rejection-reason breakdowns, and the signing-time tradeoff that keeps lattice signatures secure.
Digital Signatures
ECDSA Forge
ECDSA on secp256k1 and P-256 with sign/verify workflows, RFC 6979 deterministic nonces, and the classic nonce-reuse private-key recovery attack.
Public-Key Encryption
ElGamal Plain
Taher ElGamal's 1985 scheme with fresh ephemeral randomness, multiplicative homomorphism, and ciphertext rerandomization across toy and RFC 3526 groups.
Migration Planning
Harvest Timeline
A harvest-now-decrypt-later risk simulator built around the Mosca inequality, CRQC scenarios, organization profiles, and the operational cost of waiting to migrate.
Post-Quantum Signatures
HAWK
An educational HAWK lab covering integer-only lattice signatures, discrete Gaussian sampling over Z, and the NIST Round 2 additional-signatures landscape.
Post-Quantum Side-Channel
HQC Timing Break
A full-decryption oracle attack on HQC showing how compiler rewrites break constant-time Reed-Muller decoding and expose key recovery through cache timing.
Composite Signatures
Hybrid Sign
Ed25519 plus ML-DSA-65 hybrid signatures per the IETF LAMPS composite-signature draft, framed as defense in depth for long-lived authenticity.
Identity-Based Encryption
IBE Gate
Boneh-Franklin identity-based encryption on BLS12-381 with setup, private-key extraction, encrypt/decrypt flow, and an honest look at the escrow tradeoff.
Post-Quantum Side-Channel
KyberSlash
A KyberSlash timing-attack lab for ML-KEM, covering secret-dependent division, vulnerable compression paths, the Barrett-reduction fix, and live attack simulation.
Hash-Based Signatures
LMS/XMSS
State-managed hash-based signatures with LM-OTS, Merkle trees, and hierarchical composition, showing where LMS, HSS, and XMSS fit in practice.
Lattice Cryptography
NTRU Classic
The original 1996 NTRU lattice cryptosystem with polynomial-ring arithmetic from scratch and the historical path from classic NTRU to modern post-quantum design.
Access-Pattern Privacy
ORAM Vault
A Path ORAM walkthrough with tree buckets, stash growth, position-map updates, and adversary-view visualization for cloud access-pattern hiding.
Additive Homomorphic Encryption
Paillier Gate
Paillier's additive homomorphic cryptosystem with encrypt/decrypt, tallying without decryption, and direct links to voting systems and GG20 threshold ECDSA.
Migration Operations
PQ Rotation
A post-quantum migration planner for hybrid certificates, multi-jurisdiction timelines, rolling key rotation, canary deployment, and rollback strategy.
Post-Quantum TLS
PQ TLS Handshake
TLS 1.3 with the X25519MLKEM768 hybrid handshake, including byte-level framing, full key schedule derivation, and comparison against classical X25519.
Private Set Intersection
PSI Gate
Classic DH-PSI over ristretto255 with RFC 9380 hash-to-curve, showing how two parties learn only their overlap and nothing else.
Post-Quantum KEM
S-Cloud+ Vault
China's conservative LWE-based KEM with ternary secrets, BW32 lattice coding, and a faithful browser implementation of the ePrint 2024/1306 design.
Threshold Signatures
Threshold ML-DSA
Distributed post-quantum signing where a k-of-n party set produces ML-DSA signatures without any one signer ever reconstructing the full key.
Envelope Encryption
Envelope KMS
RFC 3394/5649 AES key wrap, DEK/KEK hierarchy, KMS-style key rotation, re-wrap without plaintext exposure, and a hash-chained audit log — the architecture behind AWS KMS and Google Cloud KMS.
Zero-Knowledge Range Proofs
Bulletproofs
ZK range proofs using Bulletproofs on ristretto255 — 64-bit Pedersen commitments, aggregate proofs over multiple ranges, the inner-product argument, and a tamper-rejection demo.
Lattice Attack
Nonce Lattice
ECDSA nonce-bias lattice attack on secp256k1 and P-256 — Hidden Number Problem construction, in-browser LLL reduction, and byte-for-byte private-key recovery from biased nonces.
Authentication Protocol
Kerberos v5
RFC 4120 Kerberos v5 — Needham-Schroeder origins, Lowe attack, full AS/TGS/AP exchange flow, AES-256-CTS-HMAC-SHA1-96 ticket encryption, and clock-skew replay defense.
Group Messaging Security
MLS Group
RFC 9420 Messaging Layer Security — TreeKEM ratchet tree, epoch key schedule, member add/remove/update operations, and group application messaging with forward secrecy guarantees.