Transport Security
TLS and quantum-safe encryption for ARC Protocol.
TLS Requirements
ARC Protocol requires TLS 1.2 or higher for all communications.
Minimum Configuration
Protocol: TLS 1.2+
Cipher Suites: Strong ciphers only (AES-256, ChaCha20)
Certificate Validation: Required
Quantum-Safe Hybrid TLS
ARC Protocol implements post-quantum end-to-end encryption using hybrid TLS (X25519Kyber768), combining classical elliptic curve cryptography with NIST-standardized Module-Lattice-Based Key Encapsulation Mechanism (ML-KEM, FIPS 203). This provides protection against both current and future quantum computing attacks.
The Python SDK supports hybrid TLS combining classical and post-quantum cryptography.
Algorithm
X25519 + Kyber-768
- Classical: X25519 (Curve25519)
- Post-Quantum: Kyber-768 (NIST FIPS 203 ML-KEM)
Client Configuration
from arc import Client
# Enable quantum-safe TLS (default)
client = Client(
endpoint="https://api.example.com/arc",
token="your-token",
use_quantum_safe=True
)
Server Configuration
server.run(
host="0.0.0.0",
port=443,
ssl_keyfile="/path/to/server.key",
ssl_certfile="/path/to/server.crt"
)
Quantum-safe TLS is enabled by default when arc-sdk[pqc] is installed.
Certificate Management
Production Certificates
Use certificates from trusted CA:
import ssl
ssl_context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
ssl_context.load_cert_chain("cert.pem", "key.pem")
server.run(host="0.0.0.0", port=443, ssl_context=ssl_context)
Certificate Validation
Always validate certificates in production:
# Client validates server certificate
client = Client(
endpoint="https://api.example.com/arc",
token="token",
verify_ssl=True # Default
)
Security Best Practices
- TLS 1.2+ Only - Disable older protocols
- Strong Ciphers - Use AES-256-GCM or ChaCha20-Poly1305
- Certificate Validation - Always validate in production
- Certificate Rotation - Rotate certificates regularly
- Quantum-Safe - Enable hybrid TLS for future-proofing