Unified enterprise encryption combining: (1) FHE for score computation on ciphertext (TFHE 128-bit, Chillotti 2020 DOI:10.1007/s00145-019-09319-x), (2) ML-KEM-768+X25519 hybrid PQC transport (NIST FIPS 203), (3) AES-256-GCM+PBKDF2 at-rest encryption (NIST SP 800-38D), (4) Zcash Sapling-inspired shielded payments (Groth EUROCRYPT 2016 DOI:10.
Patient-physician messaging over platforms like Telegram and WhatsApp transmits PHI in plaintext. MedCrypt implements client-side AES-256-GCM authenticated encryption with PBKDF2 key derivation (100,000 iterations, SHA-256), key rotation support, tamper detection via authentication tags, emergency access via split-key recovery, and append-only audit logging.
We implement client-side encryption for clinical messaging using AES-256-GCM authenticated encryption with PBKDF2 key derivation (100,000 iterations, SHA-256). Messages are encrypted in the browser before transmission; the server stores only ciphertext and cannot read message content.
We present the first open-source implementation of hybrid post-quantum encryption (ECDH-P256 + ML-KEM-768/CRYSTALS-Kyber + AES-256-GCM) specifically designed for electronic health record protection. Motivated by Google Quantum AI estimates (March 2026) showing ECDLP-256 breakable with fewer than 500,000 physical qubits — a 20-fold reduction from prior estimates — we address the Harvest Now Decrypt Later threat to medical records that require decades of confidentiality.