Post-Quantum Video Encryption. Chunk by chunk.

Session-based chunk-level video encryption API. Every video frame is individually encrypted with AES-256-GCM under a Kyber-derived session key. Every chunk is tracked in a Dilithium-signed manifest. Key rotation happens mid-stream with forward secrecy. Your infrastructure handles the video — H33 handles the cryptography.

ML-KEM-768 AES-256-GCM ML-DSA-65 SHA3-256 KDF Forward Secrecy

Get API Key

Session Lifecycle

Six API calls. Create a session, exchange keys, encrypt chunks, rotate keys, sign the manifest, destroy everything.

POST /api/v1/video/session/create

Generate Kyber-768 + Dilithium keypairs. Return session_id + public key.

—

POST /session/{id}/encapsulate

Client sends public key. Server encapsulates shared secret. SHA3-256 KDF derives AES key.

—

POST /api/v1/video/chunk/encrypt

Encrypt video chunk with AES-256-GCM. Structured nonce. Dilithium-signed manifest entry.

—

POST /session/{id}/rotate

New random AES key. Old key preserved for in-flight chunks. Forward secrecy.

—

GET /session/{id}/manifest

Complete Dilithium-signed manifest. Per-chunk hash, nonce, rotation sequence.

—

DELETE /session/{id}

Destroy session. All key material zeroized (Zeroize + ZeroizeOnDrop).

—

Three Cryptographic Layers

Every video chunk passes through post-quantum key exchange, authenticated encryption, and digital signature attestation.

Layer 1 — Key Exchange

ML-KEM-768 Encapsulation

Server generates a Kyber-768 keypair per session (PK: 1,184 bytes, SK: 2,400 bytes). Client encapsulates a shared secret using the server's public key (ciphertext: 1,088 bytes). The 32-byte shared secret is fed through SHA3-256("H33_PQ_VIDEO_AES_KEY:" || shared_secret) to derive the AES-256-GCM session key. The Kyber lattice problem provides NIST Level 3 post-quantum security.

Layer 2 — Chunk Encryption

AES-256-GCM with Structured Nonce

Each video chunk is encrypted individually with AES-256-GCM. The 12-byte nonce is deterministic and structured: [sequence_number LE 4B][rotation_sequence LE 4B][0000 4B]. Additional Authenticated Data (AAD) is the constant string "h33-pq-video". This guarantees nonce uniqueness across chunks and key rotations without random collisions.

Layer 3 — Manifest Attestation

ML-DSA-65 Signed Manifest

Every encrypted chunk generates a manifest entry containing the SHA3-256 hash, sequence number, rotation sequence, timestamp, and a per-entry Dilithium signature (3,309 bytes, PK: 1,952 bytes). The complete manifest is signed separately. This creates an immutable, quantum-resistant audit trail of every chunk in the session.

Key Rotation & Forward Secrecy

Mid-stream key rotation with graceful transition. Old keys are zeroized after the rotation boundary passes.

Rotation Triggered

Client calls POST /session/{id}/rotate. Server generates 32 bytes of fresh randomness for the new AES key.

↓

Grace Period

Current key moves to previous_aes_key. Chunks with sequence_number < effective_after_chunk still decrypt with the old key. Both keys active simultaneously.

↓

Old Key Zeroized

Once sequence_number > effective_after_chunk, the old key is securely zeroized via Zeroize. Forward secrecy achieved — compromising the new key cannot decrypt old chunks.

↓

Session Destroy

On DELETE /session/{id}, the entire VideoSession struct is dropped with ZeroizeOnDrop. All key material — Kyber SK, AES keys, Dilithium SK — securely erased.

Chunk Envelope — Wire Format

Every encrypted chunk uses a deterministic 12-byte nonce constructed from the sequence and rotation numbers.

AES-256-GCM NONCE (12 bytes)

Bytes 0-3

seq_num

LE u32

Bytes 4-7

rot_seq

LE u32

Bytes 8-11

0x00000000

Reserved

ENCRYPTED CHUNK OUTPUT

Variable length

AES-256-GCM Ciphertext

AAD: "h33-pq-video"

16 bytes

GCM Tag

Appended

Sequence

Rotation

Reserved

Ciphertext

Auth Tag

Live Session Simulator

Watch a simulated PQ Video session: key exchange, chunk encryption, rotation, and manifest signing.

Alice

Sender

Bob

Server

Performance

Measured on Graviton4 (c8g.metal-48xl). All operations are sub-millisecond.

~120 µs

Kyber-768 KEM

~15 µs

AES-256-GCM (1KB chunk)

~191 µs

Dilithium Sign

~30 µs

SHA3-256 KDF

< 400 µs

Full Chunk Pipeline

~50 µs

Key Rotation

API Reference

Six endpoints. Session-based. All key material is zeroized on session destroy.

POST /api/v1/video/session/create Create session ▾

Generates a Kyber-768 keypair and a Dilithium-3 signing keypair. Returns the session ID and Kyber public key (base64).

Response

{
  "session_id": "vs_a1b2c3d4e5f6...",
  "kyber_public_key": "MIIBIjANBgkq...",
  "created_at": "1741651200"
}

Example

curl -X POST https://api.h33.ai/api/v1/video/session/create \
  -H "Authorization: Bearer $H33_API_KEY"

POST /api/v1/video/session/{id}/encapsulate Key encapsulation ▾

Client sends their Kyber public key. Server encapsulates a shared secret and derives the AES-256-GCM session key via SHA3-256("H33_PQ_VIDEO_AES_KEY:" || shared_secret).

Request

{
  "client_public_key": "base64-encoded Kyber-768 public key"
}

Response

{
  "encapsulated_key": "base64-encoded Kyber ciphertext (1,088 bytes)",
  "rotation_sequence": 0
}

POST /api/v1/video/chunk/encrypt Encrypt chunk ▾

Encrypts a video chunk with AES-256-GCM. Nonce is constructed from sequence_number and rotation_sequence. Each chunk gets a Dilithium-signed manifest entry.

Request

{
  "session_id": "vs_a1b2c3d4e5f6...",
  "chunk_data": "base64-encoded raw video chunk",
  "sequence_number": 0
}

Response

{
  "encrypted_chunk": "base64-encoded AES-256-GCM ciphertext",
  "manifest_entry": {
    "chunk_hash": "SHA3-256 hex digest",
    "sequence_number": 0,
    "rotation_sequence": 0,
    "timestamp": "1741651230",
    "dilithium_signature": "base64 (3,309 bytes)"
  }
}

POST /api/v1/video/session/{id}/rotate Rotate key ▾

Generates a new random 32-byte AES key. Old key preserved until effective_after_chunk boundary passes, then zeroized.

Response

{
  "encapsulated_key": "base64-encoded new AES key",
  "rotation_sequence": 1,
  "effective_after_chunk": 42
}

GET /api/v1/video/session/{id}/manifest Signed manifest ▾

Returns all manifest entries for the session, plus a Dilithium signature over the entire serialized manifest JSON.

Response

{
  "session_id": "vs_a1b2c3d4e5f6...",
  "entries": [
    {
      "chunk_hash": "a3f2...",
      "sequence_number": 0,
      "rotation_sequence": 0,
      "timestamp": "1741651230",
      "dilithium_signature": "..."
    }
  ],
  "manifest_signature": "base64 ML-DSA-65 over full manifest"
}

DELETE /api/v1/video/session/{id} Destroy session ▾

Removes the session from the DashMap. The VideoSession struct implements ZeroizeOnDrop, so all key material (Kyber SK, AES keys, Dilithium SK) is securely erased when dropped.

Response

204 No Content

Example

curl -X DELETE https://api.h33.ai/api/v1/video/session/vs_a1b2c3d4... \
  -H "Authorization: Bearer $H33_API_KEY"

Envelope Size Calculator

Calculate the total encrypted output size and overhead for your video stream.

Chunk size

Number of chunks

Rotation interval (chunks)

—

Total encrypted size

—

Overhead

—

Key rotations

—

Manifest size (est.)

Cost Estimator

PQ Video costs 8 units per minute of session time. Signed transcripts cost 10 units per minute.

Session minutes

60 min

Sessions / month

100

Include transcripts

$0.00

0 units × $0.06/unit

How We Compare

H33 PQ Video vs existing video encryption approaches.

Feature	H33 PQ Video	Zoom E2EE	Signal Video	Google Meet
Key Exchange	ML-KEM-768 (PQ)	ECDH P-256	X25519	TLS 1.3 (ECDH)
Post-Quantum Secure	Yes	No	No	No
Per-Chunk Encryption	Yes (AES-256-GCM)	Per-frame (AES-256-GCM)	Per-frame (AES-256-CBC)	Transport-level only
Signed Manifest	ML-DSA-65 (PQ)	No	No	No
Key Rotation	Mid-stream + forward secrecy	Session-based	Ratchet-based	Connection-level
Key Zeroization	ZeroizeOnDrop (Rust)	Platform-dependent	Best-effort	Not specified
Bring Your Own Infra	Yes — API only	Zoom only	Signal only	Google only
Audit Trail	Per-chunk Dilithium-signed	Metadata only	No	Admin console logs

Use Cases

Chunk-level post-quantum video encryption for every industry that handles sensitive recordings.

Telehealth Video Consultations

HIPAA-compliant video encryption. Each consultation chunk is individually encrypted with ML-KEM-768. Dilithium-signed manifests create verifiable audit trails. Forward secrecy ensures past sessions can't be decrypted if keys are compromised.

HIPAA ML-KEM-768 Forward Secrecy

Legal Depositions & Discovery

Court-admissible encrypted video with cryptographic chain of custody. Each chunk's Dilithium signature proves the video hasn't been tampered with. Post-quantum protection ensures evidence remains secure for decades.

Chain of Custody ML-DSA-65 Tamper-Proof

Defense & Intelligence Briefings

SCIF-grade video encryption with per-chunk key rotation. No single compromised key exposes more than one chunk (~4 seconds of video). ML-DSA-65 attestation meets DoD post-quantum requirements.

SCIF-Grade Key Rotation DoD PQ

Financial Earnings Calls

Encrypted video distribution for material non-public information (MNPI). Chunk-level access control allows selective sharing. Signed manifests prove which participants received which segments.

MNPI Selective Access Signed Manifests

H33 PQ-Video vs Enterprise Encryption

Feature-level comparison against enterprise video and file encryption platforms.

Feature	H33 PQ-Video	Virtru	Tresorit	AWS Wickr
Encryption Level	Chunk-level (per-chunk keys)	File-level	File-level	Message-level
Key Exchange	ML-KEM-768 (PQ)	RSA / ECDH	RSA	ECDH
Attestation	ML-DSA-65 (Dilithium)	None	None	None
Post-Quantum	Full (KEM + signatures)	No	No	No
Forward Secrecy	Per-chunk rotation	Session-level	No	Session-level
Manifest Signing	Dilithium-signed	No	No	No
API Model	REST API (chunk streaming)	SDK / Portal	Desktop app	SDK
Video-Specific	Yes (chunk envelope, frame timing)	No (generic file)	No (generic file)	Yes (real-time)
Audit Trail	Cryptographic (on-chain optional)	Policy-based	Logs	Logs

Frequently Asked Questions

Technical details on chunk-level encryption, post-quantum primitives, and integration.

What is chunk-level video encryption?

Each ~4-second video segment is independently encrypted with its own AES-256-GCM key, derived via ML-KEM-768. Compromising one chunk's key doesn't expose any other chunks.

What is ML-KEM-768?

The NIST-standardized post-quantum key encapsulation mechanism (formerly Kyber-768). Provides 192-bit post-quantum security for key exchange.

How does forward secrecy work per-chunk?

Each chunk derives a fresh symmetric key from the session's KEM shared secret plus a chunk counter. Even if the session key is compromised, past chunks remain encrypted.

What is a signed manifest?

A JSON document listing all chunk hashes, timestamps, and encryption metadata, signed with ML-DSA-65 (Dilithium). Proves the video is complete and unmodified.

What is the latency overhead per chunk?

~2ms per chunk for KEM key derivation + AES-256-GCM encryption + Dilithium signing. Negligible compared to video encoding time.

Can I stream encrypted video in real-time?

Yes. The chunk-based architecture supports streaming. Each chunk is encrypted and transmitted independently. The receiver decrypts chunks as they arrive.

What video formats are supported?

H33 PQ-Video is codec-agnostic. It encrypts raw byte chunks. You handle encoding/decoding (H.264, H.265, VP9, AV1) — H33 handles encryption.

How many units does video encryption cost?

8 units per minute of video (at default chunk size). See the cost estimator above for volume pricing.

Can I selectively share parts of a video?

Yes. Since each chunk is independently encrypted, you can share specific chunk keys without exposing the full video. The manifest identifies which chunks correspond to which timestamps.

How does key rotation work during a session?

The session creates a master KEM keypair at initialization. Each chunk's key is derived via HKDF(shared_secret, chunk_counter). You can trigger explicit key rotation at any point, which creates a new KEM keypair.

Start Encrypting Video

Get API Key

Free tier includes 1,000 units. No credit card required.