Patient-physician messaging over platforms like Telegram and WhatsApp transmits PHI in plaintext. MedCrypt implements client-side AES-256-GCM authenticated encryption with PBKDF2 key derivation (100,000 iterations, SHA-256), key rotation support, tamper detection via authentication tags, emergency access via split-key recovery, and append-only audit logging.
We implement client-side encryption for clinical messaging using AES-256-GCM authenticated encryption with PBKDF2 key derivation (100,000 iterations, SHA-256). Messages are encrypted in the browser before transmission; the server stores only ciphertext and cannot read message content.
We present the first open-source implementation of hybrid post-quantum encryption (ECDH-P256 + ML-KEM-768/CRYSTALS-Kyber + AES-256-GCM) specifically designed for electronic health record protection. Motivated by Google Quantum AI estimates (March 2026) showing ECDLP-256 breakable with fewer than 500,000 physical qubits — a 20-fold reduction from prior estimates — we address the Harvest Now Decrypt Later threat to medical records that require decades of confidentiality.