pqc_bridge
| Crates.io | pqc_bridge |
| lib.rs | pqc_bridge |
| version | 0.1.2 |
| created_at | 2025-11-05 20:20:24.787745+00 |
| updated_at | 2025-11-06 18:56:50.164191+00 |
| description | A lightweight Rust library for post-quantum cryptography providing secure key management, encryption, and digital signatures using NIST-standardized algorithms |
| homepage | |
| repository | https://github.com/olekssy/pqc_bridge |
| max_upload_size | |
| id | 1918543 |
| size | 53,349 |
Olekssy (olekssy)
documentation
README
pqc_bridge
A lightweight Rust library for post-quantum cryptography providing secure key management, encryption, and digital signatures using NIST-standardized algorithms.
Key Features:
- 🔐 Simple API for quantum-resistant cryptography
- ⚡ Hybrid encryption (ML-KEM/Kyber + AES-256-GCM) + digital signatures (ML-DSA/Dilithium)
- 🔒 Automatic memory zeroization for secret keys
- 💾 JSON serialization and CLI for file-based operations
- 🎯 NIST FIPS 203 (ML-KEM-768) and FIPS 204 (ML-DSA-65) compliant
Quick Start
Installation
Install as a dependency in your Cargo.toml:
[dependencies]
pqc_bridge = "0.1.1"
Or via Cargo CLI:
cargo add pqc_bridge
Install the CLI tool:
cargo install pqc_bridge
Library Usage
use pqc_bridge::{KeyPair, encrypt, decrypt, sign, verify};
let message = "Secret message";
let keypair = KeyPair::generate();
// Encryption
let encrypted = encrypt(message, &keypair.to_public_key());
let decrypted = decrypt(encrypted, &keypair);
assert_eq!(message, decrypted);
// Signing
let signature = sign(message, &keypair);
let is_signature_valid = verify(message, &signature, &keypair.to_public_key());
assert!(is_signature_valid);
CLI Usage
# Generate keypair
pqc keygen -o alice # Creates alice.sec and alice.pub
# Encrypt message
pqc encrypt -m "Hello!" -k alice.pub -o encrypted.pqc
# Alternative way to encrypt a file
pqc encrypt -m @message.txt -k alice.pub -o encrypted.pqc
# Decrypt message
pqc decrypt -i encrypted.pqc -k alice.sec
How It Works
Hybrid Encryption:
- Kyber encapsulates a random AES-256 key using recipient's public key
- AES-256-GCM encrypts the message with the encapsulated key (fast + quantum-resistant)
Digital Signatures:
- SHA3-256 hashes the message, Dilithium signs the hash
- Verification checks signature against message hash with sender's public key
Security Features:
- Automatic zeroization of secret keys in memory
- JSON serialization with Base64 encoding
- File-based operations via CLI
References
- NIST Post-Quantum Cryptography Standardization
- NIST FIPS 203 - ML-KEM
- NIST FIPS 204 - ML-DSA
- CRYSTALS-Kyber Specification
- CRYSTALS-Dilithium Specification
- AES-256-GCM Specification
License
MIT License - See LICENSE for details.
Note: Educational project. Consult cryptography experts for production use.