Crate citadel_pqcrypto

Crate citadel_pqcrypto 

Source
Expand description

Post-quantum cryptographic library for secure communication.

This crate provides a comprehensive implementation of post-quantum cryptographic primitives and protocols, designed to be resistant to attacks from both classical and quantum computers. It supports various encryption algorithms, key exchange mechanisms, and signature schemes.

§Features

  • Post-quantum key exchange using NIST Round 3 algorithms
  • Hybrid classical/post-quantum encryption
  • Authenticated encryption with associated data (AEAD)
  • Anti-replay attack protection
  • Zero-knowledge proofs
  • Secure serialization and deserialization

§Security Considerations

  • All sensitive data is wrapped in Zeroizing to ensure secure cleanup
  • No unsafe code is allowed (enforced by forbid(unsafe_code))
  • Anti-replay attack protection is enabled by default
  • Cryptographic operations are constant-time where possible

§Examples

use citadel_pqcrypto::prelude::*;
use citadel_pqcrypto::constructor_opts::ConstructorOpts;
use citadel_types::crypto::{KemAlgorithm, SigAlgorithm};

// Define the cryptographic parameters
let opts = ConstructorOpts::default();

// Create a new Alice instance
let mut alice = PostQuantumContainer::new_alice(
    opts.clone(),
).unwrap();

// Create a new Bob instance using Alice's parameters
let params = alice.generate_alice_to_bob_transfer().unwrap();
let bob = PostQuantumContainer::new_bob(opts, params, &[b"my-psk"]).unwrap();

// Complete the key exchange
let bob_params = bob.generate_bob_to_alice_transfer().unwrap();
alice.alice_on_receive_ciphertext(bob_params, &[b"my-psk"]).unwrap();

// Now both parties can communicate securely

Re-exports§

pub use crate::replay_attack_container::AntiReplayAttackContainer;

Modules§

bytes_in_place
In-place buffer operations with window-based access control.
constructor_opts
Post-Quantum Cryptography Construction Options
encryption
For abstracting-away the use of aead Post-quantum cryptographic encryption module.
export
For handling serialization/deserialization
prelude
replay_attack_container
For protecting against replay attacks Replay Attack Prevention for Secure Communications
wire
Wire Protocol for Post-Quantum Cryptographic Parameter Transfer

Macros§

impl_basic_aead_module

Structs§

PostQuantumContainer
Contains the public keys for Alice and Bob
PostQuantumMetaKex
PostQuantumMetaSig

Enums§

PQNode
Used to denote the local node’s instance type
PostQuantumMeta

Traits§

EncryptionAlgorithmExt

Functions§

build_tag
get_approx_bytes_per_container
Returns the approximate size of each PQC. This is approximately true for the core NIST round-3 algorithms, but not necessarily true for the SIKE algos