metamorphic-crypto 0.10.5

Zero-knowledge end-to-end encryption with post-quantum hybrid KEM (ML-KEM + X25519) and an opt-in CNSA 2.0 suite axis (matched-strength hybrid + pure ML-KEM-1024 / ML-DSA-87 / AES-256-GCM)
Documentation
[package]
name = "metamorphic-crypto"
version = "0.10.5"
edition = "2024"
rust-version = "1.85"
description = "Zero-knowledge end-to-end encryption with post-quantum hybrid KEM (ML-KEM + X25519) and an opt-in CNSA 2.0 suite axis (matched-strength hybrid + pure ML-KEM-1024 / ML-DSA-87 / AES-256-GCM)"
license = "MIT OR Apache-2.0"
repository = "https://github.com/moss-piglet/metamorphic-crypto"
homepage = "https://metamorphic.app"
keywords = ["encryption", "e2e", "post-quantum", "ml-kem", "zero-knowledge"]
categories = ["cryptography", "wasm"]
readme = "README.md"

[package.metadata.wasm-pack.profile.release]
wasm-opt = false

[lib]
crate-type = ["cdylib", "rlib"]

[dependencies]
argon2 = { version = "0.5", features = ["alloc"] }
crypto_secretbox = "0.1"
crypto_box = "0.9"
blake2 = "0.10"
ml-kem = "0.3"
ml-dsa = { version = "0.1", default-features = false, features = ["alloc", "rand_core", "zeroize"] }
ed25519-dalek = "2"
x25519-dalek = { version = "2", features = ["static_secrets"] }
# curve25519-dalek is used directly by the ECVRF (`vrf`) module for the
# Edwards25519 curve arithmetic behind RFC 9381. It is already in-tree
# (ed25519-dalek / x25519-dalek depend on it); pinning it as a direct dependency
# keeps the single curve backend explicit. `zeroize` (a default feature) lets
# the VRF wipe its secret scalar.
curve25519-dalek = "4"
# CNSA 2.0 suite (v0.7.0): pinned to the RustCrypto rc/pre generation that
# matches our existing sha3 0.11 / ml-kem 0.3 / ml-dsa 0.1 (digest 0.11) stack.
aes-gcm = "=0.11.0"
hkdf = "=0.13.0"
x448 = { version = "=0.14.0-pre.12", features = ["static_secrets"] }
p521 = { version = "=0.14.0-rc.14", default-features = false, features = ["alloc", "arithmetic", "ecdh", "ecdsa"] }
# NIST P-256, pinned to the same RustCrypto elliptic-curve 0.14 generation as
# p521. Used by the ECVRF-P256-SHA256-TAI VRF (RFC 9381) for the on-spec IETF
# KEYTRANS `KT_128_SHA256_P256` cipher suite. `hash2curve` supplies the field
# arithmetic; `arithmetic` the projective group ops.
p256 = { version = "=0.14.0-rc.14", default-features = false, features = ["alloc", "arithmetic", "ecdsa"] }
ed448-goldilocks = "=0.14.0-pre.15"
sha3 = "0.11"
sha2 = "0.11"
# HMAC-SHA256 for the on-spec IETF KEYTRANS commitment primitive (RFC 2104).
# Pinned to the RustCrypto generation matching our sha2 0.11 / digest 0.11 stack
# (hkdf 0.13 already pulls this exact hmac 0.13 transitively).
hmac = "0.13"
# RFC 6979 deterministic nonce generation for the ECVRF-P256-SHA256-TAI VRF
# (RFC 9381 Section 5.4.2.1). Same RustCrypto generation as the ecdsa stack.
rfc6979 = "0.6.0-pre.0"
base64 = "0.22"
getrandom = "0.2"
zeroize = { version = "1", features = ["derive"] }
thiserror = "2"

[target.'cfg(target_arch = "wasm32")'.dependencies]
wasm-bindgen = "0.2"
js-sys = "0.3"
getrandom = { version = "0.2", features = ["js"] }
# getrandom 0.4 (pulled by the CNSA-2.0 deps) needs its wasm32 backend opted in
# via `wasm_js`; renamed so it coexists with the 0.2 used by our older deps.
getrandom_v04 = { package = "getrandom", version = "0.4", features = ["wasm_js"] }

[dev-dependencies]
proptest = "1"

[profile.release]
opt-level = "s"
lto = true
strip = true
codegen-units = 1