<p align="center">
<h1 align="center">QaSa</h1>
<p align="center">
<strong>Quantum-Safe Cryptography for Rust</strong>
</p>
<p align="center">
<a href="https://crates.io/crates/qasa"><img src="https://img.shields.io/crates/v/qasa.svg" alt="Crates.io"></a>
<a href="https://docs.rs/qasa"><img src="https://docs.rs/qasa/badge.svg" alt="Documentation"></a>
<a href="https://github.com/Djwarf/Qasa/blob/main/LICENSE"><img src="https://img.shields.io/badge/license-MIT-blue.svg" alt="License"></a>
</p>
</p>
---
**QaSa** (Quantum-Safe) is a production-ready, post-quantum cryptography library for Rust. Built on NIST-standardized algorithms, it provides protection against both classical and quantum computer attacks.
## Why QaSa?
- **Future-Proof Security** - NIST-selected post-quantum algorithms (Kyber, Dilithium, SPHINCS+)
- **Zero-Copy Design** - Efficient memory handling with minimal allocations
- **Ergonomic API** - Simple, intuitive interfaces for complex cryptographic operations
- **Memory Safety** - Automatic zeroization of sensitive data with `SecureBytes`
- **Battle-Tested** - Built on the proven [liboqs](https://github.com/open-quantum-safe/liboqs) library
## Installation
```toml
[dependencies]
qasa = "0.0.6"
```
## Quick Start
### Key Encapsulation (Kyber)
```rust
use qasa::prelude::*;
fn main() -> Result<(), CryptoError> {
// Generate a quantum-safe key pair
let keypair = KyberKeyPair::generate(KyberVariant::Kyber768)?;
let public_key = keypair.public_key();
// Sender: Encapsulate a shared secret
let (ciphertext, shared_secret_sender) = public_key.encapsulate()?;
// Receiver: Decapsulate to get the same shared secret
let shared_secret_receiver = keypair.decapsulate(&ciphertext)?;
assert_eq!(shared_secret_sender, shared_secret_receiver);
Ok(())
}
```
### Digital Signatures (Dilithium)
```rust
use qasa::prelude::*;
fn main() -> Result<(), CryptoError> {
// Generate a signing key pair
let keypair = DilithiumKeyPair::generate(DilithiumVariant::Dilithium3)?;
// Sign a message
let message = b"Hello, quantum-safe world!";
let signature = keypair.sign(message)?;
// Verify the signature
let is_valid = keypair.verify(message, &signature)?;
assert!(is_valid);
Ok(())
}
```
### End-to-End Encrypted Messaging
```rust
use qasa::prelude::*;
fn main() -> Result<(), CryptoError> {
// Alice generates her keys
let alice_enc = KyberKeyPair::generate(KyberVariant::Kyber768)?;
let alice_sig = DilithiumKeyPair::generate(DilithiumVariant::Dilithium3)?;
// Bob generates his keys
let bob_enc = KyberKeyPair::generate(KyberVariant::Kyber768)?;
// Alice sends a secure message to Bob
let message = b"Secret quantum-safe message";
let secure_msg = create_secure_message(
message,
&bob_enc.public_key(),
&alice_sig
)?;
// Bob receives and decrypts
let decrypted = open_secure_message(
&secure_msg,
&bob_enc,
&alice_sig.public_key()
)?;
assert_eq!(message.to_vec(), decrypted);
Ok(())
}
```
## Security Levels
QaSa supports multiple security levels aligned with NIST standards:
| **Kyber** | Kyber512 | Kyber768 | Kyber1024 |
| **Dilithium** | Dilithium2 | Dilithium3 | Dilithium5 |
| **SPHINCS+** | Sphincs128f/s | Sphincs192f/s | Sphincs256f/s |
## Core Features
### Cryptographic Primitives
- **CRYSTALS-Kyber** - Lattice-based key encapsulation mechanism (KEM)
- **CRYSTALS-Dilithium** - Lattice-based digital signatures
- **SPHINCS+** - Hash-based stateless signatures
- **BIKE** - Code-based KEM for algorithm diversity
- **AES-GCM** - Authenticated symmetric encryption
- **ChaCha20-Poly1305** - Alternative authenticated encryption
### Security Features
- **Secure Memory** - `SecureBytes` with automatic zeroization
- **Constant-Time Operations** - Side-channel resistant implementations
- **Memory Locking** - Optional `mlock()` for sensitive data
- **Canary Buffers** - Overflow detection for critical buffers
### Optional Features
```toml
[dependencies]
qasa = { version = "0.0.7", features = ["simd", "lean"] }
```
| `simd` | SIMD optimizations (default) |
| `lean` | Optimized for constrained environments |
| `python` | Python bindings via PyO3 |
| `wasm` | WebAssembly support |
| `hardware-acceleration` | Hardware crypto acceleration |
## Secure Memory Handling
QaSa provides secure containers that automatically zero memory when dropped:
```rust
use qasa::prelude::*;
// SecureBytes automatically zeros on drop
let secret = SecureBytes::from(vec![0x42; 32]);
// Scoped secure operations
// Key is automatically zeroized when scope exits
Ok(())
})?;
// Locked memory (won't be swapped to disk)
let locked = LockedBuffer::new(32)?;
```
## Hybrid Encryption
Combine classical and post-quantum algorithms for defense in depth:
```rust
use qasa::prelude::*;
// Hybrid KEM: X25519 + Kyber768
let hybrid_keypair = HybridKemKeyPair::generate(HybridKemVariant::X25519Kyber768)?;
// Even if one algorithm is broken, your data remains secure
let (ciphertext, shared_secret) = hybrid_keypair.public_key().encapsulate()?;
```
## Performance
Benchmarked on AMD Ryzen 9 5900X:
| Key Generation | 0.31 ms | 2.09 ms |
| Encapsulate/Sign | 0.36 ms | 4.98 ms |
| Decapsulate/Verify | 0.39 ms | 1.52 ms |
Run benchmarks yourself:
```bash
cargo bench
```
## Examples
Explore the `examples/` directory:
```bash
cargo run --example secure_communication
cargo run --example quantum_signatures
cargo run --example hybrid_encryption
cargo run --example secure_memory
```
## Documentation
- [API Documentation](https://docs.rs/qasa)
- [Getting Started Guide](docs/guides/getting_started.md)
- [Security Guide](docs/api/security_guide.md)
- [Threat Model](docs/api/threat_model.md)
## Security Considerations
QaSa implements NIST-standardized post-quantum algorithms. However:
1. **Post-quantum cryptography is evolving** - Stay updated with NIST announcements
2. **Side-channel attacks** - While we implement constant-time operations, hardware vulnerabilities may exist
3. **Key management** - Use the provided secure storage; never store raw keys
Report security vulnerabilities to: djwarfqasa@proton.me
## Contributing
We welcome contributions! Please read [CONTRIBUTING.md](CONTRIBUTING.md) for guidelines.
```bash
# Run tests
cargo test
# Run benchmarks
cargo bench
# Check formatting
cargo fmt --check
# Run clippy
cargo clippy
```
## License
MIT License - see [LICENSE](LICENSE) for details.
## Acknowledgments
- [Open Quantum Safe](https://openquantumsafe.org/) project
- [NIST Post-Quantum Cryptography](https://csrc.nist.gov/projects/post-quantum-cryptography) standardization
- The Rust cryptography community
---
<p align="center">
<sub>Built with Rust for a quantum-safe future</sub>
</p>