qssl 0.2.0

Pure Rust post-quantum TLS — zero C code. ML-KEM, ML-DSA, SLH-DSA, Falcon. FIPS 203/204/205/206 compliant. 100 Lean 4 theorems.
Documentation

QSSL - Quantum-Safe Secure Layer

Crates.io Documentation License: MIT License: Apache Rust

Patent-free post-quantum TLS using SPHINCS+ KEM for key exchange. Implements NIST-standardized algorithms with traffic analysis resistance for organizations requiring post-quantum security without patent encumbrances.

Security Status

Component Status Details
SPHINCS+ KEM Implemented Patent-free key exchange (default)
Falcon Signatures Implemented FIPS 204 compliant
ML-KEM (Kyber) Implemented Optional, patent considerations
Traffic Analysis Resistance Implemented Fixed-size frames
Test Coverage 40 tests All passing
Formal Verification 100 Lean 4 theorems Zero sorries, Mathlib v4.27.0

Recommendation: Suitable for research, testing, and PQC migration planning. Security audit recommended before deployment with sensitive data.

Why Patent-Free Matters

The Patent Landscape:

  • ML-KEM (Kyber) has patent claims that create licensing uncertainty for enterprise deployment
  • SPHINCS+ is hash-based with no known patent encumbrances
  • Organizations with legal/compliance requirements need patent-free alternatives

QSSL's Approach:

  • Default: SPHINCS+ KEM for key exchange (patent-free)
  • Optional: ML-KEM/Kyber for compatibility when patents are acceptable
  • Clear labeling: Cipher suites indicate patent status

Cipher Suites

Suite KEM Signature Cipher Security Patent-Free
0x0010 SPHINCS+ Falcon-512 AES-128-GCM 128-bit Yes
0x0011 SPHINCS+ Falcon-512 AES-256-GCM 192-bit Yes
0x0012 SPHINCS+ Falcon-1024 AES-256-GCM 256-bit Yes
0x0013 SPHINCS+ SPHINCS+-256f AES-256-GCM 192-bit Yes
0x0014 SPHINCS+ Falcon-512 ChaCha20-Poly1305 192-bit Yes
0x0001 ML-KEM-512 Falcon-512 AES-128-GCM 128-bit No
0x0002 ML-KEM-768 Falcon-512 AES-256-GCM 192-bit No
0x0003 ML-KEM-1024 Falcon-1024 AES-256-GCM 256-bit No

Key Features

  • Patent-Free Default: SPHINCS+ KEM avoids licensing concerns
  • Traffic Analysis Resistance: Fixed-size frames prevent metadata leakage
  • NIST Algorithms: Falcon (FIPS 204), SPHINCS+ (FIPS 205), ML-KEM (FIPS 203)
  • Memory Safety: Rust with automatic zeroization
  • Async/Await: Built on Tokio for high performance
  • Algorithm Agility: Easy to swap PQC algorithms

Quick Start

# Install from crates.io
cargo add qssl

# Or build from source
git clone https://github.com/Paraxiom/qssl
cd qssl
cargo build --release

Basic Usage

use qssl::{QsslConnection, QsslConfig, CipherSuite};

// Client with patent-free cipher suite
let config = QsslConfig::builder()
    .cipher_suite(CipherSuite::SPHINCS_FALCON512_AES256)
    .build();

let conn = QsslConnection::connect("server:4433", config).await?;
conn.send(b"Hello Quantum World").await?;
let response = conn.recv().await?;

// Server
let listener = QsslListener::bind("0.0.0.0:4433", server_config).await?;
let conn = listener.accept().await?;

Architecture

┌─────────────────────────────────────────────────────────────────┐
│                      Application Layer                          │
├─────────────────────────────────────────────────────────────────┤
│                      QSSL Connection                            │
│           (Handshake, State Machine, Session)                   │
├─────────────────────────────────────────────────────────────────┤
│                      QSSL Transport                             │
│      (Fixed-Size Records, Encryption, Sequencing)               │
├─────────────────────────────────────────────────────────────────┤
│                 Post-Quantum Cryptography                       │
│    SPHINCS+ KEM (default) │ ML-KEM │ Falcon │ SPHINCS+ Sig     │
├─────────────────────────────────────────────────────────────────┤
│                    Symmetric Crypto                             │
│              AES-256-GCM │ ChaCha20-Poly1305                    │
├─────────────────────────────────────────────────────────────────┤
│                      Network (TCP)                              │
└─────────────────────────────────────────────────────────────────┘

Feature Status

Implemented

  • SPHINCS+ KEM key exchange (patent-free default)
  • ML-KEM/Kyber key exchange (optional)
  • Falcon-512/1024 signatures
  • SPHINCS+ signatures
  • AES-GCM and ChaCha20-Poly1305 encryption
  • Fixed-size frame transport (traffic analysis resistance)
  • Post-quantum X.509-style certificates
  • Session management
  • HKDF key derivation

In Development

  • Certificate chain validation
  • Full session resumption
  • 0-RTT support
  • OCSP stapling

Performance

Benchmarks on Apple M1:

Operation Time
SPHINCS+ KEM encapsulation ~3ms
SPHINCS+ KEM decapsulation ~3ms
Falcon-512 signing ~200μs
Falcon-512 verification ~80μs
ML-KEM-768 encapsulation ~60μs
ML-KEM-768 decapsulation ~70μs
Full handshake (SPHINCS+) ~8ms
Full handshake (ML-KEM) ~2ms

SPHINCS+ is slower but patent-free. Choose based on your requirements.

Integration

With QSSH

QSSL can serve as the transport layer for QSSH:

use qssl::integrations::qssh::QsshTransport;

let transport = QsshTransport::connect("server:22", config).await?;

With Web Servers

server {
    listen 443 qssl;
    qssl_certificate cert.pem;
    qssl_certificate_key key.pem;
    qssl_ciphers SPHINCS_FALCON512_AES256;  # Patent-free
}

Security Considerations

Property Implementation
Post-Quantum Security NIST FIPS 203, 204, 205 algorithms
Forward Secrecy Ephemeral keys per session
Memory Safety Rust + zeroize on drop
Replay Protection Sequence numbers
Traffic Analysis Fixed-size frames

Comparison with Existing Solutions

Feature QSSL rustls + PQ OpenSSL + PQ
Patent-free default Yes No No
Traffic analysis resistance Yes No No
Pure Rust Yes Yes No
NIST algorithms Yes Yes Yes
Production-ready No Partial Yes

Formal Verification

qssl includes Lean 4 machine-checked proofs (Tier 3 of our Kani → Verus → Lean pipeline):

File Theorems Proves
MLKem.lean 17 q=3329 prime, NTT compatibility, Z₃₃₂₉ field instance
Falcon.lean 12 q=12289 prime, detached sig=658, size bounds
SphincsHaraka.lean 11 Haraka-128f sig=16976, TLS fragmentation (2 records)
KDF.lean 16 Master secret=48B, QN-HKDF=96B, AES-256 key sizes
QuantumFrame.lean 12 768-byte frame partition, uniform sizing, payload algebra
TLSRecord.lean 12 5-byte header, record types, max sizes, TCP fitting
CipherSuite.lean 11 12 suites, patent-free classification, code injectivity
HybridKEM.lean 9 Hybrid ciphertext=17937B, handshake fitting
Total 100 Zero sorries, Mathlib v4.27.0 
cd lean && lake build   # 0 errors, 0 warnings

Roadmap

  • Formal verification (Lean 4 — 100 theorems)
  • Certificate chain validation
  • 0-RTT session resumption
  • WASM support
  • C FFI bindings
  • Python bindings

Documentation

License

Dual-licensed under MIT and Apache-2.0.

Acknowledgments

  • NIST Post-Quantum Cryptography standardization
  • pqcrypto crate family
  • Part of the Paraxiom quantum-safe protocol suite

QSSL - Patent-free post-quantum TLS for the quantum era.