quantum-sign 0.1.7

Quantum-Sign: post-quantum signatures, format, policy, and CLI in one crate
Documentation

Quantum-Sign 🔐

The Digital Notary Stamp That Even Quantum Computers Can't Forge

Crates.io Documentation License MSRV Security Audit

Simple Answer: Quantum-Sign is a command-line tool that digitally signs software using quantum-resistant cryptography to prove the software is authentic and hasn't been tampered with.

Technical Details: A production-ready, pure-Rust implementation of post-quantum code signing with NIST-approved algorithms. Quantum-Sign provides quantum-resistant digital signatures using ML-DSA-87 (Module-Lattice Digital Signature Algorithm) with support for multi-party quorum signing, offline verification, and comprehensive policy enforcement.

🌟 Key Features

  • 🛡️ Quantum-Resistant: Built on FIPS 204 ML-DSA-87, secure against both classical and quantum computers
  • 🔒 Pure Rust: Zero unsafe code, memory-safe implementation with #![forbid(unsafe_code)]
  • 📦 Supply Chain Security: Strictly crates.io-only dependencies, no FFI or C libraries
  • ✅ Standards Compliant: Full compliance with NIST FIPS 204/205, SP 800-90A/B/C, SP 800-53
  • 👥 Quorum Signing: M-of-N threshold signatures for critical operations
  • 🔍 Offline Verification: Complete verification without network access
  • 📋 Policy Engine: Comprehensive policy enforcement with FIPS-only defaults
  • 🔐 Defense in Depth: Multiple security layers including domain separation, canonical encoding, and zeroization

📚 Table of Contents

🚀 Installation

As a CLI Tool

cargo install quantum-sign

Prebuilt Binaries (no Rust toolchain)

Use a prebuilt binary distributed via your own channel (e.g., internal artifact storage or local build output). Verify its SHA‑256, then place it in your PATH. On macOS, locally built binaries are not quarantined; if a copied binary was quarantined, remove quarantine only if you trust the source.

As a Library

Add to your Cargo.toml:

[dependencies]
quantum-sign = "0.1.6"

Build from Source

# Clone from crates.io source
cargo install quantum-sign --git
# Or download source archive from crates.io
cargo build --release

Offline/Hermetic Builds (Vendored)

Use the provided vendoring script to bundle all dependencies locally and build without network access:

./scripts/vendor.sh
CARGO_HOME="$PWD/.cargo-vendored" cargo build --locked

See docs/VENDORED.md for details.

⚡ Quick Start

Generate a Signing Key Pair

quantum-sign keygen \
  --profile mldsa-87 \
  --secret key.sk \
  --public key.pub

Prepare a Signing Intent (single‑ or multi‑signer)

quantum-sign sign \
  --inp document.pdf \
  --sig document.qsig \
  --policy policy.json

This prepares `document.qsi` (intent) and `document.qsig.part` (journal). For single‑signer flows, prefer `quorum package` to produce the final `.qsig` in one shot. For multi‑signer flows, collect fragments with `quorum cosign` and finalize with `quorum seal`.

Verify a Signature

quantum-sign verify \
  --inp document.pdf \
  --sig document.qsig \
  --trustdb ./trust

🏗️ Architecture

Single crate: quantum-sign (library + CLI). Internally it exposes modules for crypto, drbg, format, policy, verify, transparency, and tsp.

Cryptographic Flow

    File → SHA-512/256 Digest → Policy Binding → ML-DSA-87 Sign → CBOR Encode → .qsig File

📖 Usage Guide

Basic Signing

Create a policy file policy.json:

{
  "default_alg": "mldsa-87",
  "allow_algs": ["mldsa-87"],
  "require_fips_only": true,
  "require_level5": true,
  "digest_alg": "sha512",
  "offline_ok": true
}

Sign with policy enforcement:

# Generate keys
quantum-sign keygen --secret alice.sk --public alice.pub

# Import public key to trust store
quantum-sign trust import --public alice.pub --trustdb ./trust

# Sign artifact
quantum-sign sign \
  --inp artifact.bin \
  --sig artifact.qsig \
  --policy policy.json

Quorum Signing (M-of-N)

For critical operations requiring multiple approvals:

{
  "default_alg": "mldsa-87",
  "allow_algs": ["mldsa-87"],
  "required_signatures": {"m": 2, "n": 3},
  "digest_alg": "sha512"
}

# Initialize quorum signing
quantum-sign quorum init \
  --artifact critical.bin \
  --policy quorum-policy.json \
  --allowed-kid $KID1 --allowed-kid $KID2 --allowed-kid $KID3

# Each signer creates a fragment
quantum-sign quorum cosign \
  --intent critical.qsi \
  --secret alice.sk --public alice.pub \
  --fragment alice.csf \
  --append critical.qsig.part

quantum-sign quorum cosign \
  --intent critical.qsi \
  --secret bob.sk --public bob.pub \
  --fragment bob.csf \
  --append critical.qsig.part

# Seal into final signature (requires 2 valid signatures)
quantum-sign quorum seal \
  --part critical.qsig.part \
  --out critical.qsig \
  --trust-dir ./trust

Verification

Standard verification:

quantum-sign verify \
  --inp document.pdf \
  --sig document.qsig \
  --trustdb ./trust

JSON output for automation:

quantum-sign verify \
  --inp document.pdf \
  --sig document.qsig \
  --trustdb ./trust \
  --json

Output format:

{
  "status": "ok",
  "alg": "mldsa-87",
  "digest_alg": "sha512",
  "domain": "quantum-sign-v1",
  "canonical": true,
  "m": 2,
  "n": 3,
  "kids_verified": 2,
  "verified_kids": ["abc123...", "def456..."],
  "policy_hash_hex": "...",
  "file_digest_hex": "..."
}

Verification JSON Output

For a complete field breakdown and an example report, see README_VERIFICATION.md.

Trust Management

Import and list trusted public keys:

# Import a public key (PEM or DER format)
quantum-sign trust import --public alice.pub --trustdb ./trust
# Output: imported abc123def456... -> ./trust/abc123def456.spki

# List all trusted keys
quantum-sign trust list --trustdb ./trust

## 🎁 One‑Shot Packaging

Produce a minimal, production‑ready release in a single command. The output contains exactly:

- `<artifact>` (your original file)
- `<artifact>.qsig` (final signature)
- `policy.json` (canonical JSON)
- `trust/<KID>.spki` (SPKI DER of the verifying key)

Nothing else is emitted in the release: no secret keys, `.qsi`, `.qsig.part`, `.csf`, or platform cruft.

```bash
quantum-sign quorum package \
  --artifact ./AnubisQuantumCipher.png \
  --policy ./policy.json \
  --digest sha512 \
  --secret ./keys/sicarii.sk \   # optional; if omitted, an in-memory keypair is used
  --public ./keys/sicarii.vk \   # optional; required if you pass --secret
  --out-dir ./release \          # defaults to ./release
  --zip true                      # creates a zip next to out_dir if 'zip' is available

Verify for recipients (one command):

quantum-sign verify --json \
  --inp ./release/AnubisQuantumCipher.png \
  --sig ./release/AnubisQuantumCipher.qsig \
  --trustdb ./release/trust

Expected JSON fields:

  • status: "ok", alg: "mldsa-87", digest_alg: "sha512"
  • kids_verified: 1, m=1, n=1
  • canonical: true
  • policy_hash_hex matches your policy.json
  • file_digest_hex matches your artifact

Tip: Embed human owner info in policy.json (e.g., comments: "Owner: <name>"); the policy’s canonical hash is cryptographically bound into the signature claims.

Output:

abc123def456 ./trust/abc123def456.spki

789abcdef012 ./trust/789abcdef012.spki


## 🧭 CLI Reference (All Commands)

- `keygen`
  - Generate an ML‑DSA‑87 keypair.
  - Example: `quantum-sign keygen --profile mldsa-87 --secret key.sk --public key.vk`

- `sign`
  - Prepare signing intent `.qsi` and journal `.qsig.part` using a policy; enforces digest rules.
  - Example: `quantum-sign sign --inp file.bin --sig file.qsig --policy policy.json --digest sha512`

- `verify`
  - Offline verify a `.qsig` against a trust directory; enforces canonical CBOR and policy binding.
  - Example: `quantum-sign verify --inp file.bin --sig file.qsig --trustdb ./trust [--json]`

- `trust import|list`
  - Import a public key (PEM/DER) as canonical SPKI under `trust/<KID>.spki`; list trust entries.
  - Examples:
    - `quantum-sign trust import --public alice.pub --trustdb ./trust`
    - `quantum-sign trust list --trustdb ./trust`

- `quorum init`
  - Create `.qsi` and `.qsig.part` for M‑of‑N or explicit required signers per policy.
  - Example: `quantum-sign quorum init --artifact file.bin --policy policy.json --digest sha512 --allowed-kid $K1 --allowed-kid $K2`

- `quorum cosign`
  - Produce a cosign fragment `.csf` (from secret/public) for an intent; optionally append to the journal.
  - Example: `quantum-sign quorum cosign --intent file.qsi --secret alice.sk --public alice.vk --fragment alice.csf --append file.qsig.part`

- `quorum add`
  - Append a `.csf` fragment to the journal (`.qsig.part`) with atomic merge.
  - Example: `quantum-sign quorum add --part file.qsig.part --fragment alice.csf`

- `quorum seal`
  - Verify collected fragments against `--trust-dir` and emit final `.qsig`.
  - Example: `quantum-sign quorum seal --part file.qsig.part --out file.qsig --trust-dir ./trust`

- `quorum package`
  - One‑shot: produce `<artifact>`, `<artifact>.qsig`, `policy.json`, and `trust/<KID>.spki` (optional zip).
  - Example: `quantum-sign quorum package --artifact ./image.png --policy ./policy.json --digest sha512 --out-dir ./release --zip true`

- `timestamp add|verify`
  - Add an RFC 3161 timestamp to `.qsig` (online) and verify tokens offline against TSA anchors.
  - Examples:
    - `quantum-sign timestamp add --sig file.qsig --tsa https://tsa.example --policy-oid 1.2.3.4`
    - `quantum-sign timestamp verify --sig file.qsig --tsa-trust ./tsa-roots --json`

- `log append|verify|check`
  - Append `.qsig` to a transparency log (online), verify stapled inclusion offline, or check STH consistency.
  - Examples:
    - `quantum-sign log append --sig file.qsig --log https://log.example --log-trust ./log.spki`
    - `quantum-sign log verify --sig file.qsig --log-trust ./log.spki --json`
    - `quantum-sign log check --from old.sth.cbor --to new.sth.cbor --proof proof.cbor --log-trust ./log.spki --json`

- `man`
  - Print CLI reference.

## 🔒 Security

### Threat Model

Quantum-Sign defends against:
- **Quantum computer attacks** on signatures
- **Supply chain attacks** via dependency control
- **Downgrade attacks** via policy enforcement
- **Key compromise** via quorum signing
- **Tampering** via canonical encoding
- **Memory disclosure** via zeroization

### Security Features

1. **Cryptographic Security**
   - ML-DSA-87 (NIST Level 5 security)
   - HMAC-DRBG with continuous health tests
   - Constant-time operations
   - Automatic key material zeroization

2. **Implementation Security**
   - Pure Rust, zero unsafe code
   - Memory-safe by construction
   - No FFI or external dependencies
   - Strict input validation

3. **Operational Security**
   - Offline-first verification
   - Policy-bound signatures
   - Audit logging support
   - Reproducible builds

### Compliance

- **FIPS 204**: ML-DSA specification
- **FIPS 205**: SLH-DSA specification
- **SP 800-90A/B/C**: DRBG requirements
- **SP 800-53 Rev.5**: Security controls
- **SP 800-131A**: Algorithm transitions

## 📚 Documentation

### Core Documentation
- Security Requirements - Comprehensive security analysis
- QSig Format Specification - Detached signature format
- [API Documentation](https://docs.rs/quantum-sign) - Rust API reference

### Examples

Example usage patterns:

**Basic Signing**
```rust
use qs_crypto::{keypair_mldsa87, sign_mldsa87, HmacSha512Drbg};
use qs_policy::Policy;

let mut drbg = HmacSha512Drbg::from_os(Some(b"app-context"))?;
let keypair = keypair_mldsa87(&mut drbg)?;
// Sign with policy binding...

Custom Policy

use qs_policy::{Policy, RequiredSignatures};

let policy = Policy {
    default_alg: "mldsa-87".into(),
    allow_algs: vec!["mldsa-87".into()],
    required_signatures: Some(RequiredSignatures { m: 2, n: 3 }),
    require_fips_only: true,
    require_level5: true,
    digest_alg: "sha512".into(),
    ..Default::default()
};

Performance

On Apple M1/M2:

  • Key generation: ~2ms
  • Signing (SHA-512): ~3ms
  • Verification: ~2ms
  • Quorum seal (3 signatures): ~7ms

🤝 Development

# Run tests
cargo test --workspace --all-features

# Format code
cargo fmt --all

# Lint
cargo clippy --all-targets --all-features -- -D warnings

# Security audit
cargo audit
cargo deny check

# Build documentation
cargo doc --no-deps --open

📜 License

Licensed under either of:

  • Apache License, Version 2.0 (LICENSE-APACHE)
  • MIT License (LICENSE-MIT)

at your option.

🙏 Acknowledgments

  • NIST PQC team for ML-DSA specification
  • Rust Crypto community for foundational libraries
  • Security researchers and contributors

⚠️ Security Warning

This is cryptographic software. While we've taken extensive precautions:

  • Always use the latest version
  • Review security advisories on crates.io
  • Test thoroughly in your environment
  • Consider professional security audit for critical uses

📞 Contact

For security issues, please email sic.tau@pm.me with subject line "[SECURITY] Quantum-Sign".

Building quantum-resistant security for the classical world 🔐

🛡️ Guardrails (Must‑Follow)

  • Verify before trusting:
    • Always run quantum-sign verify against a local trust directory before you trust a .qsig.
    • Verification is offline, enforces canonical CBOR re‑encode, domain separation, digest recompute, and m‑of‑n checks.
  • Keep trust entries canonical:
    • Use SPKI DER files under trust/<KID>.spki (or .vk which is converted). The filename stem must match the SPKI‑derived KID. Mismatches are skipped with a warning.
  • Don’t hand‑edit .qsig files:
    • .qsig is canonical CBOR; manual edits will fail verification.
  • Secrets never in releases:
    • quorum package emits exactly <artifact>, <artifact>.qsig, policy.json, and trust/<KID>.spki. No secret keys or partial journals are included.
  • Multi‑signer policies:
    • For quorum policies, pass --allowed-kid entries to constrain which signers can satisfy the quorum, or use explicit required_signatures with RequiredKids in the policy.
  • Offline first:
    • Use ./scripts/vendor.sh then CARGO_HOME="$PWD/.cargo-vendored" cargo build --locked to build/test offline.
    • Online subcommands (timestamp add, log append) contact external services; verification paths (timestamp verify, log verify/check) are offline.