RustPQ

A pure Rust post-quantum cryptography suite by Sanct.

Algorithms

Features

• Pure Rust - No unsafe code, memory-safe by design
• no_std Compatible - Works on embedded devices and bare-metal
• Constant-time - Resistant to timing attacks via the subtle crate
• Lightweight - Minimal dependencies

Installation

[dependencies]
rustpq = "0.1"

Usage

ML-KEM Key Encapsulation

use rustpq::ml_kem::mlkem768::{generate, encapsulate, decapsulate};
use rand::rngs::OsRng;

// Generate a keypair
let (public_key, secret_key) = generate(&mut OsRng);

// Encapsulate: creates shared secret + ciphertext
let (ciphertext, shared_secret_sender) = encapsulate(&public_key, &mut OsRng);

// Decapsulate: recovers shared secret from ciphertext
let shared_secret_receiver = decapsulate(&secret_key, &ciphertext);

assert_eq!(shared_secret_sender.as_bytes(), shared_secret_receiver.as_bytes());

Examples

Run the included examples:

# Basic key encapsulation
cargo run --example basic --features mlkem768

# ML-KEM + AES-256-GCM encryption
cargo run --example aes_encrypt --features mlkem1024

Development

# Run all tests
cargo test --all-features

# Run benchmarks
cargo bench --features "mlkem512 mlkem768 mlkem1024"

# Check for issues
cargo clippy --all-features

Feature Flags

Security

This implementation prioritizes correctness and security:

• Constant-time operations to prevent timing side-channels
• Zeroization of sensitive data on drop
• No unsafe code

⚠️ Note: This library has not yet been audited. Use at your own risk in production systems.

License

Licensed under either of:

• Apache License, Version 2.0 (LICENSE-APACHE)
• MIT license (LICENSE-MIT)

at your option.