UVB-MRVB: Post-Quantum Cryptography for Multi-Rail Verification Bus

A Rust library providing post-quantum cryptographic signatures using Dilithium3, with support for hybrid classical+PQC mode combining Ed25519 and Dilithium3.

Features

Classical Ed25519: Fast, widely-supported elliptic curve signatures
Post-Quantum Dilithium3: Quantum-resistant lattice-based signatures (NIST PQC standard)
Hybrid Mode: Combined Ed25519 + Dilithium3 signatures for maximum security

Feature Flags

std (default): Standard library support
pqc: Enable post-quantum cryptography (Dilithium3)
hybrid: Enable hybrid classical + PQC mode (requires pqc)
all: Enable all features

Installation

Add to your Cargo.toml:

[dependencies]
uvb-mrvb = { version = "0.1", features = ["all"] }

Or for specific features:

# PQC only
uvb-mrvb = { version = "0.1", features = ["pqc"] }

# Hybrid mode
uvb-mrvb = { version = "0.1", features = ["hybrid"] }

Quick Start

Classical Ed25519 Signing

use uvb_mrvb::{MrvbSigner, MrvbVerifier, MrvbMode};

// Generate a signer
let signer = MrvbSigner::generate(MrvbMode::Classical)?;

// Sign a message
let message = b"Hello, world!";
let signature = signer.sign(message)?;

// Export public key
let public_key = signer.export_public_key()?;

// Create verifier from public key
let verifier = MrvbVerifier::from_public_key_json(&public_key)?;

// Verify signature
assert!(verifier.verify(message, &signature)?);

Post-Quantum Dilithium3 Signing

use uvb_mrvb::{MrvbSigner, MrvbVerifier, MrvbMode};

// Generate a PQC signer
let signer = MrvbSigner::generate(MrvbMode::PqcOnly)?;

// Sign with quantum-resistant algorithm
let message = b"Quantum-resistant message";
let signature = signer.sign(message)?;

// Export and verify
let public_key = signer.export_public_key()?;
let verifier = MrvbVerifier::from_public_key_json(&public_key)?;
assert!(verifier.verify(message, &signature)?);

Hybrid Ed25519 + Dilithium3

The hybrid mode provides the best of both worlds: immediate security from Ed25519 and future quantum resistance from Dilithium3.

use uvb_mrvb::{MrvbSigner, MrvbVerifier, MrvbMode};

// Generate hybrid signer
let signer = MrvbSigner::generate(MrvbMode::Hybrid)?;

// Sign creates BOTH Ed25519 AND Dilithium3 signatures
let message = b"Best of both worlds";
let signature = signer.sign(message)?;

// Signature JSON contains both classical_sig and pqc_sig
println!("Hybrid signature: {}", signature);

// Export public keys (includes both Ed25519 and Dilithium3)
let public_keys = signer.export_public_key()?;

// Create verifier
let verifier = MrvbVerifier::from_public_key_json(&public_keys)?;

// Verification requires BOTH signatures to be valid
assert!(verifier.verify(message, &signature)?);

Hybrid Signature Format

Hybrid signatures are JSON-encoded with both classical and post-quantum components:

{
  "classical_sig": "base64-encoded-ed25519-signature...",
  "pqc_sig": "base64-encoded-dilithium3-signature...",
  "algorithm": "Ed25519+Dilithium3"
}

Security Property: Verification fails if EITHER signature is invalid, providing security against both classical and quantum attacks.

Low-Level API

For more control, you can use the underlying types directly:

Dilithium3 Direct Usage

use uvb_mrvb::{Dilithium3KeyPair, Dilithium3Signer, Dilithium3Verifier};

// Generate key pair
let keypair = Dilithium3KeyPair::generate();

// Create signer
let signer = Dilithium3Signer::new(keypair.clone());

// Sign
let message = b"Direct PQC signing";
let signature = signer.sign(message)?;

// Verify
let verifier = Dilithium3Verifier::new(keypair.public_key);
assert!(verifier.verify(message, &signature)?);

Hybrid Direct Usage

use uvb_mrvb::{HybridKeyPair, HybridSigner, HybridVerifier};

// Generate hybrid key pair
let keypair = HybridKeyPair::generate();

// Create signer
let signer = HybridSigner::new(keypair.clone());

// Sign with both algorithms
let message = b"Hybrid signing";
let signature = signer.sign(message)?;

// Create verifier
let verifier = HybridVerifier::new(
    keypair.ed25519_verifying_key,
    keypair.dilithium3_keypair.public_key
);

// Verify (requires both signatures to be valid)
assert!(verifier.verify(message, &signature)?);

Key Sizes

Algorithm	Public Key	Secret Key	Signature
Ed25519	32 bytes	32 bytes	64 bytes
Dilithium3	1,952 bytes	4,000 bytes	~3,293 bytes
Hybrid	1,984 bytes	4,032 bytes	~3,357 bytes

Performance Characteristics

Ed25519: Very fast (~50μs signing, ~150μs verification)
Dilithium3: Moderate speed (~200μs signing, ~100μs verification)
Hybrid: Combined overhead (~250μs signing, ~250μs verification)

Security Considerations

Why Hybrid Mode?

Hybrid mode provides defense-in-depth against both current and future threats:

Immediate Security: Ed25519 provides proven security against classical attacks
Quantum Resistance: Dilithium3 protects against future quantum computers
Cryptographic Agility: If one algorithm is broken, the other still provides security
Migration Path: Allows gradual transition to post-quantum cryptography

Signature Verification

In hybrid mode, BOTH signatures must verify successfully:

// If either signature fails, verification fails
let valid = ed25519_valid && dilithium3_valid;

This "AND" logic ensures that an attacker must break BOTH algorithms to forge a signature.

Algorithm Background

Dilithium3

Type: Lattice-based digital signature (Module-LWE)
Security Level: NIST Level 3 (equivalent to AES-192)
Status: NIST PQC standard (selected 2022)
Quantum Resistance: Resistant to Shor's algorithm and known quantum attacks

Ed25519

Type: EdDSA using Curve25519
Security Level: ~128-bit classical security
Status: RFC 8032, widely deployed
Quantum Vulnerability: Vulnerable to Shor's algorithm on large quantum computers

Testing

Run all tests:

cargo test --features all

Run specific feature tests:

# PQC only
cargo test --features pqc

# Hybrid only
cargo test --features hybrid

Examples

See the examples/ directory for complete working examples:

classical_signing.rs: Ed25519 signing and verification
pqc_signing.rs: Dilithium3 signing and verification
hybrid_signing.rs: Hybrid mode with both algorithms

License

MIT OR Apache-2.0

uvb-mrvb 0.2.1