Skip to main content

Module crypto

Module crypto 

Source
Available on crate feature std only.

Modules§

adaptive_crypto
Adaptive Crypto Engine
aes_session
High-Performance AES-GCM Session Encryption
cid_chain
Rotating connection-ID chain (introduced in WIRE v5 / ε; current WIRE v6).
header_protection
Header protection (QUIC RFC 9001 §5.4) — the per-packet mask that hides the header fields from a passive on-path observer. Since WIRE v6 the WHOLE 15-byte header is masked — version ‖ packet_number ‖ flags ‖ stream_id ‖ epoch ‖ path_id, the bytes at wire offset [0..15] (HP_MASK_LEN = 15; no constant cleartext byte). (Was [1..15]/14 bytes in WIRE v5, [33..47] in v4 — see the HP_MASK_LEN doc for the per-version history.)
hybrid_kem
Hybrid KEM: classical ECDH + ML-KEM-768 (FIPS 203, post-quantum).
hybrid_sign
Hybrid Digital Signatures: Ed25519 + ML-DSA-65 (FIPS 204).
kdf
Shared key-derivation helpers (Phase 4.1).
pow
rng
RngProvider — the indirection through which Phantom Protocol obtains cryptographic randomness. Default is OsRng, which delegates to getrandom::getrandom and therefore picks up the platform’s CSPRNG on every supported target (Linux getrandom(2), macOS / iOS CCRandomGenerateBytes, Windows BCryptGenRandom, wasm32 via the js feature → crypto.getRandomValues, etc.).
self_tests
Power-on + conditional self-tests for Phantom Protocol’s cryptographic primitives (FIPS 140-3 §7.7).