Crate rustls_post_quantum

This crate provides a rustls::crypto::CryptoProvider that includes a hybrid¹, post-quantum-secure² key exchange algorithm – specifically X25519Kyber768Draft00.

X25519Kyber768Draft00 is pre-standardization, so you should treat this as experimental. You may see unexpected interop failures, and the algorithm implemented here may not be the one that eventually becomes widely deployed.

However, the two components of this key exchange are well regarded: X25519 alone is already used by default by rustls, and tends to have higher quality implementations than other elliptic curves. Kyber768 was recently standardized by NIST as ML-KEM-768.

How to use this crate

There are a few options:

To use this as the rustls default provider: include this code early in your program:

rustls_post_quantum::provider().install_default().unwrap();

To incorporate just the key exchange algorithm in a custom rustls::crypto::CryptoProvider:

use rustls::crypto::{aws_lc_rs, CryptoProvider};
let parent = aws_lc_rs::default_provider();
let my_provider = CryptoProvider {
    kx_groups: vec![
        &rustls_post_quantum::X25519Kyber768Draft00,
        aws_lc_rs::kx_group::X25519,
    ],
    ..parent
};

---

1. meaning: a construction that runs a classical and post-quantum key exchange, and uses the output of both together. This is a hedge against the post-quantum half being broken. ↩

2. a “post-quantum-secure” algorithm is one posited to be invulnerable to attack using a cryptographically-relevant quantum computer. In contrast, classical algorithms would be broken by such a computer. Note that such computers do not currently exist, and may never exist, but current traffic could be captured now and attacked later. ↩

Structs

• X25519Kyber768Draft00
  This is the X25519Kyber768Draft00 key exchange.

Functions

• provider
  A CryptoProvider which includes X25519Kyber768Draft00 key exchange.