Expand description
§Saorsa MLS - Message Layer Security Protocol (RFC 9420) with Post-Quantum Cryptography
This crate implements the Message Layer Security (MLS) protocol as specified in RFC 9420 for secure group communication, enhanced with post-quantum cryptographic algorithms for quantum resistance.
Two group planes are provided:
treekem_group::TreeKemGroup— the real TreeKEM plane (RFC 9420 subset): a ratchet tree with per-node ML-KEM keypairs, UpdatePath commits, key-schedule chaining and parent hashes. This delivers forward secrecy (past messages stay secure after a key compromise) and post-compromise security (the group heals after a compromise). Use this for new code.MlsGroup— a legacy per-epoch group-shared-secret (GSS) plane that does not provide FS/PCS (every epoch member shares one secret). Retained for backward compatibility; see ADR-002 for the migration plan.
Both planes are post-quantum (ML-KEM, ML-DSA/SLH-DSA, ChaCha20-Poly1305, HKDF) and support end-to-end encryption and asynchronous join/leave.
§Core Components
treekem/key_schedule/treekem_group: the real TreeKEM stack (ratchet tree, MLS key schedule, and theTreeKemGroupAPI)protocol: MLS protocol message structures and state machinescrypto: Cryptographic primitives and key derivationgroup: the legacy GSSMlsGroupmember: Member identity and authentication
§Example Usage
use saorsa_mls::{MlsGroup, MemberIdentity, MemberId, GroupConfig};
// Create a new MLS group
let config = GroupConfig::default();
let creator_identity = MemberIdentity::generate(MemberId::generate())?;
let mut group = MlsGroup::new(config, creator_identity).await?;
// Add members to the group
let new_member = MemberIdentity::generate(MemberId::generate())?;
let welcome = group.add_member(&new_member).await?;
// Send encrypted messages
let message = group.encrypt_message(b"Hello, secure group!")?;
let decrypted = group.decrypt_message(&message)?;Re-exports§
pub use api::add_member;pub use api::group_new;pub use api::group_new_with_config;pub use api::recv;pub use api::remove_member;pub use api::send;pub use api::Ciphertext;pub use api::CommitOptions;pub use api::GroupId as SimpleGroupId;pub use api::Identity;pub use crypto::AeadCipher;pub use crypto::CipherSuite;pub use crypto::CipherSuiteId;pub use crypto::Hash;pub use crypto::HpkeContext;pub use crypto::KeyPair;pub use crypto::KeySchedule;pub use crypto::MlsAead;pub use crypto::MlsHash;pub use crypto::MlsKem;pub use crypto::MlsSignature;pub use group::GroupConfig;pub use group::GroupId;pub use group::GroupState;pub use group::MlsGroup;pub use member::Credential;pub use member::CredentialType;pub use member::GroupMember;pub use member::KeyPackage;pub use member::MemberId;pub use member::MemberIdentity;pub use member::MemberState;pub use member::TrustStore;pub use protocol::AuditLogEntry;pub use protocol::*;
Modules§
- api
- Simplified API for MLS group messaging with QUIC stream integration
- crypto
- Cryptographic primitives for MLS using saorsa-pqc
- group
- key_
schedule - MLS key schedule with epoch chaining (RFC 9420 §8 subset, post-quantum).
- member
- Member identity and key management for MLS groups
- protocol
- MLS protocol messages and state machine
- quic_
integration - QUIC stream mapping for MLS messages
- treekem
- Real
TreeKEMratchet tree (RFC 9420 subset, post-quantum). - treekem_
group - Real
TreeKEMgroup (phase P5 of ADR-002).
Structs§
- MlsConfig
- MLS configuration parameters
- MlsStats
- MLS statistics for monitoring
- Wire
Format - Wire format version for backwards compatibility
Enums§
- MlsError
- Errors that can occur in MLS operations
Constants§
- DEFAULT_
KEY_ ROTATION_ INTERVAL - Key rotation interval
- MAX_
GROUP_ SIZE - Maximum group size (
TreeKEMlimitation) - MLS_
VERSION - MLS protocol version
Type Aliases§
- Epoch
Number - Epoch number for group state versioning
- Message
Sequence - Message sequence number type
- Result