{"id":47620801,"url":"https://github.com/fzheng/fips-crypto","last_synced_at":"2026-04-01T22:03:18.390Z","repository":{"id":345409803,"uuid":"1185533911","full_name":"fzheng/fips-crypto","owner":"fzheng","description":"High-performance post-quantum cryptography for JavaScript and TypeScript, powered by Rust + WebAssembly.","archived":false,"fork":false,"pushed_at":"2026-03-26T21:35:18.000Z","size":1857,"stargazers_count":0,"open_issues_count":1,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-03-27T09:30:03.615Z","etag":null,"topics":["cryptography","fips-203","fips-204","fips-205","ml-dsa","ml-kem","post-quantum","slh-dsa"],"latest_commit_sha":null,"homepage":"https://www.npmjs.com/package/fips-crypto","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/fzheng.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-03-18T17:24:13.000Z","updated_at":"2026-03-25T02:23:28.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/fzheng/fips-crypto","commit_stats":null,"previous_names":["fzheng/fips-crypto"],"tags_count":4,"template":false,"template_full_name":null,"purl":"pkg:github/fzheng/fips-crypto","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fzheng%2Ffips-crypto","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fzheng%2Ffips-crypto/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fzheng%2Ffips-crypto/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fzheng%2Ffips-crypto/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/fzheng","download_url":"https://codeload.github.com/fzheng/fips-crypto/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fzheng%2Ffips-crypto/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31292631,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-01T21:15:39.731Z","status":"ssl_error","status_checked_at":"2026-04-01T21:15:34.046Z","response_time":53,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cryptography","fips-203","fips-204","fips-205","ml-dsa","ml-kem","post-quantum","slh-dsa"],"created_at":"2026-04-01T22:03:01.644Z","updated_at":"2026-04-01T22:03:18.352Z","avatar_url":"https://github.com/fzheng.png","language":"Rust","funding_links":[],"categories":[],"sub_categories":[],"readme":"# fips-crypto\n\nHigh-performance post-quantum cryptography for JavaScript and TypeScript, powered by Rust + WebAssembly.\n\n[![CI](https://github.com/fzheng/fips-crypto/actions/workflows/ci.yml/badge.svg)](https://github.com/fzheng/fips-crypto/actions/workflows/ci.yml)\n[![npm version](https://img.shields.io/npm/v/fips-crypto.svg)](https://www.npmjs.com/package/fips-crypto)\n[![npm downloads](https://img.shields.io/npm/dw/fips-crypto.svg)](https://www.npmjs.com/package/fips-crypto)\n[![codecov](https://codecov.io/gh/fzheng/fips-crypto/graph/badge.svg?token=X6HH8RWTDZ)](https://codecov.io/gh/fzheng/fips-crypto)\n[![license](https://img.shields.io/npm/l/fips-crypto.svg?color=blue)](https://github.com/fzheng/fips-crypto/blob/main/LICENSE)\n[![FIPS 203](https://img.shields.io/badge/FIPS%20203-ML--KEM-blue)](https://csrc.nist.gov/pubs/fips/203/final)\n[![FIPS 204](https://img.shields.io/badge/FIPS%20204-ML--DSA-blue)](https://csrc.nist.gov/pubs/fips/204/final)\n[![FIPS 205](https://img.shields.io/badge/FIPS%20205-SLH--DSA-blue)](https://csrc.nist.gov/pubs/fips/205/final)\n[![provenance](https://img.shields.io/badge/provenance-sigstore-green)](https://www.npmjs.com/package/fips-crypto)\n\n## Why fips-crypto\n\n- **Standards-focused** \u0026mdash; implements NIST [FIPS 203](https://csrc.nist.gov/pubs/fips/203/final) (ML-KEM), [FIPS 204](https://csrc.nist.gov/pubs/fips/204/final) (ML-DSA), and [FIPS 205](https://csrc.nist.gov/pubs/fips/205/final) (SLH-DSA)\n- **Rust + WebAssembly core** \u0026mdash; constant-time-oriented critical paths with Rust-side zeroization of secret material\n- **TypeScript-first** \u0026mdash; full type definitions, explicit input validation, clear error codes\n- **Tested and benchmarked** \u0026mdash; 940+ tests, 99%+ coverage, cross-implementation compliance vectors\n- **Flexible** \u0026mdash; ESM, CommonJS, auto-init; Node.js CI-tested, browser-compatible via bundlers\n\n## Try it now\n\n```bash\nnpm install fips-crypto\n```\n\n```ts\nimport { ml_kem768, ml_dsa65, slh_dsa_shake_192f } from 'fips-crypto/auto';\n\n// Key encapsulation (ML-KEM)\nconst { publicKey, secretKey } = await ml_kem768.keygen();\nconst { ciphertext, sharedSecret } = await ml_kem768.encapsulate(publicKey);\nconst recovered = await ml_kem768.decapsulate(secretKey, ciphertext);\n\n// Digital signatures (ML-DSA)\nconst message = new TextEncoder().encode('hello post-quantum world');\nconst keys = await ml_dsa65.keygen();\nconst signature = await ml_dsa65.sign(keys.secretKey, message);\nconst valid = await ml_dsa65.verify(keys.publicKey, message, signature);\n\n// Hash-based signatures (SLH-DSA)\nconst slhKeys = await slh_dsa_shake_192f.keygen();\nconst slhSig = await slh_dsa_shake_192f.sign(slhKeys.secretKey, message);\nconst slhValid = await slh_dsa_shake_192f.verify(slhKeys.publicKey, message, slhSig);\n```\n\nSee the [fips-crypto-demo](https://github.com/fzheng/fips-crypto-demo) for an interactive app, or browse the [examples/](examples/) folder for ready-to-run scripts.\n\n## Performance\n\nBenchmarked on Node.js with Vitest bench (`npm run bench`). Results are operations per second (higher is better).\n\n### ML-KEM (FIPS 203)\n\n| Operation | ML-KEM-512 | ML-KEM-768 | ML-KEM-1024 |\n|-----------|-----------|-----------|------------|\n| keygen | 32,367 ops/s | 20,233 ops/s | 13,159 ops/s |\n| encapsulate | 28,805 ops/s | 19,790 ops/s | 13,832 ops/s |\n| decapsulate | 26,196 ops/s | 17,191 ops/s | 12,370 ops/s |\n\n### ML-DSA (FIPS 204)\n\n| Operation | ML-DSA-44 | ML-DSA-65 | ML-DSA-87 |\n|-----------|----------|----------|----------|\n| keygen | 10,718 ops/s | 7,428 ops/s | 4,315 ops/s |\n| sign | 3,625 ops/s | 2,073 ops/s | 1,754 ops/s |\n| verify | 14,052 ops/s | 8,355 ops/s | 5,165 ops/s |\n\n### SLH-DSA (FIPS 205) \u0026mdash; fast variants\n\n| Operation | SHA2-128f | SHAKE-128f | SHA2-192f | SHAKE-192f |\n|-----------|----------|-----------|----------|-----------|\n| keygen | 694 ops/s | 450 ops/s | 463 ops/s | 305 ops/s |\n| sign | 29 ops/s | 18 ops/s | 18 ops/s | 11 ops/s |\n| verify | 478 ops/s | 312 ops/s | 316 ops/s | 218 ops/s |\n\n\u003cdetails\u003e\n\u003csummary\u003eReproduce these benchmarks\u003c/summary\u003e\n\n```bash\ngit clone https://github.com/fzheng/fips-crypto.git\ncd fips-crypto\nnpm install \u0026\u0026 npm run build\nnpm run bench\n```\n\nResults will vary by hardware and Node.js version. The numbers above are representative, not a guarantee.\n\u003c/details\u003e\n\n## Supported algorithms\n\n### ML-KEM (FIPS 203)\n\n- `ml_kem512`\n- `ml_kem768` \u0026mdash; recommended\n- `ml_kem1024`\n\n### ML-DSA (FIPS 204)\n\n- `ml_dsa44`\n- `ml_dsa65` \u0026mdash; recommended\n- `ml_dsa87`\n\n### SLH-DSA (FIPS 205)\n\nAll 12 parameter sets:\n\n- SHA2: `slh_dsa_sha2_128s`, `slh_dsa_sha2_128f`, `slh_dsa_sha2_192s`, `slh_dsa_sha2_192f`, `slh_dsa_sha2_256s`, `slh_dsa_sha2_256f`\n- SHAKE: `slh_dsa_shake_128s`, `slh_dsa_shake_128f`, `slh_dsa_shake_192s`, `slh_dsa_shake_192f`, `slh_dsa_shake_256s`, `slh_dsa_shake_256f`\n\n`f` variants sign faster with larger signatures. `s` variants produce smaller signatures but sign more slowly.\n\n## Choosing parameter sets\n\n| Use case | Recommended |\n|----------|-------------|\n| Key encapsulation (general) | `ml_kem768` |\n| Digital signatures (lattice-based) | `ml_dsa65` |\n| Hash-based signatures (balanced) | `slh_dsa_sha2_192f` or `slh_dsa_shake_192f` |\n| Smallest hash-based signatures | `slh_dsa_sha2_128s` or `slh_dsa_shake_128s` |\n\n## Installation\n\n```bash\nnpm install fips-crypto\n```\n\n### Entrypoints\n\n| Import path | Use case |\n|-------------|----------|\n| `fips-crypto/auto` | Lazy initialization on first use (recommended) |\n| `fips-crypto` | Explicit `init()` for precise control |\n| `fips-crypto/ml-kem` | ML-KEM-only import surface |\n| `fips-crypto/ml-dsa` | ML-DSA-only import surface |\n| `fips-crypto/slh-dsa` | SLH-DSA-only import surface |\n\n### Runtime support\n\n| Runtime | Status | Notes |\n|---------|--------|-------|\n| Node.js 20+ | Supported | CI tested on Linux, macOS, and Windows |\n| Browsers | Compatible | Requires a bundler with WASM support; not yet CI-validated |\n| Bun | Untested | Community validation welcome |\n| Deno | Untested | Community validation welcome |\n\n## API\n\n### Initialization\n\n`fips-crypto/auto` initializes lazily on first use (recommended). Use `import { init } from 'fips-crypto'` and call `await init()` if you need explicit control over when WASM loads.\n\n### ML-KEM\n\n```ts\nkeygen(seed?: Uint8Array)           // seed: exactly 64 bytes\nencapsulate(publicKey, seed?)       // seed: exactly 32 bytes\ndecapsulate(secretKey, ciphertext)\nparams                              // { name, publicKeyBytes, ... }\n```\n\n### ML-DSA\n\n```ts\nkeygen(seed?: Uint8Array)                          // seed: exactly 32 bytes\nsign(secretKey, message, context?: Uint8Array)     // context: max 255 bytes\nverify(publicKey, message, signature, context?)\nparams\n```\n\n### SLH-DSA\n\n```ts\nkeygen(seed?: Uint8Array)                          // seed: 48/72/96 bytes by security level\nsign(secretKey, message, context?: Uint8Array)     // context: max 255 bytes\nverify(publicKey, message, signature, context?)\nparams\n```\n\n### Errors\n\nInvalid inputs throw `FipsCryptoError` with codes: `WASM_NOT_INITIALIZED`, `INVALID_KEY_LENGTH`, `INVALID_CIPHERTEXT_LENGTH`, `INVALID_SIGNATURE_LENGTH`, `INVALID_SEED_LENGTH`, `INVALID_CONTEXT_LENGTH`.\n\n## Algorithm parameters\n\n### ML-KEM\n\n| Parameter set | Security | Public key | Secret key | Ciphertext | Shared secret |\n|---------------|----------|------------|------------|------------|---------------|\n| ML-KEM-512 | Cat 1 | 800 B | 1632 B | 768 B | 32 B |\n| ML-KEM-768 | Cat 3 | 1184 B | 2400 B | 1088 B | 32 B |\n| ML-KEM-1024 | Cat 5 | 1568 B | 3168 B | 1568 B | 32 B |\n\n### ML-DSA\n\n| Parameter set | Security | Public key | Secret key | Signature |\n|---------------|----------|------------|------------|-----------|\n| ML-DSA-44 | Cat 2 | 1312 B | 2560 B | 2420 B |\n| ML-DSA-65 | Cat 3 | 1952 B | 4032 B | 3309 B |\n| ML-DSA-87 | Cat 5 | 2592 B | 4896 B | 4627 B |\n\n### SLH-DSA\n\n| Parameter set | Security | Public key | Secret key | Signature |\n|---------------|----------|------------|------------|-----------|\n| SLH-DSA-SHA2-128s | 128-bit | 32 B | 64 B | 7,856 B |\n| SLH-DSA-SHA2-128f | 128-bit | 32 B | 64 B | 17,088 B |\n| SLH-DSA-SHA2-192s | 192-bit | 48 B | 96 B | 16,224 B |\n| SLH-DSA-SHA2-192f | 192-bit | 48 B | 96 B | 35,664 B |\n| SLH-DSA-SHA2-256s | 256-bit | 64 B | 128 B | 29,792 B |\n| SLH-DSA-SHA2-256f | 256-bit | 64 B | 128 B | 49,856 B |\n| SLH-DSA-SHAKE-128s | 128-bit | 32 B | 64 B | 7,856 B |\n| SLH-DSA-SHAKE-128f | 128-bit | 32 B | 64 B | 17,088 B |\n| SLH-DSA-SHAKE-192s | 192-bit | 48 B | 96 B | 16,224 B |\n| SLH-DSA-SHAKE-192f | 192-bit | 48 B | 96 B | 35,664 B |\n| SLH-DSA-SHAKE-256s | 256-bit | 64 B | 128 B | 29,792 B |\n| SLH-DSA-SHAKE-256f | 256-bit | 64 B | 128 B | 49,856 B |\n\n## Security\n\n- Rust core keeps security-critical operations branch-regular and fixed-shape\n- ML-KEM implements implicit rejection during decapsulation\n- Secret-bearing Rust structs and intermediate buffers are zeroized on drop\n- JS `Uint8Array` copies are subject to garbage collection \u0026mdash; not reliably zeroized\n- WASM does not provide the same side-channel guarantees as a hardened native library\n\nFor the full threat model, zeroization boundaries, and side-channel analysis, see [docs/SECURITY-MODEL.md](docs/SECURITY-MODEL.md).\n\n## Supply chain integrity\n\n```bash\nnpx fips-crypto-verify-integrity   # verify WASM checksums after install\nnpm audit signatures               # verify npm provenance via Sigstore\n```\n\nEvery build includes SHA-256 checksums for WASM artifacts. Provenance links each published package to a specific GitHub Actions workflow run. See [SECURITY.md](SECURITY.md) for details.\n\n## Validation and testing\n\n- **940+** tests (746 JavaScript/TypeScript + 225 Rust)\n- **99%+** coverage (statements, functions, branches, lines)\n- Cross-implementation compliance vectors for all algorithm families\n- Packed-artifact smoke tests in CI\n\n## Building from source\n\n```bash\n# Prerequisites: Rust stable, wasm-pack, Node.js 20+\nrustup target add wasm32-unknown-unknown\n\ngit clone https://github.com/fzheng/fips-crypto.git\ncd fips-crypto\nnpm install\nnpm run build\nnpm test\n```\n\n| Command | Description |\n|---------|-------------|\n| `npm run build` | Build Rust/WASM + TypeScript |\n| `npm test` | Run tests |\n| `npm run test:coverage` | Tests with coverage |\n| `cargo test` | Rust tests |\n| `npm run bench` | Benchmarks |\n| `npm run lint` | ESLint |\n\n## Standards\n\n- [FIPS 203](https://csrc.nist.gov/pubs/fips/203/final) \u0026mdash; ML-KEM\n- [FIPS 204](https://csrc.nist.gov/pubs/fips/204/final) \u0026mdash; ML-DSA\n- [FIPS 205](https://csrc.nist.gov/pubs/fips/205/final) \u0026mdash; SLH-DSA\n- [NIST IR 8547](https://csrc.nist.gov/pubs/ir/8547/final) \u0026mdash; Migration guidance\n\n## Contributing\n\nContributions welcome. See [CONTRIBUTING.md](CONTRIBUTING.md) and [SECURITY.md](SECURITY.md).\n\n## License\n\nMIT\n\n---\n\nIf this library is useful to your project, please consider giving it a star on GitHub.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffzheng%2Ffips-crypto","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ffzheng%2Ffips-crypto","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffzheng%2Ffips-crypto/lists"}