Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/olekssy/pqc_bridge

Quantum-resistant secure communication using ML-KEM (Kyber) and ML-DSA (Dilithium) post-quantum cryptography
https://github.com/olekssy/pqc_bridge

dilithium encryption kyber post-quantum-cryptography quantum-resistant rust

Last synced: 6 months ago
JSON representation

Quantum-resistant secure communication using ML-KEM (Kyber) and ML-DSA (Dilithium) post-quantum cryptography

Awesome Lists containing this project

README 

          
# pqc_bridge



[![docs.rs (with version)](https://img.shields.io/docsrs/pqc_bridge/latest)](https://docs.rs/pqc_bridge/latest/pqc_bridge/)

[![Crates.io](https://img.shields.io/crates/v/pqc_bridge)](https://crates.io/crates/pqc_bridge)

![Last commit](https://img.shields.io/github/last-commit/olekssy/pqc_bridge)

![GitHub Actions Workflow Status](https://img.shields.io/github/actions/workflow/status/olekssy/pqc_bridge/rust.yml)

![License](https://img.shields.io/github/license/olekssy/pqc_bridge)



A lightweight Rust library for post-quantum cryptography providing secure key management, encryption, and digital signatures using NIST-standardized algorithms.



**Key Features:**

- Intuitive API for building secure, quantum-resistant communication systems

- Unified Rust library and CLI tool in one package for file-based and programmatic operations

- Hybrid encryption (Kyber x AES-256-GCM) and signatures (Dilithium x SHA3-256)

- Provides NIST Level 3 192-bit security for encryption and signatures

- Compliant with NIST FIPS 203 (ML-KEM-768) and FIPS 204 (ML-DSA-65)



## Quick Start



### Installation



Install as a dependency:

```bash

cargo add pqc_bridge

```



Install as a CLI tool:

```bash

cargo install pqc_bridge

```



### Library Usage



```rust

use pqc_bridge::{KeyPair, encrypt, decrypt, sign, verify};



let message = "Secret message";

let keypair = KeyPair::generate();



// Encryption

let encrypted = encrypt(message, &keypair.to_public_key());

let decrypted = decrypt(encrypted, &keypair);

assert_eq!(message, decrypted);



// Signing

let signature = sign(message, &keypair);

let is_signature_valid = verify(message, &signature, &keypair.to_public_key());

assert!(is_signature_valid);

```



### CLI Usage



```bash

# Generate keypair

pqc keygen -o alice  # Creates alice.sec and alice.pub



# Encrypt message

pqc encrypt -m "Hello!" -k alice.pub -o encrypted.pqc



# Encrypt file

pqc encrypt -m @message.txt -k alice.pub -o encrypted.pqc



# Decrypt message

pqc decrypt -i encrypted.pqc -k alice.sec

```



## How It Works



**Hybrid Encryption:**

1. Kyber encapsulates a random AES-256 key using recipient's public key

2. AES-256-GCM encrypts the message with the encapsulated key (fast + quantum-resistant)



**Digital Signatures:**

1. SHA3-256 hashes the message, Dilithium signs the hash

2. Verification checks signature against message hash with sender's public key



**Security Features:**

- Automatic zeroization of secret keys in memory

- JSON serialization with Base64 encoding

- File-based operations via CLI



## References



- [NIST Post-Quantum Cryptography Standardization](https://csrc.nist.gov/projects/post-quantum-cryptography)

- [NIST FIPS 203 - ML-KEM](https://csrc.nist.gov/publications/detail/fips/203/final)

- [NIST FIPS 204 - ML-DSA](https://csrc.nist.gov/publications/detail/fips/204/final)

- [CRYSTALS-Kyber](https://pq-crystals.org/kyber/)

- [CRYSTALS-Dilithium](https://pq-crystals.org/dilithium/)



## License



MIT License - See [LICENSE](LICENSE) for details.



---



**Note:** Responsibility for secure implementation rests with the user. Consult cryptography experts for production use.