IMPORTANT DEVELOPMENT STATUS NOTICE

This library is currently in ACTIVE DEVELOPMENT (v0.1.1) and is EXPERIMENTAL.

This is a Rust wrapper around official NIST reference implementations - not custom cryptography. The core algorithms are NIST-certified, but the Rust integration layer has NOT undergone:

• Independent security audits of FFI bindings
• Formal verification of memory safety wrappers
• Production environment validation

DO NOT USE IN PRODUCTION without comprehensive integration review and testing.

Risk areas: FFI safety, memory management, build system - NOT the underlying NIST algorithms.

Post-quantum cryptography library providing NIST-standardized quantum-resistant algorithms for secure applications.

Cypheron Core implements post-quantum cryptographic algorithms that protect against both classical and quantum computer attacks. The library provides a secure, high-performance foundation for building quantum-resistant applications.

• ML-KEM (Kyber) - 512, 768, 1024 bit security levels
• Quantum-resistant key exchange and encryption

• ML-DSA (Dilithium) - Levels 2, 3, 5
• Falcon - 512, 1024 bit variants
• SPHINCS+ - Hash-based signatures with multiple configurations

• ECC + Post-Quantum combinations for migration scenarios
• Backward compatibility with existing systems

cargo add cypheron-core

Or add manually to your Cargo.toml:

[dependencies]
cypheron-core = "0.1.1"

git clone https://github.com/CypheronLabs/Cypheron-core.git
cd Cypheron-core/core-lib
cargo build --release

Basic usage:

use cypheron_core::kem::ml_kem_768::MlKem768;

// Generate quantum-resistant key pair
let (public_key, secret_key) = MlKem768::generate_keypair();

// Encapsulate shared secret
let (ciphertext, shared_secret) = MlKem768::encapsulate(&public_key);

// Decapsulate on recipient side
let recovered_secret = MlKem768::decapsulate(&secret_key, &ciphertext);
assert_eq!(shared_secret, recovered_secret);

• Memory Safety - Built in Rust with automatic secure cleanup
• Cross-platform - Windows, macOS, Linux support
• Performance Optimized - Optimized implementations with platform-specific acceleration
• Security Focused - Constant-time implementations and side-channel protection
• Linux Sandboxing - Optional seccomp-BPF syscall filtering for enhanced security (requires seccomp-bpf feature)
• Well Tested - Comprehensive test suite including known answer tests and fuzzing

• Constant-time implementations to prevent timing attacks
• Secure memory management with automatic zeroization
• Vendor code integrity verification during build
• Extensive testing including property-based and fuzz testing

For Linux deployments, Cypheron Core supports seccomp-BPF sandboxing to restrict syscalls and reduce attack surface:

[dependencies]
cypheron-core = { version = "0.1.1", features = ["seccomp-bpf"] }

use cypheron_core::platform::linux::enable_production_security;

// Enable restrictive syscall filtering before cryptographic operations
enable_production_security()?;

// Now only whitelisted syscalls are permitted
// All cryptographic operations continue to work normally

This feature is particularly useful for:

• High-security production deployments
• Defense-in-depth security strategies
• Limiting potential exploit impact
• Compliance with security hardening requirements

See examples/linux_sandboxing.rs for a complete working example.

Run cargo doc --open to build and view complete API documentation locally. Or visit cypheron-core-docs

• Website: cypheronlabs.com
• Security Audit: Full source code available for security review
• Algorithm Specifications: NIST standardized implementations
• Performance Benchmarks: Run cargo bench for platform-specific metrics

We invite security researchers and cryptography experts to audit this library.

This experimental implementation includes:

• Comprehensive test suite - NIST KAT, timing analysis, side-channel detection
• Security tooling - Fuzzing infrastructure, memory safety validation
• Open methodology - Full source code, build reproducibility, test transparency

• Test Suite: Run cargo test --test test_runner for comprehensive security validation
• Fuzzing: Use cargo fuzz for robustness testing
• Documentation: Complete API and security model documentation available
• Vendor Code: C implementations from NIST reference sources with integrity verification

• FFI boundary safety between Rust and C vendor code
• Constant-time implementation validation
• Memory safety and zeroization verification
• Side-channel resistance analysis
• NIST compliance validation

Security findings welcome: Report to security@cypheronlabs.com following our Security Policy.

We welcome contributions! Please see CONTRIBUTING.md for guidelines.

Licensed under the Apache License, Version 2.0. See LICENSE for details.

Built by Michael Luna in partnership with Cypheron Labs - Advancing post-quantum cryptography.