Lib.rs

Cryptography
#post-quantum-cryptography #kyber #security

bin+lib quantumcryptlib

Post-quantum secure communication primitives using Kyber KEM and AEAD

by 0rlych1kk4

1 stable release

1.0.0 Dec 13, 2025

#1566 in Cryptography

MIT license

11KB
110 lines

QuantumCryptLib is a Rust library for building post-quantum secure communication channels using Kyber512 (a NIST-selected post-quantum Key Encapsulation Mechanism) combined with modern AEAD encryption.

Rather than encrypting data directly with Kyber, this library follows industry-correct cryptographic design:

Kyber KEM → Shared Secret → AEAD (ChaCha20-Poly1305)

This approach protects today’s communications and stored data against future quantum attacks (“harvest now, decrypt later”).

Warning

This crate provides cryptographic building blocks only.

It does NOT implement:

  • Authentication or identity verification
  • Replay protection
  • Key lifecycle management
  • A full network or transport protocol (e.g., TLS)

Users are responsible for integrating these primitives into a secure, authenticated protocol design.

Key Capabilities

  • Post-quantum key establishment using Kyber512 (KEM)
  • Shared secret derivation for secure sessions
  • Authenticated encryption via ChaCha20-Poly1305
  • Fully tested secure channel handshake
  • Written in Rust 2021 for safety and performance

Cryptographic Model (Important)

Kyber512 is a Key Encapsulation Mechanism (KEM) — it is not used to encrypt application data directly.

QuantumCryptLib implements the recommended construction:

  1. Key Encapsulation (Kyber512)
    Establishes a shared secret between two parties
  2. Key Derivation
    Derives a symmetric encryption key from the shared secret
  3. AEAD Encryption (ChaCha20-Poly1305)
    Encrypts and authenticates application data

This model is used in:

  • Post-quantum TLS / mTLS
  • Zero-Trust service-to-service communication
  • Secure tunnels and long-term data protection

Real-World Use Cases

  • Post-Quantum Secure Channels (TLS / mTLS alternatives)
  • Zero-Trust Microservices Communication
  • Long-Term Data Protection & Archival Encryption
  • Financial, Government, and Critical Infrastructure Systems
  • Blockchain & Distributed System Secure Messaging

Installation

️⃣ Clone the repository:

git clone https://github.com/0rlych1kk4/quantumcryptlib.git
cd quantumcryptlib

Build project:

cargo build
cargo run --bin quantumcryptlib_bin

Usage

Generating Kyber Key Pair

use quantumcryptlib::key_exchange::generate_key_pair;

let (public_key, secret_key) = generate_key_pair();

Establish a Post-Quantum Shared Secret (KEM)

use quantumcryptlib::key_exchange::{encapsulate, decapsulate};

// Initiator
let (shared_secret_a, kem_ciphertext) = encapsulate(&public_key)?;

// Responder
let shared_secret_b = decapsulate(&secret_key, &kem_ciphertext)?;

assert_eq!(shared_secret_a, shared_secret_b);

 **Encrypt and Decrypt Data Using AEAD**
use quantumcryptlib::secure_channel::{aead_encrypt, aead_decrypt};

let message = b"hello post-quantum world";

// Encrypt
let (nonce, ciphertext) = aead_encrypt(&shared_secret_a, message)?;

// Decrypt
let plaintext = aead_decrypt(&shared_secret_b, &nonce, &ciphertext)?;

assert_eq!(message.to_vec(), plaintext);

Testing

Integration tests validate the following:

  • Multiple independent KEM handshakes
  • Shared secret correctness
  • AEAD encryption and decryption cycles

Run tests

cargo test

Security Notes

  • Secrets are never printed
  • AEAD ensures confidentiality and authenticity
  • Kyber512 is NIST-selected for post-quantum key exchange
  • This library is a secure communication building block, not a full TLS replacement

Planned Hardening

  • HKDF
  • Hybrid classical + post-quantum key exchange
  • Secret zeroization
  • no_std support

Contributing

  1. Fork the repository
  2. Create a feature branch 
    git checkout -b feature-branch
  3. Commit your changes 
    git commit -m "Add feature"
  4. Push and open a pull request

Dependencies

~22MB
~471K SLoC