Rustls is a modern TLS library written in Rust.

rustls-post-quantum

This crate provides a rustls::crypto::CryptoProvider that includes a hybrid[^1], post-quantum-secure[^2] key exchange algorithm -- specifically X25519MLKEM768, as well as a non-hybrid post-quantum-secure key exchange algorithm.

X25519MLKEM768 is pre-standardization, so you should treat this as experimental. You may see unexpected connection failures (such as tldr.fail) -- please report these to us. X25519MLKEM768 is becoming widely deployed, eg, by Chrome and Cloudflare.

The two components of this key exchange are well regarded: X25519 alone is already used by default by rustls, and tends to have higher quality implementations than other elliptic curves. ML-KEM-768 was standardized by NIST in FIPS203.

[^1]: meaning: a construction that runs a classical and post-quantum key exchange, and uses the output of both together. This is a hedge against the post-quantum half being broken.

[^2]: a "post-quantum-secure" algorithm is one posited to be invulnerable to attack using a cryptographically-relevant quantum computer. In contrast, classical algorithms would be broken by such a computer. Note that such computers do not currently exist, and may never exist, but current traffic could be captured now and attacked later.

How to use this crate

There are a few options:

To use this as the rustls default provider: include this code early in your program:

rustls_post_quantum::provider().install_default().unwrap();

To incorporate just the key exchange algorithm(s) in a custom rustls::crypto::CryptoProvider:

use rustls::crypto::{aws_lc_rs, CryptoProvider};
let parent = aws_lc_rs::default_provider();
let my_provider = CryptoProvider {
    kx_groups: vec![
        rustls_post_quantum::X25519MLKEM768,
        aws_lc_rs::kx_group::X25519,
        rustls_post_quantum::MLKEM768,
    ],
    ..parent
};

This crate is release under the same licenses as the main rustls crate.