Rustls is a modern TLS library written in Rust.

rustls-post-quantum

This crate provides experimental support for X25519Kyber768Draft00 post-quantum key exchange. See the documentation for more details.

This crate is release under the same licenses as the main rustls crate.

lib.rs:

This crate provides a rustls::crypto::CryptoProvider that includes a hybrid[^1], post-quantum-secure[^2] key exchange algorithm -- specifically X25519Kyber768Draft00.

X25519Kyber768Draft00 is pre-standardization, so you should treat this as experimental. You may see unexpected interop failures, and the algorithm implemented here may not be the one that eventually becomes widely deployed.

However, the two components of this key exchange are well regarded: X25519 alone is already used by default by rustls, and tends to have higher quality implementations than other elliptic curves. Kyber768 was recently standardized by NIST as ML-KEM-768.

[^1]: meaning: a construction that runs a classical and post-quantum key exchange, and uses the output of both together. This is a hedge against the post-quantum half being broken.

[^2]: a "post-quantum-secure" algorithm is one posited to be invulnerable to attack using a cryptographically-relevant quantum computer. In contrast, classical algorithms would be broken by such a computer. Note that such computers do not currently exist, and may never exist, but current traffic could be captured now and attacked later.

How to use this crate

There are a few options:

To use this as the rustls default provider: include this code early in your program:

rustls_post_quantum::provider().install_default().unwrap();

To incorporate just the key exchange algorithm in a custom rustls::crypto::CryptoProvider:

use rustls::crypto::{aws_lc_rs, CryptoProvider};
let parent = aws_lc_rs::default_provider();
let my_provider = CryptoProvider {
    kx_groups: vec![
        &rustls_post_quantum::X25519Kyber768Draft00,
        aws_lc_rs::kx_group::X25519,
    ],
    ..parent
};