Skip to content

Latest commit

 

History

History
415 lines (221 loc) · 24.2 KB

Awesome_Rust_Cryptography.md

File metadata and controls

415 lines (221 loc) · 24.2 KB
Raw

Awesome Rust Cryptography

Below is a list of actively maintained, high-quality cryptography libraries independently developed by members of the Rust Community.

The list is compiled and curated by by the Rust Cryptography Interest Group (RCIG). If you have any suggestions, questions, or other concerns with this list, please open an issue and we'll get back to you.

The following badges are used to provide more information about libraries that meet certain criteria:

Badge Description
crates that have undergone at least one audit by an expert cryptographic auditing firm. Click the badge to view the audit.
crates whose correctness has been formally verified or synthesized from formally verified tools.

Note: libraries in each section are listed in alphabetical order and do not indicate an order of preference.

High-level Libraries

These libraries function at a very high level and are designed for simplicity and ease-of-use. They provide integrated key management in addition to providing high-level APIs for algorithms.

  • rage Implementation of age — a simple, secure and modern encryption tool with small explicit keys, no config options, and UNIX-style composability.

  • signatory High-level digital signature library with support for ECDSA and Ed25519.

  • tink-rust Rust port of Google's high-level Tink cryptography library.

Transport Encryption Libraries

These libraries implement protocols that are designed to protect data-in-transit i.e. network communications.

Collections of Cryptographic Primitives

These libraries provide omnibus collections of different cryptographic primitives contained within a single library.

  • evercrypt-rust Rust bindings for evercrypt, a set of high-performance HACL*-verified implementations of cryptographic primitives. bindings crate, bringing HACL-verified cryptographic primitives.

  • libsm China's Standards of Encryption Algorithms (SM2/3/4).

  • orion Collection of usable, easy and safe pure-Rust cryptographic primitives.

  • ring focused on the implementation, testing, and optimization of a core set of cryptographic operations exposed via an easy-to-use (and hard-to-misuse) API. ring exposes a Rust API and is written in a hybrid of Rust, C, and assembly language.

  • sodiumoxide Type-safe efficient Rust bindings to libsodium.

Traits for Cryptographic Primitives

The crates in this section provide trait-based abstractions for different types of cryptographic primitives, allowing implementations of higher-level cryptographic algorithms and protocols which are generic over specific primitives and implementations.

  • aead Authenticated Encryption with Additional Data (AEAD) cipher traits.

  • ark-ec Elliptic curve traits as used by the Ark Ecosystem.

  • ark-ff Finite field traits as used by the Ark Ecosystem.

  • cipher Block cipher and stream cipher traits.

  • crypto Facade for all RustCrypto traits.

  • crypto-mac Message Authentication Code (MAC) traits.

  • digest Digest/hash algorithm traits.

  • elliptic-curve Elliptic curve traits as used by the RustCrypto ecosystem.

  • ff Finite field traits as used by the RustCrypto and ZKCrypto ecosystems.

  • group Elliptic curve group traits as used by the RustCrypto and ZKCrypto ecosystems.

  • password-hash Password hashing traits and support for the PHC string format.

  • signature Digital signature traits.

  • universal-hash Universal Hash Function (UHF) traits.

Symmetric Cryptography

These crates implement individual symmetric cryptography algorithms.

Authenticated Encryption with Associated Data (AEAD) Algorithms

These are high-level symmetric encryption libraries which ensure both the confidentiality and integrity of data.

  • aes-gcm Pure Rust implementation of the AES-GCM Authenticated Encryption with Associated Data (AEAD) cipher.

  • aes-gcm-siv AES-GCM-SIV (RFC 8452) is a state-of-the-art high-performance Authenticated Encryption with Associated Data (AEAD) cipher which also provides nonce reuse misuse resistance.

  • aes-siv AES-SIV Misuse-Resistant Authenticated Encryption Cipher.

  • ccm Pure Rust implementation of the Counter with CBC-MAC (CCM) mode (RFC 3610): an Authenticated Encryption with Associated Data (AEAD) algorithm generic over block ciphers with block size equal to 128 bits.

  • chacha20poly1305 Pure Rust implementation of ChaCha20Poly1305 (RFC 8439): an Authenticated Encryption with Associated Data (AEAD) cipher amenable to fast, constant-time implementations in software.

  • deoxys Pure Rust implementation of the Deoxys Authenticated Encryption with Associated Data (AEAD) cipher, including the Deoxys-II variant which was selected by the CAESAR competition as the best choice for in-depth security.

  • eax Pure Rust implementation of the EAX Authenticated Encryption with Associated Data (AEAD) cipher.

Ciphers (low-level block ciphers and stream ciphers)

Note: most users should use higher-level AEAD encryption algorithms enumerated above. Crates in this section are low-level "unauthenticated" ciphers which should be wrapped up in a higher-level construction prior to use.

  • aes Pure Rust implementation of the Advanced Encryption Standard (AES) permutation with optional AES-NI and ARMv8 hardware acceleration.

  • block-modes Generic implementation of block cipher modes of operation, including CBC and ECB modes.

  • chacha20 Pure Rust implementation of the ChaCha20 Stream Cipher including XChaCha20.

  • ctr Generic implementations of the Counter Mode (CTR) of operation for block ciphers.

  • des Data Encryption Standard (DES) and 3DES.

  • salsa20 Pure Rust implementation of the Salsa20 Stream Cipher.

Hash Functions and Friends

  • BLAKE2 Pure Rust implementation of the BLAKE2 hash function family.

  • BLAKE3 Official implementation of the BLAKE3 cryptographic hash function.

  • HKDF HMAC-based Extract-and-Expand Key Derivation Function (HKDF) for Rust.

  • MACs Collection of Message Authentication Code algorithms written in pure Rust including CMAC, HMAC, and PMAC.

  • Poseidon252 Reference implementation for the Poseidon Hashing algorithm.

  • RIPEMD160 Pure Rust implementation of the RIPEMD160 hash function.

  • SHA-2 Pure Rust implementation of the SHA-2 hash function family including SHA-224, SHA-256, SHA-384, and SHA-512.

  • SHA-3 Pure Rust implementation of the SHA-3 (Keccak) hash function.

  • universal-hashes Collection of Universal Hash Functions written in pure Rust including GHASH, POLYVAL, and Poly1305.

Password Hashing Functions

  • argon2 Pure Rust implementation of the Argon2 password hashing function.

  • bcrypt Pure Rust implementation of the bcrypt password hashing function.

  • pbkdf2 Pure Rust implementation of the Password-Based Key Derivation Function v2 (PBKDF2).

  • pkcs5 Pure Rust implementation of Public-Key Cryptography Standards #5: Password-Based Cryptography Specification Version 2.1 (RFC 8018) with support for the scrypt and PBKDF2 password-based key derivation functions.

  • rust-argon2 Rust library for hashing passwords using Argon2, the password-hashing function that won the Password Hashing Competition (PHC).

  • scrypt Pure Rust implementation of the scrypt key derivation function.

Asymmetric Cryptography

These crates implement individual asymmetric (a.k.a. public key) cryptography algorithms.

Asymmetric Primitives

  • curve25519-dalek A pure-Rust implementation of group operations on the Ristretto and Curve25519 elliptic curves.

  • BLS12-381 Implementation of the BLS12-381 pairing-friendly elliptic curve group.

  • bn Pairing cryptography library written in pure Rust, making use of the Barreto-Naehrig (BN) curve construction.

  • bp256 Brainpool P-256 elliptic curves.

  • fiat-rust Formally verified arithmetic implementations for several elliptic curves and word sizes, extracted to Rust from specifications written using in the Coq theorem prover.

  • Jubjub Pure Rust implementation of the Jubjub elliptic curve group and its associated fields.

  • k256 Pure Rust implementation of the secp256k1 (K-256) elliptic curve using complete formulas based on projective coordinates.

  • libsecp256k1-rs Pure Rust implementation of secp256k1.

  • p256 Pure Rust implementation of the NIST P-256 elliptic curve (a.k.a. prime256v1, secp256r1).

  • RSA Pure Rust implementation of the RSA algorithm.

  • rust-secp256k1 Rust FFI bindings for Bitcoin Core's secp256k1 library written in C.

Digital Signatures

  • bls_like Aggregate BLS signatures with extensive tuning options.

  • bls-signatures Implementation of BLS Signatures in pure Rust.

  • ecdsa Pure Rust implementation of the Elliptic Curve Digital Signature Algorithm (ECDSA) as specified in FIPS 186-4 (Digital Signature Standard).

  • ed25519 Cross-library compatibility crate for Edwards Digital Signature Algorithm (EdDSA) over Curve25519 as specified in RFC 8032.

  • ed25519-dalek Fast and efficient ed25519 key generation, signing, and verification in Rust.

  • milagro_bls BLS signatures using the Apache Milagro Cryptographic Library.

  • nisty NIST P-256 signatures for Cortex-M4 microcontrollers.

  • rust-minisign Pure Rust implementation of the Minisign signature system.

  • schnorrkel Implements Schnorr signature on Ristretto compressed Ed25519 points, as well as related protocols like HDKD, MuSig, and a verifiable random function (VRF).

Encryption (Hybrid Encryption)

Key Exchange

  • opaque-ke A Rust implementation of the OPAQUE Password-Authenticated Key Exchange protocol.

  • PAKEs Collection of Password-Authenticated Key Agreement protocols.

  • x25519-dalek Pure-Rust implementation of x25519 elliptic curve Diffie-Hellman key exchange, with curve operations provided by curve25519-dalek.

Threshold & Multiparty Signatures

  • multi-party-ecdsa Rust implementation of {t,n}-threshold ECDSA (elliptic curve digital signature algorithm).

  • multi-party-schnorr Multiparty and threshold Schnorr signatures

  • threshold_crypto A pairing-based threshold cryptosystem for collaborative decryption and signatures.

Verifiable Delay Functions (VDFs)

  • vdf An implementation of Verifiable Delay Functions in Rust.

Verifiable Random Functions (VRFs)

  • schnorrkel Implements Schnorr signature on Ristretto compressed Ed25519 points, as well as related protocols like HDKD, MuSig, and a verifiable random function (VRF).

Platform / Framework Bindings

These libraries are FFI bindings to OS platforms and commonly used cryptography frameworks.

  • native-tls An abstraction over platform-specific TLS implementations.

  • openssl OpenSSL FFI bindings for the Rust programming language.

  • security-framework Bindings to the Apple's Security.framework. Allows use of TLS and Keychain from Rust.

  • schannel Rust bindings to the Windows SChannel APIs providing TLS client and server functionality.

Cryptographic Hardware

These libraries provide host-side drivers for cryptographic hardware devices (e.g. authentication tokens, HSMs).

  • pkcs11 Rust PKCS#11 Library.

  • solo Solo is an open source security key.

  • yubihsm Pure-Rust client library for YubiHSM 2 devices which implements most the functionality of the libyubihsm C library from Yubico's YubiHSM SDK.

  • yubikey Pure Rust cross-platform host-side driver for YubiKey devices from Yubico with support for public-key encryption and digital signatures using the Personal Identity Verification (PIV) application.

Post-Quantum Cryptography

These libraries are designed to be secure against hypothetical future attacks by large quantum computers.

  • oqs Wrapper around Open-Quantum-Safe's liboqs cryptographic library.
  • pqcrypto FFI bindings to quantum-safe cryptographic libraries.

Random Number Generators

These libraries can be used to generate cryptographically secure random data.

  • rand Rust library for random number generation.

Zero-knowledge Proofs

These libraries can be used to create proof statements which do not reveal what is being proved.

  • arkworks-rs An ecosystem for developing and programming with zkSNARKs.

  • bellman A crate for building zk-SNARK circuits.

  • bellman-ce Bellman fork with support for Ethereum's BN256.

  • bellperson Bellman fork with GPU parallel acceleration for FFT and Multiexponentation subroutines in the Groth16 prover.

  • bulletproofs Pure-Rust implementation of Bulletproofs using Ristretto.

  • bulletproof Implements Bulletproofs+ and Bulletproofs aggregated range proofs with multi-exponent verification.

  • Dusk-Zerocaf Pure-Rust cryptographic library constructed to define operations for an elliptic curve embedded into the Ristretto scalar field.

  • merlin Composable proof transcripts for public-coin arguments of knowledge.

  • OpenZKP Pure-Rust implementations of Zero-Knowledge Proof systems.

  • Spartan High-speed zkSNARKs without trusted setup.

  • ZoKrates A toolbox for zkSNARKs on Ethereum.

  • zkp Macro-based zero-knowledge proof compiler for Schnorr proofs.

Secure Multiparty Computation

These libraries allow several participants to collectively perform a computation without revealing what is being computed to the participants.

  • libpaillier Rust implementation of the Paillier cryptosystem with additive homomorphism

  • swanky A suite of Rust libraries for secure multi-party computation.

  • white-city API to integrate distributed network for secure computation protocols.

Format Decoders/Encoders

These libraries implement parsers and serializers for various cryptography-related formats.

  • base64ct Constant-time Base64 decoder/encoder with no_std support.

  • der Cryptography-oriented ASN.1 DER decoder/encoder with no_std support.

  • rasn A no_std ASN.1 codec framework (like serde but for ASN.1). Supports the following formats: BER, CER, DER.

  • pem-rfc7468 Constant-time implementation of the strict PEM encoding rules for PKIX, PKCS, and CMS Structures.

  • pkcs1 Pure Rust implementation of Public-Key Cryptography Standards #1: RSA Cryptography Specifications Version 2.2 (RFC 8017).

  • pkcs8 Pure Rust implementation of Public-Key Cryptography Standards #8: Private-Key Information Syntax Specification (RFC 5208).

  • x509-parser X.509 v3 (RFC5280) parser, implemented with the nom parser combinator framework.

Defensive Measures

These libraries can be used to harden cryptographic algorithms against attacks.

Constant-Time Code

  • subtle Pure-Rust traits and utilities for constant-time cryptographic implementations.

Protecting Secrets in Memory

  • secrecy A simple secret-keeping library for Rust.

Zeroing Memory

  • zeroize Securely zero memory while avoiding compiler optimizations.

Arithmetic

These libraries implement mathematical algorithms potentially interesting for cryptography-related applications.

  • crypto-bigint Cryptography-oriented "bignum" library with constant-time algorithms including modular arithmetic, stack-allocated big integers, and no_std support

  • nalgebra Linear algebra library for Rust.

  • num Collection of numeric types and traits for Rust. (Bigint).

  • rust-decimal Decimal implementation written in pure Rust suitable for financial calculations that require significant integral and fractional digits with no round-off errors.

Misc

Other libraries which don't fall into the categories listed above.

  • librustzcash A (work-in-progress) set of Rust crates for working with Zcash.

  • sequoia Implements OpenPGP in Rust.