Skip to main content

Overview and package catalog

post-quantum-packages is a unified monorepo of NIST post-quantum cryptography packages for TypeScript and Rust, published to npm and crates.io with identical APIs and shared NIST ACVP test vectors. Python is planned.

Package catalog

Core

PackageDescriptionStatus
pq-oidOID constants for ML-KEM, ML-DSA, SLH-DSAPublished
pq-algorithm-idAlgorithm identifier mappings (JOSE, COSE, X.509)Published
pq-key-encoderKey encoding (DER, PEM, JWK, SPKI, PKCS#8)Published
pq-key-fingerprintPublic key fingerprint generationPublished
pq-test-vectorsNIST test vectors as importable fixturesScaffolded
pq-key-strengthClassical vs PQ security level comparisonScaffolded
pq-size-calculatorSignature, ciphertext, and key size calculatorScaffolded
pq-rngDeterministic RNG for testingScaffolded
pq-side-channelSide-channel resistant helpersScaffolded

Key encoding and certificates

PackageDescriptionStatus
pq-spkiSubjectPublicKeyInfo encodingScaffolded
pq-pkcs8PKCS#8 private key encodingScaffolded
pq-csrCertificate Signing RequestsScaffolded
pq-cert-parseX.509 certificate parsing (read-only)Scaffolded
pq-cert-verifyX.509 certificate chain verificationScaffolded

Web standards (JOSE / COSE / CMS)

PackageDescriptionStatus
pq-jwsJSON Web Signature with ML-DSAScaffolded
pq-jweJSON Web Encryption with ML-KEMScaffolded
pq-jwkJSON Web Key serializationScaffolded
pq-jwt-verifyVerify-only JWT (smaller bundle)Scaffolded
pq-coseCBOR Object Signing and EncryptionScaffolded
pq-cmsCryptographic Message SyntaxScaffolded
pq-pkcs7PKCS#7 signaturesScaffolded
pq-xmldsigXML Digital Signatures with ML-DSAScaffolded
pq-dkimDKIM email signingScaffolded

Encryption and key exchange

PackageDescriptionStatus
pq-eciesECIES-style encryption with ML-KEMScaffolded
pq-hpkeHybrid Public Key EncryptionScaffolded
pq-kem-combinerSecure multi-KEM combinerScaffolded
pq-noiseNoise protocol patterns with PQScaffolded

Authentication

PackageDescriptionStatus
pq-fido2FIDO2 / CTAP2 with PQScaffolded
pq-webauthnServer-side WebAuthn with ML-DSAScaffolded
pq-ssh-agentSSH agent protocol with PQ keysScaffolded
pq-kerberosKerberos ticket handling with PQScaffolded

Network protocols

PackageDescriptionStatus
pq-tls-clientTLS 1.3 client with PQ key exchangeScaffolded
pq-dtlsDTLS with PQ for UDPScaffolded
pq-quic-cryptoQUIC crypto layer with PQScaffolded

Blockchain

PackageDescriptionStatus
pq-eth-signerEthereum transaction signing with PQScaffolded
pq-solana-signerSolana transaction signing with PQScaffolded
pq-bitcoin-taprootTaproot-compatible PQ signaturesScaffolded

Browser and runtime

PackageDescriptionStatus
pq-wasmBrowser-ready WASM buildScaffolded
pq-workerWeb Worker wrapper for non-blocking PQScaffolded

Reading the catalog

  • Packages at v0.0.1 are scaffolded — the package structure, CI, and publish workflow are in place; implementation is open for contribution.
  • Packages at ≥ 1.0.0 have a real implementation and a published API.
  • This documentation covers implemented packages in detail. Scaffolded packages are listed above so you can see the roadmap.

Minimum supported versions

RuntimeVersion
Bun1.0+
Node.js18+
Rust1.78+

Repository structure

packages/
├── pq-oid/
│   ├── ts/        # TypeScript → npm
│   ├── rust/      # Rust → crates.io
│   └── python/    # Python → PyPI (planned)
├── pq-key-encoder/
│   ├── ts/
│   ├── rust/
│   └── python/
└── ...            # same structure for every package

Each language implementation has its own README with API docs and examples. The aggregated reference for implemented packages lives in the Package reference section.

Why a monorepo

Existing options force a choice between language-specific stacks or low-level primitives without tooling. This monorepo provides both: NIST-standard algorithms (ML-KEM, ML-DSA, SLH-DSA) and the higher-level encodings real applications need — key serialization, certificates, JWS/JWE, COSE/CMS, FIDO2, TLS, blockchain signing, browser runtimes. Each package treats PQ payload sizes as a first-class design constraint.

post-quantum-packagesliboqs bindingspqcrypto crate
TypeScript + RustYesPartialRust only
FIPS 203 / 204 / 205Yes (target)YesPartial
no_std (Rust)YesNoPartial