Short URL for this page: cryptography.rs
Below is a list of actively maintained, high-quality cryptography libraries independently developed by members of the Rust Community.
The list is compiled and curated by the Rust Cryptography Interest Group (RCIG). If you have any suggestions, questions, or other concerns with this list, please open an issue and we’ll get back to you.
The following badges are used to provide more information about libraries that meet certain criteria:
Badge | Description |
---|---|
crate has at least one security audit (click to view) | |
crate has been formally verified |
Note: libraries in each section are listed in alphabetical order, not order of preference.
Table of Contents
- High-level Libraries
- Transport Encryption Libraries
- Collections of Cryptographic Primitives
- Traits for Cryptographic Primitives
- Symmetric Cryptography
- Asymmetric Cryptography
- Platform / Framework Bindings
- Cryptographic Hardware
- Post-Quantum Cryptography
- Random Number Generators
- Zero-knowledge Proofs
- Secure Multiparty Computation
- Fully Homomorphic Encryption
- Format Decoders/Encoders
- Defensive Measures
- Arithmetic
- Miscellany
High-level Libraries
These libraries function at a very high level and are designed for simplicity and ease-of-use. They provide integrated key management in addition to providing high-level APIs for algorithms.
-
rage Implementation of age – a simple, secure and modern encryption tool with small explicit keys, no config options, and UNIX-style composability.
-
signatory High-level digital signature library with support for ECDSA and Ed25519.
-
tink-rust Rust port of Google’s high-level Tink cryptography library.
Transport Encryption Libraries
These libraries implement protocols that are designed to protect data-in-transit; i.e., network communications.
-
rustls Modern SSL/TLS library in Rust.
-
snow Pure Rust implementation of Trevor Perrin’s Noise Protocol.
-
strobe-rs Relatively barebones,
no_std
implementation of the Strobe protocol framework in pure Rust. -
webpki validates Web PKI (TLS/SSL) certificates
Collections of Cryptographic Primitives
These libraries provide omnibus collections of different cryptographic primitives contained within a single library.
-
evercrypt-rust Rust bindings for evercrypt, a set of high-performance HACL*-verified implementations of cryptographic primitives. bindings crate, bringing HACL-verified cryptographic primitives.
-
libsm China’s Standards of Encryption Algorithms (SM2/3/4).
-
orion Collection of usable, easy and safe pure-Rust cryptographic primitives.
-
*ring* focused on the implementation, testing, and optimization of a core set of cryptographic operations exposed via an easy-to-use (and hard-to-misuse) API. *ring* exposes a Rust API and is written in a hybrid of Rust, C, and assembly language.
-
themis Cross-platform general purpose crypto library for securing data during authentication, storage, messaging, network exchange, etc.
-
dryoc A pure-Rust, general purpose crypto library that implements libsodium primitives.
Traits for Cryptographic Primitives
The crates in this section provide trait-based abstractions for different types of cryptographic primitives, allowing implementations of higher-level cryptographic algorithms and protocols which are generic over specific primitives and implementations.
-
aead Authenticated Encryption with Additional Data (AEAD) cipher traits.
-
ark-ec Elliptic curve traits as used by the
arkworks
ecosystem. -
ark-ff Finite field traits as used by the
arkworks
ecosystem. -
cipher Block cipher and stream cipher traits.
-
crypto Facade for all RustCrypto traits.
-
crypto-mac Message Authentication Code (MAC) traits.
-
digest Digest/hash algorithm traits.
-
elliptic-curve Elliptic curve traits as used by the RustCrypto ecosystem.
-
ff Finite field traits as used by the RustCrypto and ZKCrypto ecosystems.
-
group Elliptic curve group traits as used by the RustCrypto and ZKCrypto ecosystems.
-
pairing Pairing-friendly curve traits as used by the ZKCrypto ecosystem.
-
password-hash Password hashing traits and support for the PHC string format.
-
signature Digital signature traits.
-
universal-hash Universal Hash Function (UHF) traits.
Symmetric Cryptography
These crates implement individual symmetric cryptography algorithms.
Authenticated Encryption with Associated Data (AEAD) Algorithms
These are high-level symmetric encryption libraries which ensure both the confidentiality and integrity of data.
-
aes-gcm Pure Rust implementation of the AES-GCM Authenticated Encryption with Associated Data (AEAD) cipher.
-
aes-gcm-siv AES-GCM-SIV (RFC 8452) is a state-of-the-art high-performance Authenticated Encryption with Associated Data (AEAD) cipher which also provides nonce reuse misuse resistance.
-
aes-siv AES-SIV Misuse-Resistant Authenticated Encryption Cipher.
-
ascon-aead Pure Rust implementation of the Ascon Authenticated Encryption with Associated Data (AEAD) cipher, including implementations of the Ascon-128 and Ascon-128a variants.
-
ccm Pure Rust implementation of the Counter with CBC-MAC (CCM) mode (RFC 3610): an Authenticated Encryption with Associated Data (AEAD) algorithm generic over block ciphers with block size equal to 128 bits.
-
chacha20poly1305 Pure Rust implementation of ChaCha20Poly1305 (RFC 8439): an Authenticated Encryption with Associated Data (AEAD) cipher amenable to fast, constant-time implementations in software.
-
deoxys Pure Rust implementation of the Deoxys Authenticated Encryption with Associated Data (AEAD) cipher, including the Deoxys-II variant which was selected by the CAESAR competition as the best choice for in-depth security.
-
eax Pure Rust implementation of the EAX Authenticated Encryption with Associated Data (AEAD) cipher.
Ciphers (low-level block ciphers and stream ciphers)
Note: most users should use higher-level AEAD encryption algorithms enumerated above. Crates in this section are low-level “unauthenticated” ciphers which should be wrapped up in a higher-level construction prior to use.
-
aes Pure Rust implementation of the Advanced Encryption Standard (AES) permutation with optional AES-NI and ARMv8 hardware acceleration.
-
block-modes Generic implementation of block cipher modes of operation, including CBC and ECB modes.
-
chacha20 Pure Rust implementation of the ChaCha20 Stream Cipher including XChaCha20.
-
ctr Generic implementations of the Counter Mode (CTR) of operation for block ciphers.
-
des Data Encryption Standard (DES) and 3DES.
-
salsa20 Pure Rust implementation of the Salsa20 Stream Cipher.
Hash Functions and Friends
-
ascon-hash Pure Rust implementation of the Ascon hash and extendable output function (XOF) including the Ascon-128 and Ascon-128a variants.
-
BLAKE2 Pure Rust implementation of the BLAKE2 hash function family.
-
BLAKE3 Official implementation of the BLAKE3 cryptographic hash function.
-
HKDF HMAC-based Extract-and-Expand Key Derivation Function (HKDF) for Rust.
-
MACs Collection of Message Authentication Code algorithms written in pure Rust including CMAC, HMAC, and PMAC.
-
Poseidon252 Reference implementation for the Poseidon Hashing algorithm.
-
RIPEMD160 Pure Rust implementation of the RIPEMD160 hash function.
-
SHA-2 Pure Rust implementation of the SHA-2 hash function family including SHA-224, SHA-256, SHA-384, and SHA-512.
-
SHA-3 Pure Rust implementation of the SHA-3 (Keccak) hash function.
-
universal-hashes Collection of Universal Hash Functions written in pure Rust including GHASH, POLYVAL, and Poly1305.
Password Hashing Functions
-
argon2 Pure Rust implementation of the Argon2 password hashing function.
-
bcrypt Pure Rust implementation of the bcrypt password hashing function.
-
pbkdf2 Pure Rust implementation of the Password-Based Key Derivation Function v2 (PBKDF2).
-
phpass Pure Rust implementation of the PhPass algorithm used by WordPress.
-
pkcs5 Pure Rust implementation of Public-Key Cryptography Standards #5: Password-Based Cryptography Specification Version 2.1 (RFC 8018) with support for the scrypt and PBKDF2 password-based key derivation functions.
-
rust-argon2 Rust library for hashing passwords using Argon2, the password-hashing function that won the Password Hashing Competition (PHC).
-
scrypt Pure Rust implementation of the scrypt key derivation function.
Asymmetric Cryptography
These crates implement individual asymmetric (a.k.a. public key) cryptography algorithms.
Asymmetric Primitives
-
ark-curves Implementation of a number of popular elliptic curves.
-
curve25519-dalek A pure-Rust implementation of group operations on the Ristretto and Curve25519 elliptic curves.
-
bls12_381 Implementation of the BLS12-381 pairing-friendly elliptic curve group.
-
bn Pairing cryptography library written in pure Rust, making use of the Barreto-Naehrig (BN) curve construction.
-
bp256 Brainpool P-256 elliptic curves.
-
fiat-rust Formally verified arithmetic implementations for several elliptic curves and word sizes, extracted to Rust from specifications written using in the Coq theorem prover.
-
h2c-rust-ref Pure Rust reference implementation of the hash to curve specification from IETF/CFRG Hash to Curve document. Contains hashing methods for elliptic curves in Weierstrass, Montgomery, and Twisted Edwards form.
-
jubjub Pure Rust implementation of the Jubjub elliptic curve group and its associated fields.
-
k256 Pure Rust implementation of the secp256k1 (K-256) elliptic curve using complete formulas based on projective coordinates.
-
libsecp256k1-rs Pure Rust implementation of secp256k1.
-
p256 Pure Rust implementation of the NIST P-256 elliptic curve (a.k.a. prime256v1, secp256r1).
-
pasta_curves Rust implementation of the Pallas-Vesta curve cycle for recursive zero-knowledge proofs.
-
RSA Pure Rust implementation of the RSA algorithm.
-
redox-ecc Pure Rust reference implementation of the elliptic curve operations for Weierstrass, Montgomery, and Twisted Edwards curves.
-
rust-secp256k1 Rust FFI bindings for Bitcoin Core’s secp256k1 library written in C.
Digital Signatures
-
bls_like Aggregate BLS signatures with extensive tuning options.
-
bls-signatures Implementation of BLS Signatures in pure Rust.
-
ecdsa Pure Rust implementation of the Elliptic Curve Digital Signature Algorithm (ECDSA) as specified in FIPS 186-4 (Digital Signature Standard).
-
ed25519 Cross-library compatibility crate for Edwards Digital Signature Algorithm (EdDSA) over Curve25519 as specified in RFC 8032.
-
ed25519-compact A compact Ed25519 implementation for Rust, no_std / WebAssembly friendly
-
ed25519-dalek Fast and efficient ed25519 key generation, signing, and verification in Rust.
-
ed25519-zebra Zcash-flavored Ed25519 signatures for consensus-critical applications.
-
milagro_bls BLS signatures using the Apache Milagro Cryptographic Library.
-
nisty NIST P-256 signatures for Cortex-M4 microcontrollers.
-
rust-minisign Pure Rust implementation of the Minisign signature system.
-
schnorrkel Implements Schnorr signature on Ristretto compressed Ed25519 points, as well as related protocols like HDKD, MuSig, and a verifiable random function (VRF).
Encryption (Hybrid Encryption)
Key Exchange
-
opaque-ke A Rust implementation of the OPAQUE Password-Authenticated Key Exchange protocol.
-
PAKEs Collection of Password-Authenticated Key Agreement protocols.
-
x25519-dalek Pure-Rust implementation of x25519 elliptic curve Diffie-Hellman key exchange, with curve operations provided by curve25519-dalek.
Threshold & Multiparty Signatures
-
multi-party-ecdsa Rust implementation of {t,n}-threshold ECDSA (elliptic curve digital signature algorithm).
-
multi-party-schnorr Multiparty and threshold Schnorr signatures
-
threshold_crypto A pairing-based threshold cryptosystem for collaborative decryption and signatures.
-
FROST (on redjubjub) An implementation of FROST (Flexible Round-Optimized Schnorr Threshold) RedJubjub signatures.
Verifiable Delay Functions (VDFs)
- vdf An implementation of Verifiable Delay Functions in Rust.
Verifiable Random Functions (VRFs)
- schnorrkel Implements Schnorr signature on Ristretto compressed Ed25519 points, as well as related protocols like HDKD, MuSig, and a verifiable random function (VRF).
Platform / Framework Bindings
These libraries are FFI bindings to OS platforms and commonly used cryptography frameworks.
-
mesalink OpenSSL-compatible C library implemented in Rust
-
native-tls An abstraction over platform-specific TLS implementations.
-
openssl OpenSSL FFI bindings for the Rust programming language.
-
schannel Rust bindings to the Windows SChannel APIs providing TLS client and server functionality.
-
security-framework Bindings to the Apple’s Security.framework. Allows use of TLS and Keychain from Rust.
Cryptographic Hardware
These libraries provide host-side drivers for cryptographic hardware devices (e.g. authentication tokens, HSMs).
-
cryptoki Rust-native PKCS#11 library.
-
rust-cryptoauthlib Rust library for interfacing with ATECCx08a devices.
-
solo Solo is an open source security key.
-
tss-esapi Rust-native library for interfacing with TPM 2.0 devices via the TCG Enhanced System API (ESAPI).
-
yubihsm Pure-Rust client library for YubiHSM 2 devices which implements most the functionality of the libyubihsm C library from Yubico’s YubiHSM SDK.
-
yubikey Pure Rust cross-platform host-side driver for YubiKey devices from Yubico with support for public-key encryption and digital signatures using the Personal Identity Verification (PIV) application.
Post-Quantum Cryptography
These libraries are designed to be secure against hypothetical future attacks by large quantum computers.
-
ml-kem Pure Rust implementation of the Module-Lattice-Based Key-Encapsulation Mechanism standard (formerly known as Kyber) as described in FIPS 203 (final).
-
oqs Wrapper around Open-Quantum-Safe’s liboqs cryptographic library.
-
pqcrypto FFI bindings to quantum-safe cryptographic libraries.
-
picnic-bindings FFI bindings to Picnic library implementating the traits from signature.
-
pqcrypto-picnic FFI bindings to Picnic library implementating the traits from pqcrypto.
Random Number Generators
-
rand Rust library for random number generation.
-
getrandom Interface to the operating system’s random number generator.
Zero-knowledge Proofs
-
arkworks An ecosystem for developing and programming with zkSNARKs.
-
bellman A crate for building zk-SNARK circuits.
-
bellman-ce Bellman fork with support for Ethereum’s BN256.
-
bellperson Bellman fork with GPU parallel acceleration for FFT and Multiexponentation subroutines in the Groth16 prover.
-
bulletproofs Pure-Rust implementation of Bulletproofs using Ristretto.
-
bulletproof Implements Bulletproofs+ and Bulletproofs aggregated range proofs with multi-exponent verification.
-
Dusk-Zerocaf Pure-Rust cryptographic library constructed to define operations for an elliptic curve embedded into the Ristretto scalar field.
-
merlin Composable proof transcripts for public-coin arguments of knowledge.
-
OpenZKP Pure-Rust implementations of Zero-Knowledge Proof systems.
-
snarkVM A Rust implementation of Zexe, a model for decentralized private computation using zero-knowledge proofs
-
Spartan High-speed zkSNARKs without trusted setup.
-
winterfell A distributed STARK prover.
-
ZoKrates A toolbox for zkSNARKs on Ethereum.
-
zkp Macro-based zero-knowledge proof compiler for Schnorr proofs.
Secure Multiparty Computation
These libraries allow several participants to collectively perform a computation without revealing what is being computed to the participants.
-
libpaillier Rust implementation of the Paillier cryptosystem with additive homomorphism
-
swanky A suite of Rust libraries for secure multi-party computation.
-
white-city API to integrate distributed network for secure computation protocols.
Fully Homomorphic Encryption
These libraries allow to perform secure computation, e.g. computations over encrypted data.
- concrete Rust implementation of various FHE operations based on the TFHE scheme.
- TFHE-rs Pure Rust implementation of the TFHE scheme for boolean and integers FHE arithmetics.
Format Decoders/Encoders
These libraries implement parsers and serializers for various cryptography-related formats.
-
base64ct Constant-time Base64 decoder/encoder with
no_std
support. -
der Cryptography-oriented ASN.1 DER decoder/encoder with
no_std
support. -
pem-rfc7468 Constant-time implementation of the strict PEM encoding rules for PKIX, PKCS, and CMS Structures.
-
pkcs1 Pure Rust implementation of Public-Key Cryptography Standards #1: RSA Cryptography Specifications Version 2.2 (RFC 8017).
-
pkcs8 Pure Rust implementation of Public-Key Cryptography Standards #8: Private-Key Information Syntax Specification (RFC 5208).
-
rasn A
no_std
ASN.1 codec framework (like serde but for ASN.1). Supports the following formats: BER, CER, DER. -
x509-parser X.509 v3 (RFC5280) parser, implemented with the nom parser combinator framework.
Defensive Measures
These libraries can be used to harden cryptographic algorithms against attacks.
Constant-Time Code
- subtle Pure-Rust traits and utilities for constant-time cryptographic implementations.
Protecting Secrets in Memory
- secrecy A simple secret-keeping library for Rust.
Zeroing Memory
- zeroize Securely zero memory while avoiding compiler optimizations.
Arithmetic
These libraries implement mathematical algorithms potentially interesting for cryptography-related applications.
-
crypto-bigint Cryptography-oriented “bignum” library with constant-time algorithms including modular arithmetic, stack-allocated big integers, and
no_std
support -
crypto-primes A crate for generating random primes and primality testing based on
crypto-bigint
integers. -
nalgebra Linear algebra library for Rust.
-
num Collection of numeric types and traits for Rust. (Bigint).
-
rust-decimal Decimal implementation written in pure Rust suitable for financial calculations that require significant integral and fractional digits with no round-off errors.
-
secret-integers Integer wrapper types that guarantee constant-time operations only.
Miscellany
Other libraries which don’t fall into the categories listed above.
-
librustzcash A (work-in-progress) set of Rust crates for working with Zcash.
-
sequoia Implements OpenPGP in Rust.