Short URL for this page: cryptography.rs
Below is a list of actively maintained, highquality cryptography libraries independently developed by members of the Rust Community.
The list is compiled and curated by the Rust Cryptography Interest Group (RCIG). If you have any suggestions, questions, or other concerns with this list, please open an issue and we’ll get back to you.
The following badges are used to provide more information about libraries that meet certain criteria:
Badge  Description 

crate has at least one security audit (click to view)  
crate has been formally verified 
Note: libraries in each section are listed in alphabetical order, not order of preference.
Table of Contents
 Highlevel Libraries
 Transport Encryption Libraries
 Collections of Cryptographic Primitives
 Traits for Cryptographic Primitives
 Symmetric Cryptography
 Asymmetric Cryptography
 Platform / Framework Bindings
 Cryptographic Hardware
 PostQuantum Cryptography
 Random Number Generators
 Zeroknowledge Proofs
 Secure Multiparty Computation
 Fully Homomorphic Encryption
 Format Decoders/Encoders
 Defensive Measures
 Arithmetic
 Miscellany
Highlevel Libraries
These libraries function at a very high level and are designed for simplicity and easeofuse. They provide integrated key management in addition to providing highlevel APIs for algorithms.

rage Implementation of age – a simple, secure and modern encryption tool with small explicit keys, no config options, and UNIXstyle composability.

signatory Highlevel digital signature library with support for ECDSA and Ed25519.

tinkrust Rust port of Google’s highlevel Tink cryptography library.
Transport Encryption Libraries
These libraries implement protocols that are designed to protect dataintransit; i.e., network communications.

rustls Modern SSL/TLS library in Rust.

snow Pure Rust implementation of Trevor Perrin’s Noise Protocol.

strobers Relatively barebones,
no_std
implementation of the Strobe protocol framework in pure Rust. 
webpki validates Web PKI (TLS/SSL) certificates
Collections of Cryptographic Primitives
These libraries provide omnibus collections of different cryptographic primitives contained within a single library.

evercryptrust Rust bindings for evercrypt, a set of highperformance HACL*verified implementations of cryptographic primitives. bindings crate, bringing HACLverified cryptographic primitives.

libsm China’s Standards of Encryption Algorithms (SM2/3/4).

orion Collection of usable, easy and safe pureRust cryptographic primitives.

*ring* focused on the implementation, testing, and optimization of a core set of cryptographic operations exposed via an easytouse (and hardtomisuse) API. *ring* exposes a Rust API and is written in a hybrid of Rust, C, and assembly language.

themis Crossplatform general purpose crypto library for securing data during authentication, storage, messaging, network exchange, etc.

dryoc A pureRust, general purpose crypto library that implements libsodium primitives.
Traits for Cryptographic Primitives
The crates in this section provide traitbased abstractions for different types of cryptographic primitives, allowing implementations of higherlevel cryptographic algorithms and protocols which are generic over specific primitives and implementations.

aead Authenticated Encryption with Additional Data (AEAD) cipher traits.

arkec Elliptic curve traits as used by the
arkworks
ecosystem. 
arkff Finite field traits as used by the
arkworks
ecosystem. 
cipher Block cipher and stream cipher traits.

crypto Facade for all RustCrypto traits.

cryptomac Message Authentication Code (MAC) traits.

digest Digest/hash algorithm traits.

ellipticcurve Elliptic curve traits as used by the RustCrypto ecosystem.

ff Finite field traits as used by the RustCrypto and ZKCrypto ecosystems.

group Elliptic curve group traits as used by the RustCrypto and ZKCrypto ecosystems.

pairing Pairingfriendly curve traits as used by the ZKCrypto ecosystem.

passwordhash Password hashing traits and support for the PHC string format.

signature Digital signature traits.

universalhash Universal Hash Function (UHF) traits.
Symmetric Cryptography
These crates implement individual symmetric cryptography algorithms.
Authenticated Encryption with Associated Data (AEAD) Algorithms
These are highlevel symmetric encryption libraries which ensure both the confidentiality and integrity of data.

aesgcm Pure Rust implementation of the AESGCM Authenticated Encryption with Associated Data (AEAD) cipher.

aesgcmsiv AESGCMSIV (RFC 8452) is a stateoftheart highperformance Authenticated Encryption with Associated Data (AEAD) cipher which also provides nonce reuse misuse resistance.

aessiv AESSIV MisuseResistant Authenticated Encryption Cipher.

asconaead Pure Rust implementation of the Ascon Authenticated Encryption with Associated Data (AEAD) cipher, including implementations of the Ascon128 and Ascon128a variants.

ccm Pure Rust implementation of the Counter with CBCMAC (CCM) mode (RFC 3610): an Authenticated Encryption with Associated Data (AEAD) algorithm generic over block ciphers with block size equal to 128 bits.

chacha20poly1305 Pure Rust implementation of ChaCha20Poly1305 (RFC 8439): an Authenticated Encryption with Associated Data (AEAD) cipher amenable to fast, constanttime implementations in software.

deoxys Pure Rust implementation of the Deoxys Authenticated Encryption with Associated Data (AEAD) cipher, including the DeoxysII variant which was selected by the CAESAR competition as the best choice for indepth security.

eax Pure Rust implementation of the EAX Authenticated Encryption with Associated Data (AEAD) cipher.
Ciphers (lowlevel block ciphers and stream ciphers)
Note: most users should use higherlevel AEAD encryption algorithms enumerated above. Crates in this section are lowlevel “unauthenticated” ciphers which should be wrapped up in a higherlevel construction prior to use.

aes Pure Rust implementation of the Advanced Encryption Standard (AES) permutation with optional AESNI and ARMv8 hardware acceleration.

blockmodes Generic implementation of block cipher modes of operation, including CBC and ECB modes.

chacha20 Pure Rust implementation of the ChaCha20 Stream Cipher including XChaCha20.

ctr Generic implementations of the Counter Mode (CTR) of operation for block ciphers.

des Data Encryption Standard (DES) and 3DES.

salsa20 Pure Rust implementation of the Salsa20 Stream Cipher.
Hash Functions and Friends

asconhash Pure Rust implementation of the Ascon hash and extendable output function (XOF) including the Ascon128 and Ascon128a variants.

BLAKE2 Pure Rust implementation of the BLAKE2 hash function family.

BLAKE3 Official implementation of the BLAKE3 cryptographic hash function.

HKDF HMACbased ExtractandExpand Key Derivation Function (HKDF) for Rust.

MACs Collection of Message Authentication Code algorithms written in pure Rust including CMAC, HMAC, and PMAC.

Poseidon252 Reference implementation for the Poseidon Hashing algorithm.

RIPEMD160 Pure Rust implementation of the RIPEMD160 hash function.

SHA2 Pure Rust implementation of the SHA2 hash function family including SHA224, SHA256, SHA384, and SHA512.

SHA3 Pure Rust implementation of the SHA3 (Keccak) hash function.

universalhashes Collection of Universal Hash Functions written in pure Rust including GHASH, POLYVAL, and Poly1305.
Password Hashing Functions

argon2 Pure Rust implementation of the Argon2 password hashing function.

bcrypt Pure Rust implementation of the bcrypt password hashing function.

pbkdf2 Pure Rust implementation of the PasswordBased Key Derivation Function v2 (PBKDF2).

phpass Pure Rust implementation of the PhPass algorithm used by WordPress.

pkcs5 Pure Rust implementation of PublicKey Cryptography Standards #5: PasswordBased Cryptography Specification Version 2.1 (RFC 8018) with support for the scrypt and PBKDF2 passwordbased key derivation functions.

rustargon2 Rust library for hashing passwords using Argon2, the passwordhashing function that won the Password Hashing Competition (PHC).

scrypt Pure Rust implementation of the scrypt key derivation function.
Asymmetric Cryptography
These crates implement individual asymmetric (a.k.a. public key) cryptography algorithms.
Asymmetric Primitives

arkcurves Implementation of a number of popular elliptic curves.

curve25519dalek A pureRust implementation of group operations on the Ristretto and Curve25519 elliptic curves.

bls12_381 Implementation of the BLS12381 pairingfriendly elliptic curve group.

bn Pairing cryptography library written in pure Rust, making use of the BarretoNaehrig (BN) curve construction.

bp256 Brainpool P256 elliptic curves.

fiatrust Formally verified arithmetic implementations for several elliptic curves and word sizes, extracted to Rust from specifications written using in the Coq theorem prover.

h2crustref Pure Rust reference implementation of the hash to curve specification from IETF/CFRG Hash to Curve document. Contains hashing methods for elliptic curves in Weierstrass, Montgomery, and Twisted Edwards form.

jubjub Pure Rust implementation of the Jubjub elliptic curve group and its associated fields.

k256 Pure Rust implementation of the secp256k1 (K256) elliptic curve using complete formulas based on projective coordinates.

libsecp256k1rs Pure Rust implementation of secp256k1.

p256 Pure Rust implementation of the NIST P256 elliptic curve (a.k.a. prime256v1, secp256r1).

pasta_curves Rust implementation of the PallasVesta curve cycle for recursive zeroknowledge proofs.

RSA Pure Rust implementation of the RSA algorithm.

redoxecc Pure Rust reference implementation of the elliptic curve operations for Weierstrass, Montgomery, and Twisted Edwards curves.

rustsecp256k1 Rust FFI bindings for Bitcoin Core’s secp256k1 library written in C.
Digital Signatures

bls_like Aggregate BLS signatures with extensive tuning options.

blssignatures Implementation of BLS Signatures in pure Rust.

ecdsa Pure Rust implementation of the Elliptic Curve Digital Signature Algorithm (ECDSA) as specified in FIPS 1864 (Digital Signature Standard).

ed25519 Crosslibrary compatibility crate for Edwards Digital Signature Algorithm (EdDSA) over Curve25519 as specified in RFC 8032.

ed25519compact A compact Ed25519 implementation for Rust, no_std / WebAssembly friendly

ed25519dalek Fast and efficient ed25519 key generation, signing, and verification in Rust.

ed25519zebra Zcashflavored Ed25519 signatures for consensuscritical applications.

milagro_bls BLS signatures using the Apache Milagro Cryptographic Library.

nisty NIST P256 signatures for CortexM4 microcontrollers.

rustminisign Pure Rust implementation of the Minisign signature system.

schnorrkel Implements Schnorr signature on Ristretto compressed Ed25519 points, as well as related protocols like HDKD, MuSig, and a verifiable random function (VRF).
Encryption (Hybrid Encryption)
Key Exchange

opaqueke A Rust implementation of the OPAQUE PasswordAuthenticated Key Exchange protocol.

PAKEs Collection of PasswordAuthenticated Key Agreement protocols.

x25519dalek PureRust implementation of x25519 elliptic curve DiffieHellman key exchange, with curve operations provided by curve25519dalek.
Threshold & Multiparty Signatures

multipartyecdsa Rust implementation of {t,n}threshold ECDSA (elliptic curve digital signature algorithm).

multipartyschnorr Multiparty and threshold Schnorr signatures

threshold_crypto A pairingbased threshold cryptosystem for collaborative decryption and signatures.

FROST (on redjubjub) An implementation of FROST (Flexible RoundOptimized Schnorr Threshold) RedJubjub signatures.
Verifiable Delay Functions (VDFs)
 vdf An implementation of Verifiable Delay Functions in Rust.
Verifiable Random Functions (VRFs)
 schnorrkel Implements Schnorr signature on Ristretto compressed Ed25519 points, as well as related protocols like HDKD, MuSig, and a verifiable random function (VRF).
Platform / Framework Bindings
These libraries are FFI bindings to OS platforms and commonly used cryptography frameworks.

mesalink OpenSSLcompatible C library implemented in Rust

nativetls An abstraction over platformspecific TLS implementations.

openssl OpenSSL FFI bindings for the Rust programming language.

schannel Rust bindings to the Windows SChannel APIs providing TLS client and server functionality.

securityframework Bindings to the Apple’s Security.framework. Allows use of TLS and Keychain from Rust.
Cryptographic Hardware
These libraries provide hostside drivers for cryptographic hardware devices (e.g. authentication tokens, HSMs).

cryptoki Rustnative PKCS#11 library.

rustcryptoauthlib Rust library for interfacing with ATECCx08a devices.

solo Solo is an open source security key.

tssesapi Rustnative library for interfacing with TPM 2.0 devices via the TCG Enhanced System API (ESAPI).

yubihsm PureRust client library for YubiHSM 2 devices which implements most the functionality of the libyubihsm C library from Yubico’s YubiHSM SDK.

yubikey Pure Rust crossplatform hostside driver for YubiKey devices from Yubico with support for publickey encryption and digital signatures using the Personal Identity Verification (PIV) application.
PostQuantum Cryptography
These libraries are designed to be secure against hypothetical future attacks by large quantum computers.

mlkem Pure Rust implementation of the ModuleLatticeBased KeyEncapsulation Mechanism standard (formerly known as Kyber) as described in FIPS 203 (final).

oqs Wrapper around OpenQuantumSafe’s liboqs cryptographic library.

pqcrypto FFI bindings to quantumsafe cryptographic libraries.

picnicbindings FFI bindings to Picnic library implementating the traits from signature.

pqcryptopicnic FFI bindings to Picnic library implementating the traits from pqcrypto.
Random Number Generators

rand Rust library for random number generation.

getrandom Interface to the operating system’s random number generator.
Zeroknowledge Proofs

arkworks An ecosystem for developing and programming with zkSNARKs.

bellman A crate for building zkSNARK circuits.

bellmance Bellman fork with support for Ethereum’s BN256.

bellperson Bellman fork with GPU parallel acceleration for FFT and Multiexponentation subroutines in the Groth16 prover.

bulletproofs PureRust implementation of Bulletproofs using Ristretto.

bulletproof Implements Bulletproofs+ and Bulletproofs aggregated range proofs with multiexponent verification.

DuskZerocaf PureRust cryptographic library constructed to define operations for an elliptic curve embedded into the Ristretto scalar field.

merlin Composable proof transcripts for publiccoin arguments of knowledge.

OpenZKP PureRust implementations of ZeroKnowledge Proof systems.

snarkVM A Rust implementation of Zexe, a model for decentralized private computation using zeroknowledge proofs

Spartan Highspeed zkSNARKs without trusted setup.

winterfell A distributed STARK prover.

ZoKrates A toolbox for zkSNARKs on Ethereum.

zkp Macrobased zeroknowledge proof compiler for Schnorr proofs.
Secure Multiparty Computation
These libraries allow several participants to collectively perform a computation without revealing what is being computed to the participants.

libpaillier Rust implementation of the Paillier cryptosystem with additive homomorphism

swanky A suite of Rust libraries for secure multiparty computation.

whitecity API to integrate distributed network for secure computation protocols.
Fully Homomorphic Encryption
These libraries allow to perform secure computation, e.g. computations over encrypted data.
 concrete Rust implementation of various FHE operations based on the TFHE scheme.
 TFHErs Pure Rust implementation of the TFHE scheme for boolean and integers FHE arithmetics.
Format Decoders/Encoders
These libraries implement parsers and serializers for various cryptographyrelated formats.

base64ct Constanttime Base64 decoder/encoder with
no_std
support. 
der Cryptographyoriented ASN.1 DER decoder/encoder with
no_std
support. 
pemrfc7468 Constanttime implementation of the strict PEM encoding rules for PKIX, PKCS, and CMS Structures.

pkcs1 Pure Rust implementation of PublicKey Cryptography Standards #1: RSA Cryptography Specifications Version 2.2 (RFC 8017).

pkcs8 Pure Rust implementation of PublicKey Cryptography Standards #8: PrivateKey Information Syntax Specification (RFC 5208).

rasn A
no_std
ASN.1 codec framework (like serde but for ASN.1). Supports the following formats: BER, CER, DER. 
x509parser X.509 v3 (RFC5280) parser, implemented with the nom parser combinator framework.
Defensive Measures
These libraries can be used to harden cryptographic algorithms against attacks.
ConstantTime Code
 subtle PureRust traits and utilities for constanttime cryptographic implementations.
Protecting Secrets in Memory
 secrecy A simple secretkeeping library for Rust.
Zeroing Memory
 zeroize Securely zero memory while avoiding compiler optimizations.
Arithmetic
These libraries implement mathematical algorithms potentially interesting for cryptographyrelated applications.

cryptobigint Cryptographyoriented “bignum” library with constanttime algorithms including modular arithmetic, stackallocated big integers, and
no_std
support 
cryptoprimes A crate for generating random primes and primality testing based on
cryptobigint
integers. 
nalgebra Linear algebra library for Rust.

num Collection of numeric types and traits for Rust. (Bigint).

rustdecimal Decimal implementation written in pure Rust suitable for financial calculations that require significant integral and fractional digits with no roundoff errors.

secretintegers Integer wrapper types that guarantee constanttime operations only.
Miscellany
Other libraries which don’t fall into the categories listed above.

librustzcash A (workinprogress) set of Rust crates for working with Zcash.

sequoia Implements OpenPGP in Rust.