krypteia — Cryptography Workspace

Documentation

  • krypteia — Post-Quantum and Classical Cryptography in Rust
    • Goals
    • Status
    • Workspace layout
    • Project structure
    • Building
    • Cargo profiles
    • Test coverage and references
    • Contributing and security
    • License
  • krypteia-quantica — Post-Quantum Cryptography for the krypteia workspace
    • Design rules
    • Algorithms
      • ML-KEM (FIPS 203)
      • ML-DSA (FIPS 204)
      • SLH-DSA (FIPS 205)
    • Cargo features
    • Quick start
      • ML-KEM (FIPS 203) — Key Encapsulation
      • ML-DSA (FIPS 204) — Digital Signature
      • SLH-DSA (FIPS 205) — Stateless Hash-Based Signature
    • Typed key wrappers (Zeroize-on-Drop)
    • Parameter sets / curve families
      • ML-KEM (FIPS 203)
      • ML-DSA (FIPS 204)
      • SLH-DSA (FIPS 205) — SHAKE variants only
    • Design decisions
    • Side-channel countermeasures (summary)
      • Always-on
      • Feature-gated (sca-protected, on by default)
        • Approximate cost (single-threaded, release mode)
      • Timing leakage verification (dudect)
      • Known residual surface
      • Per-algorithm deep dives
        • krypteia — Side-Channel Analysis and Countermeasures
    • Performance
    • Building
      • Desktop / server (default)
      • no_std / bare-metal cross-compile
      • Cargo profiles
    • Test validation
      • NIST ACVP — happy-path conformance
      • Wycheproof — edge cases and negative tests
      • Custom negative / robustness tests
      • Running everything
      • Policy on test suites
    • Examples
      • Rust
      • C FFI
    • Module map
    • Known limitations
      • Side-channel protection
      • Standards conformance
      • Portability
      • Testing
    • Roadmap
      • Tier 1 — Active vulnerabilities (critical path)
      • Tier 2 — Hardening for evaluation
      • Tier 3 — Verification tooling
      • Tier 4 — Deferred / beyond the current evaluation scope
      • Tier 5 — Documentation pass
      • Already shipped (trace-back)
      • Suggested execution order (critical path)
    • References
    • License
  • krypteia-arcana — Classical Cryptography for the krypteia workspace
    • Design rules
    • Algorithms
      • Hash functions
      • Symmetric ciphers and modes
      • Message authentication codes (MACs)
      • RSA
      • Elliptic curve cryptography
      • Edwards / Montgomery curves
    • Cargo features
    • Quick start
      • Hashing (SHA-256)
      • AEAD (AES-128-GCM)
      • X25519 ECDH
      • HMAC-SHA-256 (streaming)
      • AES-256-CBC (Cipher ctx)
    • Typed key wrappers (Zeroize-on-Drop)
    • Parameter sets / curve families
      • NIST P-curves
      • Brainpool
      • secp256k1
      • Edwards / Montgomery
      • RSA key sizes
    • Design decisions
    • Side-channel countermeasures (summary)
      • Always-on
      • Feature-gated
      • Timing leakage verification (dudect)
      • Known residual surface
      • Per-algorithm deep dives
        • arcana — Side-Channel Analysis and Countermeasures
    • Performance
    • Building
      • Desktop / server (default)
      • no_std / bare-metal cross-compile
      • Cargo profiles
    • Test validation
      • NIST CAVP / FIPS / RFC happy-path conformance
      • Wycheproof
      • Custom negative / robustness tests
      • Running everything
      • Policy on test suites
    • Examples
      • Rust
      • C FFI
    • Module map
    • Known limitations
      • Side-channel protection
      • Standards conformance
      • Portability
      • Testing
    • Roadmap
      • Tier 1 — Active vulnerabilities (critical path)
      • Tier 2 — Hardening for evaluation
      • Tier 3 — Verification tooling
      • Tier 4 — Deferred / beyond the current evaluation scope
      • Tier 5 — Documentation pass
      • ECC follow-ups (already shipped)
      • Suggested execution order (critical path)
    • References
    • License
  • krypteia-silentops — side-channel countermeasure toolkit
    • Cargo features
    • Verification status
    • License
  • krypteia-memory — TLSF allocator for the krypteia workspace
    • Cargo features
    • Usage from C (bare-metal)
    • License
  • Rust API reference
    • How the API reference is produced
    • Notes for reviewers

Governance

  • Contributing to Krypteia
    • Position
    • Why this document exists
    • Five principles
      • 1. Domain expertise is the price of admission
      • 2. You own what you submit
      • 3. Validate against ground truth, not vibes
      • 4. Trace your reasoning
      • 5. Be honest about your tools
    • Pre-submission checklist
    • What we will reject without lengthy review
    • What we hold ourselves to
  • Security Maintenance Process — krypteia
    • 1. Mission and target
    • 2. Three pillars — veille, doc, code
    • 3. The shared skill — crypto-research
    • 4. Common directives
      • 4.1 Code
      • 4.2 Documentation
      • 4.3 Veille
      • 4.4 Verification
    • 5. Per-crate ownership
    • 6. Lifecycle of a security item
    • 7. Where to find what
    • 8. Vulnerability reporting
      • 8.1 Reporting channel
      • 8.2 Initial response
      • 8.3 Coordinated disclosure window
      • 8.4 Public advisory
      • 8.5 Out of scope
      • 8.6 Safe harbour
    • 9. License
  • Changelog
    • Unreleased
    • 0.1.0 - 2026-06-11
      • Added — quantica (post-quantum cryptography)
      • Added — arcana (classical cryptography)
      • Added — silentops (side-channel countermeasure toolkit)
      • Added — memory (TLSF allocator)
      • Added — Cross-architecture validation infrastructure (T3-A)
      • Added — Documentation pack and CI
      • Conventions and workspace shape adopted in v0.1
      • Known limitations carried into v0.1
      • Initial public release commit
krypteia — Cryptography Workspace
  • Search

© Copyright 2026, cslashm.

Built with Sphinx using a theme provided by Read the Docs.