JS bindings and playground of post-quantum asymmetric ciphers
APACHE-2.0 License
This project provides JS bindings and playground of post-quantum asymmetric cipher compiled to WebAssembly using emscripten with a fallback in plain JS.
The available methods are the finalists (and alternate candidates) of NIST Post-Quantum Cryptography Competition:
The C implementations used to create the bindings are the clean
versions provided by PQClean.
This project has been inspired by ntru.js that used to provide an NTRU JS binding.
It is possible to test the bindings, to compare them in real-world conditions on this playground.
Pre-built bindings are available on the playground.
Some bindings can directly be downloaded from npmjs.com:
CRYSTALS-Kyber:
npm install @dashlane/pqc-kem-kyber<512|768|1024>-<node|browser>
NTRU-HPS:
npm install @dashlane/pqc-kem-ntruhps<2048509|2048677|4096821>-<node|browser>
NTRU Prime:
npm install @dashlane/pqc-kem-ntrulpr<653|761|857>-<node|browser>
SABER:
npm install @dashlane/pqc-kem-<light||fire>saber-<node|browser>
CRYSTALS-Dilithium:
npm install @dashlane/pqc-sign-dilithium<2|3|5>-<node|browser>
Falcon:
npm install @dashlane/pqc-sign-falcon-<512|1024>-<node|browser>
sudo apt install emscripten
npm ci
make clean
make kem-<the KEM algorithm you want to build>
or make sign-<the signature algorithm you want to build>
make all
The output directory is docs/bin/
and each output binding is made of a JS module and its associated WebAssembly file,
a browser package, and a node package.
import kemBuilder from 'pqc-kem-<algoName>.js'
async function run() {
const kem = await kemBuilder();
const { publicKey, privateKey } = await kem.keypair();
const { ciphertext, sharedSecret: sharedSecretA } = await kem.encapsulate(publicKey);
const { sharedSecret: sharedSecretB } = await kem.decapsulate(ciphertext, privateKey);
// sharedSecretA === sharedSecretB
}
run();
import signBuilder from 'pqc-sign-<algoName>.js'
async function run() {
const sign = await signBuilder();
const message = new Uint8Array([0x44, 0x61, 0x73, 0x68, 0x6c, 0x61, 0x6e, 0x65]);
const { publicKey, privateKey } = await sign.keypair();
const { signature } = await sign.sign(message, privateKey);
const validSignature = await sign.verify(signature, message, publicKey);
// validSignature === true
}
run();
The first optional parameter of the builders is set to true
is you want to disable WebAssembly execution.
If it is set to false, the fallback JavaScript may still be used if the WebAssembly fails.
The second optional parameter of the builders is the path to the WebAssembly file.
crypto.randomBytes
.SHA-2
and AES
implementations are provided by SubtleCrypto that is an implementation of Web Crypto API. This maySHA-2
PQClean implementation is still used by sphincs-sha256-*
bindings because they are using incremental versionsha256
that do not exist in Web Crypto API.SHA-3
PQClean implementation is still used by NTRU, Kyber, SABER, FrodoKEM and McEliece-Classic because there are no