Skip to content

Post-quantum endpoint-to-endpoint encryption for messaging and file-sharing SDK

License

Apache-2.0, MIT licenses found

Licenses found

Apache-2.0
LICENSE-APACHE
MIT
LICENSE-MIT
Notifications You must be signed in to change notification settings

Avarok-Cybersecurity/Citadel-Protocol

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Website shields.io crates.io codecov Build docs License: MIT License: Apache 2.0 Slack Linux macOS Windows iOS Android

A post-quantum signal-like protocol that makes developing hyper-secure client-to-server and p2p applications easy

Whitepaper

The whitepaper for the Citadel Protocol can be found in the repository here. Note: this whitepaper has not been updated since July 2022. While the protocol is very similar to what is covered in the whitepaper, it has since evolved. The whitepaper will be synced to the source code in the near future.

Documentation

For examples on building applications, please check the docs

Build instructions

OpenSSL and Clang are required in order to compile the libraries. View the CI files in .github for an example of getting the code to compile on a bare machine. Alternatively, you can run the following command to setup the environment

cargo make install

Testing instructions

When running unit tests inside citadel_sdk, you must use the Makefile. The Makefile contains special flags and environmental variables set to interface with cargo test. First, install cargo make:

cargo install --force cargo-make

To run tests locally with limited setup, run:

cargo make test-local

To run a comprehensive set of tests that require a SQL and/or redis server set up (please check the description in Makefile.toml for help setting up the environment variables), run:

cargo make test

WASM (dev only WIP)

The target triple wasm32-wasi is a WIP for support. These commands should be executed in order to compile to wasm

cargo install cargo-wasix
curl https://get.wasmer.io -sSfL | sudo sh
export PATH=$PATH:~/.wasmer/bin/

# If on mac, ensure llvm via brew is installed to allow webassembly as a target
brew install llvm

# Install wasi-sysroot
wget https://github.com/WebAssembly/wasi-sdk/releases/download/wasi-sdk-12/wasi-sysroot-12.0.tar.gz
tar -xvzf wasi-sysroot-12.0.tar.gz
rm wasi-sysroot-12.0.tar.gz

# Set environment variables. Must use custom version of clang and ar
export WASI_SDK_DIR="$(pwd)/wasi-sysroot"
export PATH="/opt/homebrew/Cellar/llvm/<LATEST_VERSION>/bin/:$PATH"
export AR="/opt/homebrew/Cellar/llvm/<LATEST_VERSION>/bin/llvm-ar"
export CC="/opt/homebrew/Cellar/llvm/<LATEST_VERSION>/bin/clang"

Then, to test on wasix, run:

cargo wasix test --package=citadel_pqcrypto --profile=wasix

The profile wasix is provided such that the highest level of optimization is used. This is necessary for the wasm target.

In general, if you wish to avoid all these additional cargo profiles and related flags, you can simply run:

cargo make wasix <command>

For example:

cargo make wasix test --package=citadel_pqcrypto

Disclaimer

This project has not (yet) been audited by a third party. While some of the underlying cryptographic primitives come from the verified Open Quantum Safe (OQS) project and/or the PQClean project, the Kyber library has not yet received an audit (the known answer tests pass, however).

As such, we recommend that, if you choose to use this library and accept the risks associated with its use, you use hybrid cryptography by using either TLS or QUIC as an underlying protocol to ensure that the protocol is at least as secure as elliptical curve cryptography.

Authors

Thomas Braun - Founder

Contributing

Contributions are welcome! I have been the only developer for the past 5 years, and, need more people to help make the ecosystem flourish.