An experimental Rust implementation of a hybrid post-quantum cryptographic protocol for end-to-end encrypted messaging.
This software is unaudited and should not be used in production systems. The cryptographic constructions have not been formally verified. Use at your own risk.
Trelis combines classical elliptic curve cryptography with post-quantum lattice-based algorithms. The intent is to provide security against both classical and potential future quantum computing attacks by requiring an attacker to break both cryptographic schemes.
The protocol specification is available at: https://trelis.technoanimal.net/trelis.pdf
| Crate | Description |
|---|---|
trelis-primitives |
Low-level cryptographic operations (AEAD, KDF, sntrup761) |
trelis-hybrid |
Hybrid signature and KEM combining classical and PQ algorithms |
trelis-wire |
Wire format encoding/decoding |
trelis-x3dh-pq |
Post-quantum extended triple Diffie-Hellman key agreement |
trelis-ratchet |
Per-message KEM ratchet for forward secrecy |
trelis-cocoa |
CoCoA-SA group key agreement protocol |
trelis-multidevice |
Multi-device key synchronisation and history sharing |
trelis-wasm |
WebAssembly bindings |
trelis-error |
Error types |
| Purpose | Classical | Post-Quantum |
|---|---|---|
| Signatures | Ed448 (RFC 8032) | ML-DSA-65 (FIPS 204) |
| Key Exchange | X448 (RFC 7748) | sntrup761 (NTRU Prime) |
| AEAD | XChaCha20-Poly1305 | - |
| KDF | BLAKE3 | - |
Hybrid operations combine both classical and post-quantum components. Security depends on the stronger of the two schemes remaining unbroken.
- Hybrid post-quantum key encapsulation and signatures
- X3DH-PQ key agreement for session establishment
- Per-message KEM ratchet providing forward secrecy
- CoCoA-SA for group messaging with server-assisted delivery
- Multi-device support with history synchronisation
no_stdsupport for embedded and WASM environments- Automatic zeroisation of secret material
Requires Rust 2024 edition.
cargo build --release
cargo test --workspace
For WASM builds:
cargo build --target wasm32-unknown-unknown -p trelis-wasm
A Nix flake is provided for reproducible development environments. With Nix installed:
nix develop
This automatically provides all required dependencies and tooling.
- No formal security proof
- No side-channel analysis performed
- sntrup761 uses either C FFI or pure Rust backend depending on target
- Not suitable for production use without audit
ISC License. See LICENCE for details.
Third-party dependency licences are listed in 3RD-PARTY-LICENCES.md.