pypqc

v0.0.6.2

Python bindings for the "PQClean" post-quantum cryptography library. For more information about how to use this package see README

Latest version published 5 months ago

License: (Apache-2.0 OR Public-Domain)

PyPI

GitHub

Package Health Score

49 / 100

security
Security issues found
popularity
Small
maintenance
Sustainable
community
Sustainable

Explore Similar Packages

Popularity

Small

GitHub Stars: 0
Forks: 1
Contributors: 30

Direct Usage Popularity

Based on project statistics from the GitHub repository for the PyPI package pypqc, we found that it has been starred ? times.

Security

Security issues found

Security and license risk for latest version

Release Date: Feb 9, 2024
Direct Vulnerabilities: 0
C
1
H
0
M
0
L
Indirect Vulnerabilities: 0
C
0
H
0
M
0
L
License Risk: 0
H
0
M
0
L

All security vulnerabilities belong to production dependencies of direct and indirect packages.

License

(Apache-2.0 OR Public-Domain)

Security Policy

Yes

Snyk detected that the latest version of pypqc has a security vulnerability.

We highly advise you to review these security issues.

You can connect your project's repository to Snyk to stay up to date on security alerts and receive automatic fix pull requests.

Fix it in your project with Snyk!

Maintenance

Sustainable

Commit Frequency

Open Issues: 16
Open PR: 0
Last Release: 5 months ago
Last Commit: 3 months ago

Further analysis of the maintenance status of pypqc based on released PyPI versions cadence, the repository activity, and other data points determined that its maintenance is Sustainable.

We found that pypqc demonstrates a positive version release cadence with at least one new version released in the past 12 months.

In the past month we didn't find any pull request activity or change in issues status has been detected for the GitHub repository.

Community

Sustainable

Readme: Yes
Contributing.md: Yes
Code of Conduct: No
Contributors: 30
Funding: No

With more than 10 contributors for the pypqc repository, this is possibly a sign for a growing and inviting community.

We found a way for you to contribute to the project! Looks like pypqc is missing a Code of Conduct.

Embed Package Health Score Badge

Keep your project healthy

Check your requirements.txt

Ensure all the packages you're using are healthy and well-maintained

Snyk Vulnerability Scanner

Get health score & security insights directly in your IDE

Package

Python Versions Compatibility: Unspecified

Age: 7 months
Latest Release: 4 months ago
Dependencies: 1 Direct / 2 Total
Versions: 12
Maintainers: 1
Wheels: Linux, macOS, Windows

Readme

Usage

Simply install from PyPI with pip install pypqc, or see "Development" below if you want to tinker on the codebase!

KEMs

McEliece, Kyber, and HQC are currently provided, all with the same interface.:

from pqc.kem import mceliece6960119 as kemalg


# 1. Keypair generation
pk, sk = kemalg.keypair()


# 2. Key encapsulation
ss, kem_ct = kemalg.encap(pk)


# 3. Key de-encapsulation
ss_result = kemalg.decap(kem_ct, sk)
assert ss_result == ss

Capabilities not included in PQClean, such as McEliece signatures, Hybrid Encryption or KEM-TRANS, and message encapsulation, are not going to be implemented in this library. (Exception: Plaintext Confirmation is on the agenda for inclusion even if upstream ultimately decides to exclude it.)

Signature Algorithms

SPHINCS+, Dilithium, and Falcon are provided, all with the same interface.:

from pqc.sign import sphincs_shake_256s_simple as sigalg


# 1. Keypair generation
pk, sk = sigalg.keypair()


# 2. Signing
# (detached signature)
sig = sigalg.sign(MY_MESSAGE, sk)


# 3. Signature verification
# (Returns None on success; raises ValueError on failure.)
sigalg.verify(sig, MY_MESSAGE, pk)

Regarding SPHINCS+: the Simple version is included; the Robust version is is not; SHA256 and SHAKE256 are included; Haraka is not. These decisions are all inherited from PQClean; I don't know much about their rationale.

Regarding Falcon: the Compressed version is included. The Padded version is not included, but TODO as soon as upstream adds it; the CT version is probably not going to be included.

Development

Dependencies:

Python 3 (tested mainly on CPython 3.9, 3.10, 3.11, and 3.12; and on PyPy 7.3.12)
cffi
- Transitive non-PyPI build-time dependency: Python Headers (only Linux users need to manually install these; they come OOtB on Windows. Not sure about Mac.)
setuptools (build-time dependency)
wheel (build-time dependency)
a C compiler (build-time dependency)
- If you're on Windows,
  - If setuptools is having trouble finding your compiler, make sure to first enter the appropriate environment. (For AMD64, this will be "x64 Native Tools Command Prompt for VS 2022"; for 32-bit x86, this will be "Developer Command Prompt for VS 2022"; for other situations, see the documentation.)
- If you're on Mac, reportedly Homebrew is a good choice.
  - It looks like you will also need pkgconfig and libffi, ideally installed via Homebrew, to build this.
- If you're on Linux, install build-essential or 'Development Tools' or something like that.
- (I haven't tested it, but if you're allergic to installing things outside the venv you might be able to use this C compiler...)

Getting started:

Maybe use a venv or whatever if you want to
- for Windows: py -m venv .venv & .venv\Scripts\activate.bat
- for Linux and Mac: python3 -m venv .venv; . .venv/bin/activate (first install it, if needed)
Run python -m pip install .
- Alternatively: you may get cleaner building with python -m build . (only after python -m pip install build)
- Editable / "develop" mode not supported currently (CFFI will have to support this before it's even on the table.)
  - If you get error 1104 when trying to compile, make a folder C:\temp, then try set "TMPDIR=C:\temp" and try again. ()
Run python -m pqc.demo to test it. If it prints "OK" and exits, the functions are almost certainly not broken. (Ideally, run this from a DIFFERENT directory, such as your home folder, so you can be sure it's being imported properly and not being masked by the local copy.)
- N.B. / FIXME: this function is currently NOT a full test suite; it only does a single encap-decap cycle with the default implementation of mceliece6960119. It does NOT test any other version of McEliece, or any signature algorithm.

Copyright

Except as noted below, all files provided under the terms of LICENSE in this folder.

Exceptions:

Lib/PQClean/common/aes.*: Provided under The MIT License; Copyright (c) 2016 Thomas Pornin.
Lib/PQClean/common/fips202.*: Public domain; from Ronny Van Keer, Gilles Van Assche, Daniel J. Bernstein, and Peter Schwabe.
Lib/PQClean/common/keccak4x: Public domain (CC0); from Gilles Van Assche and Ronny Van Keer.
Lib/PQClean/common/nistseedexpander.*: Public domain (17 U.S.C. §105); from Lawrence E. Bassham and Sebastian Verschoor.
Lib/PQClean/common/randombytes.*: Provided under The MIT License; Copyright (c) 2017 Daan Sprenkels.
Lib/PQClean/common/sha2.*: Public domain; from Daniel J. Bernstein.
Lib/PQClean/common/sp800-185.*: Public domain (CC0); from Ko Stoffelen.
Lib/PQClean/crypto_kem/hqc-rmrs*: ⚠️ May be patent-encumbered in the United States! Public domain; from Carlos Aguilar Melchor, Nicolas Aragon, Slim Bettaieb, Olivier Blazy, Jurjen Bos, Jean-Christophe Deneuville, Philippe Gaborit, Edoardo Persichetti, Jean-Marc Robert, Pascal Véron, Gilles Zémor, and Loïc Bidoux.
Lib/PQClean/crypto_kem/kyber*: ⚠️ May be patent-encumbered in the United States! Public domain (CC0); from Peter Schwabe, Roberto Avanzi, Joppe Bos, Léo Ducas, Eike Kiltz, Tancrède Lepoint, Vadim Lyubashevsky, John M. Schanck, Gregor Seiler, and Damien Stehlé.
Lib/PQClean/crypto_kem/mceliece*: Public domain; from Daniel J. Bernstein, Tung Chou, Tanja Lange, Ingo von Maurich, Rafael Misoczki, Ruben Niederhagen, Edoardo Persichetti, Christiane Peters, Peter Schwabe, Nicolas Sendrier, Jakub Szefer, and Wen Wang.
Lib/PQClean/crypto_sign/dilithium*: Public domain; from Vadim Lyubashevsky, Léo Ducas, Eike Kiltz, Tancrède Lepoint, Peter Schwabe, Gregor Seiler, and Damien Stehlé.
Lib/PQClean/crypto_sign/falcon*: ⚠️ May be patent-encumbered in the United States! Provided under The MIT License; Copyright (c) 2017-2019 Falcon Project.
Lib/PQClean/crypto_sign/sphincs*: Public domain (CC0); from Andreas Hülsing, Jean-Philippe Aumasson, Daniel J. Bernstein, Ward Beullens, Christoph Dobraunig, Maria Eichlseder, Scott Fluhrer, Stefan-Lukas Gazdag, Panos Kampanakis, Stefan Kölbl, Tanja Lange, Martin M. Lauridsen, Florian Mendel, Ruben Niederhagen, Christian Rechberger, Joost Rijneveld, Peter Schwabe, and Bas Westerbaan.
All other files under Lib/PQClean: Public domain (CC0); from Thom Wiggers, Douglas Stebila, and others.

pypqc dependencies

cffi

FAQs

What is pypqc?

Python bindings for the "PQClean" post-quantum cryptography library. Visit Snyk Advisor to see a full health score report for pypqc, including popularity, security, maintenance & community analysis.

Is pypqc popular?

The python package pypqc receives a total of 1,098 weekly downloads. As such, pypqc popularity was classified as small. Visit the popularity section on Snyk Advisor to see the full health analysis.

Is pypqc well maintained?

We found indications that pypqc maintenance is sustainable demonstrating some project activity. We saw a total of 30 open source contributors collaborating on the project. See the full package health analysis to learn more about the package maintenance status.

Is pypqc safe to use?

Security issues were found while scanning the latest version of pypqc, and a total of 1 vulnerabilities were detected. It is highly advised to conduct a security review before using this package. View the full security scan results.

Last updated on 1 July-2024, at 10:53 (UTC).

Build a secure application checklist

Select a recommended open source package

Minimize your risk by selecting secure & well maintained open source packages

DONE

Scan your app for vulnerabilities

Scan your application to find vulnerabilities in your: source code, open source dependencies, containers and configuration files

SCAN NOW

Fix identified vulnerabilities

Easily fix your code by leveraging automatically generated PRs

AUTO FIX

Monitor for new issues

New vulnerabilities are discovered every day. Get notified if your application is affected

MONITOR APP