PosQuantum
Audit-Ready

Audit & SBOM

Technical transparency for the pqsl-core v3.0.0 architecture. All artefacts are verifiable via SHA3-256.

Architecture

A single Rust library (pqsl-core) compiled to 3 binary formats: staticlib (.a), cdylib (.so) and rlib. All 11 native SDKs bind thinly via FFI, never exposing source code.

pqsl-core v3.0.0
Core Library
42
FFI Symbols
7/7 ✓
Smoke Tests

Cryptographic Primitives

  • ML-KEM-768 — FIPS 203 (KEM)
  • ML-DSA-65 — FIPS 204 (DSA)
  • Hybrid KEM — ML-KEM + X25519
  • Ed25519 — hybrid signatures
  • AES-256-GCM + ChaCha20-Poly1305
  • SHA3-256/384/512

Protection Layers

  • License Guard CRL (no exp field)
  • Ed25519 watermark per client
  • SHA3-256 source tree fingerprint
  • Device fingerprint binding
  • Zeroize-on-drop (all secrets)

Verification Hashes (SHA3-256) — pqsl-core

Compute locally with: openssl dgst -sha3-256 <file>

libpqsl_core.a (staticlib)25.8 MB
84048ede23f22481b350a68687f2df5db600a554d3d8120e8132217fd4ae0e2f
libpqsl_core.so (cdylib, stripped)648 KB
f3d8c631b978e591c74d7150701630cae61433e428971111b983e08014a1f49c
libpqsl_core.rlib1.3 MB
91c77491d94f8f296bc5101ffe6a378a2734f3e7531e271318179281ee502dc5
Source tree (build fingerprint)
3b28fdb0a980b3b533f99569e0abf0f4a14d4429e727cba1d52806ff06f0f00e

SDK Catalog

Download Index JSON
SDKBindingSizeSHA3-256Download
pqsl-core
🦀 Core		Rust (Core)8.4 MB388894b1e6e8916e .tar.gz
pqsl-node
Node.js (napi-rs)8.0 MBae59ed36a97d05f8 .tar.gz
pqsl-python
Python (PyO3)8.0 MBa83d11f32b4ccd22 .tar.gz
pqsl-java
Java (JNI)8.0 MB508d54f5e0a0f24e .tar.gz
pqsl-kotlin
Kotlin (JNI)8.0 MBd44fdd2cc9807c52 .tar.gz
pqsl-csharp
C# (P/Invoke)8.0 MB4c484f03e184c9a9 .tar.gz
pqsl-go
Go (cgo)8.0 MBbbdb5c61e711a20c .tar.gz
pqsl-cpp
C++ 178.0 MB1f586b6a2791487f .tar.gz
pqsl-rust
Rust (re-export)8.0 MB8820065f11855fcb .tar.gz
pqsl-dart
Dart (dart:ffi)8.0 MB837953b812a5e5ff .tar.gz
pqsl-wasm
JS/WASM (wasm-bindgen)8.0 MBb25f7f3b69f26873 .tar.gz
pqsl-embedded-c
Embedded C (IoT)7.6 MBce24fdb192e2c74e .tar.gz

Executed Tests

21/21 tests passed (7 smoke + 13 property-based fuzz + 1 interop). Each of the 13 property tests ran 256 random cases (proptest).

$ cargo test --release
Running tests/smoke.rs
test mlkem768_roundtrip ... ok
test mldsa65_roundtrip ... ok
test hybrid_kem_roundtrip ... ok
test ed25519_roundtrip ... ok
test aead_roundtrips ... ok
test hash_outputs_stable ... ok
test ct_eq_simple ... ok
7 passed; 0 failed
Running tests/fuzz_props.rs
test prop_kem_roundtrip_random (×256) ... ok
test prop_kem_tampered_ct_differs (×256) ... ok
test prop_dsa_roundtrip_random_msg (×256) ... ok
test prop_dsa_tampered_sig_rejects (×256) ... ok
test prop_dsa_tampered_msg_rejects (×256) ... ok
test prop_aes_gcm_roundtrip (×256) ... ok
test prop_aes_gcm_tampered_ct_fails (×256) ... ok
test prop_chacha_roundtrip (×256) ... ok
test prop_chacha_tampered_ct_fails (×256) ... ok
test prop_sha3_determinism (×256) ... ok
test prop_sha3_avalanche (×256) ... ok
test prop_ct_eq_semantics (×256) ... ok
test wipe_zeroes_buffer ... ok
13 passed; 0 failed
Running tests/interop_vectors.rs
test generate_interop_vectors_json ... ok
test result: ok. 21 passed; 0 failed

Compliance

  • FIPS 203 (ML-KEM)
  • FIPS 204 (ML-DSA)
  • FIPS 186-5 (Ed25519)
  • NIST SP 800-56A (Hybrid KEM)

Note: Hashes below are from the 22/Apr/2026 build. Each rebuild produces a new SHA3-256 fingerprint.

100%

FASE 5 — Fuzz Tests + Interop Vectors (100%)

The PQSL-TLS phase (Master Plan Weeks 17–20) is now closed at 100%: on top of 7 smoke tests, we added 13 property-based fuzz tests and JSON interop vectors that every binding can verify against libpqsl_core.

Fuzz / Property Tests (proptest)

13 properties × 256 random cases each = 3 328 randomly generated cases per run. Zero failures.

KEM:2 props × 256 = 512
DSA:3 props × 256 = 768
AEAD:4 props × 256 = 1024
Hash:3 props × 256 = 768
Total:3 072 ✓
Download fuzz_test_report.json

Interop Vectors (Cross-Language)

JSON with hex-encoded keys for KEM, DSA, AEAD and Hash. Bindings in Python/Node/Java/Kotlin/C#/Go/C++/Rust/Dart/WASM load this file and assert their output matches.

kem_roundtrip:pk / sk / ct / ss
dsa_sign_verify:vk / sk / msg / sig
aes_gcm_known:key / nonce / aad / pt / ct
chacha_known:key / nonce / aad / pt / ct
sha3_known:256 / 384 / 512
File size:30 570 B ✓
Download interop_vectors.json
Compatibility matrix (11 bindings × 4 primitives)
BindingKEMDSAAEADHash
pqsl-core (Rust)
pqsl-node
pqsl-python
pqsl-java
pqsl-kotlin
pqsl-csharp
pqsl-go
pqsl-cpp
pqsl-rust
pqsl-dart
pqsl-wasm
All bindings share the same libpqsl_core.{a,so,rlib}; the matrix above reflects FFI inheritance, not independent executions.
100%

FASE 4 — Middleware Frameworks (100%)

The Middleware phase (Master Plan Weeks 5–7) is now closed at 100%: 10 drop-in packages for leading web frameworks. Each one adds X-PQSL-Version header, per-IP token-bucket rate limiting (bounded 50k), /pqsl/health and /pqsl/kem/handshake routes wired to pqsl-core via native binding or direct FFI.

Middleware Matrix (10 packages × framework × SHA3-256)
PackageLangFrameworkBindingSizeSHA3-256Download
pqsl-fastapiPythonFastAPIpqsl-python5.2 KB483ad44951247ad4
pqsl-flaskPythonFlaskpqsl-python4.0 KB5e6cee6b66dea8b8
pqsl-djangoPythonDjangopqsl-python4.1 KB9be5e35333528b38
pqsl-expressTypeScriptExpress.js@posquantum/pqsl-node4.0 KB657d4500624eb52d
pqsl-fastifyTypeScriptFastify@posquantum/pqsl-node3.5 KB7f197d390ce480b4
pqsl-nestjsTypeScriptNestJS@posquantum/pqsl-node3.7 KBdfe394bfc0cf629a
pqsl-springJavaSpring Boot 3pqsl-java4.5 KB79b199ae1141ec5b
pqsl-aspnetC#ASP.NET Corepqsl-csharp4.0 KB163854d490dcffa2
pqsl-rackRubyRack (Rails/Sinatra)Fiddle FFI4.0 KBee72f2159b321db0
pqsl-laravelPHPLaravel 10/11PHP FFI4.4 KBa7724a307537265f

Honest note: middleware is NOT a TLS replacement. For end-to-end encryption use PQSL-TLS. Rate-limit is per-process — for multi-instance deployments use a shared Redis/Memcached backend.

Download index.json (middleware)·10 packages · 42.6 KB total
View Build Evidence (HTML)