pqsl-core v3.0.0 — Rust Core Binary Evidence
Generated: 22 April 2026
✓ Build passed (rustc 1.90.0)
✓ 7 / 7 smoke tests pass
Proprietary Binary
FIPS 203 / 204
This is the cryptographic core of the entire PosQuantum Suite. Every one of
the 12 language SDKs (Python, Node, Rust, Go, Java, Kotlin, C#, Swift*, C++,
Dart, JS/WASM, Embedded C) wraps this same binary via FFI. There is
only one place where cryptography is implemented — here — which eliminates
divergence and guarantees uniform security guarantees.
*Swift iOS binding is in “coming soon” status; it requires macOS to compile XCFrameworks.
1,268
Lines of Rust Source
648 KB
Stripped .so Binary
1. Build Artifacts
| Artifact | Size | SHA3-256 |
|---|
| libpqsl_core.a |
25.8 MB (static library) |
84048ede...4ae0e2f |
| libpqsl_core.so |
648 KB (dynamic library, stripped) |
f3d8c631...14a1f49c |
| libpqsl_core.rlib |
1.3 MB (Rust native) |
91c77491...1ee502dc5 |
2. Source Tree Fingerprint
A deterministic SHA3-256 fingerprint of every .rs file in
src/ (sorted, concatenated, then hashed):
3b28fdb0a980b3b533f99569e0abf0f4a14d4429e727cba1d52806ff06f0f00e
This fingerprint is embedded in the compiled binary via
build.rs and is returned by pqsl_core_version() as
3.0.0+3b28fdb0a980b3b5.
3. Exported C ABI (first 20 of 42 symbols)
T pqsl_aes_gcm_decrypt
T pqsl_aes_gcm_encrypt
T pqsl_chacha_decrypt
T pqsl_chacha_encrypt
T pqsl_core_version
T pqsl_ed25519_keygen
T pqsl_ed25519_sign
T pqsl_ed25519_verify
T pqsl_hybrid_kem_keygen
T pqsl_last_error
T pqsl_mldsa65_keygen
T pqsl_mldsa65_sign
T pqsl_mldsa65_verify
T pqsl_mlkem768_decapsulate
T pqsl_mlkem768_encapsulate
T pqsl_mlkem768_keygen
T pqsl_sha3_256
T pqsl_sha3_384
T pqsl_sha3_512
T pqsl_zeroize
4. Cryptographic Primitives
| Family | Algorithm | Standard | Key / Signature Size |
|---|
| PQ KEM | ML-KEM-768 | FIPS 203 | PK 1184 / SK 2400 / CT 1088 / SS 32 bytes |
| PQ Signature | ML-DSA-65 | FIPS 204 | VK 1952 / SK 4032 / Sig 3309 bytes |
| Hybrid KEM | ML-KEM-768 + X25519 | Draft RFC | PK 1216 / CT 1120 / SS 32 bytes (SHA3-256 combined) |
| Classical Sig | Ed25519 | RFC 8032 | PK 32 / SK 32 / Sig 64 bytes |
| AEAD | AES-256-GCM | FIPS 197 + SP 800-38D | Key 32 / Nonce 12 / Tag 16 bytes |
| AEAD | ChaCha20-Poly1305 | RFC 8439 | Key 32 / Nonce 12 / Tag 16 bytes |
| Hash | SHA3-256 / 384 / 512 | FIPS 202 | Digest 32 / 48 / 64 bytes |
5. Smoke Test Results
running 7 tests
test aead_roundtrips ... ok
test ct_eq_simple ... ok
test hash_outputs_stable ... ok
test ed25519_roundtrip ... ok
test mlkem768_roundtrip ... ok
test hybrid_kem_roundtrip ... ok
test mldsa65_roundtrip ... ok
test result: ok. 7 passed; 0 failed; 0 ignored; 0 measured; 0 filtered out
Tests include known-answer vectors (NIST SHA3-256 abc,
SHA3-384 abc, SHA3-512 abc) plus end-to-end
roundtrips with tamper-detection for ML-DSA-65.
6. Protection Layers
- Strip all debug symbols — no function names or line numbers visible in the distributed binary.
- Link-Time Optimization (LTO = fat) + codegen-units = 1 — collapses function boundaries, maximally inlines, makes decompilation extremely costly.
- panic = abort — removes stack unwinding metadata (a common reverse-engineering vector).
- Constant-time operations via the
subtle crate — resistant to timing side channels.
- Memory zeroization via the
zeroize crate — secrets scrubbed on drop.
- Source tree fingerprint baked into binary — any tampering with source changes the self-reported version.
- Per-customer watermark (Ed25519 signature of tarball + customer_id) — unauthorised redistribution is traceable.
7. Distribution Package
The complete distribution tarball:
File: /sdks/pqsl/pqsl-core-v3.0.0.tar.gz
Size: 8.4 MB (compressed)
SHA3-256: 388894b1e6e8916ec5d1c1e3fcb1dea18b42b2f9a321ef362ef3d66c29132865
Contents: libpqsl_core.a + .so + .rlib, include/pqsl_core.h, LICENSE-PROPRIETARY.txt, EULA.md, NDA-TEMPLATE.md, SBOM.txt, MANIFEST.txt.
Access notice: This binary is distributed under a proprietary
commercial license and requires a signed NDA or order form before deployment
in production. Contact
[email protected] for evaluation terms.
8. Integrity Verification (PowerShell / bash)
# Linux / macOS
openssl dgst -sha3-256 pqsl-core-v3.0.0.tar.gz
# Expected: 388894b1e6e8916ec5d1c1e3fcb1dea18b42b2f9a321ef362ef3d66c29132865
# Windows PowerShell
Get-FileHash -Algorithm SHA3_256 pqsl-core-v3.0.0.tar.gz
© 2026 PosQuantum SA. All rights reserved. — back to developers