
Commonly used post-quantum cryptography open source libraries


libpqcrypto is a new cryptographic software library produced by the PQCRYPTO project.

PQCRYPTO, working jointly with many other researchers around the world, submitted 22 proposals to NIST’s ongoing post-quantum standardization project. Each submission specifies a family of cryptographic systems, offering various tradeoffs between performance and security. Each submission includes software: a (portable) reference C implementation, and in many cases additional (not necessarily portable) implementations providing better performance (often using assembly language or “intrinsics”). libpqcrypto includes software for the following 77 cryptographic systems (50 signature systems and 27 encryption systems) from 19 of the 22 PQCRYPTO submissions:

libpqcrypto collects this software into an integrated library, with

libpqcrypto also integrates some symmetric-crypto software from SUPERCOP, including the AES-256-CTR stream cipher (an OpenSSL wrapper and a separate implementation from Romain Dolbeau), the Salsa20-256 and ChaCha20-256 stream ciphers (implementations from Daniel J. Bernstein, Romain Dolbeau, Martin Goll, Shay Gueron, Ted Krovetz, Tanja Lange, Andrew Moon, Samuel Neves, and Peter Schwabe), the Poly1305 MAC (implementations from Daniel J. Bernstein, Billy Brumley, Andrew Moon, and Peter Schwabe), the SHA-512 hash function (an OpenSSL wrapper, a separate implementation from Daniel J. Bernstein, and a separate implementation from Thomas Pornin via sphlib), portions of the Keccak Code Package (from Guido Bertoni, Joan Daemen, Michaël Peeters, Gilles Van Assche, and Ronny Van Keer), and the SHAKE256 hash function (a KCP wrapper and implementations from David Leon Gil).


liboqs is part of the Open Quantum Safe (OQS) project, which aims to develop and integrate into applications quantum-safe cryptography to facilitate deployment and testing in real world contexts. In particular, OQS provides prototype integrations of liboqs into protocols like TLS, X.509, and S/MIME, through our OpenSSL 3 Provider and we provide a variety of other post-quantum-enabled demos.

Supported Algorithms

Key encapsulation mechanisms

Signature schemes

Note that for algorithms marked with a dagger (†), liboqs contains at least one implementation that uses a large amount of stack space; this may cause failures when run in threads or in constrained environments.


The “Cryptographic Suite for Algebraic Lattices” (CRYSTALS) encompasses two cryptographic primitives: Kyber, an IND-CCA2-secure key-encapsulation mechanism (KEM); and Dilithium, a strongly EUF-CMA-secure digital signature algorithm. Both algorithms are based on hard problems over module lattices, are designed to withstand attacks by large quantum computers, and have been submitted to the NIST post-quantum cryptography project.

Module Lattices

Module lattices can be thought of as lattices that lie between the ones used in the definitions of the LWE problem, and those used for the Ring-LWE problem. If the ring underlying the module has a sufficiently high degree (like 256), then these lattices inherit all the efficiency of the ones used in the Ring-LWE problem, and additionally have the following advantages, when used in our cryptographic algorithms:



The design and implementation of Kyber and Dilithium have been supported by








