Enterprise-Grade Open Source

Make Any Device Quantum-Safe
in 3 Lines of Code

The only IoT-native PQC SDK with FIPS 203/204/205 compliance, Rust memory safety, fleet-scale key management, and hardware abstraction for Cortex-M, ESP32 & RISC-V.

Get Started View on GitHub
Rust 1.75+ Go 1.23 FIPS 203/204/205 Vault MQTT Apache 2.0
terminal
live
$ # Three lines. Quantum-safe key exchange.
let keypair = MlKemKeyPair::generate(MlKemVariant::MlKem768)?;
let encrypted = keypair.encapsulate()?;
let shared_secret = keypair.decapsulate(&encrypted.ciphertext)?;
// shared_secret: 32-byte quantum-resistant symmetric key

Everything You Need for Quantum-Safe IoT

From cryptographic primitives to fleet-scale key management โ€” one SDK for the entire device lifecycle

๐Ÿ›ก๏ธ

IoT-First Design

The only open-source PQC SDK designed specifically for IoT and embedded devices. Not a server library ported down โ€” built from the ground up for constrained environments.

๐Ÿ“œ

Full NIST Compliance

Complete implementations of FIPS 203 (ML-KEM), FIPS 204 (ML-DSA), and FIPS 205 (SLH-DSA). Standards-compliant and production-ready.

๐Ÿฆ€

Memory-Safe Rust Core

Written in Rust with zeroize-on-drop for all key material, constant-time operations, and zero unsafe blocks. Buffer overflows eliminated by design.

๐Ÿ”ง

Hardware Abstraction Layer

Pluggable HAL for ARM Cortex-M, ESP32, and RISC-V. Access hardware RNG, crypto accelerators, and secure storage through a unified trait.

๐Ÿข

Fleet-Scale Key Management

Go-based KMS with HashiCorp Vault Transit integration, PostgreSQL-backed key lifecycle, and MQTT-based device provisioning.

๐Ÿ”€

Hybrid Cryptography

X25519 + ML-KEM-768 hybrid key exchange for safe, incremental migration. Protected against both classical and quantum adversaries.

From Silicon to Cloud

A Rust-native SDK with Go fleet management and React operations portal

Developer CLI
Go / Cobra
Web Portal
React 19
:3003
REST / HTTP
KMS REST API
Go / Chi v5 ยท Key Lifecycle ยท Device Provisioning
:8443
SQL / Transit / MQTT
PostgreSQL
Keys / PKI / Devices
Vault
Transit Engine
MQTT Broker
Device Messages
FFI / C ABI
Rust Core SDK
ML-KEM ยท ML-DSA ยท SLH-DSA ยท HAL Layer
IoT Device Fleet
ARM Cortex-M ยท ESP32 ยท RISC-V ยท x86_64
๐Ÿฆ€

Rust Core SDK

ML-KEM, ML-DSA, SLH-DSA with hardware abstraction layer for Cortex-M, ESP32, and RISC-V

โšก

Go KMS

Fleet key management with Vault Transit, PostgreSQL key lifecycle, and MQTT device provisioning

๐Ÿ“Š

React Portal

React 19 operations dashboard for key inventory, certificate management, and device monitoring

Up and Running in 3 Lines

Clone, build, and generate your first quantum-safe key pair in under a minute

Docker Quick Start
# Clone and start the full stack
$ git clone https://github.com/yazhsab/qbitel-pqc-sdk.git && cd qbitel-pqc-sdk
$ docker compose -f infra/docker/docker-compose.yml up -d
$ pqc-cli key generate --algorithm ML-KEM-768
# Verify
$ curl http://localhost:8082/health
{"status":"ok","service":"pqc-kms"}
:8082
KMS API
Go + Chi v5
:3001
Web Portal
React 19
:1883
MQTT Broker
Device Provisioning

Try the SDK

Generate keys & manage fleet devices
# Generate an ML-KEM-768 key pair via CLI
$ pqc-cli key generate --algorithm ML-KEM-768
{"algorithm":"ML-KEM-768","key_id":"k_01J...","status":"active"}
# Provision a device with quantum-safe keys
$ pqc-cli device provision --device-id sensor-001 \
--algorithm ML-KEM-768 --transport mqtt
# Or use the Rust SDK directly
use quantun_crypto::mlkem::MlKemKeyPair;
let kp = MlKemKeyPair::generate(MlKem768)?;

PQC-SDK vs. Alternatives

The only open-source PQC toolkit purpose-built for IoT with fleet management and hardware abstraction

Feature PQC-SDK liboqs wolfSSL PQC Bouncy Castle PQC
Designed for IoT/Embedded โœ… โŒ โš ๏ธ โŒ
FIPS 203 (ML-KEM) โœ… โœ… โœ… โœ…
FIPS 204 (ML-DSA) โœ… โœ… โœ… โœ…
FIPS 205 (SLH-DSA) โœ… โœ… โŒ โœ…
Hybrid Crypto โœ… โœ… โŒ โŒ
Hardware Abstraction Layer โœ… โŒ โŒ โŒ
Memory-Safe (Rust) โœ… โŒ โŒ โš ๏ธ
Auto Key Zeroization โœ… โŒ โš ๏ธ โš ๏ธ
Fleet Key Management โœ… โŒ โŒ โŒ
Vault Integration โœ… โŒ โŒ โŒ
Device Provisioning (MQTT) โœ… โŒ โŒ โŒ
Web Portal โœ… โŒ โŒ โŒ
CLI Tool โœ… โŒ โŒ โŒ
Open Source Apache 2.0 MIT GPLv2 MIT

Documentation

Everything you need to deploy, develop, and contribute

๐Ÿ—๏ธ

Architecture

System design, crate structure, and data flow

 ๐Ÿ“ก

API Reference

KMS REST API with examples

 ๐Ÿฆ€

Rust SDK Guide

Core crypto library usage and HAL integration

 ๐Ÿš€

Deployment Guide

Docker, Kubernetes, and production ops

 ๐Ÿ”จ

Development Guide

Local setup, coding standards, debugging

 ๐Ÿ”’

Security Policy

Vulnerability reporting and security info

Built in the Open

PQC-SDK is open source under Apache 2.0. Whether you're a Rust developer, embedded engineer, or IoT security professional โ€” there's a place for you here.

1

Fork & Clone

Fork the repo and set up your local environment

2

Make Changes

Pick an issue, create a branch, and write your code

3

Submit PR

Run tests, push, and open a pull request

Read Contributing Guide Browse Open Issues