rscrypto v0.6.1

0.6.1 - 2026-06-24

📦 Other Changes

• crypto: validate platform overrides and gate s390x AEGIS (83bcde8)

rscrypto v0.6.0

0.6.0 - 2026-06-23

👷 CI

• bump checkout and tool action pins workspace: refresh getrandom lockfiles benchmarks: refresh Linux benchmark scorecard (5e34396)

📦 Other Changes

• auth: add Darwin aarch64 ML-KEM assembly paths (7832c94)
• Revert "auth: add aarch64 ML-KEM quad rejection parser" (133627a)
• auth: port aarch64 ML-KEM k3 basemul schedule (2d65c61)
• auth: port aarch64 ML-KEM k4 basemul schedule (abcf8d8)
• Revert "auth: reschedule aarch64 ML-KEM basemul accumulation" (5bd2052)
• auth: tighten aarch64 ML-KEM inverse final scale (551f1b6)
• auth: unroll aarch64 ML-KEM inverse NTT asm (2d725d0)
• auth: precompute aarch64 ML-KEM inverse reducers (7271015)
• auth: include inverse add asm in aarch64 gate filter (766132e)
• auth: add Linux aarch64 ML-KEM inverse NTT asm diagnostics (133b8b6)
• Revert "auth: fuse aarch64 ML-KEM inverse NTT final scale" (5c79304)
• auth: dispatch fused ML-KEM1024 PKE matrix path (369e422)
• auth: compact ML-KEM fused rejection into NEON chunks (9708c1d)
• auth: add aarch64 K2 ML-KEM row-dot path (e28eaee)
• hashes: use paired SHA3 fallback for aarch64 quad Keccak (d712967)
• crypto: add aarch64 triple SHAKE path for ML-KEM sampling (2f00fa7)
• auth: feed fused ML-KEM products from compact aarch64 rejection (a05a23b)
• auth: compact aarch64 ML-KEM rejection lanes (13a50c8)
• auth: add aarch64 ML-KEM rejection parser (951be2c)
• Revert "hashes: route aarch64 Keccak x4 through SHA3 pairs" (7e81d7f)
• auth: keep aarch64 ML-KEM sample candidates in registers (5a94fbe)
• auth: parse aarch64 ML-KEM sample tails from XOF state (75b1551)
• hashes: schedule Linux aarch64 ML-KEM batching (9c6ecb9)
• hashes: add Linux aarch64 SVE2-SHA3 Keccak x4 (315cc93)
• auth: parse aarch64 ML-KEM quad samples from XOF state (56e234a)
• auth: add aarch64 ML-KEM SampleNTT NEON extractor (c7c2d89)
• auth: fuse aarch64 ML-KEM K-way accumulate (95ea2e5)
• auth: tighten aarch64 ML-KEM product-domain reduction (bf5bfe5)
• auth: vectorize aarch64 ML-KEM product-domain conversion (c665306)
• auth: fix aarch64 ML-KEM NTT canonicalization (1e41083)
• auth: dispatch Linux aarch64 ML-KEM NTT asm (67cee6d)
• auth: add fused aarch64 ML-KEM basemul diagnostics (67caab7)
• auth: vectorize s390x ML-KEM product-domain conversion (6453f04)
• auth: batch s390x ML-KEM dot products under CT roots (4b8f7f4)
• auth: prove s390x ML-KEM vector kernels in CT artifacts (26f80ac)
• auth: add s390x z/Vector ML-KEM NTT kernels (39cfe62)
• auth: use materialized ML-KEM matrix path on s390x (420517b)
• auth: fix s390x ML-KEM barrier build mode (75e7d0a)
• auth: harden s390x ML-KEM constant-time arithmetic (446e3d4)

rscrypto v0.5.0

0.5.0 - 2026-06-14

📝 Documentation

• prepare public docs for v0.5.0 release (1ba0795)

📦 Other Changes

• auth: fix RSA-2048 leakage fixture policy (c8f6886)
• crypto: harden secret handling and CT validation paths ci: scope CT evidence to required primitives and repair macOS RSA fixtures docs: align migration guidance with hardened verification defaults bench: refresh crypto benches for typed APIs checksum: clarify CRC64 reference constants workspace: align feature metadata and lockfiles for CT tooling (30ddfb6)

rscrypto v0.4.1

0.4.1 - 2026-06-13

📝 Documentation

• make public docs user-facing and add ECDSA migration guides benchmarks: refresh 2026-06-12 benchmark evidence (4a3f4e8)

📦 Other Changes

• auth: route RSA blinding inverse through fixed scratch (a33fc67)
• auth: route macOS aarch64 HKDF-SHA256 through SHA2 compression hashes: batch Apple SHA3 Keccak absorb blocks bench: scale README perf chart axis from benchmark data benchmarks: refresh 2026-06-12 benchmark evidence (f9ab35f)
• auth: harden HMAC pads against AArch64 SVE division ci: disable native RISC-V Rust cache restore (62be628)
• auth: harden ECDSA P-256/P-384 CT backends ci: add ECDSA DudeCT diagnostics and target-scoped CT policy (82db892)
• auth: add ECDSA P-256/P-384 signing and CT coverage (f24375d)

rscrypto v0.4.0

0.4.0 - 2026-06-09

🏗️ Build

• add light and full push preflight commands ci: harden BINSEC solver setup and CT diagnostics (5a8c2eb)

👷 CI

• load BINSEC proof relocation sections (6421da9)
• build BINSEC proof harnesses as non-PIE (783eac4)
• preinstall BINSEC solver system packages (df71e54)
• harden manual CT DudeCT filters (55ca702)
• add s390x AES AEAD DudeCT trace cases (53812a5)
• add AES-GCM-SIV DudeCT trace cases (5e6a24f)
• add DudeCT filters for targeted CT runs (fcc326e)
• scope RSA CT evidence and pass BINSEC SMT timeout auth: harden RSA modular import fixed-width output (c93dc79)

📦 Other Changes

• workspace: refresh release package metadata, ignore rules, and lockfile pins ci: bump action pins and harden check, coverage, and fuzz scripts docs: align release docs, CT policy, examples, and module snippets with 0.3.1 benchmarks: refresh 2026-06-09 overview and README perf chart (147c747)
• aead: align aegis256 AES helper cfgs on POWER and s390x ci: repair CT asm heuristic parsing and RISC-V BINSEC policy docs: narrow RISC-V CT evidence claims (7dbf097)
• crypto: harden asm dispatch and backend equivalence gates (643dd44)
• aead: batch s390x AES-GCM-SIV CTR keystream blocks ci: route AES AEAD CT evidence through secret-only probes (e9676b7)
• hashes: fix Blake2b diag multiblock oracle (053c810)
• auth: clear CT helper slice lints hashes: clear Blake2b diagnostic slice lints (32f0e12)
• auth: align RSA keygen with FIPS 186-5 A.1.3 (5ceb703)

rscrypto v0.3.1

0.3.1 - 2026-06-01

📦 Other Changes

• workspace: enable cargo-rail release publishing (bb7ec88)
• bench: add Ascon coverage and refresh HMAC measurement shape (b06b946)

rscrypto v0.3.0

rscrypto v0.3.0 is the RSA and validation-hardening release.

Highlights:

• RSA is now a full first-class primitive: strict DER import/export, RSA-PSS, RSASSA-PKCS1-v1_5, OAEP, RSAES-PKCS1-v1_5, key generation, X.509/JWT/COSE/TLS profile mapping, blinded private operations, and
  reusable scratch APIs.
• RSA verification coverage landed with vectors, fuzzing, oracle checks, and benchmark fixtures.
• RSA private operations and assembly-backed paths were completed.
• Ed25519 assembly backends were added.
• RSA public verification was tightened: 8192-bit verifier backend coverage widened, public Montgomery precompute deferred, and brittle scratch allocation assertions removed.
• CI validation was hardened: Miri now focuses on UB-risk coverage, weekly validation timeouts were widened, SHA3 fuzz builds were fixed, workflow cancellation was scoped, and action pins / lockfiles were
  refreshed.
• Benchmark docs were refreshed with the 2026-05-27 Linux CI scorecard, including RSA rows.

Performance snapshot from the latest public benchmark pass:

• 1.61x Linux CI fastest-external geomean.
• 3,545 wins / 5,832 fastest-external comparisons.
• 5,210 wins-or-ties / 5,832 comparisons.
• Checksums: 5.03x geomean.
• SHA-3 / SHAKE: 2.15x / 1.86x geomean.
• BLAKE3 >=64 KiB: 2.31x geomean.
• AEAD: 1.57x geomean.
• RSA import + verify: 1.32x geomean, with RSA verify-only still at 0.98x.

Known pressure points remain visible and intentional: PBKDF2-SHA256 low-iteration setup, X25519 DH, RSA verification on some Arm/RISC-V rows, and small-message AEAD overhead. If you're really interested in them check the benchmark_results/OVERVIEW.md file.

Get it:

[dependencies]
rscrypto = { version = "0.3.0", default-features = false, features = ["sha2"] }

Full toolbox with OS randomness:

[dependencies]
rscrypto = { version = "0.3.0", features = ["full", "getrandom"] }

References:

• Crates.io: https://crates.io/crates/rscrypto/0.3.0
• Docs.rs: https://docs.rs/rscrypto/0.3.0/rscrypto/
• Changelog: https://github.com/loadingalias/rscrypto/blob/main/CHANGELOG.md
• Benchmarks: https://github.com/loadingalias/rscrypto/blob/main/benchmark_results/OVERVIEW.md
• CI: https://github.com/loadingalias/rscrypto/actions/runs/26613890550
• Compare: v0.2.0...v0.3.0

rscrypto v0.2.0

rscrypto v0.2.0 is the 2026-05-17 performance and platform release.

Highlights:

• Published to crates.io as rscrypto 0.2.0.
• Linux CI fastest-external scorecard: 3,807 wins / 6,552 comparisons, 1.52x geomean vs the fastest matched Rust baseline.
• Full current corpus including local Apple Silicon: 4,120 wins / 7,280 fastest-external comparisons, 1.51x geomean.
• Checksums remain the cleanest broad win at 5.10x Linux CI geomean.
• SHA-3 / SHAKE remain strong at 2.17x / 2.60x Linux CI geomean.
• BLAKE3 sustained rows (>=64 KiB) hold at 2.38x Linux CI geomean against the blake3 crate.
• AEAD is broadly positive at 1.37x Linux CI geomean, with GCM-SIV, XChaCha20-Poly1305, AEGIS-256, and IBM Z as the strongest areas.
• SHA-512-family work landed: HMAC-SHA384 and HMAC-SHA512 both sit at 1.23x Linux CI geomean; local Apple Silicon HMAC-SHA512 is 1.02x.

Known pressure points remain visible in the benchmark overview: password hashing, Linux CI Ed25519 verify, X25519, local Apple Silicon Ed25519 signing, and sustained AES-GCM on POWER10/RISC-V.

References:

• Benchmarks: https://github.com/loadingalias/rscrypto/blob/main/benchmark_results/OVERVIEW.md
• Crates.io: https://crates.io/crates/rscrypto/0.2.0
• Docs.rs: https://docs.rs/rscrypto/0.2.0/rscrypto/
• Changelog: https://github.com/loadingalias/rscrypto/blob/main/CHANGELOG.md

rscrypto v0.1.1

Patch release. No API changes; safe drop-in for v0.1.0.

Changes

• Trim published crate. Removed tests/, testdata/, and benches/ from the package include list. Compressed crate size dropped from 1.61 MiB → 0.88 MiB (~45% reduction). Users who only enable a few features still download the same tarball, so this directly cuts cache footprint and CI download time across the ecosystem.
• Fix README Quick Start. Removed four unused-import warnings (Aead, Mac, Blake3, Kmac256) and added the missing FastHash trait import so Xxh3::hash(...) compiles. Copy-pasting from the README now produces zero warnings.
• Wire README into the doctest harness. Added ReadmeDoctests (gated on cfg(doctest) + full + getrandom) so every rust block in README.md runs as a doc test under cargo test --doc --features "full getrandom". Prevents the Quick Start from silently rotting again.

Get it

[dependencies]
rscrypto = { version = "0.1", default-features = false, features = ["sha2"] }

• crates.io: https://crates.io/crates/rscrypto/0.1.1
• docs.rs: https://docs.rs/rscrypto/0.1.1

rscrypto v0.1.0

First public release of rscrypto.

What this is

A single-crate, pure-Rust cryptography stack:

• Cryptographic hashes: SHA-2, SHA-3, SHAKE, cSHAKE, BLAKE2b/2s, BLAKE3, Ascon-Hash/Xof/CXof
• Fast hashes: XXH3 (64/128), RapidHash (64/128)
• Checksums: CRC-16, CRC-24, CRC-32, CRC-32C, CRC-64/XZ, CRC-64/NVMe
• MACs / KDFs: HMAC-SHA-{256,384,512}, KMAC256, HKDF, PBKDF2
• Password hashing: Argon2id/d/i, scrypt, PHC strings with bounded-policy verify
• Signatures / KEX: Ed25519, X25519
• AEADs: AES-256-GCM, AES-256-GCM-SIV, ChaCha20-Poly1305, XChaCha20-Poly1305, AEGIS-256, Ascon-AEAD128

Zero default dependencies. No C, no FFI, no OpenSSL, no libcrypto. Hardware acceleration in-tree across x86_64, aarch64, ppc64le, s390x, riscv64, plus Apple Silicon, with portable Rust fallbacks always available. no_std-first with WASM/WASI compatibility.

Three-tier dispatch: compile-time target_feature → runtime detection (with std) → portable fallback. The portable Rust path is the byte-for-byte authority; SIMD and ASM kernels are accelerators, differential-tested against the portable path on every release.

Note on this release page

The CHANGELOG.md section for v0.1.0 was generated by cargo-rail, which I also maintain. Because v0.1.0 is the first release, cargo-rail's auto-generator had no previous tag to bound against and dumped the entire pre-release commit history into one section — 127 KB, just over GitHub's 125 KB release-body limit. I'm fixing that in cargo-rail itself (per-version override file + a cap on first-release history).

This release page is the short version. For full pre-release commit history, see CHANGELOG.md in the repo.

Get it

[dependencies]
rscrypto = { version = "0.1", default-features = false, features = ["sha2"] }

• crates.io: https://crates.io/crates/rscrypto/0.1.0
• docs.rs: https://docs.rs/rscrypto/0.1.0
• README: https://github.com/loadingalias/rscrypto#readme
• Security: https://github.com/loadingalias/rscrypto/blob/main/SECURITY.md