Skip to content

Bouncy Castle Rust Roadmap

Jump to bottom
Mike Ounsworth edited this page Jun 18, 2026 · 8 revisions

Roadmap

This alpha release includes the following cryptographic primitives:

  • Hex (constant-time)
  • Base64 (constant-time)
  • SHA-2
  • SHA-3
  • HMAC
  • HKDF
  • The NIST HashDRBG random number generator
  • ML-DSA
  • ML-DSA_lowmemory
  • ML-KEM
  • ML-KEM_lowmemory
  • Provider-style factory objects, and a command-line interface for all of the above.

But more than anything, the alpha release focuses on the design of the public trait and error type system contained in the core-interface sub-crate.

Next up will be to round out the set of cryptographic primitives:

  • Block ciphers (AES and maybe ASCON)
  • Signatures (RSA, ECDSA, Ed25519, Ed448)
  • Key Establishment (RSA, ECDH, X25519, X448)

Stretch goals for 1.0 release:

  • SLH-DSA
  • LMS/HSS, XMSS -- implementing the verifier is probably higher priority than a signer since signers should probably use HSMs)
  • Merkle Tree Certificates
  • HQC, FrodoKEM

After that, we'll tackle in some kind of order (depending on public interest and funding):

  • PKIX (DER, X.509, CMS, CMP)
  • integration with openssl and rustls for TLS 1.3
  • PKCS#11 passthrough -- ie high-level APIs work the same regardless of whether it's using local software keys and crypto, or hardware-backed crypto.
  • FIPS certification framework and test harnesses
  • Softening the #[forbid(unsafe) stance to be able to make use of hardware acceleration such as AVX, AESNI, SHA2. Will require some formal methods work.
  • JWT & CWT
  • Refining the library's build system (no_std, feature granularity, build and release packaging, etc)

Community feedback is most welcome!

As this is an alpha release, we're eagerly looking for feedback from the community. We would especially like feedback on the following areas:

  • Public API ergonomics and granularity of exposed functionality.
  • Certification / compliance concerns.
  • Prioritization of roadmap items above.

You can reach us at office@bouncycastle.org or mike@bouncycastle.org.

Sincerely, Mike Ounsworth Lead Maintainer of BC-Rust, on behalf of the Legion of the Bouncy Castle and the entire Bouncy Castle community

Clone this wiki locally