Skip to content


Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

Latest commit


Git stats


Failed to load latest commit information.
Latest commit message
Commit time
March 17, 2023 17:41
August 2, 2020 14:28
March 17, 2023 17:41
March 12, 2023 17:28
March 14, 2019 22:44
February 27, 2018 13:47
March 17, 2023 17:54
March 17, 2023 17:54
December 4, 2018 16:46
Coverity Scan Build Status


The CEX Cryptographic library in C++



CEX is being written from the ground-up as a powerful and accessible post-quantum secure cryptographic library; a flexible security model, performance-oriented, designed for ease of use, and the automation of complex tasks.

There are some new ideas, and new technologies, as I intend to push the envelope, and so am authoring this with a determination to make the fastest, most intuitive, most secure implementations possible.

This library is being built in two stages; the symmetric cryptography, which consists of ciphers, hash functions, MACs, RNGs, TRNGs etc, preliminary work has been completed as of version v1.0. That work is still evolving however, as improvements and additions to the symmetric cryptography will continue throughout the libraries lifetime. The second half is the the addition of asymmetric cryptography, with a strong focus on post-quantum security. This work is well under way, and this release contains the ModuleLWE (Kyber) and McEliece (Niederreiter) asymmetric ciphers, as well as the Dilithium, XMSS, and SPHINCS+ signature schemes.

Though efforts have been made towards future compatibility with other platforms, this is currently a Windows-only library, but is currently scheduled for multi-platform compatibility (Android, Linux, and possibly iOS) by the spring of 2023. This has been tested on MSVC-2017, MSVC-2019, and MSVC-2022 in ARM/x86/x64 debug and release modes, using the MSVC and Intel compiler tool-chains, and the MacOS and Linux operating systems. This project optionally uses OpenMP support.

Works with or without intrinsics, set the test project and the library to a supported instruction set to test the intrinsics enhanced implementations. The SIMD support is set to AVX2 by default, (AVX implementations are also in place on some ciphers and protocols, set the enhanced instruction flag to your system supported set: arch:AVX2, or the minimum supported instructions arch:AVX, or None, arch:IA32). The library also has AVX512 support, that can be enabled through the CexConfig.h file.

The Win folder contains a visual studio test project, which tests each cipher and protocol with it's official test vectors, and has a set of digest and symmetric cipher speed tests. Make sure the project properties SIMD and OpenMP support are enabled before running the project, and for speed tests, compile in release mode. If running the executable, the Win\Test\Vectors folder containing the cipher KAT files must be in the executables path.

For more information on the current capabilities of the library, refer to the libraries help pages.

New in Current Release (version A10):

  • Rainbow, NTRU Prime, and New Hope have been removed.
  • All remaining implementations have been updated to the NIST PQ Round 3 final versions
  • Asymmetric primitives that use AVX instructions have been added

New in Current Release (version A8)

  • The Elliptic Curve Diffie Hellman Key exchange (EC25519)
  • The Elliptic Curve Digital Signature Algorithm (ED25519)
  • Integration of AES-NI 256 and 512-bit instructions
  • The Rainbow signature scheme
  • The 512-bit block Rijndael authenticated stream cipher RWS (end of the world cipher)
  • The ChaCha derivitive CSX-512 authenticated stream cipher using 64-bit integers and a 1024-bit block, and a 512-bit key
  • Changes to extended 1024-bit versions of KMAC, SHA3, and SHAKE
  • The integration of SecureVector (memory locked arrays) throughout
  • The addition of an IPv4/IPv6 networking stack
  • The addition of a Keccak-based passphrase based KDF: SCBKDF
  • The addition of a new hash-based AEAD mode: HBA
  • Asymmetric ciphers and signature schemes updated to NIST-PQ Round 2 versions (updated again in November after the Round-3 versions upload)


Asymmetric Ciphers

  • The NTRU asymmetric cipher (S-Prime and L-Prime)
  • The RingLWE asymmetric cipher (New Hope -N1024/N2048)
  • The Niederreiter dual form of the McEliece cipher
  • The ModuleLWE asymmetric cipher (Kyber)

Asymmetric Signature Schemes

  • The Rainbow signature scheme
  • The Dilithium asymmetric signature schemes
  • The SPHINCS+ 256F-SHAKE128/256 asymmetric signature schemes
  • The XMSS/XMSS-MT asymmetric signature schemes

Block Ciphers

Note: Each cipher can be deployed as either the standard form (AES, Serpent), or the extended hybrid using cSHAKE or HKDF(SHA2) key expansion

  • The AES-NI Hash eXtended cipher (AHX)
  • The fallback Rijndael Hash eXtended cipher (RHX)
  • The Serpent Hash eXtended cipher (SHX)

Block Cipher Modes

  • The Hash Based Authentication mode (HBA)
  • Galois Counter authenticated block cipher Mode (GCM)
  • Cipher Block Chaining mode (CBC)
  • Cipher FeedBack mode (CFB)
  • Big-Endian integer Counter mode (CTR)
  • Electronic CodeBook mode (ECB)
  • Little-Endian Integer Counter Mode (ICM)
  • Output FeedBack Mode (OFB)

Block Cipher Padding

  • The ISO7816 Padding Scheme
  • The PKCS7 Padding Scheme
  • The Trailing Bit Compliment Padding Scheme (TBC)
  • The X.923 Padding Scheme

Stream Ciphers

Note: Integrated an optional built-in authentication generator (KMAC) to each stream cipher

  • The Authenticate and Encrypt and AEAD wide-block Rijndael-256 stream cipher implementation (ACS/RCS).
  • The RWS authenticated stream cipher: Rijndael with a 512-bit block, running 40/80 rounds in an KMAC authenticated counter-mode stream cipher
  • Threefish 256/512/1024 authenticated stream ciphers
  • ChaCha256-P20 and the [experimental] CSX512 authenticated stream ciphers

Message Digests

Note: Every message digest implementation has both parallel and sequential modes of operation

  • The Blake2 256 and 512 bit variants (Blake256/Blake512)
  • The SHA-3 256 and 512 bit variants (Keccak256/Keccak512)
  • The SHA-2 256 and 512 bit variants (SHA256/SHA512)
  • The Skein 256, 512,bit variants(Skein256/Skein512/Skein1024)


  • The Block cipher Counter mode Generator using the wide-block Rijndael-256 (BCG)
  • The custom cSHAKE Generator (CSG)
  • The HMAC Counter Generator (HCG)


  • Hash based Key Derivation Function (HKDF)
  • Key Derivation Function Version 2 (KDF2)
  • Passphrase Based Key Derivation Version 2 (PBKDF2)
  • The SHAKE cost based passphrase generator (SCBKDF)
  • The 128/256/512 SHAKE XOF function


  • Cipher based Message Authentication Code generator (CMAC)
  • Galois/Counter Message Authentication Code generator (GMAC)
  • Hash based Message Authentication Code generator (HMAC)
  • The Poly1305 Message Authentication Code generator (Poly1305)
  • Keccak based Message Authentication Code generator (KMAC)


  • The auto-seeded Block cipher Counter mode Rng (BCR)
  • The auto-seeded message Digest Counter Generator (DCR)
  • The auto-seeded HMAC Counter Generator (HCR)
  • An implementation of a Passphrase Based PRNG (PBR)
  • The prng extension wrapper class (SecureRandom)

Entropy Providers

  • Auto seed Collection Provider (ACP)
  • CPU Jitter entropy Provider (CJP)
  • Local Crypto Service Provider (CSP)
  • System Entropy Collection Provider (ECP)
  • Intel RdRand/RdSeed Provider (RDP)


This project is licensed under the AGPL version 3 (AGPLv3):


This project contains strong cryptography, before downloading the source files, it is your responsibility to check if the extended symmetric cipher key lengths (512 bit and higher), and other cryptographic algorithms contained in this project are legal in your country. If you use this code, please do so responsibly and in accordance to law in your region.