PQClean
PQClean is a collaborative repository of clean, portable C implementations of post-quantum cryptographic schemes from the NIST standardization project. It is not a linkable library but a curated source collection with strict coding rules and heavy automated testing, designed so other projects can copy its implementations directly. liboqs and the Rust pqcrypto crates are among its best-known consumers.
Goals and coding rules
PQClean exists because code submitted to cryptographic competitions is written to demonstrate an algorithm, not to be deployed. Submission packages often carry undefined behavior, compiler-specific assumptions, unused variables, or timing leaks that are acceptable in a research artifact but dangerous downstream. PQClean takes those schemes and holds them to a fixed engineering standard, documented in the PQClean repository:
- Valid C99 with no compiler warnings under strict flags, portable across common platforms.
- No dynamic memory allocation, which makes the code suitable for embedded targets and removes a class of failure modes.
- No external dependencies beyond a small set of shared primitives such as SHA-2, SHA-3, and AES provided by the repository itself.
- A consistent API following the NIST and SUPERCOP conventions (
crypto_kem_keypair,crypto_kem_enc,crypto_kem_dec, and the signature equivalents), so all schemes look alike to a caller. - Constant-time behavior with respect to secret data: secret-dependent branches and memory accesses are prohibited and checked with Valgrind-based dynamic analysis.
Continuous integration builds every implementation across multiple compilers and architectures, runs known-answer tests against official test vectors, and exercises the code under sanitizers. The result is code that is deliberately boring: readable, reviewable, and safe to vendor.
What it contains
The repository tracks schemes from the NIST process, including the standardized ML-KEM, ML-DSA, and SLH-DSA (alongside their pre-standard SPHINCS+ lineage), Falcon (the planned FN-DSA / Falcon), HQC, and Classic McEliece. Most schemes ship in at least a clean portable variant, and many add optimized variants such as avx2 that pass the same test regime. Licensing is set per implementation and is mostly public domain (CC0), with some code under MIT or Apache-2.0.
How other projects consume it
PQClean is upstream infrastructure for much of the post-quantum ecosystem described in post-quantum cryptography libraries:
- liboqs pulls implementations from PQClean through an automated
copy_from_upstreamworkflow, wrapping them in its unified API. - The Rust pqcrypto crate family is generated automatically from PQClean sources, giving Rust programs access to the same audited-style C code through safe bindings.
- pqm4, the standard benchmarking and testing framework for post-quantum cryptography on the ARM Cortex-M4, shares contributors and code with PQClean and uses its clean implementations as a baseline for embedded optimization work.
- Firmware and application developers vendor individual scheme directories directly, which the no-allocation, no-dependency rules make practical.
Because consumers copy code rather than link a shared artifact, fixes propagate only when downstream projects re-import, and PQClean itself publishes no versioned releases in the traditional sense. That is a deliberate trade-off: the repository optimizes for source quality and auditability rather than distribution.
History and position in the ecosystem
PQClean began in 2019, led by researchers involved in the NIST process and in embedded benchmarking, including Matthias Kannwischer, Joost Rijneveld, Peter Schwabe, Douglas Stebila, and Thom Wiggers. It filled a gap the standardization process itself did not cover: NIST evaluated algorithm designs, but someone still had to turn submission code into implementations the software ecosystem could trust. As of early 2026 the repository remains maintained, tracking the final FIPS versions of the standardized schemes, while newer production-focused efforts such as the PQCA's PQ Code Package pursue formally verified implementations of single algorithms. PQClean remains the broadest single collection of consistently tested, portable post-quantum C code.
Frequently asked questions
Is PQClean a library I can install and link against?
No. PQClean is a source repository, not a packaged library. Projects copy the implementations they need into their own build, or use downstream packages such as liboqs or the Rust pqcrypto crates that vendor PQClean code.
Sources
- PQClean source repository (PQClean project, 2025)
- liboqs source repository (Open Quantum Safe project, 2025)
- pqcrypto: Rust bindings to PQClean (pqcrypto project, 2025)
- pqm4: post-quantum crypto library for the ARM Cortex-M4 (mupq project, 2025)
Cite this entry
"PQClean." postquantum.wiki. Updated July 11, 2026. https://postquantum.wiki/pqclean@misc{pqwiki-pqclean,
title = {PQClean},
howpublished = {\url{https://postquantum.wiki/pqclean}},
year = {2026},
note = {postquantum.wiki, updated 2026-07-11}
}