v0.5.0 (2026-06-25)
MetamorphicCrypto.Hybridnow surfaces the Cat-1 (ML-KEM-512 + X25519) tier, completing the full standardized ML-KEM range (NIST categories 1/3/5):generate_keypair/1accepts:cat1(832-byte public key, 32-byte seed);generate_keypair_512/0is the convenience alias.seal/3andseal_raw/3accept:cat1;seal_512/2andseal_raw_512/2are convenience aliases. Cat-1 ciphertexts carry version tag0x01(0x01 || ML-KEM-512 ct (768 B) || X25519 eph pk (32 B) || nonce (24 B) || secretbox ct).open/2auto-detects Cat-1/Cat-3/Cat-5 from the version tag — no API change.hybrid_ciphertext?/1is length-aware, so short legacy ciphertexts that happen to begin with0x01are not misdetected as Cat-1.
MetamorphicCrypto.Seal.seal_for_user/3(andseal_for_user_raw/3) now acceptlevel: :cat1, mirroring the existing:cat3/:cat5options, so the unified seal/unseal API spans the full standardized ML-KEM range.unseal_from_user/4is unchanged — it already auto-detects the level from the version tag.- Honesty note (NIST defines ML-KEM only at categories 1/3/5): there is no
Cat-2/Cat-4 KEM. The classical half is always X25519 (~Cat-1 classical), the
floor at every tier; the post-quantum half grows Cat-1 → Cat-3 → Cat-5. Wire
version tags are scoped per artifact type: on the KEM side
0x01= Cat-1 (ML-KEM-512), whereas on the signature side0x01= Cat-2 (ML-DSA-44). - Sync the native crate dependency to
metamorphic-crypto0.6.0, which adds the Cat-1 KEM API. No change to existing encryption, hashing, signature, or wire formats.
v0.4.0 (2026-06-24)
- Add
MetamorphicCrypto.Sign— hybrid post-quantum signatures combining ML-DSA (FIPS 204) + Ed25519 in a composite, strict-AND verified scheme:generate_signing_keypair/0(default:cat3) andgenerate_signing_keypair/1(:cat2/:cat3/:cat5) returning%{public_key, secret_key}(base64 strings).sign/3(raw message binary + UTF-8context+ base64 secret key → base64 signature) andverify/4(→ boolean, both components must verify).derive_public_key/1deterministically re-derives the base64 verifying key from a secret key — so a key recovered from backup regenerates byte-identically (no false key-change alert for TOFU-pinned keys).sign_context_v1/0exposes the recommended"metamorphic/sign/v1"context label; plusderive_public_key!/1andsign!/3raising variants.- Convenience facade:
MetamorphicCrypto.generate_signing_keypair/0,1,sign/3,verify/4, andderive_public_key/1.
- ML-DSA uses the hedged (randomized) FIPS 204 variant, so signature bytes
are non-reproducible (both-valid); the wire format — version tags, byte
layout, domain-separation framing
(
I2OSP(len(context), 8) || context || message), and public-key derivation — is fully deterministic and pinnable across native Rust, WASM, and this NIF. - Sync the native crate dependency to
metamorphic-crypto0.5.0, which exposes the composite signature API. No change to existing encryption, hashing, or wire formats.
v0.3.0 (2026-06-22)
- Add
MetamorphicCrypto.Hash— SHA-3 / SHA-2 hashing for public data (key fingerprints, safety numbers, key-transparency-log entries):sha3_512/1(recommended default, Cat-5),sha3_256/1,sha256/1,sha512/1, and the domain-separatedsha3_512_with_context/2— plus!raising variants.- Base64 in, base64 out, matching the rest of the package and the WASM wire format, so a digest computed in Elixir is byte-for-byte identical to one computed in the browser/native (verified by a locked parity vector).
MetamorphicCrypto.sha3_512/1andMetamorphicCrypto.sha3_512_with_context/2added to the top-level convenience facade.
- These digests are for public data only and intentionally add no
zeroize/constant-time ceremony; do not hash secrets with them (use
MetamorphicCrypto.KDF.derive_session_key/2for secret material). - Sync the native crate dependency to
metamorphic-crypto0.4.0, which exposes the public hashing API. No change to existing encryption behavior or wire formats.
v0.2.2 (2026-06-10)
- No functional or API changes; encryption output is unchanged.
- Sync the native crate dependency to
metamorphic-crypto0.3.7, deduping thesha3/keccaktree for a cleaner SBOM. - Supply-chain hardening of the release pipeline: SHA-pinned actions,
build-provenance attestation of each precompiled NIF,
cargo auditgate, grouped Dependabot, and aSECURITY.md. - Packaging: exclude the maintainer-only release task from the published package.
v0.2.1 (2026-05-23)
Add
MetamorphicCrypto.Hybrid.security_level/0type (:cat3 | :cat5)MetamorphicCrypto.Hybrid.generate_keypair/1now accepts an optional security level —generate_keypair(:cat5)for ML-KEM-1024,generate_keypair()for ML-KEM-768 (default, unchanged behavior)MetamorphicCrypto.Hybrid.seal/3andseal_raw/3now accept an optional security level parameterMetamorphicCrypto.Seal.seal_for_user/3andseal_for_user_raw/3now accept a:leveloption (:cat3or:cat5) for choosing the PQ security level when a PQ public key is provided- Existing
generate_keypair_1024/0,seal_1024/2, andseal_raw_1024/2are preserved as convenience aliases - All changes are backwards compatible — no NIF or binary changes required
v0.2.0 (2026-05-13)
- Switch from vendored
metamorphic-cryptoRust source tometamorphic-cryptov0.2.0 on crates.io (no user-facing changes — the public Elixir API is fully backwards compatible) - Add ML-KEM-1024 + X25519 (Cat-5, NIST Category 5, ~AES-256) hybrid encryption:
MetamorphicCrypto.Hybrid.generate_keypair_1024/0— generate Cat-5 keypairMetamorphicCrypto.Hybrid.seal_1024/2— encrypt with Cat-5MetamorphicCrypto.Hybrid.seal_raw_1024/2— encrypt raw bytes with Cat-5
MetamorphicCrypto.Hybrid.open/2now auto-detects Cat-3 (v2) and Cat-5 (v3) ciphertextMetamorphicCrypto.Hybrid.hybrid_ciphertext?/1now detects both v2 and v3 formats
v0.1.2 (2026-05-12)
- Add explicit
targetslist toRustlerPrecompiledconfig- Prevents download attempts for unsupported platforms (e.g.
arm-unknown-linux-gnueabihf) mix rustler_precompiled.download --allnow only fetches the 5 supported targets
- Prevents download attempts for unsupported platforms (e.g.
v0.1.1 (2026-05-12)
- Fix precompiled NIF loading on macOS and Windows
- Binary inside tar archive was named incorrectly (
libmetamorphic_crypto_nif.dylibinstead of the versioned.soname that RustlerPrecompiled expects) - Users without Rust installed would get
nif_not_loadederrors
- Binary inside tar archive was named incorrectly (
v0.1.0 (2026-05-11)
- Initial release
- XSalsa20-Poly1305 symmetric encryption (
MetamorphicCrypto.SecretBox) - X25519 sealed box public-key encryption (
MetamorphicCrypto.BoxSeal) - ML-KEM-768 + X25519 hybrid post-quantum encryption (
MetamorphicCrypto.Hybrid) - Unified seal/unseal with auto-format-detection (
MetamorphicCrypto.Seal) - Argon2id key derivation (
MetamorphicCrypto.KDF) - Key generation utilities (
MetamorphicCrypto.Keys) - Human-readable recovery keys (
MetamorphicCrypto.Recovery) - Precompiled NIF binaries for all major platforms