Implementation Map

aead::AES_256_GCM. Hardware-accelerated. Minimal unsafe surface.

Pure Rust with optional AES-NI. Part of the RustCrypto ecosystem.

cryptography.hazmat.primitives.ciphers.aead.AESGCM. Built on OpenSSL.

Pure JS/TS AES-GCM. Audited. No native dependencies.

crypto.subtle.encrypt({name:'AES-GCM',...}). Native browser implementation.

cipher.NewGCM(block). Standard library. Hardware-accelerated.

AesGcm class. .NET 6+. Uses OS-level crypto provider.

Cipher.getInstance("AES/GCM/NoPadding"). Built into JDK.

Rust bindings to libsodium. secretbox/aead APIs.

XChaCha20Poly1305 type. Pure Rust, constant-time.

nacl.secret.SecretBox (XSalsa20-Poly1305) or nacl.aead for XChaCha20. Wraps libsodium.

crypto_aead_xchacha20poly1305_ietf_encrypt. WASM build of libsodium.

chacha20poly1305.NewX() for XChaCha20. Official Go extended crypto.

.NET bindings to libsodium. SecretAead.Encrypt.

XChaCha20Poly1305 via BC lightweight API.

Pure Rust Argon2id. Implements RFC 9106.

Wraps the C reference implementation. OWASP-recommended defaults.

Node.js native binding to the C reference. Server-side only.

argon2.IDKey(). Official Go extended crypto library.

Pure .NET Argon2id implementation.

Argon2BytesGenerator class in BC lightweight API.

Part of the dalek ecosystem. Widely used in Rust crypto.

nacl.signing.SigningKey. Wraps libsodium Ed25519.

Ed25519PrivateKey.generate(). Built on OpenSSL 3.x.

ed25519.sign/verify. Pure JS, audited, zero dependencies.

Standard library Ed25519. Used throughout Go ecosystem.

Not natively available before .NET 9 preview. Use Bouncy Castle or NSec.

Ed25519Signer class. Also available in JDK 15+ via EdDSA provider.

EphemeralSecret + PublicKey. Part of the dalek ecosystem.

nacl.public.Box for X25519 key agreement. Wraps libsodium.

x25519.getSharedSecret(). Pure JS, audited.

curve25519.X25519(). Official Go extended library.

X25519 key agreement. Modern .NET crypto library.

X25519Agreement class. Also in JDK 11+ via XDH.

Hkdf::<Sha256>::new_from_prk(). Pure Rust.

cryptography.hazmat.primitives.kdf.hkdf.HKDF. Built on OpenSSL.

hkdf(sha256, inputKey, salt, info, length). Pure JS, audited.

hkdf.New(sha256.New, secret, salt, info). Official Go crypto.

HKDF.DeriveKey(). .NET 5+.

HKDFBytesGenerator class.

hmac::sign/verify. Hardware-accelerated SHA-256.

hmac.new(key, msg, hashlib.sha256). Python standard library.

hmac(sha256, key, message). Pure JS, audited.

crypto.subtle.sign('HMAC', key, data). Native browser.

hmac.New(sha256.New, key). Standard library.

HMACSHA256 class. Built into .NET.

Mac.getInstance("HmacSHA256"). Built into JDK.

FIPS 203 implementation. Pure Rust.

Pure Python ML-KEM. Educational and testing use. [verify before use]

TypeScript ML-KEM implementation. [verify before use]

By Go crypto team lead Filippo Valsorda. Clean API.

ML-KEM implementation in BC C# API.

MLKEMKeyPairGenerator / MLKEMExtractor. BC 1.78+.

FIPS 204 implementation. Pure Rust.

Pure Python ML-DSA reference. [verify before use]

Cloudflare's PQ crypto library. Dilithium/ML-DSA modes.

ML-DSA implementation in BC C# API.

MLDSAKeyPairGenerator / MLDSASigner. BC 1.78+.