Architecture Check: Custom PQC Provider in Quinn + Handshake TLD Routing

โš“ Rust    ๐Ÿ“… 2026-07-12    ๐Ÿ‘ค surdeus    ๐Ÿ‘๏ธ 1      

surdeus

Hey, I'm Q4CHIN. Made this account today to post this anonymously. I know fresh accounts look sketchy, so I'll skip the intro.

I'm designing a federated network where node ops own Handshake TLDs and run open nodes (MIT). Access is gated by a central license check to ban DDOS/crime nodes instantly.

Stack: Quinn for QUIC/UDP, Handshake for TLDs, and Post-Quantum (FIPS 203/204 - Kyber/Dilithium) for the handshakes. The browser client will be source-available (audit-only) so people can verify no logging, but the license forbids compiling derivatives. Only the signed binary joins the network.

My main blocker: I need to swap Quinn's default rustls provider for a custom PQC implementation.

  1. Has anyone plugged a custom crypto provider (specifically Kyber/Dilithium) into Quinn without forking the whole crate? Docs on CryptoProvider are thin. Is this even feasible in stable Rust right now?

  2. Any pitfalls resolving Handshake TLDs during the QUIC handshake? Or should that be a pre-step? Worried about latency spikes blocking connection setup.

Full spec is here: GitHub - Q4CHIN/Better-Tor: The Scary dark web ยท GitHub

Just need to know if this arch is fundamentally broken or if I'm missing a limitation in Quinn/Rust. If you think it's impossible, tell me why. Rather know now than waste months.

Thanks.

1 post - 1 participant

Read full topic

๐Ÿท๏ธ Rust_feed