quipnetwork/hashsigs-py — explained in plain English
Analysis updated 2026-06-24
Generate a quantum-resistant key pair and sign messages in a Python application that needs long-term cryptographic security.
Verify digital signatures in a system that must remain secure even after quantum computers become practical.
Benchmark pure-Python vs Rust-backed hash signature performance to decide whether to compile the Rust extension in your deployment.
| quipnetwork/hashsigs-py | embraceagi/awesome-chatgpt-zh | speechbrain/speechbrain | |
|---|---|---|---|
| Stars | 11,535 | 11,535 | 11,537 |
| Language | Python | Python | Python |
| Setup difficulty | moderate | easy | moderate |
| Complexity | 3/5 | 1/5 | 4/5 |
| Audience | developer | general | researcher |
Figures from each repo's GitHub metadata at analysis time.
Pure-Python mode needs only pip, full performance requires the Rust toolchain at install time. Python 3.13 and macOS have known build quirks documented in the README.
Hashsigs-py is a Python package that implements WOTS+, a type of cryptographic digital signature based entirely on hash functions. Unlike most signing systems in use today, hash-based signatures are considered resistant to attacks from quantum computers, making this approach relevant to organizations thinking about long-term security. The package is installed with pip and works out of the box using a pure Python implementation. For better performance, it can optionally build a Rust extension at install time. If the Rust toolchain is present on the system, the package detects it automatically and compiles the faster backend. The Python code then checks at runtime whether the Rust extension is available and falls back to pure Python if it is not. This means the package is usable on any machine, with the faster path available when Rust is set up. Using the library involves three steps: generating a key pair from a seed, signing a message with the private key, and verifying the signature using the public key. Both key generation and signing accept raw byte strings. The README includes a one-line shell command that imports the package, runs a sign-and-verify cycle, and prints the result, providing a quick confirmation that the installation is working correctly. The test suite has three tiers depending on what dependencies are available: full tests with vector validation require both the Rust extension and a keccak cryptographic provider, a reduced set runs with keccak but without Rust, and a minimal set runs with only the standard library. The README includes troubleshooting steps for common build failures on Python 3.13 and macOS. The project is released under the AGPL-3.0 license.
A Python package that lets you generate and verify quantum-resistant digital signatures using hash functions, install via pip, with an optional Rust backend for extra speed.
Mainly Python. The stack also includes Python, Rust, pip.
Released under AGPL-3.0, you may use and modify the code, but if you distribute or run it as a service you must share your source code under the same license.
Setup difficulty is rated moderate, with roughly 30min to a first successful run.
Mainly developer.
This repo across BitVibe Labs
Verify against the repo before relying on details.