Fast Cryptography Extension Library — Rust Implementation
WarpCrypto is a high-performance cryptography library written in Rust as a Python extension (via PyO3 + maturin). It implements the cryptographic algorithms required by Telegram's MTProto protocol:
AES-256-IGE— used in MTProto v2.0AES-256-CTR— used for CDN encrypted fileskdf— key derivation function per MTProto 2.0 specpack_message/unpack_message— combined KDF+AES-IGE in a single call (1 GIL release vs 3 for tgcrypto)
- 3–5× faster than tgcrypto (C extension) in multi-client benchmarks
- AES-NI hardware acceleration via the
aescrate's runtime CPU feature detection (cpufeatures) - Zero-copy IGE with block-aligned GenericArray operations
- Block-based CTR — processes 16-byte blocks with
chunks_exact_mut, not byte-by-byte - Proper state propagation — IV and state bytearrays are mutated in-place matching tgcrypto exactly
- Memory safe — Rust's type system guarantees no buffer overflows, use-after-free, or data races
- Zero compiler warnings
- Python 3.8 or higher
- Rust toolchain (for building from source; pre-built wheels available for most platforms)
pip install WarpCryptoInstall from source:
pip install maturin
maturin build --release
pip install target/wheels/*.whldef ige256_encrypt(data: bytes, key: bytes, iv: bytes) -> bytes: ...
def ige256_decrypt(data: bytes, key: bytes, iv: bytes) -> bytes: ...
def ctr256_encrypt(data: bytes, key: bytes, iv: bytearray, state: bytearray) -> bytes: ...
def ctr256_decrypt(data: bytes, key: bytes, iv: bytearray, state: bytearray) -> bytes: ...
def kdf(auth_key: bytes, msg_key: bytes, outgoing: bool) -> tuple[bytes, bytes]: ...
def pack_message(data: bytes, salt: int, session_id: bytes, auth_key: bytes, auth_key_id: bytes) -> bytes: ...
def unpack_message(packed: bytes, session_id: bytes, auth_key: bytes, auth_key_id: bytes) -> bytes: ...import os
import warpcrypto
data = os.urandom(10 * 1024 * 1024)
key = os.urandom(32)
iv = os.urandom(32)
ige_encrypted = warpcrypto.ige256_encrypt(data, key, iv)
ige_decrypted = warpcrypto.ige256_decrypt(ige_encrypted, key, iv)
assert data == ige_decryptedimport os
import warpcrypto
data = os.urandom(10 * 1024 * 1024)
key = os.urandom(32)
enc_iv = bytearray(os.urandom(16))
dec_iv = bytearray(enc_iv)
ctr_encrypted = warpcrypto.ctr256_encrypt(data, key, enc_iv, bytearray(1))
ctr_decrypted = warpcrypto.ctr256_decrypt(ctr_encrypted, key, dec_iv, bytearray(1))
assert data == ctr_decryptedimport warpcrypto
auth_key = bytes(range(256))
msg_key = os.urandom(16)
aes_key, aes_iv = warpcrypto.kdf(auth_key, msg_key, outgoing=True) # x=0
aes_key, aes_iv = warpcrypto.kdf(auth_key, msg_key, outgoing=False) # x=8pip install pytest
pytestWarpCrypto outperforms tgcrypto (C extension) by 3–5× across all client counts (1–128 concurrent clients). Performance scales with AES-NI availability (most x86_64 and Apple Silicon CPUs).
LGPLv3+ — Originally by Dan. Rust port maintained by Riajul.