Open-Sourcing RustTURN
Post-Quantum Video
Infrastructure for Everyone

Why We Built This

Every video call on the internet flows through a TURN server. When a peer-to-peer connection fails — which happens in roughly 15% of connections due to symmetric NATs, corporate firewalls, or carrier-grade NAT — the TURN server relays the encrypted media between participants. It is the silent infrastructure that makes WebRTC actually work.

The overwhelming majority of the internet runs on coturn, an open-source C project that traces its lineage back to 2012. It works. It has also accumulated over 200 CVEs across its lifetime, including buffer overflows, use-after-frees, and authentication bypasses — the predictable consequence of handling untrusted network input in C.

When we started building V100, our AI video platform, we faced a choice: wrap coturn in containers and hope for the best, or start from zero in a language that eliminates entire categories of vulnerability at compile time. We chose Rust. And because we are H33 — a company whose entire existence is post-quantum cryptography — we wired in FIPS 203/204 compliant PQ crypto from the first commit.

What RustTURN Is

RustTURN is a complete TURN/STUN server implementing RFC 5389, RFC 5766, and RFC 8489. It handles STUN binding requests, TURN allocations, channel binds, permissions, and media relay. It speaks UDP and TCP, supports TURNS over TLS via rustls, and includes WebSocket signaling for room management.

The numbers speak for themselves:

These benchmarks were measured on AWS c8g.metal-48xl (Graviton4, 96 vCPUs) with Criterion statistical analysis. Full methodology and p50/p95/p99 percentiles are in the BENCHMARK.md.

Why Post-Quantum Crypto in a TURN Server?

This is the question we get most often, and the answer is straightforward: TURN servers see every credential and relay every byte of encrypted media. Today, that traffic is protected by TLS with ECDHE key exchange. A sufficiently powerful quantum computer running Shor's algorithm breaks ECDHE. Not theoretically — mathematically.

Nation-state adversaries are already executing harvest-now-decrypt-later (HNDL) attacks: recording encrypted traffic today, storing it, and waiting for quantum computers to crack the key exchange tomorrow. The NSA has publicly acknowledged this threat and set a 2030 deadline for federal systems to migrate to post-quantum cryptography.

Video conferencing is uniquely vulnerable because the intelligence value of recorded meetings does not decay. A board discussion about an acquisition, a legal strategy session, a classified briefing — these are worth decrypting in 2035 or 2040. Every TURN credential exchanged over classical TLS is a key that a future quantum computer can use to unlock the media it protected.

RustTURN includes a hybrid X25519 + ML-KEM-768 key exchange (FIPS 203) and signs session artifacts with ML-DSA-65 (FIPS 204). The hybrid design means that even if ML-KEM is somehow broken, the classical X25519 layer still protects you. Defense in depth.

Why Open Source?

H33 is a cryptography company. We have 134 patent claims pending. We process more post-quantum authentications per second than anyone else on earth. We could have kept RustTURN proprietary and charged for it.

We are open-sourcing it for one reason: quantum-safe infrastructure should be a public good.

The NIST PQC migration is the largest cryptographic transition in the history of the internet. It affects every TLS connection, every VPN tunnel, every video call. If we hoard quantum-safe infrastructure behind commercial licenses, we slow down the migration for everyone. And a slower migration means more years of traffic sitting in HNDL archives, waiting to be decrypted.

We built RustTURN to prove that post-quantum cryptography works at video scale — that you can add ML-KEM-768 to a TURN server without adding latency that humans can perceive. Now we are giving it away so that the next team building a video platform does not have to solve this problem from scratch.

H33's competitive advantage is not a TURN server. It is the ability to operate post-quantum cryptography at internet scale — 2.17 million auths/sec with fully homomorphic encryption, zero-knowledge proofs, and ML-DSA attestation in a single API call. RustTURN is a demonstration of that capability, not the capability itself.

Getting Started

The fastest path from zero to a running quantum-safe TURN server:

Standard WebRTC clients connect with no modifications. RustTURN speaks the same STUN/TURN protocol as coturn — it is a drop-in replacement. The post-quantum layer protects the server-side key exchange and credential wrapping; client compatibility is preserved.

Full documentation, configuration reference, and benchmark reproduction instructions are in the GitHub repository.

What Comes Next

This initial release includes the core TURN/STUN server with PQ crypto. On our roadmap:

• TURN over QUIC — leveraging QUIC's reduced handshake latency for faster relay establishment
• Prometheus metrics endpoint — production observability out of the box
• Kubernetes Helm chart — one-command deployment to any cluster
• Geographic load balancing — latency-aware relay selection across regions
• FIPS 140-3 module certification — for regulated environments

We welcome contributions. The CONTRIBUTING.md has everything you need to get started. PQ crypto changes must maintain FIPS 203/204 compliance. All PRs must pass cargo test and cargo clippy.