NaCl (software)

Last updated
NaCl
Original author(s) Daniel J. Bernstein, Tanja Lange, Peter Schwabe
Initial release2008;16 years ago (2008)
Stable release
20110221 / February 21, 2011;13 years ago (2011-02-21)
Operating system UNIX-like
License public domain [1]
Website nacl.cr.yp.to

NaCl (Networking and Cryptography Library, pronounced "salt") is a public domain, high-speed software library for cryptography. [2]

Contents

NaCl was created by the mathematician and programmer Daniel J. Bernstein, who is best known for the creation of qmail and Curve25519. The core team also includes Tanja Lange and Peter Schwabe. [3] [4] The main goal while creating NaCl, according to the team's 2011 paper, was to "avoid various types of cryptographic disasters suffered by previous cryptographic libraries". The team does so by safer designs that avoid issues such as side-channel leakage and loss of randomness, by being performant enough that safety features do not get disabled by the user, and by picking better cryptographic primitives. The high-level "box" API is designed to encourage the use of authenticated encryption. [1]

Functions

Public-key cryptography

Secret-key cryptography

Low-level functions

Implementations

The reference implementation is written in C, often with several inline assembler. C++ is handled as a wrapper. A Python wrapper was planned, [8] but is not part of the latest (20110221) release. The home page, last updated 2016, mentions prototype wrappers. [2]

Reference NaCl has a variety of programming language bindings such as PHP [9] and Tcl. [10] [ third-party source needed ]

Libsodium

Libsodium is a API-compatible fork of reference NaCl created in 2013. It is "installable and packageable", or in other words can be compiled into a dynamic library and installed as a software package thanks to the addition of build files (NaCl had none). It is also "portable and cross-compilable". [11]

As libsodium can be dynamically linked, it serves as the basis for a number of bindings in languages such as Pharo, [12] Perl 5, [13] and Python. [14] [15]

libsodium also extends the NaCl API with new algorithms (e.g. BLAKE2, [16] ChaCha20-Poly1305, AEGIS) [17] and new classes of functions (e.g. secure memory, random number generation, short-input hashing, [18] password hashing and key derivation).

TweetNaCl

In 2013, the NaCl team and three others released TweetNaCl, a condensed implementation of NaCl's 25 functions that fits in the size of 100 tweets (140 symbols each). [19]

TweetNaCl has been used as the basis of ports including TweetNaCl.js [20] and TweetNaCl-Java. [21] It has also been rewritten in the SPARK Ada subset as SPARKNaCl, which the authors describe as "(unlike TweetNaCl) readable owing to the large number of explanatory comments and contracts in the code." [22]

Other implementations

See also

Related Research Articles

<span class="mw-page-title-main">Daniel J. Bernstein</span> American mathematician, cryptologist and computer scientist (born 1971)

Daniel Julius Bernstein is an American mathematician, cryptologist, and computer scientist. He is a visiting professor at CASA at Ruhr University Bochum, as well as a research professor of Computer Science at the University of Illinois at Chicago. Before this, he was a visiting professor in the department of mathematics and computer science at the Eindhoven University of Technology.

Articles related to cryptography include:

<span class="mw-page-title-main">Cryptographic hash function</span> Hash function that is suitable for use in cryptography

A cryptographic hash function (CHF) is a hash algorithm that has special properties desirable for a cryptographic application:

CRYPTREC is the Cryptography Research and Evaluation Committees set up by the Japanese Government to evaluate and recommend cryptographic techniques for government and industrial use. It is comparable in many respects to the European Union's NESSIE project and to the Advanced Encryption Standard process run by National Institute of Standards and Technology in the U.S.

In cryptography, a message authentication code (MAC), sometimes known as an authentication tag, is a short piece of information used for authenticating and integrity-checking a message. In other words, to confirm that the message came from the stated sender and has not been changed. The MAC value allows verifiers to detect any changes to the message content.

<span class="mw-page-title-main">Nothing-up-my-sleeve number</span> Numbers used by cryptographers to show that they are working in good faith

In cryptography, nothing-up-my-sleeve numbers are any numbers which, by their construction, are above suspicion of hidden properties. They are used in creating cryptographic functions such as hashes and ciphers. These algorithms often need randomized constants for mixing or initialization purposes. The cryptographer may wish to pick these values in a way that demonstrates the constants were not selected for a nefarious purpose, for example, to create a backdoor to the algorithm. These fears can be allayed by using numbers created in a way that leaves little room for adjustment. An example would be the use of initial digits from the number π as the constants. Using digits of π millions of places after the decimal point would not be considered trustworthy because the algorithm designer might have selected that starting point because it created a secret weakness the designer could later exploit—though even with natural-seeming selections, enough entropy exists in the possible choices that the utility of these numbers has been questioned.

Poly1305 is a universal hash family designed by Daniel J. Bernstein for use in cryptography.

In cryptography, Curve25519 is an elliptic curve used in elliptic-curve cryptography (ECC) offering 128 bits of security and designed for use with the Elliptic-curve Diffie–Hellman (ECDH) key agreement scheme. It is one of the fastest curves in ECC, and is not covered by any known patents. The reference implementation is public domain software.

DNSCurve is a proposed secure protocol for the Domain Name System (DNS), designed by Daniel J. Bernstein. It encrypts and authenticates DNS packets between resolvers and authoritative servers.

The following outline is provided as an overview of and topical guide to cryptography:

There are various implementations of the Advanced Encryption Standard, also known as Rijndael.

Post-quantum cryptography (PQC), sometimes referred to as quantum-proof, quantum-safe, or quantum-resistant, is the development of cryptographic algorithms that are thought to be secure against a cryptanalytic attack by a quantum computer. The problem with popular algorithms currently used in the market is that their security relies on one of three hard mathematical problems: the integer factorization problem, the discrete logarithm problem or the elliptic-curve discrete logarithm problem. All of these problems could be easily solved on a sufficiently powerful quantum computer running Shor's algorithm or even faster and less demanding alternatives.

wolfSSL is a small, portable, embedded SSL/TLS library targeted for use by embedded systems developers. It is an open source implementation of TLS written in the C programming language. It includes SSL/TLS client libraries and an SSL/TLS server implementation as well as support for multiple APIs, including those defined by SSL and TLS. wolfSSL also includes an OpenSSL compatibility interface with the most commonly used OpenSSL functions.

In public-key cryptography, Edwards-curve Digital Signature Algorithm (EdDSA) is a digital signature scheme using a variant of Schnorr signature based on twisted Edwards curves. It is designed to be faster than existing digital signature schemes without sacrificing security. It was developed by a team including Daniel J. Bernstein, Niels Duif, Tanja Lange, Peter Schwabe, and Bo-Yin Yang. The reference implementation is public-domain software.

In cryptography, the Salted Challenge Response Authentication Mechanism (SCRAM) is a family of modern, password-based challenge–response authentication mechanisms providing authentication of a user to a server. As it is specified for Simple Authentication and Security Layer (SASL), it can be used for password-based logins to services like LDAP, HTTP, SMTP, POP3, IMAP and JMAP (e-mail), XMPP (chat), or MongoDB and PostgreSQL (databases). For XMPP, supporting it is mandatory.

The tables below compare cryptography libraries that deal with cryptography algorithms and have application programming interface (API) function calls to each of the supported features.

In cryptography, security level is a measure of the strength that a cryptographic primitive — such as a cipher or hash function — achieves. Security level is usually expressed as a number of "bits of security", where n-bit security means that the attacker would have to perform 2n operations to break it, but other methods have been proposed that more closely model the costs for an attacker. This allows for convenient comparison between algorithms and is useful when combining multiple primitives in a hybrid cryptosystem, so there is no clear weakest link. For example, AES-128 is designed to offer a 128-bit security level, which is considered roughly equivalent to a RSA using 3072-bit key.

Post-Quantum Cryptography Standardization is a program and competition by NIST to update their standards to include post-quantum cryptography. It was announced at PQCrypto 2016. 23 signature schemes and 59 encryption/KEM schemes were submitted by the initial submission deadline at the end of 2017 of which 69 total were deemed complete and proper and participated in the first round. Seven of these, of which 3 are signature schemes, have advanced to the third round, which was announced on July 22, 2020.

ChaCha20-Poly1305 is an authenticated encryption with additional data (AEAD) algorithm, that combines the ChaCha20 stream cipher with the Poly1305 message authentication code. Its usage in IETF protocols is standardized in RFC 8439. It has fast software performance, and without hardware acceleration, is usually faster than AES-GCM.

References

  1. 1 2 Daniel J. Bernstein; Tanja Lange; Peter Schwabe. "The security impact of a new cryptographic library" (PDF). Archived (PDF) from the original on 2017-08-09.
  2. 1 2 "NaCl: Networking and Cryptography library".
  3. "Tanja Lange's Homepage".
  4. "Peter Schwabe's Homepage".
  5. Bernstein, Daniel J. (10 March 2009). Cryptography in NaCl (PDF). Archived (PDF) from the original on 25 March 2017. Retrieved 8 February 2016.
  6. "Hashing: crypto_hash". 2010-08-30. Retrieved 2015-11-14.
  7. "String comparison: crypto_verify". nacl.cr.yp.to. Retrieved 19 January 2024.
  8. "NaCl Internals".
  9. "NaCl PHP Extension". Github. 2019-06-14.
  10. "Tclers Wiki - NaCl for Tcl".
  11. Denis, Frank (18 January 2024). "libsodium: A modern, portable, easy to use crypto library".
  12. "SmalltalkHub repository".
  13. "Crypt::NaCl::Sodium".
  14. Python Cryptographic Authority (18 January 2024). "pyca/pynacl". GitHub. PyNaCl is a Python binding to libsodium, which is a fork of the Networking and Cryptography library.
  15. "Bindings for other languages". libsodium.
  16. "Generic hashing". 2017-12-13. Retrieved 2018-05-19.
  17. "AEAD constructions". libsodium.
  18. "Short-input hashing". libsodium.
  19. Daniel J. Bernstein; Bernard van Gastel; Wesley Janssen; Tanja Lange; Peter Schwabe; Sjaak Smetsers (2013). "TweetNaCl".
  20. "TweetNaCl.js".
  21. "TweetNaCl-Java".
  22. "SPARKNaCl".
  23. "Don't Roll Your Own Crypto (dryoc): pure-Rust, hard to misuse cryptography library".
  24. Vaillant, Loup (17 January 2024). "LoupVaillant/Monocypher".