NaCl (software)

Last updated
NaCl
Original author(s) Daniel J. Bernstein, Tanja Lange, Peter Schwabe
Initial release2008;16 years ago (2008)
Stable release
20110221 / February 21, 2011;13 years ago (2011-02-21)
Operating system UNIX-like
License public domain [1]
Website nacl.cr.yp.to

NaCl (Networking and Cryptography Library, pronounced "salt") is a public domain, high-speed software library for cryptography. [2]

Contents

NaCl was created by the mathematician and programmer Daniel J. Bernstein, who is best known for the creation of qmail and Curve25519. The core team also includes Tanja Lange and Peter Schwabe. [3] [4] The main goal while creating NaCl, according to the team's 2011 paper, was to "avoid various types of cryptographic disasters suffered by previous cryptographic libraries". The team does so by safer designs that avoid issues such as side-channel leakage and loss of randomness, by being performant enough that safety features do not get disabled by the user, and by picking better cryptographic primitives. The high-level "box" API is designed to encourage the use of authenticated encryption. [1]

Functions

Public-key cryptography

Secret-key cryptography

Low-level functions

Implementations

The reference implementation is written in C, often with several inline assembler. C++ is handled as a wrapper. A Python wrapper was planned, [8] but is not part of the latest (20110221) release. The home page, last updated 2016, mentions prototype wrappers. [2]

Reference NaCl has a variety of programming language bindings such as PHP [9] and Tcl. [10] [ third-party source needed ]

Libsodium

Libsodium is a API-compatible fork of reference NaCl created in 2013. It is "installable and packageable", or in other words can be compiled into a dynamic library and installed as a software package thanks to the addition of build files (NaCl had none). It is also "portable and cross-compilable". [11]

As libsodium can be dynamically linked, it serves as the basis for a number of bindings in languages such as Pharo, [12] Perl 5, [13] and Python. [14] [15]

libsodium also extends the NaCl API with new algorithms (e.g. BLAKE2, [16] ChaCha20-Poly1305, AEGIS) [17] and new classes of functions (e.g. secure memory, random number generation, short-input hashing, [18] password hashing and key derivation).

TweetNaCl

In 2013, the NaCl team and three others released TweetNaCl, a condensed implementation of NaCl's 25 functions that fits in the size of 100 tweets (140 symbols each). [19]

TweetNaCl has been used as the basis of ports including TweetNaCl.js [20] and TweetNaCl-Java. [21] It has also been rewritten in the SPARK Ada subset as SPARKNaCl, which the authors describe as "(unlike TweetNaCl) readable owing to the large number of explanatory comments and contracts in the code." [22]

Other implementations

See also

Related Research Articles

<span class="mw-page-title-main">Daniel J. Bernstein</span> American mathematician, cryptologist and computer scientist (born 1971)

Daniel Julius Bernstein is an American mathematician, cryptologist, and computer scientist. He was a visiting professor at CASA at Ruhr University Bochum until 2024, as well as a research professor of Computer Science at the University of Illinois at Chicago. Before this, he was a visiting professor in the department of mathematics and computer science at the Eindhoven University of Technology.

<span class="mw-page-title-main">OpenSSL</span> Open-source implementation of the SSL and TLS protocols

OpenSSL is a software library for applications that provide secure communications over computer networks against eavesdropping, and identify the party at the other end. It is widely used by Internet servers, including the majority of HTTPS websites.

<span class="mw-page-title-main">Cryptographic hash function</span> Hash function that is suitable for use in cryptography

A cryptographic hash function (CHF) is a hash algorithm that has special properties desirable for a cryptographic application:

NTRU is an open-source public-key cryptosystem that uses lattice-based cryptography to encrypt and decrypt data. It consists of two algorithms: NTRUEncrypt, which is used for encryption, and NTRUSign, which is used for digital signatures. Unlike other popular public-key cryptosystems, it is resistant to attacks using Shor's algorithm. NTRUEncrypt was patented, but it was placed in the public domain in 2017. NTRUSign is patented, but it can be used by software under the GPL.

CRYPTREC is the Cryptography Research and Evaluation Committees set up by the Japanese Government to evaluate and recommend cryptographic techniques for government and industrial use. It is comparable in many respects to the European Union's NESSIE project and to the Advanced Encryption Standard process run by National Institute of Standards and Technology in the U.S.

<span class="mw-page-title-main">Nothing-up-my-sleeve number</span> Cryptography number with no hidden properties

In cryptography, nothing-up-my-sleeve numbers are any numbers which, by their construction, are above suspicion of hidden properties. They are used in creating cryptographic functions such as hashes and ciphers. These algorithms often need randomized constants for mixing or initialization purposes. The cryptographer may wish to pick these values in a way that demonstrates the constants were not selected for a nefarious purpose, for example, to create a backdoor to the algorithm. These fears can be allayed by using numbers created in a way that leaves little room for adjustment. An example would be the use of initial digits from the number π as the constants. Using digits of π millions of places after the decimal point would not be considered trustworthy because the algorithm designer might have selected that starting point because it created a secret weakness the designer could later exploit—though even with natural-seeming selections, enough entropy exists in the possible choices that the utility of these numbers has been questioned.

Poly1305 is a universal hash family designed by Daniel J. Bernstein in 2002 for use in cryptography.

In cryptography, Curve25519 is an elliptic curve used in elliptic-curve cryptography (ECC) offering 128 bits of security and designed for use with the Elliptic-curve Diffie–Hellman (ECDH) key agreement scheme. It is one of the fastest curves in ECC, and is not covered by any known patents. The reference implementation is public domain software.

DNSCurve is a proposed secure protocol for the Domain Name System (DNS), designed by Daniel J. Bernstein. It encrypts and authenticates DNS packets between resolvers and authoritative servers.

SHA-3 is the latest member of the Secure Hash Algorithm family of standards, released by NIST on August 5, 2015. Although part of the same series of standards, SHA-3 is internally different from the MD5-like structure of SHA-1 and SHA-2.

An AES instruction set is a set of instructions that are specifically designed to perform AES encryption and decryption operations efficiently. These instructions are typically found in modern processors and can greatly accelerate AES operations compared to software implementations. An AES instruction set includes instructions for key expansion, encryption, and decryption using various key sizes.

The following outline is provided as an overview of and topical guide to cryptography:

There are various implementations of the Advanced Encryption Standard, also known as Rijndael.

Mbed TLS is an implementation of the TLS and SSL protocols and the respective cryptographic algorithms and support code required. It is distributed under the Apache License version 2.0. Stated on the website is that Mbed TLS aims to be "easy to understand, use, integrate and expand".

Post-quantum cryptography (PQC), sometimes referred to as quantum-proof, quantum-safe, or quantum-resistant, is the development of cryptographic algorithms that are currently thought to be secure against a cryptanalytic attack by a quantum computer. Most widely-used public-key algorithms rely on the difficulty of one of three mathematical problems: the integer factorization problem, the discrete logarithm problem or the elliptic-curve discrete logarithm problem. All of these problems could be easily solved on a sufficiently powerful quantum computer running Shor's algorithm or even faster and less demanding alternatives.

wolfSSL is a small, portable, embedded SSL/TLS library targeted for use by embedded systems developers. It is an open source implementation of TLS written in the C programming language. It includes SSL/TLS client libraries and an SSL/TLS server implementation as well as support for multiple APIs, including those defined by SSL and TLS. wolfSSL also includes an OpenSSL compatibility interface with the most commonly used OpenSSL functions.

SipHash is an add–rotate–xor (ARX) based family of pseudorandom functions created by Jean-Philippe Aumasson and Daniel J. Bernstein in 2012, in response to a spate of "hash flooding" denial-of-service attacks (HashDoS) in late 2011.

In public-key cryptography, Edwards-curve Digital Signature Algorithm (EdDSA) is a digital signature scheme using a variant of Schnorr signature based on twisted Edwards curves. It is designed to be faster than existing digital signature schemes without sacrificing security. It was developed by a team including Daniel J. Bernstein, Niels Duif, Tanja Lange, Peter Schwabe, and Bo-Yin Yang. The reference implementation is public-domain software.

The tables below compare cryptography libraries that deal with cryptography algorithms and have application programming interface (API) function calls to each of the supported features.

ChaCha20-Poly1305 is an authenticated encryption with associated data (AEAD) algorithm, that combines the ChaCha20 stream cipher with the Poly1305 message authentication code. It has fast software performance, and without hardware acceleration, is usually faster than AES-GCM.

References

  1. 1 2 Daniel J. Bernstein; Tanja Lange; Peter Schwabe. "The security impact of a new cryptographic library" (PDF). Archived (PDF) from the original on 2017-08-09.
  2. 1 2 "NaCl: Networking and Cryptography library".
  3. "Tanja Lange's Homepage".
  4. "Peter Schwabe's Homepage".
  5. Bernstein, Daniel J. (10 March 2009). Cryptography in NaCl (PDF). Archived (PDF) from the original on 25 March 2017. Retrieved 8 February 2016.
  6. "Hashing: crypto_hash". 2010-08-30. Retrieved 2015-11-14.
  7. "String comparison: crypto_verify". nacl.cr.yp.to. Retrieved 19 January 2024.
  8. "NaCl Internals".
  9. "NaCl PHP Extension". Github. 2019-06-14.
  10. "Tclers Wiki - NaCl for Tcl".
  11. Denis, Frank (18 January 2024). "libsodium: A modern, portable, easy to use crypto library". GitHub .
  12. "SmalltalkHub repository".
  13. "Crypt::NaCl::Sodium".
  14. Python Cryptographic Authority (18 January 2024). "pyca/pynacl". GitHub. PyNaCl is a Python binding to libsodium, which is a fork of the Networking and Cryptography library.
  15. "Bindings for other languages". libsodium.
  16. "Generic hashing". 2017-12-13. Retrieved 2018-05-19.
  17. "AEAD constructions". libsodium.
  18. "Short-input hashing". libsodium.
  19. Daniel J. Bernstein; Bernard van Gastel; Wesley Janssen; Tanja Lange; Peter Schwabe; Sjaak Smetsers (2013). "TweetNaCl".
  20. "TweetNaCl.js".
  21. "TweetNaCl-Java". GitHub .
  22. "SPARKNaCl". GitHub .
  23. "Don't Roll Your Own Crypto (dryoc): pure-Rust, hard to misuse cryptography library". GitHub .
  24. Vaillant, Loup (17 January 2024). "LoupVaillant/Monocypher". GitHub .
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.