Software:NaCl
Original author(s) | Daniel J. Bernstein, Tanja Lange, Peter Schwabe |
---|---|
Initial release | 2008 |
Stable release | 20110221
/ February 21, 2011 |
Operating system | UNIX-like |
License | public domain[1] |
Website | nacl |
NaCl (pronounced "salt") is an abbreviation for Networking and Cryptography Library, a public domain, high-speed software library for cryptography.[2]
NaCl was created by the mathematician and programmer Daniel J. Bernstein, who is best known for the creation of qmail and Curve25519. The core team also includes Tanja Lange and Peter Schwabe.[3][4] The main goal while creating NaCl, according to the teams 2011 paper, was to "avoid various types of cryptographic disasters suffered by previous cryptographic libraries". The teams does so by safer designs that avoids issues such as side-channel leakage and loss of randomness, by being performant enough that safety features do not get disabled by the user, and by picking better cryptographic primitives. The high-level "box" API is designed to encourage the use of authenticated encryption.[1]
Functions
Public-key cryptography
crypto_box
, public-key authenticated encryption. Key agreement happens via X25519; encryption is done by Salsa20-Poly1305.[5]crypto_scalarmult
, scalar multiplication on X25519. This function can be used for elliptic-curve Diffie–Hellman.crypto_sign
, signatures using Ed25519 and SHA-512.
Secret-key cryptography
crypto_secretbox
, private-key authenticated encryption using Salsa20-Poly1305.crypto_stream
, encryption using Salsa20, XSalsa20, or AES.crypto_auth
, authentication using HMAC-SHA-512-256.crypto_onetimeauth
, single-message authentication using Poly1305.
Low-level functions
crypto_hash
, hashing using SHA-512 or SHA-256[6]crypto_verify
, string comparison in constant time.[7]
Implementations
The reference implementation is written in C, often with several inline assembler. C++ is handled as a wrapper. A Python wrapper was planned,[8] but is not part of the latest (20110221) release. The home page, last updated 2016, mentions prototype wrappers.[2]
Reference NaCl has a variety of programming language bindings such as PHP[9] and Tcl.[10][third-party source needed]
Libsodium
Libsodium is a API-compatible fork of reference NaCl created in 2013. It is "installable and packageable", or in other words can be compiled into a dynamic library and installed as a software package thanks to the addition of build files (NaCl had none). It is also "portable and cross-compilable".[11]
As libsodium can be dynamically linked, it serves as the basis for a number of bindings in languages such as Pharo,[12] Perl 5,[13] and Python.[14][15]
libsodium also extends the NaCl API with new algorithms (e.g. BLAKE2,[16] ChaCha20-Poly1305, AEGIS)[17] and new classes of functions (e.g. secure memory, random number generation, short-input hashing,[18] password hashing and key derivation).
TweetNaCl
In 2013, the NaCl team and three others released TweetNaCl, a condensed implementation of NaCl's 25 functions that fits in the size of 100 tweets (140 symbols each).[19]
TweetNaCl has been used as the basis of ports including TweetNaCl.js[20] and TweetNaCl-Java.[21] It has also been rewritten in the SPARK Ada subset as SPARKNaCl, which the authors describe as "(unlike TweetNaCl) readable owing to the large number of explanatory comments and contracts in the code."[22]
Other implementations
- dryoc — a pure-Rust cryptograph library implementing the libsodium/NaCl API with support for protected memory.[23]
- Monocypher — a rewrite of NaCl in C. Aims to have the speed of reference NaCl and the size of TweetNaCl.[24]
See also
- The use of the term salt in cryptography
- Comparison of cryptography libraries
- List of free and open-source software packages
References
- ↑ 1.0 1.1 Daniel J. Bernstein; Tanja Lange. "The security impact of a new cryptographic library". https://cr.yp.to/highspeed/coolnacl-20120725.pdf.
- ↑ 2.0 2.1 "NaCl: Networking and Cryptography library". https://nacl.cr.yp.to/.
- ↑ "Tanja Lange's Homepage". https://www.hyperelliptic.org/tanja/.
- ↑ "Peter Schwabe's Homepage". https://cryptojedi.org/.
- ↑ Bernstein, Daniel J. (10 March 2009). Cryptography in NaCl. https://cr.yp.to/highspeed/naclcrypto-20090310.pdf. Retrieved 8 February 2016.
- ↑ "Hashing: crypto_hash". 2010-08-30. https://nacl.cr.yp.to/hash.html.
- ↑ "String comparison: crypto_verify". https://nacl.cr.yp.to/verify.html.
- ↑ "NaCl Internals". https://nacl.cr.yp.to/internals.html.
- ↑ "NaCl PHP Extension". Github. 2019-06-14. https://github.com/Gasol/pecl-nacl.
- ↑ "Tclers Wiki - NaCl for Tcl". http://wiki.tcl.tk/47681.
- ↑ Denis, Frank (18 January 2024). "libsodium: A modern, portable, easy to use crypto library.". https://github.com/jedisct1/libsodium.
- ↑ "SmalltalkHub repository". http://smalltalkhub.com/tonyg/Crypto-Nacl/.
- ↑ "Crypt::NaCl::Sodium". https://metacpan.org/pod/Crypt::NaCl::Sodium.
- ↑ ((Python Cryptographic Authority)) (18 January 2024). "pyca/pynacl". https://github.com/pyca/pynacl. "PyNaCl is a Python binding to libsodium, which is a fork of the Networking and Cryptography library."
- ↑ "Bindings for other languages". https://doc.libsodium.org/bindings_for_other_languages.
- ↑ "Generic hashing". 2017-12-13. https://download.libsodium.org/doc/hashing/generic_hashing.html#algorithm-details.
- ↑ "AEAD constructions". https://doc.libsodium.org/secret-key_cryptography/aead.
- ↑ "Short-input hashing". https://doc.libsodium.org/hashing/short-input_hashing.
- ↑ "TweetNaCl". 2013. https://tweetnacl.cr.yp.to/.
- ↑ "TweetNaCl.js". https://tweetnacl.js.org/.
- ↑ "TweetNaCl-Java". https://github.com/InstantWebP2P/tweetnacl-java/.
- ↑ "SPARKNaCl". https://www.github.com/rod-chapman/SPARKNaCl/.
- ↑ "Don't Roll Your Own Crypto (dryoc): pure-Rust, hard to misuse cryptography library". https://github.com/brndnmtthws/dryoc.
- ↑ Vaillant, Loup (17 January 2024). "LoupVaillant/Monocypher". https://github.com/LoupVaillant/Monocypher.
External links