TweetNaCl: a crypto library in 100 tweets. (English) Zbl 1378.94025
Aranha, F. (ed.) et al., Progress in cryptology – LATINCRYPT 2014. Third international conference on cryptology and information security in Latin America, Florianópolis, Brazil, September 17–19, 2014. Revised selected papers. Cham: Springer (ISBN 978-3-319-16294-2/pbk; 978-3-319-16295-9/ebook). Lecture Notes in Computer Science 8895, 64-83 (2015).
Summary: This paper introduces TweetNaCl, a compact reimplementation of the NaCl library, including all 25 of the NaCl functions used by applications. TweetNaCl is published on Twitter and fits into just 100 tweets; the tweets are available from anywhere, any time, in an unsuspicious way. Distribution via other social media, or even printed on a sheet of A4 paper, is also easily possible.{
}TweetNaCl is human-readable C code; it is the smallest readable implementation of a high-security cryptographic library. TweetNaCl is the first cryptographic library that allows correct functionality to be verified by auditors with reasonable effort, making it suitable for inclusion into the trusted code base of a secure computer system. This paper uses two examples of formally verified correctness properties to illustrate the impact of TweetNaCl’s conciseness upon auditability.{
}TweetNaCl consists of a single C source file, accompanied by a single header file generated by a short Python script (1811 bytes).
The library can be trivially integrated into a wide range of software build processes.{
}Portability and small code size come at a loss in efficiency, but TweetNaCl is sufficiently fast for most applications. TweetNaCl’s cryptographic implementations meet the same security and reliability standards as NaCl: for example, complete protection against cache-timing attacks.
For the entire collection see [Zbl 1319.94001].
For the entire collection see [Zbl 1319.94001].
MSC:
| 94A60 | Cryptography |
Keywords:
trusted code base; source-code size; auditability; software implementation; timing-attack protection; NaCl; TwitterReferences:
| [1] | Aumasson, J.-P.: Tweetcipher! (crypto challenge) (2013). http://cybermashup.com/2013/06/12/tweetcipher-crypto-challenge/. Accessed 06 Sept. 2014, 71 |
| [2] | Bernstein, D.J.: Cryptography in NaCl. http://cr.yp.to/highspeed/naclcrypto-20090310.pdf. Accessed 06 Sept. 2014, 66 |
| [3] | Bernstein, DJ; Gilbert, H.; Handschuh, H., The Poly1305-AES message-authentication code, Fast Software Encryption, 32-49 (2005), Heidelberg: Springer, Heidelberg · Zbl 1140.68382 |
| [4] | Bernstein, DJ; Yung, M.; Dodis, Y.; Kiayias, A.; Malkin, T., Curve25519: New Diffie-Hellman speed records, Public Key Cryptography - PKC 2006, 207-228 (2006), Heidelberg: Springer, Heidelberg · Zbl 1151.94480 |
| [5] | Bernstein, DJ; Robshaw, M.; Billet, O., The Salsa20 family of stream ciphers, New Stream Cipher Designs, 84-97 (2008), Heidelberg: Springer, Heidelberg |
| [6] | Bernstein, D.J.: Extending the Salsa20 nonce. In: Workshop Record of Symmetric Key Encryption Workshop 2011 (2011). http://cr.yp.to/papers.html#xsalsa, 72 |
| [7] | Bernstein, DJ; Duif, N.; Lange, T.; Schwabe, P.; Yang, B-Y; Preneel, B.; Takagi, T., High-speed high-security signatures, Cryptographic Hardware and Embedded Systems - CHES 2011, 124-142 (2011), Heidelberg: Springer, Heidelberg · Zbl 1321.94039 |
| [8] | Bernstein, D.J., Duif, N., Lange, T., Schwabe, P., Yang, B.-Y.: High-speed high-security signatures. J. Cryptographic Eng. 2(2), 77-89 (2012). http://cryptojedi.org/papers/#ed25519. See also short version 75, 80 · Zbl 1321.94039 |
| [9] | Bernstein, D.J., Lange, T.: Explicit-formulas database. http://www.hyperelliptic.org/EFD/ Accessed 06 Sept. 2014, 76 |
| [10] | Bernstein, DJ; Lange, T.; Schwabe, P.; Hevia, A.; Neven, G., The security impact of a new cryptographic library, Progress in Cryptology - LATINCRYPT 2012, 159-176 (2012), Heidelberg: Springer, Heidelberg · Zbl 1303.94067 |
| [11] | Bernstein, DJ; Schwabe, P.; Prouff, E.; Schaumont, P., NEON crypto, Cryptographic Hardware and Embedded Systems - CHES 2012, 320-339 (2012), Heidelberg: Springer, Heidelberg |
| [12] | BitTorrent Live. http://live.bittorrent.com/. Accessed 06 Sept. 2014, 65 |
| [13] | Denis, F.: Introducing Sodium, a new cryptographic library (2013). http://labs.opendns.com/2013/03/06/announcing-sodium-a-new-cryptographic-library/. Accessed 06 Sept. 2014, 67 |
| [14] | Dingledine, R.: Tor 0.2.4.17-rc is out. Posting in [tor-talk] (2013). https://lists.torproject.org/pipermail/tor-talk/2013-September/029857.html, 65 |
| [15] | Green, M.: The anatomy of a bad idea (2012). http://blog.cryptographyengineering.com/2012/12/the-anatomy-of-bad-idea.html. Accessed 06 Sept. 2014, 65 |
| [16] | Green, M.: Announcing a contest: identify useful cryptographic algorithms that can be formally described in one Tweet (2013). https://twitter.com/matthew_d_green/status/342755869110464512. Accessed 06 Sept. 2014, 68 |
| [17] | Hisil, H.; Wong, KK-H; Carter, G.; Dawson, E.; Pieprzyk, J., Twisted edwards curves revisited, Advances in Cryptology - ASIACRYPT 2008, 326-343 (2008), Heidelberg: Springer, Heidelberg · Zbl 1206.94074 |
| [18] | Hutter, M.; Schwabe, P.; Youssef, A.; Nitaj, A.; Hassanien, AE, NaCl on 8-Bit AVR microcontrollers, Progress in Cryptology - AFRICACRYPT 2013, 156-172 (2013), Heidelberg: Springer, Heidelberg · Zbl 1312.94059 |
| [19] | Langley, A.: ctgrind-checking that functions are constant time with Valgrind (2010). https://github.com/agl/ctgrind, 78 |
| [20] | Montgomery, P.L.: Speeding the Pollard and elliptic curve methods of factorization. Math. Comput. 48(177), 243-264 (1987). http://www.ams.org/journals/mcom/1987-48-177/S0025-5718-1987-0866113-7/S0025-5718-1987-0866113-7.pdf, 76 · Zbl 0608.10005 |
| [21] | Okeya, K.; Sakurai, K.; Koç, ÇK; Naccache, D.; Paar, C., Efficient elliptic curve cryptosystems from a scalar multiplication algorithm with recovery of the \(y\)-coordinate on a montgomery-form elliptic curve, Cryptographic Hardware and Embedded Systems - CHES 2001, 126 (2001), Heidelberg: Springer, Heidelberg · Zbl 1012.94551 |
| [22] | Introducing DNSCrypt (preview release). http://www.opendns.com/technology/dnscrypt/. Accessed 06 Sept. 2014, 65 |
| [23] | OpenSSL: OpenSSL: The open source toolkit for SSL/TLS. http://www.openssl.org/. Accessed 06 Sept. 2014, 65 |
| [24] | Threema: seriously secure mobile messaging. https://threema.ch/en/. Accessed 06 Sept. 2014, 65 |
| [25] | Tor project: Anonymity online. https://www.torproject.org/. Accessed 06 Sept. 2014, 65 |
| [26] | U.S. Department OF COMMERCE/National Institute of Standards and Technology. Secure Hash Standard (SHS) (2012). Federal Information Processing Standards Publication 180-4. http://csrc.nist.gov/publications/fips/fips180-4/fips-180-4.pdf, 73, 75 |
| [27] | Ytteborg, S.S.: The PGPi scanning project. http://www.pgpi.org/pgpi/project/scanning/. Accessed 06 Sept. 2014, 68 |
| [28] | Zimmermann, P., PGP Source Code and Internals (1995), Cambridge: MIT Press, Cambridge |
This reference list is based on information provided by the publisher or from digital mathematics libraries. Its items are heuristically matched to zbMATH identifiers and may contain data conversion errors. In some cases that data have been complemented/enhanced by data from zbMATH Open. This attempts to reflect the references listed in the original paper as accurately as possible without claiming completeness or a perfect matching.
