TY - GEN
T1 - TweetNaCl : a crypto library in 100 tweets
AU - Bernstein, D.J.
AU - van Gastel, B.
AU - Janssen, W.
AU - Lange, T.
AU - Schwabe, P.
AU - Smetsers, S.
PY - 2015
Y1 - 2015
N2 - This paper introduces TweetNaCl, a compact reimplementation of the NaCl library, including all 25 of the NaCl functions used by applications. TweetNaCl is published on Twitter and fits into just 100 tweets; the tweets are available from anywhere, any time, in an unsuspicious way. Distribution via other social media, or even printed on a sheet of A4 paper, is also easily possible.
TweetNaCl is human-readable C code; it is the smallest readable implementation of a high-security cryptographic library. TweetNaCl is the first cryptographic library that allows correct functionality to be verified by auditors with reasonable effort, making it suitable for inclusion into the trusted code base of a secure computer system. This paper uses two examples of formally verified correctness properties to illustrate the impact of TweetNaCl’s conciseness upon auditability.
TweetNaCl consists of a single C source file, accompanied by a single header file generated by a short Python script (1811 bytes). The library can be trivially integrated into a wide range of software build processes.
Portability and small code size come at a loss in efficiency, but TweetNaCl is sufficiently fast for most applications. TweetNaCl’s cryptographic implementations meet the same security and reliability standards as NaCl: for example, complete protection against cache-timing attacks.
AB - This paper introduces TweetNaCl, a compact reimplementation of the NaCl library, including all 25 of the NaCl functions used by applications. TweetNaCl is published on Twitter and fits into just 100 tweets; the tweets are available from anywhere, any time, in an unsuspicious way. Distribution via other social media, or even printed on a sheet of A4 paper, is also easily possible.
TweetNaCl is human-readable C code; it is the smallest readable implementation of a high-security cryptographic library. TweetNaCl is the first cryptographic library that allows correct functionality to be verified by auditors with reasonable effort, making it suitable for inclusion into the trusted code base of a secure computer system. This paper uses two examples of formally verified correctness properties to illustrate the impact of TweetNaCl’s conciseness upon auditability.
TweetNaCl consists of a single C source file, accompanied by a single header file generated by a short Python script (1811 bytes). The library can be trivially integrated into a wide range of software build processes.
Portability and small code size come at a loss in efficiency, but TweetNaCl is sufficiently fast for most applications. TweetNaCl’s cryptographic implementations meet the same security and reliability standards as NaCl: for example, complete protection against cache-timing attacks.
U2 - 10.1007/978-3-319-16295-9_4
DO - 10.1007/978-3-319-16295-9_4
M3 - Conference contribution
SN - 978-3-319-16294-2
T3 - Lecture Notes in Computer Science
SP - 64
EP - 83
BT - Progress in Cryptology - LATINCRYPT 2014 (Third International Conference on Cryptology and Information Security in Latin America, Florianópolis, Brazil, September 17-19, 2014. Revised Selected Papers)
A2 - Aranha, D.F.
A2 - Menezes, A.
PB - Springer
CY - Berlin
T2 - conference; 3rd International Conference on Cryptology and Information Security in Latin America; 2014-09-17; 2014-09-19
Y2 - 17 September 2014 through 19 September 2014
ER -