Journal of Cryptographic Engineering

, Volume 3, Issue 2, pp 111–128 | Cite as

Charm: a framework for rapidly prototyping cryptosystems

  • Joseph A. AkinyeleEmail author
  • Christina Garman
  • Ian Miers
  • Matthew W. Pagano
  • Michael Rushanan
  • Matthew Green
  • Aviel D. Rubin
Regular Paper


We describe Charm, an extensible framework for rapidly prototyping cryptographic systems. Charm provides a number of features that explicitly support the development of new protocols, including support for modular composition of cryptographic building blocks, infrastructure for developing interactive protocols, and an extensive library of re-usable code. Our framework also provides a series of specialized tools that enable different cryptosystems to interoperate. We implemented over 40 cryptographic schemes using Charm, including some new ones that, to our knowledge, have never been built in practice. This paper describes our modular architecture, which includes a built-in benchmarking module to compare the performance of Charm primitives to existing C implementations. We show that in many cases our techniques result in an order of magnitude decrease in code size, while inducing an acceptable performance impact. Lastly, the Charm framework is freely available to the research community and to date, we have developed a large, active user base.


Applied cryptography Protocols Software Privacy 


  1. 1.
    The Advanced Crypto Software Collection.
  2. 2.
    Acar, T., Belenkiy, M., Bellare, M., Cash, D.: Cryptographic agility and its relation to circular encryption. In: EUROCRYPT (2010)Google Scholar
  3. 3.
    Acar, T., Fournet, C., Shumow, D.: Design and verication of a crypto-agile distributed key manager (2011)Google Scholar
  4. 4.
    Akinyele, J.A., Green, M., Rubin, A.: Charm-crypto framework.
  5. 5.
    Almeida, J.B., Bangerter, E., Barbosa, M., Krenn, S., Sadeghi, A.-R., Schneider, T.A.: Certifying compiler for zero-knowledge proofs of knowledge based on \(\Sigma \)-protocols. In: Proceedings of the 15th European conference on Research in Computer Security, ESORICS, pp. 151–167. Springer, Berlin (2010)Google Scholar
  6. 6.
    Aranha, D.F., Gouvêa, C.P.L.: RELIC is an efficient library for cryptography.
  7. 7.
    Ateniese, G., de Medeiros, B.: On the key exposure problem in chameleon hashes. In: SCN. LNCS vol. 3352, pp. 165–179. Springer, Berlin (2004)Google Scholar
  8. 8.
    Bangerter, E., Barzan, S., Sadeghi, A., Schneider, T., Tsay, J.: Bringing zero-knowledge proofs of knowledge to practice. In: 17th International Workshop on Security Protocols (2009)Google Scholar
  9. 9.
    Bangerter, E., Camenisch, J., Krenn, S., Sadeghi, A.-R., Schneider, T.: Automatic generation of sound zero-knowledge protocols. Cryptology ePrint Archive, Report 2008/471 (2008).
  10. 10.
    Bellare, M., Rogaway, P.: Optimal asymmetric encryption padding—how to encrypt with rsa. In: EUROCRYPT, pp. 92–111 (1994)Google Scholar
  11. 11.
    Bellare, M., Rogaway, P.: The exact security of digital signatures: how to sign with RSA and Rabin. In: Maurer, U (ed.) EUROCRYPT. LNCS, vol. 1070. Springer, Berlin (1996)Google Scholar
  12. 12.
    Bernstein, D.J., Lange, T., Schwabe, P.: The security impact of a new cryptographic library. In: Hevia, A., Neven, G. (eds.) Progress in cryptology—LATINCRYPT. Lecture Notes in Computer Science. Springer, Berlin (2012, to appear). Document ID: 5f6fc69cc5a319aecba43760c56fab04,
  13. 13.
    Bethencourt, J.: Libpaillier (2006)Google Scholar
  14. 14.
    Bethencourt, J., Sahai, A., Waters, B.: Ciphertext-policy attribute-based encryption. In: Proceedings of the 2007 IEEE Symposium on Security and Privacy, pp. 321–334. IEEE Computer Society, New York (2007)Google Scholar
  15. 15.
    Bethencourt, J., Song, D., Waters, B.: Analysis-resistant malware. In: NDSS (2008)Google Scholar
  16. 16.
    Blakley, G., Chaum, D., ElGamal, T.: A Public Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms, vol. 196, pp. 10–18. Springer, Berlin (1985)Google Scholar
  17. 17.
    Boneh, D., Boyen, X.: Efficient selective-ID secure identity-based encryption without random oracles. In: EUROCRYPT. LNCS, vol. 3027, pp. 223–238 (2004)Google Scholar
  18. 18.
    Boneh, D., Boyen, X., Shacham, H.: Short group signatures. In: CRYPTO. LNCS, vol. 3152, pp. 45–55 (2004)Google Scholar
  19. 19.
    Boneh, D., Franklin, M.K.: Identity-based encryption from the Weil Pairing. In: CRYPTO. LNCS, vol. 2139, pp. 213–229 (2001)Google Scholar
  20. 20.
    Boneh, D., Katz, J.: Improved efficiency for cca-secure cryptosystems built using identity based encryption. In: CT-RSA. LNCS, vol. 3376. Springer, Berlin (2005)Google Scholar
  21. 21.
    Boneh, D., Lynn, B., Shacham, H.: Short signatures from the Weil Pairing. In: ASIACRYPT. LNCS, vol. 2248, pp. 514–532 (2001)Google Scholar
  22. 22.
    Boyen, X.: Mesh signatures: how to leak a secret with unwitting and unwilling participants. In: EUROCRYPT. LNCS, vol. 4515, pp. 210–227. Springer, Berlin (2007)Google Scholar
  23. 23.
    Brassard, G., Schnorr, C.: Efficient Identification and Signatures for Smart Cards, vol. 435, pp. 239–252. Springer, Berlin (1990)Google Scholar
  24. 24.
    Brickell, E., Camenisch, J., Chen, L.: Direct anonymous attestation. In: Proceedings of the 11th ACM Conference on Computer and Communications Security, CCS, pp. 132–145. ACM, New York (2004)Google Scholar
  25. 25.
    Camenisch, J., Groth, J.: Group signatures: better efficiency and new theoretical aspects. In: Blundo, C., Cimato, S. (eds.) Security in Communication Networks. Lecture Notes in Computer Science, vol. 3352, pp. 120–133. Springer, Berlin (2005)Google Scholar
  26. 26.
    Camenisch, J., Hohenberger, S., Stergaard Pedersen, M.: Batch verification of short signatures. In: EUROCRYPT. LNCS, vol. 4515. Springer, Berlin, pp. 246–263 (2007)Google Scholar
  27. 27.
    Camenisch, J., Kohlweiss, M., Rial, A., Sheedy, C.: Blind and anonymous identity-based encryption and authorised private searches on public key encrypted data. In: PKC, Irvine, pp. 196–214. Springer, Berlin (2009)Google Scholar
  28. 28.
    Camenisch, J., Lysyanskaya, A.: An efficient system for non-transferable anonymous credentials with optional anonymity revocation. In: EUROCRYPT. LNCS, vol. 2045, pp. 93–118. Springer, Berlin (2001)Google Scholar
  29. 29.
    Camenisch, J., Lysyanskaya, A.: A signature scheme with efficient protocols. In: Proceedings of the 3rd International Conference on Security in Communication Networks, SCN, pp. 268–289. Springer, Berlin (2003)Google Scholar
  30. 30.
    Camenisch, J., Lysyanskaya, A.: Signature Schemes and Anonymous Credentials from Bilinear Maps, pp. 56–72. Springer, Berlin (2004)Google Scholar
  31. 31.
    Camenisch, J., Neven, G., Shelat, A.: Simulatable adaptive oblivious transfer. In: EUROCRYPT. LNCS, vol. 4515, pp. 573–590 (2007)Google Scholar
  32. 32.
    Camenisch, J., Stadler, M.: Efficient group signature schemes for large groups. In: CRYPTO. LNCS, vol. 1296, pp. 410–424 (1997)Google Scholar
  33. 33.
    Camenisch, J., Van Herreweghen, E.: Design and implementation of the idemix anonymous credential system. In: Proceedings of the 9th ACM Conference on Computer and Communications Security, CCS, pp. 21–30. ACM, New York (2002)Google Scholar
  34. 34.
    Canetti, R., Halevi, S., Katz, J.: Chosen-ciphertext security from identity based encryption. In: EUROCRYPT. LNCS, vol. 3027, pp. 207–222 (2004)Google Scholar
  35. 35.
    Cha, J.C., Cheon, J.H.: An identity-based signature from gap Diffie-Hellman groups. In: PKC. LNCS, vol. 2139, pp. 18–30. Springer, Berlin (2003)Google Scholar
  36. 36.
    Chow, S.S.M., Yiu, S.M., Hui, L.C.K.: Efficient identity based ring signature. In: Applied Crypto and Network Security—ACNS. LNCS, vol. 3531, pp. 499–512. Springer, Berlin (2005)Google Scholar
  37. 37.
    Condra, G.: pypbc.
  38. 38.
    Cramer, R., Shoup, V.: A practical public key cryptosystem provably secure against adaptive chosen ciphertext attack. In: CRYPTO, pp. 13–25. Springer, London (1998)Google Scholar
  39. 39.
    Denis, T.S.: LibTomCrypt Project.
  40. 40.
    Dolev, D., Dwork, C., Naor, M.: Non-malleable cryptography. SIAM J. Comput. 542–552 (2000)Google Scholar
  41. 41.
    Dufour, M.: Shedskin (2009).
  42. 42.
    El Gamal, T.: A public key cryptosystem and a signature scheme based on discrete logarithms. In: Proceedings of Crypto, pp. 10–18 (1984)Google Scholar
  43. 43.
    Fiat, A., Shamir, A.: How to prove yourself: Practical solutions to identification and signature problems. In: CRYPTO. LNCS, vol. 263, pp. 186–194 (1986)Google Scholar
  44. 44.
    Freeman, D.: Converting pairing-based cryptosystems from composite-order groups to prime-order groups. In: EUROCRYPT, 29th Annual International Conference on the Theory and Applications of Cryptographic Techniques, pp. 44–61 (2010)Google Scholar
  45. 45.
    Gentry, C.: Fully homomorphic encryption using ideal lattices. In: Proceedings of the 41st Annual ACM Symposium on Theory of Computing, STOC, pp. 169–178. ACM, New York (2009)Google Scholar
  46. 46.
    GNU. The GNU Multiple Precision Arithmetic Library.
  47. 47.
    Goldreich, O., Micali, S., Wigderson, A.: Proofs that yield nothing but their validity or all languages in np have zero-knowledge proof systems. J. ACM 38(3), 690–728 (1991)MathSciNetCrossRefGoogle Scholar
  48. 48.
    Groth, J., Sahai, A.: Efficient non-interactive proof systems for bilinear groups. In: EUROCRYPT. LNCS, vol. 4965, pp. 415–432. Springer, Berlin (2008)Google Scholar
  49. 49.
    Henecka, W., Kögl, S., Sadeghi, A.-R., Schneider, T., Wehrenberg, I.: Tasty: tool for automating secure two-party computations. In: Proceedings of the 17th ACM Conference on Computer and Communications Security, CCS, pp. 451–462. ACM, New York (2010)Google Scholar
  50. 50.
    Hess, F.: Efficient identity based signature schemes based on pairings. In: SAC, LNCS 2595, pp. 310–324. Springer, Berlin (2002)Google Scholar
  51. 51.
    Hohenberger, S., Waters, B.: Realizing hash-and-sign signatures under standard assumptions. In: Advances in Cryptology—EUROCRYPT (2009)Google Scholar
  52. 52.
    Hohenberger, S., Waters, B.: Constructing verifiable random functions with large input spaces. In: EUROCRYPT, 29th Annual International Conference on the Theory and Applications of Cryptographic, Techniques, pp. 656–672 (2010)Google Scholar
  53. 53.
    Iovino, V., Persiano, G.: Hidden-vector encryption with groups of prime order. In: Proceedings of the 2nd International Conference on Pairing-Based Cryptography, Pairing ’08, pp. 75–88. Springer, Berlin (2008)Google Scholar
  54. 54.
    Lacy, J.B.: CryptoLib: Cryptography in software. USENIX Security Conference IV, pp. 1–18 (1993)Google Scholar
  55. 55.
    Laurie, B., Clifford, B.: The Stupid programming language. Source code available at
  56. 56.
    Lewis, J.R., Martin, B.: CRYPTOL: High Assurance, Retargetable Crypto Development and Validation (2003).
  57. 57.
    Lewko, A., Sahai, A., Waters, B.: Revocation systems with very small private keys. In: Proceedings of the IEEE Symposium on Security and Privacy, SP, pp. 273–285. IEEE Computer Society, Washington, DC (2010)Google Scholar
  58. 58.
    Lewko, A., Waters, B.: Decentralizing attribute-based encryption. In: Patterson, K.G. (ed.) EUROCRYPT. LNCS, vol. 6632, pp. 568–588. Springer, Berlin.
  59. 59.
    Lewko, A.B.: Tools for simulating features of composite order bilinear groups in the prime order setting. IACR Cryptol. ePrint Archive 2011, 490 (2011)Google Scholar
  60. 60.
    Litzenberger, D.C.: PyCrypto—The Python Cryptography Toolkit.
  61. 61.
    Lynn, B.: The Stanford Pairing Based Crypto Library.
  62. 62.
    Malkhi, D., Nisan, N., Pinkas, B., Sella, Y.: Fairplay—a secure two-party computation system. In: Proceedings of the 13th USENIX Security Symposium, pp. 287–302. USENIX Association, Berkeley (2004)Google Scholar
  63. 63.
    Meiklejohn, S., Erway, C.C., Küpçü, A., Hinkle, T., Lysyanskaya, A.: ZKPDL: a language-based system for efficient zero-knowledge proofs and electronic cash. In: Proceedings of the 19th USENIX Conference on Security, USENIX Security, pp. 13–13. USENIX Association, Berkeley (2010)Google Scholar
  64. 64.
    Meiklejohn, S., Mowery, K., Checkoway, S., Shacham, H.: The phantom tollbooth: privacy-preserving electronic toll collection in the presence of driver collusion. In: Proceedings of the 20th USENIX conference on Security, SEC, pp. 32–32. USENIX Association, Berkeley (2011)Google Scholar
  65. 65.
    NIST.: Digital Signature Standard (DSS). Federal Information Processing Standards Publication 186 (1994)Google Scholar
  66. 66.
    Pedersen, T.P.: Non-interactive and information-theoretic secure verifiable secret sharing. In: CRYPTO. LNCS, vol. 576, pp. 129–140 (1992)Google Scholar
  67. 67.
    Regev, O.: Lattice-based cryptography. In: Dwork, C. (ed.) Advances in Cryptology—CRYPTO 2006. Lecture Notes in Computer Science, vol. 4117, pp. 131–141 Springer Berlin Heidelberg (2006).Google Scholar
  68. 68.
    Rouselakis, Y., Waters, B.: New constructions and proof methods for large universe attribute-based encryption. Cryptology ePrint Archive Report 2012/583 (2012)
  69. 69.
    Sahai, A., Waters, B.: Fuzzy identity-based encryption. In: EUROCRYPT, pp. 457–473 (2005)Google Scholar
  70. 70.
    Scott, M.: MIRACL library. Indigo Software.
  71. 71.
    Stein, W., et al.: Sage Mathematics Software (Version 5.0.1). The Sage Development Team.
  72. 72.
    Stern, J., Paillier, P.: Public-Key Cryptosystems Based on Composite Degree Residuosity Classes, vol. 1592, pp. 223–238. Springer, Berlin (1999) Google Scholar
  73. 73.
    The OpenSSL Project. OpenSSL: The open source toolkit for SSL/TLS (2010).
  74. 74.
    Wang, X., Yin, Y.L., Yu, H.: Finding collisions in the full sha-1. In: Proceedings of Crypto, pp. 17–36. Springer, Berlin (2005)Google Scholar
  75. 75.
    Wang, X., Yu, H.: How to break md5 and other hash functions. In: EUROCRYPT. Springer, Berlin (2005)Google Scholar
  76. 76.
    Waters, B.: Efficient identity-based encryption without random oracles. In: EUROCRYPT. LNCS, vol. 3494, pp. 114–127 (2005)Google Scholar
  77. 77.
    Waters, B.: Ciphertext-policy attribute-based encryption: an expressive, efficient, and provably secure realization. Cryptology ePrint Archive Report 2008/290 (2008).
  78. 78.
    Waters, B.: Functional encryption for regular languages. In: Safavi-Naini, R., Canetti, R. (eds.) Advances in Cryptology CRYPTO 2012. Lecture Notes in Computer Science, vol. 7417, pp. 218–235. Springer, Berlin (2012)Google Scholar
  79. 79.
    Wustrow, E., Wolchok, S., Goldberg, I., Halderman, J.A.: Telex: Anticensorship in the network infrastructure. In: Proceedings of the 20th USENIX Security Symposium (2011)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Joseph A. Akinyele
    • 1
    Email author
  • Christina Garman
    • 1
  • Ian Miers
    • 1
  • Matthew W. Pagano
    • 1
  • Michael Rushanan
    • 1
  • Matthew Green
    • 1
  • Aviel D. Rubin
    • 1
  1. 1.Department of Computer ScienceJohns Hopkins UniversityBaltimoreUSA

Personalised recommendations