TweetNaCl: A Crypto Library in 100 Tweets
This paper introduces TweetNaCl, a compact reimplementation of the NaCl library, including all 25 of the NaCl functions used by applications. TweetNaCl is published on Twitter and fits into just 100 tweets; the tweets are available from anywhere, any time, in an unsuspicious way. Distribution via other social media, or even printed on a sheet of A4 paper, is also easily possible.
TweetNaCl is human-readable C code; it is the smallest readable implementation of a high-security cryptographic library. TweetNaCl is the first cryptographic library that allows correct functionality to be verified by auditors with reasonable effort, making it suitable for inclusion into the trusted code base of a secure computer system. This paper uses two examples of formally verified correctness properties to illustrate the impact of TweetNaCl’s conciseness upon auditability.
TweetNaCl consists of a single C source file, accompanied by a single header file generated by a short Python script (1811 bytes). The library can be trivially integrated into a wide range of software build processes.
Portability and small code size come at a loss in efficiency, but TweetNaCl is sufficiently fast for most applications. TweetNaCl’s cryptographic implementations meet the same security and reliability standards as NaCl: for example, complete protection against cache-timing attacks.
KeywordsTrusted code base Source-code size Auditability Software implementation Timing-attack protection NaCl Twitter
- 1.Aumasson, J.-P.: Tweetcipher! (crypto challenge) (2013). http://cybermashup.com/2013/06/12/tweetcipher-crypto-challenge/. Accessed 06 Sept. 2014, 71
- 2.Bernstein, D.J.: Cryptography in NaCl. http://cr.yp.to/highspeed/naclcrypto-20090310.pdf. Accessed 06 Sept. 2014, 66
- 6.Bernstein, D.J.: Extending the Salsa20 nonce. In: Workshop Record of Symmetric Key Encryption Workshop 2011 (2011). http://cr.yp.to/papers.html#xsalsa, 72
- 7.Bernstein, D.J., Duif, N., Lange, T., Schwabe, P., Yang, B.-Y.: High-speed high-security signatures. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 124–142. Springer, Heidelberg (2011). See also full version 75, 76, 80 Google Scholar
- 8.Bernstein, D.J., Duif, N., Lange, T., Schwabe, P., Yang, B.-Y.: High-speed high-security signatures. J. Cryptographic Eng. 2(2), 77–89 (2012). http://cryptojedi.org/papers/#ed25519. See also short version 75, 80
- 9.Bernstein, D.J., Lange, T.: Explicit-formulas database. http://www.hyperelliptic.org/EFD/ Accessed 06 Sept. 2014, 76
- 12.BitTorrent Live. http://live.bittorrent.com/. Accessed 06 Sept. 2014, 65
- 13.Denis, F.: Introducing Sodium, a new cryptographic library (2013). http://labs.opendns.com/2013/03/06/announcing-sodium-a-new-cryptographic-library/. Accessed 06 Sept. 2014, 67
- 14.Dingledine, R.: Tor 0.2.4.17-rc is out. Posting in [tor-talk] (2013). https://lists.torproject.org/pipermail/tor-talk/2013-September/029857.html, 65
- 15.Green, M.: The anatomy of a bad idea (2012). http://blog.cryptographyengineering.com/2012/12/the-anatomy-of-bad-idea.html. Accessed 06 Sept. 2014, 65
- 16.Green, M.: Announcing a contest: identify useful cryptographic algorithms that can be formally described in one Tweet (2013). https://twitter.com/matthew_d_green/status/342755869110464512. Accessed 06 Sept. 2014, 68
- 19.Langley, A.: ctgrind–checking that functions are constant time with Valgrind (2010). https://github.com/agl/ctgrind, 78
- 20.Montgomery, P.L.: Speeding the Pollard and elliptic curve methods of factorization. Math. Comput. 48(177), 243–264 (1987). http://www.ams.org/journals/mcom/1987-48-177/S0025-5718-1987-0866113-7/S0025--5718-1987-0866113-7.pdf, 76
- 21.Okeya, K., Sakurai, K.: Efficient elliptic curve cryptosystems from a scalar multiplication algorithm with recovery of the \(y\)-coordinate on a montgomery-form elliptic curve. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, p. 126. Springer, Heidelberg (2001). 76 Google Scholar
- 22.Introducing DNSCrypt (preview release). http://www.opendns.com/technology/dnscrypt/. Accessed 06 Sept. 2014, 65
- 23.OpenSSL: OpenSSL: The open source toolkit for SSL/TLS. http://www.openssl.org/. Accessed 06 Sept. 2014, 65
- 24.Threema: seriously secure mobile messaging. https://threema.ch/en/. Accessed 06 Sept. 2014, 65
- 25.Tor project: Anonymity online. https://www.torproject.org/. Accessed 06 Sept. 2014, 65
- 26.U.S. Department OF COMMERCE/National Institute of Standards and Technology. Secure Hash Standard (SHS) (2012). Federal Information Processing Standards Publication 180–4. http://csrc.nist.gov/publications/fips/fips180-4/fips-180-4.pdf, 73, 75
- 27.Ytteborg, S.S.: The PGPi scanning project. http://www.pgpi.org/pgpi/project/scanning/. Accessed 06 Sept. 2014, 68
- 28.Zimmermann, P.: PGP Source Code and Internals. MIT Press, Cambridge (1995). 68 Google Scholar