Advertisement

TweetNaCl: A Crypto Library in 100 Tweets

  • Daniel J. Bernstein
  • Bernard van Gastel
  • Wesley Janssen
  • Tanja Lange
  • Peter Schwabe
  • Sjaak Smetsers
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8895)

Abstract

This paper introduces TweetNaCl, a compact reimplementation of the NaCl library, including all 25 of the NaCl functions used by applications. TweetNaCl is published on Twitter and fits into just 100 tweets; the tweets are available from anywhere, any time, in an unsuspicious way. Distribution via other social media, or even printed on a sheet of A4 paper, is also easily possible.

TweetNaCl is human-readable C code; it is the smallest readable implementation of a high-security cryptographic library. TweetNaCl is the first cryptographic library that allows correct functionality to be verified by auditors with reasonable effort, making it suitable for inclusion into the trusted code base of a secure computer system. This paper uses two examples of formally verified correctness properties to illustrate the impact of TweetNaCl’s conciseness upon auditability.

TweetNaCl consists of a single C source file, accompanied by a single header file generated by a short Python script (1811 bytes). The library can be trivially integrated into a wide range of software build processes.

Portability and small code size come at a loss in efficiency, but TweetNaCl is sufficiently fast for most applications. TweetNaCl’s cryptographic implementations meet the same security and reliability standards as NaCl: for example, complete protection against cache-timing attacks.

Keywords

Trusted code base Source-code size Auditability Software implementation Timing-attack protection NaCl Twitter 

Supplementary material

References

  1. 1.
    Aumasson, J.-P.: Tweetcipher! (crypto challenge) (2013). http://cybermashup.com/2013/06/12/tweetcipher-crypto-challenge/. Accessed 06 Sept. 2014, 71
  2. 2.
    Bernstein, D.J.: Cryptography in NaCl. http://cr.yp.to/highspeed/naclcrypto-20090310.pdf. Accessed 06 Sept. 2014, 66
  3. 3.
    Bernstein, D.J.: The Poly1305-AES message-authentication code. In: Gilbert, H., Handschuh, H. (eds.) FSE 2005. LNCS, vol. 3557, pp. 32–49. Springer, Heidelberg (2005). http://cr.yp.to/papers.htmlpoly#1305, 72 Google Scholar
  4. 4.
    Bernstein, D.J.: Curve25519: New Diffie-Hellman speed records. In: Yung, M., Dodis, Y., Kiayias, A., Malkin, T. (eds.) PKC 2006. LNCS, vol. 3958, pp. 207–228. Springer, Heidelberg (2006). http://cr.yp.to/papers.htmlcurve#25519, 75 Google Scholar
  5. 5.
    Bernstein, D.J.: The Salsa20 family of stream ciphers. In: Robshaw, M., Billet, O. (eds.) New Stream Cipher Designs. LNCS, vol. 4986, pp. 84–97. Springer, Heidelberg (2008). http://cr.yp.to/papers.htmlsalsafamily, 70 Google Scholar
  6. 6.
    Bernstein, D.J.: Extending the Salsa20 nonce. In: Workshop Record of Symmetric Key Encryption Workshop 2011 (2011). http://cr.yp.to/papers.html#xsalsa, 72
  7. 7.
    Bernstein, D.J., Duif, N., Lange, T., Schwabe, P., Yang, B.-Y.: High-speed high-security signatures. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 124–142. Springer, Heidelberg (2011). See also full version 75, 76, 80 Google Scholar
  8. 8.
    Bernstein, D.J., Duif, N., Lange, T., Schwabe, P., Yang, B.-Y.: High-speed high-security signatures. J. Cryptographic Eng. 2(2), 77–89 (2012). http://cryptojedi.org/papers/#ed25519. See also short version 75, 80
  9. 9.
    Bernstein, D.J., Lange, T.: Explicit-formulas database. http://www.hyperelliptic.org/EFD/ Accessed 06 Sept. 2014, 76
  10. 10.
    Bernstein, D.J., Lange, T., Schwabe, P.: The security impact of a new cryptographic library. In: Hevia, A., Neven, G. (eds.) LatinCrypt 2012. LNCS, vol. 7533, pp. 159–176. Springer, Heidelberg (2012). http://cryptojedi.org/papers/#coolnacl, 65 Google Scholar
  11. 11.
    Bernstein, D.J., Schwabe, P.: NEON crypto. In: Prouff, E., Schaumont, P. (eds.) CHES 2012. LNCS, vol. 7428, pp. 320–339. Springer, Heidelberg (2012). http://cryptojedi.org/papers/#neoncrypto, 65 Google Scholar
  12. 12.
    BitTorrent Live. http://live.bittorrent.com/. Accessed 06 Sept. 2014, 65
  13. 13.
    Denis, F.: Introducing Sodium, a new cryptographic library (2013). http://labs.opendns.com/2013/03/06/announcing-sodium-a-new-cryptographic-library/. Accessed 06 Sept. 2014, 67
  14. 14.
    Dingledine, R.: Tor 0.2.4.17-rc is out. Posting in [tor-talk] (2013). https://lists.torproject.org/pipermail/tor-talk/2013-September/029857.html65
  15. 15.
    Green, M.: The anatomy of a bad idea (2012). http://blog.cryptographyengineering.com/2012/12/the-anatomy-of-bad-idea.html. Accessed 06 Sept. 2014, 65
  16. 16.
    Green, M.: Announcing a contest: identify useful cryptographic algorithms that can be formally described in one Tweet (2013). https://twitter.com/matthew_d_green/status/342755869110464512. Accessed 06 Sept. 2014, 68
  17. 17.
    Hisil, H., Wong, K.K.-H., Carter, G., Dawson, E.: Twisted edwards curves revisited. In: Pieprzyk, J. (ed.) ASIACRYPT 2008. LNCS, vol. 5350, pp. 326–343. Springer, Heidelberg (2008). http://eprint.iacr.org/2008/522/, 76 Google Scholar
  18. 18.
    Hutter, M., Schwabe, P.: NaCl on 8-Bit AVR microcontrollers. In: Youssef, A., Nitaj, A., Hassanien, A.E. (eds.) AFRICACRYPT 2013. LNCS, vol. 7918, pp. 156–172. Springer, Heidelberg (2013). http://cryptojedi.org/papers/#avrnacl, 68 Google Scholar
  19. 19.
    Langley, A.: ctgrind–checking that functions are constant time with Valgrind (2010). https://github.com/agl/ctgrind, 78
  20. 20.
    Montgomery, P.L.: Speeding the Pollard and elliptic curve methods of factorization. Math. Comput. 48(177), 243–264 (1987). http://www.ams.org/journals/mcom/1987-48-177/S0025-5718-1987-0866113-7/S0025--5718-1987-0866113-7.pdf, 76
  21. 21.
    Okeya, K., Sakurai, K.: Efficient elliptic curve cryptosystems from a scalar multiplication algorithm with recovery of the \(y\)-coordinate on a montgomery-form elliptic curve. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, p. 126. Springer, Heidelberg (2001). 76 Google Scholar
  22. 22.
    Introducing DNSCrypt (preview release). http://www.opendns.com/technology/dnscrypt/. Accessed 06 Sept. 2014, 65
  23. 23.
    OpenSSL: OpenSSL: The open source toolkit for SSL/TLS. http://www.openssl.org/. Accessed 06 Sept. 2014, 65
  24. 24.
    Threema: seriously secure mobile messaging. https://threema.ch/en/. Accessed 06 Sept. 2014, 65
  25. 25.
    Tor project: Anonymity online. https://www.torproject.org/. Accessed 06 Sept. 2014, 65
  26. 26.
    U.S. Department OF COMMERCE/National Institute of Standards and Technology. Secure Hash Standard (SHS) (2012). Federal Information Processing Standards Publication 180–4. http://csrc.nist.gov/publications/fips/fips180-4/fips-180-4.pdf, 73, 75
  27. 27.
    Ytteborg, S.S.: The PGPi scanning project. http://www.pgpi.org/pgpi/project/scanning/. Accessed 06 Sept. 2014, 68
  28. 28.
    Zimmermann, P.: PGP Source Code and Internals. MIT Press, Cambridge (1995). 68 Google Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  • Daniel J. Bernstein
    • 1
    • 2
  • Bernard van Gastel
    • 3
  • Wesley Janssen
    • 3
  • Tanja Lange
    • 2
  • Peter Schwabe
    • 3
  • Sjaak Smetsers
    • 3
  1. 1.Department of Computer ScienceUniversity of Illinois at ChicagoChicagoUSA
  2. 2.Department of Mathematics and Computer ScienceTechnische Universiteit EindhovenEindhovenThe Netherlands
  3. 3.Digital Security GroupRadboud University NijmegenNijmegenThe Netherlands

Personalised recommendations