TweetNaCl: A Crypto Library in 100 Tweets
详细信息    查看全文
  • 关键词:Trusted code base ; Source ; code size ; Auditability ; Software implementation ; Timing ; attack protection ; NaCl ; Twitter
  • 刊名:Lecture Notes in Computer Science
  • 出版年:2015
  • 出版时间:2015
  • 年:2015
  • 卷:8895
  • 期:1
  • 页码:64-83
  • 全文大小:3,912 KB
  • 参考文献:1. Aumasson, J.-P.: Tweetcipher! (crypto challenge) (2013). http://cybermashup.com/2013/06/12/tweetcipher-crypto-challenge/. Accessed 06 Sept. 2014, 71
    2. Bernstein, D.J.: Cryptography in NaCl. http://cr.yp.to/highspeed/naclcrypto-20090310.pdf. Accessed 06 Sept. 2014, 66
    3. Bernstein, DJ The Poly1305-AES message-authentication code. In: Gilbert, H, Handschuh, H eds. (2005) Fast Software Encryption. Springer, Heidelberg, pp. 32-49
    4. Bernstein, DJ Curve25519: New Diffie-Hellman speed records. In: Yung, M, Dodis, Y, Kiayias, A, Malkin, T eds. (2006) Public Key Cryptography - PKC 2006. Springer, Heidelberg, pp. 207-228
    5. Bernstein, DJ The Salsa20 family of stream ciphers. In: Robshaw, M, Billet, O eds. (2008) New Stream Cipher Designs. Springer, Heidelberg, pp. 84-97
    6. Bernstein, D.J.: Extending the Salsa20 nonce. In: Workshop Record of Symmetric Key Encryption Workshop 2011 (2011). http://cr.yp.to/papers.html#xsalsa, 72
    7. Bernstein, DJ, Duif, N, Lange, T, Schwabe, P, Yang, B-Y High-speed high-security signatures. In: Preneel, B, Takagi, T eds. (2011) Cryptographic Hardware and Embedded Systems -CHES 2011. Springer, Heidelberg, pp. 124-142
    8. Bernstein, D.J., Duif, N., Lange, T., Schwabe, P., Yang, B.-Y.: High-speed high-security signatures. J. Cryptographic Eng. 2(2), 77-9 (2012). http://cryptojedi.org/papers/#ed25519. See also short version 75 , 80
    9. Bernstein, D.J., Lange, T.: Explicit-formulas database. http://www.hyperelliptic.org/EFD/ Accessed 06 Sept. 2014, 76
    10. Bernstein, DJ, Lange, T, Schwabe, P The security impact of a new cryptographic library. In: Hevia, A, Neven, G eds. (2012) Progress in Cryptology -LATINCRYPT 2012. Springer, Heidelberg, pp. 159-176
    11. Bernstein, DJ, Schwabe, P NEON crypto. In: Prouff, E, Schaumont, P eds. (2012) Cryptographic Hardware and Embedded Systems -CHES 2012. Springer, Heidelberg, pp. 320-339
    12. BitTorrent Live. http://live.bittorrent.com/. Accessed 06 Sept. 2014, 65
    13. Denis, F.: Introducing Sodium, a new cryptographic library (2013). http://labs.opendns.com/2013/03/06/announcing-sodium-a-new-cryptographic-library/. Accessed 06 Sept. 2014, 67
    14. Dingledine, R.: Tor 0.2.4.17-rc is out. Posting in [tor-talk] (2013). https://lists.torproject.org/pipermail/tor-talk/2013-September/029857.html,?65
    15. Green, M.: The anatomy of a bad idea (2012). http://blog.cryptographyengineering.com/2012/12/the-anatomy-of-bad-idea.html. Accessed 06 Sept. 2014, 65
    16. Green, M.: Announcing a contest: identify useful cryptographic algorithms that can be formally described in one Tweet (2013). https://twitter.com/matthew_d_green/status/342755869110464512. Accessed 06 Sept. 2014, 68
    17. Hisil, H, Wong, KK-H, Carter, G, Dawson, E Twisted edwards curves revisited. In: Pieprzyk, J eds. (2008) Advances in Cryptology - ASIACRYPT 2008. Springer, Heidelberg, pp. 326-343
    18. Hutter, M, Schwabe, P NaCl on 8-Bit AVR microcontrollers. In: Youssef, A, Nitaj, A, Hassanien, AE eds. (2013) Progress in Cryptology -AFRICACRYPT 2013. Springer, Heidelberg, pp. 156-172
    19. Langley, A.: ctgrind–checking that functions are constant tim
  • 作者单位:Progress in Cryptology - LATINCRYPT 2014
  • 丛书名:978-3-319-16294-2
  • 刊物类别:Computer Science
  • 刊物主题:Artificial Intelligence and Robotics
    Computer Communication Networks
    Software Engineering
    Data Encryption
    Database Management
    Computation by Abstract Devices
    Algorithm Analysis and Problem Complexity
  • 出版者:Springer Berlin / Heidelberg
  • ISSN:1611-3349
文摘
This paper introduces TweetNaCl, a compact reimplementation of the NaCl library, including all 25 of the NaCl functions used by applications. TweetNaCl is published on Twitter and fits into just 100 tweets; the tweets are available from anywhere, any time, in an unsuspicious way. Distribution via other social media, or even printed on a sheet of A4 paper, is also easily possible. TweetNaCl is human-readable C code; it is the smallest readable implementation of a high-security cryptographic library. TweetNaCl is the first cryptographic library that allows correct functionality to be verified by auditors with reasonable effort, making it suitable for inclusion into the trusted code base of a secure computer system. This paper uses two examples of formally verified correctness properties to illustrate the impact of TweetNaCl’s conciseness upon auditability. TweetNaCl consists of a single C source file, accompanied by a single header file generated by a short Python script (1811?bytes). The library can be trivially integrated into a wide range of software build processes. Portability and small code size come at a loss in efficiency, but TweetNaCl is sufficiently fast for most applications. TweetNaCl’s cryptographic implementations meet the same security and reliability standards as NaCl: for example, complete protection against cache-timing attacks.

© 2004-2018 中国地质图书馆版权所有 京ICP备05064691号 京公网安备11010802017129号

地址:北京市海淀区学院路29号 邮编:100083

电话:办公室:(+86 10)66554848;文献借阅、咨询服务、科技查新:66554700