文摘
This paper introduces TweetNaCl, a compact reimplementation of the NaCl library, including all 25 of the NaCl functions used by applications. TweetNaCl is published on Twitter and fits into just 100 tweets; the tweets are available from anywhere, any time, in an unsuspicious way. Distribution via other social media, or even printed on a sheet of A4 paper, is also easily possible. TweetNaCl is human-readable C code; it is the smallest readable implementation of a high-security cryptographic library. TweetNaCl is the first cryptographic library that allows correct functionality to be verified by auditors with reasonable effort, making it suitable for inclusion into the trusted code base of a secure computer system. This paper uses two examples of formally verified correctness properties to illustrate the impact of TweetNaCl’s conciseness upon auditability. TweetNaCl consists of a single C source file, accompanied by a single header file generated by a short Python script (1811?bytes). The library can be trivially integrated into a wide range of software build processes. Portability and small code size come at a loss in efficiency, but TweetNaCl is sufficiently fast for most applications. TweetNaCl’s cryptographic implementations meet the same security and reliability standards as NaCl: for example, complete protection against cache-timing attacks.