README
¶
CIRCL
CIRCL (Cloudflare Interoperable, Reusable Cryptographic Library) is a collection of cryptographic primitives written in Go. The goal of this library is to be used as a tool for experimental deployment of cryptographic algorithms targeting Post-Quantum (PQ) and Elliptic Curve Cryptography (ECC).
Security Disclaimer
🚨 This library is offered as-is, and without a guarantee. Therefore, it is expected that changes in the code, repository, and API occur in the future. We recommend to take caution before using this library in a production application since part of its content is experimental.
Installation
You can get it by typing:
go get -u github.com/cloudflare/circl
Versioning
Version numbers are Semvers. We release a minor version for new functionality, a major version for breaking API changes, and increment the patchlevel for bugfixes.
Implemented Primitives
| Category | Algorithms | Description | Applications |
|---|---|---|---|
| PQ Key Exchange | SIDH | SIDH provide key exchange mechanisms using ephemeral keys. | Post-quantum key exchange in TLS |
| PQ Key Exchange | cSIDH | Isogeny based drop-in replacement for Diffie–Hellman | Post-Quantum Key exchange. |
| PQ KEM | SIKE | SIKE is a key encapsulation mechanism (KEM). | Post-quantum key exchange in TLS |
| Key Exchange | X25519, X448 | RFC-7748 provides new key exchange mechanisms based on Montgomery elliptic curves. | TLS 1.3. Secure Shell. |
| Key Exchange | FourQ | One of the fastest elliptic curves at 128-bit security level. | Experimental for key agreement and digital signatures. |
| Key Exchange / Digital signatures | P-384 | Our optimizations reduce the burden when moving from P-256 to P-384. | ECDSA and ECDH using Suite B at top secret level. |
| Digital Signatures | Ed25519, Ed448 | RFC-8032 provides new signature schemes based on Edwards curves. | Digital certificates and authentication. |
| PQ Digital Signatures | Dilithium, Hybrid modes | Lattice (Module LWE) based signature scheme | Post-Quantum PKI |
Work in Progress
| Category | Algorithms | Description | Applications |
|---|---|---|---|
| Hashing to Elliptic Curve Groups | Several algorithms: Elligator2, Ristretto, SWU, Icart. | Protocols based on elliptic curves require hash functions that map bit strings to points on an elliptic curve. | VOPRF. OPAQUE. PAKE. Verifiable random functions. |
| Bilinear Pairings | Plans for moving BN256 to stronger pairing curves. | A bilineal pairing is a mathematical operation that enables the implementation of advanced cryptographic protocols, such as identity-based encryption (IBE), short digital signatures (BLS), and attribute-based encryption (ABE). | Geo Key Manager, Randomness Beacon, Ethereum and other blockchain applications. |
| PQ KEM | HRSS-SXY | Lattice (NTRU) based key encapsulation mechanism. | Key exchange for low-latency environments |
| PQ KEM | Kyber | Lattice (M-LWE) based key encapsulation mechanism. | Post-Quantum Key exchange |
| PQ Digital Signatures | SPHINCS+ | Stateless hash-based signature scheme | Post-Quantum PKI |
Testing and Benchmarking
Library comes with number of make targets which can be used for testing and benchmarking:
testperforms testing of the binary.benchruns benchmarks.coverproduces coverage.lintruns set of linters on the code base.
Contributing
To contribute, fork this repository and make your changes, and then make a Pull Request. A Pull Request requires approval of the admin team and a successful CI build.
License
The project is licensed under the BSD-3-Clause License.
Documentation
¶
Overview ¶
Package circl provides a collection of cryptographic primitives. The goal of this module is to be used as a tool for experimental deployment of cryptographic algorithms targeting Post-Quantum (PQ) and Elliptic Curve Cryptography (ECC).
Following blog post describes ideas behind CIRCL in more details: https://blog.cloudflare.com/introducing-circl/
Source Files
Directories
¶
| Path | Synopsis |
|---|---|
|
Package dh provides variety of Diffie-Hellman key exchange methods.
|
Package dh provides variety of Diffie-Hellman key exchange methods. |
|
csidh
Package csidh implements commutative supersingular isogeny-based Diffie-Hellman key exchange algorithm (CSIDH) resulting from the group action.
|
Package csidh implements commutative supersingular isogeny-based Diffie-Hellman key exchange algorithm (CSIDH) resulting from the group action. |
|
curve4q
Package curve4q implements Diffie-Hellman operations using the FourQ curve at the 128-bit security level.
|
Package curve4q implements Diffie-Hellman operations using the FourQ curve at the 128-bit security level. |
|
sidh
Package sidh provides implementation of experimental post-quantum Supersingular Isogeny Diffie-Hellman (SIDH) as well as Supersingular Isogeny Key Encapsulation (SIKE).
|
Package sidh provides implementation of experimental post-quantum Supersingular Isogeny Diffie-Hellman (SIDH) as well as Supersingular Isogeny Key Encapsulation (SIKE). |
|
sidh/internal/common
Package common provides types, variables, constants and functions commonly used in SIDH or SIKE.
|
Package common provides types, variables, constants and functions commonly used in SIDH or SIKE. |
|
sidh/internal/p503
Package p503 provides implementation of field arithmetic used in SIDH and SIKE.
|
Package p503 provides implementation of field arithmetic used in SIDH and SIKE. |
|
sidh/internal/p751
Package p751 provides implementation of field arithmetic used in SIDH and SIKE.
|
Package p751 provides implementation of field arithmetic used in SIDH and SIKE. |
|
x25519
Package x25519 provides Diffie-Hellman functions as specified in RFC-7748.
|
Package x25519 provides Diffie-Hellman functions as specified in RFC-7748. |
|
x448
Package x448 provides Diffie-Hellman functions as specified in RFC-7748.
|
Package x448 provides Diffie-Hellman functions as specified in RFC-7748. |
|
Package ecc provides implementation of arithmetic on some elliptic curves.
|
Package ecc provides implementation of arithmetic on some elliptic curves. |
|
fourq
Package fourq provides elliptic curve operations over FourQ curve.
|
Package fourq provides elliptic curve operations over FourQ curve. |
|
goldilocks
Package goldilocks provides elliptic curve operations over the goldilocks curve.
|
Package goldilocks provides elliptic curve operations over the goldilocks curve. |
|
p384
Package p384 provides optimized elliptic curve operations on the P-384 curve.
|
Package p384 provides optimized elliptic curve operations on the P-384 curve. |
|
internal
|
|
|
shake
Package shake provides implementation of SHA-3 and cSHAKE This code has been copied from golang.org/x/crypto/sha3 and heavily modified.
|
Package shake provides implementation of SHA-3 and cSHAKE This code has been copied from golang.org/x/crypto/sha3 and heavily modified. |
|
Package math provides some utility functions for big integers.
|
Package math provides some utility functions for big integers. |
|
fp25519
Package fp25519 provides prime field arithmetic over GF(2^255-19).
|
Package fp25519 provides prime field arithmetic over GF(2^255-19). |
|
fp448
Package fp448 provides prime field arithmetic over GF(2^448-2^224-1).
|
Package fp448 provides prime field arithmetic over GF(2^448-2^224-1). |
|
mlsbset
Package mlsbset provides a constant-time exponentiation method with precomputation.
|
Package mlsbset provides a constant-time exponentiation method with precomputation. |
|
Package sign provides unified interfaces for signature schemes.
|
Package sign provides unified interfaces for signature schemes. |
|
dilithium
dilithium implements the CRYSTALS-Dilithium signature schemes as submitted to round2 of the NIST PQC competition and described in https://pq-crystals.org/dilithium/data/dilithium-specification-round2.pdf Each of the eight different modes of Dilithium is implemented by a subpackage.
|
dilithium implements the CRYSTALS-Dilithium signature schemes as submitted to round2 of the NIST PQC competition and described in https://pq-crystals.org/dilithium/data/dilithium-specification-round2.pdf Each of the eight different modes of Dilithium is implemented by a subpackage. |
|
dilithium/mode1
mode1 implements the CRYSTALS-Dilithium signature scheme Dilithium1 as submitted to round2 of the NIST PQC competition and described in https://pq-crystals.org/dilithium/data/dilithium-specification-round2.pdf
|
mode1 implements the CRYSTALS-Dilithium signature scheme Dilithium1 as submitted to round2 of the NIST PQC competition and described in https://pq-crystals.org/dilithium/data/dilithium-specification-round2.pdf |
|
dilithium/mode1aes
mode1aes implements the CRYSTALS-Dilithium signature scheme Dilithium1-AES as submitted to round2 of the NIST PQC competition and described in https://pq-crystals.org/dilithium/data/dilithium-specification-round2.pdf
|
mode1aes implements the CRYSTALS-Dilithium signature scheme Dilithium1-AES as submitted to round2 of the NIST PQC competition and described in https://pq-crystals.org/dilithium/data/dilithium-specification-round2.pdf |
|
dilithium/mode2
mode2 implements the CRYSTALS-Dilithium signature scheme Dilithium2 as submitted to round2 of the NIST PQC competition and described in https://pq-crystals.org/dilithium/data/dilithium-specification-round2.pdf
|
mode2 implements the CRYSTALS-Dilithium signature scheme Dilithium2 as submitted to round2 of the NIST PQC competition and described in https://pq-crystals.org/dilithium/data/dilithium-specification-round2.pdf |
|
dilithium/mode2aes
mode2aes implements the CRYSTALS-Dilithium signature scheme Dilithium2-AES as submitted to round2 of the NIST PQC competition and described in https://pq-crystals.org/dilithium/data/dilithium-specification-round2.pdf
|
mode2aes implements the CRYSTALS-Dilithium signature scheme Dilithium2-AES as submitted to round2 of the NIST PQC competition and described in https://pq-crystals.org/dilithium/data/dilithium-specification-round2.pdf |
|
dilithium/mode3
mode3 implements the CRYSTALS-Dilithium signature scheme Dilithium3 as submitted to round2 of the NIST PQC competition and described in https://pq-crystals.org/dilithium/data/dilithium-specification-round2.pdf
|
mode3 implements the CRYSTALS-Dilithium signature scheme Dilithium3 as submitted to round2 of the NIST PQC competition and described in https://pq-crystals.org/dilithium/data/dilithium-specification-round2.pdf |
|
dilithium/mode3aes
mode3aes implements the CRYSTALS-Dilithium signature scheme Dilithium3-AES as submitted to round2 of the NIST PQC competition and described in https://pq-crystals.org/dilithium/data/dilithium-specification-round2.pdf
|
mode3aes implements the CRYSTALS-Dilithium signature scheme Dilithium3-AES as submitted to round2 of the NIST PQC competition and described in https://pq-crystals.org/dilithium/data/dilithium-specification-round2.pdf |
|
dilithium/mode4
mode4 implements the CRYSTALS-Dilithium signature scheme Dilithium4 as submitted to round2 of the NIST PQC competition and described in https://pq-crystals.org/dilithium/data/dilithium-specification-round2.pdf
|
mode4 implements the CRYSTALS-Dilithium signature scheme Dilithium4 as submitted to round2 of the NIST PQC competition and described in https://pq-crystals.org/dilithium/data/dilithium-specification-round2.pdf |
|
dilithium/mode4aes
mode4aes implements the CRYSTALS-Dilithium signature scheme Dilithium4-AES as submitted to round2 of the NIST PQC competition and described in https://pq-crystals.org/dilithium/data/dilithium-specification-round2.pdf
|
mode4aes implements the CRYSTALS-Dilithium signature scheme Dilithium4-AES as submitted to round2 of the NIST PQC competition and described in https://pq-crystals.org/dilithium/data/dilithium-specification-round2.pdf |
|
ed25519
Package ed25519 implements Ed25519 signature scheme as described in RFC-8032.
|
Package ed25519 implements Ed25519 signature scheme as described in RFC-8032. |
|
ed448
Package ed448 implements Ed448 signature scheme as described in RFC-8032.
|
Package ed448 implements Ed448 signature scheme as described in RFC-8032. |
|
eddilithium3
Package eddilithium3 implements the hybrid signature scheme Ed25519-Dilithium3.
|
Package eddilithium3 implements the hybrid signature scheme Ed25519-Dilithium3. |
|
eddilithium4
Package eddilithium4 implements the hybrid signature scheme Ed448-Dilithium4.
|
Package eddilithium4 implements the hybrid signature scheme Ed448-Dilithium4. |
|
schemes
Package schemes contains a register of signature algorithms.
|
Package schemes contains a register of signature algorithms. |
|
Package simd provides parallel implementations of some primitives.
|
Package simd provides parallel implementations of some primitives. |
|
keccakf1600
Package keccakf1600 provides a four-way Keccak-f[1600] permutation in parallel.
|
Package keccakf1600 provides a four-way Keccak-f[1600] permutation in parallel. |
Click to show internal directories.
Click to hide internal directories.