README
¶
FORKED FROM CIRCL
CIRCL (Cloudflare Interoperable, Reusable Cryptographic Library) is a collection of cryptographic primitives written in Go. The goal of this library is to be used as a tool for experimental deployment of cryptographic algorithms targeting Post-Quantum (PQ) and Elliptic Curve Cryptography (ECC).
Security Disclaimer
🚨 This library is offered as-is, and without a guarantee. Therefore, it is expected that changes in the code, repository, and API occur in the future. We recommend to take caution before using this library in a production application since part of its content is experimental.
Installation
You can get it by typing:
go get -u github.com/cloudflare/circl
Versioning
Version numbers are Semvers. We release a minor version for new functionality, a major version for breaking API changes, and increment the patchlevel for bugfixes.
Implemented Primitives
| Category | Algorithms | Description | Applications |
|---|---|---|---|
| PQ Key Exchange | SIDH | SIDH provide key exchange mechanisms using ephemeral keys. | Post-quantum key exchange in TLS |
| PQ Key Exchange | cSIDH | Isogeny based drop-in replacement for Diffie–Hellman | Post-Quantum Key exchange. |
| PQ KEM | SIKE | SIKE is a key encapsulation mechanism (KEM). | Post-quantum key exchange in TLS |
| Key Exchange | X25519, X448 | RFC-7748 provides new key exchange mechanisms based on Montgomery elliptic curves. | TLS 1.3. Secure Shell. |
| Key Exchange | FourQ | One of the fastest elliptic curves at 128-bit security level. | Experimental for key agreement and digital signatures. |
| Key Exchange / Digital signatures | P-384 | Our optimizations reduce the burden when moving from P-256 to P-384. | ECDSA and ECDH using Suite B at top secret level. |
| Digital Signatures | Ed25519, Ed448 | RFC-8032 provides new signature schemes based on Edwards curves. | Digital certificates and authentication. |
| Key Encapsulation | P-256, P-384, P-521, X25519 and X448 | Key encapsulation methods based on Diffie-Hellman. | HPKE |
| Hybrid Public-Key Encryption | Base, Auth, PSK, AuthPSK | HPKE is a combination of KEM and AEAD. | TLS |
| PQ KEM/PKE | Kyber | Lattice (M-LWE) based IND-CCA2 secure key encapsulation mechanism and IND-CPA secure public key encryption | Post-Quantum Key exchange |
| PQ Digital Signatures | Dilithium, Hybrid modes | Lattice (Module LWE) based signature scheme | Post-Quantum PKI |
Work in Progress
| Category | Algorithms | Description | Applications |
|---|---|---|---|
| Hashing to Elliptic Curve Groups | Several algorithms: Elligator2, Ristretto, SWU, Icart. | Protocols based on elliptic curves require hash functions that map bit strings to points on an elliptic curve. | VOPRF. OPAQUE. PAKE. Verifiable random functions. |
| Bilinear Pairings | Plans for moving BN256 to stronger pairing curves. | A bilineal pairing is a mathematical operation that enables the implementation of advanced cryptographic protocols, such as identity-based encryption (IBE), short digital signatures (BLS), and attribute-based encryption (ABE). | Geo Key Manager, Randomness Beacon, Ethereum and other blockchain applications. |
| PQ KEM | HRSS-SXY | Lattice (NTRU) based key encapsulation mechanism. | Key exchange for low-latency environments |
| PQ Digital Signatures | SPHINCS+ | Stateless hash-based signature scheme | Post-Quantum PKI |
Testing and Benchmarking
Library comes with number of make targets which can be used for testing and benchmarking:
testperforms testing of the binary.benchruns benchmarks.coverproduces coverage.lintruns set of linters on the code base.
Contributing
To contribute, fork this repository and make your changes, and then make a Pull Request. A Pull Request requires approval of the admin team and a successful CI build.
How to Cite
To cite CIRCL, use one of the following formats and update with the date you accessed this project.
APA Style
Faz-Hernández, A. and Kwiatkowski, K. (2019). Introducing CIRCL:
An Advanced Cryptographic Library. Cloudflare. Available at
https://github.com/cloudflare/circl. Accessed Feb 2021.
Bibtex Source
@manual{circl,
title = {Introducing CIRCL: An Advanced Cryptographic Library},
author = {Armando Faz-Hern\'{a}ndez and Kris Kwiatkowski},
organization = {Cloudflare},
abstract = {{CIRCL (Cloudflare Interoperable, Reusable Cryptographic Library) is
a collection of cryptographic primitives written in Go. The goal
of this library is to be used as a tool for experimental
deployment of cryptographic algorithms targeting Post-Quantum (PQ)
and Elliptic Curve Cryptography (ECC).}},
note = {Available at \url{https://github.com/cloudflare/circl}. Accessed Feb 2021},
month = jun,
year = {2019}
}
License
The project is licensed under the BSD-3-Clause License.
Directories
¶
| Path | Synopsis |
|---|---|
|
Package dh provides variety of Diffie-Hellman key exchange methods.
|
Package dh provides variety of Diffie-Hellman key exchange methods. |
|
csidh
Package csidh implements commutative supersingular isogeny-based Diffie-Hellman key exchange algorithm (CSIDH) resulting from the group action.
|
Package csidh implements commutative supersingular isogeny-based Diffie-Hellman key exchange algorithm (CSIDH) resulting from the group action. |
|
curve4q
Package curve4q implements Diffie-Hellman operations using the FourQ curve at the 128-bit security level.
|
Package curve4q implements Diffie-Hellman operations using the FourQ curve at the 128-bit security level. |
|
sidh
Package sidh provides implementation of experimental post-quantum Supersingular Isogeny Diffie-Hellman (SIDH) as well as Supersingular Isogeny Key Encapsulation (SIKE).
|
Package sidh provides implementation of experimental post-quantum Supersingular Isogeny Diffie-Hellman (SIDH) as well as Supersingular Isogeny Key Encapsulation (SIKE). |
|
sidh/internal/common
Package common provides types, variables, constants and functions commonly used in SIDH or SIKE.
|
Package common provides types, variables, constants and functions commonly used in SIDH or SIKE. |
|
sidh/internal/p503
Package p503 provides implementation of field arithmetic used in SIDH and SIKE.
|
Package p503 provides implementation of field arithmetic used in SIDH and SIKE. |
|
sidh/internal/p751
Package p751 provides implementation of field arithmetic used in SIDH and SIKE.
|
Package p751 provides implementation of field arithmetic used in SIDH and SIKE. |
|
x25519
Package x25519 provides Diffie-Hellman functions as specified in RFC-7748.
|
Package x25519 provides Diffie-Hellman functions as specified in RFC-7748. |
|
x448
Package x448 provides Diffie-Hellman functions as specified in RFC-7748.
|
Package x448 provides Diffie-Hellman functions as specified in RFC-7748. |
|
Package ecc provides implementation of arithmetic on some elliptic curves.
|
Package ecc provides implementation of arithmetic on some elliptic curves. |
|
fourq
Package fourq provides elliptic curve operations over FourQ curve.
|
Package fourq provides elliptic curve operations over FourQ curve. |
|
goldilocks
Package goldilocks provides elliptic curve operations over the goldilocks curve.
|
Package goldilocks provides elliptic curve operations over the goldilocks curve. |
|
p384
Package p384 provides optimized elliptic curve operations on the P-384 curve.
|
Package p384 provides optimized elliptic curve operations on the P-384 curve. |
|
Package group provides prime-order groups based on elliptic curves.
|
Package group provides prime-order groups based on elliptic curves. |
|
Package hpke implements the Hybrid Public Key Encryption (HPKE) standard specified by draft-irtf-cfrg-hpke-07.
|
Package hpke implements the Hybrid Public Key Encryption (HPKE) standard specified by draft-irtf-cfrg-hpke-07. |
|
Package kem provides a unified interface for KEM schemes.
|
Package kem provides a unified interface for KEM schemes. |
|
hybrid
Package hybrid defines several hybrid classical/quantum KEMs.
|
Package hybrid defines several hybrid classical/quantum KEMs. |
|
kyber
Package kyber implements the CRYSTALS-Kyber.CCAKEM IND-CCA2 secure key encapsulation mechanism (KEM) as submitted to round 3 of the NIST PQC competition and described in https://pq-crystals.org/kyber/data/kyber-specification-round3.pdf The related public key encryption scheme CRYSTALS-Kyber.CPAPKE can be found in the package github.com/Universal-Health-Chain/uhc-cloudflare-circl/pke/kyber.
|
Package kyber implements the CRYSTALS-Kyber.CCAKEM IND-CCA2 secure key encapsulation mechanism (KEM) as submitted to round 3 of the NIST PQC competition and described in https://pq-crystals.org/kyber/data/kyber-specification-round3.pdf The related public key encryption scheme CRYSTALS-Kyber.CPAPKE can be found in the package github.com/Universal-Health-Chain/uhc-cloudflare-circl/pke/kyber. |
|
kyber/kyber1024
Package kyber1024 implements the IND-CCA2 secure key encapsulation mechanism Kyber1024.CCAKEM as submitted to round 3 of the NIST PQC competition and described in https://pq-crystals.org/kyber/data/kyber-specification-round3.pdf
|
Package kyber1024 implements the IND-CCA2 secure key encapsulation mechanism Kyber1024.CCAKEM as submitted to round 3 of the NIST PQC competition and described in https://pq-crystals.org/kyber/data/kyber-specification-round3.pdf |
|
kyber/kyber512
Package kyber512 implements the IND-CCA2 secure key encapsulation mechanism Kyber512.CCAKEM as submitted to round 3 of the NIST PQC competition and described in https://pq-crystals.org/kyber/data/kyber-specification-round3.pdf
|
Package kyber512 implements the IND-CCA2 secure key encapsulation mechanism Kyber512.CCAKEM as submitted to round 3 of the NIST PQC competition and described in https://pq-crystals.org/kyber/data/kyber-specification-round3.pdf |
|
kyber/kyber768
Package kyber768 implements the IND-CCA2 secure key encapsulation mechanism Kyber768.CCAKEM as submitted to round 3 of the NIST PQC competition and described in https://pq-crystals.org/kyber/data/kyber-specification-round3.pdf
|
Package kyber768 implements the IND-CCA2 secure key encapsulation mechanism Kyber768.CCAKEM as submitted to round 3 of the NIST PQC competition and described in https://pq-crystals.org/kyber/data/kyber-specification-round3.pdf |
|
schemes
Package schemes contains a register of KEM schemes.
|
Package schemes contains a register of KEM schemes. |
|
sike
Package sike contains the SIKE key encapsulation mechanism.
|
Package sike contains the SIKE key encapsulation mechanism. |
|
sike/sikep434
Package sikep434 implements the key encapsulation mechanism SIKEp434.
|
Package sikep434 implements the key encapsulation mechanism SIKEp434. |
|
sike/sikep503
Package sikep503 implements the key encapsulation mechanism SIKEp503.
|
Package sikep503 implements the key encapsulation mechanism SIKEp503. |
|
sike/sikep751
Package sikep751 implements the key encapsulation mechanism SIKEp751.
|
Package sikep751 implements the key encapsulation mechanism SIKEp751. |
|
Package math provides some utility functions for big integers.
|
Package math provides some utility functions for big integers. |
|
fp25519
Package fp25519 provides prime field arithmetic over GF(2^255-19).
|
Package fp25519 provides prime field arithmetic over GF(2^255-19). |
|
fp448
Package fp448 provides prime field arithmetic over GF(2^448-2^224-1).
|
Package fp448 provides prime field arithmetic over GF(2^448-2^224-1). |
|
mlsbset
Package mlsbset provides a constant-time exponentiation method with precomputation.
|
Package mlsbset provides a constant-time exponentiation method with precomputation. |
|
Package oprf provides an Oblivious Pseudo-Random Function protocol.
|
Package oprf provides an Oblivious Pseudo-Random Function protocol. |
|
Package pke provides a variety of public key encryption mechanisms.
|
Package pke provides a variety of public key encryption mechanisms. |
|
kyber
Package kyber implements the CRYSTALS-Kyber.CPAPKE public key encrpyption as submitted to round 3 of the NIST PQC competition and described in https://pq-crystals.org/kyber/data/kyber-specification-round3.pdf The related key encapsulation mechanism (KEM) CRYSTALS-Kyber.CCAKEM can be found in the package github.com/Universal-Health-Chain/uhc-cloudflare-circl/kem/kyber.
|
Package kyber implements the CRYSTALS-Kyber.CPAPKE public key encrpyption as submitted to round 3 of the NIST PQC competition and described in https://pq-crystals.org/kyber/data/kyber-specification-round3.pdf The related key encapsulation mechanism (KEM) CRYSTALS-Kyber.CCAKEM can be found in the package github.com/Universal-Health-Chain/uhc-cloudflare-circl/kem/kyber. |
|
kyber/kyber1024
kyber1024 implements the IND-CPA-secure Public Key Encryption scheme Kyber1024.CPAPKE as submitted to round 3 of the NIST PQC competition and described in https://pq-crystals.org/kyber/data/kyber-specification-round3.pdf
|
kyber1024 implements the IND-CPA-secure Public Key Encryption scheme Kyber1024.CPAPKE as submitted to round 3 of the NIST PQC competition and described in https://pq-crystals.org/kyber/data/kyber-specification-round3.pdf |
|
kyber/kyber512
kyber512 implements the IND-CPA-secure Public Key Encryption scheme Kyber512.CPAPKE as submitted to round 3 of the NIST PQC competition and described in https://pq-crystals.org/kyber/data/kyber-specification-round3.pdf
|
kyber512 implements the IND-CPA-secure Public Key Encryption scheme Kyber512.CPAPKE as submitted to round 3 of the NIST PQC competition and described in https://pq-crystals.org/kyber/data/kyber-specification-round3.pdf |
|
kyber/kyber768
kyber768 implements the IND-CPA-secure Public Key Encryption scheme Kyber768.CPAPKE as submitted to round 3 of the NIST PQC competition and described in https://pq-crystals.org/kyber/data/kyber-specification-round3.pdf
|
kyber768 implements the IND-CPA-secure Public Key Encryption scheme Kyber768.CPAPKE as submitted to round 3 of the NIST PQC competition and described in https://pq-crystals.org/kyber/data/kyber-specification-round3.pdf |
|
Package sign provides unified interfaces for signature schemes.
|
Package sign provides unified interfaces for signature schemes. |
|
dilithium
dilithium implements the CRYSTALS-Dilithium signature schemes as submitted to round2 of the NIST PQC competition and described in https://pq-crystals.org/dilithium/data/dilithium-specification-round2.pdf Each of the eight different modes of Dilithium is implemented by a subpackage.
|
dilithium implements the CRYSTALS-Dilithium signature schemes as submitted to round2 of the NIST PQC competition and described in https://pq-crystals.org/dilithium/data/dilithium-specification-round2.pdf Each of the eight different modes of Dilithium is implemented by a subpackage. |
|
dilithium/mode1
mode1 implements the CRYSTALS-Dilithium signature scheme Dilithium1 as submitted to round2 of the NIST PQC competition and described in https://pq-crystals.org/dilithium/data/dilithium-specification-round2.pdf
|
mode1 implements the CRYSTALS-Dilithium signature scheme Dilithium1 as submitted to round2 of the NIST PQC competition and described in https://pq-crystals.org/dilithium/data/dilithium-specification-round2.pdf |
|
dilithium/mode1aes
mode1aes implements the CRYSTALS-Dilithium signature scheme Dilithium1-AES as submitted to round2 of the NIST PQC competition and described in https://pq-crystals.org/dilithium/data/dilithium-specification-round2.pdf
|
mode1aes implements the CRYSTALS-Dilithium signature scheme Dilithium1-AES as submitted to round2 of the NIST PQC competition and described in https://pq-crystals.org/dilithium/data/dilithium-specification-round2.pdf |
|
dilithium/mode2
mode2 implements the CRYSTALS-Dilithium signature scheme Dilithium2 as submitted to round2 of the NIST PQC competition and described in https://pq-crystals.org/dilithium/data/dilithium-specification-round2.pdf
|
mode2 implements the CRYSTALS-Dilithium signature scheme Dilithium2 as submitted to round2 of the NIST PQC competition and described in https://pq-crystals.org/dilithium/data/dilithium-specification-round2.pdf |
|
dilithium/mode2aes
mode2aes implements the CRYSTALS-Dilithium signature scheme Dilithium2-AES as submitted to round2 of the NIST PQC competition and described in https://pq-crystals.org/dilithium/data/dilithium-specification-round2.pdf
|
mode2aes implements the CRYSTALS-Dilithium signature scheme Dilithium2-AES as submitted to round2 of the NIST PQC competition and described in https://pq-crystals.org/dilithium/data/dilithium-specification-round2.pdf |
|
dilithium/mode3
mode3 implements the CRYSTALS-Dilithium signature scheme Dilithium3 as submitted to round2 of the NIST PQC competition and described in https://pq-crystals.org/dilithium/data/dilithium-specification-round2.pdf
|
mode3 implements the CRYSTALS-Dilithium signature scheme Dilithium3 as submitted to round2 of the NIST PQC competition and described in https://pq-crystals.org/dilithium/data/dilithium-specification-round2.pdf |
|
dilithium/mode3aes
mode3aes implements the CRYSTALS-Dilithium signature scheme Dilithium3-AES as submitted to round2 of the NIST PQC competition and described in https://pq-crystals.org/dilithium/data/dilithium-specification-round2.pdf
|
mode3aes implements the CRYSTALS-Dilithium signature scheme Dilithium3-AES as submitted to round2 of the NIST PQC competition and described in https://pq-crystals.org/dilithium/data/dilithium-specification-round2.pdf |
|
dilithium/mode4
mode4 implements the CRYSTALS-Dilithium signature scheme Dilithium4 as submitted to round2 of the NIST PQC competition and described in https://pq-crystals.org/dilithium/data/dilithium-specification-round2.pdf
|
mode4 implements the CRYSTALS-Dilithium signature scheme Dilithium4 as submitted to round2 of the NIST PQC competition and described in https://pq-crystals.org/dilithium/data/dilithium-specification-round2.pdf |
|
dilithium/mode4aes
mode4aes implements the CRYSTALS-Dilithium signature scheme Dilithium4-AES as submitted to round2 of the NIST PQC competition and described in https://pq-crystals.org/dilithium/data/dilithium-specification-round2.pdf
|
mode4aes implements the CRYSTALS-Dilithium signature scheme Dilithium4-AES as submitted to round2 of the NIST PQC competition and described in https://pq-crystals.org/dilithium/data/dilithium-specification-round2.pdf |
|
ed25519
Package ed25519 implements Ed25519 signature scheme as described in RFC-8032.
|
Package ed25519 implements Ed25519 signature scheme as described in RFC-8032. |
|
ed448
Package ed448 implements Ed448 signature scheme as described in RFC-8032.
|
Package ed448 implements Ed448 signature scheme as described in RFC-8032. |
|
eddilithium3
Package eddilithium3 implements the hybrid signature scheme Ed25519-Dilithium3.
|
Package eddilithium3 implements the hybrid signature scheme Ed25519-Dilithium3. |
|
eddilithium4
Package eddilithium4 implements the hybrid signature scheme Ed448-Dilithium4.
|
Package eddilithium4 implements the hybrid signature scheme Ed448-Dilithium4. |
|
schemes
Package schemes contains a register of signature algorithms.
|
Package schemes contains a register of signature algorithms. |
|
Package simd provides parallel implementations of some primitives.
|
Package simd provides parallel implementations of some primitives. |
|
keccakf1600
Package keccakf1600 provides a two and four-way Keccak-f[1600] permutation in parallel.
|
Package keccakf1600 provides a two and four-way Keccak-f[1600] permutation in parallel. |
|
utils
|
|
|
nist
Package nist implements helpers to generate NIST's Known Answer Tests (KATs).
|
Package nist implements helpers to generate NIST's Known Answer Tests (KATs). |
|
sha3
Package sha3 implements the SHA-3 fixed-output-length hash functions and the SHAKE variable-output-length hash functions defined by FIPS-202.
|
Package sha3 implements the SHA-3 fixed-output-length hash functions and the SHAKE variable-output-length hash functions defined by FIPS-202. |
Click to show internal directories.
Click to hide internal directories.