[erlang-questions] [ANN] enacl v0.9.0 - NaCl/libsodium encryption for Erlang

Jesper Louis Andersen <>
Sat Nov 29 22:30:36 CET 2014


Hi Erlangers,

NaCl is a cryptographic library by Dan J. Bernstein, Tanja Lange and Peter
Schwabe. Libsodium is a portable implementation of NaCl by Frank Denis.

Cryptographic systems are hard to get right. You have to beware of timing
attacks in your low level primitives, so you can't use timing to attack the
code. Also, even if you manage to get the primitives correct, you can still
miss by using the primitives incorrectly. NaCl/libsodium avoids the first
by:

* Having no flow from the secret to load addresses. In particular, it
avoids large lookup tables which can be attacked by cache timings.

* Having no flow secret to branch conditions. This avoids timing attacks
where one measures what branches were taken in the code.

* Having protection against padding oracle side channel attacks.

* Using a standardized RNG from the operting system.

* Avoiding primitives that require randomness as much as possible and
picking primitives that can get away with pseudorandomness.

Furthermore, the library tries to make it hard to use cryptographic
primitives incorrectly, by supplying higher-level APIs where the underlying
primitives and their compositions have been pre-selected by cryptographers
who knows what they are doing. While no guarantee, it does remove some
typical mistakes.

Finally NaCl/libsodium is very fast, even for a large security margin. In
other words, it is possible to encrypt high-bandwidth traffic for
protection.

I've decided to implement yet another set of bindings for NaCl for Erlang
as a set of C NIFs. These bindings differ from the earlier bindings in some
areas:

* QuickCheck is used all over the place for positive/negative testing of
the APIs correctness and lack of memory leaks.
* The bindings require Erlang 17.3.x and uses the experimental dirty
scheduler API to avoid long-running NIFs. When called on small messages,
the bindings will run the operation directly on the Erlang scheduler for
speed however, and it will scale its reduction cost depending on the size
of the message.
* Includes a complete timing module which can be used to measure if the
reduction strategy used will fit on the target machine.

All in all, these bindings will be fast, and have low latency even on
systems which will encrypt lots of data. They can be used to build
cryptographic libraries for Erlang on top. For instance "gen_tcp_nacl".

Thanks:
  Tony Garnock-Jones whose bindings were an inspiration.
  Steve Vinoski, Rickard Green and Sverker Eriksson for Dirty Schedulers

https://github.com/jlouis/enacl

Also see,

http://nacl.cr.yp.to/
https://github.com/jedisct1/libsodium

Comments and patches welcome as always. Things are written with an MIT
license for maximal use.

-- 
J.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20141129/5503aa0a/attachment.html>


More information about the erlang-questions mailing list