libhydrogen VS Monocypher

To quickly build something with signatures, key exchange and encryption, I'd recommend starting with libhydrogen: https://github.com/jedisct1/libhydrogen

The single round-trip initial Diffie-Hellman key exchange is susceptible to MITM attack, as has been demonstrated to me by a fan of the project. I'll be changing it to XX key exchange from libhydrogen. Either directly, or I'll use libsodium primitives to reimplement the same thing.

See if you can use this library instead of libsodium, as it'll probably work on your raspi zero: https://github.com/jedisct1/libhydrogen (Node bindings: https://github.com/trampi/node-libhydrogen-binding)

Are you possibly thinking of libhydrogen?

https://github.com/jedisct1/libhydrogen

NIST's lightweight cryptography contest is still in progress. When it finishes I'd definitely change to whatever wins. In the iterim you might want to look into the candidates. I happen to like gimli, see libhydrogen for a good library that uses it.

As the dictator author/maintainer of a tiny library¹ (45 functions total), I can confirm the manual wouldn't be half as good without external contributions. And I daresay this manual is a major contributor to the usability of the whole project.

As a new user of libcurl, I was recently able to quickly implement FTP upload and adapt it to our specific use case thanks to their tutorials and API documentation. I was even made aware of the lack of thread safety in old versions thanks to that same documentation, so I could warn my team that we should update.

Documentation is bloody important. Almost as important as the code and the test suite themselves.

[1]: https://monocypher.org

Are you assuming I didn't already do that? For your information I've written an entire cryptographic library in C https://monocypher.org and routinely chose C over C++. My claim that C is broken beyond repair doesn't come from ignorance or hype, it comes from over 15 years of first hand experience.

And of course, GC and RC aren't fixes, they can't apply in the performance constrained settings C and C++ typically are used for (tiny embedded chips, video games, video encoding…).

Also there's no way I'll even look at a new language without some form of generics. They're just too damn useful. Sure we could try the Go approach and special case generics for a few core data structures, but I believe a general purpose language needs a way to add custom ones. Heck, even Go fixed its mistakes and added generics after all.

Compilers don’t find all the optimisations. Last time I saw this was when someone noticed that my code was 5% slower than the reference implementation. This patch fixed it.

Every time I'm faced with OpenSSL, I think, "This is even more of a dumpster fire than I remember." My expectations are low, and it never fails to come in even lower than that. It's ugly and difficult to use. A good crypto API won't require all this resource management because it can all be done with small, fixed-sized buffers. In the future consider Monocypher or libsodium.

If encryption performance is not that important (especially on the client side, which I expect won't use too much bandwidth), but you value minimising dependencies, consider using Monocypher instead of libsodium. Monocypher is a single-file library that has absolutely zero dependency (not even libc). The price to pay for that is (i) right now it's slower than libsodium, and (ii) it doesn't provide an RNG, you'll have to call your OS's RNG manually.

I'm not yelling at you for your choice. See here for how hypocritical it would be of me.

This website does a pretty good job of going over what the creator of Monocypher found to implement Elligator. There’s also this Python code which has comments detailing the steps.