noble-ed25519
fiat-crypto
Our great sponsors
| noble-ed25519 | fiat-crypto | |
|---|---|---|
| 2 | 10 | |
| 384 | 686 | |
| - | 2.8% | |
| 6.7 | 9.4 | |
| about 1 month ago | 6 days ago | |
| JavaScript | Coq | |
| MIT License | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
noble-ed25519
-
Go 1.20 Cryptography
[For reference, see section 7.8](https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-5-draft...).
I've also been looking for Ed25519ph support for other languages. [Paul Miller](https://github.com/paulmillr), who is the author of the noble libraries for Javascript has just added support in his newly released [curves](https://github.com/paulmillr/noble-ed25519/issues/63) library. Paul has suggested on Twitter holding off on using "curves" until an audit, but most of his other work has already been audited and all his works are highly polished.
Also, for all readers, we wrote an [online Ed25519 tool](https://cyphr.me/ed25519_applet/ed.html), which is useful for testing and verifying. Previously the top result on Google, which has now been taken down, was sending the keys off to a server, which motivated us to write a tool that didn't openly phone home.
-
r/Crypto, can you help take down an evil tool that's stealing people's private keys?
(Git hashes the repo and provides version history. It's not "super secure", but it is much better than nothing. I could also sign releases, but I'm not doing that at the moment, since I don't think the marginal benefit is there, especially since Paul is signing the crypto part already.)
fiat-crypto
- Dilemma: very unhappy with a highly-paying tech job. What to do?
-
Go 1.20 Cryptography
> Both your comment here and some stuff FiloSottile implied in the comment above seem like they would be (largely) mitigated by what the "Go 1.20 Cryptography" post mentions about using formally verified primitives that are generated by "fiat-crypto".
> Beyond the curve primitive, wouldn't the majority of the code involved be shared/identical? These are closely related curves, not some oddball algorithm that requires a bespoke implementation.
Well, fiat-crypto only provides the curve implementations.
Each language, library, etc. that wants to support ed448 will need a SHAKE256 implementation too. That has historically not been a safe addition, in practice.
Also, I don't see Ed448 on here (but I do see P448?): https://github.com/mit-plv/fiat-crypto/tree/6e6809be8290a7d7...
- Program Synthesis is Possible (2018)
- fiat-crypto: Cryptographic Primitive Code Generation by Fiat
-
The technological case against Bitcoin and blockchain
I think this is a more interesting URL: https://github.com/mit-plv/fiat-crypto/issues/902
-
Orion 0.17 – X25519 with formally-verified field arithemtic and serde support
Hi, maintainer of the crate
The formal verification comes from [fiat-crypto](https://github.com/mit-plv/fiat-crypto), which generates the Rust code of the underlying Curve25519 field arithmetic. Correctness is checked by Coq.
Mention of fiat-crypto was included in the original posts on Reddit/Lobste.rs but seems it was missed in this cross-post.
-
Orion 0.17 - X25519 with formally-verified field arithemtic and serde support
Orion now supports X25519 (Diffie-Hellman over Curve25519), which uses formally-verified field arithmetic generated by fiat-crypto. Additionally, a lot of focus was put into hardening the CI/CD of the crate along with added support for serde. This work was championed by /u/vlmutolo.
-
"Serious" vulnerability found in Libgcrypt, GnuPG's cryptographic library - Help Net Security
I have great hopes for formal verification: - https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/bond - https://github.com/project-everest/hacl-star - https://github.com/mit-plv/fiat-crypto - https://saw.galois.com/
-
Synthesizing Correct-by-Construction Code for Cryptographic Primitives
A list of projects using the code generated by fiat-crypto: https://github.com/mit-plv/fiat-crypto/issues/902
What are some alternatives?
DOMtegrity - JavaScript Framework to ensure webpage DOM integrity in presence of a malicious browser extension.
RFCs - A repository for your Nim proposals.
bogbook - bogbook v3 - A replicated and secure social network made from ed25519 hash chains
differential-dataflow - An implementation of differential dataflow using timely dataflow on Rust.
VulnTLS - Collection of TLS vulnerabilities ready to be exploited.
age - A simple, modern and secure encryption tool (and Go library) with small explicit keys, no config options, and UNIX-style composability.
tweetnacl-js - Port of TweetNaCl cryptographic library to JavaScript
orion - Usable, easy and safe pure-Rust crypto
signature-sdk-js - Wacom’s Signature SDK library for JavaScript provides software components to capture handwritten signatures from a Web Browser.
faust - Functional programming language for signal processing and sound synthesis
Ed25519Tool - Ed25519 signing and verification online tool.
go-ethereum - Go implementation of the Ethereum protocol