NaCl (Networking and Cryptography Library, pronounced "salt") is a

public domain The public domain (PD) consists of all the creative work to which no Exclusive exclusive intellectual property rights apply. Those rights may have expired, been forfeited, expressly Waiver, waived, or may be inapplicable. Because no one holds ...

, high-speed software library for

cryptography Cryptography, or cryptology (from "hidden, secret"; and ''graphein'', "to write", or ''-logy, -logia'', "study", respectively), is the practice and study of techniques for secure communication in the presence of Adversary (cryptography), ...

. NaCl was created by the mathematician and programmer Daniel J. Bernstein, who is best known for the creation of

qmail qmail is a mail transfer agent (MTA) that runs on Unix. It was written, starting December 1995, by Daniel J. Bernstein as a more secure alternative to the popular Sendmail program. Originally license-free software, qmail's source code wa ...

and

Curve25519 In cryptography, Curve25519 is an elliptic curve used in elliptic-curve cryptography (ECC) offering 128 bits of security (256-bit key size) and designed for use with the Elliptic-curve Diffie–Hellman (ECDH) key agreement scheme, first described a ...

. The core team also includes Tanja Lange and Peter Schwabe. The main goal while creating NaCl, according to the team's 2011 paper, was to "avoid various types of cryptographic disasters suffered by previous cryptographic libraries". The team does so by safer designs that avoid issues such as side-channel leakage and loss of randomness, by being performant enough that safety features do not get disabled by the user, and by picking better cryptographic primitives. The high-level "box" API is designed to encourage the use of

authenticated encryption Authenticated Encryption (AE) is an encryption scheme which simultaneously assures the data confidentiality (also known as privacy: the encrypted message is impossible to understand without the knowledge of a secret key) and authenticity (in othe ...

Functions

Public-key cryptography

* , public-key

. Key agreement happens via X25519; encryption is done by Salsa20-Poly1305. * ,

scalar multiplication In mathematics, scalar multiplication is one of the basic operations defining a vector space in linear algebra (or more generally, a module in abstract algebra). In common geometrical contexts, scalar multiplication of a real Euclidean vector ...

X25519 X, or x, is the twenty-fourth letter of the Latin alphabet, used in the English alphabet, modern English alphabet, the alphabets of other western European languages and others worldwide. Its name in English is Wikt:ex#English, ''ex'' (pro ...

. This function can be used for

elliptic-curve Diffie–Hellman Elliptic-curve Diffie–Hellman (ECDH) is a key agreement protocol that allows two parties, each having an Elliptic curve, elliptic-curve public–private key pair, to establish a shared secret over an insecure channel. This shared secret may be di ...

. * ,

signatures A signature (; from , "to sign") is a depiction of someone's name, nickname, or even a simple "X" or other mark that a person writes on documents as a proof of identity and intent. Signatures are often, but not always, handwritten or styliz ...

using Ed25519 and SHA-512.

Secret-key cryptography

* , private-key

using Salsa20-Poly1305. * ,

encryption In Cryptography law, cryptography, encryption (more specifically, Code, encoding) is the process of transforming information in a way that, ideally, only authorized parties can decode. This process converts the original representation of the inf ...

using

Salsa20 Salsa20 and the closely related ChaCha are stream ciphers developed by Daniel J. Bernstein. Salsa20, the original cipher, was designed in 2005, then later submitted to the eSTREAM European Union cryptographic validation process by Bernstein. Ch ...

, XSalsa20, or AES. * ,

authentication Authentication (from ''authentikos'', "real, genuine", from αὐθέντης ''authentes'', "author") is the act of proving an Logical assertion, assertion, such as the Digital identity, identity of a computer system user. In contrast with iden ...

using HMAC-SHA-512-256. * , single-message authentication using

Poly1305 Poly1305 is a universal hash family designed by Daniel J. Bernstein in 2002 for use in cryptography. As with any universal hash family, Poly1305 can be used as a one-time message authentication code to authenticate a single message using a sec ...

Low-level functions

* , hashing using

SHA-512 SHA-2 (Secure Hash Algorithm 2) is a set of cryptographic hash functions designed by the United States National Security Agency (NSA) and first published in 2001. They are built using the Merkle–Damgård construction, from a one-way compression ...

SHA-256 SHA-2 (Secure Hash Algorithm 2) is a set of cryptographic hash functions designed by the United States National Security Agency (NSA) and first published in 2001. They are built using the Merkle–Damgård construction, from a one-way compressi ...

* , string comparison in constant time.

Implementations

The reference implementation is written in C, often incorporating

inline assembly In computer programming, an inline assembler is a feature of some compilers that allows low-level code written in assembly language to be embedded within a program, among code that otherwise has been compiled from a higher-level language such as ...

routines. C++ support is implemented as a wrapper. A

Python Python may refer to: Snakes * Pythonidae, a family of nonvenomous snakes found in Africa, Asia, and Australia ** ''Python'' (genus), a genus of Pythonidae found in Africa and Asia * Python (mythology), a mythical serpent Computing * Python (prog ...

wrapper was planned, but is not part of the latest (20110221) release. The home page, last updated in 2016, mentions prototype wrappers. The reference NaCl implementation has a variety of programming language bindings, such as PHP and Tcl.

Libsodium

Libsodium is an API-compatible

fork In cutlery or kitchenware, a fork (from 'pitchfork') is a utensil, now usually made of metal, whose long handle terminates in a head that branches into several narrow and often slightly curved tines with which one can spear foods either to h ...

of reference NaCl created in 2013. It is "installable and packageable", or in other words can be compiled into a

dynamic library A dynamic library is a library that contains functions and data that can be consumed by a computer program at run-time as loaded from a file separate from the program executable. Dynamic linking or late binding allows for using a dynamic libra ...

and installed as a software package thanks to the addition of build files (NaCl had none). It is also "portable and cross-compilable". As libsodium can be dynamically linked, it serves as the basis for a number of bindings in languages such as

Pharo Pharo is a Cross-platform software, cross-platform implementation of the classic Smalltalk-80 programming language and runtime system. It is based on the OpenSmalltalk virtual machine (VM) named Cog, which evaluates a dynamic, Reflective progr ...

, Perl 5, and Python. libsodium also extends the NaCl API with new algorithms (e.g.

BLAKE2 BLAKE is a cryptographic hash function based on Daniel J. Bernstein's ChaCha (cipher), ChaCha stream cipher, but a permuted copy of the input block, XORed with round constants, is added before each ChaCha round. Like SHA-2, there are two variants ...

ChaCha20-Poly1305 ChaCha20-Poly1305 is an authenticated encryption with associated data (AEAD) algorithm, that combines the ChaCha20 stream cipher with the Poly1305 message authentication code. It has fast software performance, and without hardware acceleration, ...

, AEGIS) and new classes of functions (e.g. secure memory,

random number generation Random number generation is a process by which, often by means of a random number generator (RNG), a sequence of numbers or symbols is generated that cannot be reasonably predicted better than by random chance. This means that the particular ou ...

, short-input hashing, password hashing and key derivation).

TweetNaCl

In 2013, the NaCl team and three others released TweetNaCl, a condensed implementation of NaCl's 25 functions that fits in the size of 100 tweets (140 symbols each). TweetNaCl has been used as the basis of

port A port is a maritime facility comprising one or more wharves or loading areas, where ships load and discharge cargo and passengers. Although usually situated on a sea coast or estuary, ports can also be found far inland, such as Hamburg, Manch ...

s including TweetNaCl.js and TweetNaCl-Java. It has also been rewritten in the SPARK Ada subset as SPARKNaCl, which the authors describe as "(unlike TweetNaCl) readable owing to the large number of explanatory comments and contracts in the code."

Other implementations

* RustCrypto - a popular set of pure-

Rust Rust is an iron oxide, a usually reddish-brown oxide formed by the reaction of iron and oxygen in the catalytic presence of water or air moisture. Rust consists of hydrous iron(III) oxides (Fe2O3·nH2O) and iron(III) oxide-hydroxide (FeO(OH) ...

crypto libraries that includes an NaCl compatibility layer. * dryoc — a pure-

cryptography library implementing the libsodium/NaCl API with support for

protected memory Memory protection is a way to control memory access rights on a computer, and is a part of most modern instruction set architectures and operating systems. The main purpose of memory protection is to prevent a process from accessing memory that h ...

. * Monocypher — a rewrite of NaCl in C. Aims to have the speed of reference NaCl and the size of TweetNaCl.

References

External links

* {{Official website, https://nacl.cr.yp.to/ Public-domain software Cryptographic software 2008 software