The security impact of a new cryptographic library

Authors:
Daniel J. Bernstein;Tanja Lange;Peter Schwabe
Affiliations:
Department of Computer Science, University of Illinois at Chicago, Chicago, IL;Department of Mathematics and Computer Science, Technische Universiteit Eindhoven, Eindhoven, The Netherlands;Research Center for Information Technology Innovation and Institute of Information Science, Academia Sinica, Taipei, Taiwan
Venue:
LATINCRYPT'12 Proceedings of the 2nd international conference on Cryptology and Information Security in Latin America
Year:
2012

Citing 16
Cited 3

Chosen Ciphertext Attacks Against Protocols Based on the RSA Encryption Standard PKCS #1

CRYPTO '98 Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology
RIPEMD-160: A Strengthened Version of RIPEMD

Proceedings of the Third International Workshop on Fast Software Encryption
The Salsa20 Family of Stream Ciphers

New Stream Cipher Designs
Plaintext Recovery Attacks against SSH

SP '09 Proceedings of the 2009 30th IEEE Symposium on Security and Privacy
Short Chosen-Prefix Collisions for MD5 and the Creation of a Rogue CA Certificate

CRYPTO '09 Proceedings of the 29th Annual International Cryptology Conference on Advances in Cryptology
Faster and Timing-Attack Resistant AES-GCM

CHES '09 Proceedings of the 11th International Workshop on Cryptographic Hardware and Embedded Systems
Efficient Cache Attacks on AES, and Countermeasures

Journal of Cryptology
Remote timing attacks are still practical

ESORICS'11 Proceedings of the 16th European conference on Research in computer security
High-speed high-security signatures

CHES'11 Proceedings of the 13th international conference on Cryptographic hardware and embedded systems
The Poly1305-AES message-authentication code

FSE'05 Proceedings of the 12th international conference on Fast Software Encryption
Cache attacks and countermeasures: the case of AES

CT-RSA'06 Proceedings of the 2006 The Cryptographers' Track at the RSA conference on Topics in Cryptology
Curve25519: new diffie-hellman speed records

PKC'06 Proceedings of the 9th international conference on Theory and Practice of Public-Key Cryptography
The program counter security model: automatic detection and removal of control-flow side channel attacks

ICISC'05 Proceedings of the 8th international conference on Information Security and Cryptology
SP 800-57. Recommendation for Key Management, Part 1: General (revised)

SP 800-57. Recommendation for Key Management, Part 1: General (revised)
SP 800-81 Rev. 1. Secure Domain Name System (DNS) Deployment Guide

SP 800-81 Rev. 1. Secure Domain Name System (DNS) Deployment Guide
NEON crypto

CHES'12 Proceedings of the 14th international conference on Cryptographic Hardware and Embedded Systems

Certified computer-aided cryptography: efficient provably secure machine code from high-level implementations

Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
MinimaLT: minimal-latency networking through better security

Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Canon-MPC, a system for casual non-interactive secure multi-party computation using native client

Proceedings of the 12th ACM workshop on Workshop on privacy in the electronic society

Quantified Score

Hi-index	0.00

Visualization

Abstract

This paper introduces a new cryptographic library, NaCl, and explains how the design and implementation of the library avoid various types of cryptographic disasters suffered by previous cryptographic libraries such as OpenSSL. Specifically, this paper analyzes the security impact of the following NaCl features: no data flow from secrets to load addresses; no data flow from secrets to branch conditions; no padding oracles; centralizing randomness; avoiding unnecessary randomness; extremely high speed; and cryptographic primitives chosen conservatively in light of the cryptanalytic literature.