README
¶
CIRCL
CIRCL (Cloudflare Interoperable, Reusable Cryptographic Library) is a collection of cryptographic primitives written in Go. The goal of this library is to be used as a tool for experimental deployment of cryptographic algorithms targeting Post-Quantum (PQ) and Elliptic Curve Cryptography (ECC).
Security Disclaimer
🚨 This library is offered as-is, and without a guarantee. Therefore, it is expected that changes in the code, repository, and API occur in the future. We recommend to take caution before using this library in a production application since part of its content is experimental. All security issues must be reported, please notify us immediately following the instructions given in our Security Policy.
Installation
You can get CIRCL by fetching:
go get -u github.com/cloudflare/circl
List of Algorithms
Diffie-Hellman Protocol
Digital Signature Schemes
Groups based on Elliptic Curves
- P-256, P-384, P-521, FIPS 186-4
- Ristretto
- Hash to Curve
High-Level Protocols
- HPKE: Hybrid Public-Key Encryption
- VOPRF: Verifiable Oblivious Pseudorandom function: OPRF, VOPRF and POPRF modes.
- BlindRSA: Blind RSA signatures.
- CPABE: Ciphertext-policy Attribute-based Encryption.
Post-Quantum Key Encapsulation Methods
- CSIDH: Post-Quantum Commutative Group Action
- Kyber KEM: modes 512, 768, 1024
- FrodoKEM KEM: modes 640-SHAKE
- (insecure, deprecated) SIDH/SIKE: Supersingular Key Encapsulation with primes p434, p503, p751
Post-Quantum Public-Key Encryption
- Kyber PKE: modes 512, 768, 1024
Post-Quantum Digital Signature Schemes
- Dilithium: modes 2, 3, 5
Field Arithmetic
- Fp25519, Fp448, Fp381
Elliptic Curves
- P-384 Curve
- FourQ
- Goldilocks
- BLS12-381: Bilinear pairings, hash to G1 and G2.
Parallel SIMD
- Keccak f1600 Permutation
XOF: eXtendable Output Functions
- FIPS 202: SHAKE128 and SHAKE256
- BLAKE2X: BLAKE2XB and BLAKE2XS
- KangarooTwelve: KangarooTwelve
Zero-knowledge Proofs
- Schnorr: Prove knowledge of the Discrete Logarithm.
- DLEQ: Prove knowledge of the Discrete Logarithm Equality.
Testing and Benchmarking
Library comes with number of make targets which can be used for testing and benchmarking:
testperforms testing of the binary.benchruns benchmarks.coverproduces coverage.lintruns set of linters on the code base.
Contributing
To contribute, fork this repository and make your changes, and then make a Pull Request. A Pull Request requires approval of the admin team and a successful CI build.
How to Cite
To cite CIRCL, use one of the following formats and update the version and date you accessed this project.
APA Style
Faz-Hernández, A. and Kwiatkowski, K. (2019). Introducing CIRCL:
An Advanced Cryptographic Library. Cloudflare. Available at
https://github.com/cloudflare/circl. v1.3.3 Accessed May, 2023.
Bibtex Source
@manual{circl,
title = {Introducing CIRCL: An Advanced Cryptographic Library},
author = {Armando Faz-Hern\'{a}ndez and Kris Kwiatkowski},
organization = {Cloudflare},
abstract = {{CIRCL (Cloudflare Interoperable, Reusable Cryptographic Library) is
a collection of cryptographic primitives written in Go. The goal
of this library is to be used as a tool for experimental
deployment of cryptographic algorithms targeting Post-Quantum (PQ)
and Elliptic Curve Cryptography (ECC).}},
note = {Available at \url{https://github.com/cloudflare/circl}. v1.3.3 Accessed May, 2023},
month = jun,
year = {2019}
}
CFF Style
See attached CITATION.cff file.
License
The project is licensed under the BSD-3-Clause License.
Documentation
¶
Overview ¶
Package circl provides a collection of cryptographic primitives. The goal of this module is to be used as a tool for experimental deployment of cryptographic algorithms targeting Post-Quantum (PQ) and Elliptic Curve Cryptography (ECC).
Following blog post describes ideas behind CIRCL in more details: https://blog.cloudflare.com/introducing-circl/
Source Files
Directories
¶
| Path | Synopsis |
|---|---|
|
Package cipher provides data encryption algorithms.
|
Package cipher provides data encryption algorithms. |
|
ascon
Package ascon provides ASCON family of light-weight AEAD ciphers.
|
Package ascon provides ASCON family of light-weight AEAD ciphers. |
|
Package dh provides variety of Diffie-Hellman key exchange methods.
|
Package dh provides variety of Diffie-Hellman key exchange methods. |
|
csidh
Package csidh implements commutative supersingular isogeny-based Diffie-Hellman key exchange algorithm (CSIDH) resulting from the group action.
|
Package csidh implements commutative supersingular isogeny-based Diffie-Hellman key exchange algorithm (CSIDH) resulting from the group action. |
|
curve4q
Package curve4q implements Diffie-Hellman operations using the FourQ curve at the 128-bit security level.
|
Package curve4q implements Diffie-Hellman operations using the FourQ curve at the 128-bit security level. |
|
x25519
Package x25519 provides Diffie-Hellman functions as specified in RFC-7748.
|
Package x25519 provides Diffie-Hellman functions as specified in RFC-7748. |
|
x448
Package x448 provides Diffie-Hellman functions as specified in RFC-7748.
|
Package x448 provides Diffie-Hellman functions as specified in RFC-7748. |
|
Package ecc provides implementation of arithmetic on some elliptic curves.
|
Package ecc provides implementation of arithmetic on some elliptic curves. |
|
bls12381
Package bls12381 provides bilinear pairings using the BLS12-381 curve.
|
Package bls12381 provides bilinear pairings using the BLS12-381 curve. |
|
bls12381/ff
Package ff provides finite fields of characteristic P381.
|
Package ff provides finite fields of characteristic P381. |
|
fourq
Package fourq provides elliptic curve operations over FourQ curve.
|
Package fourq provides elliptic curve operations over FourQ curve. |
|
goldilocks
Package goldilocks provides elliptic curve operations over the goldilocks curve.
|
Package goldilocks provides elliptic curve operations over the goldilocks curve. |
|
p384
Package p384 provides optimized elliptic curve operations on the P-384 curve.
|
Package p384 provides optimized elliptic curve operations on the P-384 curve. |
|
Package expander generates arbitrary bytes from an XOF or Hash function.
|
Package expander generates arbitrary bytes from an XOF or Hash function. |
|
Package group provides prime-order groups based on elliptic curves.
|
Package group provides prime-order groups based on elliptic curves. |
|
internal
|
|
|
nist
Package nist implements helpers to generate NIST's Known Answer Tests (KATs).
|
Package nist implements helpers to generate NIST's Known Answer Tests (KATs). |
|
sha3
Package sha3 implements the SHA-3 fixed-output-length hash functions and the SHAKE variable-output-length hash functions defined by FIPS-202.
|
Package sha3 implements the SHA-3 fixed-output-length hash functions and the SHAKE variable-output-length hash functions defined by FIPS-202. |
|
Package kem provides a unified interface for KEM schemes.
|
Package kem provides a unified interface for KEM schemes. |
|
frodo
Package frodo provides the key encapsulation mechanism FrodoKEM.
|
Package frodo provides the key encapsulation mechanism FrodoKEM. |
|
frodo/frodo640shake
Package frodo640shake implements the variant FrodoKEM-640 with SHAKE.
|
Package frodo640shake implements the variant FrodoKEM-640 with SHAKE. |
|
hybrid
Package hybrid defines several hybrid classical/quantum KEMs.
|
Package hybrid defines several hybrid classical/quantum KEMs. |
|
kyber
Package kyber implements the CRYSTALS-Kyber.CCAKEM IND-CCA2 secure key encapsulation mechanism (KEM) as submitted to round 3 of the NIST PQC competition and described in
|
Package kyber implements the CRYSTALS-Kyber.CCAKEM IND-CCA2 secure key encapsulation mechanism (KEM) as submitted to round 3 of the NIST PQC competition and described in |
|
kyber/kyber1024
Package kyber1024 implements the IND-CCA2 secure key encapsulation mechanism Kyber1024.CCAKEM as submitted to round 3 of the NIST PQC competition and described in
|
Package kyber1024 implements the IND-CCA2 secure key encapsulation mechanism Kyber1024.CCAKEM as submitted to round 3 of the NIST PQC competition and described in |
|
kyber/kyber512
Package kyber512 implements the IND-CCA2 secure key encapsulation mechanism Kyber512.CCAKEM as submitted to round 3 of the NIST PQC competition and described in
|
Package kyber512 implements the IND-CCA2 secure key encapsulation mechanism Kyber512.CCAKEM as submitted to round 3 of the NIST PQC competition and described in |
|
kyber/kyber768
Package kyber768 implements the IND-CCA2 secure key encapsulation mechanism Kyber768.CCAKEM as submitted to round 3 of the NIST PQC competition and described in
|
Package kyber768 implements the IND-CCA2 secure key encapsulation mechanism Kyber768.CCAKEM as submitted to round 3 of the NIST PQC competition and described in |
|
schemes
Package schemes contains a register of KEM schemes.
|
Package schemes contains a register of KEM schemes. |
|
Package math provides some utility functions for big integers.
|
Package math provides some utility functions for big integers. |
|
fp25519
Package fp25519 provides prime field arithmetic over GF(2^255-19).
|
Package fp25519 provides prime field arithmetic over GF(2^255-19). |
|
fp448
Package fp448 provides prime field arithmetic over GF(2^448-2^224-1).
|
Package fp448 provides prime field arithmetic over GF(2^448-2^224-1). |
|
mlsbset
Package mlsbset provides a constant-time exponentiation method with precomputation.
|
Package mlsbset provides a constant-time exponentiation method with precomputation. |
|
polynomial
Package polynomial provides representations of polynomials over the scalars of a group.
|
Package polynomial provides representations of polynomials over the scalars of a group. |
|
Package pke provides a variety of public key encryption mechanisms.
|
Package pke provides a variety of public key encryption mechanisms. |
|
kyber
Package kyber implements the CRYSTALS-Kyber.CPAPKE public key encrpyption as submitted to round 3 of the NIST PQC competition and described in
|
Package kyber implements the CRYSTALS-Kyber.CPAPKE public key encrpyption as submitted to round 3 of the NIST PQC competition and described in |
|
kyber/kyber1024
kyber1024 implements the IND-CPA-secure Public Key Encryption scheme Kyber1024.CPAPKE as submitted to round 3 of the NIST PQC competition and described in
|
kyber1024 implements the IND-CPA-secure Public Key Encryption scheme Kyber1024.CPAPKE as submitted to round 3 of the NIST PQC competition and described in |
|
kyber/kyber512
kyber512 implements the IND-CPA-secure Public Key Encryption scheme Kyber512.CPAPKE as submitted to round 3 of the NIST PQC competition and described in
|
kyber512 implements the IND-CPA-secure Public Key Encryption scheme Kyber512.CPAPKE as submitted to round 3 of the NIST PQC competition and described in |
|
kyber/kyber768
kyber768 implements the IND-CPA-secure Public Key Encryption scheme Kyber768.CPAPKE as submitted to round 3 of the NIST PQC competition and described in
|
kyber768 implements the IND-CPA-secure Public Key Encryption scheme Kyber768.CPAPKE as submitted to round 3 of the NIST PQC competition and described in |
|
Package sign provides unified interfaces for signature schemes.
|
Package sign provides unified interfaces for signature schemes. |
|
dilithium
dilithium implements the CRYSTALS-Dilithium signature schemes as submitted to round3 of the NIST PQC competition and described in
|
dilithium implements the CRYSTALS-Dilithium signature schemes as submitted to round3 of the NIST PQC competition and described in |
|
dilithium/mode2
mode2 implements the CRYSTALS-Dilithium signature scheme Dilithium2 as submitted to round3 of the NIST PQC competition and described in
|
mode2 implements the CRYSTALS-Dilithium signature scheme Dilithium2 as submitted to round3 of the NIST PQC competition and described in |
|
dilithium/mode2aes
mode2aes implements the CRYSTALS-Dilithium signature scheme Dilithium2-AES as submitted to round3 of the NIST PQC competition and described in
|
mode2aes implements the CRYSTALS-Dilithium signature scheme Dilithium2-AES as submitted to round3 of the NIST PQC competition and described in |
|
dilithium/mode3
mode3 implements the CRYSTALS-Dilithium signature scheme Dilithium3 as submitted to round3 of the NIST PQC competition and described in
|
mode3 implements the CRYSTALS-Dilithium signature scheme Dilithium3 as submitted to round3 of the NIST PQC competition and described in |
|
dilithium/mode3aes
mode3aes implements the CRYSTALS-Dilithium signature scheme Dilithium3-AES as submitted to round3 of the NIST PQC competition and described in
|
mode3aes implements the CRYSTALS-Dilithium signature scheme Dilithium3-AES as submitted to round3 of the NIST PQC competition and described in |
|
dilithium/mode5
mode5 implements the CRYSTALS-Dilithium signature scheme Dilithium5 as submitted to round3 of the NIST PQC competition and described in
|
mode5 implements the CRYSTALS-Dilithium signature scheme Dilithium5 as submitted to round3 of the NIST PQC competition and described in |
|
dilithium/mode5aes
mode5aes implements the CRYSTALS-Dilithium signature scheme Dilithium5-AES as submitted to round3 of the NIST PQC competition and described in
|
mode5aes implements the CRYSTALS-Dilithium signature scheme Dilithium5-AES as submitted to round3 of the NIST PQC competition and described in |
|
ed25519
Package ed25519 implements Ed25519 signature scheme as described in RFC-8032.
|
Package ed25519 implements Ed25519 signature scheme as described in RFC-8032. |
|
ed448
Package ed448 implements Ed448 signature scheme as described in RFC-8032.
|
Package ed448 implements Ed448 signature scheme as described in RFC-8032. |
|
eddilithium2
Package eddilithium2 implements the hybrid signature scheme Ed25519-Dilithium2.
|
Package eddilithium2 implements the hybrid signature scheme Ed25519-Dilithium2. |
|
eddilithium3
Package eddilithium3 implements the hybrid signature scheme Ed448-Dilithium3.
|
Package eddilithium3 implements the hybrid signature scheme Ed448-Dilithium3. |
|
schemes
Package schemes contains a register of signature algorithms.
|
Package schemes contains a register of signature algorithms. |
|
Package simd provides parallel implementations of some primitives.
|
Package simd provides parallel implementations of some primitives. |
|
keccakf1600
Package keccakf1600 provides a two and four-way Keccak-f[1600] permutation in parallel.
|
Package keccakf1600 provides a two and four-way Keccak-f[1600] permutation in parallel. |
|
Package xof provides an interface for eXtendable-Output Functions.
|
Package xof provides an interface for eXtendable-Output Functions. |
|
k12
k12 implements the KangarooTwelve XOF.
|
k12 implements the KangarooTwelve XOF. |
Click to show internal directories.
Click to hide internal directories.