CIRCL (Cloudflare Interoperable, Reusable Cryptographic Library) is a collection of cryptographic primitives written in Go. The goal of this library is to be used as a tool for experimental deployment of cryptographic algorithms targeting Post-Quantum (PQ) and Elliptic Curve Cryptography (ECC).
🚨 This library is offered as-is, and without a guarantee. Therefore, it is expected that changes in the code, repository, and API occur in the future. We recommend to take caution before using this library in a production application since part of its content is experimental.
You can get it by typing:
go get -u github.com/cloudflare/circl
Version numbers are Semvers. We release a minor version for new functionality, a major version for breaking API changes, and increment the patchlevel for bugfixes.
|PQ Key Exchange||SIDH||SIDH provide key exchange mechanisms using ephemeral keys.||Post-quantum key exchange in TLS|
|PQ Key Exchange||cSIDH||Isogeny based drop-in replacement for Diffie–Hellman||Post-Quantum Key exchange.|
|PQ KEM||SIKE||SIKE is a key encapsulation mechanism (KEM).||Post-quantum key exchange in TLS|
|Key Exchange||X25519, X448||RFC-7748 provides new key exchange mechanisms based on Montgomery elliptic curves.||TLS 1.3. Secure Shell.|
|Key Exchange||FourQ||One of the fastest elliptic curves at 128-bit security level.||Experimental for key agreement and digital signatures.|
|Key Exchange / Digital signatures||P-384||Our optimizations reduce the burden when moving from P-256 to P-384.||ECDSA and ECDH using Suite B at top secret level.|
|Digital Signatures||Ed25519, Ed448||RFC-8032 provides new signature schemes based on Edwards curves.||Digital certificates and authentication.|
|Key Encapsulation||P-256, P-384, P-521, X25519 and X448||Key encapsulation methods based on Diffie-Hellman.||HPKE|
|Hybrid Public-Key Encryption||Base, Auth, PSK, AuthPSK||HPKE is a combination of KEM and AEAD.||TLS|
|PQ KEM/PKE||Kyber||Lattice (M-LWE) based IND-CCA2 secure key encapsulation mechanism and IND-CPA secure public key encryption||Post-Quantum Key exchange|
|PQ Digital Signatures||Dilithium, Hybrid modes||Lattice (Module LWE) based signature scheme||Post-Quantum PKI|
Work in Progress
|Hashing to Elliptic Curve Groups||Several algorithms: Elligator2, Ristretto, SWU, Icart.||Protocols based on elliptic curves require hash functions that map bit strings to points on an elliptic curve.||VOPRF. OPAQUE. PAKE. Verifiable random functions.|
|Bilinear Pairings||Plans for moving BN256 to stronger pairing curves.||A bilineal pairing is a mathematical operation that enables the implementation of advanced cryptographic protocols, such as identity-based encryption (IBE), short digital signatures (BLS), and attribute-based encryption (ABE).||Geo Key Manager, Randomness Beacon, Ethereum and other blockchain applications.|
|PQ KEM||HRSS-SXY||Lattice (NTRU) based key encapsulation mechanism.||Key exchange for low-latency environments|
|PQ Digital Signatures||SPHINCS+||Stateless hash-based signature scheme||Post-Quantum PKI|
Testing and Benchmarking
Library comes with number of make targets which can be used for testing and
testperforms testing of the binary.
lintruns set of linters on the code base.