The state of cryptographic libraries

Hello, everyone!

For my next project, I need hashing and public-key cryptography. What are the options currently available in the Julia ecosystem to get those things?

Also, I need a secure messaging system within Julia. Ideally, a Julia client for Telegram, which I could not find. Is there anything else available what can I interface easily with Julia?

Pallier.jl is the only one I knoe

I could not find Pallier.jl. Could you provide a link for it?

I have found that ECC.jl in principle could provide the stuff I need. However, the library is too technical for my present understanding of cryptography. It would be really helpful if someone could answer the usage questions I have on it. I have posted them in the GitLab issue.

https://www.google.com/search?q=paillier.jl&rlz=1C1CHBF_en-GBAU861AU861&oq=paillier.jl&aqs=chrome..69i57j0l5.2958j0j7&sourceid=chrome&ie=UTF-8

I have spoken to the author so let me know if you need an intro.

There is also Nettle.jl

1 Like

A whole bunch of them are written in C/C++ and can easily be leveraged by Julia or by julia’s access to Bash.

It’s perfect! Thank you :slight_smile:

Thanks. I will take hashing functions from there :slight_smile:

That was my backup plan. But then that would work only for Unix systems and wrapping and building C/C++ can be a pain.

Are you referring to: https://github.com/snipsco/paillier-libraries-benchmarks/tree/master/julia-sketch

For most applications, I really really recommend using a well-established conservative C library, and not using some half-baked implementation from github / gitlab. Don’t get me wrong, half-baked implementations from github / gitlab are awesome and are exactly what you want for toying around with protocols and cryptographic research.

Crypto that faces attackers is hard.

For example, you probably want your public key functions resistant against timing sidechannel. ECC.jl is not constant-time, as far as I looked at the code. Even if it was, you are unqualified to audit the implementation for side-channels and therefore should never use it in prod.

4 Likes

I’m working in crypto, and finding generic side-channel resistant elliptic curve libraries seem close to impossible. People always use if branches for some reason ;).

So far only Milagro seems to fit the bill but the build process involves Python codegen for specific curves and the coding style is very strange for the GO/Rust/Java implementation.

I am just hoping that by making an awesome use of cryptographic libraries someone would be willing to invest time to make cryptographic library situation better for Julia. For the moment half baked implementations are good for me :wink:

Would be great to have a Milagro.jl :wink: