codex-storage
/
constantine
mirror of https://github.com/codex-storage/constantine.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Constant time pairing-based or elliptic curve based cryptography and digital signatures
99 Commits 2 Branches 0 Tags 16 MiB
Nim 89.9%
C 3.6%
Rust 3.6%
Sage 2.7%
C++ 0.2%
Go to file
Mamy André-Ratsimbazafy 9395febada
add octet string encode/decode (bigEndian raw int) 		2020-02-18 11:54:36 +01:00
benchmarks Benchmark: BigInt -> Montgomery conversion: 2020-02-16 01:43:17 +01:00
constantine add octet string encode/decode (bigEndian raw int) 2020-02-18 11:54:36 +01:00
tests add octet string encode/decode (bigEndian raw int) 2020-02-18 11:54:36 +01:00
.gitignore initial commit 2018-07-24 16:52:18 +02:00
LICENSE-APACHEv2 Switch to personal project -> update copyright 2020-02-08 11:42:35 +01:00
LICENSE-MIT Switch to personal project -> update copyright 2020-02-08 11:42:35 +01:00
README.md Reorg the repo to introduce prepare for introducing the R² (mod p) magic constant 2020-02-15 13:13:01 +01:00
constantine.nim Add modular reduce / bigint mod from 2 arbitrarily size bigint 2020-02-09 18:17:32 +01:00
constantine.nimble Add primitive for window-based modular exponentiation 2020-02-17 00:13:42 +01:00

README.md

Constantine - Constant Time Elliptic Curve Cryptography

License: Apache License: MIT Stability: experimental

This library provides constant-time implementation of elliptic curve cryptography.

Warning ⚠️: The library is in development state and cannot be used at the moment except as a showcase or to start a discussion on modular big integers internals.

Installation

You can install the developement version of the library through nimble with the following command

nimble install https://github.com/mratsim/constantine@#master

Target audience

The library aims to be a portable, compact and hardened library for elliptic curve cryptography needs, in particular for blockchain protocols and zero-knowledge proofs system.

The library focuses on following properties:

  • constant-time (not leaking secret data via side-channels)
  • generated code size, datatype size and stack usage
  • performance in this order

Security

Hardening an implementation against all existing and upcoming attack vectors is an extremely complex task. The library is provided as is, without any guarantees at least until:

  • it gets audited
  • formal proofs of correctness are produced
  • formal verification of constant-time implementation is possible

Defense against common attack vectors are provided on a best effort basis.

Attackers may go to great lengths to retrieve secret data including:

  • Timing the time taken to multiply on an elliptic curve
  • Analysing the power usage of embedded devices
  • Detecting cache misses when using lookup tables
  • Memory attacks like page-faults, allocators, memory retention attacks

This is would be incomplete without mentioning that the hardware, OS and compiler actively hinder you by:

  • Hardware: sometimes not implementing multiplication in constant-time.
  • OS: not providing a way to prevent memory paging to disk, core dumps, a debugger attaching to your process or a context switch (coroutines) leaking register data.
  • Compiler: optimizing away your carefully crafted branchless code and leaking server secrets or optimizing away your secure erasure routine which is "useless" because at the end of the function the data is not used anymore.

A growing number of attack vectors is being collected for your viewing pleasure at https://github.com/mratsim/constantine/wiki/Constant-time-arithmetics

License

Licensed and distributed under either of

or

at your option. This file may not be copied, modified, or distributed except according to those terms.