A Little Bit of Salt Helps Trustworthiness … Meet NaCl

And, so, we have a whole lot of software libraries to choose from. One of the most wide used is OpenSSL. But, it supports so many…
Photo by Faran Raufi on Unsplash

A Little Bit of Salt Helps Trustworthiness … Meet NaCl

And, so, we have a whole lot of software libraries to choose from. One of the most wide used is OpenSSL. But, it supports so many different methods — and many of which are not relavent any more. It also struggles to support the newer methods. One of my favouriate tweets related to the complexity of OpenSSL is this one:

And if OpenSSL was a GUI, here’s some of the options:

Meet NaCl

And so while OpenSSL supports so many legacy methods, in many cases we really should be picking the most efficient and well-supported methods. For this Daniel J. Bernstein, Tanja Lange and Peter Schwabe produced NaCl (Networking and Cryptography library). One of its core methods is the integration of Curve 25519 for the implementation of X25519 (for key exchange) and Ed25519 (for digital signatures). It was written in C, but has since been ported to other languages, including Python (with PyNaCl).

And so, I’ve written a few examples.

NaCl Symmetric Key … Meet XChaCha20 and Poly1305

With this, NaCl focuses on authenicated encryption with additional data (AEAD) and with the stream cipher of ChaCha20. In fact it uses XChaCha, and which has a larger nonce value than ChaCha20:

  • Symmetric key. Symmetric key (XChaCha20 and Poly1305). With symmetric key, Bob and Alice have the same key. NaCl uses the XChaCha20 method, and which supports stream encryption (and which does not require padding as a block cipher does, and is also faster than block cipher modes). ChaCha20 was created by Daniel J. Bernstein, and has an eight byte or 16 byte nonce. XChaCha20 (eXtended-nonce ChaCha) is an update to ChaCha20, and uses a 24 byte nonce. It has a lower propability of nonce misuse than ChaCha20.
  • Encryption with a password. Symmetric Key with KDF. In symmetric key, we generate a secret key. This key is typically a random value or generated from a password and a salt value. If we use a password, we typically use a KDF (Key Derivation Function), and which uses a password and a salt value, in order to create a key of a given size. In this case we will use Argon2i, and which is memory resilent.

NaCl Hyrid Encryption … Meet Curve 25519 and AES GCM

Sometimes we need the power of symmetric key encryption to secure the data, and public key encryption to pass the encryption. For his we can use hybrid encryption, and where Alice sends her public key to Bob, and he produces a symmetric key to encrypt the file, and protects this with Alice’s public key. Alice can then decrypt this key with her private key:

  • Box. Hybrid encryption. In this case we will use the Networking and Cryptography (NaCl) library, and which uses Curve25519 for the public key part, and 256-bit AES GCM for the symmetric key element.

The method allows us to protect the symmetric key with Alice’s public key, along with Bob being able to sign for the encryption with his private key:

NaCl Hashing … Meet Argo, scrypt and SipHash

  • Hashing and KDF (Argon2 and scrypt). Hashing and KDF. This case we will use PyNaCl (Networking and Cryptography) library, and which is a Python binding to libsodium. We will hash a password using SHA-256 and SHA-512, and also create a KDF (Key Derivation Function) using scrypt and Argon2.
  • Key hashing (SipHash). SipHash. With SipHash we can apply a secret key to extend the range of hashes that are possible for a given input. In the following we will use a random key of 16 bytes (128 bits). Overall, for MACs, SipHash is more efficient than HMAC. We will also use BLAKE2b to create a MAC, and which uses a larger key.

With NaCl, we dump the legacy methods of the past for KDF (Key Derivation Function), and move to the state-of-the-art in KDFs: Argon2 and scrypt. With Argon2 we have a method that is designed to cause problems for GPU crackers. For key-based hashing, we have SipHash, and which can be used for MAC (Message Authentication Code). This is used where there is a shared secret key between Bob and Alice, and where Bob signs messages with the secret key, and where Alice can then check that Bob signed them:

Nacl Signing … Meet Ed25519

  • Ed25519. Ed25519. Using Ed25519 for digital signatures.
  • Finding Points on Ed25519. X25519 (Points). In elliptic curve we have a base point (G), and then take a scalar value of n to produce n.G. Normally n is the private key value, and n.G is the public key point. In Ed25519 we only need one of the co-ordinate point values. In this case we will determine the y-axis point for the Ed25519 curve, and then compute the x-axis point. The generalised form of a twisted Edwards curve is x2=(y2−1)/(dy2+1)(modp) and where p=2255−19.

Curve 25519 was Daneil J Bernstein — one of the co-creators of NaCl — and which has been ported to Ed25519 for digital signing.

NaCl Key Exhange … Meet X25519

  • X25519 + BLAKE2b key-exchange. X25519. In this case we will use X25519 and BLAKE2b to create a key-exchange method. For the keys of (alice_sk, alice_pk) and (bob_sk, bob_pk), we generate keys of: bob_rx, bob_tx = Blake512((bob_sk . alice_pk) || bob_pk || alice_pk) and alice_tx, alice_rx = Blake512(alice_sk . bob_pk) || bob_pk || alice_pk).

With with Ed25519, X25519 uses Curve 25519 for key exchange.