Small, sweet, swift: Ed25519 signatures for microcontrollers.
With assembly optimizations for Cortex-M4 and Cortex-M33.
NOTE: This is work-in-progress and not audited! The usual warnings apply: Your hamster will explode, etc. etc.
Work on salty is sponsored by
From highest to lowest priority:
- understandable code
- timing side-channel free
- design for easy integration in embedded projects
- sufficiently small compiled code size
- useful speed
None of these releases exist quite yet.
Basic signature functionality
- allocation free API for signatures
- transcription of Ed25519 from TweetNaCl
- Bjoern Haase's field arithmetic optimizations
- use subtle
More tests!
- fuzzing to test correctness against known good implementation
- side-fuzzing to test for timing side-channels
Completion! The rest of NaCl.
- X22519
- authenticated encryption
The scalar29 implementation is from curve25519-daleks's u32 backend: LICENSE.
Salty is licensed under either of Apache License, Version 2.0 or MIT License at your option.
Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.
TweetNaCl is a public-domain library.
fe25519 is licensed under Creative Commons Zero v1.0 Universal.