Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

github.com/vaporyorg/kyber

Package Overview
Dependencies
Alerts
File Explorer
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

github.com/vaporyorg/kyber

  • v0.0.0-20180720074136-4b882c2d31af
  • Source
  • Go
  • Socket score

Version published
Created
Source

Docs Build Status

DEDIS Advanced Crypto Library for Go

This package provides a toolbox of advanced cryptographic primitives for Go, targeting applications like Cothority that need more than straightforward signing and encryption. Please see the Godoc documentation for this package for details on the library's purpose and API functionality.

Versioning - Development

With the new interface in the kyber-library we use the following development model:

  • crypto.v0 was the previous semi-stable version. See migration notes.
  • kyber.v1 never existed, in order to keep kyber, onet and cothorithy versions linked
  • kyber.v2 is the stable version
  • the master branch of kyber is the development version

So if you depend on the master branch, you can expect breakages from time to time. If you need something that doesn't change in a backward-compatible way you should do:

   import "gopkg.in/dedis/kyber.v2"

Installing

First make sure you have Go version 1.8 or newer installed.

The basic crypto library requires only Go and a few third-party Go-language dependencies that can be installed automatically as follows:

go get github.com/dedis/kyber
cd "$(go env GOPATH)/src/github.com/dedis/kyber"
go get -t ./... # install 3rd-party dependencies

You should then be able to test its basic function as follows:

go test -v

You can recursively test all the packages in the library as follows:

go test -v ./...

Constant Time Implementation

By default, this package builds groups that implements constant time arithmetic operations. Currently, only the Edwards25519 group has a constant time implementation, and thus by default only the Edwards25519 group is compiled in.

If you need to have access to variable time arithmetic groups such as P256 or Curve25519, you need to build the repository with the "vartime" tag:

go build -tags vartime

And you can test the vartime packages with:

go test -tags vartime ./...

When a given implementation provides both constant time and variable time operations, the constant time operations are used in preference to the variable time ones, in order to reduce the risk of timing side-channel attack. See AllowsVarTime for how to opt-in to variable time implementations when it is safe to do so.

A note on deriving shared secrets

Traditionally, ECDH (Elliptic curve Diffie-Hellman) derives the shared secret from the x point only. In this framework, you can either manually retrieve the value or use the MarshalBinary method to take the combined (x, y) value as the shared secret. We recommend the latter process for new softare/protocols using this framework as it is cleaner and generalizes across different types of groups (e.g., both integer and elliptic curves), although it will likely be incompatible with other implementations of ECDH. See the Wikipedia page on ECDH.

FAQs

Package last updated on 20 Jul 2018

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc