Leancrypto

Properties of leancrypto

The leancrypto library is a cryptographic library that exclusively contains only PQC-resistant cryptographic algorithms. The algorithm implementations have the following properties:

• minimal dependencies: only minimal POSIX environment needed - function calls are abstracted into helper code that may need to be replaced for other environments:

  • Linux kernel support in linux_kernel (example usage: LRNG Hash Backend and LRNG random number generator Backend)

• extractable: the algorithms can be extracted and compiled as part of a separate project,

• flexible: you can disable algorithms on an as-needed basis using meson configure,

• fully thread-safe when using different cipher contexts for an invocation: there is no global state maintained for the algorithms,

• stack-only support: all algorithms can be allocated on stack if needed. In addition, allocation functions for a usage on heap is also supported,

• size: minimizing footprint when statically linking by supporting dead-code stripping,

• performance: provide optimized code invoked with minimal overhead, thus significantly faster compared to other libraries like OpenSSL,

• testable: all algorithm implementations are directly accessible via their data structures at runtime - regularly executed tests:

  • All algorithms testable with NIST’s ACVP are tested and official CAVP certificates are received

  • Automated test system using the meson build system covering all algorithms

  • Automated testing of various scenarios using Github Testing

  • Automated testing of various CPU architectures using OpenSUSE Build Service

  • Continuous testing for Memory Leaks

  • Continuous Security Scans

• versatile: The following execution environments are supported with all accelerated implementations:

  • Linux user space

  • Linux kernel space

  • BSD user space

  • Apple OSes user space

  • Windows user space

• accelerated: Accelerated implementations are provided for the following algorithms which also benefit aggregated algorithms building on those primitives:

  • Ascon permutation: x86_64

  • SHA-3 and derivatives: x86_64, ARMv8, ARMv7

  • Curve 25519: x86_64

  • Dilithium: x86_64, ARMv8, ARMv7

  • Kyber: x86_64, ARMv8, ARMv8

  • AES: x86_64 AES-NI, ARMv8 CE and assembler, ARMv7

• side-channel-resistant: A valgrind-based dynamic side channel analysis is applied to find time-variant code paths based on secret data.