Leancrypto

Properties of leancrypto

The leancrypto library is a cryptographic library that exclusively contains only PQC-resistant cryptographic algorithms. The algorithm implementations have the following properties:

  • minimal dependencies: only minimal POSIX environment needed - function calls are abstracted into helper code that may need to be replaced for other environments:

  • extractable: the algorithms can be extracted and compiled as part of a separate project,

  • flexible: you can disable algorithms on an as-needed basis using meson configure,

  • fully thread-safe when using different cipher contexts for an invocation: there is no global state maintained for the algorithms,

  • stack-only support: all algorithms can be allocated on stack if needed. In addition, allocation functions for a usage on heap is also supported,

  • size: minimizing footprint when statically linking by supporting dead-code stripping,

  • performance: provide optimized code invoked with minimal overhead, thus significantly faster compared to other libraries like OpenSSL,

  • testable: all algorithm implementations are directly accessible via their data structures at runtime - regularly executed tests:

    • All algorithms testable with NIST’s ACVP are tested and official CAVP certificates are received

    • Automated test system using the meson build system covering all algorithms

    • Automated testing of various scenarios using Github Testing

    • Automated testing of various CPU architectures using OpenSUSE Build Service

    • Continuous testing for Memory Leaks

    • Continuous Security Scans

  • versatile: The following execution environments are supported with all accelerated implementations:

    • Linux user space

    • Linux kernel space

    • BSD user space

    • Apple OSes user space

    • Windows user space

  • accelerated: Accelerated implementations are provided for the following algorithms which also benefit aggregated algorithms building on those primitives:

    • Ascon permutation: x86_64

    • SHA-3 and derivatives: x86_64, ARMv8, ARMv7

    • Curve 25519: x86_64

    • Dilithium: x86_64, ARMv8, ARMv7

    • Kyber: x86_64, ARMv8, ARMv8

    • AES: x86_64 AES-NI, ARMv8 CE and assembler, ARMv7