μNaCl – The Networking and Cryptography library for microcontrollers


μNaCl FAQ


What is the difference between μNaCl and NaCl?

The Networking and Cryptography library (NaCl) is a cryptographic library developed by Daniel J. Bernstein, Tanja Lange, and Peter Schwabe. It mainly aims at mobile, desktop and server processors. Its build system assumes that it is running on the system the library is built for and picks the fastest implementation of each primitive.
In contrast, μNaCl aims at embedded microprocessors. It implements the same C API as NaCl (with only very small modifications), but the build system uses cross-compilation and different implementations of the whole library offer different tradeoffs between speed and size. Furthermore, NaCl also has a networking part; μNaCl does not implement this networking part.

What is the difference between μNaCl and TweetNaCl?

TweetNaCl is a reimplementation of NaCl in very little C code. It can be very easily integrated into existing projects, but does not aim at high speed, low area (of compiled code), or low RAM usage. It also does not contain optimizations for any particular architecture. However, in some spots we reuse code of TweetNaCl for AVRNaCl, in particular, when small source code translates to small compiled code without (significantly) sacrificing performance.

Is it μNaCl or AVRNaCl?

The project of bringing NaCl to embedded microcontrollers is μNaCl. So far, the only implementation of this project is AVRNaCl.

Is AVRNaCl protected against side-channel attacks?

At the moment, AVRNaCl only protects against timing attacks. Just as NaCl, it avoids all secret branch conditions. Unlike NaCl, it does contain secretly indexed memory access; however, memory access on the AVR is uncached and takes time independent of the address.

What is the namespace of μNaCl?

All API functions of μNaCl begin with crypto_, just as the respective API functions of NaCl. All other symbols used internally by AVRNaCl start with avrnacl_.

How do I generate cryptographic keys?

Obtaining good, cryptographically secure randomness on an AVR is not easy and the current implementation of randombytes included in AVRNaCl is fully deterministic and only included for testing purposes. There exist some approaches to obtain randomness and we may update the randombytes implemention shipped with AVRNaCl in a future release to support these approaches. Certainly until then, but even generally, we strongly recommend to generate cryptographic keys in a secure environment outside the microcontroller.

Will you support other architectures than AVR ATmega?

At the moment the μNaCl project has support only for AVR ATmega. However, we have long-term plans to support other families of embedded microcontrollers, in particular the MSP-430, ARM Cortex-M0, and ARM Cortex-M3. The resulting libraries will in separate archives and most likely be called MSPNaCl, M0NaCl, and M3NaCl.

Where can I learn more?

There are various papers on NaCl, AVRNacl, TweetNaCl, and the involved cryptographic primitives: