Monocypher is an easy to use crypto library inspired by libsodium and TweetNaCl. It is:
Small. Monocypher is under 1500 lines of code (counted with sloccount), small enough to allow comprehensive audits. The compiled library ranges from 45kB and 65kB depending on optimisation options.
Easy to deploy. Just add
monocypher.hto your project. They compile as C99, C11, or C++, and have zero dependencies—not even libc.
Easy to use. The API is small, consistent, and cannot fail on correct input.
Fast. The chosen primitives are fast to begin with, and performance wasn't needlessly sacrificed. Speed wise, Monocypher holds up pretty well against Libsodium, despite being closer in size to TweetNaCl.
The Fine Manual.
In the download section.
The test suite includes official test vectors for Chacha20, Poly1305, and X25519, random test vectors generated with libsodium, and property-based tests.
$ tar -xzf monocypher-2.0.0.tar.gz $ cd monocypher $ make test
There are options to run those tests under LLVM sanitisers (ASan, MSan,
UBSan, and code coverage). More thorough analysis is also possible with
Frama-C and the
TIS interpreter. See
README.md for more details.
By default, Monocypher signatures use EdDSA with Curve25519 and Blake2b. This is in contrast to the more widespread Ed25519, which uses Curve25519 and SHA-512.
Blake2b is faster, more flexible, and harder to misuse than SHA-512. Argon2i already uses Blake2b. Using SHA-512 for EdDSA would be inelegant, so it is only provided as an option.
This divergence doesn't prevent future upgrades, nor rigorous testing: Floodyberry's very fast Donna implementation works with a custom hash, and this is used to test Monocypher.
I benchmarked Monocypher on my laptop (Intel i5 Skylake) with GCC,
-O3 -march=native optimisation options.
Chacha20 : 379 megabytes per second Poly1305 : 1173 megabytes per second Auth'd encryption: 287 megabytes per second Blake2b : 658 megabytes per second Sha512 : 283 megabytes per second Argon2i, 3 passes: 387 megabytes per second x25519 : 7776 exchanges per second EdDSA(sign) : 6872 signatures per second EdDSA(check) : 3577 checks per second
This should be fast enough for most applications. Here are libsodium's results for comparison. Note that libsodium uses optimised assembly for many of its primitives.
Chacha20 : 1965 megabytes per second Poly1305 : 2304 megabytes per second Auth'd encryption: 1034 megabytes per second Blake2b : 754 megabytes per second Sha512 : 338 megabytes per second Argon2i, 3 passes: 608 megabytes per second x25519 : 19656 exchanges per second EdDSA(sign) : 18284 signatures per second EdDSA(check) : 6685 checks per second
- More language bindings (some are documented in the download section).