Boring crypto that simply works

Latest News

Atom feed

2020-12-27 WebAssembly port of Monocypher, JavaScript and TypeScript language bindings. With its small size and its utter lack of dependencies, Monocypher is a natural fit for the browser, where its use limits download sizes.

2020-12-27 Monocypher 3.1.2 is out. Addressed issues raised in last summer's audit, improved signature performance, and other quality assurance tweaks.

2020-09-06 Back ported 16-bit integer overflow fix (1.1.2 and 2.0.7). The bug made ellitpic curves unusable on 16-bit machines. Note that the fix may not be enough: 64-bit multiplication generates lots of code on 16-bit platforms, and often makes the binary too big.

2020/07/11 Monocypher has been audited. A couple issues were found about documentation, tests, and API design. No implementation bug were found.

2020/06/16 Monocypher 3.1.1 is out. Corrected a few errors in the documentation, fixed various compiler warnings, fixed integer overflows that occured on 16-bit platforms.

2020/04/03 Monocypher 3.1.0 is out. Added the necessary primitives to support censorship circumvention and password based key exchange. The primitives are Elligator 2 mappings (hash to curve, curve to hash), and scalar inversion (exponential blinding for OPRF). Also added conversion of EdDSA key to X25519 keys, so we can encrypt to SSH keys.

2020/01/19 Monocypher 3.0.0 is out. Major release. Deprecated dangerous incremental AEAD interface. Allow several versions of EdDSA to live in the same binary. Removed the now unneeded ED25519_SHA512 preprocessor flag.

2019/10/22 Monocypher 2.0.6 is out. Signature verification uses much less stack, added a pre-processor option to avoid bloat. And many small things.

2018/08/23 Monocypher 2.0.5 is out. Much faster EdDSA signatures and verification.

2018/06/27 My financial situation is changing, and I can no longer afford to pay for bugs if they ever come up (not that I expect any). The bounty program is therefore suspended. It should be reinstated as my savings grow back to reasonable levels.

2018/06/25 A critical vulnerability in EdDSA signature verification has been found. Update to version 2.0.4 or 1.1.1 as soon as possible.

2018/06/18 Monocypher 2.0.3 is out. Fixes the recently found undefined behaviour.

2018/06/12 André Maroneze found an undefined behaviour in Monocypher 2.0.2, using Frama-C. This should have awarded him 100€ (it's a tier 3 bug), but gracefully declined it on the grounds that he was doing this for work, and thus may not be allowed to receive it. Note: the TIS interpreter could have detected the bug, but I didn't want to wait the 15+ hours required to run the entire test suite. Now I will.

2018/04/23 We now run a bug bounty program for potentially dangerous bugs.

2018/04/23 Monocypher 2.0.2 is out. Mostly a bugfix release.

2018/03/07 Monocypher 2.0.1 is out. No visible change, just a little patch to enhance auditability.

2018/03/06 A semi-formal proof that Monocypher's Poly1305 works was conducted. This applies to an upcoming patch of Monocypher, which will enhance auditability.