Boring crypto that simply works

Latest News

Atom feed

2023-09-03 Monocypher 4.0.2 is out. Fixed the Argon2 bug with multiple lanes, improved Poly1305 and Argon2 performance, Makefile now takes standard variables like CC and CFLAGS from the environment.

2023-03-18 Monocypher 4.0.1 is out. Corrected the failure to update the soname, added a couple convenience targets in the makefile, added wire format information in the manual.

2023-02-27 Monocypher 4.0.0 is out. Safer high-level EdDSA API, simpler and more flexible low-level EdDSA API, full Argon2 support, added optional HKDF-SHA-512 and Ed25519ph. Lots of small breaking changes to improve naming, organisation, and consistency.

2022-04-25 Monocypher 3.1.3 is out. Fixed typos in the documentation, automated the test suite with GitHub actions, added explicit support for C++ namespace and prefix renaming, fixed a minor Elligator2 discrepancy, and deprecated crypto_key_exchange().

2020-12-27 WebAssembly port of Monocypher, JavaScript and TypeScript language bindings. With its small size and its utter lack of dependencies, Monocypher is a natural fit for the browser, where its use limits download sizes.

2020-12-27 Monocypher 3.1.2 is out. Addressed issues raised in last summer’s audit, improved signature performance, and other quality assurance tweaks.

2020-09-06 Back ported 16-bit integer overflow fix (1.1.2 and 2.0.7). The bug made ellitpic curves unusable on 16-bit machines. Note that the fix may not be enough: 64-bit multiplication generates lots of code on 16-bit platforms and often makes the binary too big.

2020-07-11 Monocypher has been audited. A couple issues were found about documentation, tests, and API design. No implementation bugs were found.

2020-06-16 Monocypher 3.1.1 is out. Corrected a few errors in the documentation, fixed various compiler warnings, and fixed integer overflows that occurred on 16-bit platforms.

2020-04-03 Monocypher 3.1.0 is out. Added the necessary primitives to support censorship circumvention and password-based key exchange. The primitives are Elligator 2 mappings (hash to curve, curve to hash) and scalar inversion (exponential blinding for OPRF). Also added conversion of EdDSA key to X25519 keys so we can encrypt to SSH keys.

2020-01-19 Monocypher 3.0.0 is out. Major release. Deprecated dangerous incremental AEAD interface. Allow several versions of EdDSA to live in the same binary. Removed the now unneeded ED25519_SHA-512 pre-processor flag.

2019-10-22 Monocypher 2.0.6 is out. Signature verification uses much less stack, added a pre-processor option to avoid bloat, and many other small things.

2018-08-23 Monocypher 2.0.5 is out. Much faster EdDSA signatures and verification.

2018-06-27 My financial situation is changing, and I can no longer afford to pay for bugs if they ever come up (not that I expect any). The bounty program is therefore suspended. It should be reinstated as my savings grow back to reasonable levels.

2018-06-25 A critical vulnerability in EdDSA signature verification has been found. Update to version 2.0.4 or 1.1.1 as soon as possible.

2018-06-18 Monocypher 2.0.3 is out. Fixes the recently found undefined behaviour.

2018-06-12 André Maroneze found an undefined behaviour in Monocypher 2.0.2 using Frama-C. This should have awarded him 100€ (it’s a tier 3 bug) but he gracefully declined it on the grounds that he was doing this for work, and thus, may not be allowed to receive it. Note: the TIS interpreter could have detected the bug, but I didn’t want to wait the 15+ hours required to run the entire test suite. Now I will.

2018-04-23 We now run a bug bounty program for potentially dangerous bugs.

2018-04-23 Monocypher 2.0.2 is out. Mostly a bugfix release.

2018-03-07 Monocypher 2.0.1 is out. No visible change, just a little patch to enhance auditability.

2018-03-06 A semi-formal proof that Monocypher’s Poly1305 works was conducted. This applies to an upcoming patch of Monocypher, which will enhance auditability.