kyber

3.1.0 Opens a new window with list of versions in this module.

Advanced crypto library for the Go language For more information about how to use this package see README

Latest version published 1 year ago

GitHub

Package Health Score

69 / 100

security
No known security issues
popularity
Popular
maintenance
Inactive
community
Active

Explore Similar Packages

Popularity

Popular

Imported By: 382
GitHub Stars: 608
Forks: 162
Contributors: 50

Usage Popularity

Based on project statistics from the GitHub repository for the Golang package kyber, we found that it has been 608 times.

The popularity score for Golang modules is calculated based on the number of stars that the project has on GitHub as well as the number of imports by other modules.

Security

No known security issues

Security risks

Direct Vulnerabilities: 0
C
0
H
0
M
0
L

Indirect Vulnerabilities: Check with Snyk

Release Date

Nov 30, 2022

License

MPL-2.0

Non-Permissive License

We noticed that this project uses a license which requires less permissive conditions such as disclosing the source code, stating changes or redistributing the source under the same license. It is advised to further consult the license terms before use.

Security Policy

We found a way for you to contribute to the project! Looks like kyber is missing a security policy.

You can connect your project's repository to Snyk to stay up to date on security alerts and receive automatic fix pull requests.

Keep your project free of vulnerabilities with Snyk

Maintenance

Inactive

Commit Frequency

Open Issues: 33
Open PR: 13
Last Release: 1 year ago
Last Commit: 1 month ago

Further analysis of the maintenance status of go.dedis.ch/kyber/v3 based on released golang versions cadence, the repository activity, and other data points determined that its maintenance is Inactive.

An important project maintenance signal to consider for go.dedis.ch/kyber/v3 is that it hasn't seen any new versions released to golang in the past 12 months, and could be considered as a discontinued project, or that which receives low attention from its maintainers.

As a healthy sign for on-going project maintenance, we found that the GitHub repository had at least 1 pull request or issue interacted with by the community.

Community

Active

Readme.md: Yes
Contributing.md: No
Code of Conduct: No
Contributors: 50
Funding: No

With more than 10 contributors for the go.dedis.ch/kyber/v3 repository, this is possibly a sign for a growing and inviting community.

We found a way for you to contribute to the project! Looks like go.dedis.ch/kyber/v3 is missing a Code of Conduct.

Embed Package Health Score Badge

Keep your project healthy

Check your go.mod

Ensure all the packages you're using are healthy and well-maintained

Readme

DEDIS Advanced Crypto Library for Go

This package provides a toolbox of advanced cryptographic primitives for Go, targeting applications like Cothority that need more than straightforward signing and encryption. Please see the Godoc documentation for this package for details on the library's purpose and API functionality.

This package includes a mix of variable time and constant time implementations. If your application is sensitive to timing-based attacks and you need to constrain Kyber to offering only constant time implementations, you should use the suites.RequireConstantTime() function in the init() function of your main package.

Target Audience

This library is intended to be used by developers who are at least moderately knowledgeable about cryptography. If you want a crypto library that makes it easy to implement "basic crypto" functionality correctly - i.e., plain public-key encryption and signing - then NaCl secretbox may be a better choice. Or use Google's Tink

This toolkit's purpose is to make it possible - and preferably easy - to do slightly more interesting things that most current crypto libraries don't support effectively. The one existing crypto library that this toolkit is probably most comparable to is the Charm rapid prototyping library for Python.

Versioning - Development

We use the following versioning model:

crypto.v0 was the first semi-stable version. See migration notes.
kyber.v1 never existed, in order to keep kyber, onet and cothorithy versions linked
gopkg.in/dedis/kyber.v2 was the last stable version
Starting with v3.0.0, kyber is a Go module, and we respect semantic versioning.

So if you depend on the master branch, you can expect breakages from time to time. If you need something that doesn't change in a backward-compatible way you should use have a go.mod file in the directory where your main package is.

Using the module

Kyber supports Go modules, and currently has a major version of 3, which means that the import path is: go.dedis.ch/kyber/v3.

Here is a basic example of getting started using it:

Make a new directory called “ex". Change directory to “ex" and put this in main.go:

package main

import (
    "fmt"
    "go.dedis.ch/kyber/v3/suites"
)

func main() {
    s := suites.MustFind("Ed25519")
    x := s.Scalar().Zero()
    fmt.Println(x)
}

Type “go mod init example.com/ex”. The resulting go.mod file will have no dependencies listed yet.
Type “go build”. The go tool will fill in the new dependencies that it find for you, i.e. "require go.dedis.ch/kyber/v3 v3.0.13”.
Running ./ex will print 0000000000000000000000000000000000000000000000000000000000000000.

A note on deriving shared secrets

Traditionally, ECDH (Elliptic curve Diffie-Hellman) derives the shared secret from the x point only. In this framework, you can either manually retrieve the value or use the MarshalBinary method to take the combined (x, y) value as the shared secret. We recommend the latter process for new softare/protocols using this framework as it is cleaner and generalizes across different types of groups (e.g., both integer and elliptic curves), although it will likely be incompatible with other implementations of ECDH. See the Wikipedia page on ECDH.

Reporting security problems

This library is offered as-is, and without a guarantee. It will need an independent security review before it should be considered ready for use in security-critical applications. If you integrate Kyber into your application it is YOUR RESPONSIBILITY to arrange for that audit.

If you notice a possible security problem, please report it to dedis-security@epfl.ch.

FAQs

What is kyber?

Advanced crypto library for the Go language. Visit Snyk Advisor to see a full health score report for kyber, including popularity, security, maintenance & community analysis.

Is kyber popular?

The golang package kyber receives a total of ? weekly downloads. As such, kyber popularity was classified as a popular. Visit the popularity section on Snyk Advisor to see the full health analysis.

Is kyber well maintained?

We found indications that kyber is an Inactive project. See the full package health analysis to learn more about the package maintenance status.

Is kyber safe to use?

The golang package kyber was scanned for known vulnerabilities and missing license, and no issues were found. Thus the package was deemed as safe to use. See the full health analysis review.

Last updated on 30 April-2024, at 22:01 (UTC).

Build a secure application checklist

Select a recommended open source package

Minimize your risk by selecting secure & well maintained open source packages

DONE

Scan your app for vulnerabilities

Scan your application to find vulnerabilities in your: source code, open source dependencies, containers and configuration files

SCAN NOW

Fix identified vulnerabilities

Easily fix your code by leveraging automatically generated PRs

AUTO FIX

Monitor for new issues

New vulnerabilities are discovered every day. Get notified if your application is affected

MONITOR APP