Tink is a multi-language, cross-platform, open source library that provides cryptographic APIs that are secure, easy to use correctly, and hard(er) to misuse.
I wonder why Go and not Rust. Cloudflare iirc does use Rust for other infrastructure. I think Rust is probably the mainstream language with the best support for implementing high-performance/high-security software which cryptographic primitives certainly are. In addition, it is pretty easy to use Rust to write a library that can be callable from C allowing it to be used from multiple languages easily.
Go is a pretty good language in general but it does not have the raw performance that Rust/C/C++ have and doesn’t have the same support for correctness that say Rust does with its powerful type system. (For example affine types you that can help make state machines more robust to incorrect uses).
Go has an excellent standard library for cryptography primitives with well-established best practices. It was designed and is maintained in a principled way that likely appeals to more cryptography engineers. Also see this answer by one of its maintainers:
BTW where I can find a good open source multi-party computation (MPC) library. There are good resources at [1] but it seems most or all of these libraries are outdates, unmaintained, and/or unaudited. Some of them were acquired and removed from the market [2] IMHO MPC based solutions will be everywhere in the near future for identity, data privacy, yes, and crypto assets.
9 comments
[ 3.1 ms ] story [ 33.5 ms ] threadGoogle Tink: https://github.com/google/tink
Tink is a multi-language, cross-platform, open source library that provides cryptographic APIs that are secure, easy to use correctly, and hard(er) to misuse.
Go is a pretty good language in general but it does not have the raw performance that Rust/C/C++ have and doesn’t have the same support for correctness that say Rust does with its powerful type system. (For example affine types you that can help make state machines more robust to incorrect uses).
https://www.reddit.com/r/crypto/comments/zukgfq/comment/j1l2...
Some additional reasoning why having a strong standard library is important:
https://www.cryptologie.net/article/505/why-not-rust-for-sec...
[1] https://github.com/rdragos/awesome-mpc
[2] https://www.coinbase.com/blog/coinbase-to-acquire-leading-cr...