#no-std #na-cl #ed25519 #cryptography #signatures

no-std salty

Small, sweet, swift Ed25519 signatures for microcontrollers

8 releases

Uses new Rust 2021

new 0.2.0 Nov 24, 2021
0.2.0-alpha.2 Jun 10, 2021
0.2.0-alpha.1 Feb 26, 2021
0.1.0-alpha.2 Feb 1, 2021
0.0.0 Jun 9, 2019

#185 in Cryptography

23 downloads per month

Apache-2.0 OR MIT


Rust 2.5K SLoC // 0.2% comments C 2.5K SLoC // 0.1% comments GNU Style Assembly 1K SLoC // 0.1% comments Shell 8 SLoC // 0.2% comments Python 6 SLoC


Ed25519 signatures for microcontrollers


Build Status

Small, sweet, swift: Ed25519 signatures for microcontrollers.
With assembly optimizations for Cortex-M4 and Cortex-M33.

NOTE: This is work-in-progress and not audited! The usual warnings apply: Your hamster will explode, etc. etc.

Work on salty is sponsored by

SoloKeys yamnord


From highest to lowest priority:

  • understandable code
  • timing side-channel free
  • design for easy integration in embedded projects
  • sufficiently small compiled code size
  • useful speed

The Plan

None of these releases exist quite yet.


Basic signature functionality


More tests!

  • fuzzing to test correctness against known good implementation
  • side-fuzzing to test for timing side-channels


Completion! The rest of NaCl.

  • X22519
  • authenticated encryption


The scalar29 implementation is from curve25519-daleks's u32 backend: LICENSE.
Salty is licensed under either of Apache License, Version 2.0 or MIT License at your option.

Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.
TweetNaCl is a public-domain library.
fe25519 is licensed under Creative Commons Zero v1.0 Universal.