
Nanocoin – A minimal cryptocurrency implemented in Haskell - lambdaxdotx
https://github.com/tdietert/nanocoin
======
mrkgnao
The extensive README is also a pretty good intro to how one can do crypto (as
in cryptography: get off my lawn!) in Haskell using the excellent _cryptonite_
library.

For those who won't click through to TFR:

    
    
        > import Crypto.Number.Hash (SHA3_256)
        > import Crypto.PubKey.ECC.ECDSA (sign, verify)
        > import Crypto.PubKey.ECC.Generate (generate)
        > import Crypto.PubKey.ECC.Types (getCurveByName, SEC_p256k1)
        
        > let msg = "hello world" :: ByteString
        > let secp256k1 = getCurveByName SEC_p256k1
        > (pubKey, privKey) <- generate secp256k1
        > sig <- sign privKey SHA3_256 msg
        > verify SHA3_256 pubKey sig msg
        True

~~~
somenewacc
Is cryptonite anything like production ready? I mean, does it protect against
timing side channels (perhaps using crypto instructions like AES-NI), etc.

Something I didn't like about it is that it exposes crypto primitives,
including stuff like TripleDES, with no warning[0]. The tutorial also has you
handle IVs directly.[1]

[0]
[https://hackage.haskell.org/package/cryptonite-0.24/docs/Cry...](https://hackage.haskell.org/package/cryptonite-0.24/docs/Crypto-
Cipher-TripleDES.html)

[1]
[https://hackage.haskell.org/package/cryptonite-0.24/docs/Cry...](https://hackage.haskell.org/package/cryptonite-0.24/docs/Crypto-
Tutorial.html)

~~~
lambdaxdotx
If you notice, it only exposes the _types_ of the TripleDES, not the
constructors, meaning you don't have access to the values unless you clone the
cryptonite repo and modify it to expose the constructors, giving access to the
values at run time.

Also, the tutorial is a bit advanced and is meant to show a particular use
case of using symmetric block ciphers for encryption/decryption, you are not
always using such bare-bones primitives-- check out the hashing part of the
README.md in Nanocoin.

IMO it's production ready, and has most all potential known attacks documented
above the functions that are vulnerable.

------
wyc
If you're interested, here's a secp256k1 implementation (underlying elliptical
curve cryptography) in pure Haskell:

[https://github.com/wyc/haschain/blob/master/Secp256K1.hs](https://github.com/wyc/haschain/blob/master/Secp256K1.hs)

Should probably wrap it into a Group or something. Of course it's not secure,
just for fun.

------
toppy
Another well documented blockchain implementation in Haskell:
[http://www.michaelburge.us/2017/08/17/rolling-your-own-
block...](http://www.michaelburge.us/2017/08/17/rolling-your-own-
blockchain.html)

