
Show HN: Simple NaCL/libsodium-based TLS replacement - ciprian_craciun
https://github.com/cipriancraciun/gemini-experiments/blob/master/nacl/documentation/protocol-v1.md
======
ciprian_craciun
This encryption protocol is meant as a simpler replacement for TLS in the
context of the `gemini://` protocol
([https://gemini.circumlunar.space/](https://gemini.circumlunar.space/)), a
newer `gopher://` alternative, which basically provides a simpler HTTP
`GET`-only alternative.

Simpler means both "simpler to implement" (only having `libsodium` as a
dependency) and "simpler to comprehend". (However it can be used for any other
message-based protocol, not strictly request-reply.)

I'm submitting it here in the hope that anyone with a strong cryptographic
background can provide some insight into any weaknesses or improvements. (Or
alternatively pointers where I could ask this question.)

Please note that I have limited cryptography experience, but I am well aware
that "rolling your own crypto" is an extremely stupid idea. However I didn't
"invent" any new cryptographic primitives, but instead relied heavily on what
`libsodium` provides. Moreover I've looked at both the Noise protocol and
CurveCP and I think I got 25% of their internal workings and properties. :)

I think the best solution would have been Noise_XX, however implementing the
full protocol is quite involving, thus it doesn't check the "simpler to
implement" (and neither "simpler to comprehend") checkbox.

There is also a Python-based proof-of-concept that implements the above
protocol:

* [https://github.com/cipriancraciun/gemini-experiments/blob/ma...](https://github.com/cipriancraciun/gemini-experiments/blob/master/nacl/sources/transport.py)

* [https://github.com/cipriancraciun/gemini-experiments/blob/ma...](https://github.com/cipriancraciun/gemini-experiments/blob/master/nacl/sources/crypto.py)

Thanks, Ciprian.

