[cryptography] Announcing a new JVM crypto library
wglozer at gmail.com
Sat Mar 16 23:37:43 EDT 2013
I've released a new native OSS crypto library for the JVM that uses
AES-NI, PCLMUL, and RDRAND instructions available on recent x86-64
It supports AES in CBC, CTR, and GCM modes with optional
authentication, secure random number generation (RDRAND, Ivy Bridge+
CPUs only), and constant-time byte array comparison. I believe the API
is simple and less error prone than the JCE's. However it is designed
as a low level library and requires the user to correctly assemble the
This is just a hobby project and I am not a cryptographer. I have
however placed an emphasis on testing and it passes all publicly
available NIST AESAVS tests. The underlying AES implementation is
hardware, and the driver code is OSS from Intel and the OpenBSD
project. The GCM wrapper of CTR and GMAC, RDRAND driver, and other
utilities were written by me.
I hope that, despite all those caveats, someone may find this useful!
Performance is significantly better than pure Java implementations of
the AES algorithms (5-20x faster in the case of GCM), the hardware
implementation should resist timing attacks, and RDRAND is capable of
generating secure random bytes at a rate of ~800MB/s.
More information about the cryptography