You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

12 KiB

List of planned improvements

This is a draft TODO list for future directions in zenroom development, to be vouched with priorities emerging from DECODE pilots and their specific use-cases.

-faddress-sanitizers <- (check flags)

elements in multiplications that take ECP* and BIG should be checked for position, for instance ECP multiplication needs to have the BIG number always as second argument. Instead of returning error we should check the type and reposition the arguments accordingly.

New crypto

XML encode/decode

memory managers

Table iteration

so far done in lua, could be optimized in C?

lua_getglobal(L, "level");

while(lua_next(L, -2)) {  // <== here is your mistake
    if(lua_isnumber(L, -1)) {
        int i = (int)lua_tonumber(L, -1);
        //use number
    lua_pop(L, 1);
lua_pop(L, 1);

Multi Part Computing

this is the best introduction into the mechanism of secure multi party computing with split shares:


and this are interesting serious libraries for implementation:


and everything that "unbound" does:



 multi-part computing, shamir secret sharing for signing

 shamir splits as multiplication factors on a curve point

 A mul a point with her share -> Am
 B mul Am with his share -> Secret

 secret never recomposed, fully distributed computation


lua orchestration

3 different crypto setups

  • cloud
  • hardware wallets
  • blockchain -> crypto conditions

metadata + business logic (oracle)

distributed computing "traveling virtual machines and secure enclaves" smart agent concept

x86 crypto core wolfssl

zencode mod example


BLS Multi-signature


IV fine - if key is always different IV is not needed for reusal of the key then IV needs to be random (or a counter)

RNG -> fortuna

ECDH keylen 1664

ecdh_aead_encrypt limit key size to 32 bytes (256 bit) accepted values to aes: 128 192 256

co-factor of a curve instead of checking always if point is part of curve multiple of co-factors


  • memory locking with controls at switch Given (r/o) -> When (r/w) -> Then (w/o) X data integrity conversion check on stepping out of Given X variable wiping with content overwriting in GC
  • DATA and KEYS wiping in Zencode X adopt finite state machine in Zencode parser X wipe previous memory block in Zencode X load multiple scenarios, build documentation scenario with ZEN.callback


extend redroom for in-memory benchmarks

prime number discovery using crypto primitives:

using perf-tool:

perf record zenroom $*
perf report


Take DATA inside Zencode without parsing from JSON

  • fast detect if JSON: [ or { as first char
  • fast detect of type by 3 char prefix: u64: or b64: X read into IN with name of prefix (data schema) X insure that parsing to ACK implies only one memcpy to octet


threshold and BLS-SSS


master/slave states for scripting isolation

maybe also useful for redroom

Symbolic Calculus

RPI integration

Zencode spell correction

Forward chaining expert system development tool

microservice server

socks5 client

see lua socks5 ngx


message passing interface standard (MPI)

Coconut notes

useful to have a functio that does PAIR:ate and PAIR:fexp on the same ECP2 also ate() can be called miller_loop and miller() and loop() FP12 = pair(ECP1, ECP2) then FP12 equals is the only thing needed

mypoint = ecp.hash_to_point(octet)
mynewbig = big.hash_to_big(13123,123123213,2334)
mypoint = ecp.hash(octet)
mynewbig = big.hash(1213123213,1221232141,123213324)
!! hash_to_big has variadic arguments !!

hash_to_point: function that takes any octet string hashes it with any hashing algorithm does a mapit to place it on the curve

hash_to_big: very useful to have a hash function that takes a series of big numbers and outputs a big number the big number series can be simply concatenated and then hashed as a series of bytes

expose G1 as fixed ECP point expose G2 as fixed ECP2 point i.e. /* Generator point on G1 */ extern const BIG_384_29 CURVE_Gx_BLS383; /**< x-coordinate of generator point in group G1 */ extern const BIG_384_29 CURVE_Gy_BLS383; /**< y-coordinate of generator point in group G1 */ should become a const ECP

about DBIG: no need to expose they result from big multiplications between big numbers but there is never a real use, because all useful multiplications have a modulus applied

every FP is also a BIG but not every BIG is also an FP exporting in BIG is more interesting since it can be of any size and can be reduced to FP to match the curve

each curve has a different infinity point

TODO: do all ecp2 (new namespace)

TODO: pair.h extern void PAIR_ZZZ_fexp(FP12_YYY *x); extern void PAIR_ZZZ_ate(FP12_YYY *r,ECP2_ZZZ *P,ECP_ZZZ *Q); possibly extern int PAIR_ZZZ_GTmember(FP12_YYY *x); !!!! FP12_YYY is exactly twice as big of the FP1 of the curve so its made of two BIGs and can be a tuple

TODO: big numbers operations in particular BIG_XXX_mod*

DONE: infinity production for "EC generator" test: O = infinity point P + O = P (-P) + P = O DONE: to expose the order of the curve: like in rom_curve_XXX: const BIG_256_29 CURVE_Order_ED25519= {0x1CF5D3ED,0x9318D2,0x1DE73596,0x1DF3BD45,0x14D,0x0,0x0,0x0,0x100000}; test: multiply group order by the generetor should give the point at infinity

Generic improvements

^ add tracking of single lua command/operations executions

X in/out to MSGPACK in addition to JSON for compact messaging easy using Antirez' extension see

V if event based callback framework needed, try including libev

V pick extensions from here

X compile extensions and load them from strings using the lua load() function directly with callbacks

X provide a finite state machine programming interface

X functional programming facility

X use static memory pool in place of malloc from host implemented using umm_malloc

V add a new 8bit memory manager to test perhaps also build a memory paging system to use 8bit mm over larger portions of memory

Developer experience

^ on error print out code at line where it has been detected the line number is already included between semicolons just need to go to script buffer and extract line

V introspection (now made with AST output)

V self documentation (also includes interesting modules as luabalanced)

X add list of functions and keywords for completion in ace the js editor used for the example. last review of way to include extensions (with prefix. or?)


  • Benchmark suite to measure capacity to de/code large amounts of streaming data in chunks.


  • maybe support Linux kernel keystore feature for loaded keys (see cryptsetup 2.0)

X adopt a declarative approach to data schemes accepted in scripts supporting i.e. code analysis to report on bad constructs DONE - just write documentation, examples and tests


^ Start sketching an high-level API based on experience in DECODE

^ Provide cross-language examples for most basic operations

V Make it easy to integrate with BLOCKLY to generate simple cryptographic functions.

X Build a simple example webpage that runs only in javascript and compiles Zenroom scripts providing results

X Document api with luadoc or other means


X Build a usable ABC implementation (maybe compatible with coconut and/or IRMA?)

  • Reproduce tor's new onion address scheme (see tor-dam/pkg/damlib/crypto_25519.go)

  • Consider adding GOST from

  • Investigate inclusion of primitives from libsodium

  • Investigate inclusion of primitives from libgcrypt

  • Investigate strategies to build compatibility with ssh

  • Investigate strategies to build compatibility with gnupg

X Integrate the new secret-sharing library by dsprenkels

  • Include salsa20 (and its dependency bit32)

X Finish integrating Milagro in the LUA script


This section lists hypotethical developments and may lead to a completely new release of Zenroom or a derivate, while keeping the LUA one still maintained

? Substitute cjson with a langsec hammer parser (tutorial lesson13)

? After extensive documentation of use-cases, substitute the LUA syntax parser with a limited DSL also written in langsec hammer

  • Add SMT analysis as a backend to most sensitive operations