Roadmap

GitHub repository Download Quickstart Libhydrogen
Search…
Roadmap
libsodium's roadmap is driven by its user community, and new ideas are always welcome.
New features will gladly be implemented if they are not redundant and solve common problems.
pre-1.0.0 roadmap
AEAD construction (ChaCha20-Poly1305)
API to set initial counter value in ChaCha20/Salsa20
Big-endian compatibility
BLAKE2
ChaCha20
Constant-time comparison
Cross-compilation support
Detached authentication for crypto_box() and crypto_secretbox()
Detached signatures
Deterministic key generation for crypto_box()
Deterministic key generation for crypto_sign()
Documentation
Ed25519 signatures
Emscripten support
FP rounding mode independent Poly1305 implementation
Faster portable Curve25519 implementation
Fix undefined behaviors for C99
Guarded memory
HMAC-SHA512, HMAC-SHA256
Hex codec
Hide specific implementations, expose wrappers
Higher-level API for crypto_box
Higher-level API for crypto_secretbox
Lift ZEROBYTES requirements
Make all constants accessible via public functions
MinGW port
Minimal build mode
NuGet packages
Password hashing
Pluggable random number generator
Portable memory locking
Position-independent code
Replace the build system with Autotools/Libtool
Runtime CPU features detection
Secure memory zeroing
Seed and public key extraction from an Ed25519 secret key
SipHash
Streaming support for hashing and authentication
Streaming support for one-time authentication
Support for arbitrary HMAC key lengths
Support for architectures requiring strict alignment
Visual Studio port
100% code coverage, static and dynamic analysis
arc4random*() compatible API
Ed25519 to X25519 keys conversion
iOS/Android compatibility
1.0.x roadmap
Constant-time bin2hex() [DONE] and hex2bin() [DONE]
Constant-time base64 codecs [DONE]
Improve consistency and clarity of function prototypes
Improve the documentation
Consider getrandom(2) [DONE]
Consider Gitian​
Complete the sodium-validation project
Optimized implementations for ARM w/NEON
AVX optimized Curve25119 [DONE]
Precomputed interface for crypto_box_easy() [DONE]
First-class support for JavaScript [DONE]
ChaCha20 and ChaCha20-Poly1305 with a 96-bit nonce and a 32-bit counter [DONE]
IETF-compatible ChaCha20-Poly1305 implementation [DONE]
SSE-optimized BLAKE2b implementation [DONE]
AES-GCM [DONE]
AES-GCM detached mode [DONE]
Use Montgomery reduction for GHASH
ChaCha20-Poly1305 detached mode [DONE]
Argon2i as crypto_pwhash [DONE]
Argon2id as crypto_pwhash [DONE]
Multithreaded crypto_pwhash [on hold]
Generic subkey derivation API [DONE]
Nonce misuse-resistant scheme
BLAKE2 AVX2 implementations [DONE]
Keyed (Hash-then-Encrypt) crypto_pwhash
Consider yescrypt
Consider BLAKE2X [on hold]
Argon2id [DONE]
Port libhydrogen's key exchange API
SSSE3 ChaCha20 implementation [DONE]
SSSE3 Salsa20 implementation [DONE]
SSSE3 Poly1305 implementation [DONE]
AVX2 Salsa20 implementation [DONE]
AVX2 ChaCha20 implementation [DONE]
AVX2 Poly1305 implementation
AVX512 implementations [done for Argon2, withhold for other operations due to throttling concerns]
Key generation API [DONE]
Nonce/subkey generation API
WebAssembly support [DONE]
Stream encryption using a CHAIN-like construction [DONE]
Security audit by a 3rd party [DONE]
Formally-verified implementations [on hold]
Padding API [DONE]
secretstream_inject() for nonce misuse-resistance [on hold]
Point addition, subtraction [DONE]
Point validation [DONE]
Hash-to-point (Elligator) [DONE]
SPAKE2+ [DONE]
Support server relief in the password hashing API
Ristretto [DONE]
Consider a streaming interface for crypto_shorthash_*()
AEGIS-256 [DONE]
AEGIS-128L [DONE]
AEGIS-based secretstream API
BLAKE3
HKDF/SHA-512 and HKDF/SHA-256 [DONE]
Standard hash-to-curve [DONE]
Consider signcryption​
Consider Pufferfish
High-level AEAD and secretstream APIs
Consider ECVRF
Consider using TIMECOP​
2.0.0 roadmap
Switch to a new API (libhydrogen/WASI-crypto)
Session support
PQC
Internals
Last modified 4mo ago
Copy link
Outline
pre-1.0.0 roadmap
1.0.x roadmap
2.0.0 roadmap