Rust Cryptography Should be Written in Rust

August 26th, 2023

Cryptography libraries for Rust should be written entirely in Rust.

Rust should be improved to provide the necessary building blocks that are needed to write cryptography code that is free from timing side channels and similar hazards. These facilities should not be restricted to code within Rust -provided or -endorsed libraries; anybody should be able to use them to publish a crate that correctly implements cryptography. The standard Rust toolchain (rustc, Cargo, etc.) should ensure that these facilities work as specified.

Rust should provide safe, direct access to architecture-specific instructions that are required to implement cryptography with optimal performance. Rust should provide a safe mechanism for dispatching to microarchitecture-specific implementations at runtime. There is no need to trade off performance vs. safety.

In some cases (e.g. WebAssembly and other virtual machine architectures) the target may need to be extended to provide the necessary facilities so that Rust compilers can produce safe code. The Rust community should work with the communities implementing these architectures to help them provide what is needed.

The Rust Foundation is led by several organizations that have experts in maintaining FIPS-validated software libraries: ARM, Amazon Web Services, Google, and Microsoft. They should support the Rust community by letting their experts help the Rust community create FIPS-validated cryptography libraries written entirely in safe Rust that expose safe and idiomatic Rust APIs.

We should help formal methods cryptography projects generate and/or verify safe Rust code.

The word "safe" above refers to Rust's sense of safety: All of these facilities should be provided such that they can be used without any use of the unsafe keyword in the crypto code.

All of the above is achievable with reasonable effort, time, and cost. It is often impractical for people to advocate for or work on pure Rust cryptography, even if they want to do so—especially when they may work for organizations that already have committed to doing something else. The community has to kindly demand pure Rust cryptography, politely but firmly refuse compromises, and generously support the individuals who are actively working towards making safe Rust cryptography a reality.