The Verificatum JavaScript Cryptographic library (VJSC) is a state of the art cryptographic library written from scratch in pure JavaScript with zero dependencies and made for use with group-based cryptographic protocols, or other protocols that need fast arithmetic.
CAVEAT! This library is no longer maintained and due to developments of the JavaScript language the source code is unnecessarily complex. We will keep this page here until we release the transpiled and improved Verificatum TypeScript library which replaces it.
As far as we know it is the most secure, fastest, most thoroughly tested, and best documented in the world. It it natively compatible with the Verficatum Mix-Net.
Interested readers may consider our rationale for using the MIT license.
We provide the library as a single file or as the underlying source code repository. The API and benchmark below can be compiled from the source code.
VJSC is a library, so there is no user manual, but we provide documentation for the API of VJSC and the source code is comprehensively documented with pointers to the standard literature for all algorithms used. The source is embedded in the API pages for easy reference.
Benchmarking JavaScript applications in a way that generalizes is hard due to the large number of platforms and JavaScript interpreters, so we suggest that you benchmark the software yourself on the platforms that you use, but we also provide prepared benchmarks as a start. These were run on a standard laptop.
You can also run the benchmark for VJSC directly in your browser. Please be patient, it takes several minutes to complete the full suite.
JavaScript is a poorly designed language and there are many different engines used in different browsers that do their best to hide this fact and optimize performance. This means that it is not a worthwhile goal to optimize our software for any given JavaScript engine. Instead we have focused our attention on aspects of interpreted (or compiled) script languages that can be optimized in a generic way.
The low level routines of our arithmetic library runs in constant memory to minimize the use of the garbage collector. We have also made best effort to write the code in such a way that a clever interpreter or compiler has a decent chance to do code analysis on the fly and determine the integer type that suffices to run the code and not use actual floating point numbers.
Most of the time is spent in a single subroutine. We have experimented with several implementations and believe that the current implementation is nearly optimal. Any additions to the JavaScript languages that changes this are easily incorporated.
A further non-technical goal is to avoid most features of JavaScript and instead write clear well-documented code that can be read also by programmers that are not experts in JavaScript. This is important, since experts who are able to audit security critical code is rarely experts in JavaScript.