I'm not an expert on compiled languages by any stretch, but my 2c: A) Dlang is designed to be memory safe, has a close syntax to C and is easily interfaced with it. It's garbage-collected but you can disable that, as well as all other safety guarantees, if you choose. There are working bindings for Lua, so you can implement a scripting backend easily. It's multi-paradigm, with room for OOP, struct-based or functional, or whatever. It doesn't have much builtin crypto but can be linked to C crypto. B) Rust is designed as a memory-safe systems language and looks really nice as a replacement for C, but I get the impression that (like Golang) it's "too" strict and may get in the way of some low-level work. It also has Lua bindings but I don't know how mature they are. I don't think it's garbage collected which adds a bit of work to the securing part of the job. I don't know about crypto support. C) Golang is memory safe and bounds-checked, and garbage-collected, but unlike Dlang lacks scripting bindings AFAIK, and is "too" strict. It's not multi-paradigm, perhaps too stuck in the "Look like C" mud. Personally, I don't like or recommend Golang, but I mention it because unlike the above, it has *excellent* crypto-support in an external, but officially supported, library set. ..and then there's scripting languages, which (if written correctly) can be competitive on speed, benefit from JIT, and have the large advantage of not requiring compilation prior to use. That means, not worrying about deterministic builds, because the source is the program. Of these, Python and Lua are the only ones I'd consider; former is mature, powerful, and has huge library support. The latter is barebones and would need additional libraries to work, but if you stick to the somewhat outdated Lua 5.1 you can use LuaJIT which is considered the fastest scripting language out there, faster even than some compiled languages. Python does have PyPy, but it's such a nightmare to compile I'm not a big fan. Both Lua and Python have bindings to libsodium and libnacl. Some precedent: Bitmessage was supposed to be traffic-analysis resilient, and used an odd stream-based discovery system. It was written entirely in Python with a Qt frontend. On 18/04/14 09:26, Stevens Le Blond wrote:
Hello,
We are a team of researchers working on the design and implementation of a traffic-analysis resistant anonymity network and we would like to request your opinion regarding the choice of a programming language / environment. Here are the criteria:
1) Familiarity: The language should be familiar or easy to learn for most potential contributors, as we hope to build a diverse community that builds on and contributes to the code.
2) Maturity: The language implementation, tool chain and libraries should be mature enough to support a production system.
3) Language security: The language should minimize the risk of security relevant bugs like buffer overflows.
4) Security of runtime / tool chain: It should be hard to inconspicuously backdoor the tool chain and, if applicable, runtime environments.
To give two concrete examples:
Using the C language + deterministic builds is an attractive option with respect to 1), 2) and 4), but doesn’t provide much regarding 3).
Java does better with respect to 3), however, it trades some of 3) and 4) as compared to C. Specifically, we are concerned that large runtimes may be difficult to audit. A similar argument may apply to other interpreted languages.
Given these criteria, what language would you choose and for what reasons? We would also appreciate feedback regarding our criteria.
All the best, David, Nick, Peter, Stevens, and William
-- T: @onetruecathal, @IndieBBDNA P: +353876363185 W: http://indiebiotech.com