Programming language for anonymity network

Cathal Garvey cathalgarvey at cathalgarvey.me
Fri Apr 18 04:21:13 PDT 2014


I'm not an expert on compiled languages by any stretch, but my 2c:

A) Dlang is designed to be memory safe, has a close syntax to C and is
easily interfaced with it. It's garbage-collected but you can disable
that, as well as all other safety guarantees, if you choose. There are
working bindings for Lua, so you can implement a scripting backend
easily. It's multi-paradigm, with room for OOP, struct-based or
functional, or whatever. It doesn't have much builtin crypto but can be
linked to C crypto.

B) Rust is designed as a memory-safe systems language and looks really
nice as a replacement for C, but I get the impression that (like Golang)
it's "too" strict and may get in the way of some low-level work. It also
has Lua bindings but I don't know how mature they are. I don't think
it's garbage collected which adds a bit of work to the securing part of
the job. I don't know about crypto support.

C) Golang is memory safe and bounds-checked, and garbage-collected, but
unlike Dlang lacks scripting bindings AFAIK, and is "too" strict. It's
not multi-paradigm, perhaps too stuck in the "Look like C" mud.
Personally, I don't like or recommend Golang, but I mention it because
unlike the above, it has *excellent* crypto-support in an external, but
officially supported, library set.

..and then there's scripting languages, which (if written correctly) can
be competitive on speed, benefit from JIT, and have the large advantage
of not requiring compilation prior to use. That means, not worrying
about deterministic builds, because the source is the program. Of these,
Python and Lua are the only ones I'd consider; former is mature,
powerful, and has huge library support. The latter is barebones and
would need additional libraries to work, but if you stick to the
somewhat outdated Lua 5.1 you can use LuaJIT which is considered the
fastest scripting language out there, faster even than some compiled
languages. Python does have PyPy, but it's such a nightmare to compile
I'm not a big fan. Both Lua and Python have bindings to libsodium and
libnacl.

Some precedent: Bitmessage was supposed to be traffic-analysis
resilient, and used an odd stream-based discovery system. It was written
entirely in Python with a Qt frontend.

On 18/04/14 09:26, Stevens Le Blond wrote:
> 
> Hello,
> 
> We are a team of researchers working on the design and implementation of
> a traffic-analysis resistant anonymity network and we would like to
> request your opinion regarding the choice of a programming language /
> environment. Here are the criteria:
> 
> 1) Familiarity: The language should be familiar or easy to learn for
> most potential contributors, as we hope to build a diverse community
> that builds on and contributes to the code.
> 
> 2) Maturity: The language implementation, tool chain and libraries
> should be mature enough to support a production system.
> 
> 3) Language security: The language should minimize the risk of security
> relevant bugs like buffer overflows.
> 
> 4) Security of runtime / tool chain: It should be hard to
> inconspicuously backdoor the tool chain and, if applicable, runtime
> environments.
> 
> To give two concrete examples:
> 
> Using the C language + deterministic builds is an attractive option with
> respect to 1), 2) and 4), but doesn’t provide much regarding 3).
> 
> Java does better with respect to 3), however, it trades some of 3) and
> 4) as compared to C. Specifically, we are concerned that large runtimes
> may be difficult to audit. A similar argument may apply to other
> interpreted languages.
> 
> Given these criteria, what language would you choose and for what
> reasons? We would also appreciate feedback regarding our criteria.
> 
> All the best,
> David, Nick, Peter, Stevens, and William
> 

-- 
T: @onetruecathal, @IndieBBDNA
P: +353876363185
W: http://indiebiotech.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x988B9099.asc
Type: application/pgp-keys
Size: 6176 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks/attachments/20140418/6470dc15/attachment-0002.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 901 bytes
Desc: OpenPGP digital signature
URL: <https://lists.cpunks.org/pipermail/cypherpunks/attachments/20140418/6470dc15/attachment-0002.sig>


More information about the cypherpunks mailing list