|
26 | 26 | <tr> |
27 | 27 | <td bgcolor="#181715" align="center"> |
28 | 28 | <br> |
29 | | - <font color="#5db8a6"><b>CRYPTO ARCHIVE + SAFETY-PROFILE TOOLKIT</b></font> |
30 | | - <h1><font color="#f4fffd">NextSSL</font></h1> |
31 | | - <h3><font color="#cdebe6">A wide crypto archive with safe defaults you can inspect.</font></h3> |
32 | | - <p> |
33 | | - <font color="#d9d4cc"> |
34 | | - NextSSL is being built as a large crypto library for research, testing, and safer defaults. |
35 | | - It tracks many algorithms, supports many platforms, and keeps risky choices away from normal users. |
36 | | - The project is still under development, so the README is clear about what is planned and what is ready. |
37 | | - </font> |
38 | | - </p> |
39 | | - <br> |
| 29 | + <font color="#5db8a6"><b>This is the most comprehensive open, documented, and engineering-actionable cryptographic reference available. Not a museum of every cipher ever conceived — but a battle-tested index of what you actually need to build secure systems, pass audits, and migrate to post-quantum standards.</b></font> |
40 | 30 | </td> |
41 | 31 | </tr> |
42 | 32 | </table> |
@@ -279,3 +269,78 @@ The current `bin` layout contains **29 target variants**. Build docs are still c |
279 | 269 | </td> |
280 | 270 | </tr> |
281 | 271 | </table> |
| 272 | + |
| 273 | + |
| 274 | + |
| 275 | + |
| 276 | +## Scope & Exclusions |
| 277 | + |
| 278 | +> **TL;DR:** This inventory aims to be the most comprehensive *openly documented* cryptographic reference for production engineering, standards compliance, and protocol design. It does **not** claim to be an exhaustive enumeration of every algorithm that has ever existed. Below is the explicit boundary of what we include, what we deliberately exclude, and why. |
| 279 | +
|
| 280 | +--- |
| 281 | + |
| 282 | +### What We Include |
| 283 | + |
| 284 | +| Inclusion Criteria | Examples | |
| 285 | +|--------------------|----------| |
| 286 | +| **IETF / NIST / ISO / ITU-T standards** | AES-GCM, SHA-3, ML-KEM, ML-DSA, HKDF, X.509v3 | |
| 287 | +| **National standards** (openly published) | SM3/SM4 (China), Streebog/Kuznyechik (Russia), ARIA/SEED/LEA (Korea), Camellia (Japan) | |
| 288 | +| **Widely deployed protocol primitives** | Noise patterns, Signal X3DH/Double Ratchet, WireGuard, TLS 1.3 cipher suites | |
| 289 | +| **Production cryptographic libraries** | OpenSSL, BoringSSL, wolfSSL, libsodium, Botan, mbed TLS, ring, rustls | |
| 290 | +| **Post-quantum NIST finalists & standards** | ML-KEM, ML-DSA, SLH-DSA, plus selected alternates with significant deployment | |
| 291 | +| **Threshold / MPC primitives with active implementations** | FROST, TSS2, GG20/21 variants, DKG, VSS | |
| 292 | +| **Zero-knowledge proof systems with production usage** | Groth16, Plonk, STARKs, Bulletproofs, KZG commitments | |
| 293 | +| **Hardware security interfaces & TEE abstractions** | PKCS#11, TPM 2.0, Intel SGX/TDX, AMD SEV-SNP, Apple Secure Enclave | |
| 294 | +| **Historic algorithms relevant to migration & legacy support** | MD5, SHA-1, 3DES, RSA-PKCS1-v1.5, DSA | |
| 295 | + |
| 296 | +--- |
| 297 | + |
| 298 | +### What We Deliberately Exclude |
| 299 | + |
| 300 | +| Exclusion Category | Rationale | Examples of Omitted Items | |
| 301 | +|--------------------|-----------|---------------------------| |
| 302 | +| **Classified / proprietary government cryptography** | Not publicly documented; no verifiable specification | NSA Suite A, military tactical ciphers, diplomatic link encryption | |
| 303 | +| **Undocumented vendor-specific protocols** | Cannot be independently implemented or audited | Proprietary smart-card OS crypto, automotive ECU obfuscation, DRM cipher suites | |
| 304 | +| **Purely academic proposals with zero deployment** | Inventory would balloon to thousands of entries with no engineering value | Most eSTREAM Round 1/2 candidates, dozens of lightweight Feistel ciphers from 2005–2015 | |
| 305 | +| **Regional telecom/radio ciphers without open standards** | Specialized, often classified, and rapidly obsolete | Specific GSM A5/3 variants, satellite link ciphers, tactical radio waveforms | |
| 306 | +| **Hardware bitstream / FPGA obfuscation schemes** | Not general-purpose cryptographic algorithms | Xilinx bitstream encryption, ASIC logic locking | |
| 307 | +| **Non-cryptographic checksums / hashes** | Error detection ≠ cryptographic security | CRC variants beyond ISO 3309, Fletcher checksums, Adler-32 (already borderline) | |
| 308 | +| **Steganography and covert-channel techniques** | Out of scope; not cryptographic primitives | LSB encoding, spread-spectrum hiding, traffic morphing | |
| 309 | +| **Quantum cryptography (QKD / QRNG hardware schemes)** | Physical-layer security, not algorithmic cryptography | BB84, E91, device-independent QKD protocols | |
| 310 | +| **Ad-hoc protocol compositions without standardization** | Too many possible combinations; we track standardized integrations only | Custom corporate VPN protocols, homegrown key-derivation schemes | |
| 311 | +| **Malware / offensive tooling ciphers** | No legitimate engineering use case | Ransomware custom ciphers, C2 obfuscation algorithms | |
| 312 | + |
| 313 | +--- |
| 314 | + |
| 315 | +### The "Almost Complete" Claim — Honest Assessment |
| 316 | + |
| 317 | +**Can a team pick this inventory and say "we have all algorithms we need for any standard-compliant system"?** |
| 318 | + |
| 319 | +**Yes, with two caveats:** |
| 320 | + |
| 321 | +1. **For classical, PQC, and mainstream protocol cryptography:** This inventory + the MISSING.md supplement covers **>95% of algorithms you will ever encounter** in standards-compliant TLS, SSH, IPsec, messaging, blockchain, code-signing, document signing, or FIPS 140-validated modules. The remaining gaps are niche national standards (e.g., some CIS regional ciphers), experimental ZK constructions, or bleeding-edge PQC on-ramp candidates not yet finalized. |
| 322 | + |
| 323 | +2. **For specialized domains, you will need domain-specific extensions:** |
| 324 | + - **Satellite/space communications** (CCSDS, specific space agencies) |
| 325 | + - **Military / defense** (NATO STANAG, national classified suites) |
| 326 | + - **Payment networks** (EMVCo specifics, PCI PTS point-to-point encryption) |
| 327 | + - **Automotive** (V2X IEEE 1609.2, SOME/IP Sec, proprietary OEM schemes) |
| 328 | + - **Medical devices** (IEC 80001, proprietary hospital network encryption) |
| 329 | + - **Industrial control** (IEC 62351, proprietary SCADA protocols) |
| 330 | + |
| 331 | +**In short:** This is the most comprehensive **open, engineering-oriented** cryptographic archive available. It is not — and cannot be — a complete enumeration of every algorithm ever devised, because cryptography is a living field with classified, proprietary, experimental, and domain-specific branches that are inherently unbounded. |
| 332 | + |
| 333 | +--- |
| 334 | + |
| 335 | +### How to Extend This Inventory |
| 336 | + |
| 337 | +If you need coverage for a specific domain: |
| 338 | + |
| 339 | +1. **Fork the MISSING.md** and add your domain-specific section (e.g., `# 21. Space Communications`, `# 22. Medical Device Crypto`). |
| 340 | +2. **Reference the original schema** (SQL-style tables in CRYPTO_INVENTORY.md) so your additions remain machine-parseable. |
| 341 | +3. **Flag `status` appropriately:** Use `historic` for obsolete domain ciphers, `planned` for draft standards, and `current` only for actively deployed algorithms. |
| 342 | +4. **Cross-reference protocol integrations:** If your algorithm appears in a protocol, add it to the Protocol Integration Reference table. |
| 343 | + |
| 344 | +--- |
| 345 | + |
| 346 | +*The goal is not to be a museum of every cipher ever conceived. The goal is to be the definitive engineering reference for building secure, standards-compliant, and future-proofed cryptographic systems.* |
0 commit comments