Skip to content
/ C2SP Public

Community Cryptography Specification Project

Notifications You must be signed in to change notification settings

C2SP/C2SP

Repository files navigation

The Community Cryptography Specification Project

The Community Cryptography Specification Project (C2SP) is a project that facilitates the maintenance of cryptography specifications using software development methodologies. In other words, C2SP applies the successful processes of open source software development and maintenance to specification documents.

  • C2SP decisions are not based on consensus. Instead, each spec is developed by its maintainers, who are responsible for reviewing and accepting changes, just like open source projects. This enables rapid, focused, and opinionated development. Since C2SP produces specifications, not standards, technical disagreements can be ultimately be resolved by forking.
  • C2SP specs are updateable, and follow semantic versioning. Most specifications are expected to start at v0.x.x while in “draft” stage, then stay at v1.x.x for as long as they maintain backwards compatibility, ideally forever. Drafts are expected to bump the minor version on breaking changes.
  • C2SP documents are developed as Markdown files on GitHub, and can include ancillary files such as test vectors and non-production reference implementations.

A small team of stewards maintains the overall project, enforces the C2SP Code of Conduct, assigns new specifications to proposed maintainers, and may intervene in case of maintainer conflict or to replace lapsed maintainers, but they are otherwise not involved in the development of individual specs (in their steward capacity).

Versions are tracked as git tags of the form <spec-name>/vX.Y.Z like age/v1.2.3.

Specifications should be linked using their c2sp.org short-links. https://c2sp.org/<spec-name> and https://c2sp.org/<spec-name>@<version> are supported. (The former currently redirects to the specification in the main branch, this may change in the future to the latest tagged version of the spec.) GitHub URLs should not be considered stable.

All C2SP specifications are licensed under CC BY 4.0. All code and data in this repository is licensed under the BSD 1-Clause License (LICENSE-BSD-1-CLAUSE).

Specifications

Name Description
c2sp.org/age File encryption format Maintainers
c2sp.org/age-plugin The age plugin stdio protocol Maintainers
c2sp.org/BLAKE3 A fast cryptographic hash function (and PRF, MAC, KDF, and XOF) Maintainers
c2sp.org/chacha8rand Fast cryptographic random number generator Maintainers
c2sp.org/https-bastion Bastion (reverse proxy) protocol for exposing HTTPS services Maintainers
c2sp.org/jq255 Prime order groups, key exchange, and signatures Maintainers
c2sp.org/signed-note Cleartext signed messages Maintainers
c2sp.org/static-ct-api Static asset-based Certificate Transparency logs Maintainers
c2sp.org/tlog-checkpoint Interoperable transparency log signed tree heads Maintainers
c2sp.org/tlog-cosignature Witness cosignatures for transparency log checkpoints Maintainers
c2sp.org/tlog-tiles Static asset-based transparency log Maintainers
c2sp.org/tlog-witness HTTP protocol to obtain transparency log witness cosignatures Maintainers
c2sp.org/vrf-r255 Simplified ristretto255-based ECVRF ciphersuite Maintainers
c2sp.org/XAES-256-GCM Extended-nonce AEAD from NIST-approved components Maintainers

Associated projects

The C2SP organization hosts three other testing-focused projects:

  • Wycheproof, a large library of tests for cryptographic libraries against known attacks.

  • CCTV, the Community Cryptography Test Vectors, a repository of reusable test vectors.

  • x509-limbo, a suite of tests for X.509 certificate path validation.