Frank Denis edited this page Aug 20, 2018 · 13 revisions


The Hydrogen library is a small, easy-to-use, hard-to-misuse cryptographic library for constrained environments.


  • Consistent high-level API, inspired by libsodium. Instead of low-level primitives, it exposes simple functions to solve common problems that cryptography can solve.
  • 100% built using just two cryptographic building blocks: the Curve25519 elliptic curve, and the Gimli permutation.
  • Small and easy to audit. Implemented as one tiny file for every set of operation, and adding a single .c file to your project is all it takes to use libhydrogen in your project.
  • The whole code is released under a single, very liberal license (ISC).
  • Zero dynamic memory allocations and low stack requirements. This makes it usable in constrained environments such as microcontrollers.
  • Portable: written in standard C99. Supports Linux, *BSD, MacOS, Windows, and the Arduino IDE out of the box.
  • Can generate cryptographically-secure random numbers, even on Arduino boards.
  • Attempts to mitigate the implications of accidental misuse.

Side goal:

  • Design the libsodium v2 API.


  • Having multiple primitives serving the same purpose, even to provide compatibility with other libraries.
  • Networking -- but a simple key exchange API based on the NOISE protocol is available.
  • Interoperability with other libraries.
  • Replacing libsodium. Libhydrogen tries to keep the number of APIs and the code size down to a minimum.


  • Official statement from the Gimli team regarding Hamburg's cryptanalysis (whose attack didn't apply to libhydrogen's constructions to start with).
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.
Press h to open a hovercard with more details.