Lightweight/smallest libraries that implement strong encryption standards like AES for 4MB ESP8266 NodeMCU board running Espruino.

[espruino-discuss]

Posted at 2024-04-03 by Jurand

For a 4MB ESP8266 NodeMCU board running Espruino, your choices for secure encryption libraries are somewhat limited due to the constraints of the device, including its memory and processing power.

One of the smallest and most secure encryption libraries that could fit this criterion is TweetNaCl. TweetNaCl is a cryptography library that offers a compact implementation of the NaCl library (Networking and Cryptography library), which is well-regarded for its simplicity and high security. The TweetNaCl library has been ported to various languages and platforms, and there is a JavaScript version that could potentially be used with Espruino.

Anyone, any ideas?

XOR Cipher: For very lightweight applications, a simple XOR cipher with a pseudo-random sequence generator (like a linear feedback shift register for the sequence) could be implemented. However, this method is not recommended for securing sensitive data, as it can be relatively easily broken without proper precautions.

RC4: Another small and simple option could be RC4 (although it's now considered insecure for many applications, it might suffice for scenarios with low security requirements). You would need to be careful with its initialization and usage to avoid common pitfalls that make it vulnerable.

Simplified AES (SAES): This is a reduced, more straightforward version of AES designed for educational purposes and might serve as a basis for a custom implementation. It can demonstrate how to perform secure encryption with less complexity, though adapting it for production use requires caution to maintain security.

Found those on the net, but I am open to discussion and knowledge exchange before attempt to embed any of them.

1. TweetNaCl / TweetNaCl.js - A compact, tweet-sized NaCl cryptography library, with a JavaScript version suitable for adaptation.
2. micro-ecc - A small Elliptic Curve Cryptography (ECC) library for microcontrollers.
3. uCryptoLib - A micro cryptographic library designed for embedded devices.
4. LibHydrogen - A lightweight, secure, easy-to-use crypto library for constrained environments.
5. Tiny-AES-c - A small and portable implementation of the AES algorithm, potentially adaptable for JavaScript.
6. BearSSL - A secure and relatively small SSL/TLS library, with potential for lightweight implementations.
7. mbedTLS (minimal configuration) - A library that can be configured to be minimalistic for embedded devices.
8. wolfSSL (with --enable-smallstack or --enable-minimal options) - A small, portable, and embeddable SSL/TLS library.
9. sodium-native - A low-level Node.js binding to libsodium, which might be adapted or inspire a minimal implementation.
10. TinyCrypt - A small, portable, and easy-to-use library of cryptographic algorithms.
11. speck.js - A JavaScript implementation of the SPECK block cipher, known for its simplicity and small size.
12. microjs/crypto - A collection of micro libraries in JavaScript, including some for cryptography, which are very small.
13. SJCL (Stanford JavaScript Crypto Library) - While not the smallest, it can be customized to include only necessary features.
14. asmCrypto - A JavaScript cryptographic library with AssemblyScript optimization, potentially adaptable for size.
15. js-nacl - A high-level cryptographic library that can be adapted or stripped down for essential functionality.
16. noble - A family of compact, secure, and easy-to-use cryptographic primitives for JavaScript.
17. Heatshrink - A data compression library suitable for small microcontrollers, useful for reducing data size before encryption.
18. PicoCrypt - A hypothetical minimal cryptographic library designed with the smallest footprint in mind.
19. CryptoJS (minimal build) - While generally larger, it can be customized to only include necessary components.
20. Salty - A minimal secure encryption library for JavaScript, focusing on ease of use and small size.
21. Elliptic (minimal configuration) - A lightweight implementation of elliptic curve cryptography in JavaScript.
22. SOSEMANUK - A fast, software-oriented stream cipher that can potentially be adapted for JavaScript environments.
23. Rabbit - A fast stream cipher that can be implemented in a compact form for JavaScript.
24. Simon and Speck - Lightweight block ciphers designed for simplicity and efficiency, potentially adaptable to JavaScript.
25. ChaCha - A stream cipher that offers good performance and security, with potential for a minimal JavaScript implementation.

[espruino-discuss]

Posted at 2024-04-03 by Jurand

This is interesting:
https://bitwiseshiftleft.github.io/sjcl/

---

Posted at 2024-04-03 by Jurand

Or this:
https://github.com/suculent/thinx-aes-lib

---

Posted at 2024-04-04 by @gfwilliams

Espruino actually already includes mbedtls: https://github.com/espruino/Espruino/tree/master/libs/crypto

You should be able to include it in the ESP8266 build quite easily by adding the following lines:

https://github.com/espruino/Espruino/blob/master/boards/PICO_R1_3.py#L40-L41

Note that including TLS will use a lot more memory, but I believe you can still have AES without TLS.

When you say ESP8266 4MB do you mean 4MBit of 4MByte? Because my understanding was that only the very earliest modules available were 4MBit (512kB), and now they're basically all 4MByte.

Espruino does build and run for those early 512k chips, and obviously that creates a lot more restrictions that something with 8x the flash - but if you're on the 4MByte version then you really shouldn't have to be concerned about flash memory usage at all - it's really only RAM usage you care about.

---

Posted at 2024-04-04 by @MaBecker

@gfwilliams is there a chance that mbedtls will be updated?

---

Posted at 2024-04-04 by @gfwilliams

is there a chance that mbedtls will be updated?

You mean just the version of the library?

It's not high on my list right now, but if someone makes a PR then I'd definitely pull it in :)

---

Posted at 2024-04-04 by Jurand

I have read about XXTEA and other libraries but unfortunately failed to upload it to ESP board. Too large or too resource hungry... but still fighting :)

---

Posted at 2024-04-04 by Jurand

Hi guys :)
I found old NodeMCU Lolin v3 board and I am playing with it :)
I am wondering how to encrypt securely message on espruino and decrypt it on api.
I am looking for a way to ensure that only my device can add records to database.
I want to send only temperature and humidity so there is not much data.
I was thinking about RSA or AES or whatever can fit into this little thing.
AES would be super cool to use but require('crypto').AES doesn't seem to work after flashing with ESP8266 4MB.
Key to encrypt and decrypt message can be safely stored on the api and espruino - so that would work over unsecured networks.
I want to use HTTPS or TLS if possible, but I am just starting to look around after couple of years break from espruino project what has changed and from what I can choose from :)

---

Posted at 2024-04-04 by Jurand

I have read both Encryption threads:

https://forum.espruino.com/conversations/267841/
https://forum.espruino.com/conversations/273427/

So after 7 years we just have SHA256 in crypto for ESP build in?
I was hoping to find some AES-like included solution.

I went through git repo and read readme for building, but for windows there was only information: basically do it in Linux. Unfortunately not a solution I can use. I was hoping it can be done in Windows with Python :)

Could you add additional builds for ESP chips with AES, so there is one with and one without for each?

---

Posted at 2024-04-10 by Jurand

Have you seen ESP32 S2 Mini V1.0.0 Development Board with ESP32-S2FN4R2 4MB FLASH 2MB PSRAM?

There is hope :)

---

Attachments:

• 1-10pcs-ESP32-S2-Mini-V1-0-0-WiFi-Module-Internet-Development-Board-Based-ESP32-S2FN4R2.jpg_640x640.jpg_.webp

---

Posted at 2024-04-11 by @gfwilliams

I was hoping to find some AES-like included solution.

You can choose to build it in I think.

At the end of the day anyone is able to contribute changes to the Espruino repository

---

Posted at 2025-01-19 by @joakim

Adding a hashing algorithm to the list:
26. Blake3 (found here)

The latest version uses Wasm, but version 8 (11.4 KB before minification) might work on Espruino?

As for an alternative to AES, an interesting newcomer (50 weeks old) is ChaCha20-BLAKE3. It's supposedly simpler, faster and more secure in certain aspects than (software) AES. But there's no implementation yet, certainly not in JS. When one is available, it could be ported to JS with Blake3 and a ChaCha20 library. I'll keep an eye on this one. Obviously not for TLS though.

I also like TweetNaCl.js. It's ported from TweetNaCl, made by smart people, and has had a security audit. It's small, well written and easy to use. As a crypto noob, I only dare use the NaCl family of crypto libraries (libsodium, TweetNaCl and by extension TweetNaCl.js).

---

Posted at 2025-01-20 by @gfwilliams

Thanks for the update!

(11.4 KB before minification) might work on Espruino?

I would have thought so, yes!