Background

Cryptographic libraries are often used as core components in security applications. They are of central importance for security. However, the development of a cryptographic library is very demanding and prone to errors - regarding both the selection of suitable algorithms and their implementation. Serious problems have repeatedly occurred with widespread cryptographic libraries (e.g. OpenSSL) and these can significantly impair the security of the applications based on them.

Botan 2.4.0-RSCS1

The BSI carried out the "Secure implementation of a general cryptographic library" project with the contractor Rohde & Schwarz Cybersecurity GmbH. The aim of the project was to provide an open-source, secure, clear, controllable and well-documented cryptographic library that is suitable for as many application scenarios as possible and can also be used in applications with increased security requirements.

For this purpose, based on an analysis of existing open source cryptographic libraries, the Botan library was selected as a suitable basis for further development. As part of this project, Botan’s cryptographic implementation was examined more thoroughly and existing deficiencies were corrected.

Missing cryptographic primitives and standards were implemented in accordance with the BSI's technical guidelines.

The test suite and resistance to side-channel attacks were improved by suitable software countermeasures and the documentation was consequently expanded. The project ended in 2017 and was completed with the release of Botan version 2.4.0-RSCS1 on github.

Botan is available under the Simplified BSD License and can therefore be used for both open and commercial applications.

Project summary Sichere Implementierung einer allgemeinen Kryptobibliothek - Projektzusammenfassung

Botan 3.x and post-quantum cryptography

The follow-up project "Maintenance and further development of the Botan cryptographic library" was launched at the beginning of 2022 together with the contractor Rohde & Schwarz Cybersecurity GmbH.

In the course of the first year of the project, the current development version of Botan (the master branch on github) .was subjected to the established analysis and testing process, and any defects discovered were corrected. The results have already been merged into the open source project. After that, post-quantum schemes and a hybrid key exchange (ECC+PQ) for TLS 1.3 were implemented. The latest version of Botan that has been reviewd as part of this project is Botan 3.4.0 (available on github). This release currently contains the post quantum schemes FrodoKEM and Kyber/ML-KEM, as well as the post quantum signature schemes Dilithium/ML-DSA, XMSS, and SPHINCS+/SLH-DSA. As part of the BSI project, Classic McEliece and HSS/LMS have also been implemented and are intended to be included in a future release.