SC4 FAQ for experts

(Draft - March 2015)

What is SC4?

SC4 is a minimalist UI on top of the TweetNaCl library by Daniel J. Bernstein. It is currently implemented in Javascript and deployed as a web application, but this is just the initial prototype to get the protocol vetted and audited.

Don't you know that you should never implement crypto in Javascript?

The standard arguments against implementing crypto in Javascript assume that the Javascript will be served from a server, in which case the code can be no more trustworthy than the server itself, and so the crypto might as well be done on the server. This argument is valid, but it does not apply to SC4 for two reasons.

First, although SC4 is served from a server, it is in fact a standalone application. It can be easily compiled to a single file, which can then be run from a FILE: URL. At that point, the fact that it is written in Javascript is (mostly) irrelevant. It can be just as trustworthy (or not) as any other local application.

Second, the current implementation is not the final product. SC4 is implemented as a web application simply to leverage a browser as a UI, and to get the maximum coverage for the least amount of effort. Implemented as a web application, the same code can run on all major operating systems, which makes implementation and auditing that much easier.

Finally, it should be noted that the SC4 protocol is simple, easy to parse, and the core crypto library is public domain, so anyone can write an SC4 implementation. The current prototype is only about 700 lines of code (plus 1200 LOC for the nacl library).

What is under the hood?

Use the source, Luke. SC4 consists of one HTML file (~100 LOC), one CSS file (~80 LOC), one Javascript file (about 700 LOC as of this writing), a copy of TweetNaCl-js, and a copy of jquery. That's it.

SC4 implements NaCl's authenticated encryption using curve25519 ECDH key exchange, and secure digital signatures using Ed25519. Keys are generated using the browser's random number generator and stored in localStorage. This is not super-secure but it's not bad either. And remember, the point of this implementation is not to be super-secure, but simply to vet and establish the protocol. Extremely secure implementations of SC4 on dedicated HSM-like dongles are currently in development.

Has the code been audited?

Not yet. We're working on it.