BabaSSL Releases 8.3.0｜Requirements for Implementing Corresponding Privacy Computing

BabaSSL 8.3.0 stable release!

The cryptography open source project BabaSSL recently released the stable version 8.3.0, which provides several bug fixes and support for many new features.

From the perspective of specific features, BabaSSL version 8.3.0 has improved its capabilities in international cutting-edge technical standards, domestic cryptographic compliance capabilities, and performance optimization of national cryptographic algorithms. in:

Cutting-edge technology standards:

The TLS certificate compression function defined by RFC8879 brings a great performance improvement to the TLS handshake, further reduces the delay in TLS encrypted communication, and greatly enhances the user experience. It can directly reduce the bandwidth of the TLS handshake by more than 80%. .

Domestic password compliance capabilities:

It supports NTLS session ticket, client authentication and RSA_SM4 encryption suite, which provides strong functional support for the current national secret transformation in various industries in China;

The support for the soft random number generator that is compliant with national secrets meets the compliance requirements in the process of transforming national secrets.

National secret algorithm performance optimization:

This time, BabaSSL, together with ARM and Alibaba Cloud, optimized the special hardware instructions for the SM3 and SM4 algorithms on the ARM v8 architecture, so that BabaSSL can achieve better SM3 and SM4 calculations on the ARM architecture CPU with the relevant instruction set. performance.

For example, on Alibaba Cloud Yitian 710, SM3 achieves a performance improvement of up to 74% and SM4 algorithm up to 36 times; in addition, the C language optimization of SM4 algorithm logic has also achieved performance improvement on general-purpose CPUs.

BabaSSL 8.3.0 mainly includes the following updates:

• Fix CVE-2021-4160
• openssl enc command supports wrap mode
• ASYNC: supports nesting of jobs
• Support for TLS certificate compression (RFC 8879)
• Release upstream patch collection merge [hustliyilin]
• Support for NTLS session tickets
• Support Zu Chongzhi message integrity algorithm 128-EIA3
• Supports NTLS client authentication
• Remove ARIA algorithm
• A soft random number generator that supports China Secret compliance
• Support semi-homomorphic encryption algorithm EC-ElGamal
• Support for RSA_SM4 cipher suite in NTLS
• Performance optimizations for SM3 and SM4 available on ARM platforms
• SM4 algorithm logic optimization to improve performance [zzl360]

It is worth mentioning that, in response to the rise of the data security and privacy protection market, BabaSSL 8.3.0 has implemented support for the semi-homomorphic encryption algorithm EC-ElGamal. Users in the privacy computing field can easily use this algorithm to implement corresponding privacy computing. requirements, and at the same time use the national secret capabilities provided by BabaSSL to achieve technical compliance.

In addition, BabaSSL is currently the default integrated software cryptographic library in Ant Privacy Computing All-in-One, providing a unified cryptographic API interface for Ant Privacy Computing all-in-one users to facilitate the development and debugging of privacy computing applications.

Welcome to download BabaSSL version 8.3.0, download address👇:

https://github.com/BabaSSL/BabaSSL/releases/tag/8.3.0

What is BabaSSL?

BabaSSL is an open source basic cryptographic library that provides modern cryptographic algorithms and secure communication protocols, and provides the underlying cryptographic basic capabilities for many business scenarios such as storage, network, key management, and privacy computing. Realize the guarantee of privacy, integrity and certifiability of data in the process of transmission, use, storage, etc., and provide protection capabilities for privacy and security in the data life cycle.

As a scarce cryptography open source project in China, BabaSSL fills the gap of related products in the domestic information infrastructure field, and is a key part of my country's construction of a domestic cryptography ecosystem, solving the problem of "stuck neck" cryptography technology, and developing cutting-edge cryptography technology. .

In addition to the field of national commercial cryptographic algorithms, BabaSSL also supports cutting-edge cryptography, including various cryptographic algorithms required in privacy computing scenarios and post-quantum cryptography algorithms for quantum computing.

BabaSSL adopts a fast follow-up strategy for new international and domestic technical standards, so the supported functions are very rich. At the same time, based on the massive user scenarios of Ant and Alibaba, its performance and stability have also reached the Internet production level.

Since its open source in 2020, BabaSSL has also been used and verified by a large number of users in the industry, and has been applied to many business scenarios.

The past and present of BabaSSL

BabaSSL was born within Ant Group and Ali Group. Currently, as the unified basic cryptographic library of Ant and Ali, BabaSSL is widely used in various Ant and Ali businesses, providing TLS, data storage, national security compliance and other key cryptography related Ability to ensure the smooth, safe and compliant operation of various businesses.

Since open source in 2020, BabaSSL has provided the cryptographic technical capabilities accumulated within Ant and Alibaba to the industry. At the same time, BabaSSL is applying for the first-level qualification of commercial cryptographic product software cryptographic modules, and it is also the first open source cryptography that is expected to obtain a commercial cryptographic product model certificate. learning products.

From the perspective of specific scenarios, there are the following three aspects, namely storage, network, and devices on the terminal. Among them, the network service scenario is the biggest support scenario of BabaSSL, such as Taobao, Tmall, Alibaba Cloud and other server-side related link encryption. In addition, mobile apps, such as Alipay mobile app, integrate BabaSSL to realize multiple cryptographic capabilities.

1. Reveals the secret ecology of AnolisOS, it is enough to understand this article

With the support of the basic national secret algorithm, we have built a basic software ecosystem around the national secret algorithm on AnolisOS, and it is also a full-stack national secret solution: from the underlying firmware, the kernel, to the basic cryptography library, in the main The national secret transformation is carried out on the link, and finally a complete security trust chain based on the national secret is formed.

2. RFC8998+BabaSSL---Let the state secret sail to the farther sea of stars

TLS can be said to be the cornerstone of the entire Internet security, ensuring the security of our communication data. With TLS 1.3+ national secret officially becoming a national/international recognized standard (RFC8998), we also officially supported related capabilities in BabaSSL and made them open source, and built the BabaSSL community.

3. TLS handshake bandwidth dropped by 80%, how did BabaSSL do it

To ensure data security, TLS/SSL is usually used for encrypted transmission. When the client accesses the server background, the client will first perform a TLS handshake with the server. RFC 8879 TLS Certificate Compression is to solve this problem. It provides certificate compression function during TLS 1.3 handshake, which greatly reduces data transmission and bandwidth consumption of TLS handshake.

4. Tengine + BabaSSL, make the national secret easier to use!

The famous domestic web server and reverse proxy open source software Tengine ( https://tengine.taobao.org ) has completed the adaptation of BabaSSL ( https://www.babassl.cn ). Tengine adapts the special API provided by BabaSSL and adds support for NTLS related capabilities. No additional patches or code changes are required, which further improves the convenience from the user's point of view.

Interested in cryptography, privacy computing

👏 We are waiting for you to join us!