daily3014/cryptography
v2.4.0 ·
Luau implementations of popular hashing/encryption algorithms
Luau Cryptography
Luau Cryptography is a library of cryptographic algorithims written in Luau. It supports Post-Quantum (PQ), Elliptic Curve Cryptography (ECC), authenticated encryption and CSPRNG with many utilities.
Authors
daily3014 - Developer - @daily3014
Xoifail - Developer - @xoifail
Acknowledgments
- Thanks to those who gave feedback and testing
- Special thanks to all contributors and bug reporters
- AES was originally made by @RobloxGamerPro200007
Disclaimer
While this library has extensive testing, it's always recommended that you do your own tests. Keep in mind that there may be timing vulnerabilities that cannot be fixed due to how Luau compiles functions. This library is NOT intended for exploitation, harassment, illegal activities, or explicit content. All security issues should be reported in the Discord server.
Installation
Wally
[dependencies]
cryptography = "daily3014/[email protected]"Pesde
pesde add daily3014/cryptographyManual Installation
Download the latest release from GitHub and place it in your Roblox Studio project.
List of Algorithms
Elliptic Curve Cryptography
Digital Signature Schemes
- Ed25519 signatures with masked operations for side-channel protection
Key Exchange
- X25519: Elliptic curve Diffie-Hellman over Curve25519
Post-Quantum Cryptography
KEM: Key Encapsulation Methods
- ML-KEM: modes 512, 768, 1024 (Kyber-based, NIST standardized)
Digital Signature Schemes
Symmetric Cryptography
Hash Functions
- SHA-2 Family: SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, SHA-512/256 with optional salt support
- SHA-3 Family: SHA3-224, SHA3-256, SHA3-384, SHA3-512, SHAKE-128, SHAKE-256 (FIPS 202)
- BLAKE Family: BLAKE3 (fastest available), BLAKE3-Keyed, BLAKE3-DeriveKey, BLAKE2b
Message Authentication
- HMAC: Hash-based Message Authentication Code (works with any hash function)
Authenticated Encryption
- ChaCha20-Poly1305: AEAD construction (RFC 8439)
- AES-GCM: Galois/Counter Mode
Stream & Block Ciphers
- ChaCha20: Stream cipher (RFC 8439)
- AES: Advanced Encryption Standard
- Simon: Lightweight block cipher
- Speck: Lightweight block cipher
- XOR: Simple additive cipher
Checksums
- CRC32: Cyclic Redundancy Check (JAM/ISO modes)
- Adler-32: Checksum algorithm
- XXH32: Ultra-fast non-cryptographic hash
Utilities
Encoding & Conversion
- Base64: Encode and decode
- Hexadecimal: Buffer to/from hex string conversion
Random Generation
- CSPRNG: Cryptographically Secure Pseudo-Random Number Generator with entropy management
- Random strings and bytes generation
Performance
Performance benchmarks conducted in Roblox Studio on Intel Core i7-12700 using Benchmarker by @boatbomber.
Hashing / Checksum
| Algorithm | Data Size | This Library | HashLib | Alternative | Other Libraries | Improvement |
|---|---|---|---|---|---|---|
| SHA-256 | 20k | 370 μs | 2058 μs | 493 μs (Old Version) | 596 μs (Dekkonot) | 5.5x faster than HashLib |
| SHA-512 | 20k | 766 μs | 4348 μs | 1066 μs (Dekkonot) | - | 5.7x faster than HashLib |
| SHA3-512 | 20k | 1.38 ms | 10.60 ms | - | - | 7.7x faster than HashLib |
| BLAKE3 | 20k | 168 μs | - | - | - | - |
| HMAC-BLAKE3 | 20k | 165 μs | - | - | - | - |
| Adler-32 | 200k | 190 μs | - | 1.65 ms (Naive Approach) | - | 8.7x faster |
| CRC32 | 200k | 2.01 ms | - | 6.26 ms (DevForum) | - | 3.1x faster |
Encryption
| Algorithm | Data Size | This Library | Alternative | Other Libraries | Improvement |
|---|---|---|---|---|---|
| ChaCha20 (Encrypt) | 20k | 266 μs | 7.87 ms (EncryptedNet) | - | 29.6x faster |
| ChaCha20 (Roundtrip) | 20k | 538 μs | ~15 ms (EncryptedNet) | - | 27.9x faster |
| ChaCha20-Poly1305 (Encrypt) | 20k | 310 μs | - | - | - |
| ChaCha20-Poly1305 (Roundtrip) | 20k | 642 μs | - | - | - |
| Simon (Encrypt) | 20k | 395 μs | - | - | - |
| Simon (Roundtrip) | 20k | 790 μs | - | - | - |
| Speck (Encrypt) | 20k | 350 μs | - | - | - |
| Speck (Roundtrip) | 20k | 700 μs | - | - | - |
| AES-GCM (Encrypt) | 20k | 16.25 ms | - | - | - |
| AES-GCM (Roundtrip) | 20k | 32.47 ms | - | - | - |
| XOR (Encrypt) | 1 million | 1.10 ms | ~49.5 ms (@TwiistedRoyalty) | 4000 ms (daily) | 64.3x faster |
| XOR (Roundtrip) | 1 million | 2.20 ms | 98.9 ms (@TwiistedRoyalty) | ~8000 ms (daily) | 64.3x faster |
Digital Signatures & Key Exchange
| Algorithm | Operation | Time | Alternative | Improvement |
|---|---|---|---|---|
| EdDSA (Roundtrip) | Sign+Verify | 1.4 ms | - | - |
| ML-DSA-44 (Roundtrip) | Sign+Verify | 9.59 ms | - | - |
| ML-KEM-512 (Roundtrip) | Encap+Decap | 1.19 ms | - | - |
Utilities
| Algorithm | Data Size | Time | Alternative | Improvement |
|---|---|---|---|---|
| Base64 (Encode/Decode) | 20k | 181 μs | - | - |
Roundtrip: Complete encrypt/decrypt or sign/verify cycle
API Reference
Hashing Functions
SHA-2 Family:
Hashing.SHA2.SHA224(Message: buffer, Salt?: buffer) -> string
Hashing.SHA2.SHA256(Message: buffer, Salt?: buffer) -> string
Hashing.SHA2.SHA384(Message: buffer, Salt?: buffer) -> string
Hashing.SHA2.SHA512(Message: buffer, Salt?: buffer) -> stringSHA-3 Family:
Hashing.SHA3.SHA3_224(Message: buffer) -> string
Hashing.SHA3.SHA3_256(Message: buffer) -> string
Hashing.SHA3.SHA3_384(Message: buffer) -> string
Hashing.SHA3.SHA3_512(Message: buffer) -> string
Hashing.SHA3.SHAKE_128(Message: buffer) -> string
Hashing.SHA3.SHAKE_256(Message: buffer) -> stringBLAKE Family:
Hashing.Blake3.Digest(Message: buffer, Length?: number) -> string
Hashing.Blake3.DigestKeyed(Key: buffer, Message: buffer, Length?: number) -> string
Hashing.Blake3.DeriveKey(Context: buffer): (buffer, number?) -> (string, buffer)
Hashing.Blake2b(InputData: buffer, OutputLength: number?, KeyData: buffer?) -> stringAuthentication:
Hashing.HMAC(Message: buffer, Key: buffer, HashFn: function, BlockSize: number) -> stringFast Hashing:
Hashing.XXH32(Message: buffer, Seed?: number) -> numberEncryption Functions
Stream Cipher:
Encryption.AEAD.ChaCha20(Data: buffer, Key: buffer, Nonce: buffer, Counter?: number, Rounds?: number) -> bufferAuthenticated Encryption:
Encryption.AEAD.Encrypt(Message: buffer, Key: buffer, Nonce: buffer, AAD?: buffer, Rounds?: number) -> (buffer, buffer)
Encryption.AEAD.Decrypt(Ciphertext: buffer, Key: buffer, Nonce: buffer, Tag: buffer, AAD?: buffer, Rounds?: number) -> buffer?Block Ciphers:
-- AES-GCM
AES.Encrypt(Key: buffer, IV: buffer, Plaintext: buffer, AAD: buffer?) -> (buffer, buffer)
AES.Decrypt(Key: buffer, IV: buffer, Ciphertext: buffer, Tag: buffer, AAD: buffer?) -> (boolean, buffer?)
-- Simon
Encryption.Simon.Encrypt(PlaintextBuffer: buffer, KeyBuffer: buffer) -> buffer
Encryption.Simon.Decrypt(CipherBuffer: buffer, KeyBuffer: buffer) -> buffer
-- Speck
Encryption.Speck.Encrypt(PlaintextBuffer: buffer, KeyBuffer: buffer) -> buffer
Encryption.Speck.Decrypt(CipherBuffer: buffer, KeyBuffer: buffer) -> bufferSimple Cipher:
Encryption.XOR(Data: buffer, Key: buffer) -> bufferDigital Signatures
EdDSA (Ed25519):
Verification.EdDSA.PublicKey(SecretKey: buffer) -> buffer
Verification.EdDSA.Sign(SecretKey: buffer, PublicKey: buffer, Message: buffer) -> buffer
Verification.EdDSA.Verify(PublicKey: buffer, Message: buffer, Signature: buffer) -> booleanMasked X25519:
Verification.EdDSA.X25519.Mask(SecretKey: buffer) -> buffer
Verification.EdDSA.X25519.MaskSignature(SignatureSecretKey: buffer) -> buffer
Verification.EdDSA.X25519.Remask(MaskedKey: buffer) -> buffer
Verification.EdDSA.X25519.PublicKey(MaskedKey: buffer) -> buffer
Verification.EdDSA.X25519.Exchange(MaskedSecretKey: buffer, TheirPublicKey: buffer) -> (buffer, buffer)
Verification.EdDSA.X25519.MaskComponent(MaskedKey: buffer) -> bufferML-DSA (Post-Quantum):
Mldsa.ML_DSA_44.GenerateKeys() -> (PublicKey: buffer, SecretKey: buffer)
Mldsa.ML_DSA_44.Sign(RandomSeed: buffer, SecretKey: buffer, Message: buffer, Context: buffer, Signature: buffer) -> boolean
Mldsa.ML_DSA_44.Verify(PublicKey: buffer, Message: buffer, Context: buffer, Signature: buffer) -> boolean
Mldsa.ML_DSA_65.GenerateKeys() -> (PublicKey: buffer, SecretKey: buffer)
Mldsa.ML_DSA_65.Sign(RandomSeed: buffer, SecretKey: buffer, Message: buffer, Context: buffer, Signature: buffer) -> boolean
Mldsa.ML_DSA_65.Verify(PublicKey: buffer, Message: buffer, Context: buffer, Signature: buffer) -> boolean
Mldsa.ML_DSA_87.GenerateKeys() -> (PublicKey: buffer, SecretKey: buffer)
Mldsa.ML_DSA_87.Sign(RandomSeed: buffer, SecretKey: buffer, Message: buffer, Context: buffer, Signature: buffer) -> boolean
Mldsa.ML_DSA_87.Verify(PublicKey: buffer, Message: buffer, Context: buffer, Signature: buffer) -> booleanKey Encapsulation
ML-KEM (Post-Quantum):
MlKem.MLKEM_512.GenerateKeys() -> (PublicKey: buffer, SecretKey: buffer)
MlKem.MLKEM_512.KeyGen(D: buffer, Z: buffer) -> (PublicKey: buffer, SecretKey: buffer)
MlKem.MLKEM_512.Encapsulate(PublicKey: buffer, Message: buffer) -> (Ciphertext: buffer?, SharedSecret: buffer?)
MlKem.MLKEM_512.Decapsulate(SecretKey: buffer, Ciphertext: buffer) -> SharedSecret: buffer
MlKem.MLKEM_768.GenerateKeys() -> (PublicKey: buffer, SecretKey: buffer)
MlKem.MLKEM_768.KeyGen(D: buffer, Z: buffer) -> (PublicKey: buffer, SecretKey: buffer)
MlKem.MLKEM_768.Encapsulate(PublicKey: buffer, Message: buffer) -> (Ciphertext: buffer?, SharedSecret: buffer?)
MlKem.MLKEM_768.Decapsulate(SecretKey: buffer, Ciphertext: buffer) -> SharedSecret: buffer
MlKem.MLKEM_1024.GenerateKeys() -> (PublicKey: buffer, SecretKey: buffer)
MlKem.MLKEM_1024.KeyGen(D: buffer, Z: buffer) -> (PublicKey: buffer, SecretKey: buffer)
MlKem.MLKEM_1024.Encapsulate(PublicKey: buffer, Message: buffer) -> (Ciphertext: buffer?, SharedSecret: buffer?)
MlKem.MLKEM_1024.Decapsulate(SecretKey: buffer, Ciphertext: buffer) -> SharedSecret: bufferUtility Functions
Encoding:
Utilities.Base64.Encode(Input: buffer) -> buffer
Utilities.Base64.Decode(Input: buffer) -> stringConversions:
Utilities.Conversions.ToHex(Buffer: buffer) -> string
Utilities.Conversions.FromHex(Hex: string) -> bufferRandom Generation:
Utilities.RandomString(Length: number) -> stringCSPRNG:
Utilities.CSPRNG.Random() -> number
Utilities.CSPRNG.RandomInt(Min: number, Max: number?) -> number
Utilities.CSPRNG.RandomNumber(Min: number, Max: number?) -> number
Utilities.CSPRNG.RandomBytes(Count: number) -> buffer
Utilities.CSPRNG.RandomHex(Length: number) -> string
Utilities.CSPRNG.RandomString(Length: number, AsBuffer: boolean?) -> buffer | string
Utilities.CSPRNG.Ed25519ClampedBytes(Input: buffer) -> buffer
Utilities.CSPRNG.Ed25519Random() -> buffer
Utilities.CSPRNG.Reseed(CustomEntropy: buffer?)
Utilities.CSPRNG.AddEntropyProvider(ProviderFunction: () -> buffer?)
Utilities.CSPRNG.RemoveEntropyProvider(ProviderFunction: () -> buffer?)Checksum Functions
Checksums.CRC32(Message: buffer, Mode: "Jam" | "Iso"?, Hex: boolean?) -> number
Checksums.Adler(Message: buffer) -> numberTesting and Benchmarking
Running Tests
To run the complete test suite:
bash scripts/test.shThis will launch Roblox Studio, execute all tests, and display results in your terminal.
Development Testing
For continuous testing during development:
bash scripts/dev.shThis starts a Rojo server. Open Roblox Studio and sync Rojo into a Baseplate. Whenever you run the game server, the test suites will run and results will show in the Output widget.
Contributing
To contribute, fork this repository and make your changes, and then make a Pull Request. A Pull Request needs approval.
Please read the CONTRIBUTING.md file for detailed guidelines.
FAQ
Will you add other algorithms?
Maybe! It depends on whether the algorithm is feasible to implement in Luau without requiring extremely expensive calculations like RSA/Argon.
How is this library faster?
Through extensive optimizations including efficient buffer operations, algorithm tuning, and Luau-specific optimizations.
Which algorithms should I use?
- Hashing: SHA-256 for general use, XXH32 for speed, BLAKE3 for speed and security, SHA3-256 for latest standards
- Encryption: ChaCha20-Poly1305 AEAD for authenticated encryption, AES-GCM for compatibility and security
- Signatures: Ed25519 for fast digital signatures and key exchange, ML-DSA for post-quantum security
- Key Exchange: ML-KEM for post-quantum key encapsulation, X25519 for compatibility
License
This project is licensed under the MIT License. See the LICENSE file for details.