[tor-talk] Programming language for anonymity network
nickm at alum.mit.edu
Fri Apr 18 17:48:46 UTC 2014
[Replying to Stevens and tor-talk only. Crossposting runs against my
On Fri, Apr 18, 2014 at 4:26 AM, Stevens Le Blond <stevens at mpi-sws.org> wrote:
> We are a team of researchers working on the design and implementation of
> a traffic-analysis resistant anonymity network and we would like to
> request your opinion regarding the choice of a programming language /
> environment. Here are the criteria:
5) Amenability to side-channel-free programming. It is
next-to-impossible to write cryptographic code in some programming
languages without introducing timing side channels.
6) Availability of, or access to, high-quality cryptographic and
networking backends. You don't want to be doing your own from
7) Runtime quality on target platforms. If you want to deliver
packages to windows users, your options are more constrained than they
might be than if you only need to support Linux. If you need to run
on smartphones, that's also a factor to consider.
8) Testing strategies. Some languages and environments make it
easier to isolate components for testing than others do.
Personally, if I were starting over, I'd look into a multi-languge
approach: a memory-safe compiled language for most of the programming,
with cryptographic and lowest-level networking code in C, and a
scripting language for higher level tasks and for component testing.
I'd probably use a multi-process architecture rather than trying to
cram everything into one address space. I'd use a terse performant
functional language for testing cryptographic components for
(As a charming coincidence, this _is_ the architecture that I'd like
to migrate Tor to, resources permitting.)
Also, as I'm sure you're finding out, language choice is a classic
"bikeshed problem" (see http://bikeshed.com/): you will get more
advice from more people about your choice of language than you will
about any other question you might ask, with the possible exception of
which license to use.
Best of luck and wishes for your anonymity network!
More information about the tor-talk