Rust Cryptography Should Be Written in Rust (opens in new tab)

That's Brian's point. rustls/webpki/ring do not have funding in line with projects like Go's crypto or BoringSSL:

> ... ARM, Amazon Web Services, Google, and Microsoft [...] should support the Rust community by letting their experts help the Rust community create FIPS-validated cryptography libraries written entirely in safe Rust that expose safe and idiomatic Rust APIs.

Rust's large corporate sponsors need to step up to make these crates more broadly suitable for production.

Last I tried it also had issues with building on platforms like MIPS or PPC. If hardware acceleration is not available it should fall back to software not fail to build.

I feel like yes the basic crypto functions should be hardware, hopefully done right and those exposed in the language as builtin functions. Not compiled at the whim of the compiler. Although will point out hardware guys have been mucking up and creating security holes too.

FWIW, RustCrypto is neither written in safe rust or only rust. It uses inline assembly, unsafe byte manipulation, and unsafe intrinsics

I thought it weird that the post didn’t mention RustCrypto. It’s legit.

Probably SIMD support and constant time support. Crypto libraries tend to use SIMD a lot to be fast.

You can write constant time code in Rust by carefully making sure your code only compiles to constant time instructions without branches, but you'd really want some kind of annotation on the code to enforce that.

That's mostly a guess though.

Deterministic builds, and inability to ensure constant-time operations are the two that come to mind. The first is a build security / supply chain issue, and the latter is a real vulnerability if the rust compiler "helpfully" optimizes away no-op operations in alternate code paths.

At my $BIGCORP, we have a multi-mode (discrete/continuous) simulation engine written in Rust. It has to be extremely fast, and interface with both firmware written in C, and scripts written in Python. C++ was the only other viable option, but none of us were confident writing safe and performant C++, so we picked rust instead.

Now that I've been using rust for ~5 years, I reach for rust for when I have to do almost anything else. I write small backend services in rust[1], and small utilities that would previously have been python scripts[2]. The only thing I still use any other language for is python for writing test scripts + interactive data exploration, and typescript for front end stuff. We still use a lot of C for firmware because the Rust target support isn't as good as C yet.

[1] you might argue that Go might be better suited for this, but I disagree. The lack of null safety and less strict typing would come back to bite me a lot. A typical backend service we write is 10x simpler than our simulation engine so 1) compile times are approx the same as the project is small and 2) we usually don't care that much about performance for these services so we can just clone or RC away any problems we might have with the borrow checker. Swift might be a nice, but the ecosystem isn't there for backend apps last time I looked.

[2] Total LoC for small scripts ends up being about the same for python/rust in my experience. Development time is approx the same, but I much prefer maintaining small rust apps when I come back to it after 6 months. You _can_ set up safe and maintainable python projects with external libraries for validation, but its too much effort when rust has it all out of the box. Also, python deployment/venv management is still immensely frustrating

> Does anyone else use Rust outside the blockchain/cryptography space? What are you working on?

I work at Materialize which is building database software in Rust. One of my coworkers blogged about our experience with the language here: https://materialize.com/blog/our-experience-with-rust/

Im using it for a highly multithreaded real time web app. Also i disagree with your assessment, i think rust can really be used for everything.

For the business im building the frontend is written in js but everything on the backend is rust. i needed one highly multithreaded realtime server and rust was the right choice for that. For everything else (api, file server) I decided to just use rust too, maintaining a node backend and a rust backend and having to deal with typescript build systems when i could just use rust for everything made my life easier.

What ive found is that open source authors interested in releasing libraries in python and nodejs choose to write it once in rust then release python and js libraries using rust ffi.

See polars, yrs, rapierjs, lancedb, candle, etc.

It's become rather popular in the graphics (e.g. https://wgpu.rs/) and game dev (e.g. https://bevyengine.org/ ) spaces.

It's pretty popular for AWS Lambda functions.

Pretty popular for terminal / shell applications.

Definitely a great way to write wasm for compute or graphics intensive browser/web apps.

I use it for a desktop file transfer app [0]. I chose Rust because my primary language is Python and I just wanted to learn something new and really different for this project. Go would have been easier, but Rust just feels bullet proof. It's so strict. If it compiles, it works! It's been a very interesting journey.

[0] https://github.com/transmitic/transmitic

Linkerd's sidecar proxy (https://github.com/linkerd/linkerd2-proxy) is implemented in Rust. It implements transparent mTLS, HTTP load balancing, telemetry, etc. Rust gives us safety and security with a minimal resource footprint.

Rust is just a nice general purpose language. It's good more or less everywhere.

There are a few places where I wouldn't recommend it - for beginners, when compile time is really important (e.g. as a scripting engine in games), or where you need a repl (science).

But otherwise it's a better choice than most languages for most tasks.

For our client, we've developed a desktop application in Rust – with a thin GUI frontend in C++/Qt – to filter, process, and visualize sensor data streams (3D point cloud data from a Lidar). Each data stream was about 400-500 Mbit/s in 55k UDP packets per second, with support for at least 4 simultaneous streams. The focus was on high performance and development speed, security didn't matter at all.

We chose Rust for its unique position in the performance/productivity tradeoff space, and didn't regret it even for a second. There's no way we could have pulled this off with C++ in the same time, especially the bug-free parallelization.

Yes, in fact I see hardly any cryptocurrency stuff with rust.

I'm building an OS in rust, and write most firmware with rust too.

All of our core code is Rust and even in web backend and k8s tooling at http://www.ditto.live

Been a great choice even with trade offs like needing to train some hires and compilation speeds.

I'm building a 2D simulation game compiled to WASM using Bevy!

It's nicer writing in Rust than JS, no GC makes Rust a good WASM candidate, theoretically the performance can be better if you're careful, people take 2D game engines more seriously in lower level languages, and it keeps the door open for shipping on Steam later.

I've found it much slower to develop in, though. Compilation times are an issue and after working in JS for decades I realize how big the JS ecosystem is compared to something like Rust.

I doubt the decision was a good choice overall in terms of trying to ship an MVP, but it might still pay dividends for a finished product, if the game gets there, due to having a higher cap on performance

Defect language in the blockchain space is still JS/TS. Not sure you should be relying on their signals for security assurances.

> So far the only solid use case for Rust that I have seen in applications where security is extremely important.

Playing devil's advocate, when is security not extremely important, except maybe in throwaway bash script-type applications?

Only hobby coding, leetcode stuff and such.

Work is all about Java, .NET, Web and mobile OSes, Rust hardly brings anything to the table there, other than less capable tooling, higher attrition with existing ecosystem and complexity in designing borrow checker friendly algorithms versus automatic memory management.

> So far the only solid use case for Rust that I have seen in applications where security is extremely important.

But that's basically anything that touches the internet.

Not having buffer overflow vulnerabilities in your communications code is huge.

> Does anyone else use Rust outside the blockchain/cryptography space?

Cross-platform desktop app development, systems programming and authorization which is still cryptography related, I guess.

I use it for one off stuff I used to use Ruby for at the hobby level. The learning curve was high but it is very easy to reason about correctness.

I've used Rust for years in embedded Linux devices and more recently in signal processing.

there are some data processing projects, www.pola.rs for example

Well, let's put it this way. The python cryptography package contains rust code. The rust cryptography libraries are certainly not going to contain python code.

Unlike Python, Rust is efficient enough and suitable for low level bit twiddling to write fast crypto libraries without using an unsafe language like C.

20x performance increase when using rust over python.

Plus the syntax is not that different, you can hand transpose python -> rust.

Most of rust is written in rust, it targets being able to write low level code.

Once we've used Rust for everything else, we can solve the bootstrapping challenge.

You tend to the large bleeds before the small theoretical ones.

ISAs regularly leave all kinds of behavior undefined when they think it doesn’t matter (such as the state of the arithmetic flags after operations that shouldn’t need to the tested).

(But this is also irrelevant: assembly can be completely wrong and exploitable while also being perfectly well defined.)

Readability suffers though, with negative impacts on maintainability and even verifiability (fewer people able/willing to examine the source code).

goto fail wasn't caused by ambiguity or undefined behavior. C's rules here are crystal clear, and conditional branches in assembly also do not make the following instructions condition (unless you're using delay slots à la SPARC).

Heartbleed also wasn't caused by ambiguity or undefined behavior, if you believe compiler writers.

Wouldn’t the low readability make it easier to slip a vulnerability in by splicing it out into several changes?

There's plenty of undefined behaviour at that level, just look at Spectre and Meltdown vulnerabilities for example.