DEV Community

Mayne
Mayne

Posted on

38+ Cryptographic Algorithms in Pure Zig - Zero Dependencies, Zero Std Imports

I just open-sourced a collection of 38+ cryptographic algorithms written entirely in pure Zig -- zero external dependencies, zero std library imports, zero dynamic allocation.

The repo is called Cryptographic Algorithms for Ziglang and the constraint was simple: every algorithm had to be self-contained with no libsodium, no OpenSSL, no nothing. Just bare Zig.

What is Inside

17 Hash Functions: SHA-256/512, SHA3-256, SHAKE128/256, BLAKE2b, BLAKE3, BLAKE2s, RIPEMD-160/320, Whirlpool, Tiger, MD5, SHA-1, SHA-224/384, Skein-256/512, Grostl-256/512, JH-256/512

6 Symmetric Ciphers: AES-128/256, ChaCha20 + HChaCha20, ChaCha20-Poly1305 (AEAD), TripleDES, Blowfish, Poly1305

5 Password Hashing & KDFs: PBKDF2, bcrypt, scrypt, Argon2id (RFC 9106), HKDF (RFC 5869)

6 Asymmetric Crypto & Key Exchange: RSA (OAEP/PSS, up to 2048-bit), Diffie-Hellman + X25519, ECDSA (secp256k1), EdDSA (Ed25519), BLS (BLS12-381), Schnorr (secp256k1)

4 Post-Quantum Schemes: ML-KEM (Kyber768), ML-DSA (Dilithium65), SLH-DSA (SPHINCS+), NTRU (HPS2048509)

Why This Matters

Zig is gaining traction in systems programming, embedded, and -- critically -- blockchain development. But the Zig ecosystem lacks a comprehensive, self-contained cryptography library. Most projects either link OpenSSL (defeating Zig's cross-compilation advantage) or vendor scattered implementations.

This repo fixes that. Every algorithm lives in a single .zig file with embedded test vectors from RFCs and NIST standards. Run zig test filename.zig and you're done.

The Hard Parts

The "zero std imports" constraint meant writing from scratch:

  • A 2048-bit BigInt (64 u64 limbs) for RSA and DSA arithmetic
  • Endianness conversion, bitwise rotation, memory copy -- all hand-rolled
  • Elliptic curve math for secp256k1, Curve25519, and BLS12-381
  • NTT polynomial multiplication for ML-KEM and ML-DSA (post-quantum)

No std.mem, no std.math, no std.crypto. It forced a deep understanding of every algorithm.

Blockchain Ready

The algorithm choices are tailored for blockchain work:

  • secp256k1 ECDSA -- Bitcoin transaction signing
  • Ed25519 -- Solana and many modern chains
  • Schnorr -- Taproot upgrade signatures
  • SHA-256 + RIPEMD-160 -- Bitcoin address derivation
  • BLS12-381 -- aggregated signatures for consensus

Quick Start

git clone https://github.com/Mayne-X/Cryptographic-Algorithms-for-Ziglang.git
cd Cryptographic-Algorithms-for-Ziglang

# Run all tests
zig build test

# Or test a single file
zig test "Cryptographic Hash Functions/SHA-256.zig"
zig test "Symmetric Key Cryptography/AES.zig"
Enter fullscreen mode Exit fullscreen mode

Requires Zig >= 0.13.

Design Principles

  • Zero std imports -- every utility is handwritten
  • Zero dependencies -- pure Zig, no external crates
  • No dynamic allocation -- all fixed-size stack arrays
  • Embedded test vectors -- every file tests against known RFC/NIST vectors

Limitations (Honest Ones)

The post-quantum implementations are simplified -- self-consistent but not fully RFC-compliant. BigInt maxes at 2048 bits (enough for RSA-2048, not larger). BLS is a stub with curve constants but no pairing math yet. These are clearly documented.

Get Involved

The entire project is MIT-licensed and available on GitHub at Cryptographic Algorithms for Ziglang. Stars, issues, and PRs welcome.

If you are building a Zig-based blockchain, embedded system, or just want to learn how crypto works under the hood by reading clean Zig code, this repo is for you.

Top comments (0)