NaCl: Networking and Cryptography library 
Computer Aided Cryptography Engineering 
ECRYPT II 

Validation and verificationIt is essential for cryptographic libraries to compute exactly the functions that they are meant to compute, and for those functions to be secure. A signaturechecking library is a security disaster if it has a bug that accepts invalid signatures, for example, or if the signature system that it implements is 512bit RSA.The following report specifies NaCl's default mechanism for publickey authenticated encryption, and along the way specifies NaCl's default mechanisms for scalar multiplication (Curve25519), secretkey authenticated encryption, secretkey encryption (Salsa20), and onetime authentication (Poly1305): (PDF) Daniel J. Bernstein, "Cryptography in NaCl", 45pp. The same report includes a complete stepbystep example of authenticated encryption, independent implementations testing each step, detailed security notes, and references to the relevant literature. The NaCl compilation scripts test known outputs of each primitive for many different message lengths, test consistency of different functions supported by the same primitive (for example, crypto_stream_xor matches crypto_stream), and test memory safety in several ways. VersionThis is version 2009.03.10 of the valid.html web page. 