Your feedback is important to keep improving our website and offer you a more reliable experience.




TinyCrypt is a small-footprint cryptography library targeting constrained devices. Its minimal set of standard cryptographic primitives are designed to provide secure messages, basic encryption, and random number generation, which are all needed to secure the small footprint of IoT devices.

TinyCrypt provides features to run SHA-256 hash functions, HMAC-SHA256 message authentications, HMAC-PRNG and AES-CTR-PRNG random number generators, AES-128 block cipher (with AES-CBC, AES-CTR, and AES-CMAC encryption modes), AES-CCM authenticated encryptions, ECC-DH key changes, and ECC_DSA digital signatures. TinyCrypt includes ~6857 lines of code while keeping a slim memory footprint of 44.586 KB. This makes TinyCrypt orders of magnitude smaller than both OpenSSL and TinyDTLS’s backend crypto libraries. TinyCrypt is designed for, integrated, and included in the latest release of Zephyr. The library was designed with a focus around security, minimal footprint, and flexibility.

Security is mandatory: With limited RAM on IoT devices, your cryptography library options are limited. When you’re working with embedded constrained devices, you want to know that your pseudo-random number generator is reliable. TinyCrypt has been vetted by a community of cryptography experts who wanted to build a dependable solution for devices that traditionally didn't have room for security. Connections and communications should always be encrypted in IoT devices. TinyCrypt lets you allocate custom primitives over whatever limited space you have. The library also provides a test program for each cryptographic primitive; this library evaluates the correctness of the implementations by checking the results against well-known, publicly validated test vectors.

Footprint is tiny: The code size of each cryptographic primitive has been minimized. This was achieved this by minimizing the size of a platform-independent implementation, limiting features, setting aside optimizations for other metrics, and prioritizing countermeasures for particular threats.

Flexibility is key: Choose only what you need. Compile only the primitives required by your application. TinyCrypt minimizes the dependencies among the cryptographic primitives. This means that it is unnecessary to build and allocate object code for more primitives than the ones that are strictly required by your intended application.

TinyCrypt support the following usages:

  • Measurement of code, data structures, and other digital artifacts

  • Generate commitments

  • Construct keys

  • Extract entropy from strings containing some randomness

  • Construct random mappings

  • Construct nonces and challenges

  • Authenticate using a shared secret

  • Create an authenticated, replay-protected session

  • Authenticated encryption

  • Key-exchange

  • Digital signature

Maintainer: Constanza Heath, Rafael Misoczki

Community Contributors:

Florin Lucha - Added support for MinGW064

Chris Morrison - Added an AES-CTR PRNG



Intel System Studio:



Mailing List: