English

How Usable are Rust Cryptography APIs?

Cryptography and Security 2018-07-19 v4 Programming Languages Software Engineering

Abstract

Context: Poor usability of cryptographic APIs is a severe source of vulnerabilities. Aim: We wanted to find out what kind of cryptographic libraries are present in Rust and how usable they are. Method: We explored Rust's cryptographic libraries through a systematic search, conducted an exploratory study on the major libraries and a controlled experiment on two of these libraries with 28 student participants. Results: Only half of the major libraries explicitly focus on usability and misuse resistance, which is reflected in their current APIs. We found that participants were more successful using rust-crypto which we considered less usable than ring before the experiment. Conclusion: We discuss API design insights and make recommendations for the design of crypto libraries in Rust regarding the detail and structure of the documentation, higher-level APIs as wrappers for the existing low-level libraries, and selected, good-quality example code to improve the emerging cryptographic libraries of Rust.

Keywords

Cite

@article{arxiv.1806.04929,
  title  = {How Usable are Rust Cryptography APIs?},
  author = {Kai Mindermann and Philipp Keck and Stefan Wagner},
  journal= {arXiv preprint arXiv:1806.04929},
  year   = {2018}
}
R2 v1 2026-06-23T02:28:24.232Z