Charm: A tool for rapid cryptographic prototyping

Charm is a framework for rapidly prototyping advanced cryptosystems. Based on the Python language, it was designed from the ground up to minimize development time and code complexity while promoting the reuse of components.

Charm uses a hybrid design: performance intensive mathematical operations are implemented in native C modules, while cryptosystems themselves are written in a readable, high-level language. Charm additionally provides a number of new components to facilitate the rapid development of new schemes and protocols.

Features of Charm include:

  • Support for various mathematical settings, including integer rings/fields, bilinear and non-bilinear Elliptic Curve groups.
  • Base crypto library, including symmetric encryption schemes, hash functions, PRNGs.
  • Standard APIs for constructions such as digital signature, encryption, commitments.
  • A “protocol engine” to simplify the process of implementing multi-party protocols.
  • An integrated compiler for interactive and non-interactive ZK proofs.
  • Integrated benchmarking capability.
Charm ships with a library of implemented cryptosystems. This library includes public key encryption schemes, identity-based encryption schemes, attribute-based encryption schemes, digital signatures, privacy-preserving signatures, commitment schemes, zero-knowledge proofs, and interactive protocols such as anonymous credential and oblivious transfer schemes.

To cite Charm, use the following bibtex reference:

  journal=Journal of Cryptographic Engineering,
  title=Charm: a framework for rapidly prototyping cryptosystems,
  keywords=Applied cryptography; Protocols; Software; Privacy,
  author=Akinyele, Joseph A. and Garman, Christina and Miers, Ian 
          and Pagano, Matthew W. and Rushanan, Michael 
          and Green, Matthew and Rubin, Aviel D.,

This work was made possible by NSF grant CNS 1010928 and Grant Number HHS 90TR0003/01.  Its contents are solely the responsibility of the authors and do not necessarily represent the official views of the HHS.


The Charm code repository is split into two branches: the dev branch (for Python 3.x) and the 2.7-devbranch (for Python 2.7).

To check out the dev branch (default):

git clone
To switch to the 2.7-dev branch:
git checkout 2.7-dev
To switch back to the dev branch:
git checkout dev
Frequently Asked Questions

Frequently Asked Questions

Q: What is Charm?

Charm is a framework for rapidly prototyping new cryptographic schemes and protocols.  The design philosophy of Charm is to remove the barriers that make it difficult for researchers and developers to implement their work.  Charm accomplishes this by providing a framework based around a high-level language (Python) and a set of tools that handle many of the difficult aspects of cryptographic development.

Q: Who should use Charm?

This first release of Charm is targeted at cryptographers and computer security researchers.  However we hope that someday in the not-too-distant future Charm will also be useful to open source and commercial software developers.

Q: What’s wrong with existing development approaches?

Many cryptographic libraries are written in C or C++ because these languages are relatively ‘low-level’ and are perceived to offer performance benefits.  This is accurate in some cases.  However, these languages tend to impose barriers that complicate the development of cryptosystems.  Charm is designed from the ground up to facilitate cryptographic development using re-usable components.

Q: Why Python?

Charm is based on the Python programming language, with some performance-critical modules written in C.  Python provides a number of useful features that simplify the development of cryptographic schemes, including loose typing, flexible data structures and operator overloading.  Moreover Python programs are relatively free of clutter.  The language is well supported and can be used in a variety of environments.

Q: Is Charm just a crypto library?

Charm is a framework for developing cryptosystems.  It ships with a library (“toolbox”) of re-usable code, but it also includes infrastructure to assist cryptographic implementers.  These include tools for combining primitives, an interactive protocol engine and a zero-knowledge proof compiler.

Q: Can Charm code be used in applications?

Yes.  Charm schemes can be incorporated into C and C++ programs.  We are currently working to incorporate Charm code into Java programs via the Jython compiler.