Tink Feature Roadmap

(based on Bazel Feature Roadmap)

This document describes the Tink team's plans for introducing features. Note that this roadmap only includes features that the Tink team itself intends to support. We anticipate that a number of other features will be added by code contributors.

In the following list, each feature is associated with a corresponding milestone. The convention for the priorities are:

  • P0 feature will block the milestone; we will delay the milestone date until the feature is shipped.

  • P1 feature can delay the milestone if the feature can be shipped with a reasonable delay.

  • P2 feature will be dropped and rescheduled for later rather than delaying the milestone. We will update this list when reaching each milestone; some milestones may also be refined if appropriate.

Planned feature list

1.2.0

Tentative release date: July 2018 (it was June 2018, but we need more time to prepare the Obj-C release).

  • Java

    • P1. Hybrid encryption with X25519 and ChaCha20Poly1305.

  • C++

    • P0. Initial release, feature parity with Java 1.0.0.
    • P0. Easy installation.
    • P1. Integration with Google Cloud KMS and AWS KMS.

  • Objective-C

    • P0. Initial release, feature parity with Java 1.0.0.
    • P0. Easy installation.
    • P1. Integration with iOS Keychain.

1.3.0

Tentative release date: February 2019.

Tentative new features:

  • Java

    • P0. Integration with Cloud KMS/AWS KMS: streaming envelope encryption
    • P1. AEAD: XCHACHA20-POLY1305
    • P1. Signature: RSA-SSA-PKCS1, RSA-PSS
    • P2. Streaming hybrid encryption

  • C++/Obj-C

    • P0. Integration with Cloud KMS/AWS KMS: key storage and (streaming) envelope encryption
    • P0. Streaming AEAD: AES-GCM-HKDF-STREAMING, AES-CTR-HMAC-STREAMING
    • P0. Deterministic AEAD: AES-SIV
    • P0. Digital signature: ED25519
    • P1. AEAD: XCHACHA20-POLY1305
    • P1. Signature: RSA-SSA-PKCS1, RSA-PSS
    • P2. Nonce reuse resistant AEAD: AES-GCM-SIV

  • Go

    • P0. AEAD: AES-GCM, AES-CTR-HMAC-AEAD
    • P0. MAC: HMAC-SHA2
    • P0. Signature: ECDSA with NIST curves
    • P0. Hybrid encryption: ECIES with NIST curves and AEAD
    • P1. AEAD: XCHACHA20-POLY1305
    • P1. Integration with Cloud KMS/AWS KMS: key storage and envelope encryption
    • P2. Signature: ED25519
    • P2. Deterministic AEAD: AES-SIV

1.4.0

Tentative release date: August 2019.

Tentative new features:

  • Go/Java/C++/Obj-C

    • P0. Benchmarking
    • P0. Full integration with Cloud KMS/AWS KMS: key storage, (streaming) envelope encryption, hybrid encryption and digital signature
    • P0. Initial support for Cloud HSM/AWS HSM
    • P1. Feature parity across platforms.

  • JavaScript

    • P0. Initial release that supports modern browsers

  • Python

    • P0. Initial CLIF-based release that can replace Keyczar.