Tink Feature Roadmap

This document describes the Tink team's plans for introducing features.

This roadmap only includes features that the Tink team itself intends to implement. Other features may be added by code contributors.

In the following list, features are bundled together by milestone and and then by the language implementation they're associated with.

Each feature is prefixed with a priority level. The defintion of the priority levels are are:

  • P0: The feature will block the milestone. We will delay the milestone date until the feature is shipped.

  • P1: The feature can delay the milestone if the feature can be shipped with a reasonable delay.

  • P2: The feature will be dropped and rescheduled for later rather than delaying the milestone.

This list will be updated periodically and milestones may be refined if appropriate.

Upcoming milestones

1.3.0

Tentative release date: November 2019.

Tentative new features:

  • Java

    • P1. AEAD: XCHACHA20-POLY1305
    • P1. Signature: RSA-SSA-PKCS1, RSA-PSS

  • C++

    • P0. Integration with Cloud KMS/AWS KMS: key storage and envelope encryption
    • P0. Streaming AEAD: AES-GCM-HKDF-STREAMING, AES-CTR-HMAC-STREAMING
    • P0. Deterministic AEAD: AES-SIV
    • P0. Digital signature: ED25519
    • P1. AEAD: XCHACHA20-POLY1305, AES-GCM-SIV
    • P1. Signature: RSA-SSA-PKCS1, RSA-PSS

  • Objective-C

    • P0. Deterministic AEAD: AES-SIV
    • P0. Digital signature: ED25519
    • P1. AEAD: XCHACHA20-POLY1305
    • P1. Signature: RSA-SSA-PKCS1, RSA-PSS

  • Go

    • P0. AEAD: AES-GCM, AES-CTR-HMAC-AEAD
    • P0. MAC: HMAC-SHA2
    • P0. Signature: ECDSA with NIST curves
    • P0. Hybrid encryption: ECIES with NIST curves and AEAD
    • P1. AEAD: XCHACHA20-POLY1305
    • P1. Integration with Cloud KMS/AWS KMS: key storage and envelope encryption
    • P2. Signature: ED25519
    • P2. Deterministic AEAD: AES-SIV

1.4.0

Tentative release date: February 2019.

Tentative new features:

  • Java

    • P0. AEAD: AES-GCM-SIV
    • P1. Integration with Cloud KMS/AWS KMS: streaming envelope encryption
    • P1. Full integration with Cloud KMS/AWS KMS: key storage, (streaming) envelope encryption, hybrid encryption and digital signature
    • P1. Initial support for Cloud HSM/AWS HSM
    • P2. Nonce reuse resistant AEAD: AES-GCM-SIV

  • C++

    • P1. Integration with Cloud KMS/AWS KMS: streaming envelope encryption
    • P1. Full integration with Cloud KMS/AWS KMS: key storage, (streaming) envelope encryption, hybrid encryption and digital signature
    • P1. Initial support for Cloud HSM/AWS HSM
    • P1. Feature parity across implementations
    • P2. Nonce reuse resistant AEAD: AES-GCM-SIV

  • Objective-C

    • P0. Streaming AEAD: AES-GCM-HKDF-STREAMING, AES-CTR-HMAC-STREAMING
    • P1. AEAD: AES-GCM-SIV
    • P1. Feature parity across implementations
    • P2. Nonce reuse resistant AEAD: AES-GCM-SIV

  • Go

    • P0. Streaming AEAD: AES-GCM-HKDF-STREAMING, AES-CTR-HMAC-STREAMING
    • P1. AEAD: AES-GCM-SIV
    • P1. Full integration with Cloud KMS/AWS KMS: key storage, (streaming) envelope encryption, hybrid encryption and digital signature
    • P1. Initial support for Cloud HSM/AWS HSM
    • P1. Feature parity across implementations
    • P2. Nonce reuse resistant AEAD: AES-GCM-SIV

  • JavaScript

    • P0. Initial release that supports modern browsers

  • Python

    • P0. Initial CLIF-based release that can replace Keyczar.

Past Milestones

1.2.0

Release date: August 2018

Release Notes

  • Java

    • P1. Hybrid encryption with X25519 and ChaCha20Poly1305.

  • C++

    • P0. Initial release, feature parity with Java 1.0.0.
    • P0. Easy installation.
    • P1. Integration with Google Cloud KMS and AWS KMS.

  • Objective-C

    • P0. Initial release, feature parity with Java 1.0.0.
    • P0. Easy installation.
    • P1. Integration with iOS Keychain.