Meta-repository for Miscreant: misuse-resistant symmetric encryption library with AES-SIV (RFC 5297) and AES-PMAC-SIV support

Overview

miscreant.

MIT Licensed Gitter Chat

The best crypto you've never heard of, brought to you by Phil Rogaway

A misuse resistant symmetric encryption library designed to support authenticated encryption of individual messages, encryption keys, message streams, or large files using the AES-SIV (RFC 5297), AES-PMAC-SIV, and STREAM constructions.

Miscreant is available for several programming languages, including C#, Go, JavaScript, Python, Ruby, and Rust.

What is Miscreant?

Miscreant is a set of interoperable libraries implemented in several languages providing a high-level API for misuse-resistant symmetric encryption. Additionally, it provides support for "online" [authenticated encryption] use cases such as streaming or incrementally encryption/decryption of large files.

The following algorithms are provided by Miscreant:

  • AES-SIV: an authenticated mode of AES which provides nonce reuse misuse resistance. Described in RFC 5297, it combines the AES-CTR (NIST SP 800-38A) mode of encryption with the AES-CMAC(NIST SP 800-38B) function for integrity.

  • AES-PMAC-SIV: a fully parallelizable variant of AES-SIV which substitutes the AES-PMAC function for integrity, providing effectively identical security properties as the original construction, but much better performance on systems which provide parallel hardware implementations of AES, namely Intel/AMD CPUs.

  • STREAM: a construction which, when combined with AES-SIV or AES-PMAC-SIV, provides online/streaming authenticated encryption and defends against reordering and truncation attacks.

Cipher Comparison

Miscreant Ciphers

Name Authenticated Misuse Resistance x86 Speed IoT Speed† Standardization
AES-SIV πŸ’š πŸ’š πŸ’› πŸ’š RFC 5297
AES-PMAC-SIV πŸ’š πŸ’š πŸ’š πŸ’š None

Other Constructions

Name Authenticated Misuse Resistance x86 Speed IoT Speed† Standardization
AES-GCM-SIV πŸ’š πŸ’š πŸ’– πŸ’” Forthcoming‑
AES-GCM πŸ’š πŸ’” πŸ’– πŸ’” NIST SP 800-38D
AES-CCM πŸ’š πŸ’” πŸ’› πŸ’š NIST SP 800-38C
AES-CBC πŸ’” πŸ’” πŸ’š πŸ’š NIST SP 800-38A
AES-CTR πŸ’” πŸ’” πŸ’š πŸ’š NIST SP 800-38A
ChaCha20+Poly1305 πŸ’š πŸ’” πŸ’š πŸ’› RFC 7539
XSalsa20+Poly1305 πŸ’š πŸ’” πŸ’š πŸ’› None

Legend

Heart Meaning
πŸ’š Great
πŸ’› Fine
πŸ’” Bad

† Assumes hardware acceleration for the AES block cipher function

‑ Work is underway in the IRTF CFRG to provide an informational RFC for AES-GCM-SIV. For more information, see draft-irtf-cfrg-gcmsiv. When standardization work around AES-GCM-SIV is complete, it will be considered for inclusion in this library.

Language Support

Miscreant libraries are available for the following languages:

Language Version
C# nuget
Go N/A
JavaScript npm
Python pypi
Ruby gem
Rust crate

Documentation

Please see the Miscreant Wiki for more detailed documentation and usage notes.

Related Projects

  • XSTREAM: public-key cryptography built on Miscreant and the X25519 elliptic curve Diffie-Hellman function.
  • minc (the MIscreaNt Cryptotool): a command-line encryption utility built on Miscreant and XSTREAM.

Help and Discussion

Have questions? Want to suggest a feature or change?

Code of Conduct

We abide by the Contributor Covenant and ask that you do as well.

For more information, please see CODE_OF_CONDUCT.md.

Key Rap

The paper describing AES-SIV, Deterministic Authenticated-Encryption: A Provable-Security Treatment of the Key-Wrap Problem contains this explanatory rap song at the end, which goes out to all the chronic IV misusing miscreants in the land:

Yo! We’z gonna’ take them keys an’ whatever you pleaze
We gonna’ wrap ’em all up looks like some ran’om gup
Make somethin’ gnarly and funky won’t fool no half-wit junkie
So the game’s like AE but there’s one major hitch
No coins can be pitched there’s no state to enrich
the IV’s in a ditch dead drunk on cheap wine
Now NIST and X9 and their friends at the fort
suggest that you stick it in a six-layer torte
S/MIME has a scheme there’s even one more
So many ways that it’s hard to keep score
And maybe they work and maybe they’re fine
but I want some proofs for spendin’ my time
After wrappin’ them keys gonna’ help out some losers
chronic IV abusers don’t read no directions
risk a deadly infection If a rusty IV’s drippin’ into yo’ veins
and ya never do manage to get it exchanged
Then we got ya somethin’ and it comes at low cost
When you screw up again not all ’ill be lost

Contributing

Bug reports and pull requests are welcome on GitHub at https://github.com/miscreant/miscreant

Copyright

Copyright (c) 2017-2018 The Miscreant Developers. Distributed under the MIT license. See LICENSE.txt for further details.

Some language-specific subprojects include sources from other authors with more specific licensing requirements, though all projects are MIT licensed. Please see the respective LICENSE.txt files in each project for more information.

Comments
  • [Rust] Optional clear_on_drop

    [Rust] Optional clear_on_drop

    I am trying to compile to wasm32-unknown-unknown and get the following error:

    rust-lld: error: unknown file type: hide.o
    

    I read that I can't compile clear_on_drop to wasm.

    So it would be nice it could be excluded optionally.

    opened by cromefire 12
  • STREAM support (Nonce-based OAE)

    STREAM support (Nonce-based OAE)

    This is a tracking issue for adding support for the STREAM nonce-based OAE construction as described in the paper Online Authenticated-Encryption and its Nonce-Reuse Misuse-Resistance (Section 7, p. 18):

    STREAM Diagram

    Design

    The STREAM design used in Miscreant has the following properties:

    • KDF is not mandatory: raw Ek is used for encryption
    • Nonce encoding is nonce_prefix || ctr || last_block where:
      • nonce_prefix: 8-byte (64-bit) fixed prefix
      • ctr: 32-bit big endian counter value
      • last_block: 1-byte flag indicating if this is the last block (0x00 if false, 0x01 if true)
    • Associated data is per-message (as suggested in the IACR version of the paper)

    Implementation Status

    This is a tracking issue for adding STREAM support to the various language-specific implementations in this project:

    | Language | Support | Notes | |--------------|---------|-------------| | Go | βœ… | Done (#132) | | Python | βœ… | Done (#124) | | Ruby | βœ… | Done (#122) | | Rust | βœ… | Done (#112) | | TypeScript | βœ… | Done (#131) |

    enhancement golang js python ruby rust security 
    opened by tarcieri 12
  • .NET support

    .NET support

    This is the C# version of AES-SIV, targeting .NET Standard 2.0. That means it's cross-platform, working on both .NET Framework and .NET Core. This version contains AES-SIV implementation that is using CMAC (I plan to add PMAC very soon). It can currently be built from scratch, but I plan to build the Nuget package for it. The full test suite is present, but I didn't write the CI script yet (I never used Travis with .NET, so I have to learn how to do that first).

    security C# 
    opened by Metalnem 10
  • Adding a flag to enable software-only AES implementation

    Adding a flag to enable software-only AES implementation

    This PR is mostly to see if it passes through your CI. And maybe there is some bikeshedding to be done on the name of the flag :sweat_smile:

    Other than that, is there anything this is missing? (Assuming it passes the tests)

    rust 
    opened by spacekookie 8
  • AES-SIV interop with no nonce, aad or plaintext

    AES-SIV interop with no nonce, aad or plaintext

    When trying to test interoperability with an implementation for another lib, I stumbled on the case where N=0 (according to https://tools.ietf.org/html/rfc5297#section-2.4 ). That's the case where the key is used to encrypt zero data, zero AD, with no nonce. That follows a separate path in the pseudo code:

          S2V(K, S1, ..., Sn) {
            if n = 0 then
              return V = AES-CMAC(K, <one>)
            fi
    

    On your test vectors I see the following:

                "name:s":"Empty Authenticated Data And Plaintext Example",
                "key:d16":"fffefdfcfbfaf9f8f7f6f5f4f3f2f1f0f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff",
                "ad:A<d16>":[],
                "plaintext:d16":"",
    "ciphertext:d16":"f2007a5beb2b8900c588a7adf599f172"
    

    With my implementation

    key: fffefdfcfbfaf9f8f7f6f5f4f3f2f1f0f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff
    nonce,aad,plaintext zero
    ciphertext: 949f99cbcc3eb5da6d3c45d0f59aa9c7
    

    While I'm not complete sure that this lib is wrong here, when in my code remove the special handling for the case of zero ad,plaintext and nonce, it brings the exact same ciphertext as you have in the test vector. Seeing the code, there seems to be no special handling of this case.

    opened by nmav 6
  • [C#] AES CMAC implementation crashes with certain plain text len

    [C#] AES CMAC implementation crashes with certain plain text len

    Hello, I think I found a bug. Please have a look at the following C# code:

    var aead = Aead.CreateAesCmacSiv( masterKey ); aead.Seal( Encoding.UTF8.GetBytes( "123456789012345" ) ); // Works aead.Seal( Encoding.UTF8.GetBytes( "1234567890123456" ) ); // Crashes aead.Seal( Encoding.UTF8.GetBytes( "12345678901234567" ) ); // Works

    Message: "Index out of range" StackTrace: "Miscreant.Utils.Pad(Byte[] buffer, Int32 position)\r\n bei Miscreant.AesSiv.S2V(Byte[][] headers, Byte[] message)\r\n bei Miscreant.AesSiv.Seal(Byte[] plaintext, Byte[][] data)"

    An aead.Open() will crash, too (e.g. when the seal with 16 chars is done with another implementation). NuGet shows me a Miscreant version 0.3.1.

    opened by tanascius 6
  • Using same nonce

    Using same nonce

    Just seeking your advice.

    In your documentation you say to use a unique nonce for every encrypted message when using AES-SIV.

    Is this a requirement? If not, what would be the security issues? If yes, then can the nonce be appended to the first 16 bytes of the encrypted output?

    The reason I ask is that I see some production projects that are using the same KEY + NONCE for every encryption.

    See here: https://cryptomator.org/security/architecture/ Look for: Filename Encryption

    opened by jeprojects 4
  • Minor issues

    Minor issues

    Hi,

    this pull request was created with help of Feram! It's a tool which automatically finds and fixes bugs in your repos.

    To view the other patches we created for your code simply activate Feram on github.com/apps/feram. Or if you are new to GitHub apps, check out the full tutorial at feram.io/help/getting-started.

    If you have any feedback or wishes, don't hesitate to contact me or open an issue at github.com/feramhq/feram!

    Hope you like it! 😁

    opened by adius 4
  • js: node-webcrypto-ossl 1.0.26 incompatible with typescript 2.6.2

    js: node-webcrypto-ossl 1.0.26 incompatible with typescript 2.6.2

    Hey,

    When trying to install miscrants dev-dependencies today, the node-webcrypto-ossl install failed with an error in build:e5 tsc.

    just running the following:

    $ npm install
    
    ...SNIP...
    
    > [email protected] postinstall /Users/aegarbutt/src/miscreant/js/node_modules/node-webcrypto-ossl
    > npm run build
    
    
    > [email protected] build /Users/aegarbutt/src/miscreant/js/node_modules/node-webcrypto-ossl
    > npm run build:es5
    
    
    > [email protected] build:es5 /Users/aegarbutt/src/miscreant/js/node_modules/node-webcrypto-ossl
    > tsc
    
    lib/crypto/aes.ts(94,13): error TS2322: Type 'Promise<{}>' is not assignable to type 'PromiseLike<ArrayBuffer>'.
      Types of property 'then' are incompatible.
        Type '<TResult1 = {}, TResult2 = never>(onfulfilled?: ((value: {}) => TResult1 | PromiseLike<TResult1>)...' is not assignable to type '<TResult1 = ArrayBuffer, TResult2 = never>(onfulfilled?: ((value: ArrayBuffer) => TResult1 | Prom...'.
          Types of parameters 'onfulfilled' and 'onfulfilled' are incompatible.
            Types of parameters 'value' and 'value' are incompatible.
              Type '{}' is not assignable to type 'ArrayBuffer'.
                Property 'byteLength' is missing in type '{}'.
    lib/crypto/aes.ts(102,13): error TS2322: Type 'Promise<{}>' is not assignable to type 'PromiseLike<ArrayBuffer>'.
    lib/crypto/hmac.ts(26,29): error TS2345: Argument of type 'CryptoKey' is not assignable to parameter of type 'CryptoKeyPair | PromiseLike<CryptoKeyPair> | undefined'.
      Type 'CryptoKey' is not assignable to type 'PromiseLike<CryptoKeyPair>'.
        Property 'then' is missing in type 'CryptoKey'.
    lib/crypto/pbkdf2.ts(44,9): error TS2322: Type 'Promise<CryptoKey>' is not assignable to type 'PromiseLike<CryptoKey>'.
      Types of property 'then' are incompatible.
        Type '<TResult1 = CryptoKey, TResult2 = never>(onfulfilled?: ((value: CryptoKey) => TResult1 | PromiseL...' is not assignable to type '<TResult1 = CryptoKey, TResult2 = never>(onfulfilled?: ((value: CryptoKey) => TResult1 | PromiseL...'. Two different types with this name exist, but they are unrelated.
          Types of parameters 'onfulfilled' and 'onfulfilled' are incompatible.
            Types of parameters 'value' and 'value' are incompatible.
              Type 'CryptoKey' is not assignable to type 'CryptoKey'. Two different types with this name exist, but they are unrelated.
                Property 'native_' is missing in type 'CryptoKey'.
    

    However, if I drop the typescript version to @2.3.4 (as found in this issue: https://github.com/PeculiarVentures/node-webcrypto-ossl/issues/107)

    $ npm install
    
    ...SNIP...
    
    z
    > [email protected] postinstall /Users/aegarbutt/src/miscreant/js/node_modules/node-webcrypto-ossl
    > npm run build
    
    
    > [email protected] build /Users/aegarbutt/src/miscreant/js/node_modules/node-webcrypto-ossl
    > npm run build:es5
    
    
    > [email protected] build:es5 /Users/aegarbutt/src/miscreant/js/node_modules/node-webcrypto-ossl
    > tsc
    
    added 487 packages in 53.381s
    

    Thanks!

    opened by aegarbutt 4
  • Consolidate authorship information in AUTHORS.md

    Consolidate authorship information in AUTHORS.md

    This commit attempts to simplify the licensing information by consolidating authors in AUTHORS.md and unifying the LICENSE.txt files where applicable.

    golang js ruby 
    opened by tarcieri 4
  • ruby: Update README to use current interface

    ruby: Update README to use current interface

    • The Miscreant::AES::SIV namespace is now Miscreant::Internals::SIV.
    • The message given to seal must be binary encoded.
    • The nonce given to seal and open must be an array.
    opened by croaky 3
  • Is the STREAM construction misuse-resistant?

    Is the STREAM construction misuse-resistant?

    My understanding from the paper is that STREAM's security notion (nOAE) requires that nonces don't repeat. Instantiating STREAM on top of AES-SIV does make nonce reuse slightly less harmful, I think.* But an attacker can do something like chunk swapping between two messages that share the same nonce, which means that authenticity is immediately lost after a single reuse. Do I have that right? Is that something worth clarifying in the docs?

    * It seems like some privacy might be retained after a few nonce reuses, but the "chosen prefix, secret suffix" attack described in the same paper would work if the attacker could make a lot of queries.

    opened by oconnor663 1
  • miscreant.net with Xamarin on Android drifferent result

    miscreant.net with Xamarin on Android drifferent result

    Hi.

    I get different results with the same DotNet-Code (miscreant.net) in Windows and Xamarin on Android.

    I use this project "CryptomatorAccessDemo" (or more specific only the "CryptomatorHelper") that is using miscreant.net to (de)code Cryptomator Vaults.

    To test I simply use and test vault with just some small files and folders in it.

    My detailed problem description with example logs and code links where it is implemented is here: https://github.com/lellis1936/CryptomatorAccessDemo/issues/1

    Currently as a workaround I use a "Binding Library" for the original Cryptomator "siv-mode" java jar file but of course it would be nice to have all in csharp.

    I think it is somewhere when using "TransformFinalBlock", I found a DotNet Bug about verison below 4.6.2 for reuse, but even when I used higher versions for the windows example tool (CryptomatorAccessDemo), it was still working for me, I could not recreate the problem (the other/wrong hash) with windows.

    Any idea what it could be or what I could try?

    Many thanks!

    opened by cocoon 1
  • [Python] Incorrect documentation example for AES SIV open

    [Python] Incorrect documentation example for AES SIV open

    In the following wiki document: https://github.com/miscreant/miscreant/wiki/Python-Documentation

    The last piece of example code should be like this:

    import os
    from miscreant.aes.siv import SIV
    
    key = SIV.generate_key()
    siv = SIV(key)
    
    message = "Hello, world!"
    nonce = os.urandom(16)
    
    ciphertext = siv.seal(message, [nonce])
    plaintext = siv.open(ciphertext, [nonce])
    

    (only the last line is different as we should open ciphertext and not message)

    opened by synchronization 0
  • [Go] Failure with in-place Seal/Open

    [Go] Failure with in-place Seal/Open

    According to Seal/Open documentations (and the cipher.AEAD interface), they should work when dst and plaintext (resp. ciphertext) overlap entirely.

    However, that doesn't work. This test fails:

    func TestAESCMACSIVInPlace(t *testing.T) {
    	v := loadAESSIVExamples("aes_siv.tjson")[0]
    
    	c, err := NewAESCMACSIV(v.key)
    	if err != nil {
    		t.Fatalf("NewAESCMACSIV: %s", err)
    	}
    	pt := make([]byte, len(v.plaintext), len(v.plaintext)+c.Overhead())
    	copy(pt, v.plaintext)
    	ct, err := c.Seal(pt[:0], pt, v.ad...)
    	if err != nil {
    		t.Errorf("Seal: %s", err)
    	}
    	if !bytes.Equal(v.ciphertext, ct) {
    		t.Errorf("Seal: expected: %x\ngot: %x", v.ciphertext, ct)
    	}
    
    	copy(ct, v.ciphertext)
    	pt, err = c.Open(ct[:0], ct, v.ad...)
    	if err != nil {
    		t.Errorf("Open: %s", err)
    	}
    	if !bytes.Equal(v.plaintext, pt) {
    		t.Errorf("Open: expected: %x\ngot: %x", v.plaintext, pt)
    	}
    }
    

    I can write a MR fixing this, however, since the tag comes before the ciphertext it seems that will require making a whole copy of the input in this case (since XORKeyStream alse requires its input to overlap entirely or not at all), entirely defeating the purpose of the in-place optimization. However, I don't see a way out without breaking the cipher.AEAD contract, or moving the tag after the ciphertext (#152)

    What do you think?

    golang 
    opened by conradoplg 1
  • Table-based CTZ implementation (used to implement PMAC in JS, Python, and Ruby) does not support large messages

    Table-based CTZ implementation (used to implement PMAC in JS, Python, and Ruby) does not support large messages

    Using AES-PMAC-SIV with Python 3.6 as follows produces as an error:

    from miscreant.aead import AEAD
    from secrets import token_bytes
    
    aead = AEAD('AES-PMAC-SIV', key=b'0'*64)
    
    # this works:
    aead.seal(token_bytes(1024*4), nonce=b'0' * 16)
    
    # this fails:
    aead.seal(token_bytes(1024*5), nonce=b'0' * 16)
    
    Traceback (most recent call last):
      File "error.py", line 5, in <module>
        aead.seal(token_bytes(1024*5), nonce=b'0' * 16)
      File "/Users/denis/.virtualenvs/spare/lib/python3.6/site-packages/miscreant/aead.py", line 60, in seal
        return self.siv.seal(plaintext, [associated_data, nonce])
      File "/Users/denis/.virtualenvs/spare/lib/python3.6/site-packages/miscreant/aes/siv.py", line 47, in seal
        v = self.__s2v(associated_data, plaintext)
      File "/Users/denis/.virtualenvs/spare/lib/python3.6/site-packages/miscreant/aes/siv.py", line 114, in __s2v
        mac.update(plaintext[:difference])
      File "/Users/denis/.virtualenvs/spare/lib/python3.6/site-packages/miscreant/mac/pmac.py", line 118, in update
        self.__process_buffer()
      File "/Users/denis/.virtualenvs/spare/lib/python3.6/site-packages/miscreant/mac/pmac.py", line 145, in __process_buffer
        self.offset.xor_in_place(self.l[ctz.trailing_zeroes(self.counter + 1)])
      File "/Users/denis/.virtualenvs/spare/lib/python3.6/site-packages/miscreant/ctz.py", line 25, in trailing_zeroes
        return CTZ_TABLE[value]
    IndexError: list index out of range
    

    With AES-SIV this error does not occur.

    bug js python ruby 
    opened by href 2
  • [Nodejs] AES-SIV: ciphertext verification failure

    [Nodejs] AES-SIV: ciphertext verification failure

    I am using the following, but can't seem to get it working in Node 9. Any help would be appreciated.

    Error: AES-SIV: ciphertext verification failure!

    let generateDataKey = () => {
        return new Promise((resolve, reject) => {
            crypto.randomBytes(32, (err, buf) => {
                if (err) throw err;
                resolve(buf);
            });
        });
    };
    
    let generateNonce = () => {
        return new Promise((resolve, reject) => {
            crypto.randomBytes(16, (err, buf) => {
                if(err) throw err;
                resolve(buf);
            });
        });
    };
    
    async function encryptText(plainText) {
        // get new datakey
        const dataKey = await generateDataKey();
        //get nonce
        const nonce = await generateNonce();
        
        // get encryptor
        let encryptor = await miscreant.SIV.importKey(dataKey, "AES-SIV", new miscreant.PolyfillCryptoProvider());
        let stringBuffer = Buffer.from(plainText, 'utf8');
        let cipherText = await encryptor.seal(stringBuffer, dataKey, nonce);
        let decrypted = await encryptor.open(cipherText, nonce)
    }
    
    bug js security 
    opened by jeprojects 5
Owner
miscreant.
Misuse-resistant symmetric encryption library with AES-SIV (RFC 5297), AES-PMAC-SIV, and STREAM support
miscreant.
πŸ” UPLINK is a Rust lightweight (2MB) tool for file transfer and remote management that uses AES-GCM and Envelope Encryption over WebSockets.

UPLINK β–‘β–’β–“β–ˆβ–“β–’β–‘β–‘β–’β–“β–ˆβ–“β–’β–‘β–’β–“β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–“β–’β–‘β–‘β–’β–“β–ˆβ–“β–’β–‘ β–‘β–’β–“β–ˆβ–“β–’β–‘β–’β–“β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–“β–’β–‘β–‘β–’β–“β–ˆβ–“β–’β–‘β–‘β–’β–“β–ˆβ–“β–’β–‘ β–‘β–’β–“β–ˆβ–“β–’β–‘β–‘β–’β–“β–ˆβ–“β–’β–‘β–’β–“β–ˆβ–“β–’β–‘β–‘β–’β–“β–ˆβ–“β–’β–‘β–’β–“β–ˆβ–“β–’β–‘ β–‘β–’β–“β–ˆβ–“β–’β–‘β–’β–“β–ˆβ–“β–’β–‘β–‘β–’β–“β–ˆβ–“β–’β–‘β–’β–“β–ˆβ–“β–’β–‘β–‘β–’β–“β–ˆ

Krystian Bajno 5 Sep 28, 2024
Mundane is a Rust cryptography library backed by BoringSSL that is difficult to misuse, ergonomic, and performant (in that order).

Mundane Mundane is a Rust cryptography library backed by BoringSSL that is difficult to misuse, ergonomic, and performant (in that order). Issues and

Google 1.1k Jan 3, 2023
A simple to use, cross-platform aes encryption

About Project End to End encryption (AES) for multiple languages (cross-platform) with CBC Icon Item ?? Upcoming βš–οΈ License ?? ChangeLog Usage (rust)

Zot Cryptography 2 Dec 15, 2022
Rust encryption library for practical time-lock encryption.

tlock_age: Hybrid Timelock Encryption/Decryption in Rust tlock_age is a library to encrypt and decrypt age filekey using tlock scheme. It provides an

Thibault 5 Mar 29, 2023
Symmetric key-wrapping algorithms

RustCrypto: Key Wrapping Functions Collection of symmetric Key Wrapping Functions (KW) written in pure Rust. About "Key Wrapping" describes symmetric

Rust Crypto 5 Nov 28, 2022
Lockstitch is an incremental, stateful cryptographic primitive for symmetric-key cryptographic operations in complex protocols.

Lockstitch is an incremental, stateful cryptographic primitive for symmetric-key cryptographic operations (e.g. hashing, encryption, message authentication codes, and authenticated encryption) in complex protocols.

Coda Hale 3 Dec 27, 2022
Authenticated Encryption with Associated Data Algorithms: high-level encryption ciphers

RustCrypto: Authenticated Encryption with Associated Data (AEAD) Algorithms Collection of Authenticated Encryption with Associated Data (AEAD) algorit

Rust Crypto 457 Jan 4, 2023
A fast, non-cryptographic, minimally DoS-resistant hashing algorithm for Rust.

Foldhash This repository contains foldhash, a fast, non-cryptographic, minimally DoS-resistant hashing algorithm implemented in Rust designed for comp

Orson Peters 155 Oct 23, 2024
An implementation of the append-only log described in the Certificate Transparency specification (RFC 6962)

CT Merkle This is an implementation of the append-only log described in the Certificate Transparency specification (RFC 6962). The log is a Merkle tre

Michael Rosenberg 30 Dec 2, 2022
Tooling for the simple-package-paths Nix RFC

Implementation Index the tree for references. If .git exists, use ls-tree equivalent Check the validity of the pkgs/unit directory Should only contain

Nixpkgs Architecture Team 3 Jan 18, 2023
A simple and secure rust command-line tool to protect your text by encrypting and decrypting it using the robust AES-256 algorithm.

Secret Keeper A simple and secure command-line tool to protect your text by encrypting and decrypting it using the robust AES-256 algorithm. Built wit

Kunal Bagaria 9 May 11, 2023
Open Protocol Indexer, OPI, is the best-in-slot open-source indexing client for meta-protocols on Bitcoin.

OPI - Open Protocol Indexer Open Protocol Indexer, OPI, is the best-in-slot open-source indexing client for meta-protocols on Bitcoin. OPI uses a fork

Best in Slot 33 Dec 16, 2023
A young, simple and naive file crypto lib based on AES.

naive-file-crypto A young, simple and naive file crypto lib based on AES. The MAC implementation is not standard GCM, so it may be vulnerable. All cpu

DF_XYZ 1 Jan 16, 2022
Fast(er) AES-based constructions for WebAssembly and Rust.

Fast(er) AES-based constructions for Rust and WebAssembly AEGIS-128L AEGIS-256 AES-128-CTR AES-256-CTR AES-128-OCB AES-256-OCB AES-128-GCM AES-256-GCM

Frank Denis 5 May 31, 2023
A simple key-value store with a log-structured, append-only storage architecture where data is encrypted with AES GCM.

akvdb A simple key-value store with a log-structured, append-only storage architecture where data is encrypted with AES GCM. Modified from the actionk

Olle W 3 Oct 10, 2022
rabe is an Attribute Based Encryption library, written in Rust

Rabe rabe is a rust library implementing several Attribute Based Encryption (ABE) schemes using a modified version of the bn library of zcash (type-3

Fraunhofer AISEC 52 Dec 15, 2022
WebAssembly wrapper of the rage encryption library

rage-wasm: WebAssembly wrapper of rage rage is a simple, modern, and secure file encryption tool, using the age format. It features small explicit key

Kan-Ru Chen 35 Dec 16, 2022
A Rust library for lattice-based additive homomorphic encryption.

Cupcake Cupcake is an efficient Rust library for the (additive version of) Fan-Vercauteren homomorphic encryption scheme, offering capabilities to enc

Facebook Research 365 Dec 11, 2022
A Rust Library of China's Standards of Encryption Algorithms (SM2/3/4)

Libsm Libsm is an open source pure rust library of China Cryptographic Algorithm Standards. It is completed by a collaborative effort between the Cryp

CITAHub 149 Dec 23, 2022