-
Notifications
You must be signed in to change notification settings - Fork 130
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Missing block ciphers #1
Comments
What about SPECK? |
Missed it for some reason while compiling the list. Added Speck and Simon to it. |
Is Rijndael/AES being covered? |
AES is present in the rust-crypto codebase, so it's already "implemented", this is why I haven't included it into this list. But it's not the easiest code to work with and better implementations exist (e.g. one in the ring), so for now it's not a highest priority for me. |
I'm claiming DES, just need a bit of time to finish up Grostl over in the hashes repo before starting it. |
I started to work on the RC2 cipher. |
BTW. What about modes of operation for the block ciphers (CBC, OFB, etc.)? In this repo we have only the raw block ciphers. How do we progress to make them usable in different modes? |
@Trojan295 |
I will start working on the Serpent implementation. |
Working on twofish, PR #7 It is used in passwordsafe password manager, I wanted to port it to Rust but twofish package on crates.io seems to be reserved for this project and there is no implementation yet. |
Implemented Cast5 in #36 |
OCB3, a solid single-pass high-performance CAESAR candidate, could do with a Rust implementation. The ciphertext is expanded by a variable length tag (whose tag length is committed). Only slightly slower than unauthenticated CTR, OCB3 could make a useful alternative when the costs of nonce-misuse resistance of HCTR or SIV are too high for an application (doubtful but nice to have). OCB3 does not resist nonce-misuse, nor does it aim for beyond birthday bound security. The biggest issue harming OCB's deployment is its patent; but Rogaway has public free licenses available since 2013 and is open to negotiating additional licenses if needed.
|
Unfortunately Rogaway's patents aren't the only ones that matter:
https://web.cs.ucdavis.edu/~rogaway/ocb/patent-jutla-1.pdf |
"may or may not" uh. When even the authors of the mode doesn't know. :/ |
In particular, Jutla 7,093,126, and 8,107,620 very much apply to OCB, IMO:
|
@newpavlov, can SM4 be added to the list? |
Serpent 🐍 needed! (really) |
@newpavlov @tarcieri I think checkbox for threefish can be checked now, since #5 was merged, right? |
Rijndael - 256-bit blocks? |
AES is effectively a subset of Rijndael, so if we were to support it, it would probably make sense for it to either be part of the However, it's a bit tricky because our implementation is currently heavily specialized to AES and there are multiple backends, all of which would need to be modified to support a more general Rijndael. As an example, the number of rounds varies only with the key size in AES, whereas in the more general Rijndael it varies with either/both the key size and block size. It's something we could potentially do although I would want to be careful that we don't overcomplicate or otherwise harm the AES implementation by doing so, which might be tricky. |
Implemented Camellia in #293. |
ARIA implementation: #340 |
@newpavlov @tarcieri Why isn't |
@sorairolake unfortunately only @newpavlov currently has access to publish it. I would suggest we publish a v0.0.1 based on 8b1499c, since the current |
Oh, we have indeed forgot to publish the Speck crate (I think we were hoping for potential transfer of the |
It's released: https://crates.io/crates/speck-cipher/0.0.1 |
This PR implements XTEA as described by various sources, including https://en.wikipedia.org/wiki/XTEA, XTEA is a historical cipher, which is no longer commonly used today, but some legacy software still uses it to this day. I tested that the cipher methods get properly unrolled, which boosts a 3x speed increase, and is one of the faster ciphers in this collection. (Hopefully there will be an unroll pragma sometime in the future) Partially solves #1 I decided against pre-computing keys as the computation is trivial, and doesn't have a noticeable impact on speed, probably because of memory accesses and that 256 byte don't fit easily in a cache line anyway.
List of "would be nice to have" block ciphers:
The text was updated successfully, but these errors were encountered: