#cipher #aes #aead #crypto #aegis128l

no-std aegis

AEGIS authenticated ciphers (AEGIS-128, AEGIS-256, AEGIS-128X, AEGIS-256X)

23 unstable releases (5 breaking)

0.6.2 Nov 30, 2023
0.5.0 Nov 7, 2023
0.4.3 Jul 13, 2023
0.3.0 Jan 7, 2023
0.2.2 Oct 20, 2021

#624 in Cryptography

Download history 252/week @ 2023-12-06 287/week @ 2023-12-13 62/week @ 2023-12-20 87/week @ 2023-12-27 32/week @ 2024-01-03 133/week @ 2024-01-10 107/week @ 2024-01-17 49/week @ 2024-01-24 89/week @ 2024-01-31 24/week @ 2024-02-07 71/week @ 2024-02-14 102/week @ 2024-02-21 127/week @ 2024-02-28 70/week @ 2024-03-06 112/week @ 2024-03-13 46/week @ 2024-03-20

361 downloads per month
Used in 3 crates

MIT license

235KB
6K SLoC

C 3.5K SLoC // 0.0% comments Rust 2K SLoC Zig 858 SLoC // 0.0% comments

AEGIS for Rust

This is a Rust implementation of the AEGIS authenticated cipher.

AEGIS is extremely fast on CPUs with AES acceleration, has a large nonce size, and is key committing.

API documentation

Cargo flags

  • std: allow dynamic allocations

std is the default.

  • pure-rust: don't use the cc crate to take advantage of the implementations from libaegis. Setting this flag will substantially degrade performance, and parallel variants will not be available.

A benchmark can be run that way:

export RUSTFLAGS="-C target-cpu=native"
cargo bench

If clang or zig cc are present on your system, you can use with:

export CC="zig cc"

or

export CC="clang"

prior to running cargo commands.

Benchmarks

Benchmarks take a 16384 bytes input block. Results are in bytes per second. RUSTFLAGS is set so that the Rust aes-gcm crate can take advantage of hardware acceleration.

Rust implementations

Crates:

  • aes-gcm
  • boring
  • chacha20poly1305
  • aegis

AMD Zen4

rust 1.73, zig cc 0.11

cipher speed
aes128-gcm (aes-gcm crate) 2.19 G/s
aes256-gcm (aes-gcm crate) 2.03 G/s
chacha20-poly1305 2.00 G/s
aes256-gcm (boring crate) 5.93 G/s
aes128-gcm (boring crate) 6.33 G/s
aegis256 15.40 G/s
aegis256x2 30.60 G/s
aegis256x4 46.17 G/s
aegis128l 26.16 G/s
aegis128x2 50.35 G/s
aegis128x4 66.22 G/s

Macbook Pro - Apple M1

rust 1.73, Xcode

cipher speed
aes256-gcm (aes-gcm crate) 0.13 G/s
aes128-gcm (aes-gcm crate) 0.17 G/s
chacha20-poly1305 0.26 G/s
aes256-gcm (boring crate) 5.14 G/s
aes128-gcm (boring crate) 6.08 G/s
aegis256 7.94 G/s
aegis256x2 10.56 G/s
aegis256x4 11.20 G/s
aegis128l 14.27 G/s
aegis128x2 15.98 G/s
aegis128x4 12.01 G/s

AWS t4g (aarch64, Graviton)

rust 1.74, clang 15

cipher speed
aes256-gcm (aes-gcm crate) 0.05 G/s
aes128-gcm (aes-gcm crate) 0.06 G/s
chacha20-poly1305 0.10 G/s
aes256-gcm (boring crate) 1.79 G/s
aes128-gcm (boring crate) 2.12 G/s
aegis256 3.14 G/s
aegis128l 4.30 G/s

WebAssembly (Wasmtime, Zen4)

cipher speed
aes256-gcm 62.97 M/s
aes128-gcm 73.83 M/s
chacha20-poly1305 88.92 M/s
aegis128l 537.49 M/s

WebAssembly (Wasmtime, Apple M1)

cipher speed
aes256-gcm 49.43 M/s
aes128-gcm 59.37 M/s
chacha20-poly1305 177.85 M/s
aegis128l 533.85 M/s

Dependencies