12 releases (7 breaking)
|0.10.3||Aug 28, 2021|
|0.10.2||Jul 20, 2021|
|0.10.1||Jun 16, 2021|
|0.9.0||Oct 16, 2020|
|0.3.0||Nov 27, 2019|
#668 in Cryptography
8,434 downloads per month
Used in 19 crates (12 directly)
AES-GCM-SIV (RFC 8452) is a state-of-the-art high-performance Authenticated Encryption with Associated Data (AEAD) cipher which also provides nonce reuse misuse resistance.
Suitable as a general purpose symmetric encryption cipher, AES-GCM-SIV also removes many of the "sharp edges" of AES-GCM, providing significantly better security bounds while simultaneously eliminating the most catastrophic risks of nonce reuse that exist in AES-GCM.
Decryption performance is equivalent to AES-GCM. Encryption is marginally slower.
No security audits of this crate have ever been performed.
Some of this crate's dependencies were audited by by NCC Group as part of
an audit of the
aes-gcm crate, including the AES implementations (both AES-NI
and a portable software implementation), as well as the
polyval crate which
is used as an authenticator. There were no significant findings.
All implementations contained in the crate are designed to execute in constant time, either by relying on hardware intrinsics (i.e. AES-NI and CLMUL on x86/x86_64), or using a portable implementation which is only constant time on processors which implement constant-time multiplication.
It is not suitable for use on processors with a variable-time multiplication operation (e.g. short circuit on multiply-by-zero / multiply-by-one, such as certain 32-bit PowerPC CPUs and some non-ARM microcontrollers).
USE AT YOUR OWN RISK!
Licensed under either of:
at your option.
Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.