Lib.rs

Cryptography
#secure-random #random #encryption-key #csprng #ctr-drbg

drbg

Crypographic random number generator CTR_DRBG defined by NIST SP 800-90A R1

Owned by dpottavio.

5 releases

0.2.0 Nov 15, 2023
0.1.3 Jun 23, 2023
0.1.2 Jun 21, 2023
0.1.1 Jun 15, 2023
0.1.0 Jun 15, 2023

#1102 in Cryptography

Download history 3/week @ 2024-07-26 7/week @ 2024-08-09 14/week @ 2024-08-16 16/week @ 2024-08-23 19/week @ 2024-08-30 16/week @ 2024-09-06 17/week @ 2024-09-13 38/week @ 2024-09-20 25/week @ 2024-09-27 27/week @ 2024-10-04 26/week @ 2024-10-11 18/week @ 2024-10-18 11/week @ 2024-10-25 18/week @ 2024-11-01

77 downloads per month

MIT license

48KB
736 lines

DRBG

Rust implementation of the secure random number generator CTR_DRBG as defined by NIST 800-90A Rev.1.

crates-badge docs-badge mit-badge

CTR_DRBG is a cryptography secure pseudo-random number generator (CSPRNG) based on the AES block cipher. It may be used to generate encryption keys, nonces, or salts. By default, it is seeded with entropy from the operating system, but other entropy sources may be defined using the Entropy trait. The goal of this package is to create a CSPRNG that is secure by default, lightweight, and easy to use.

Performance

The performance of CTR_DRBG is dominated by AES encryption operations. Platforms that have AES instruction sets (e.g., AES-NI) should see significant performance gains. Passing additional info to the fill_bytes function does incur additional overhead as the info is input to the AES derivation function.

Benchmarks

The following benchmark measurements where taken on a Intel i5-8265U CPU @ 1.60GHz with AES-NI enabled.

The measurements below are the average latency for reading random data. The sizes 16 and 32 bytes are used because they are typical for generating symmetric encryption keys. The 1 MiB test represents collecting bulk random data.

The first set of measurements are taken without passing additional info to fill_bytes. While the second set of measurements are taken with 8 bytes of additional info to the call. Additional info is an optional parameter that adds additional input to the random number generation process. However, the info is passed through a derivation function that maps the info to an AES-block-sized message digest. Computing the digest does add additional overhead, but it is a one-time cost per call of fill_bytes.

Without additional info

Random Data Latency
16 (bytes) 144 (ns)
32 (bytes) 167 (ns)
1 (MiB) 1.5 (ms) ~ 655 MiB/s

With 8 bytes of additional info

Random Data Latency
16 (bytes) 702 (ns)
32 (bytes) 722 (ns)
1 (MiB) 1.51 (ms) ~ 652 MiB/s

Overall the performance of this implementation of CTR_DRBG should be sufficient for most use-cases. Although passing additional info has a performance implications, it is an optional parameter. For bulk random data, the overhead of additional data is marginal compared to the random number generation process.

To run the above benchmarks run the following command. Depending on your environment, you may need to force enablement of AES-NI. See the aes crate for more details.

cargo bench

Dependencies

~570–790KB
~17K SLoC