#crypto #hash #siphash

sparx

SPARX block ciphers implementations

3 releases

0.1.2 Mar 12, 2019
0.1.1 Feb 17, 2017
0.1.0 Feb 16, 2017

#861 in Cryptography

ISC license

20KB
380 lines

SPARX block ciphers implementations for Rust

SPARX is a family of lightweight block ciphers allowing small processors to securely encrypt information for a fraction of the cost a standard algorithm would require.

Due to the use of ARX operations, these block ciphers are inherently more secure against side-channel attacks than an S-Box-based cipher such as AES.

Furthermore, unlike all other ARX-based, which share those advantages, SPARX ciphers are the only ARX-based block ciphers for which bounds on the probability of differential and linear trails can be proved.

To sum up, SPARX has:

  • the lightweightness and side-channel resilience of an ARX-based cipher,
  • the security argument of an S-Box-based cipher, and
  • a flexible structure easing implementation trade-offs.

Usage

This crate implements SPARX-64/128 (64 bit block size, 128 bit key) in the sparx64 module and SPARX-128/128 (128 bit block size, 128 bit key) in the sparx128 module.

It doesn't require the Rust standard library.

Encryption of a single block

let key: [u8; KEY_SIZE] = [0x11, 0x00, 0x33, 0x22, 0x55, 0x44, 0x77, 0x66, 0x99, 0x88, 0xbb,
                           0xaa, 0xdd, 0xcc, 0xff, 0xee];
let mut block: [u8; BLOCK_SIZE] = [0x23, 0x01, 0x67, 0x45, 0xab, 0x89, 0xef, 0xcd];
let ks = key_schedule_encrypt(&key); // key schedule - can be reused with multiple blocks
encrypt_block(&mut block, &ks);
// ...

decrypt_block() performs the inverse operation:

let ks = key_schedule_decrypt(&key); // key schedule - can be reused with multiple blocks
decrypt_block(&mut block, &ks);

Encryption of an arbitrary-sized buffer

This uses SPARX in counter mode as well as a 160-bit nonce in order to encrypt multiple blocks.

The internal counter size for this construction with SPARX-64/128 is 32 bits (no more than 32 GB should be encrypted with the same (key, nonce) tuple) and 48 bits with SPARX-128/128 (allowing up to 4 PB to be encrypted with the same (key, nonce) tuple).

The nonce is large enough to be randomly chosen; the probably of a collision to occur will be negligible.

Note that this construction does not add any authentication tags to the message.

let nonce: [u8; NONCE_SIZE] = [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18,
                               19, 20];
let key: [u8; KEY_SIZE] = [0x11, 0x00, 0x33, 0x22, 0x55, 0x44, 0x77, 0x66, 0x99, 0x88, 0xbb,
                           0xaa, 0xdd, 0xcc, 0xff, 0xee];
let input = b"The quick brown fox jumps over the lazy dog";
let mut buf = input.to_vec();
encrypt_ctr(&mut buf, &nonce, &key);
// ...
decrypt_ctr(&mut buf, &nonce, &key);

References

Dependencies

~120KB