#stream-cipher #encryption #balloon #hashing #crypto

zeppelin_core

A library that implements a stream cipher based on Balloon hashing

2 releases

0.1.1 May 13, 2023
0.1.0 Jan 10, 2023

#2088 in Cryptography

MIT/Apache

38KB
723 lines

zeppelin_core

zeppelin_core is a library that implements a stream cipher based on Balloon hashing.

⚠️ WARNING: Do not use ⚠️

This project is just for fun. Neither the design nor the implementation of this library have been independently evaluated.

Cryptographic Features

  • authenticated encryption
  • passwords are always salted
  • arbitrary scalable time and space complexity
  • it's an all-or-nothing transform

Non-cryptographic features

  • flexible container format that can be extended
  • can be used on anything that implements the Read and Seek traits
  • in particular, operations directly from disk to disk are supported

Architecture:

The architecture is mainly based around hash::Balloon which is a hash function with variable length output that is then used to implement a stream cipher. hash::Balloon has three main settings

  • s_cost which is the size of the internal state in 64 Byte chucks
  • t_cost which is the number of times the internal state will need to be filled on creation of the cipher
  • step_delta which is the number of SHA3-512 hashes required to fill one chunk. This also determines the runtime speed of the stream cipher.

Using these parameters one can arbitrarily scale the time and memory requirements of the cipher.

For convenience these are combined into a cipher::CryptSettings object.

For authentication the MAC-then-Encrypt scheme is used.

To make this scheme into an all-or-nothing transform, the salt is also "encrypted" by XOR'ing it with the result of the stream cipher.

The encryption process can be summarized like this:

  ┌ ─ ─ ─ ─ ─ ┌──────────┐┌────────┐┌────────┐┌────────┐
       OS    ││   Key    ││ File 1 ││ File 2 ││  ...   │
  └ ─ ─ ─ ─ ─ └──────────┘└────────┘└────────┘└────────┘
        │           │          │         │         │    
        │           │          └─────────┼─────────┘    
        ▼           │                    ▼              
  ┌ ─ ─ ─ ─ ─       │               ┏━━━━━━━━━┓         
    Entropy  │      │               ┃   ZIP   ┃         
  └ ─ ─ ─ ─ ─       │               ┗━━━━━━━━━┛         
        │           │                    │              
        │           │      ┌─────────────┴────┐         
        ▼           │      ▼                  ▼         
  ┌──────────┐      │   ┏━━━━━┓   ┌─────┬──────────┐    
  │   Salt   │      ├──▶┃Sha3 ┃──▶│ MAC │Plaintext │
  └──────────┘      │   ┗━━━━━┛   ├─────┴──────────┤
        │           ▼             └────────────────┘
        │     ┏━━━━━━━━━━━┓   ┏━━━┓        │
        ├────▶┃  Balloon  ┃──▶┃Xor┃◀───────┘
        │     ┗━━━━━━━━━━━┛   ┗━━━┛
        ▼                       │
  ┏━━━━━━━━━━━┓                 │
  ┃Wrapped Xor┃◀────────────────┴───────┐
  ┗━━━━━━━━━━━┛                         │
        │                               ▼
        │         ┌──────────┐  ┌──────────────┐
        │         │ Metadata │  │MAC/Ciphertext│
        │         └──────────┘  └──────────────┘
        │               │               │
        ▼               ▼               ▼
  ┌──────────┐    ┏━━━━━━━━━━┓    ┌──────────┐
  │   Salt   │    ┃   json   ┃    │   Data   │
  └──────────┘    ┗━━━━━━━━━━┛    └──────────┘
        │               │               │
        └───────────────┼───────────────┘
                        │
                        ▼
                  ┏━━━━━━━━━━┓   ┌──────────┐
                  ┃   ZIP    ┃──▶│  _.zep   │
                  ┗━━━━━━━━━━┛   └──────────┘

Note: currently only encryption of a single file is implemented.

Dependencies

~5–13MB
~138K SLoC