2 releases
0.1.1 | May 13, 2023 |
---|---|
0.1.0 | Jan 10, 2023 |
#2088 in Cryptography
38KB
723 lines
zeppelin_core
zeppelin_core is a library that implements a stream cipher based on Balloon hashing.
⚠️ WARNING: Do not use ⚠️
This project is just for fun. Neither the design nor the implementation of this library have been independently evaluated.
Cryptographic Features
- authenticated encryption
- passwords are always salted
- arbitrary scalable time and space complexity
- it's an all-or-nothing transform
Non-cryptographic features
- flexible container format that can be extended
- can be used on anything that implements the
Read
andSeek
traits - in particular, operations directly from disk to disk are supported
Architecture:
The architecture is mainly based around hash::Balloon
which is a hash
function with variable length output that is then used to implement a
stream cipher. hash::Balloon
has three main settings
s_cost
which is the size of the internal state in 64 Byte chuckst_cost
which is the number of times the internal state will need to be filled on creation of the cipherstep_delta
which is the number ofSHA3-512
hashes required to fill one chunk. This also determines the runtime speed of the stream cipher.
Using these parameters one can arbitrarily scale the time and memory requirements of the cipher.
For convenience these are combined into a cipher::CryptSettings
object.
For authentication the MAC-then-Encrypt scheme is used.
To make this scheme into an all-or-nothing transform, the salt is also "encrypted" by XOR'ing it with the result of the stream cipher.
The encryption process can be summarized like this:
┌ ─ ─ ─ ─ ─ ┌──────────┐┌────────┐┌────────┐┌────────┐
OS ││ Key ││ File 1 ││ File 2 ││ ... │
└ ─ ─ ─ ─ ─ └──────────┘└────────┘└────────┘└────────┘
│ │ │ │ │
│ │ └─────────┼─────────┘
▼ │ ▼
┌ ─ ─ ─ ─ ─ │ ┏━━━━━━━━━┓
Entropy │ │ ┃ ZIP ┃
└ ─ ─ ─ ─ ─ │ ┗━━━━━━━━━┛
│ │ │
│ │ ┌─────────────┴────┐
▼ │ ▼ ▼
┌──────────┐ │ ┏━━━━━┓ ┌─────┬──────────┐
│ Salt │ ├──▶┃Sha3 ┃──▶│ MAC │Plaintext │
└──────────┘ │ ┗━━━━━┛ ├─────┴──────────┤
│ ▼ └────────────────┘
│ ┏━━━━━━━━━━━┓ ┏━━━┓ │
├────▶┃ Balloon ┃──▶┃Xor┃◀───────┘
│ ┗━━━━━━━━━━━┛ ┗━━━┛
▼ │
┏━━━━━━━━━━━┓ │
┃Wrapped Xor┃◀────────────────┴───────┐
┗━━━━━━━━━━━┛ │
│ ▼
│ ┌──────────┐ ┌──────────────┐
│ │ Metadata │ │MAC/Ciphertext│
│ └──────────┘ └──────────────┘
│ │ │
▼ ▼ ▼
┌──────────┐ ┏━━━━━━━━━━┓ ┌──────────┐
│ Salt │ ┃ json ┃ │ Data │
└──────────┘ ┗━━━━━━━━━━┛ └──────────┘
│ │ │
└───────────────┼───────────────┘
│
▼
┏━━━━━━━━━━┓ ┌──────────┐
┃ ZIP ┃──▶│ _.zep │
┗━━━━━━━━━━┛ └──────────┘
Note: currently only encryption of a single file is implemented.
Dependencies
~5–13MB
~138K SLoC