Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Consider more algorithms: ascon, aegis, EME, rijndael-256 #12

Open
paulmillr opened this issue Oct 7, 2023 · 13 comments
Open

Consider more algorithms: ascon, aegis, EME, rijndael-256 #12

paulmillr opened this issue Oct 7, 2023 · 13 comments

Comments

@paulmillr
Copy link
Owner

paulmillr commented Oct 7, 2023

  1. Ascon won NIST lightweight cryptography contest 1
  2. Aegis is AES-based cipher present in linux, zig, libsodium 2
  3. EME (ECB-Mix-ECB or, clearer, Encrypt-Mix-Encrypt) is a wide-block encryption mode developed by Halevi and Rogaway in 2003 eme. The reference link is also from an implementation in Go.
    • It's parallelizable. And it's used in rclone for the crypt backend. "A personal reason is that I'm porting rclone to Web/Deno". Some folks want it, because EME is used in FS encryption sometimes
    • Seems to be abandoned
  4. Rijndael-256. Rijndael to AES is what keccak is to SHA3: previous, non-standardized version. -256 supports 256-bit blocks. The confidentiality of AES-GCM is far below 128-bit security 3. Confidentiality advantage for an attacker is < $\sigma^2/2^{129}$ where $\sigma$ is the number of encrypted 128-bit chunks.
    • NIST plans to standardize it 4

It's unclear if any of these algorithms are actually worth implementing in noble.

Footnotes

  1. https://csrc.nist.gov/News/2023/lightweight-cryptography-nist-selects-ascon

  2. https://doc.libsodium.org/secret-key_cryptography/aead/aegis-256

  3. https://csrc.nist.gov/csrc/media/Presentations/2023/proposal-for-standardization-of-encryption-schemes/images-media/sess-4-mattsson-bcm-workshop-2023.pdf 2

  4. https://csrc.nist.gov/news/2024/nist-proposes-to-standardize-wider-variant-of-aes

@paulmillr paulmillr changed the title Implement Ascon Consider implementing Ascon Dec 10, 2023
@paulmillr paulmillr changed the title Consider implementing Ascon Add more algorithms: ascon, aegis, eme, rijndael-256, aes-kw Apr 8, 2024
@mirceanis
Copy link
Contributor

➕ 💯 for AESKW

that would allow me to greatly simplify the dependencies in several projects I maintain, where I have to use a very heavy isomorphic-webcrypto otherwise

@paulmillr
Copy link
Owner Author

@mirceanis AESKW is done.

@paulmillr paulmillr changed the title Add more algorithms: ascon, aegis, eme, rijndael-256, aes-kw Consider more algorithms: ascon, aegis, eme, rijndael-256 Aug 5, 2024
@alterstep
Copy link

I would like AEGIS. There is a JavaScript implementation, but it's only AEGIS-128L and is not very good.

@paulmillr
Copy link
Owner Author

@alterstep any chance you'll be able to describe what are you using it for?

@alterstep
Copy link

@alterstep any chance you'll be able to describe what are you using it for?

Yes, I use libsodium on the server because AEGIS is very fast. On the client side, I could use libsodium-js, but it's very large, and I don't need its full functionality. Noble-ciphers would be perfect.

@paulmillr
Copy link
Owner Author

Yes, but why do you need something "very fast"? Why can't AES work for you?

@alterstep
Copy link

Yes, but why do you need something "very fast"? Why can't AES work for you?

256-bit nonces too.

@paulmillr
Copy link
Owner Author

Why AEGIS instead of XChacha20-poly1305?

@alterstep
Copy link

sodium AEGIS-256 is more than 5 times faster than XChaCha

@paulmillr
Copy link
Owner Author

Interesting, ok.

The question is, however, do you actually need this speed? Is the speed of algorithms a bottleneck in your application?

@BigPanda97
Copy link

Ascon and AEGIS are both nice. And there is an Ascon-js version already available which could probably easily be implemented here.

@paulmillr
Copy link
Owner Author

Keep in mind it's not just "implementing" - it's also continuously supporting and perhaps having 3rd party audits of the code.

@paulmillr
Copy link
Owner Author

AEGIS has been implemented here: https://github.com/stknob/aegis-ts/tree/main

@paulmillr paulmillr changed the title Consider more algorithms: ascon, aegis, eme, rijndael-256 Consider more algorithms: ascon, aegis, EME, rijndael-256 Jan 10, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

4 participants