pbenc

Documentation

Overview

Package pbenc implements memory-hard password-based encryption via STROBE using balloon hashing.

The protocol is initialized as follows, given a passphrase P, salt S, delta constant D, space parameter N_space, time parameter N_time, block size N_block, and MAC size N_mac:

INIT('veil.kdf.balloon', level=256)
AD(LE_U32(D),            meta=true)
AD(LE_U32(N_block),      meta=true)
AD(LE_U32(N_mac),        meta=true)
AD(LE_U32(N_time),       meta=true)
AD(LE_U32(N_space),      meta=true)
KEY(P)
AD(S)

Then, for each iteration of the balloon hashing algorithm, given a counter C, a left block L, and a right block R:

AD(LE_U64(C))
AD(L)
AD(R)
PRF(N)

The final block B_n of the balloon hashing algorithm is then used to key the protocol:

KEY(B_n)

Encryption of a message M is as follows:

SEND_ENC(M)
SEND_MAC(T)

The ciphertext C and MAC T are returned.

Decryption of a ciphertext C and MAC T is as follows:

RECV_ENC(C)
RECV_MAC(T)

If the RECV_MAC call is successful, the plaintext is returned.

It should be noted that there is no standard balloon hashing algorithm, so this protocol is in the very, very tall grass of cryptography and should never be used.

See https://eprint.iacr.org/2016/027.pdf

Index

• Constants
• func Decrypt(passphrase, salt, ciphertext []byte, space, time int) ([]byte, error)
• func Encrypt(passphrase, salt, plaintext []byte, space, time int) []byte

Constants

const Overhead = internal.MACSize

Functions

func Decrypt

func Decrypt(passphrase, salt, ciphertext []byte, space, time int) ([]byte, error)

Decrypt decrypts the ciphertext with the passphrase and salt.

func Encrypt

func Encrypt(passphrase, salt, plaintext []byte, space, time int) []byte

Encrypt encrypts the plaintext with the passphrase and salt.