README
¶
deoxysii - Deoxys-II-256-128 for Go
This package provides a "from-the-paper" implementation of the Deoxys-II-256-128 v1.43 algorithm from the final CAESAR portfolio.
Implementations
-
(
ct32) Portable 32 bit constant time implementation (Extremely slow). -
(
ct64) Portable 64 bit constant time implementation (Extremely slow). -
(
aesni) SSSE3 + AESNI implementation foramd64 -
(
vartime) Portable and variable time (insecure) implementation, for illustrative purposes (tested/benchmarked but never reachable or usable by external consumers).
Notes
Performance for the AES-NI implementation still has room for improvement, however given that the Deoxys-BC-384 tweakable block cipher has 3 more rounds than AES-256, and Deoxys-II will do two passes over the data payload, it is likely reasonably close to what can be expected.
The pure software constant time implementation would benefit considerably
from vector optimizations as the amount of internal paralleism is quite
high, making it well suited to be implemented with bitslicing.
Additionally a rather ludicrous amount of time is spent implementing the
h permutation in software, that can be replaced with a single PSHUFB
instruction.
Documentation
¶
Overview ¶
Package deoxysii implements the Deoxys-II-256-128 MRAE algorithm.
Index ¶
Constants ¶
const ( // KeySize is Deoxys-II-256-128 key size in bytes. KeySize = 32 // NonceSize is the Deoxys-II-256-128 nonce size in bytes. NonceSize = 15 // TagSize is the Deoxys-II-256-128 authentication tag size // in bytes. TagSize = 16 )
Variables ¶
var ( // ErrOpen is the error returned when the message authentication // fails durring an Open call. ErrOpen = errors.New("deoxysii: message authentication failure") // ErrInvalidKeySize is the error returned when the key size is // invalid ErrInvalidKeySize = errors.New("deoxysii: invalid key size") // ErrInvalidNonceSize is the error returned when the nonce size // is invalid ErrInvalidNonceSize = errors.New("deoxysii: invalid nonce size") )
Functions ¶
Types ¶
This section is empty.
Source Files
Directories
¶
| Path | Synopsis |
|---|---|
|
internal
|
|
|
api
Package api provides the internal API, and common helpers/definitions.
|
Package api provides the internal API, and common helpers/definitions. |
|
ct32
Package ct32 provides a portable constant time Deoxys-II-256-128 implementation intended for 32 bit processors.
|
Package ct32 provides a portable constant time Deoxys-II-256-128 implementation intended for 32 bit processors. |
|
ct64
Package ct64 provides a portable constant time Deoxys-II-256-128 implementation intended for 64 bit processors.
|
Package ct64 provides a portable constant time Deoxys-II-256-128 implementation intended for 64 bit processors. |
|
ext/aes/ct32
Package ct32 is a 32 bit optimized AES implementation that processes 2 blocks at a time.
|
Package ct32 is a 32 bit optimized AES implementation that processes 2 blocks at a time. |
|
ext/aes/ct64
Package ct64 is a 64 bit optimized AES implementation that processes 4 blocks at a time.
|
Package ct64 is a 64 bit optimized AES implementation that processes 4 blocks at a time. |
|
hardware
Package hardware provides a hardware accelerated Deoxys-II-256-128 implementation.
|
Package hardware provides a hardware accelerated Deoxys-II-256-128 implementation. |
|
vartime
Package vartime provides a insecure/slow variable time Deoxys-II-256-128 implementation.
|
Package vartime provides a insecure/slow variable time Deoxys-II-256-128 implementation. |
|
hardware/asm
Module
|