logos-storage/lioness_blockcipher
1
0
Fork 0
mirror of https://github.com/logos-storage/lioness_blockcipher.git synced 2026-05-19 03:00:07 +00:00
Code Issues Packages Projects Releases Wiki Activity

minor changes and fix typos.

Browse Source
This commit is contained in:
mghazwi 2026-04-12 10:53:34 +02:00
parent cf4510cb21
commit 052ded4641
3 changed files with 7 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
README.md
View File

@ -10,7 +10,7 @@ This code has not been formally audited, Use at your own risk or ask a cryptogra
[Lioness](https://www.cl.cam.ac.uk/~rja14/Papers/bear-lion.pdf) is a large block cipher built from [Lioness](https://www.cl.cam.ac.uk/~rja14/Papers/bear-lion.pdf) is a large block cipher built from
- Stream cipher, - Stream cipher,
- Hash function, - Hash function,
- Key derivation function (KDF), although this can be remove if the input key is large enough to cover the four sub-keys used. - Key derivation function (KDF), although this can be removed if the input key is large enough to cover the four sub-keys used.
In here we use: In here we use:
- Chacha20 from [rustcrypto streamciphers](https://github.com/RustCrypto/stream-ciphers) - Chacha20 from [rustcrypto streamciphers](https://github.com/RustCrypto/stream-ciphers)
@ -52,12 +52,12 @@ Some notes:
- Encryption and decryption are both in-place for now. - Encryption and decryption are both in-place for now.
- The block length need to be bigger than `32` bytes because Lioness splits the block into two where the left part is 32-byte, and the right part can't be empty. might support small blocks in the future, but for Sphinx use-case, this should work. - The block length need to be bigger than `32` bytes because Lioness splits the block into two where the left part is 32-byte, and the right part can't be empty. might support small blocks in the future, but for Sphinx use-case, this should work.
- If you need authenticity, make sure to prepend the plaintext with `k` zeros and check the zeros after decryption. This will be supported in the future... see [integrity example](./examples/integrity.rs) - If you need authenticity, make sure to prepend the plaintext with `k = 128-bits` zeros and check the zeros after decryption. This will be supported in the future... see [integrity example](./examples/integrity.rs)
### TODO ### TODO
- [ ] Add more tests, examples, and benchmarks ... - [ ] Add more tests, examples, and benchmarks ...
- [ ] Make it generic for any compatible cipher, keyed_hash, and KDF. - [ ] Make it generic for any compatible cipher, keyed_hash, and KDF.
- [ ] Compare with another implementation ... maybe with Haskel when available. - [ ] Compare with existing implementation + maybe with Haskel when available.
- [ ] Add a version with API which prepend the plaintext with k-zeros and checks authenticity after decryption. - [ ] Add a version with API which prepend the plaintext with k-zeros and checks authenticity after decryption.
- [ ] impl enc and dec to the API to work beside encrypt_in_place and decrypt_in_place. - [ ] impl enc and dec to the API to work beside encrypt_in_place and decrypt_in_place.
- ... - ...

2
examples/integrity.rs
View File

@ -1,7 +1,7 @@
use anyhow::Result; use anyhow::Result;
use lioness_blockcipher::{Lioness, MasterKey}; use lioness_blockcipher::{Lioness, MasterKey};
const K: usize = 32; const K: usize = 16;
fn main() -> Result<()> { fn main() -> Result<()> {
let key: MasterKey = [0x42; 32]; let key: MasterKey = [0x42; 32];

6
src/lib.rs
View File

@ -9,11 +9,11 @@ use sha3::{
}; };
use zeroize::{Zeroize, ZeroizeOnDrop}; use zeroize::{Zeroize, ZeroizeOnDrop};
// We expect the input key to be of size 32 bytes (128-bits) // We expect the input key to be of size 32 bytes (256-bits)
// because in sphinx this is the size of the shared key `s` between the sender and each hop. // because in sphinx this is the size of the shared key `s` between the sender and each hop.
// This shared key is then used to derive all the needed keys to encrypt the payload // This shared key is then used to derive all the needed keys to encrypt the payload
pub const MASTER_KEY_LEN: usize = 32; pub const MASTER_KEY_LEN: usize = 32;
// For LIONESS, the length of the left part of the key (after splitting block into left `L` and right `R`) // For LIONESS, the length of the left part (after splitting block into left `L` and right `R`)
// must be the same size as: // must be the same size as:
// - the stream cipher key // - the stream cipher key
// - the output (digest) of the keyed-hash function // - the output (digest) of the keyed-hash function
@ -58,7 +58,7 @@ struct RoundKeys {
/// WARNING: integrity/authenticity is not guaranteed by the LIONESS large-block cipher /// WARNING: integrity/authenticity is not guaranteed by the LIONESS large-block cipher
/// This is because LIONESS is not an AEAD but one can add an authentication check by /// This is because LIONESS is not an AEAD but one can add an authentication check by
/// simply prepending the plaintext with `k` bytes of zeros /// simply prepending the plaintext with `k` bytes of zeros
/// a safe value for `k` would be 32 bytes which is what the Sphinx paper suggests. /// a safe value for `k` would be 16-bytes which is what the Sphinx paper suggests.
/// However, this prepending is not part of the code here. /// However, this prepending is not part of the code here.
#[derive(Clone, ZeroizeOnDrop)] #[derive(Clone, ZeroizeOnDrop)]
pub struct Lioness { pub struct Lioness {