logos-storage/lioness_blockcipher
1
0
Fork 0
mirror of https://github.com/logos-storage/lioness_blockcipher.git synced 2026-05-18 18:49:28 +00:00
Code Issues Packages Projects Releases Wiki Activity
5 Commits 1 Branch 0 Tags 46 KiB
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
M Alghazwi 5cb804403e
update README.md
2026-05-01 16:15:28 +03:00
examples
Improve impl and make it generic
2026-05-01 16:08:57 +03:00
src
Improve impl and make it generic
2026-05-01 16:08:57 +03:00
tests
Improve impl and make it generic
2026-05-01 16:08:57 +03:00
.gitignore
init
2026-04-06 08:01:00 +02:00
Cargo.toml
Improve impl and make it generic
2026-05-01 16:08:57 +03:00
LICENSE.md
init
2026-04-06 08:01:00 +02:00
README.md
update README.md
2026-05-01 16:15:28 +03:00

README.md

Lioness wide-block cipher.

Warning

This code has not been formally audited, Use at your own risk or ask a cryptographers before use.

Overview

Lioness is a wide block cipher built from

  • S: Stream cipher,
  • H: Keyed-Hash function,
  • K: Key derivation function (KDF) to derive the 4 internal round keys

Any secure compatible options and their combinations can work, in this crate we have the following options:

  • S: AES-CTR-128, Chacha20
  • H: keyed-Blake2b, HMAC-SHA-256, SHA-256 (with key prepend)
  • K: TURBOSHAKE-128, SHAKE-128, HKDF-SHA-256, domain-seperated SHA-256

These primitives are imported from:

The security of lioness reduce to the security of the underlying stream cipher or the hash function.
See the paper for more information.

How to use

Here is an example of how to use the Lioness_blockcipher create. Use a 32-byte master key and encrypt or decrypt a block in place:

use rand_core::{OsRng, RngCore};
use lioness_blockcipher::prelude::*;
type TestLioness = Lioness::<
    ChaCha20StreamCipher,
    KeyedBlake2b,
    TurboShake128Kdf
>;

fn main() -> anyhow::Result<()> {
    let mut key: Key256 = Default::default();
    OsRng.fill_bytes(&mut key);

    let cipher: TestLioness = Lioness::new(&key)?;

    // Blocks must be at >64 bytes long
    let mut block = vec![0x84u8; 65];
    let original = block.clone();

    cipher.encrypt_in_place(&mut block)?;

    cipher.decrypt_in_place(&mut block)?;

    assert_eq!(block, original);
    println!("success!");

    Ok(())
}

Some notes:

  • Encryption and decryption are both in-place for now.
  • The block length need to be bigger than 64 bytes because Lioness splits the block into two where the left part is 32-byte, and the right part needs at least 16 bytes. might support small blocks in the future, but for Sphinx use-case, this should work.
  • If you need authenticity, make sure to use encrypt_in_place_auth which prepends the plaintext with 128-bits zeros. Also use decrypt_in_place_auth to check the zeros after decryption. see authentication example

TODO

  • Add more tests, examples, and benchmarks ...
  • Make it generic for any compatible cipher, keyed_hash, and KDF.
  • Compare with existing implementation + maybe with Haskel when available.
  • Add function which prepend the plaintext with k-zeros and checks authenticity after decryption.
  • impl enc and dec to the API to work beside encrypt_in_place and decrypt_in_place.
  • ...
Description
Rust implementation of LIONESS, a wide-block cipher
Readme
Languages
Rust 100%