zeppelin_core
| Crates.io | zeppelin_core |
| lib.rs | zeppelin_core |
| version | 0.1.1 |
| created_at | 2023-01-10 19:01:39.712861+00 |
| updated_at | 2023-05-13 15:09:08.134143+00 |
| description | A library that implements a stream cipher based on Balloon hashing |
| homepage | |
| repository | https://github.com/lostinentropy/zeppelin_core |
| max_upload_size | |
| id | 755753 |
| size | 37,903 |
Lost In Entropy (lostinentropy)
documentation
README
zeppelin_core
zeppelin_core is a library that implements a stream cipher based on Balloon hashing.
⚠️ WARNING: Do not use ⚠️
This project is just for fun. Neither the design nor the implementation of this library have been independently evaluated.
Cryptographic Features
- authenticated encryption
- passwords are always salted
- arbitrary scalable time and space complexity
- it's an all-or-nothing transform
Non-cryptographic features
- flexible container format that can be extended
- can be used on anything that implements the
ReadandSeektraits - in particular, operations directly from disk to disk are supported
Architecture:
The architecture is mainly based around hash::Balloon which is a hash
function with variable length output that is then used to implement a
stream cipher. hash::Balloon has three main settings
s_costwhich is the size of the internal state in 64 Byte chuckst_costwhich is the number of times the internal state will need to be filled on creation of the cipherstep_deltawhich is the number ofSHA3-512hashes required to fill one chunk. This also determines the runtime speed of the stream cipher.
Using these parameters one can arbitrarily scale the time and memory requirements of the cipher.
For convenience these are combined into a cipher::CryptSettings object.
For authentication the MAC-then-Encrypt scheme is used.
To make this scheme into an all-or-nothing transform, the salt is also "encrypted" by XOR'ing it with the result of the stream cipher.
The encryption process can be summarized like this:
┌ ─ ─ ─ ─ ─ ┌──────────┐┌────────┐┌────────┐┌────────┐
OS ││ Key ││ File 1 ││ File 2 ││ ... │
└ ─ ─ ─ ─ ─ └──────────┘└────────┘└────────┘└────────┘
│ │ │ │ │
│ │ └─────────┼─────────┘
▼ │ ▼
┌ ─ ─ ─ ─ ─ │ ┏━━━━━━━━━┓
Entropy │ │ ┃ ZIP ┃
└ ─ ─ ─ ─ ─ │ ┗━━━━━━━━━┛
│ │ │
│ │ ┌─────────────┴────┐
▼ │ ▼ ▼
┌──────────┐ │ ┏━━━━━┓ ┌─────┬──────────┐
│ Salt │ ├──▶┃Sha3 ┃──▶│ MAC │Plaintext │
└──────────┘ │ ┗━━━━━┛ ├─────┴──────────┤
│ ▼ └────────────────┘
│ ┏━━━━━━━━━━━┓ ┏━━━┓ │
├────▶┃ Balloon ┃──▶┃Xor┃◀───────┘
│ ┗━━━━━━━━━━━┛ ┗━━━┛
▼ │
┏━━━━━━━━━━━┓ │
┃Wrapped Xor┃◀────────────────┴───────┐
┗━━━━━━━━━━━┛ │
│ ▼
│ ┌──────────┐ ┌──────────────┐
│ │ Metadata │ │MAC/Ciphertext│
│ └──────────┘ └──────────────┘
│ │ │
▼ ▼ ▼
┌──────────┐ ┏━━━━━━━━━━┓ ┌──────────┐
│ Salt │ ┃ json ┃ │ Data │
└──────────┘ ┗━━━━━━━━━━┛ └──────────┘
│ │ │
└───────────────┼───────────────┘
│
▼
┏━━━━━━━━━━┓ ┌──────────┐
┃ ZIP ┃──▶│ _.zep │
┗━━━━━━━━━━┛ └──────────┘
Note: currently only encryption of a single file is implemented.