capyCRYPT - A Complete Rust Cryptosystem
A complete Rust cryptosystem implementing NIST FIPS 202 & NIST FIPS 197 paired to the ed448 Golidlocks curve. An academic exercise in cryptographic algorithm design.
Security
This library is built with love as an academic excercise in cryptographic algorithm design. Despite how awesome and cool it is, it probably shouldn't be used for anything serious. If you find ways to make it even better, open an issue or PR and we'll gladly engage.
Features
-
AES: NIST-Compliant Advanced Encryption Standard (AES) implementation for encrypting and decrypting data.
-
Edwards Elliptic Curve: High-performance, side-channel resistant instance of the Ed448-Goldilocks curve for asymmetric operations.
-
SHA-3: NIST-Compliant Secure Hash Algorithm 3 (SHA-3) implementation for generating cryptographic hash values, symmetric keystreams, and PRNGs.
Supported Operations
- Message Digest: Computes hash of a given message, with adjustable digest lengths.
- MACs: Computes message authentication code of a given message, with adjustable bit security.
- Shared Secret Key: Symmetric message encryption and decryption.
- Public Key Cryptography: Asymmetric message encryption under public key, decryption with secret key.
- Zero-Knowledge: Prove knowledge of secret information with Schnorr/ECDHIES signatures.
Installation
Add the following line to your Cargo.toml
file:
Quick Start
Compute Digest:
use ;
// Hash the empty string
let mut data = new;
// Obtained from echo -n "" | openssl dgst -sha3-256
let expected = "a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a";
// Compute a SHA3 digest with 128 bits of security
data.compute_sha3_hash;
assert!;
Symmetric Encrypt/Decrypt:
use ;
// Get a random password
let pw = get_random_bytes;
// Get 5mb random data
let mut msg = new;
// Encrypt the data with 256 bits of security
msg.pw_encrypt;
// Decrypt the data
msg.pw_decrypt;
// Verify operation success
assert!;
AES-CBC Symmetric Encrypt/Decrypt:
use ;
// Get a random 128-bit password
let key = get_random_bytes;
// Get 5mb random data
let mut msg = new;
// Encrypt the data
msg.aes_encrypt_cbc;
// Decrypt the data
msg.aes_encrypt_cbc;
// Verify operation success
assert!;
Asymmetric Encrypt/Decrypt:
use ;
// Get 5mb random data
let mut msg = new;
// Create a new private/public keypair
let key_pair = new;
// Encrypt the message
msg.key_encrypt;
// Decrypt the message
msg.key_decrypt;
// Verify
assert!;
Schnorr Signatures:
use ;
// Get random 5mb
let mut msg = new;
// Get a random password
let pw = get_random_bytes;
// Generate a signing keypair
let key_pair = new;
// Sign with 256 bits of security
msg.sign;
// Verify signature
msg.verify;
// Assert correctness
assert!;
Performance
This library uses the criterion crate for benches. Running:
conducts benchmarks in order from lowest security to highest. For example, the lowest security configuration available in this library is the pairing of E222 with cSHAKE256, while the highest security offered is E521 paired with cSHAKE512.
Symmetric operations compare well to openSSL. On an Intel® Core™ i7-10710U × 12, our adaption of in-place keccak from the XKCP achieves a runtime of approximately 20 ms to digest 5mb of random data, vs approximately 17 ms in openSSL.
Acknowledgements
The authors wish to sincerely thank Dr. Paulo Barreto for the general design of this library as well as the curve functionality. We also wish to extend gratitude to the curve-dalek authors here and here for the excellent reference implementations and exemplary instances of rock-solid cryptography.