hiae 0.2.0

High-throughput Authenticated Encryption (HiAE) algorithm implementation
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204

# HiAE - High-throughput Authenticated Encryption

A Rust implementation of the HiAE (High-throughput Authenticated Encryption) algorithm, providing authenticated encryption with associated data (AEAD) optimized for high performance across different architectures.

## Features

- **High Performance**: Leverages platform-specific SIMD instructions (ARM NEON, x86-64 AES-NI)
- **Security**: 256-bit keys, 128-bit nonces and tags, constant-time operations
- **Cross-Platform**: Optimized for both ARM and x86 architectures with fallback implementations
- **Memory Safe**: Implemented in Rust with automatic memory zeroing and no unsafe code
- **No-std Compatible**: Can be used in embedded environments

## Quick Start

Add this to your `Cargo.toml`:

```toml
[dependencies]
hiae = "0.1"
```

Basic usage:

```rust
use hiae::{encrypt, decrypt};

let key = [0u8; 32];      // 256-bit key
let nonce = [0u8; 16];    // 128-bit nonce
let plaintext = b"Hello, world!";
let aad = b"additional data";

// Encrypt
let (ciphertext, tag) = encrypt(plaintext, aad, &key, &nonce)?;

// Decrypt
let decrypted = decrypt(&ciphertext, &tag, aad, &key, &nonce)?;
assert_eq!(decrypted, plaintext);
```

## Performance Optimization

### Enabling Native CPU Features

To get maximum performance, compile with native CPU optimizations enabled. This allows the library to automatically detect and use the best available SIMD instructions for your CPU.

#### Option 1: Environment Variable (Recommended)

Set the `RUSTFLAGS` environment variable before building:

```bash
# For maximum performance on your current CPU
export RUSTFLAGS="-C target-cpu=native"
cargo build --release

# Or run directly
RUSTFLAGS="-C target-cpu=native" cargo build --release
```

#### Option 2: Cargo Configuration

Create or edit `.cargo/config.toml` in your project root:

```toml
[build]
rustflags = ["-C", "target-cpu=native"]
```

Then build normally:

```bash
cargo build --release
```

#### Option 3: Target-Specific Flags

For specific CPU features, you can enable them explicitly:

```bash
# For x86-64 with AES-NI
RUSTFLAGS="-C target-feature=+aes,+pclmul" cargo build --release

# For ARM with NEON
RUSTFLAGS="-C target-feature=+neon" cargo build --release
```

### Architecture-Specific Features

The library includes optional feature flags for explicit architecture support:

```bash
# Build with x86-64 AES-NI support
cargo build --features aes-ni --release

# Build with ARM NEON support  
cargo build --features neon --release

# Build without std for embedded use
cargo build --no-default-features --release
```

### Performance Verification

Run the benchmarks to verify performance gains:

```bash
cargo bench
```

The benchmarks will show throughput improvements when CPU-specific optimizations are enabled.

## Building and Testing

### Standard Build Commands

```bash
# Development build
cargo build

# Optimized release build
cargo build --release

# Run tests
cargo test

# Run tests with output
cargo test -- --nocapture

# Generate documentation
cargo doc --open
```

### Running Examples

```bash
# Basic usage example
cargo run --example basic_usage

# With optimizations
RUSTFLAGS="-C target-cpu=native" cargo run --example basic_usage --release
```

### Benchmarking

```bash
# Run performance benchmarks
cargo bench

# With native optimizations
RUSTFLAGS="-C target-cpu=native" cargo bench
```

## Algorithm Specification

HiAE is based on the [IETF Internet-Draft](https://github.com/hiae-aead/draft-pham-hiae) and provides:

- **Key Size**: 256 bits (32 bytes)
- **Nonce Size**: 128 bits (16 bytes) 
- **Tag Size**: 128 bits (16 bytes)
- **Maximum Message Length**: 2^61 - 1 bytes
- **Block Size**: 128 bits (16 bytes)

## Security Notes

- **Nonce Reuse**: Never reuse a nonce with the same key
- **Key Generation**: Use cryptographically secure random number generators
- **Constant Time**: Tag verification is performed in constant time to prevent timing attacks
- **Memory Safety**: All sensitive data is automatically zeroed after use

## Supported Platforms

The library automatically detects and uses the best available implementation:

| Platform | SIMD Instructions | Performance |
|----------|------------------|-------------|
| x86-64 | AES-NI + PCLMUL | Highest |
| ARM64 | NEON + AES | Highest |
| Other | Portable fallback | Good |

## API Documentation

For detailed API documentation, run:

```bash
cargo doc --open
```

## Examples

See the `examples/` directory for comprehensive usage examples:

- `basic_usage.rs` - Encryption, decryption, and error handling

## License

Licensed under either of:

- Apache License, Version 2.0
- MIT License

at your option.

## Contributing

This implementation follows the HiAE specification. For bugs or improvements, please open an issue or pull request.