sphinxcrypto 0.0.2

Sphinx mixnet packet cryptography
Documentation

rust-sphinxcrypto

.. image:: https://travis-ci.org/david415/rust-sphinxcrypto.png?branch=master :target: https://www.travis-ci.org/david415/rust-sphinxcrypto :alt: travis build status

.. image:: https://coveralls.io/repos/github/david415/rust-sphinxcrypto/badge.svg?branch=master :target: https://coveralls.io/github/david415/rust-sphinxcrypto :alt: coveralls

.. image:: https://docs.rs/sphinxcrypto/badge.svg :target: https://docs.rs/sphinxcrypto/ :alt: api docs

.. image:: https://img.shields.io/crates/v/sphinxcrypto.svg :target: https://crates.io/crates/sphinxcrypto :alt: crates.io link

about

This crate provides a concrete parameterization of the Sphinx cryptographic packet format. Sphinx is used in mix networks, a kind of traffic analysis resistant communications network. Sphinx has recently been used in the design of HORNET and Lightening Onion. Sphinx has the following features:

  • Single Use Reply Blocks
  • bitwise unlinkability for each hop
  • indistinguishable replies
  • hiding the path length
  • hiding the relay position
  • detection of tagging attacks
  • detection of reply attacks

Sphinx is described in Sphinx: A Compact and Provably Secure Mix Format by George Danezis and Ian Goldberg. See http://research.microsoft.com/en-us/um/people/gdane/papers/sphinx-eprint.pdf.

If you are interested in using the Sphinx cryptographic packet format in your designs then I recommend at least reading the Security and Anonymity Consideration sections of the "Sphinx Mix Network Cryptographic Packet Format Specification": https://github.com/katzenpost/docs/blob/master/specs/sphinx.txt

warning

This code has not been formally audited by a cryptographer. It therefore should not be considered safe or correct. Use it at your own risk!

details

The currently implemented Sphinx cryptographic parameterization is:

  • EXP(X, Y) - X25519 sodiumoxide crate
  • MAC(K, M), H(M) - Blake2b rust-crypto crate
  • S(K, IV) - Chacha20 rust-crypto crate
  • KDF(SALT, IKM) - SHAKE256 tiny-keccak crate
  • SPRP_Encrypt(K, M)/SPRP_Decrypt(K, M) - Lioness with the following: Blake2b and Chacha20. rust-lioness crate

One of the goals is to remove dependency on the rust-crypto crate, currently I am still using it for Blake2b and Chacha20.

status

Incomplete. Work-in-progress.

acknowledgments

A couple of years ago the initial code here was a partial Sphinx implementation (with only the server side) that Jeff Burdges helped me write. Recently I decided to make this library essentially a Rust language port of Yawning's Katzenpost Sphinx implementation:

https://github.com/katzenpost/core/tree/master/sphinx

These will NOT be binary compatible unless using the exact same cipher suite. I don't have an AEZ cipher implementation written in Rust handy so I will keep using Lioness for the time being. If someone cares about performance then please let me know.

license

MIT License