ascon128-masked.h File Reference

Masked ASCON-128 encryption algorithm and related family members. More...

#include "aead-common.h"

Go to the source code of this file.

Macros
#define	ASCON128_MASKED_KEY_SIZE   16
	Size of the key for masked ASCON-128 and ASCON-128a.
#define	ASCON128_MASKED_NONCE_SIZE   16
	Size of the nonce for masked ASCON-128 and ASCON-128a.
#define	ASCON128_MASKED_TAG_SIZE   16
	Size of the authentication tag for masked ASCON-128 and ASCON-128a.
#define	ASCON80PQ_MASKED_KEY_SIZE   20
	Size of the key for masked ASCON-80pq.
#define	ASCON80PQ_MASKED_NONCE_SIZE   16
	Size of the nonce for masked ASCON-80pq.
#define	ASCON80PQ_MASKED_TAG_SIZE   16
	Size of the authentication tag for masked ASCON-80pq.

Functions
int	ascon128_masked_aead_encrypt (unsigned char *c, unsigned long long *clen, const unsigned char *m, unsigned long long mlen, const unsigned char *ad, unsigned long long adlen, const unsigned char *nsec, const unsigned char *npub, const unsigned char *k)
	Encrypts and authenticates a packet with masked ASCON-128. More...
int	ascon128_masked_aead_decrypt (unsigned char *m, unsigned long long *mlen, unsigned char *nsec, const unsigned char *c, unsigned long long clen, const unsigned char *ad, unsigned long long adlen, const unsigned char *npub, const unsigned char *k)
	Decrypts and authenticates a packet with masked ASCON-128. More...
int	ascon128a_masked_aead_encrypt (unsigned char *c, unsigned long long *clen, const unsigned char *m, unsigned long long mlen, const unsigned char *ad, unsigned long long adlen, const unsigned char *nsec, const unsigned char *npub, const unsigned char *k)
	Encrypts and authenticates a packet with masked ASCON-128a. More...
int	ascon128a_masked_aead_decrypt (unsigned char *m, unsigned long long *mlen, unsigned char *nsec, const unsigned char *c, unsigned long long clen, const unsigned char *ad, unsigned long long adlen, const unsigned char *npub, const unsigned char *k)
	Decrypts and authenticates a packet with masked ASCON-128a. More...
int	ascon80pq_masked_aead_encrypt (unsigned char *c, unsigned long long *clen, const unsigned char *m, unsigned long long mlen, const unsigned char *ad, unsigned long long adlen, const unsigned char *nsec, const unsigned char *npub, const unsigned char *k)
	Encrypts and authenticates a packet with masked ASCON-80pq. More...
int	ascon80pq_masked_aead_decrypt (unsigned char *m, unsigned long long *mlen, unsigned char *nsec, const unsigned char *c, unsigned long long clen, const unsigned char *ad, unsigned long long adlen, const unsigned char *npub, const unsigned char *k)
	Decrypts and authenticates a packet with masked ASCON-80pq. More...

Variables
aead_cipher_t const	ascon128_masked_cipher
	Meta-information block for the masked ASCON-128 cipher.
aead_cipher_t const	ascon128a_masked_cipher
	Meta-information block for the masked ASCON-128a cipher.
aead_cipher_t const	ascon80pq_masked_cipher
	Meta-information block for the masked ASCON-80pq cipher.

Detailed Description

Masked ASCON-128 encryption algorithm and related family members.

This algorithm is experimental and is not one of the NIST competition submissions. It uses a masked version of the ASCON permutation to absorb the key and nonce in the first block, and to generate the authentication tag in the last block. The regular ASCON permutation is used for the associated data and plaintext.

The theory (as yet unproven) is that this construction will provide some protection for the key against power analysis side channels. Please let me know what I've done wrong if this theory is incorrect.

References: https://ascon.iaik.tugraz.at/

Function Documentation

int ascon128_masked_aead_decrypt	(	unsigned char *	m,
		unsigned long long *	mlen,
		unsigned char *	nsec,
		const unsigned char *	c,
		unsigned long long	clen,
		const unsigned char *	ad,
		unsigned long long	adlen,
		const unsigned char *	npub,
		const unsigned char *	k
	)

Decrypts and authenticates a packet with masked ASCON-128.

Parameters

m	Buffer to receive the plaintext message on output.
mlen	Receives the length of the plaintext message on output.
nsec	Secret nonce - not used by this algorithm.
c	Buffer that contains the ciphertext and authentication tag to decrypt.
clen	Length of the input data in bytes, which includes the ciphertext and the 16 byte authentication tag.
ad	Buffer that contains associated data to authenticate along with the packet but which does not need to be encrypted.
adlen	Length of the associated data in bytes.
npub	Points to the public nonce for the packet which must be 16 bytes in length.
k	Points to the 16 bytes of the key to use to decrypt the packet.

Returns

0 on success, -1 if the authentication tag was incorrect, or some other negative number if there was an error in the parameters.

See Also

ascon128_masked_aead_encrypt()

int ascon128_masked_aead_encrypt	(	unsigned char *	c,
		unsigned long long *	clen,
		const unsigned char *	m,
		unsigned long long	mlen,
		const unsigned char *	ad,
		unsigned long long	adlen,
		const unsigned char *	nsec,
		const unsigned char *	npub,
		const unsigned char *	k
	)

Encrypts and authenticates a packet with masked ASCON-128.

Parameters

c	Buffer to receive the output.
clen	On exit, set to the length of the output which includes the ciphertext and the 16 byte authentication tag.
m	Buffer that contains the plaintext message to encrypt.
mlen	Length of the plaintext message in bytes.
ad	Buffer that contains associated data to authenticate along with the packet but which does not need to be encrypted.
adlen	Length of the associated data in bytes.
nsec	Secret nonce - not used by this algorithm.
npub	Points to the public nonce for the packet which must be 16 bytes in length.
k	Points to the 16 bytes of the key to use to encrypt the packet.

Returns

0 on success, or a negative value if there was an error in the parameters.

See Also

ascon128_masked_aead_decrypt()

int ascon128a_masked_aead_decrypt	(	unsigned char *	m,
		unsigned long long *	mlen,
		unsigned char *	nsec,
		const unsigned char *	c,
		unsigned long long	clen,
		const unsigned char *	ad,
		unsigned long long	adlen,
		const unsigned char *	npub,
		const unsigned char *	k
	)

Decrypts and authenticates a packet with masked ASCON-128a.

Parameters

m	Buffer to receive the plaintext message on output.
mlen	Receives the length of the plaintext message on output.
nsec	Secret nonce - not used by this algorithm.
c	Buffer that contains the ciphertext and authentication tag to decrypt.
clen	Length of the input data in bytes, which includes the ciphertext and the 16 byte authentication tag.
ad	Buffer that contains associated data to authenticate along with the packet but which does not need to be encrypted.
adlen	Length of the associated data in bytes.
npub	Points to the public nonce for the packet which must be 16 bytes in length.
k	Points to the 16 bytes of the key to use to decrypt the packet.

Returns

0 on success, -1 if the authentication tag was incorrect, or some other negative number if there was an error in the parameters.

See Also

ascon128a_masked_aead_encrypt()

int ascon128a_masked_aead_encrypt	(	unsigned char *	c,
		unsigned long long *	clen,
		const unsigned char *	m,
		unsigned long long	mlen,
		const unsigned char *	ad,
		unsigned long long	adlen,
		const unsigned char *	nsec,
		const unsigned char *	npub,
		const unsigned char *	k
	)

Encrypts and authenticates a packet with masked ASCON-128a.

Parameters

c	Buffer to receive the output.
clen	On exit, set to the length of the output which includes the ciphertext and the 16 byte authentication tag.
m	Buffer that contains the plaintext message to encrypt.
mlen	Length of the plaintext message in bytes.
ad	Buffer that contains associated data to authenticate along with the packet but which does not need to be encrypted.
adlen	Length of the associated data in bytes.
nsec	Secret nonce - not used by this algorithm.
npub	Points to the public nonce for the packet which must be 16 bytes in length.
k	Points to the 16 bytes of the key to use to encrypt the packet.

Returns

0 on success, or a negative value if there was an error in the parameters.

See Also

ascon128a_masked_aead_decrypt()

int ascon80pq_masked_aead_decrypt	(	unsigned char *	m,
		unsigned long long *	mlen,
		unsigned char *	nsec,
		const unsigned char *	c,
		unsigned long long	clen,
		const unsigned char *	ad,
		unsigned long long	adlen,
		const unsigned char *	npub,
		const unsigned char *	k
	)

Decrypts and authenticates a packet with masked ASCON-80pq.

Parameters

m	Buffer to receive the plaintext message on output.
mlen	Receives the length of the plaintext message on output.
nsec	Secret nonce - not used by this algorithm.
c	Buffer that contains the ciphertext and authentication tag to decrypt.
clen	Length of the input data in bytes, which includes the ciphertext and the 16 byte authentication tag.
ad	Buffer that contains associated data to authenticate along with the packet but which does not need to be encrypted.
adlen	Length of the associated data in bytes.
npub	Points to the public nonce for the packet which must be 16 bytes in length.
k	Points to the 20 bytes of the key to use to decrypt the packet.

Returns

0 on success, -1 if the authentication tag was incorrect, or some other negative number if there was an error in the parameters.

See Also

ascon80pq_masked_aead_encrypt()

int ascon80pq_masked_aead_encrypt	(	unsigned char *	c,
		unsigned long long *	clen,
		const unsigned char *	m,
		unsigned long long	mlen,
		const unsigned char *	ad,
		unsigned long long	adlen,
		const unsigned char *	nsec,
		const unsigned char *	npub,
		const unsigned char *	k
	)

Encrypts and authenticates a packet with masked ASCON-80pq.

Parameters

c	Buffer to receive the output.
clen	On exit, set to the length of the output which includes the ciphertext and the 16 byte authentication tag.
m	Buffer that contains the plaintext message to encrypt.
mlen	Length of the plaintext message in bytes.
ad	Buffer that contains associated data to authenticate along with the packet but which does not need to be encrypted.
adlen	Length of the associated data in bytes.
nsec	Secret nonce - not used by this algorithm.
npub	Points to the public nonce for the packet which must be 16 bytes in length.
k	Points to the 20 bytes of the key to use to encrypt the packet.

Returns

0 on success, or a negative value if there was an error in the parameters.

See Also

ascon80pq_masked_aead_decrypt()