4 releases

0.0.3 Aug 19, 2024
0.0.2 Mar 4, 2024
0.0.1 Jan 4, 2022
0.0.0 Jan 2, 2022

#798 in Cryptography


Used in 2 crates

CC0-1.0 OR Apache-2.0

47KB
751 lines

Bessie

docs.rscrates.io libcrates.io bin

Bessie is an authenticated, chunked cipher based on BLAKE3. Right now it's in the early design stages. See design.md. A high-performance implementation of this design is blocked on some upstream refactoring of blake3, to add SIMD optimizations to extended outputs.

Features and design goals:

  • general-purpose authenticated encryption
  • no practical limits on the number or size of messages
  • internal random nonce generation, to prevent mistakes
  • streaming encryption and decryption of large messages
  • seekable decryption of large messages
  • low overhead for small messages
  • key commitment

Non-features and non-goals:

  • Not formally/strongly misuse-resistant. Generating random nonces internally avoids a lot of common mistakes, and mixing auth tags into the stream makes nonce reuse somewhat less catastrophic. But nonce reuse does allow an attacker to mix-and-match chunks from different messages, and chunked/streaming constructions are also inherently vulnerable to nonce reuse exploits that all-at-once constructions like AES-SIV are not.
  • No built-in associated data parameters. Callers who need associated data can mix it with their key using a KDF or a keyed hash.

Although the Bessie cipher and its library implementations are eventually intended for production use, the bessie CLI tool will always be for testing and demo purposes only. A general-purpose encryption CLI for real people needs to support public-key encryption and various ways of encoding and managing keys, neither of which are in scope for this project. If you are a real person and you need a general-purpose encryption CLI, consider age.

Usage

To install the bessie CLI tool, which is for testing and demo purposes only:

cargo install bessie_bin

Or to build and install from this repo:

cargo install --path rust/bin

To encrypt and decrypt a 1 MB file using the all-zero key (seriously, testing and demo purposes only):

head -c 1000000 /dev/urandom > myfile
bessie encrypt zero myfile myfile_enc
bessie decrypt zero myfile_enc myfile_copy
cmp myfile myfile_copy

To decrypt just the last byte of the encrypted file:

bessie decrypt zero myfile_enc myfile_last --seek=999999

To run tests for the whole project:

./test.py

Dependencies

~2MB
~50K SLoC