glguy/ascon
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Documentation and improved bit-order treatment

Browse Source
This commit is contained in:
Eric Mertens
2025-09-04 14:55:46 -07:00
committed by Eric Mertens
parent 676629dfe5
commit 51dbdbf415
8 changed files with 105 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
AsconCipher.cry
View File

@@ -5,25 +5,27 @@ import Ascon
// 4. Authenticated Encryption Schema: Ascon-AEAD128
Ascon_AEAD128 : {a, p} (fin a, fin p) => [128] -> [128] -> [a] -> [p] -> [p + 128]
Ascon_AEAD128 (Khi_ # Klo_) (Nhi_ # Nlo_) A P = C # reverse T
Ascon_AEAD128 K N A P = C # T
where
Khi = reverse Khi_
Klo = reverse Klo_
Nhi = reverse Nhi_
Nlo = reverse Nlo_
// key and nonce as two 64-bit integers
[K0,K1] = bitsToWords K
[N0,N1] = bitsToWords N
S0 = Ascon_p`{12} [Ascon_AEAD128_IV, Khi, Klo, Nhi, Nlo]
^ [0, 0, 0, Khi, Klo]
S0 = Ascon_p`{12} [Ascon_AEAD128_IV, K0, K1, N0, N1]
^ [0, 0, 0, K0, K1]
SA = AddAD S0 A
SCs = zipWith XorBlock (take ([SA] # map Ascon_p`{8} SCs)) (toBlocks P)
C = take (join [reverse s0 # reverse s1 | [s0, s1, _, _, _] <- SCs])
C = take (join (map ExtractC SCs))
ST = Ascon_p`{12} (last SCs ^ [0, 0, Khi, Klo, 0])
T = ST@(4:[3]) # ST@(3:[3])
^ Klo # Khi
ST = Ascon_p`{12} (last SCs ^ [0, 0, K0, K1, 0])
T = ExtractT ST ^ K
Ascon_AEAD128_bytes : {a, p} (fin a, fin p) => [16][8] -> [16][8] -> [a][8] -> [p][8] -> [p + 16][8]
Ascon_AEAD128_bytes K N A P =
bitsToWords (Ascon_AEAD128 (wordsToBits K) (wordsToBits N) (wordsToBits A) (wordsToBits P))
AddAD : {a} (fin a) => State -> [a] -> State
AddAD S A
@@ -31,7 +33,7 @@ AddAD S A
| a > 0 => DomainSep (foldl AbsorbBlock S (toBlocks A))
XorBlock : State -> [128] -> State
XorBlock [s0, s1, s2, s3, s4] (x0 # x1) = [s0 ^ reverse x0, s1 ^ reverse x1, s2, s3, s4]
XorBlock [s0, s1, s2, s3, s4] (xhi # xlo) = [s0 ^ xlo, s1 ^ xhi, s2, s3, s4]
AbsorbBlock : State -> [128] -> State
AbsorbBlock S X = Ascon_p`{8} (XorBlock S X)
@@ -39,5 +41,11 @@ AbsorbBlock S X = Ascon_p`{8} (XorBlock S X)
DomainSep : State -> State
DomainSep [s0, s1, s2, s3, s4] = [s0, s1, s2, s3, s4 ^ 0b1 # 0]
ExtractC : State -> [128]
ExtractC [s0, s1, _, _, _] = wordsToBits [s0, s1]
ExtractT : State -> [128]
ExtractT [_, _, _, s3, s4] = wordsToBits [s3, s4]
Ascon_AEAD128_IV : [64]
Ascon_AEAD128_IV = 0x00001000808c0001