glguy/ascon
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Comments and fix error introduce in previous cleanup

Browse Source
This commit is contained in:
Eric Mertens
2025-09-04 20:58:32 -07:00
parent ce7c9a8798
commit 86aab13dc4
1 changed files with 25 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
Ascon.cry
View File

@@ -1,15 +1,21 @@
/** /** Implementation of Ascon-Based Lightweight Cryptography
*
Implementation of Ascon-Based Lightweight Cryptography * Author: Eric Mertens
*
Reference: * Key algorithms:
* - Ascon_p: Core permutation function
Meltem Sönmez Turan, Kerry A. McKay, Donghoon Chang, Jinkeon Kang, * - AEAD128_encrypt/decrypt: Authenticated encryption
John Kelsey (2025) Ascon-Based Lightweight Cryptography Standards * - Hash256: Cryptographic hash function
for Constrained Devices. (National Institute of Standards and Technology, * - XOF128: Extendable output function
Gaithersburg, MD), NIST Special Publication (SP) NIST SP 800-232. * - CXOF128: Customizable extendable output function
https://doi.org/10.6028/NIST.SP.800-232 *
* Reference:
*
* Meltem Sönmez Turan, Kerry A. McKay, Donghoon Chang, Jinkeon Kang,
* John Kelsey (2025) Ascon-Based Lightweight Cryptography Standards
* for Constrained Devices. (National Institute of Standards and Technology,
* Gaithersburg, MD), NIST Special Publication (SP) NIST SP 800-232.
* https://doi.org/10.6028/NIST.SP.800-232
*/ */
module Ascon where module Ascon where
@@ -55,7 +61,10 @@ type constraint ValidRnd rnd = rnd <= 16
Ascon_p : {rnd} (ValidRnd rnd) => State -> State Ascon_p : {rnd} (ValidRnd rnd) => State -> State
Ascon_p S = foldl round S (drop`{back=rnd} Const) Ascon_p S = foldl round S (drop`{back=rnd} Const)
/** Single round of the Ascon-p permutation. */ /**
* Single round of the Ascon-p permutation parameterized by the round
* constant.
*/
round : State -> [64] -> State round : State -> [64] -> State
round S ci = pL (pS (pC S ci)) round S ci = pL (pS (pC S ci))
@@ -217,7 +226,7 @@ AEAD128_decrypt K N A (Cs_ # Cl # T) =
S0 = Ascon_p`{12} [Ascon_AEAD128_IV, K0, K1, N0, N1] ^ [0, 0, 0, K0, K1] S0 = Ascon_p`{12} [Ascon_AEAD128_IV, K0, K1, N0, N1] ^ [0, 0, 0, K0, K1]
SA = AddAD S0 A SA = AddAD S0 A
Cs = split`{p/128, 128} Cs_ Cs = split`{p / 128} Cs_
SCs # [SCl] = [SA] # [Ascon_p`{8} (AssignC s c) | s <- SCs | c <- Cs] SCs # [SCl] = [SA] # [Ascon_p`{8} (AssignC s c) | s <- SCs | c <- Cs]
Masks = map ExtractC SCs Masks = map ExtractC SCs
@@ -225,8 +234,7 @@ AEAD128_decrypt K N A (Cs_ # Cl # T) =
Maskl # SCl' = ExtractC SCl Maskl # SCl' = ExtractC SCl
Sl' = AssignC SCl (Cl # (0b1#0 ^ SCl')) Sl' = AssignC SCl (Cl # (0b1#0 ^ SCl'))
Ps = zipWith (\x y -> ExtractC x ^ y) SCs Cs P = join (Masks ^ Cs) # (Maskl ^ Cl)
P = join (Ps ^ Masks) # (Maskl ^ Cl)
ST = Ascon_p`{12} (Sl' ^ [0, 0, K0, K1, 0]) ST = Ascon_p`{12} (Sl' ^ [0, 0, K0, K1, 0])
T' = ExtractT ST ^ K T' = ExtractT ST ^ K