Comments (6)
kazcw
commented on June 8, 2024
1
It's a block counter. The seek() parameter is a byte offset.
from stream-ciphers.
newpavlov
commented on June 8, 2024
1
The most straightforward approach will be to add try_seek method and define seek in a similar way to apply_keystream.
from stream-ciphers.
tarcieri
commented on June 8, 2024
Perhaps the seekable range should be represented by an associated type. That could be used to eliminate the possibility of overflow, and therefore the runtime errors.
from stream-ciphers.
kazcw
commented on June 8, 2024
I'm not sure about "eliminate"; that u38 has to come from somewhere 😄
from stream-ciphers.
tarcieri
commented on June 8, 2024
IETF ChaCha20 uses a 32-bit counter (reduced from 64-bits in the original construction). See RFC 7539 section 2.4 (the counter is used as word 12 of the ChaCha20 input array).
As it were, there's a discussion of how to handle counter wrapping/overflow going on right now on the CFRG:
https://mailarchive.ietf.org/arch/browse/cfrg/?gbt=1&index=gsOnTJzcbgG6OqD8Sc0GO5aR_tU
Perhaps you were suggesting modifying the nonce when the counter overflows? One of the CFRG chairs, Kenny Patterson, explicitly recommends against that:
If you really must wrap blockcounter then I'd argue that it should be done without touching the nonce. The reason is that this new nonce (created by incrementing the existing nonce or whatever) could legitimately be used in a different ChaCha instance under the same key, and your code may have no control over what blocknumbers would be used with that nonce value, thereby increasing the risk of reuse of (blockcounter,nonce) pairs. But you'd still need checks to make sure there were no blockcounter repeats if you just wrapped without touching the nonce. Hence better to start low and disallow wraps (which is after all just such a check!).
from stream-ciphers.
tarcieri
commented on June 8, 2024
Aha! Well then, that's what I get for responding to crypto emails before I've had my coffee.
So here's a question: should the seeking granularity, from the perspective of the underlying primitive, be based on a block counter instead of a byte offset? While that doesn't align with the typical definition of a stream cipher, I'd be curious to know if there are any cases where a stream cipher is seekable and yet doesn't act on a block counter-oriented API.
That sounds like an API better suited to the ctr crate, but I imagine most seekable block ciphers would fit into that sort of framework.
Back to @kazcw's original point: I'd agree overflow should return some kind of error, and a Result-oriented API is a good idea.
from stream-ciphers.
Related Issues (20)
- released cfb-mode depends on [email protected] HOT 3
- Please publish aes-ctr v0.5 to crates.io HOT 2
- request for rabbit cipher HOT 1
- ctr: block size vs counter size naming HOT 3
- XChaCha20 unnecessarily limits keystream to 256gb HOT 6
- Missing algorithms HOT 4
- Remove circular dependencies on `aes` crate HOT 1
- why chacha20 seek only works up to 2^37 while xchacha20 seek works up to 2^62? HOT 1
- out of range for slice of length 16 HOT 5
- chacha20: Add wide (4-block) AVX2 impl
- Port chacha20 SIMD backends
- Locking `zeroize` to `<=1.5` for `chacha` prevents compiling with `num-bigint-dig v0.8.1` (for `rsa 0.6.0-pre`) HOT 3
- version 0.9.0 does not compile on Arduino architecture HOT 1
- chacha20: SIGSEGV in CI HOT 8
- Publish `chacha20` crate which is available `neon` feature HOT 1
- Make the neon feature available for ChaCha20 HOT 3
- Does it allow to call decryption method explicitly? HOT 1
- Add more test vectors to salsa20 ? HOT 8
- chacha20: 64-bit counter support HOT 3
- `chacha20` is missing `.zeroize()` for the SIMD backends HOT 16
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from stream-ciphers.