Skip to content
This repository has been archived by the owner on Jun 23, 2020. It is now read-only.
/ aes-gcm-siv Public archive

.NET Core 3.0 implementation of AES-GCM-SIV nonce misuse-resistant authenticated encryption

License

Notifications You must be signed in to change notification settings

Metalnem/aes-gcm-siv

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

AES-GCM-SIV

NuGet Build Status Blazing Fast API Docs License

.NET Core 3.0 implementation of AES-GCM-SIV nonce misuse-resistant authenticated encryption, defined in draft-irtf-cfrg-gcmsiv-08. Fastest available authenticated encryption library for .NET, with the encryption/decryption rate of roughly 8 Gbps/core. Implemented using .NET Core 3.0 platform intrinsics.

Usage

// Plaintext to encrypt.
var plaintext = "I'm cooking MC's like a pound of bacon";

// Create a 32-byte key.
var key = new byte[32];
RandomNumberGenerator.Fill(key);

// Create a 12-byte nonce.
var nonce = new byte[12];
RandomNumberGenerator.Fill(nonce);

// Create a new AesGcmSiv instance. It implements the IDisposable
// interface, so it's best to create it inside using statement.
using (var siv = new AesGcmSiv(key))
{
  // If the message is string, convert it to byte array first.
  var bytes = Encoding.UTF8.GetBytes(plaintext);

  // Encrypt the message.
  var ciphertext = new byte[bytes.Length];
  var tag = new byte[16];
  siv.Encrypt(nonce, bytes, ciphertext, tag);

  // To decrypt the message, call the Decrypt method with the
  // ciphertext and the same nonce that you generated previously.
  siv.Decrypt(nonce, ciphertext, tag, bytes);

  // If the message was originally string,
  // convert if from byte array to string.
  plaintext = Encoding.UTF8.GetString(bytes);

  // Print the decrypted message to the standard output.
  Console.WriteLine(plaintext);
}

Installation

> dotnet add package AES-GCM-SIV --version 0.3.2

Acknowledgements

This implementation is based on the C intrinsics code written by Shay Gueron.

Resources

AES-GCM-SIV: Nonce Misuse-Resistant Authenticated Encryption
AES-GCM-SIV: Specification and Analysis
Webpage for the AES-GCM-SIV Mode of Operation
AES-GCM-SIV implementations (128 and 256 bit)
Go implementation
Java implementation
AES-GCM-SIV (Adam Langley)
Towards A Safer Footgun (Coda Hale)

Performance (Windows)

BenchmarkDotNet=v0.11.1, OS=Windows 10.0.17134.345 (1803/April2018Update/Redstone4)
Intel Core i7-4800MQ CPU 2.70GHz (Max: 2.69GHz) (Haswell), 1 CPU, 8 logical and 4 physical cores
Frequency=2630636 Hz, Resolution=380.1362 ns, Timer=TSC
.NET Core SDK=3.0.100-alpha1-009638
  [Host] : .NET Core 3.0.0-preview1-27003-04 (CoreCLR 4.6.27002.04, CoreFX 4.6.27002.03), 64bit RyuJIT
Method Categories Size Mean Error StdDev Scaled
AES-GCM Encryption 128 306.2 ns 0.5986 ns 0.5307 ns 1.00
AES-GCM-SIV Encryption 128 287.7 ns 3.6306 ns 3.2185 ns 0.94
AES-GCM Decryption 128 311.7 ns 0.2751 ns 0.2438 ns 1.00
AES-GCM-SIV Decryption 128 329.5 ns 2.6803 ns 2.2382 ns 1.06
AES-GCM Encryption 1024 681.1 ns 1.5380 ns 1.3634 ns 1.00
AES-GCM-SIV Encryption 1024 663.0 ns 2.6639 ns 2.4918 ns 0.97
AES-GCM Decryption 1024 681.0 ns 0.7810 ns 0.6923 ns 1.00
AES-GCM-SIV Decryption 1024 715.3 ns 1.3908 ns 1.3009 ns 1.05
AES-GCM Encryption 4096 1,984.3 ns 6.5387 ns 5.4601 ns 1.00
AES-GCM-SIV Encryption 4096 1,877.8 ns 0.5862 ns 0.5196 ns 0.95
AES-GCM Decryption 4096 1,988.5 ns 1.0060 ns 0.8401 ns 1.00
AES-GCM-SIV Decryption 4096 1,882.5 ns 7.0526 ns 6.5970 ns 0.95
AES-GCM Encryption 8192 3,754.4 ns 84.4706 ns 79.0138 ns 1.00
AES-GCM-SIV Encryption 8192 3,503.4 ns 2.5222 ns 2.1061 ns 0.93
AES-GCM Decryption 8192 4,038.8 ns 79.7916 ns 114.4348 ns 1.00
AES-GCM-SIV Decryption 8192 3,609.7 ns 66.9556 ns 62.6303 ns 0.89

Performance (macOS)

BenchmarkDotNet=v0.11.1, OS=macOS Mojave 10.14 (18A391) [Darwin 18.0.0]
Intel Core i7-5557U CPU 3.10GHz (Broadwell), 1 CPU, 4 logical and 2 physical cores
.NET Core SDK=3.0.100-alpha1-009640
  [Host] : .NET Core 3.0.0-preview1-27004-04 (CoreCLR 4.6.27003.04, CoreFX 4.6.27003.02), 64bit RyuJIT
Method Categories Size Mean Error StdDev Scaled
AES-GCM Encryption 128 503.1 ns 0.2081 ns 0.1737 ns 1.00
AES-GCM-SIV Encryption 128 315.4 ns 0.1813 ns 0.1514 ns 0.63
AES-GCM Decryption 128 517.2 ns 0.4337 ns 0.3621 ns 1.00
AES-GCM-SIV Decryption 128 368.2 ns 0.1659 ns 0.1385 ns 0.71
AES-GCM Encryption 1024 795.1 ns 1.0668 ns 0.9979 ns 1.00
AES-GCM-SIV Encryption 1024 666.7 ns 0.5449 ns 0.4830 ns 0.84
AES-GCM Decryption 1024 779.5 ns 1.2164 ns 0.9497 ns 1.00
AES-GCM-SIV Decryption 1024 697.7 ns 0.8535 ns 0.7566 ns 0.90
AES-GCM Encryption 4096 1,711.2 ns 2.1837 ns 2.0426 ns 1.00
AES-GCM-SIV Encryption 4096 1,767.6 ns 2.5230 ns 2.2366 ns 1.03
AES-GCM Decryption 4096 1,711.9 ns 6.3718 ns 5.9602 ns 1.00
AES-GCM-SIV Decryption 4096 1,780.6 ns 1.7417 ns 1.5440 ns 1.04
AES-GCM Encryption 8192 2,981.2 ns 8.2092 ns 7.6789 ns 1.00
AES-GCM-SIV Encryption 8192 3,276.0 ns 4.5095 ns 3.7657 ns 1.10
AES-GCM Decryption 8192 2,991.5 ns 6.8195 ns 6.3789 ns 1.00
AES-GCM-SIV Decryption 8192 3,205.7 ns 4.4109 ns 4.1260 ns 1.07