ASCON, Rust and AEAD

ASCON, Rust and AEAD

Is ASCON better than AES?

Symmetric key encryption has changed over the years. In what way? Well, in two main ways: we mainly use stream ciphers these days (and which are often much faster than block ciphers), and we often use AEAD (Authenticated Encryption with Additional Data). Also, we often use a sponge function for the encryption process, and which allows us to create a symmetric key method and hashing function from the same technique. Another major change is that Rust is now becoming the de-facto software language of improved robustness in coding.

So, let’s look at a bit of Rust, AEAD and ASCON.

AEAD (Authenticated Encryption with Additional Data)

With symmetric key encryption, we use the same key to encrypt and decrypt:

Alice creates a secret message and ciphers it with her secret key, and then sends this to Bob. He also has the secret key, and so he decrypts it and reveals the secret message. It says “You can take tomorrow as a holiday”. Bob is happy and takes the holiday. Eve, though, has been listening to their communications and, the next day, resends the ciphered message, even though she cannot read it. Bob takes the next day off, and Alice wonders why he is not at work? Eve has thus performed a replay attack on Alice’s ciphered message. So what we need is to bind the cipher to a network connection or a session, in order that Eve cannot recreate the same scenario.

With enhanced encryption methods, we can both authenticate the cipher and prove its integrity. This is known as Authenticated Encryption with Associated Data (AEAD). For this we provide additional data to authenticate the encryption process, and where we can identify where the ciphertext has been modified and for it not to be decrypted.

With most conventional AEAD methods we create a nonce value and add additional data (AD) that is authenticated but not encrypted. The additional data can include:

addresses, ports, sequence numbers, protocol version numbers, and other fields that indicate how the plaintext or ciphertext should be handled, forwarded, or processed

In this way, we can bind network packets to the encrypted data, and provide integrity so that an intruder cannot copy and paste valid ciphertext from other transmissions. For example, if we bind to a packet sequence number and the port, the authentication would fail for another sequence number or another port.

The main methods we can use for AEAD are AES GCM, AES SIV, AES CCM, ChaCha20/Poly1305 and AES OCB3. Each of these are stream ciphers and avoid the block approach of modes such as CBC and ECB.

ASCON and Rust

We first create a new cargo with:

cargo new arc

Next we can edit the cargo.toml file with [here]:

[package]
name = "ascon1"
version = "0.1.0"
edition = "2021"
# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
[dependencies]
ascon = "0.1.4"
rand="0.8.3"
hex="0.4.3"

And then add the following code to main.rs [here]:

use ascon;
use rand::thread_rng;
use rand::Rng;
use hex::{self};
use std::env;
fn get_random_key16() ->  [u8; 16]{
    let mut arr = [0u8; 16];
    thread_rng().try_fill(&mut arr[..]).expect("Ooops!");
    return arr;
}
fn main() {
    let mut msg="hello";
    let mut aad1="test";
    let args: Vec = env::args().collect();
  
    if args.len() >1 { msg = args[1].as_str();}
    if args.len() >2 { aad1 = args[2].as_str();}
    let randkey128=get_random_key16();
    let iv=get_random_key16();

    let plaintext=msg.as_bytes();
    let aad=aad1.as_bytes();
    let (ciphertext,tag) = ascon::aead_encrypt(&randkey128, &iv, 
        plaintext, aad);

  let pt=ascon::aead_decrypt(&randkey128, &iv,&ciphertext[..], &aad, &tag);
  
  let s = String::from_utf8(pt.unwrap()).expect("Found invalid UTF-8");
  println!("Message:\t{}\n",msg);
  println!("AAD:\t\t{}\n",aad1);
  println!("Key:\t\t{}\n",hex::encode(randkey128));
  println!("Cipher:\t\t{}\n",hex::encode(ciphertext));
  println!("Tag:\t\t{}\n",hex::encode(tag));
  println!("Decryped:\t{}", s);
}

A sample run is [here]:

Message:	Hello
AAD:  Additional data
Key:  f055550f3946c5ca75953a2b6275b5cd
Cipher:  86a3f7477b
Tag:  c3a7fa794f9fd442b07dd67940d336db
Decryped: Hello

Notice that the cipher has the same number of bytes as the message and that the tag always has 128 bits (16 bytes). The tag will be used to authenticate the cipher. Here is the running code:

Conclusions

While Golang is my favourite language for prototypes, I build my main code in Rust. As for ASCON, it is a cool symmetric key method that is matched to lightweight applications. A core strength is that the same method can also implement a hashing and a MAC function.