public class Ascon128ACipherSpi extends AsconCipherSpi
Ascon-128 uses a duplex-sponge-based mode of operation and provides 128-bit security for authenticated encryption.
Ascon-128a uses a 128-bit key, a 128-bit nonce, and associated data of variable length. The associated data and plaintext are processed in blocks of 128 bits. After each injected block (except the last plaintext block), a permutation of 8 rounds is applied. During initialization and finalization, a stronger permutation of 12 rounds is used. Finally, the ciphertext and a 128-bit tag are produced as its output.
Ascon-128a uses a 128-bit key and processes the data in blocks of 64 bits.
Ascon-128a and Ascon-128
provide the same level
of security (128 bits). However, Ascon-128a doubles the rate compared to Ascon-128 at the cost of
slightly more intermediate rounds. As a result, the capacity and robustness of Ascon-128
are higher,
whereas Ascon-128a in general provides a better performance.
For more details, we refer to the official Ascon specification.
Usage example:
// register IAIK-LW provider IaikLw.addAsProvider();
// the message to be encrypted byte[] msg = ...; // any associated (additional authentication) data byte[] associatedData = ...;
// generate the secret key KeyGenerator keyGenerator = KeyGenerator.getInstance("Ascon-128a"); SecretKey key = keyGenerator.generateKey();
// encryption Cipher encrCipher = Cipher.getInstance("Ascon-128a/NONE/NoPadding"); encrCipher.init(Cipher.ENCRYPT_MODE, key); encrCipher.updateAAD(associatedData); byte[] cipherText = encrCipher.doFinal(msg);
// get parameters generated by the Cipher AlgorithmParameters params = cipher.getParameters();
// decryption Cipher decrCipher = Cipher.getInstance("Ascon-128a/NONE/NoPadding"); decrCipher.init(Cipher.DECRYPT_MODE, key, params); decrCipher.updateAAD(associatedData); byte[] plainText = decrCipher.doFinal(cipherText);
If the Ascon Cipher is initialized for encryption without parameters,
as shown in the example above, the required parameters (tag length and
nonce) are automatically created by the Ascon Cipher itself. This ensures
that a fresh nonce is created anytime before an encryption operation is
performed. Thus, it is impossible to use the same nonce repeatedly with the
same key.
When explicitly initializing the Ascon Cipher with parameters
, make sure that
you do not use the same nonce again with the same key:
int tagSize = 16; byte[] nonce = new byte[16]; SecureRandom random = ...; random.nextBytes(random); AsconParameterSpec params = new AsconParameterSpec(tagSize, nonce); Cipher encrCipher = Cipher.getInstance("Ascon-128a/NONE/NoPadding"); encrCipher.init(Cipher.ENCRYPT_MODE, key, params); encrCipher.updateAAD(associatedData); byte[] cipherText = encrCipher.doFinal(msg);
Constructor and Description |
---|
Ascon128ACipherSpi() |
Modifier and Type | Method and Description |
---|---|
protected int |
getKeySize()
Gets the key size in number of bytes.
|
protected int |
getRate()
Gets the rate (block size) in number of bytes.
|
protected String |
getVariant()
Gets the variant name.
|
engineDoFinal, engineDoFinal, engineGetBlockSize, engineGetIV, engineGetOutputSize, engineGetParameters, engineInit, engineInit, engineInit, engineSetMode, engineSetPadding, engineUpdate, engineUpdate, engineUpdateAAD, engineUpdateAAD
engineDoFinal, engineGetKeySize, engineUnwrap, engineUpdate, engineWrap
protected String getVariant()
getVariant
in class AsconCipherSpi
protected int getRate()
getRate
in class AsconCipherSpi
protected int getKeySize()
getKeySize
in class AsconCipherSpi
Copyright © 2022–2023 Stiftung SIC. All rights reserved.