iaik.security.lw.ascon

Class Ascon80PQCipherSpi

java.lang.Object

javax.crypto.CipherSpi

iaik.security.lw.ascon.AsconCipherSpi

iaik.security.lw.ascon.Ascon80PQCipherSpi

public class Ascon80PQCipherSpi
extends AsconCipherSpi

JCE Cipher(Spi) implementation of the Ascon-80pq AEAD encryption algorithm.

Ascon-80pq uses a 160-bit key and processes the data in blocks of 64 bits. The increased key length of Ascon-80pq provides additional protection against exhaustive key search in the case the availability of quantum computers becomes evident. For more details, we refer to the official Ascon specification.

Usage example:

 // register IAIK-LW provider
 IaikLw.addAsProvider();
  

 // the message to be encrypted
 byte[] msg = ...;
 // any associated (additional authentication) data
 byte[] associatedData = ...;
 

 // generate the secret key
 KeyGenerator keyGenerator = KeyGenerator.getInstance("Ascon-80pq");
 SecretKey key = keyGenerator.generateKey();
 

 // encryption
 Cipher encrCipher = Cipher.getInstance("Ascon-80pq/NONE/NoPadding");
 encrCipher.init(Cipher.ENCRYPT_MODE, key);
 encrCipher.updateAAD(associatedData);
 byte[] cipherText = encrCipher.doFinal(msg);
 

 // get parameters generated by the Cipher
 AlgorithmParameters params = cipher.getParameters();
 

 // decryption
 Cipher decrCipher = Cipher.getInstance("Ascon-80pq/NONE/NoPadding");
 decrCipher.init(Cipher.DECRYPT_MODE, key, params);
 decrCipher.updateAAD(associatedData);
 byte[] plainText = decrCipher.doFinal(cipherText);
 

If the Ascon Cipher is initialized for encryption without parameters, as shown in the example above, the required parameters (tag length and nonce) are automatically created by the Ascon Cipher itself. This ensures that a fresh nonce is created anytime before an encryption operation is performed. Thus, it is impossible to use the same nonce repeatedly with the same key.
When explicitly initializing the Ascon Cipher with parameters, make sure that you do not use the same nonce again with the same key:

 int tagSize = 16;
 byte[] nonce = new byte[16];
 SecureRandom random = ...;
 random.nextBytes(random);
 AsconParameterSpec params = new AsconParameterSpec(tagSize, nonce);
 Cipher encrCipher = Cipher.getInstance("Ascon-80pq/NONE/NoPadding");
 encrCipher.init(Cipher.ENCRYPT_MODE, key, params);
 encrCipher.updateAAD(associatedData);
 byte[] cipherText = encrCipher.doFinal(msg);
 

See Also:

Ascon128CipherSpi, Ascon128ACipherSpi, AsconKeyGenerator, AsconParameters

Constructor Summary

Constructors

Constructor and Description
Ascon80PQCipherSpi()

Method Summary

Modifier and Type	Method and Description
protected int	getKeySize() Gets the key size in number of bytes.
protected int	getRate() Gets the rate (block size) in number of bytes.
protected String	getVariant() Gets the variant name.

Methods inherited from class iaik.security.lw.ascon.AsconCipherSpi

engineDoFinal, engineDoFinal, engineGetBlockSize, engineGetIV, engineGetOutputSize, engineGetParameters, engineInit, engineInit, engineInit, engineSetMode, engineSetPadding, engineUpdate, engineUpdate, engineUpdateAAD, engineUpdateAAD

Methods inherited from class javax.crypto.CipherSpi

engineDoFinal, engineGetKeySize, engineUnwrap, engineUpdate, engineWrap

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

Ascon80PQCipherSpi

public Ascon80PQCipherSpi()

Method Detail

getVariant

protected String getVariant()

Gets the variant name.

Specified by:

getVariant in class AsconCipherSpi

Returns:

Ascon-80pq

getRate

protected int getRate()

Gets the rate (block size) in number of bytes.

Specified by:

getRate in class AsconCipherSpi

Returns:

the rate (block size) in number of bytes (8).

getKeySize

protected int getKeySize()

Gets the key size in number of bytes.

Specified by:

getKeySize in class AsconCipherSpi

Returns:

the key size in number of bytes (20).