block-ciphers icon indicating copy to clipboard operation
block-ciphers copied to clipboard
verified publisher icon RustCrypto

threefish: add method to update tweak between encrypt/decrypt calls

Open k3rb3ros opened this issue 1 year ago • 7 comments

Currently, there is no way to update the tweak value between successive encrypt/decrypt calls without creating a new cipher instance. This is inefficient and it would be appreciated if you added a way to update the tweak without creating a new cipher instance. I'm not sure it would be possible to add given that your current implementation stores all of the cipher state in a giant array sk, but in the original C implementation keyCtx is passed into every encrypt/decrypt call, which allowed the tweak to be changed between cipher calls without mucking with the rest of the cipher state.

k3rb3ros avatar Oct 24 '24 06:10 k3rb3ros

We probably should first add a trait for tweakable block ciphers, see: https://github.com/RustCrypto/traits/issues/177

newpavlov avatar Oct 24 '24 08:10 newpavlov

That would be great. What's the timeline for feature development in RustCrypto like that? Weeks, months, years?

k3rb3ros avatar Oct 24 '24 21:10 k3rb3ros

Weeks (or less) if you want to get it into an unstable release, depending on the quality of the PR

tarcieri avatar Oct 24 '24 21:10 tarcieri

(I would personally love to see traits for tweakable block ciphers land finally)

tarcieri avatar Oct 24 '24 21:10 tarcieri

I guess the main question is what API style should we use: one where we pass tweak during en/decryption of each block, or one where we modify block cipher state with a &mut self method. Initially, I thought to use the former, but the latter should be more composable and will require less changes in the cipher crate, but it may be less convenient in cases where users want to keep cipher state immutable.

newpavlov avatar Oct 27 '24 20:10 newpavlov

Personally, I think encapsulating cipher state from the users is a better approach, but I don't have much context on the RustCrypto project and I'm not a cryptographer. I'm just a dude on the internet who wants a feature. Although, as you said adding tweak to every cipher operation would require the greatest number of changes. You could also add additional encrypt/decrypt functions that take a tweak and then turn the existing encrypt functions into wrapper functions that call the tweak parameter versions with a zeroed-out tweak.

k3rb3ros avatar Oct 27 '24 21:10 k3rb3ros

Maybe https://github.com/RustCrypto/traits/issues/177 is a better place for these discussions?

tarcieri avatar Oct 27 '24 21:10 tarcieri