Skip to content
/ libaegis Public

Portable C implementations of the AEGIS family of high-performance authenticated encryption algorithms.

datatracker.ietf.org/doc/draft-irtf-cfrg-aegis-aead/

License

MIT license
65 stars 15 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

aegis-aead/libaegis

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

251 Commits
.github/workflows
.github/workflows
 
 
cmake
cmake
 
 
img
img
 
 
src
src
 
 
.clang-format
.clang-format
 
 
.gitignore
.gitignore
 
 
CMakeLists.txt
CMakeLists.txt
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
build.zig
build.zig
 
 

Repository files navigation

libaegis

Portable C implementations of the AEGIS family of high-performance authenticated ciphers (AEGIS-128L, AEGIS-128X2, AEGIS-128X4, AEGIS-256, AEGIS-256X2, AEGIS-256X4), with runtime CPU detection.

Features

  • AEGIS-128L with 16 and 32 bytes tags (software, AES-NI, ARM Crypto, Altivec)
  • AEGIS-128X2 with 16 and 32 bytes tags (software, VAES + AVX2, AES-NI, ARM Crypto, Altivec)
  • AEGIS-128X4 with 16 and 32 bytes tags (software, AVX512, VAES + AVX2, AES-NI, ARM Crypto, Altivec)
  • AEGIS-256 with 16 and 32 bytes tags (software, AES-NI, ARM Crypto, Altivec)
  • AEGIS-256X2 with 16 and 32 bytes tags (software, VAES + AVX2, AES-NI, ARM Crypto, Altivec)
  • AEGIS-256X4 with 16 and 32 bytes tags (software, AVX512, VAES + AVX2, AES-NI, ARM Crypto, Altivec)
  • All variants of AEGIS-MAC, supporting incremental updates.
  • Encryption and decryption with attached and detached tags
  • Incremental encryption and decryption.
  • Unauthenticated encryption and decryption (not recommended - only implemented for specific protocols)
  • Deterministic pseudorandom stream generation.

Installation

Note that the compiler makes a difference. Zig (or a recent clang with target-specific options such as -march=native) produces more efficient code than gcc.

Compilation with zig:

zig build -Drelease

The library and headers are installed in the zig-out folder.

To favor performance over side-channel mitigations on devices without hardware acceleration, add -Dfavor-performance:

zig build -Drelease -Dfavor-performance

A benchmark can also be built with the -Dwith-benchmark option:

zig build -Drelease -Dfavor-performance -Dwith-benchmark

libaegis doesn't need WASI nor any extension to work on WebAssembly. The wasm32-freestanding target is fully supported.

WebAssembly extensions such as bulk_memory and simd128 can be enabled by adding -Dcpu=baseline+bulk_memory+simd128 to the command line.

Compilation with cmake:

mkdir build
cd build
cmake -DCMAKE_INSTALL_PREFIX=/install/prefix ..
make install

To favor performance over side-channel mitigations on devices without hardware acceleration, add -DFAVOR_PERFORMANCE.

Direct inclusion

Copy everything in src directly into your project, and compile everything like regular C code. No special configuration is required.

Usage

Include <aegis.h> and call aegis_init() prior to doing anything else with the library.

aegis_init() checks the CPU capabilities in order to later use the fastest implementations.

Bindings

  • aegis is a set of bindings for Rust.

Libaegis users

  • fizz is Facebook's implementation of TLS 1.3.
  • picotls is a TLS 1.3 implementation in C, with support for the AEGIS cipher suites.
  • h2o is an HTTP/{1,2,3} server with support for the AEGIS cipher suites.

Other implementations

Other AEGIS implementations are also available for most programming languages.

Key differences between AEGIS variants

Feature AEGIS-128L AEGIS-256 AEGIS-128X2 AEGIS-128X4 AEGIS-256X2 AEGIS-256X4
Key Length 128 bits 256 bits 128 bits 128 bits 256 bits 256 bits
Nonce Length 128 bits 256 bits 128 bits 128 bits 256 bits 256 bits
State Size 1024 bits (8 x 128-bit blocks) 768 bits (6 x 128-bit blocks) 2048 bits (2 x 1024-bit states) 4096 bits (4 x 1024-bit states) 1536 bits (2 x 768-bit states) 3072 bits (4 x 768-bit states)
Input Rate 256 bits per update 128 bits per update 512 bits per update 1024 bits per update 256 bits per update 512 bits per update
Parallelism None None 2 parallel lanes 4 parallel lanes 2 parallel lanes 4 parallel lanes
Performance High on standard CPUs High on standard CPUs Higher on CPUs with AVX2 Higher on CPUs with AVX-512 Higher on CPUs with AVX2 Higher on CPUs with AVX-512
Security Level 128-bit security 256-bit security 128-bit security 128-bit security 256-bit security 256-bit security
Special Features Optimized for high performance on standard CPUs with AES instructions Optimized for high security with larger keys Parallelized version of AEGIS-128L Parallelized version of AEGIS-128L Parallelized version of AEGIS-256 Parallelized version of AEGIS-256

Benchmark results

AEGIS is very fast on CPUs with parallel execution pipelines and AES support.

The following results are derived from libaegis, which has been optimized primarily for portability and readability. Other implementations, such as jasmin-aegis or the Zig implementations, may demonstrate better performance.

Encryption (16 KB)

AEGIS benchmark results

Authentication (64 KB)

AEGIS-MAC benchmark results

Mobile benchmarks

AEGIS mobile benchmark results

About

Portable C implementations of the AEGIS family of high-performance authenticated encryption algorithms.

datatracker.ietf.org/doc/draft-irtf-cfrg-aegis-aead/

Topics

cryptography aead cipher aegis libaegis aegis128l aegis256 aegis128x aegis256x

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

65 stars

Watchers

5 watching

Forks

15 forks
Report repository

Releases 20

0.3.0 Latest
Dec 11, 2024
+ 19 releases

Packages

No packages published

Contributors 4

  •  
  •  
  •  
  •  

Languages