Skip to content
/ bessie Public
forked from oconnor663/bessie

an authenticated, chunked cipher based on BLAKE3

License

View license
0 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

oconnor663-travel/bessie

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

48 Commits
.github/workflows
.github/workflows
 
 
python
python
 
 
rust
rust
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
design.md
design.md
 
 
test.py
test.py
 
 

Repository files navigation

Bessie

docs.rscrates.io libcrates.io bin

Bessie is an authenticated, chunked cipher based on BLAKE3. Right now it's in the early design stages. See design.md. A high-performance implementation of this design is blocked on some upstream refactoring of blake3, to add SIMD optimizations to extended outputs.

Features and design goals:

  • general-purpose authenticated encryption
  • no practical limits on the number or size of messages
  • internal random nonce generation, to prevent mistakes
  • streaming encryption and decryption of large messages
  • seekable decryption of large messages
  • low overhead for small messages
  • key commitment

Non-features and non-goals:

  • Not formally/strongly misuse-resistant. Generating random nonces internally avoids a lot of common mistakes, and mixing auth tags into the stream makes nonce reuse somewhat less catastrophic. But nonce reuse does allow an attacker to mix-and-match chunks from different messages, and chunked/streaming constructions are also inherently vulnerable to nonce reuse exploits that all-at-once constructions like AES-SIV are not.
  • No built-in associated data parameters. Callers who need associated data can mix it with their key using a KDF or a keyed hash.

Although the Bessie cipher and its library implementations are eventually intended for production use, the bessie CLI tool will always be for testing and demo purposes only. A general-purpose encryption CLI for real people needs to support public-key encryption and various ways of encoding and managing keys, neither of which are in scope for this project. If you are a real person and you need a general-purpose encryption CLI, consider age.

Usage

To install the bessie CLI tool, which is for testing and demo purposes only:

cargo install bessie_bin

Or to build and install from this repo:

cargo install --path rust/bin

To encrypt and decrypt a 1 MB file using the all-zero key (seriously, testing and demo purposes only):

head -c 1000000 /dev/urandom > myfile
bessie encrypt zero myfile myfile_enc
bessie decrypt zero myfile_enc myfile_copy
cmp myfile myfile_copy

To decrypt just the last byte of the encrypted file:

bessie decrypt zero myfile_enc myfile_last --seek=999999

To run tests for the whole project:

./test.py

About

an authenticated, chunked cipher based on BLAKE3

Resources

Readme

License

View license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Rust 92.5%
  • Python 7.5%