From 8f4d86ee575df183514ec03b4d53f20233608b0c Mon Sep 17 00:00:00 2001 From: Anjan Roy Date: Tue, 17 Dec 2024 22:06:21 +0530 Subject: [PATCH 01/27] Update absorption of associated data to be multi-shot Signed-off-by: Anjan Roy --- include/ascon/aead/ascon_aead128.hpp | 12 +++++- include/ascon/aead/duplex.hpp | 59 ++++++++++++++++++++-------- 2 files changed, 52 insertions(+), 19 deletions(-) diff --git a/include/ascon/aead/ascon_aead128.hpp b/include/ascon/aead/ascon_aead128.hpp index 461ff69..66853fd 100644 --- a/include/ascon/aead/ascon_aead128.hpp +++ b/include/ascon/aead/ascon_aead128.hpp @@ -32,7 +32,11 @@ encrypt(std::span key, ascon_perm::ascon_perm_t state{}; ascon_duplex_mode::initialize(state, key, nonce); - ascon_duplex_mode::process_associated_data(state, associated_data); + + size_t block_offset = 0; + ascon_duplex_mode::absorb_associated_data(state, block_offset, associated_data); + ascon_duplex_mode::finalize_associated_data(state, block_offset, associated_data.size()); + ascon_duplex_mode::process_plaintext(state, plaintext, ciphertext); ascon_duplex_mode::finalize(state, key, tag); } @@ -64,7 +68,11 @@ decrypt(std::span key, std::array computed_tag{}; ascon_duplex_mode::initialize(state, key, nonce); - ascon_duplex_mode::process_associated_data(state, associated_data); + + size_t block_offset = 0; + ascon_duplex_mode::absorb_associated_data(state, block_offset, associated_data); + ascon_duplex_mode::finalize_associated_data(state, block_offset, associated_data.size()); + ascon_duplex_mode::process_ciphertext(state, cipher, text); ascon_duplex_mode::finalize(state, key, computed_tag); diff --git a/include/ascon/aead/duplex.hpp b/include/ascon/aead/duplex.hpp index 2f64475..3f96cc8 100644 --- a/include/ascon/aead/duplex.hpp +++ b/include/ascon/aead/duplex.hpp @@ -42,39 +42,64 @@ initialize(ascon_perm::ascon_perm_t& state, std::span data) +absorb_associated_data(ascon_perm::ascon_perm_t& state, size_t& block_offset, std::span data) { const size_t dlen = data.size(); - if (dlen > 0) { - const size_t total_num_blocks = (dlen + 1 + (RATE_BYTES - 1)) / RATE_BYTES; + if (dlen > 0) [[likely]] { + std::array block{}; + auto block_span = std::span(block); - std::array chunk{}; - auto chunk_span = std::span(chunk); + const size_t total_num_blocks = (block_offset + dlen) / RATE_BYTES; + size_t data_offset = 0; - // Process full message blocks, expect the last one, which is padded. - for (size_t block_index = 0; block_index < total_num_blocks - 1; block_index++) { - (void)ascon_common_utils::get_ith_msg_blk(data, block_index, chunk_span); + for (size_t block_index = 0; block_index < total_num_blocks; block_index++) { + const size_t readable = RATE_BYTES - block_offset; - state[0] ^= ascon_common_utils::from_le_bytes(chunk_span.first<8>()); - state[1] ^= ascon_common_utils::from_le_bytes(chunk_span.last<8>()); + std::copy_n(data.subspan(data_offset).begin(), readable, block_span.subspan(block_offset).begin()); + + state[0] ^= ascon_common_utils::from_le_bytes(block_span.first<8>()); + state[1] ^= ascon_common_utils::from_le_bytes(block_span.last<8>()); state.permute(); + + data_offset += readable; + block_offset = 0; } - // Process last message block, which is padded. - const size_t final_block_index = total_num_blocks - 1; + const size_t remaining_num_bytes = dlen - data_offset; - const size_t read = ascon_common_utils::get_ith_msg_blk(data, final_block_index, chunk_span); - ascon_common_utils::pad_msg_blk(chunk_span, read); + std::fill(block_span.begin(), block_span.end(), 0); + std::copy_n(data.subspan(data_offset).begin(), remaining_num_bytes, block_span.subspan(block_offset).begin()); - state[0] ^= ascon_common_utils::from_le_bytes(chunk_span.first<8>()); - state[1] ^= ascon_common_utils::from_le_bytes(chunk_span.last<8>()); + state[0] ^= ascon_common_utils::from_le_bytes(block_span.first<8>()); + state[1] ^= ascon_common_utils::from_le_bytes(block_span.last<8>()); + + block_offset += remaining_num_bytes; + } +} + +// Finalizes the associated data absorption process by adding a 1-bit domain separator. +// No more associated data can be absorbed after calling this function. +// See point 2 of section 4.1.1 in Ascon draft standard @ https://doi.org/10.6028/NIST.SP.800-232.ipd. +forceinline constexpr void +finalize_associated_data(ascon_perm::ascon_perm_t& state, size_t& block_offset, const size_t absorbed_data_byte_len) +{ + if (absorbed_data_byte_len > 0) { + std::array block{}; + auto block_span = std::span(block); + + block_span[block_offset] = 0x01; + + state[0] ^= ascon_common_utils::from_le_bytes(block_span.first<8>()); + state[1] ^= ascon_common_utils::from_le_bytes(block_span.last<8>()); state.permute(); + block_offset = 0; } // final 1 -bit domain separator constant mixing is mandatory From effff35923b05b15cd590f8519da21b7025d0380 Mon Sep 17 00:00:00 2001 From: Anjan Roy Date: Thu, 19 Dec 2024 15:33:39 +0400 Subject: [PATCH 02/27] Update encryption of plaintext to be multi-shot Signed-off-by: Anjan Roy --- include/ascon/aead/ascon_aead128.hpp | 4 +- include/ascon/aead/duplex.hpp | 80 ++++++++++++++++++---------- 2 files changed, 55 insertions(+), 29 deletions(-) diff --git a/include/ascon/aead/ascon_aead128.hpp b/include/ascon/aead/ascon_aead128.hpp index 66853fd..ce4b734 100644 --- a/include/ascon/aead/ascon_aead128.hpp +++ b/include/ascon/aead/ascon_aead128.hpp @@ -37,7 +37,9 @@ encrypt(std::span key, ascon_duplex_mode::absorb_associated_data(state, block_offset, associated_data); ascon_duplex_mode::finalize_associated_data(state, block_offset, associated_data.size()); - ascon_duplex_mode::process_plaintext(state, plaintext, ciphertext); + ascon_duplex_mode::absorb_plaintext(state, block_offset, plaintext, ciphertext); + ascon_duplex_mode::finalize_plaintext(state, block_offset); + ascon_duplex_mode::finalize(state, key, tag); } diff --git a/include/ascon/aead/duplex.hpp b/include/ascon/aead/duplex.hpp index 3f96cc8..479488a 100644 --- a/include/ascon/aead/duplex.hpp +++ b/include/ascon/aead/duplex.hpp @@ -106,47 +106,71 @@ finalize_associated_data(ascon_perm::ascon_perm_t& state, size_t& block_offset, state[4] ^= (0b1ul << 63u); } -// Encrypts arbitrary length plain text, producing equal length cipher text. -// See point 3 of section 4.1.1 in Ascon draft standard @ https://doi.org/10.6028/NIST.SP.800-232.ipd. +/** + * @brief Absorbs arbitrary-length plaintext into the Ascon permutation state and produces ciphertext. + * This function can be called multiple times with different spans of plaintext before calling `finalize_plaintext`. + * See point 3 of section 4.1.1 in Ascon draft standard @ https://doi.org/10.6028/NIST.SP.800-232.ipd. + * + * @param state Ascon permutation state. + * @param block_offset Offset within the current block, must be <= `RATE_BYTES`. + * @param plaintext Plaintext to be absorbed. + * @param ciphertext Ciphertext produced. + */ forceinline constexpr void -process_plaintext(ascon_perm::ascon_perm_t& state, std::span text, std::span cipher) +absorb_plaintext(ascon_perm::ascon_perm_t& state, size_t& block_offset, std::span plaintext, std::span ciphertext) { - const size_t ctlen = text.size(); - const size_t total_num_blocks = (ctlen + 1 + (RATE_BYTES - 1)) / RATE_BYTES; + std::array block{}; + auto block_span = std::span(block); - std::array chunk{}; - auto chunk_span = std::span(chunk); + const size_t ptlen = plaintext.size(); + size_t pt_offset = 0; - using span_8bytes_t = std::span; - size_t off = 0; + while (pt_offset < ptlen) { + const size_t absorbable_num_bytes = RATE_BYTES - block_offset; + const size_t available_num_bytes = ptlen - pt_offset; + const size_t to_be_absorbed_num_bytes = std::min(absorbable_num_bytes, available_num_bytes); - // Process full message blocks, expect the last one, which is padded. - for (size_t block_index = 0; block_index < total_num_blocks - 1; block_index++) { - (void)ascon_common_utils::get_ith_msg_blk(text, block_index, chunk_span); + std::copy_n(plaintext.subspan(pt_offset).begin(), to_be_absorbed_num_bytes, block_span.subspan(block_offset).begin()); + std::fill_n(block_span.subspan(block_offset + to_be_absorbed_num_bytes).begin(), block_span.size() - (block_offset + to_be_absorbed_num_bytes), 0); - state[0] ^= ascon_common_utils::from_le_bytes(chunk_span.first<8>()); - state[1] ^= ascon_common_utils::from_le_bytes(chunk_span.last<8>()); + state[0] ^= ascon_common_utils::from_le_bytes(block_span.first<8>()); + state[1] ^= ascon_common_utils::from_le_bytes(block_span.last<8>()); - ascon_common_utils::to_le_bytes(state[0], span_8bytes_t(cipher.subspan(off, 8))); - ascon_common_utils::to_le_bytes(state[1], span_8bytes_t(cipher.subspan(off + 8, 8))); + ascon_common_utils::to_le_bytes(state[0], block_span.first<8>()); + ascon_common_utils::to_le_bytes(state[1], block_span.last<8>()); - state.permute(); - off += RATE_BYTES; - } + std::copy_n(block_span.subspan(block_offset).begin(), to_be_absorbed_num_bytes, ciphertext.subspan(pt_offset).begin()); - // Process last message block, which is padded. - const size_t final_block_index = total_num_blocks - 1; + pt_offset += to_be_absorbed_num_bytes; + block_offset += to_be_absorbed_num_bytes; - const size_t read = ascon_common_utils::get_ith_msg_blk(text, final_block_index, chunk_span); - ascon_common_utils::pad_msg_blk(chunk_span, read); + if (block_offset == RATE_BYTES) { + state.permute(); + block_offset = 0; + } + } +} - state[0] ^= ascon_common_utils::from_le_bytes(chunk_span.first<8>()); - state[1] ^= ascon_common_utils::from_le_bytes(chunk_span.last<8>()); +/** + * @brief Finalizes the plaintext absorption process by adding a 1-bit domain separator. + * No more plaintext can be encrypted after calling this function. + * See point 3 of section 4.1.1 in Ascon draft standard @ https://doi.org/10.6028/NIST.SP.800-232.ipd. + * + * @param state Ascon permutation state. + * @param block_offset Offset within the current block, must be <= `RATE_BYTES`. + */ +forceinline constexpr void +finalize_plaintext(ascon_perm::ascon_perm_t& state, size_t& block_offset) +{ + std::array block{}; + auto block_span = std::span(block); + + block_span[block_offset] = 0x01; - ascon_common_utils::to_le_bytes(state[0], chunk_span.first<8>()); - ascon_common_utils::to_le_bytes(state[1], chunk_span.last<8>()); + state[0] ^= ascon_common_utils::from_le_bytes(block_span.first<8>()); + state[1] ^= ascon_common_utils::from_le_bytes(block_span.last<8>()); - std::copy_n(chunk_span.begin(), read, cipher.subspan(off).begin()); + block_offset = 0; } // Decrypts arbitrary length cipher text, producing equal length plain text. From 50ed1f0459d3590cca835b7c03c8143de85b527e Mon Sep 17 00:00:00 2001 From: Anjan Roy Date: Thu, 19 Dec 2024 15:53:00 +0400 Subject: [PATCH 03/27] Simplify control flow in function, absorbing associated data Signed-off-by: Anjan Roy --- include/ascon/aead/duplex.hpp | 64 +++++++++++++++++++---------------- 1 file changed, 34 insertions(+), 30 deletions(-) diff --git a/include/ascon/aead/duplex.hpp b/include/ascon/aead/duplex.hpp index 479488a..ea84ac8 100644 --- a/include/ascon/aead/duplex.hpp +++ b/include/ascon/aead/duplex.hpp @@ -42,50 +42,54 @@ initialize(ascon_perm::ascon_perm_t& state, std::span data) { - const size_t dlen = data.size(); + std::array block{}; + auto block_span = std::span(block); - if (dlen > 0) [[likely]] { - std::array block{}; - auto block_span = std::span(block); + const size_t dlen = data.size(); + size_t data_offset = 0; - const size_t total_num_blocks = (block_offset + dlen) / RATE_BYTES; - size_t data_offset = 0; + while (data_offset < dlen) { + const size_t absorbable_num_bytes = RATE_BYTES - block_offset; + const size_t available_num_bytes = dlen - data_offset; + const size_t to_be_absorbed_num_bytes = std::min(absorbable_num_bytes, available_num_bytes); - for (size_t block_index = 0; block_index < total_num_blocks; block_index++) { - const size_t readable = RATE_BYTES - block_offset; + std::copy_n(data.subspan(data_offset).begin(), to_be_absorbed_num_bytes, block_span.subspan(block_offset).begin()); + std::fill_n(block_span.subspan(block_offset + to_be_absorbed_num_bytes).begin(), block_span.size() - (block_offset + to_be_absorbed_num_bytes), 0); - std::copy_n(data.subspan(data_offset).begin(), readable, block_span.subspan(block_offset).begin()); + state[0] ^= ascon_common_utils::from_le_bytes(block_span.first<8>()); + state[1] ^= ascon_common_utils::from_le_bytes(block_span.last<8>()); - state[0] ^= ascon_common_utils::from_le_bytes(block_span.first<8>()); - state[1] ^= ascon_common_utils::from_le_bytes(block_span.last<8>()); + data_offset += to_be_absorbed_num_bytes; + block_offset += to_be_absorbed_num_bytes; + if (block_offset == RATE_BYTES) { state.permute(); - - data_offset += readable; block_offset = 0; } - - const size_t remaining_num_bytes = dlen - data_offset; - - std::fill(block_span.begin(), block_span.end(), 0); - std::copy_n(data.subspan(data_offset).begin(), remaining_num_bytes, block_span.subspan(block_offset).begin()); - - state[0] ^= ascon_common_utils::from_le_bytes(block_span.first<8>()); - state[1] ^= ascon_common_utils::from_le_bytes(block_span.last<8>()); - - block_offset += remaining_num_bytes; } } -// Finalizes the associated data absorption process by adding a 1-bit domain separator. -// No more associated data can be absorbed after calling this function. -// See point 2 of section 4.1.1 in Ascon draft standard @ https://doi.org/10.6028/NIST.SP.800-232.ipd. +/** + * @brief Finalizes the associated data absorption process by adding a 1-bit domain separator. + * No more associated data can be absorbed after calling this function. + * See point 2 of section 4.1.1 in Ascon draft standard @ https://doi.org/10.6028/NIST.SP.800-232.ipd. + * + * @param state Ascon permutation state. + * @param block_offset Offset within the current block, must be <= `RATE_BYTES`. + * @param absorbed_data_byte_len The total number of bytes of associated data absorbed. + */ forceinline constexpr void finalize_associated_data(ascon_perm::ascon_perm_t& state, size_t& block_offset, const size_t absorbed_data_byte_len) { @@ -102,7 +106,7 @@ finalize_associated_data(ascon_perm::ascon_perm_t& state, size_t& block_offset, block_offset = 0; } - // final 1 -bit domain separator constant mixing is mandatory + // Final 1 -bit domain separator constant mixing is mandatory state[4] ^= (0b1ul << 63u); } From 01c1fc0985da457c3ec9192fe21bfe3b2d44e134 Mon Sep 17 00:00:00 2001 From: Anjan Roy Date: Thu, 19 Dec 2024 15:58:54 +0400 Subject: [PATCH 04/27] Prefer more explicit function name Signed-off-by: Anjan Roy --- include/ascon/aead/ascon_aead128.hpp | 2 +- include/ascon/aead/duplex.hpp | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/include/ascon/aead/ascon_aead128.hpp b/include/ascon/aead/ascon_aead128.hpp index ce4b734..1c24635 100644 --- a/include/ascon/aead/ascon_aead128.hpp +++ b/include/ascon/aead/ascon_aead128.hpp @@ -37,7 +37,7 @@ encrypt(std::span key, ascon_duplex_mode::absorb_associated_data(state, block_offset, associated_data); ascon_duplex_mode::finalize_associated_data(state, block_offset, associated_data.size()); - ascon_duplex_mode::absorb_plaintext(state, block_offset, plaintext, ciphertext); + ascon_duplex_mode::encrypt_plaintext(state, block_offset, plaintext, ciphertext); ascon_duplex_mode::finalize_plaintext(state, block_offset); ascon_duplex_mode::finalize(state, key, tag); diff --git a/include/ascon/aead/duplex.hpp b/include/ascon/aead/duplex.hpp index ea84ac8..8189534 100644 --- a/include/ascon/aead/duplex.hpp +++ b/include/ascon/aead/duplex.hpp @@ -121,7 +121,7 @@ finalize_associated_data(ascon_perm::ascon_perm_t& state, size_t& block_offset, * @param ciphertext Ciphertext produced. */ forceinline constexpr void -absorb_plaintext(ascon_perm::ascon_perm_t& state, size_t& block_offset, std::span plaintext, std::span ciphertext) +encrypt_plaintext(ascon_perm::ascon_perm_t& state, size_t& block_offset, std::span plaintext, std::span ciphertext) { std::array block{}; auto block_span = std::span(block); From af9772574625481727d9d2015b8be6eefc4d548b Mon Sep 17 00:00:00 2001 From: Anjan Roy Date: Thu, 19 Dec 2024 16:43:28 +0400 Subject: [PATCH 05/27] Update decryption of ciphertext to be multi-shot Signed-off-by: Anjan Roy --- include/ascon/aead/ascon_aead128.hpp | 12 ++-- include/ascon/aead/duplex.hpp | 104 ++++++++++++--------------- 2 files changed, 54 insertions(+), 62 deletions(-) diff --git a/include/ascon/aead/ascon_aead128.hpp b/include/ascon/aead/ascon_aead128.hpp index 1c24635..786dc58 100644 --- a/include/ascon/aead/ascon_aead128.hpp +++ b/include/ascon/aead/ascon_aead128.hpp @@ -38,7 +38,7 @@ encrypt(std::span key, ascon_duplex_mode::finalize_associated_data(state, block_offset, associated_data.size()); ascon_duplex_mode::encrypt_plaintext(state, block_offset, plaintext, ciphertext); - ascon_duplex_mode::finalize_plaintext(state, block_offset); + ascon_duplex_mode::finalize_ciphering(state, block_offset); ascon_duplex_mode::finalize(state, key, tag); } @@ -62,8 +62,8 @@ forceinline constexpr bool decrypt(std::span key, std::span nonce, std::span associated_data, - std::span cipher, - std::span text, + std::span ciphertext, + std::span plaintext, std::span tag) { ascon_perm::ascon_perm_t state{}; @@ -75,11 +75,13 @@ decrypt(std::span key, ascon_duplex_mode::absorb_associated_data(state, block_offset, associated_data); ascon_duplex_mode::finalize_associated_data(state, block_offset, associated_data.size()); - ascon_duplex_mode::process_ciphertext(state, cipher, text); + ascon_duplex_mode::decrypt_ciphertext(state, block_offset, ciphertext, plaintext); + ascon_duplex_mode::finalize_ciphering(state, block_offset); + ascon_duplex_mode::finalize(state, key, computed_tag); const uint32_t flg = ascon_common_utils::ct_eq_byte_array(tag, computed_tag); - ascon_common_utils::ct_conditional_memset(~flg, text, 0); + ascon_common_utils::ct_conditional_memset(~flg, plaintext, 0); return static_cast(flg); } diff --git a/include/ascon/aead/duplex.hpp b/include/ascon/aead/duplex.hpp index 8189534..022d19f 100644 --- a/include/ascon/aead/duplex.hpp +++ b/include/ascon/aead/duplex.hpp @@ -112,7 +112,7 @@ finalize_associated_data(ascon_perm::ascon_perm_t& state, size_t& block_offset, /** * @brief Absorbs arbitrary-length plaintext into the Ascon permutation state and produces ciphertext. - * This function can be called multiple times with different spans of plaintext before calling `finalize_plaintext`. + * This function can be called multiple times with different spans of plaintext before calling `finalize_ciphering`. * See point 3 of section 4.1.1 in Ascon draft standard @ https://doi.org/10.6028/NIST.SP.800-232.ipd. * * @param state Ascon permutation state. @@ -131,8 +131,8 @@ encrypt_plaintext(ascon_perm::ascon_perm_t& state, size_t& block_offset, std::sp while (pt_offset < ptlen) { const size_t absorbable_num_bytes = RATE_BYTES - block_offset; - const size_t available_num_bytes = ptlen - pt_offset; - const size_t to_be_absorbed_num_bytes = std::min(absorbable_num_bytes, available_num_bytes); + const size_t remaining_num_bytes = ptlen - pt_offset; + const size_t to_be_absorbed_num_bytes = std::min(absorbable_num_bytes, remaining_num_bytes); std::copy_n(plaintext.subspan(pt_offset).begin(), to_be_absorbed_num_bytes, block_span.subspan(block_offset).begin()); std::fill_n(block_span.subspan(block_offset + to_be_absorbed_num_bytes).begin(), block_span.size() - (block_offset + to_be_absorbed_num_bytes), 0); @@ -156,81 +156,71 @@ encrypt_plaintext(ascon_perm::ascon_perm_t& state, size_t& block_offset, std::sp } /** - * @brief Finalizes the plaintext absorption process by adding a 1-bit domain separator. - * No more plaintext can be encrypted after calling this function. - * See point 3 of section 4.1.1 in Ascon draft standard @ https://doi.org/10.6028/NIST.SP.800-232.ipd. + * @brief Absorbs arbitrary-length ciphertext into the Ascon permutation state and produces decrypted plaintext. + * This function can be called multiple times with different spans of ciphertext before calling `finalize_ciphering`. + * See point 3 of section 4.1.2 in Ascon draft standard @ https://doi.org/10.6028/NIST.SP.800-232.ipd. * * @param state Ascon permutation state. * @param block_offset Offset within the current block, must be <= `RATE_BYTES`. + * @param ciphertext Ciphertext to be decrypted. + * @param plaintext Plaintext produced. */ forceinline constexpr void -finalize_plaintext(ascon_perm::ascon_perm_t& state, size_t& block_offset) +decrypt_ciphertext(ascon_perm::ascon_perm_t& state, size_t& block_offset, std::span ciphertext, std::span plaintext) { std::array block{}; auto block_span = std::span(block); - block_span[block_offset] = 0x01; - - state[0] ^= ascon_common_utils::from_le_bytes(block_span.first<8>()); - state[1] ^= ascon_common_utils::from_le_bytes(block_span.last<8>()); + const size_t ctlen = ciphertext.size(); + size_t ct_offset = 0; - block_offset = 0; -} - -// Decrypts arbitrary length cipher text, producing equal length plain text. -// See point 3 of section 4.1.2 in Ascon draft standard @ https://doi.org/10.6028/NIST.SP.800-232.ipd. -forceinline constexpr void -process_ciphertext(ascon_perm::ascon_perm_t& state, std::span cipher, std::span text) -{ - const size_t ctlen = cipher.size(); - const size_t total_num_blocks = (ctlen + 1 + (RATE_BYTES - 1)) / RATE_BYTES; - - std::array chunk{}; - auto chunk_span = std::span(chunk); - - using span_8bytes_t = std::span; - size_t off = 0; + while (ct_offset < ctlen) { + const size_t absorbable_num_bytes = RATE_BYTES - block_offset; + const size_t remaining_num_bytes = ctlen - ct_offset; + const size_t to_be_absorbed_num_bytes = std::min(absorbable_num_bytes, remaining_num_bytes); - // Process full message blocks, expect the last one, which is padded. - for (size_t block_index = 0; block_index < total_num_blocks - 1; block_index++) { - (void)ascon_common_utils::get_ith_msg_blk(cipher, block_index, chunk_span); + std::copy_n(ciphertext.subspan(ct_offset).begin(), to_be_absorbed_num_bytes, block_span.subspan(block_offset).begin()); + std::fill_n(block_span.subspan(block_offset + to_be_absorbed_num_bytes).begin(), block_span.size() - (block_offset + to_be_absorbed_num_bytes), 0); - const auto ct_first_word = ascon_common_utils::from_le_bytes(chunk_span.first<8>()); - const auto ct_last_word = ascon_common_utils::from_le_bytes(chunk_span.last<8>()); + ascon_common_utils::to_le_bytes(state[0] ^ ascon_common_utils::from_le_bytes(block_span.first<8>()), block_span.first<8>()); + ascon_common_utils::to_le_bytes(state[1] ^ ascon_common_utils::from_le_bytes(block_span.last<8>()), block_span.last<8>()); - const uint64_t pt_first_word = state[0] ^ ct_first_word; - const uint64_t pt_last_word = state[1] ^ ct_last_word; + std::copy_n(block_span.subspan(block_offset).begin(), to_be_absorbed_num_bytes, plaintext.subspan(ct_offset).begin()); + std::fill_n(block_span.subspan(block_offset + to_be_absorbed_num_bytes).begin(), block_span.size() - (block_offset + to_be_absorbed_num_bytes), 0); - state[0] = ct_first_word; - state[1] = ct_last_word; + state[0] ^= ascon_common_utils::from_le_bytes(block_span.first<8>()); + state[1] ^= ascon_common_utils::from_le_bytes(block_span.last<8>()); - ascon_common_utils::to_le_bytes(pt_first_word, span_8bytes_t(text.subspan(off, 8))); - ascon_common_utils::to_le_bytes(pt_last_word, span_8bytes_t(text.subspan(off + 8, 8))); + ct_offset += to_be_absorbed_num_bytes; + block_offset += to_be_absorbed_num_bytes; - state.permute(); - off += RATE_BYTES; + if (block_offset == RATE_BYTES) { + state.permute(); + block_offset = 0; + } } +} - // Process last message block, which is padded. - const size_t final_block_index = total_num_blocks - 1; - - const size_t read = ascon_common_utils::get_ith_msg_blk(cipher, final_block_index, chunk_span); - std::fill_n(chunk_span.subspan(read).begin(), RATE_BYTES - read, 0); - - const uint64_t ct_first_word = ascon_common_utils::from_le_bytes(chunk_span.first<8>()); - const uint64_t ct_last_word = ascon_common_utils::from_le_bytes(chunk_span.last<8>()); - - const uint64_t pt_first_word = state[0] ^ ct_first_word; - const uint64_t pt_last_word = state[1] ^ ct_last_word; +/** + * @brief Finalizes the plaintext/ciphertext absorption process by adding a 1-bit domain separator to be permutation state. + * No more plaintext/ciphertext can be encrypted/decrypted after calling this function. + * See point 3 of section 4.1.1 in Ascon draft standard @ https://doi.org/10.6028/NIST.SP.800-232.ipd. + * + * @param state Ascon permutation state. + * @param block_offset Offset within the current block, must be <= `RATE_BYTES`. + */ +forceinline constexpr void +finalize_ciphering(ascon_perm::ascon_perm_t& state, size_t& block_offset) +{ + std::array block{}; + auto block_span = std::span(block); - ascon_common_utils::to_le_bytes(pt_first_word, chunk_span.first<8>()); - ascon_common_utils::to_le_bytes(pt_last_word, chunk_span.last<8>()); - std::copy_n(chunk_span.begin(), read, text.subspan(off).begin()); + block_span[block_offset] = 0x01; - ascon_common_utils::pad_msg_blk(chunk_span, read); + state[0] ^= ascon_common_utils::from_le_bytes(block_span.first<8>()); + state[1] ^= ascon_common_utils::from_le_bytes(block_span.last<8>()); - state[0] ^= ascon_common_utils::from_le_bytes(chunk_span.first<8>()); - state[1] ^= ascon_common_utils::from_le_bytes(chunk_span.last<8>()); + block_offset = 0; } // Finalizes the Ascon permutation state, producing 16 -bytes authentication tag. From a539f17b9032a787ffeedb74122a27bcdaca3909 Mon Sep 17 00:00:00 2001 From: Anjan Roy Date: Thu, 19 Dec 2024 16:48:07 +0400 Subject: [PATCH 06/27] Update API documentation for AEAD duplex mode function(s) Signed-off-by: Anjan Roy --- include/ascon/aead/duplex.hpp | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) diff --git a/include/ascon/aead/duplex.hpp b/include/ascon/aead/duplex.hpp index 022d19f..72bb91e 100644 --- a/include/ascon/aead/duplex.hpp +++ b/include/ascon/aead/duplex.hpp @@ -22,8 +22,14 @@ static constexpr size_t KEY_BYTE_LEN = BIT_SECURITY_LEVEL / std::numeric_limits< static constexpr size_t NONCE_BYTE_LEN = BIT_SECURITY_LEVEL / std::numeric_limits::digits; static constexpr size_t TAG_BYTE_LEN = BIT_SECURITY_LEVEL / std::numeric_limits::digits; -// Initialize Ascon permutation state with 16 -bytes key and nonce. -// See point 1 of section 4.1.1 in Ascon draft standard @ https://doi.org/10.6028/NIST.SP.800-232.ipd. +/** + * @brief Initializes the Ascon permutation state with the given key and nonce. + * See point 1 of section 4.1.1 in Ascon draft standard @ https://doi.org/10.6028/NIST.SP.800-232.ipd. + * + * @param state Ascon permutation state. + * @param key Encryption key. + * @param nonce Nonce - don't repeat it, for the same key ! + */ forceinline constexpr void initialize(ascon_perm::ascon_perm_t& state, std::span key, std::span nonce) { @@ -223,8 +229,14 @@ finalize_ciphering(ascon_perm::ascon_perm_t& state, size_t& block_offset) block_offset = 0; } -// Finalizes the Ascon permutation state, producing 16 -bytes authentication tag. -// See point 4 of section 4.1.1 in Ascon draft standard @ https://doi.org/10.6028/NIST.SP.800-232.ipd. +/** + * @brief Finalizes the Ascon permutation state and produces a tag. + * See point 4 of section 4.1.1 in Ascon draft standard @ https://doi.org/10.6028/NIST.SP.800-232.ipd. + * + * @param state Ascon permutation state. + * @param key Key used for encryption/decryption. + * @param tag Authentication tag produced. + */ forceinline constexpr void finalize(ascon_perm::ascon_perm_t& state, std::span key, std::span tag) { From 782a3f0b0fea0f08371d5b2282bf2bb8a2280551 Mon Sep 17 00:00:00 2001 From: Anjan Roy Date: Thu, 19 Dec 2024 21:02:10 +0400 Subject: [PATCH 07/27] Add path to subtle as dependency in makefile rule Signed-off-by: Anjan Roy --- examples/example.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/example.mk b/examples/example.mk index cbf96f4..494b061 100644 --- a/examples/example.mk +++ b/examples/example.mk @@ -8,7 +8,7 @@ EXAMPLE_EXECS := $(addprefix $(EXAMPLE_BUILD_DIR)/, $(notdir $(EXAMPLE_SOURCES:. $(EXAMPLE_BUILD_DIR): mkdir -p $@ -$(EXAMPLE_BUILD_DIR)/%.exe: $(EXAMPLE_DIR)/%.cpp $(EXAMPLE_BUILD_DIR) +$(EXAMPLE_BUILD_DIR)/%.exe: $(EXAMPLE_DIR)/%.cpp $(EXAMPLE_BUILD_DIR) $(SUBTLE_INC_DIR) $(CXX) $(CXX_DEFS) $(CXX_FLAGS) $(WARN_FLAGS) $(RELEASE_FLAGS) $(I_FLAGS) $(DEP_IFLAGS) $< -o $@ example: $(EXAMPLE_EXECS) ## Build and run example program, demonstrating usage of Ascon API From a10e4ecf90137271e53cac9bf8292b96016866fc Mon Sep 17 00:00:00 2001 From: Anjan Roy Date: Thu, 19 Dec 2024 21:10:21 +0400 Subject: [PATCH 08/27] Remove unused functions Signed-off-by: Anjan Roy --- include/ascon/utils/common.hpp | 25 ------------------------- 1 file changed, 25 deletions(-) diff --git a/include/ascon/utils/common.hpp b/include/ascon/utils/common.hpp index be07518..c3768a4 100644 --- a/include/ascon/utils/common.hpp +++ b/include/ascon/utils/common.hpp @@ -1,7 +1,6 @@ #pragma once #include "ascon/utils/force_inline.hpp" #include "subtle.hpp" -#include #include #include #include @@ -53,30 +52,6 @@ to_le_bytes(const uint64_t num, std::span bytes) bytes[7] = static_cast(num >> 56); } -// Safely reads the requested message block, handling message blocks shorter than `block_len`. -template -[[nodiscard]] -forceinline constexpr size_t -get_ith_msg_blk(std::span msg, const size_t i, std::span msg_block) -{ - // This routine makes an assumption that function caller invokes it with such `i` value that off <= msg.size(). - const size_t msg_offset = i * block_len; - const size_t remaining_num_msg_bytes = msg.size() - msg_offset; - const size_t readable = std::min(block_len, remaining_num_msg_bytes); - - std::copy_n(msg.subspan(msg_offset).begin(), readable, msg_block.begin()); - return readable; -} - -// Pads a message block with a single 0x80 byte, and all subsequent bytes are set to zero. -template -forceinline constexpr void -pad_msg_blk(std::span msg_blk, const size_t used) -{ - std::fill_n(msg_blk.subspan(used).begin(), block_len - used, 0); - msg_blk[used] = 0x01; -} - // Performs a constant-time comparison of two byte arrays of length `len`. Returns all bits set (0xFFFFFFFF) if equal, otherwise all bits clear (0x00000000). template [[nodiscard]] From 834e81688c0a00c610174c9a1ee89ba14ff5c7ca Mon Sep 17 00:00:00 2001 From: Anjan Roy Date: Mon, 14 Apr 2025 20:16:11 +0400 Subject: [PATCH 09/27] Ascon aead struct supporting incremental encrypt/ decrypt Signed-off-by: Anjan Roy --- include/ascon/aead/ascon_aead128.hpp | 113 +++++++++++++++++++++++++++ 1 file changed, 113 insertions(+) diff --git a/include/ascon/aead/ascon_aead128.hpp b/include/ascon/aead/ascon_aead128.hpp index 786dc58..412169c 100644 --- a/include/ascon/aead/ascon_aead128.hpp +++ b/include/ascon/aead/ascon_aead128.hpp @@ -1,5 +1,10 @@ #pragma once #include "ascon/aead/duplex.hpp" +#include "ascon/permutation/ascon.hpp" +#include "ascon/utils/common.hpp" +#include "ascon/utils/force_inline.hpp" +#include +#include namespace ascon_aead128 { @@ -7,6 +12,114 @@ static constexpr size_t KEY_BYTE_LEN = ascon_duplex_mode::KEY_BYTE_LEN; static constexpr size_t NONCE_BYTE_LEN = ascon_duplex_mode::NONCE_BYTE_LEN; static constexpr size_t TAG_BYTE_LEN = ascon_duplex_mode::TAG_BYTE_LEN; +struct ascon_aead128_t +{ +private: + std::array key{}; + std::array nonce{}; + + ascon_perm::ascon_perm_t state{}; + size_t offset = 0; + size_t total_absorbed_data_byte_len = 0; + + alignas(4) bool finished_absorbing_data = false; + alignas(4) bool finished_ciphering = false; + alignas(4) bool finished_squeezing_tag = false; + +public: + forceinline constexpr ascon_aead128_t(std::span key, std::span nonce) + { + ascon_duplex_mode::initialize(state, key, nonce); + } + forceinline constexpr ~ascon_aead128_t() { this->reset(); } + + [[nodiscard]] + forceinline constexpr bool absorb_data(std::span data) + { + if (finished_absorbing_data) { + return false; + } + + ascon_duplex_mode::absorb_associated_data(state, offset, data); + total_absorbed_data_byte_len += data.size(); + + return true; + } + + [[nodiscard]] + forceinline constexpr bool finalize_data() + { + if (finished_absorbing_data) { + return false; + } + + ascon_duplex_mode::finalize_associated_data(state, offset, total_absorbed_data_byte_len); + finished_absorbing_data = true; + + return true; + } + + [[nodiscard]] + forceinline constexpr bool encrypt_plaintext(std::span plaintext, std::span ciphertext) + { + if (!finished_absorbing_data || finished_ciphering) { + return false; + } + + ascon_duplex_mode::encrypt_plaintext(state, offset, plaintext, ciphertext); + return true; + } + + [[nodiscard]] + forceinline constexpr bool decrypt_plaintext(std::span ciphertext, std::span plaintext) + { + if (!finished_absorbing_data || finished_ciphering) { + return false; + } + + ascon_duplex_mode::decrypt_ciphertext(state, offset, ciphertext, plaintext); + return true; + } + + [[nodiscard]] + forceinline constexpr bool finalize_ciphering() + { + if (!finished_absorbing_data || finished_ciphering) { + return false; + } + + ascon_duplex_mode::finalize_ciphering(state, offset); + finished_ciphering = true; + + return true; + } + + [[nodiscard]] + forceinline constexpr bool squeeze_tag(std::span tag) + { + if (!finished_absorbing_data || !finished_ciphering || finished_squeezing_tag) { + return false; + } + + ascon_duplex_mode::finalize(state, key, tag); + finished_squeezing_tag = true; + + return true; + } + + forceinline constexpr void reset() + { + this->key.fill(0); + this->nonce.fill(0); + this->state.reset(); + this->offset = 0; + this->total_absorbed_data_byte_len = 0; + this->finished_absorbing_data = false; + this->finished_ciphering = false; + this->finished_squeezing_tag = false; + } +}; + /** * @brief Encrypts plaintext using the Ascon-AEAD128 algorithm. * From 59839c701a6e668b2d4299336c3d684459cf6d4c Mon Sep 17 00:00:00 2001 From: Anjan Roy Date: Tue, 15 Apr 2025 08:34:46 +0400 Subject: [PATCH 10/27] Add error type for ascon-aead128, make incremental ciphering easy to use Signed-off-by: Anjan Roy --- include/ascon/aead/ascon_aead128.hpp | 104 ++++++++++++++++++--------- 1 file changed, 72 insertions(+), 32 deletions(-) diff --git a/include/ascon/aead/ascon_aead128.hpp b/include/ascon/aead/ascon_aead128.hpp index 412169c..d69ba46 100644 --- a/include/ascon/aead/ascon_aead128.hpp +++ b/include/ascon/aead/ascon_aead128.hpp @@ -5,6 +5,7 @@ #include "ascon/utils/force_inline.hpp" #include #include +#include namespace ascon_aead128 { @@ -12,6 +13,24 @@ static constexpr size_t KEY_BYTE_LEN = ascon_duplex_mode::KEY_BYTE_LEN; static constexpr size_t NONCE_BYTE_LEN = ascon_duplex_mode::NONCE_BYTE_LEN; static constexpr size_t TAG_BYTE_LEN = ascon_duplex_mode::TAG_BYTE_LEN; +enum class ascon_aead128_error_t : uint8_t +{ + absorbed_data = 0x01, + finalized_data_absorption_phase, + data_absorption_phase_already_finalized, + still_absorbing_data, + + encrypted_plaintext, + finalized_encryption_phase, + encryption_phase_already_finalized, + + decrypted_ciphertext, + finalized_decryption_phase, + decryption_phase_already_finalized, + decryption_success_as_tag_matches, + decryption_failure_due_to_tag_mismatch, +}; + struct ascon_aead128_t { private: @@ -23,8 +42,8 @@ struct ascon_aead128_t size_t total_absorbed_data_byte_len = 0; alignas(4) bool finished_absorbing_data = false; - alignas(4) bool finished_ciphering = false; - alignas(4) bool finished_squeezing_tag = false; + alignas(4) bool finished_encrypting_plaintext = false; + alignas(8) bool finished_decrypting_ciphertext = false; public: forceinline constexpr ascon_aead128_t(std::span key, std::span nonce) @@ -34,89 +53,110 @@ struct ascon_aead128_t forceinline constexpr ~ascon_aead128_t() { this->reset(); } [[nodiscard]] - forceinline constexpr bool absorb_data(std::span data) + forceinline constexpr ascon_aead128_error_t absorb_data(std::span data) { if (finished_absorbing_data) { - return false; + return ascon_aead128_error_t::data_absorption_phase_already_finalized; } ascon_duplex_mode::absorb_associated_data(state, offset, data); total_absorbed_data_byte_len += data.size(); - return true; + return ascon_aead128_error_t::absorbed_data; } [[nodiscard]] - forceinline constexpr bool finalize_data() + forceinline constexpr ascon_aead128_error_t finalize_data() { if (finished_absorbing_data) { - return false; + return ascon_aead128_error_t::data_absorption_phase_already_finalized; } ascon_duplex_mode::finalize_associated_data(state, offset, total_absorbed_data_byte_len); finished_absorbing_data = true; - return true; + return ascon_aead128_error_t::finalized_data_absorption_phase; } [[nodiscard]] - forceinline constexpr bool encrypt_plaintext(std::span plaintext, std::span ciphertext) + forceinline constexpr ascon_aead128_error_t encrypt_plaintext(std::span plaintext, std::span ciphertext) { - if (!finished_absorbing_data || finished_ciphering) { - return false; + if (!finished_absorbing_data) { + return ascon_aead128_error_t::still_absorbing_data; + } + if (finished_encrypting_plaintext) { + return ascon_aead128_error_t::encryption_phase_already_finalized; } ascon_duplex_mode::encrypt_plaintext(state, offset, plaintext, ciphertext); - return true; + return ascon_aead128_error_t::encrypted_plaintext; } [[nodiscard]] - forceinline constexpr bool decrypt_plaintext(std::span ciphertext, std::span plaintext) + forceinline constexpr ascon_aead128_error_t finalize_encrypt(std::span tag) { - if (!finished_absorbing_data || finished_ciphering) { - return false; + if (!finished_absorbing_data) { + return ascon_aead128_error_t::still_absorbing_data; + } + if (finished_encrypting_plaintext) { + return ascon_aead128_error_t::encryption_phase_already_finalized; } - ascon_duplex_mode::decrypt_ciphertext(state, offset, ciphertext, plaintext); - return true; + ascon_duplex_mode::finalize_ciphering(state, offset); + finished_encrypting_plaintext = true; + ascon_duplex_mode::finalize(state, key, tag); + + return ascon_aead128_error_t::finalized_encryption_phase; } [[nodiscard]] - forceinline constexpr bool finalize_ciphering() + forceinline constexpr ascon_aead128_error_t decrypt_ciphertext(std::span ciphertext, std::span plaintext) { - if (!finished_absorbing_data || finished_ciphering) { - return false; + if (!finished_absorbing_data) { + return ascon_aead128_error_t::still_absorbing_data; + } + if (finished_decrypting_ciphertext) { + return ascon_aead128_error_t::decryption_phase_already_finalized; } - ascon_duplex_mode::finalize_ciphering(state, offset); - finished_ciphering = true; - - return true; + ascon_duplex_mode::decrypt_ciphertext(state, offset, ciphertext, plaintext); + return ascon_aead128_error_t::decrypted_ciphertext; } [[nodiscard]] - forceinline constexpr bool squeeze_tag(std::span tag) + forceinline constexpr ascon_aead128_error_t finalize_decrypt(std::span tag) { - if (!finished_absorbing_data || !finished_ciphering || finished_squeezing_tag) { - return false; + if (!finished_absorbing_data) { + return ascon_aead128_error_t::still_absorbing_data; + } + if (finished_decrypting_ciphertext) { + return ascon_aead128_error_t::decryption_phase_already_finalized; } - ascon_duplex_mode::finalize(state, key, tag); - finished_squeezing_tag = true; + ascon_duplex_mode::finalize_ciphering(state, offset); + finished_decrypting_ciphertext = true; + + std::array computed_tag{}; + + ascon_duplex_mode::finalize(state, key, computed_tag); + const uint32_t flag = ascon_common_utils::ct_eq_byte_array(tag, computed_tag); - return true; + return flag == std::numeric_limits::max() ? ascon_aead128_error_t::decryption_success_as_tag_matches + : ascon_aead128_error_t::decryption_failure_due_to_tag_mismatch; } forceinline constexpr void reset() { this->key.fill(0); this->nonce.fill(0); + this->state.reset(); this->offset = 0; this->total_absorbed_data_byte_len = 0; + this->finished_absorbing_data = false; - this->finished_ciphering = false; - this->finished_squeezing_tag = false; + this->finished_encrypting_plaintext = false; + this->finished_decrypting_ciphertext = false; } }; From b82a13ef111d11c17319ed0b8439610c2b864b19 Mon Sep 17 00:00:00 2001 From: Anjan Roy Date: Tue, 15 Apr 2025 08:44:36 +0400 Subject: [PATCH 11/27] Get rid of redundant error type from enum Signed-off-by: Anjan Roy --- include/ascon/aead/ascon_aead128.hpp | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/include/ascon/aead/ascon_aead128.hpp b/include/ascon/aead/ascon_aead128.hpp index d69ba46..c4d83b5 100644 --- a/include/ascon/aead/ascon_aead128.hpp +++ b/include/ascon/aead/ascon_aead128.hpp @@ -25,10 +25,9 @@ enum class ascon_aead128_error_t : uint8_t encryption_phase_already_finalized, decrypted_ciphertext, - finalized_decryption_phase, - decryption_phase_already_finalized, decryption_success_as_tag_matches, decryption_failure_due_to_tag_mismatch, + decryption_phase_already_finalized, }; struct ascon_aead128_t From a25ffc22eb632dbc134af706ea17d9a51ec9c282 Mon Sep 17 00:00:00 2001 From: Anjan Roy Date: Tue, 15 Apr 2025 09:00:07 +0400 Subject: [PATCH 12/27] Keep a copy of the key and nonce in ascon-aead128 struct Signed-off-by: Anjan Roy --- include/ascon/aead/ascon_aead128.hpp | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/include/ascon/aead/ascon_aead128.hpp b/include/ascon/aead/ascon_aead128.hpp index c4d83b5..fb573fb 100644 --- a/include/ascon/aead/ascon_aead128.hpp +++ b/include/ascon/aead/ascon_aead128.hpp @@ -3,6 +3,7 @@ #include "ascon/permutation/ascon.hpp" #include "ascon/utils/common.hpp" #include "ascon/utils/force_inline.hpp" +#include #include #include #include @@ -47,7 +48,10 @@ struct ascon_aead128_t public: forceinline constexpr ascon_aead128_t(std::span key, std::span nonce) { - ascon_duplex_mode::initialize(state, key, nonce); + std::copy(key.begin(), key.end(), this->key.begin()); + std::copy(nonce.begin(), nonce.end(), this->nonce.begin()); + + ascon_duplex_mode::initialize(state, this->key, this->nonce); } forceinline constexpr ~ascon_aead128_t() { this->reset(); } From 1299668837740a0fcda26f0721cbcf0ad6b47646 Mon Sep 17 00:00:00 2001 From: Anjan Roy Date: Tue, 15 Apr 2025 09:00:42 +0400 Subject: [PATCH 13/27] Update Ascon-aead128 KAT tests to use newly developed incremental ciphering API Signed-off-by: Anjan Roy --- tests/kat_ascon_aead128.cpp | 22 +++++++++++++++++----- 1 file changed, 17 insertions(+), 5 deletions(-) diff --git a/tests/kat_ascon_aead128.cpp b/tests/kat_ascon_aead128.cpp index f950157..0dcf56e 100644 --- a/tests/kat_ascon_aead128.cpp +++ b/tests/kat_ascon_aead128.cpp @@ -1,5 +1,6 @@ #include "ascon/aead/ascon_aead128.hpp" #include "test_helper.hpp" +#include #include #include @@ -46,20 +47,31 @@ TEST(AsconAEAD128, KnownAnswerTests) auto key_span = std::span(key); auto nonce_span = std::span(nonce); + auto ct_span = std::span(ct); + auto tag_span = std::span(ct_span.last(ascon_aead128::TAG_BYTE_LEN)); std::vector computed_ct(pt.size()); std::array computed_tag{}; std::vector computed_pt(computed_ct.size()); - ascon_aead128::encrypt(key_span, nonce_span, ad, pt, computed_ct, computed_tag); - const auto is_decrypted = ascon_aead128::decrypt(key_span, nonce_span, ad, computed_ct, computed_pt, computed_tag); + ascon_aead128::ascon_aead128_t enc_handle(key_span, nonce_span); - EXPECT_TRUE(is_decrypted); + EXPECT_EQ(enc_handle.absorb_data(ad), ascon_aead128::ascon_aead128_error_t::absorbed_data); + EXPECT_EQ(enc_handle.finalize_data(), ascon_aead128::ascon_aead128_error_t::finalized_data_absorption_phase); - auto ct_span = std::span(ct); + EXPECT_EQ(enc_handle.encrypt_plaintext(pt, computed_ct), ascon_aead128::ascon_aead128_error_t::encrypted_plaintext); + EXPECT_EQ(enc_handle.finalize_encrypt(computed_tag), ascon_aead128::ascon_aead128_error_t::finalized_encryption_phase); + + ascon_aead128::ascon_aead128_t dec_handle(key_span, nonce_span); + + EXPECT_EQ(dec_handle.absorb_data(ad), ascon_aead128::ascon_aead128_error_t::absorbed_data); + EXPECT_EQ(dec_handle.finalize_data(), ascon_aead128::ascon_aead128_error_t::finalized_data_absorption_phase); + + EXPECT_EQ(dec_handle.decrypt_ciphertext(computed_ct, computed_pt), ascon_aead128::ascon_aead128_error_t::decrypted_ciphertext); + EXPECT_EQ(dec_handle.finalize_decrypt(tag_span), ascon_aead128::ascon_aead128_error_t::decryption_success_as_tag_matches); EXPECT_TRUE(std::ranges::equal(ct_span.first(pt.size()), computed_ct)); - EXPECT_TRUE(std::ranges::equal(ct_span.last(computed_tag.size()), computed_tag)); + EXPECT_TRUE(std::ranges::equal(tag_span, computed_tag)); std::string empty_line; std::getline(file, empty_line); From cbb56ba5f335ee6dd97bd4fef48c46365aa551ba Mon Sep 17 00:00:00 2001 From: Anjan Roy Date: Wed, 16 Apr 2025 08:02:31 +0400 Subject: [PATCH 14/27] Refactor ascon-aead128 error codes Signed-off-by: Anjan Roy --- include/ascon/aead/ascon_aead128.hpp | 56 +++++++++++++--------------- tests/kat_ascon_aead128.cpp | 16 ++++---- 2 files changed, 34 insertions(+), 38 deletions(-) diff --git a/include/ascon/aead/ascon_aead128.hpp b/include/ascon/aead/ascon_aead128.hpp index fb573fb..9967ab0 100644 --- a/include/ascon/aead/ascon_aead128.hpp +++ b/include/ascon/aead/ascon_aead128.hpp @@ -14,12 +14,12 @@ static constexpr size_t KEY_BYTE_LEN = ascon_duplex_mode::KEY_BYTE_LEN; static constexpr size_t NONCE_BYTE_LEN = ascon_duplex_mode::NONCE_BYTE_LEN; static constexpr size_t TAG_BYTE_LEN = ascon_duplex_mode::TAG_BYTE_LEN; -enum class ascon_aead128_error_t : uint8_t +enum class ascon_aead128_status_t : uint8_t { absorbed_data = 0x01, + still_in_data_absorption_phase, finalized_data_absorption_phase, data_absorption_phase_already_finalized, - still_absorbing_data, encrypted_plaintext, finalized_encryption_phase, @@ -35,7 +35,6 @@ struct ascon_aead128_t { private: std::array key{}; - std::array nonce{}; ascon_perm::ascon_perm_t state{}; size_t offset = 0; @@ -49,91 +48,89 @@ struct ascon_aead128_t forceinline constexpr ascon_aead128_t(std::span key, std::span nonce) { std::copy(key.begin(), key.end(), this->key.begin()); - std::copy(nonce.begin(), nonce.end(), this->nonce.begin()); - - ascon_duplex_mode::initialize(state, this->key, this->nonce); + ascon_duplex_mode::initialize(state, this->key, nonce); } forceinline constexpr ~ascon_aead128_t() { this->reset(); } [[nodiscard]] - forceinline constexpr ascon_aead128_error_t absorb_data(std::span data) + forceinline constexpr ascon_aead128_status_t absorb_data(std::span data) { if (finished_absorbing_data) { - return ascon_aead128_error_t::data_absorption_phase_already_finalized; + return ascon_aead128_status_t::data_absorption_phase_already_finalized; } ascon_duplex_mode::absorb_associated_data(state, offset, data); total_absorbed_data_byte_len += data.size(); - return ascon_aead128_error_t::absorbed_data; + return ascon_aead128_status_t::absorbed_data; } [[nodiscard]] - forceinline constexpr ascon_aead128_error_t finalize_data() + forceinline constexpr ascon_aead128_status_t finalize_data() { if (finished_absorbing_data) { - return ascon_aead128_error_t::data_absorption_phase_already_finalized; + return ascon_aead128_status_t::data_absorption_phase_already_finalized; } ascon_duplex_mode::finalize_associated_data(state, offset, total_absorbed_data_byte_len); finished_absorbing_data = true; - return ascon_aead128_error_t::finalized_data_absorption_phase; + return ascon_aead128_status_t::finalized_data_absorption_phase; } [[nodiscard]] - forceinline constexpr ascon_aead128_error_t encrypt_plaintext(std::span plaintext, std::span ciphertext) + forceinline constexpr ascon_aead128_status_t encrypt_plaintext(std::span plaintext, std::span ciphertext) { if (!finished_absorbing_data) { - return ascon_aead128_error_t::still_absorbing_data; + return ascon_aead128_status_t::still_in_data_absorption_phase; } if (finished_encrypting_plaintext) { - return ascon_aead128_error_t::encryption_phase_already_finalized; + return ascon_aead128_status_t::encryption_phase_already_finalized; } ascon_duplex_mode::encrypt_plaintext(state, offset, plaintext, ciphertext); - return ascon_aead128_error_t::encrypted_plaintext; + return ascon_aead128_status_t::encrypted_plaintext; } [[nodiscard]] - forceinline constexpr ascon_aead128_error_t finalize_encrypt(std::span tag) + forceinline constexpr ascon_aead128_status_t finalize_encrypt(std::span tag) { if (!finished_absorbing_data) { - return ascon_aead128_error_t::still_absorbing_data; + return ascon_aead128_status_t::still_in_data_absorption_phase; } if (finished_encrypting_plaintext) { - return ascon_aead128_error_t::encryption_phase_already_finalized; + return ascon_aead128_status_t::encryption_phase_already_finalized; } ascon_duplex_mode::finalize_ciphering(state, offset); finished_encrypting_plaintext = true; ascon_duplex_mode::finalize(state, key, tag); - return ascon_aead128_error_t::finalized_encryption_phase; + return ascon_aead128_status_t::finalized_encryption_phase; } [[nodiscard]] - forceinline constexpr ascon_aead128_error_t decrypt_ciphertext(std::span ciphertext, std::span plaintext) + forceinline constexpr ascon_aead128_status_t decrypt_ciphertext(std::span ciphertext, std::span plaintext) { if (!finished_absorbing_data) { - return ascon_aead128_error_t::still_absorbing_data; + return ascon_aead128_status_t::still_in_data_absorption_phase; } if (finished_decrypting_ciphertext) { - return ascon_aead128_error_t::decryption_phase_already_finalized; + return ascon_aead128_status_t::decryption_phase_already_finalized; } ascon_duplex_mode::decrypt_ciphertext(state, offset, ciphertext, plaintext); - return ascon_aead128_error_t::decrypted_ciphertext; + return ascon_aead128_status_t::decrypted_ciphertext; } [[nodiscard]] - forceinline constexpr ascon_aead128_error_t finalize_decrypt(std::span tag) + forceinline constexpr ascon_aead128_status_t finalize_decrypt(std::span tag) { if (!finished_absorbing_data) { - return ascon_aead128_error_t::still_absorbing_data; + return ascon_aead128_status_t::still_in_data_absorption_phase; } if (finished_decrypting_ciphertext) { - return ascon_aead128_error_t::decryption_phase_already_finalized; + return ascon_aead128_status_t::decryption_phase_already_finalized; } ascon_duplex_mode::finalize_ciphering(state, offset); @@ -144,14 +141,13 @@ struct ascon_aead128_t ascon_duplex_mode::finalize(state, key, computed_tag); const uint32_t flag = ascon_common_utils::ct_eq_byte_array(tag, computed_tag); - return flag == std::numeric_limits::max() ? ascon_aead128_error_t::decryption_success_as_tag_matches - : ascon_aead128_error_t::decryption_failure_due_to_tag_mismatch; + return flag == std::numeric_limits::max() ? ascon_aead128_status_t::decryption_success_as_tag_matches + : ascon_aead128_status_t::decryption_failure_due_to_tag_mismatch; } forceinline constexpr void reset() { this->key.fill(0); - this->nonce.fill(0); this->state.reset(); this->offset = 0; diff --git a/tests/kat_ascon_aead128.cpp b/tests/kat_ascon_aead128.cpp index 0dcf56e..2995f8c 100644 --- a/tests/kat_ascon_aead128.cpp +++ b/tests/kat_ascon_aead128.cpp @@ -56,19 +56,19 @@ TEST(AsconAEAD128, KnownAnswerTests) ascon_aead128::ascon_aead128_t enc_handle(key_span, nonce_span); - EXPECT_EQ(enc_handle.absorb_data(ad), ascon_aead128::ascon_aead128_error_t::absorbed_data); - EXPECT_EQ(enc_handle.finalize_data(), ascon_aead128::ascon_aead128_error_t::finalized_data_absorption_phase); + EXPECT_EQ(enc_handle.absorb_data(ad), ascon_aead128::ascon_aead128_status_t::absorbed_data); + EXPECT_EQ(enc_handle.finalize_data(), ascon_aead128::ascon_aead128_status_t::finalized_data_absorption_phase); - EXPECT_EQ(enc_handle.encrypt_plaintext(pt, computed_ct), ascon_aead128::ascon_aead128_error_t::encrypted_plaintext); - EXPECT_EQ(enc_handle.finalize_encrypt(computed_tag), ascon_aead128::ascon_aead128_error_t::finalized_encryption_phase); + EXPECT_EQ(enc_handle.encrypt_plaintext(pt, computed_ct), ascon_aead128::ascon_aead128_status_t::encrypted_plaintext); + EXPECT_EQ(enc_handle.finalize_encrypt(computed_tag), ascon_aead128::ascon_aead128_status_t::finalized_encryption_phase); ascon_aead128::ascon_aead128_t dec_handle(key_span, nonce_span); - EXPECT_EQ(dec_handle.absorb_data(ad), ascon_aead128::ascon_aead128_error_t::absorbed_data); - EXPECT_EQ(dec_handle.finalize_data(), ascon_aead128::ascon_aead128_error_t::finalized_data_absorption_phase); + EXPECT_EQ(dec_handle.absorb_data(ad), ascon_aead128::ascon_aead128_status_t::absorbed_data); + EXPECT_EQ(dec_handle.finalize_data(), ascon_aead128::ascon_aead128_status_t::finalized_data_absorption_phase); - EXPECT_EQ(dec_handle.decrypt_ciphertext(computed_ct, computed_pt), ascon_aead128::ascon_aead128_error_t::decrypted_ciphertext); - EXPECT_EQ(dec_handle.finalize_decrypt(tag_span), ascon_aead128::ascon_aead128_error_t::decryption_success_as_tag_matches); + EXPECT_EQ(dec_handle.decrypt_ciphertext(computed_ct, computed_pt), ascon_aead128::ascon_aead128_status_t::decrypted_ciphertext); + EXPECT_EQ(dec_handle.finalize_decrypt(tag_span), ascon_aead128::ascon_aead128_status_t::decryption_success_as_tag_matches); EXPECT_TRUE(std::ranges::equal(ct_span.first(pt.size()), computed_ct)); EXPECT_TRUE(std::ranges::equal(tag_span, computed_tag)); From 6ae0081dc0eac821e3c018aa68c7bde84a50013e Mon Sep 17 00:00:00 2001 From: Anjan Roy Date: Wed, 16 Apr 2025 22:22:56 +0400 Subject: [PATCH 15/27] Add doxygen documentation for Ascon-AEAD128 class Generated with help of Google Gemini 2.0 Flash LLM Signed-off-by: Anjan Roy --- include/ascon/aead/ascon_aead128.hpp | 183 +++++++++++++++++++++++++++ 1 file changed, 183 insertions(+) diff --git a/include/ascon/aead/ascon_aead128.hpp b/include/ascon/aead/ascon_aead128.hpp index 9967ab0..cf1b70d 100644 --- a/include/ascon/aead/ascon_aead128.hpp +++ b/include/ascon/aead/ascon_aead128.hpp @@ -14,23 +14,110 @@ static constexpr size_t KEY_BYTE_LEN = ascon_duplex_mode::KEY_BYTE_LEN; static constexpr size_t NONCE_BYTE_LEN = ascon_duplex_mode::NONCE_BYTE_LEN; static constexpr size_t TAG_BYTE_LEN = ascon_duplex_mode::TAG_BYTE_LEN; +/** + * @brief Represents the status of an Ascon-AEAD128 operation. + * + * This enum provides detailed information about the current state of the Ascon-AEAD128 + * encryption or decryption process, including the absorption of associated data, + * encryption/decryption of plaintext/ciphertext, and finalization steps. + */ enum class ascon_aead128_status_t : uint8_t { + /** + * @brief Indicates that data has been successfully absorbed into the Ascon state. + * + * This status is returned by `absorb_data` when associated data is successfully absorbed. + */ absorbed_data = 0x01, + + /** + * @brief Indicates that the process is still in the data absorption phase. + * + * This status is returned by `encrypt_plaintext` or `decrypt_ciphertext` if data absorption + * phase has not yet been finalized. + */ still_in_data_absorption_phase, + + /** + * @brief Indicates that the data absorption phase has been successfully finalized. + * + * This status is returned by `finalize_data` after associated data absorption is complete. + */ finalized_data_absorption_phase, + + /** + * @brief Indicates that the data absorption phase has already been finalized. + * + * This status is returned by `absorb_data` or `finalize_data` if called after + * `finalize_data` has already been called. Meaning you should not be able to absorb + * any more associated data, after that phase has finished. + */ data_absorption_phase_already_finalized, + /** + * @brief Indicates that plaintext has been successfully encrypted, generating ciphertext. + * + * This status is returned by `encrypt_plaintext` after successful encryption. + */ encrypted_plaintext, + + /** + * @brief Indicates that the encryption phase has been successfully completed. + * + * This status is returned by `finalize_encrypt` after tag generation. + */ finalized_encryption_phase, + + /** + * @brief Indicates that the encryption phase has already been finalized. + * + * This status is returned by `encrypt_plaintext` or `finalize_encrypt` if called after + * `finalize_encrypt` has already been called. Meaning you should not be able to encrypt + * any more plaintext, after encryption phase has finished. Now, you have to get rid of + * this instance of Ascon-AEAD128. + */ encryption_phase_already_finalized, + /** + * @brief Indicates that ciphertext has been successfully decrypted, generating plaintext. + * + * This status is returned by `decrypt_ciphertext` after successful decryption. + */ decrypted_ciphertext, + + /** + * @brief Indicates that decryption was successful and the computed tag matches the provided tag. + * + * This status is returned by `finalize_decrypt` if tag verification succeeds. + */ decryption_success_as_tag_matches, + + /** + * @brief Indicates that decryption failed due to a tag mismatch. + * + * This status is returned by `finalize_decrypt` if tag verification fails. Meaning you have to + * discard all of previously decrypted plaintext. + */ decryption_failure_due_to_tag_mismatch, + + /** + * @brief Indicates that the decryption phase has already been finalized. + * + * This status is returned by `decrypt_ciphertext` or `finalize_decrypt` if called after + * `finalize_decrypt` has already been called. Meaning you should not be able to decrypt + * any more ciphertext, after decryption phase has finished. Now, you have to get rid of + * this instance of Ascon-AEAD128. + */ decryption_phase_already_finalized, }; +/** + * @brief Provides an incremental API for the Ascon-AEAD128 authenticated encryption with associated data algorithm. + * + * This struct allows for encryption and decryption with associated data in a step-by-step manner. + * It encapsulates the state of the Ascon-AEAD128 algorithm, managing the key, internal state, and + * flags for tracking the progress of the encryption/decryption process. + */ struct ascon_aead128_t { private: @@ -45,13 +132,34 @@ struct ascon_aead128_t alignas(8) bool finished_decrypting_ciphertext = false; public: + /** + * @brief Constructs an `ascon_aead128_t` object, initializing the Ascon state with the key and nonce. + * + * @param key The 128-bit encryption key. + * @param nonce The 128-bit nonce (must be unique for each encryption with the same key). + */ forceinline constexpr ascon_aead128_t(std::span key, std::span nonce) { std::copy(key.begin(), key.end(), this->key.begin()); ascon_duplex_mode::initialize(state, this->key, nonce); } + + /** + * @brief Destroys the `ascon_aead128_t` object and resets its internal state, zeroing the key. + */ forceinline constexpr ~ascon_aead128_t() { this->reset(); } + /** + * @brief Absorbs associated data into the Ascon state. + * + * This function can be called multiple times to absorb associated data in chunks. It must be called + * before `encrypt_plaintext` or `decrypt_ciphertext`. + * + * @param data A span of bytes representing the associated data. + * @return An `ascon_aead128_status_t` indicating the status of the operation: + * - `absorbed_data`: Data was successfully absorbed. + * - `data_absorption_phase_already_finalized`: Data absorption phase has already been finalized. + */ [[nodiscard]] forceinline constexpr ascon_aead128_status_t absorb_data(std::span data) { @@ -65,6 +173,16 @@ struct ascon_aead128_t return ascon_aead128_status_t::absorbed_data; } + /** + * @brief Finalizes the absorption of associated data. + * + * This function must be called after all associated data has been absorbed and before calling + * `encrypt_plaintext` or `decrypt_ciphertext`. + * + * @return An `ascon_aead128_status_t` indicating the status of the operation: + * - `finalized_data_absorption_phase`: Data absorption phase was successfully finalized. + * - `data_absorption_phase_already_finalized`: Data absorption phase has already been finalized. + */ [[nodiscard]] forceinline constexpr ascon_aead128_status_t finalize_data() { @@ -78,6 +196,20 @@ struct ascon_aead128_t return ascon_aead128_status_t::finalized_data_absorption_phase; } + /** + * @brief Encrypts plaintext and produces ciphertext. + * + * This function can be called multiple times to encrypt plaintext in chunks. It must be called after + * `finalize_data` and before `finalize_encrypt`. + * + * @param plaintext A span of bytes representing the plaintext to be encrypted. + * @param ciphertext A span of bytes where the resulting ciphertext will be written. Must be the same + * length as the plaintext. + * @return An `ascon_aead128_status_t` indicating the status of the operation: + * - `encrypted_plaintext`: Plaintext was successfully encrypted. + * - `still_in_data_absorption_phase`: Data absorption phase has not yet been finalized. + * - `encryption_phase_already_finalized`: Encryption phase has already been finalized. + */ [[nodiscard]] forceinline constexpr ascon_aead128_status_t encrypt_plaintext(std::span plaintext, std::span ciphertext) { @@ -92,6 +224,18 @@ struct ascon_aead128_t return ascon_aead128_status_t::encrypted_plaintext; } + /** + * @brief Finalizes the encryption process and generates the authentication tag. + * + * This function must be called after all plaintext has been encrypted using `encrypt_plaintext`. + * + * @param tag A span of bytes where the resulting authentication tag will be written. Must be of length + * `TAG_BYTE_LEN`. + * @return An `ascon_aead128_status_t` indicating the status of the operation: + * - `finalized_encryption_phase`: Encryption phase was successfully finalized and the tag was generated. + * - `still_in_data_absorption_phase`: Data absorption phase has not yet been finalized. + * - `encryption_phase_already_finalized`: Encryption phase has already been finalized. + */ [[nodiscard]] forceinline constexpr ascon_aead128_status_t finalize_encrypt(std::span tag) { @@ -106,9 +250,26 @@ struct ascon_aead128_t finished_encrypting_plaintext = true; ascon_duplex_mode::finalize(state, key, tag); + this->key.fill(0); + this->state.reset(); + return ascon_aead128_status_t::finalized_encryption_phase; } + /** + * @brief Decrypts ciphertext and produces plaintext. + * + * This function can be called multiple times to decrypt ciphertext in chunks. It must be called after + * `finalize_data` and before `finalize_decrypt`. + * + * @param ciphertext A span of bytes representing the ciphertext to be decrypted. + * @param plaintext A span of bytes where the resulting plaintext will be written. Must be the same length + * as the ciphertext. + * @return An `ascon_aead128_status_t` indicating the status of the operation: + * - `decrypted_ciphertext`: Ciphertext was successfully decrypted. + * - `still_in_data_absorption_phase`: Data absorption phase has not yet been finalized. + * - `decryption_phase_already_finalized`: Decryption phase has already been finalized. + */ [[nodiscard]] forceinline constexpr ascon_aead128_status_t decrypt_ciphertext(std::span ciphertext, std::span plaintext) { @@ -123,6 +284,19 @@ struct ascon_aead128_t return ascon_aead128_status_t::decrypted_ciphertext; } + /** + * @brief Finalizes the decryption process and verifies the authentication tag. + * + * This function must be called after all ciphertext has been decrypted using `decrypt_ciphertext`. + * + * @param tag A span of bytes representing the authentication tag to be verified. Must be of length + * `TAG_BYTE_LEN`. + * @return An `ascon_aead128_status_t` indicating the status of the operation: + * - `decryption_success_as_tag_matches`: Decryption was successful and the tag matched. + * - `decryption_failure_due_to_tag_mismatch`: Decryption failed because the tag did not match. + * - `still_in_data_absorption_phase`: Data absorption phase has not yet been finalized. + * - `decryption_phase_already_finalized`: Decryption phase has already been finalized. + */ [[nodiscard]] forceinline constexpr ascon_aead128_status_t finalize_decrypt(std::span tag) { @@ -141,10 +315,19 @@ struct ascon_aead128_t ascon_duplex_mode::finalize(state, key, computed_tag); const uint32_t flag = ascon_common_utils::ct_eq_byte_array(tag, computed_tag); + this->key.fill(0); + this->state.reset(); + return flag == std::numeric_limits::max() ? ascon_aead128_status_t::decryption_success_as_tag_matches : ascon_aead128_status_t::decryption_failure_due_to_tag_mismatch; } +private: + /** + * @brief Resets the internal state of the `ascon_aead128_t` object, zeroing the key and flags. + * + * This function is called when object destructor is triggered. + */ forceinline constexpr void reset() { this->key.fill(0); From 517f584bd52e60b60f095f1e0ca85c1d9f22e54f Mon Sep 17 00:00:00 2001 From: Anjan Roy Date: Wed, 16 Apr 2025 22:34:04 +0400 Subject: [PATCH 16/27] Update compile-time encrypt/ decrypt check to use new API of Ascon-AEAD128 Signed-off-by: Anjan Roy --- tests/prop_test_ascon_aead128.cpp | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/tests/prop_test_ascon_aead128.cpp b/tests/prop_test_ascon_aead128.cpp index ded60de..467917d 100644 --- a/tests/prop_test_ascon_aead128.cpp +++ b/tests/prop_test_ascon_aead128.cpp @@ -24,10 +24,19 @@ eval_encrypt_decrypt() std::array deciphered_text; std::array tag; - ascon_aead128::encrypt(key, nonce, associated_data, plain_text, cipher_text, tag); - const bool is_decrypted = ascon_aead128::decrypt(key, nonce, associated_data, cipher_text, deciphered_text, tag); - - assert(is_decrypted); + ascon_aead128::ascon_aead128_t enc_handle(key, nonce); + assert(enc_handle.absorb_data(associated_data) == ascon_aead128::ascon_aead128_status_t::absorbed_data); + assert(enc_handle.finalize_data() == ascon_aead128::ascon_aead128_status_t::finalized_data_absorption_phase); + assert(enc_handle.encrypt_plaintext(plain_text, cipher_text) == ascon_aead128::ascon_aead128_status_t::encrypted_plaintext); + assert(enc_handle.finalize_encrypt(tag) == ascon_aead128::ascon_aead128_status_t::finalized_encryption_phase); + + ascon_aead128::ascon_aead128_t dec_handle(key, nonce); + assert(dec_handle.absorb_data(associated_data) == ascon_aead128::ascon_aead128_status_t::absorbed_data); + assert(dec_handle.finalize_data() == ascon_aead128::ascon_aead128_status_t::finalized_data_absorption_phase); + assert(dec_handle.decrypt_ciphertext(cipher_text, deciphered_text) == ascon_aead128::ascon_aead128_status_t::decrypted_ciphertext); + assert(dec_handle.finalize_decrypt(tag) == ascon_aead128::ascon_aead128_status_t::decryption_success_as_tag_matches); + + assert(plain_text == deciphered_text); return bytes_to_hex(tag); } From 4c5be3b32d9e82aa46884ba631618b4ef8c4776a Mon Sep 17 00:00:00 2001 From: Anjan Roy Date: Wed, 16 Apr 2025 23:09:19 +0400 Subject: [PATCH 17/27] Update prop. test for Ascon-AEAD128 to use new incremental encrypt/ decrypt API Signed-off-by: Anjan Roy --- tests/prop_test_ascon_aead128.cpp | 30 +++++++++++++++++++++--------- 1 file changed, 21 insertions(+), 9 deletions(-) diff --git a/tests/prop_test_ascon_aead128.cpp b/tests/prop_test_ascon_aead128.cpp index 467917d..aef8acf 100644 --- a/tests/prop_test_ascon_aead128.cpp +++ b/tests/prop_test_ascon_aead128.cpp @@ -73,10 +73,18 @@ TEST(AsconAEAD128, EncryptThenDecrypt) generate_random_data(associated_data); generate_random_data(plaintext); - ascon_aead128::encrypt(key, nonce, associated_data, plaintext, ciphertext, tag); - const auto is_decrypted = ascon_aead128::decrypt(key, nonce, associated_data, ciphertext, decipheredtext, tag); + ascon_aead128::ascon_aead128_t enc_handle(key, nonce); + EXPECT_EQ(enc_handle.absorb_data(associated_data), ascon_aead128::ascon_aead128_status_t::absorbed_data); + EXPECT_EQ(enc_handle.finalize_data(), ascon_aead128::ascon_aead128_status_t::finalized_data_absorption_phase); + EXPECT_EQ(enc_handle.encrypt_plaintext(plaintext, ciphertext), ascon_aead128::ascon_aead128_status_t::encrypted_plaintext); + EXPECT_EQ(enc_handle.finalize_encrypt(tag), ascon_aead128::ascon_aead128_status_t::finalized_encryption_phase); + + ascon_aead128::ascon_aead128_t dec_handle(key, nonce); + EXPECT_EQ(dec_handle.absorb_data(associated_data), ascon_aead128::ascon_aead128_status_t::absorbed_data); + EXPECT_EQ(dec_handle.finalize_data(), ascon_aead128::ascon_aead128_status_t::finalized_data_absorption_phase); + EXPECT_EQ(dec_handle.decrypt_ciphertext(ciphertext, decipheredtext), ascon_aead128::ascon_aead128_status_t::decrypted_ciphertext); + EXPECT_EQ(dec_handle.finalize_decrypt(tag), ascon_aead128::ascon_aead128_status_t::decryption_success_as_tag_matches); - EXPECT_TRUE(is_decrypted); EXPECT_EQ(plaintext, decipheredtext); } } @@ -101,7 +109,11 @@ test_decryption_failure_for_ascon_aead128(const size_t associated_data_len, cons generate_random_data(associated_data); generate_random_data(plaintext); - ascon_aead128::encrypt(key, nonce, associated_data, plaintext, ciphertext, tag); + ascon_aead128::ascon_aead128_t enc_handle(key, nonce); + EXPECT_EQ(enc_handle.absorb_data(associated_data), ascon_aead128::ascon_aead128_status_t::absorbed_data); + EXPECT_EQ(enc_handle.finalize_data(), ascon_aead128::ascon_aead128_status_t::finalized_data_absorption_phase); + EXPECT_EQ(enc_handle.encrypt_plaintext(plaintext, ciphertext), ascon_aead128::ascon_aead128_status_t::encrypted_plaintext); + EXPECT_EQ(enc_handle.finalize_encrypt(tag), ascon_aead128::ascon_aead128_status_t::finalized_encryption_phase); switch (mutation_kind) { case aead_mutation_kind_t::mutate_key: @@ -123,11 +135,11 @@ test_decryption_failure_for_ascon_aead128(const size_t associated_data_len, cons EXPECT_TRUE(false); } - const auto is_decrypted = ascon_aead128::decrypt(key, nonce, associated_data, ciphertext, decipheredtext, tag); - EXPECT_FALSE(is_decrypted); - - std::vector zeros(plaintext_len, 0); - EXPECT_EQ(decipheredtext, zeros); + ascon_aead128::ascon_aead128_t dec_handle(key, nonce); + EXPECT_EQ(dec_handle.absorb_data(associated_data), ascon_aead128::ascon_aead128_status_t::absorbed_data); + EXPECT_EQ(dec_handle.finalize_data(), ascon_aead128::ascon_aead128_status_t::finalized_data_absorption_phase); + EXPECT_EQ(dec_handle.decrypt_ciphertext(ciphertext, decipheredtext), ascon_aead128::ascon_aead128_status_t::decrypted_ciphertext); + EXPECT_EQ(dec_handle.finalize_decrypt(tag), ascon_aead128::ascon_aead128_status_t::decryption_failure_due_to_tag_mismatch); } TEST(AsconAEAD128, DecryptionFailureDueToBitFlippingInKey) From c72c695e2d60b55241f5e6c0c4fc2cbf2ec0bc5c Mon Sep 17 00:00:00 2001 From: Anjan Roy Date: Wed, 16 Apr 2025 23:11:03 +0400 Subject: [PATCH 18/27] Update Ascon-AEAD128 example to use new incremental encrypt/ decrypt API Signed-off-by: Anjan Roy --- examples/ascon_aead128.cpp | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/examples/ascon_aead128.cpp b/examples/ascon_aead128.cpp index a1c9e5e..175ffb5 100644 --- a/examples/ascon_aead128.cpp +++ b/examples/ascon_aead128.cpp @@ -23,10 +23,18 @@ main() generate_random_data(associated_data); generate_random_data(plain_text); - ascon_aead128::encrypt(key, nonce, associated_data, plain_text, cipher_text, tag); - const bool is_decrypted = ascon_aead128::decrypt(key, nonce, associated_data, cipher_text, deciphered_text, tag); + ascon_aead128::ascon_aead128_t enc_handle(key, nonce); + assert(enc_handle.absorb_data(associated_data) == ascon_aead128::ascon_aead128_status_t::absorbed_data); + assert(enc_handle.finalize_data() == ascon_aead128::ascon_aead128_status_t::finalized_data_absorption_phase); + assert(enc_handle.encrypt_plaintext(plain_text, cipher_text) == ascon_aead128::ascon_aead128_status_t::encrypted_plaintext); + assert(enc_handle.finalize_encrypt(tag) == ascon_aead128::ascon_aead128_status_t::finalized_encryption_phase); + + ascon_aead128::ascon_aead128_t dec_handle(key, nonce); + assert(dec_handle.absorb_data(associated_data) == ascon_aead128::ascon_aead128_status_t::absorbed_data); + assert(dec_handle.finalize_data() == ascon_aead128::ascon_aead128_status_t::finalized_data_absorption_phase); + assert(dec_handle.decrypt_ciphertext(cipher_text, deciphered_text) == ascon_aead128::ascon_aead128_status_t::decrypted_ciphertext); + assert(dec_handle.finalize_decrypt(tag) == ascon_aead128::ascon_aead128_status_t::decryption_success_as_tag_matches); - assert(is_decrypted); assert(std::ranges::equal(plain_text, deciphered_text)); std::cout << "Ascon-AEAD128\n\n"; From 05d1efeee8e4d42cbed692b2239d29a70d323b86 Mon Sep 17 00:00:00 2001 From: Anjan Roy Date: Wed, 16 Apr 2025 23:19:10 +0400 Subject: [PATCH 19/27] Update Ascon-AEAD128 benchmark function to use new AEAD API Signed-off-by: Anjan Roy --- benches/bench_ascon_aead128.cpp | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/benches/bench_ascon_aead128.cpp b/benches/bench_ascon_aead128.cpp index ef5af6d..1e58a3e 100644 --- a/benches/bench_ascon_aead128.cpp +++ b/benches/bench_ascon_aead128.cpp @@ -28,7 +28,11 @@ ascon_aead128_encrypt(benchmark::State& state) benchmark::DoNotOptimize(ciphertext); benchmark::DoNotOptimize(tag); - ascon_aead128::encrypt(key, nonce, associated_data, plaintext, ciphertext, tag); + ascon_aead128::ascon_aead128_t enc_handle(key, nonce); + assert(enc_handle.absorb_data(associated_data) == ascon_aead128::ascon_aead128_status_t::absorbed_data); + assert(enc_handle.finalize_data() == ascon_aead128::ascon_aead128_status_t::finalized_data_absorption_phase); + assert(enc_handle.encrypt_plaintext(plaintext, ciphertext) == ascon_aead128::ascon_aead128_status_t::encrypted_plaintext); + assert(enc_handle.finalize_encrypt(tag) == ascon_aead128::ascon_aead128_status_t::finalized_encryption_phase); benchmark::ClobberMemory(); } From e70dcb485727a693315cf6e7e758f2bc46607f9b Mon Sep 17 00:00:00 2001 From: Anjan Roy Date: Wed, 16 Apr 2025 23:28:53 +0400 Subject: [PATCH 20/27] Remove legacy oneshot API of Ascon-AEAD128 encrypt/ decrypt Signed-off-by: Anjan Roy --- include/ascon/aead/ascon_aead128.hpp | 81 +--------------------------- 1 file changed, 1 insertion(+), 80 deletions(-) diff --git a/include/ascon/aead/ascon_aead128.hpp b/include/ascon/aead/ascon_aead128.hpp index cf1b70d..8272270 100644 --- a/include/ascon/aead/ascon_aead128.hpp +++ b/include/ascon/aead/ascon_aead128.hpp @@ -293,7 +293,7 @@ struct ascon_aead128_t * `TAG_BYTE_LEN`. * @return An `ascon_aead128_status_t` indicating the status of the operation: * - `decryption_success_as_tag_matches`: Decryption was successful and the tag matched. - * - `decryption_failure_due_to_tag_mismatch`: Decryption failed because the tag did not match. + * - `decryption_failure_due_to_tag_mismatch`: Decryption failed because the tag did not match. Discard all of previously decrypted plaintext. * - `still_in_data_absorption_phase`: Data absorption phase has not yet been finalized. * - `decryption_phase_already_finalized`: Decryption phase has already been finalized. */ @@ -342,83 +342,4 @@ struct ascon_aead128_t } }; -/** - * @brief Encrypts plaintext using the Ascon-AEAD128 algorithm. - * - * @param key The 128-bit encryption key. - * @param nonce The 128-bit nonce (must be unique for each encryption with the same key). - * @param associated_data Arbitrary-length associated data to be authenticated (but not encrypted). - * @param plaintext The plaintext to be encrypted. - * @param ciphertext Output buffer for the ciphertext (must be the same length as plaintext). - * @param tag Output buffer for the 128-bit authentication tag. - * - * This function encrypts the plaintext, producing ciphertext of the same length. - * It also generates a 128-bit authentication tag that authenticates both the associated data and the ciphertext. - * The associated data is authenticated but not encrypted. - */ -forceinline constexpr void -encrypt(std::span key, - std::span nonce, - std::span associated_data, - std::span plaintext, - std::span ciphertext, - std::span tag) -{ - ascon_perm::ascon_perm_t state{}; - - ascon_duplex_mode::initialize(state, key, nonce); - - size_t block_offset = 0; - ascon_duplex_mode::absorb_associated_data(state, block_offset, associated_data); - ascon_duplex_mode::finalize_associated_data(state, block_offset, associated_data.size()); - - ascon_duplex_mode::encrypt_plaintext(state, block_offset, plaintext, ciphertext); - ascon_duplex_mode::finalize_ciphering(state, block_offset); - - ascon_duplex_mode::finalize(state, key, tag); -} - -/** - * @brief Decrypts ciphertext using the Ascon-AEAD128 algorithm and verifies its authenticity. - * - * @param key The 128-bit encryption key. - * @param nonce The 128-bit nonce used during encryption. - * @param associated_data Arbitrary-length associated data used during encryption. - * @param cipher The ciphertext to be decrypted. - * @param text Output buffer for the plaintext (must be the same length as cipher). Will be zeroed if authentication fails. - * @param tag The 128-bit authentication tag generated during encryption. - * @return True if the authentication tag is valid and decryption was successful; False otherwise. If false, the output text will be zeroed. - * - * This function decrypts the ciphertext, producing plaintext of the same length. It also verifies the authenticity of both the ciphertext and associated data - * using the provided authentication tag. If authentication fails, the function returns false and the plaintext buffer is zeroed. - */ -[[nodiscard]] -forceinline constexpr bool -decrypt(std::span key, - std::span nonce, - std::span associated_data, - std::span ciphertext, - std::span plaintext, - std::span tag) -{ - ascon_perm::ascon_perm_t state{}; - std::array computed_tag{}; - - ascon_duplex_mode::initialize(state, key, nonce); - - size_t block_offset = 0; - ascon_duplex_mode::absorb_associated_data(state, block_offset, associated_data); - ascon_duplex_mode::finalize_associated_data(state, block_offset, associated_data.size()); - - ascon_duplex_mode::decrypt_ciphertext(state, block_offset, ciphertext, plaintext); - ascon_duplex_mode::finalize_ciphering(state, block_offset); - - ascon_duplex_mode::finalize(state, key, computed_tag); - - const uint32_t flg = ascon_common_utils::ct_eq_byte_array(tag, computed_tag); - ascon_common_utils::ct_conditional_memset(~flg, plaintext, 0); - - return static_cast(flg); -} - } From ce46f70e59c5df1f69d444f500e79a3f40ef5396 Mon Sep 17 00:00:00 2001 From: Anjan Roy Date: Wed, 16 Apr 2025 23:30:00 +0400 Subject: [PATCH 21/27] Do not upload build log to github actions ci artifactory Signed-off-by: Anjan Roy --- .github/workflows/test_ci.yml | 31 ++++--------------------------- 1 file changed, 4 insertions(+), 27 deletions(-) diff --git a/.github/workflows/test_ci.yml b/.github/workflows/test_ci.yml index 81d3255..f509b5e 100644 --- a/.github/workflows/test_ci.yml +++ b/.github/workflows/test_ci.yml @@ -1,5 +1,5 @@ # Taken from https://github.com/itzmeanjan/ml-kem/blob/61cf680b1c0e2590bd7b650c07cd477e90cab46d/.github/workflows/test_ci.yml -name: Test Ascon LwC Cipher Suite i.e. NIST SP 800-232 +name: Test Ascon LwC Cipher Suite (NIST SP 800-232) on: push: @@ -26,39 +26,16 @@ jobs: with: tag: v1.15.2 - - name: Build and Test (${{ matrix.compiler }}, ${{ matrix.build_type }}, ${{ matrix.test_type }}) run: | CXX=${{ matrix.compiler }} if [[ ${{ matrix.test_type }} == "standard" ]]; then - make test -j 2>&1 | tee build.log + make test -j else - make ${{ matrix.build_type }}_${{ matrix.test_type }}_test -j 2>&1 | tee build.log - fi - if [ $? -ne 0 ]; then - echo "Build or Test Failed! See build.log for details." - exit 1 + make ${{ matrix.build_type }}_${{ matrix.test_type }}_test -j fi - - name: Upload Build Log - uses: actions/upload-artifact@v3 - with: - name: build-log-${{ matrix.compiler }}-${{ matrix.build_type }}-${{ matrix.test_type }} - path: build.log - - - name: Run Examples if: ${{ matrix.test_type == 'standard' && matrix.build_type == 'release' }} run: | - CXX=${{ matrix.compiler }} make example -j 2>&1 | tee example.log - if [ $? -ne 0 ]; then - echo "Example execution Failed! See example.log for details." - exit 1 - fi - - - name: Upload Example Log (if failed) - if: ${{ steps.Run_Examples.outcome != 'success' && matrix.test_type == 'standard' && matrix.build_type == 'release' }} - uses: actions/upload-artifact@v3 - with: - name: example-log-${{ matrix.compiler }} - path: example.log + CXX=${{ matrix.compiler }} make example -j From ece71f312add3079166f8f964793860d7c97c349 Mon Sep 17 00:00:00 2001 From: Anjan Roy Date: Sat, 19 Apr 2025 14:48:32 +0400 Subject: [PATCH 22/27] Add state transition correctness tests for Ascon-AEAD128 object Signed-off-by: Anjan Roy --- tests/prop_test_ascon_aead128.cpp | 278 +++++++++++++++++++++++++++++- 1 file changed, 277 insertions(+), 1 deletion(-) diff --git a/tests/prop_test_ascon_aead128.cpp b/tests/prop_test_ascon_aead128.cpp index aef8acf..03f10dd 100644 --- a/tests/prop_test_ascon_aead128.cpp +++ b/tests/prop_test_ascon_aead128.cpp @@ -102,7 +102,7 @@ test_decryption_failure_for_ascon_aead128(const size_t associated_data_len, cons std::vector associated_data(associated_data_len, 0); std::vector plaintext(plaintext_len, 0); std::vector ciphertext(plaintext_len, 0); - std::vector decipheredtext(plaintext_len, 0xff); + std::vector decipheredtext(plaintext_len, 0); generate_random_data(key); generate_random_data(nonce); @@ -186,3 +186,279 @@ TEST(AsconAEAD128, DecryptionFailureDueToBitFlippingInCipherText) } } } + +static ascon_aead128::ascon_aead128_t +get_new_aead_instance() +{ + std::array key{}; + std::array nonce{}; + + generate_random_data(key); + generate_random_data(nonce); + + ascon_aead128::ascon_aead128_t aead(key, nonce); + return aead; +} + +TEST(AsconAEAD128, ValidEncryptionSequence) +{ + auto aead = get_new_aead_instance(); + + std::array ad{}; + std::array pt{}; + std::array ct{}; + std::array tag{}; + + EXPECT_EQ(aead.absorb_data(ad), ascon_aead128::ascon_aead128_status_t::absorbed_data); + EXPECT_EQ(aead.finalize_data(), ascon_aead128::ascon_aead128_status_t::finalized_data_absorption_phase); + EXPECT_EQ(aead.encrypt_plaintext(pt, ct), ascon_aead128::ascon_aead128_status_t::encrypted_plaintext); + EXPECT_EQ(aead.finalize_encrypt(tag), ascon_aead128::ascon_aead128_status_t::finalized_encryption_phase); +} + +TEST(AsconAEAD128, ValidDecryptionSequence) +{ + auto aead = get_new_aead_instance(); + + std::array ad{}; + std::array ct{}; + std::array pt{}; + std::array tag{}; + + EXPECT_EQ(aead.absorb_data(ad), ascon_aead128::ascon_aead128_status_t::absorbed_data); + EXPECT_EQ(aead.finalize_data(), ascon_aead128::ascon_aead128_status_t::finalized_data_absorption_phase); + EXPECT_EQ(aead.decrypt_ciphertext(ct, pt), ascon_aead128::ascon_aead128_status_t::decrypted_ciphertext); + EXPECT_EQ(aead.finalize_decrypt(tag), ascon_aead128::ascon_aead128_status_t::decryption_failure_due_to_tag_mismatch); +} + +TEST(AsconAEAD128, MultipleAbsorbDataCalls) +{ + auto aead = get_new_aead_instance(); + + std::array ad1{}; + std::array ad2{}; + std::array pt{}; + std::array ct{}; + std::array tag{}; + + EXPECT_EQ(aead.absorb_data(ad1), ascon_aead128::ascon_aead128_status_t::absorbed_data); + EXPECT_EQ(aead.absorb_data(ad2), ascon_aead128::ascon_aead128_status_t::absorbed_data); + EXPECT_EQ(aead.finalize_data(), ascon_aead128::ascon_aead128_status_t::finalized_data_absorption_phase); + EXPECT_EQ(aead.encrypt_plaintext(pt, ct), ascon_aead128::ascon_aead128_status_t::encrypted_plaintext); + EXPECT_EQ(aead.finalize_encrypt(tag), ascon_aead128::ascon_aead128_status_t::finalized_encryption_phase); +} + +TEST(AsconAEAD128, MultipleEncryptPlaintextCalls) +{ + auto aead = get_new_aead_instance(); + + std::array ad{}; + std::array pt1{}; + std::array pt2{}; + std::array ct1{}; + std::array ct2{}; + std::array tag{}; + + EXPECT_EQ(aead.absorb_data(ad), ascon_aead128::ascon_aead128_status_t::absorbed_data); + EXPECT_EQ(aead.finalize_data(), ascon_aead128::ascon_aead128_status_t::finalized_data_absorption_phase); + EXPECT_EQ(aead.encrypt_plaintext(pt1, ct1), ascon_aead128::ascon_aead128_status_t::encrypted_plaintext); + EXPECT_EQ(aead.encrypt_plaintext(pt2, ct2), ascon_aead128::ascon_aead128_status_t::encrypted_plaintext); + EXPECT_EQ(aead.finalize_encrypt(tag), ascon_aead128::ascon_aead128_status_t::finalized_encryption_phase); +} + +TEST(AsconAEAD128, MultipleDecryptCiphertextCalls) +{ + auto aead = get_new_aead_instance(); + + std::array ad{}; + std::array ct1{}; + std::array ct2{}; + std::array pt1{}; + std::array pt2{}; + std::array tag{}; + + EXPECT_EQ(aead.absorb_data(ad), ascon_aead128::ascon_aead128_status_t::absorbed_data); + EXPECT_EQ(aead.finalize_data(), ascon_aead128::ascon_aead128_status_t::finalized_data_absorption_phase); + EXPECT_EQ(aead.decrypt_ciphertext(ct1, pt1), ascon_aead128::ascon_aead128_status_t::decrypted_ciphertext); + EXPECT_EQ(aead.decrypt_ciphertext(ct2, pt2), ascon_aead128::ascon_aead128_status_t::decrypted_ciphertext); + EXPECT_EQ(aead.finalize_decrypt(tag), ascon_aead128::ascon_aead128_status_t::decryption_failure_due_to_tag_mismatch); +} + +TEST(AsconAEAD128, AbsorbDataAfterFinalizeData) +{ + auto aead = get_new_aead_instance(); + + std::array ad1{}; + std::array ad2{}; + + EXPECT_EQ(aead.absorb_data(ad1), ascon_aead128::ascon_aead128_status_t::absorbed_data); + EXPECT_EQ(aead.finalize_data(), ascon_aead128::ascon_aead128_status_t::finalized_data_absorption_phase); + EXPECT_EQ(aead.absorb_data(ad2), ascon_aead128::ascon_aead128_status_t::data_absorption_phase_already_finalized); +} + +TEST(AsconAEAD128, FinalizeDataCalledTwice) +{ + auto aead = get_new_aead_instance(); + + std::array ad{}; + + EXPECT_EQ(aead.absorb_data(ad), ascon_aead128::ascon_aead128_status_t::absorbed_data); + EXPECT_EQ(aead.finalize_data(), ascon_aead128::ascon_aead128_status_t::finalized_data_absorption_phase); + EXPECT_EQ(aead.finalize_data(), ascon_aead128::ascon_aead128_status_t::data_absorption_phase_already_finalized); +} + +TEST(AsconAEAD128, EncryptPlaintextBeforeFinalizeData) +{ + auto aead = get_new_aead_instance(); + + std::array ad{}; + std::array pt{}; + std::array ct{}; + + EXPECT_EQ(aead.absorb_data(ad), ascon_aead128::ascon_aead128_status_t::absorbed_data); + EXPECT_EQ(aead.encrypt_plaintext(pt, ct), ascon_aead128::ascon_aead128_status_t::still_in_data_absorption_phase); +} + +TEST(AsconAEAD128, DecryptCiphertextBeforeFinalizeData) +{ + auto aead = get_new_aead_instance(); + + std::array ad{}; + std::array ct{}; + std::array pt{}; + + EXPECT_EQ(aead.absorb_data(ad), ascon_aead128::ascon_aead128_status_t::absorbed_data); + EXPECT_EQ(aead.decrypt_ciphertext(ct, pt), ascon_aead128::ascon_aead128_status_t::still_in_data_absorption_phase); +} + +TEST(AsconAEAD128, FinalizeEncryptBeforeFinalizeData) +{ + auto aead = get_new_aead_instance(); + + std::array ad{}; + std::array pt{}; + std::array ct{}; + std::array tag{}; + + EXPECT_EQ(aead.absorb_data(ad), ascon_aead128::ascon_aead128_status_t::absorbed_data); + EXPECT_EQ(aead.encrypt_plaintext(pt, ct), ascon_aead128::ascon_aead128_status_t::still_in_data_absorption_phase); + EXPECT_EQ(aead.finalize_encrypt(tag), ascon_aead128::ascon_aead128_status_t::still_in_data_absorption_phase); +} + +TEST(AsconAEAD128, FinalizeDecryptBeforeFinalizeData) +{ + auto aead = get_new_aead_instance(); + + std::array ad{}; + std::array ct{}; + std::array pt{}; + std::array tag{}; + + EXPECT_EQ(aead.absorb_data(ad), ascon_aead128::ascon_aead128_status_t::absorbed_data); + EXPECT_EQ(aead.decrypt_ciphertext(ct, pt), ascon_aead128::ascon_aead128_status_t::still_in_data_absorption_phase); + EXPECT_EQ(aead.finalize_decrypt(tag), ascon_aead128::ascon_aead128_status_t::still_in_data_absorption_phase); +} + +TEST(AsconAEAD128, EncryptPlaintextAfterFinalizeEncrypt) +{ + auto aead = get_new_aead_instance(); + + std::array ad{}; + std::array pt1{}; + std::array pt2{}; + std::array ct1{}; + std::array ct2{}; + std::array tag{}; + + EXPECT_EQ(aead.absorb_data(ad), ascon_aead128::ascon_aead128_status_t::absorbed_data); + EXPECT_EQ(aead.finalize_data(), ascon_aead128::ascon_aead128_status_t::finalized_data_absorption_phase); + EXPECT_EQ(aead.encrypt_plaintext(pt1, ct1), ascon_aead128::ascon_aead128_status_t::encrypted_plaintext); + EXPECT_EQ(aead.finalize_encrypt(tag), ascon_aead128::ascon_aead128_status_t::finalized_encryption_phase); + EXPECT_EQ(aead.encrypt_plaintext(pt2, ct2), ascon_aead128::ascon_aead128_status_t::encryption_phase_already_finalized); +} + +TEST(AsconAEAD128, DecryptCiphertextAfterFinalizeDecrypt) +{ + auto aead = get_new_aead_instance(); + + std::array ad{}; + std::array ct1{}; + std::array ct2{}; + std::array pt1{}; + std::array pt2{}; + std::array tag{}; + + EXPECT_EQ(aead.absorb_data(ad), ascon_aead128::ascon_aead128_status_t::absorbed_data); + EXPECT_EQ(aead.finalize_data(), ascon_aead128::ascon_aead128_status_t::finalized_data_absorption_phase); + EXPECT_EQ(aead.decrypt_ciphertext(ct1, pt1), ascon_aead128::ascon_aead128_status_t::decrypted_ciphertext); + EXPECT_EQ(aead.finalize_decrypt(tag), ascon_aead128::ascon_aead128_status_t::decryption_failure_due_to_tag_mismatch); + EXPECT_EQ(aead.decrypt_ciphertext(ct2, pt2), ascon_aead128::ascon_aead128_status_t::decryption_phase_already_finalized); +} + +TEST(AsconAEAD128, FinalizeEncryptCalledTwice) +{ + auto aead = get_new_aead_instance(); + + std::array ad{}; + std::array pt{}; + std::array ct{}; + std::array tag1{}; + std::array tag2{}; + + EXPECT_EQ(aead.absorb_data(ad), ascon_aead128::ascon_aead128_status_t::absorbed_data); + EXPECT_EQ(aead.finalize_data(), ascon_aead128::ascon_aead128_status_t::finalized_data_absorption_phase); + EXPECT_EQ(aead.encrypt_plaintext(pt, ct), ascon_aead128::ascon_aead128_status_t::encrypted_plaintext); + EXPECT_EQ(aead.finalize_encrypt(tag1), ascon_aead128::ascon_aead128_status_t::finalized_encryption_phase); + EXPECT_EQ(aead.finalize_encrypt(tag2), ascon_aead128::ascon_aead128_status_t::encryption_phase_already_finalized); +} + +TEST(AsconAEAD128, FinalizeDecryptCalledTwice) +{ + auto aead = get_new_aead_instance(); + + std::array ad{}; + std::array ct{}; + std::array pt{}; + std::array tag1{}; + std::array tag2{}; + + EXPECT_EQ(aead.absorb_data(ad), ascon_aead128::ascon_aead128_status_t::absorbed_data); + EXPECT_EQ(aead.finalize_data(), ascon_aead128::ascon_aead128_status_t::finalized_data_absorption_phase); + EXPECT_EQ(aead.decrypt_ciphertext(ct, pt), ascon_aead128::ascon_aead128_status_t::decrypted_ciphertext); + EXPECT_EQ(aead.finalize_decrypt(tag1), ascon_aead128::ascon_aead128_status_t::decryption_failure_due_to_tag_mismatch); + EXPECT_EQ(aead.finalize_decrypt(tag2), ascon_aead128::ascon_aead128_status_t::decryption_phase_already_finalized); +} + +TEST(AsconAEAD128, AbsorbDataAfterEncrypt) +{ + auto aead = get_new_aead_instance(); + + std::array ad{}; + std::array pt{}; + std::array ct{}; + + EXPECT_EQ(aead.absorb_data(ad), ascon_aead128::ascon_aead128_status_t::absorbed_data); + EXPECT_EQ(aead.finalize_data(), ascon_aead128::ascon_aead128_status_t::finalized_data_absorption_phase); + EXPECT_EQ(aead.encrypt_plaintext(pt, ct), ascon_aead128::ascon_aead128_status_t::encrypted_plaintext); + EXPECT_EQ(aead.absorb_data(ad), ascon_aead128::ascon_aead128_status_t::data_absorption_phase_already_finalized); +} + +TEST(AsconAEAD128, AbsorbDataAfterDecrypt) +{ + auto aead = get_new_aead_instance(); + + std::array ad{}; + std::array ct{}; + std::array pt{}; + + EXPECT_EQ(aead.absorb_data(ad), ascon_aead128::ascon_aead128_status_t::absorbed_data); + EXPECT_EQ(aead.finalize_data(), ascon_aead128::ascon_aead128_status_t::finalized_data_absorption_phase); + EXPECT_EQ(aead.decrypt_ciphertext(ct, pt), ascon_aead128::ascon_aead128_status_t::decrypted_ciphertext); + EXPECT_EQ(aead.absorb_data(ad), ascon_aead128::ascon_aead128_status_t::data_absorption_phase_already_finalized); +} + +TEST(AsconAEAD128, FinalizeDataWithoutAbsorb) +{ + auto aead = get_new_aead_instance(); + + EXPECT_EQ(aead.finalize_data(), ascon_aead128::ascon_aead128_status_t::finalized_data_absorption_phase); +} From 55cc4e0b955fc2e505c4d13c1c03b1d9cadf3d05 Mon Sep 17 00:00:00 2001 From: Anjan Roy Date: Sat, 19 Apr 2025 15:09:30 +0400 Subject: [PATCH 23/27] Add test ensuring that both oneshot and incremental encryption works as expected for Ascon-AEAD128 Signed-off-by: Anjan Roy --- tests/prop_test_ascon_aead128.cpp | 75 +++++++++++++++++++++++++++++++ 1 file changed, 75 insertions(+) diff --git a/tests/prop_test_ascon_aead128.cpp b/tests/prop_test_ascon_aead128.cpp index 03f10dd..65119a8 100644 --- a/tests/prop_test_ascon_aead128.cpp +++ b/tests/prop_test_ascon_aead128.cpp @@ -1,5 +1,6 @@ #include "ascon/aead/ascon_aead128.hpp" #include "test_helper.hpp" +#include #include #include #include @@ -56,6 +57,80 @@ TEST(AsconAEAD128, CompileTimeEncryptAndThenDecrypt) static_assert(expected_tag == computed_tag, "Must be able to encrypt and then decrypt using Ascon-AEAD128 during program compilation time itself !"); } +TEST(AsconAEAD128, ForSamePlaintextOneshotEncryptionAndIncrementalEncryptionProducesSameTag) +{ + for (size_t associated_data_len = MIN_AD_LEN; associated_data_len <= MAX_AD_LEN; associated_data_len++) { + for (size_t plaintext_len = MIN_PT_LEN; plaintext_len <= MAX_PT_LEN; plaintext_len++) { + std::array key{}; + std::array nonce{}; + std::array tag_oneshot{}; + std::array tag_multishot{}; + std::vector associated_data(associated_data_len); + std::vector plaintext(plaintext_len); + std::vector ciphertext(plaintext_len); + std::vector decipheredtext(plaintext_len); + + generate_random_data(key); + generate_random_data(nonce); + generate_random_data(associated_data); + generate_random_data(plaintext); + + tag_oneshot.fill(0x3f); + tag_multishot.fill(0x5f); + + auto associated_data_span = std::span(associated_data); + auto plaintext_span = std::span(plaintext); + auto ciphertext_span = std::span(ciphertext); + + // Oneshot encryption + { + ascon_aead128::ascon_aead128_t aead(key, nonce); + + EXPECT_EQ(aead.absorb_data(associated_data), ascon_aead128::ascon_aead128_status_t::absorbed_data); + EXPECT_EQ(aead.finalize_data(), ascon_aead128::ascon_aead128_status_t::finalized_data_absorption_phase); + EXPECT_EQ(aead.encrypt_plaintext(plaintext, ciphertext), ascon_aead128::ascon_aead128_status_t::encrypted_plaintext); + EXPECT_EQ(aead.finalize_encrypt(tag_oneshot), ascon_aead128::ascon_aead128_status_t::finalized_encryption_phase); + } + + std::ranges::fill(ciphertext, 0x00); + + // Incremental encryption + { + ascon_aead128::ascon_aead128_t aead(key, nonce); + + size_t ad_offset = 0; + while (ad_offset < associated_data.size()) { + // Because we don't want to be stuck in an infinite loop if associated_data[ad_offset] = 0 + const auto elen = std::min(std::max(associated_data[ad_offset], 1), associated_data.size() - ad_offset); + + auto ad = associated_data_span.subspan(ad_offset, elen); + + EXPECT_EQ(aead.absorb_data(ad), ascon_aead128::ascon_aead128_status_t::absorbed_data); + ad_offset += elen; + } + + EXPECT_EQ(aead.finalize_data(), ascon_aead128::ascon_aead128_status_t::finalized_data_absorption_phase); + + size_t pt_offset = 0; + while (pt_offset < plaintext.size()) { + // Because we don't want to be stuck in an infinite loop if plaintext[pt_offset] = 0 + const auto elen = std::min(std::max(plaintext[pt_offset], 1), plaintext.size() - pt_offset); + + auto pt = plaintext_span.subspan(pt_offset, elen); + auto ct = ciphertext_span.subspan(pt_offset, elen); + + EXPECT_EQ(aead.encrypt_plaintext(pt, ct), ascon_aead128::ascon_aead128_status_t::encrypted_plaintext); + pt_offset += elen; + } + + EXPECT_EQ(aead.finalize_encrypt(tag_multishot), ascon_aead128::ascon_aead128_status_t::finalized_encryption_phase); + } + + EXPECT_EQ(tag_oneshot, tag_multishot); + } + } +} + TEST(AsconAEAD128, EncryptThenDecrypt) { for (size_t associated_data_len = MIN_AD_LEN; associated_data_len <= MAX_AD_LEN; associated_data_len++) { From 0507e2405510b432b541cd1877572c54f2b3ecc8 Mon Sep 17 00:00:00 2001 From: Anjan Roy Date: Sat, 19 Apr 2025 16:12:19 +0400 Subject: [PATCH 24/27] Zero out portions of message block to ensure that correct plaintext bytes get xor-ed into the state Signed-off-by: Anjan Roy --- include/ascon/aead/duplex.hpp | 1 + 1 file changed, 1 insertion(+) diff --git a/include/ascon/aead/duplex.hpp b/include/ascon/aead/duplex.hpp index 72bb91e..b0f1ebe 100644 --- a/include/ascon/aead/duplex.hpp +++ b/include/ascon/aead/duplex.hpp @@ -192,6 +192,7 @@ decrypt_ciphertext(ascon_perm::ascon_perm_t& state, size_t& block_offset, std::s ascon_common_utils::to_le_bytes(state[1] ^ ascon_common_utils::from_le_bytes(block_span.last<8>()), block_span.last<8>()); std::copy_n(block_span.subspan(block_offset).begin(), to_be_absorbed_num_bytes, plaintext.subspan(ct_offset).begin()); + std::fill_n(block_span.begin(), block_offset, 0); std::fill_n(block_span.subspan(block_offset + to_be_absorbed_num_bytes).begin(), block_span.size() - (block_offset + to_be_absorbed_num_bytes), 0); state[0] ^= ascon_common_utils::from_le_bytes(block_span.first<8>()); From 300f48064119793675ecde00ff795402e58c3ecc Mon Sep 17 00:00:00 2001 From: Anjan Roy Date: Sat, 19 Apr 2025 16:13:48 +0400 Subject: [PATCH 25/27] Add test ensuring that both oneshot and incremental decryption works as expected for Ascon-AEAD128 Signed-off-by: Anjan Roy --- tests/prop_test_ascon_aead128.cpp | 229 ++++++++++++++++++++---------- 1 file changed, 155 insertions(+), 74 deletions(-) diff --git a/tests/prop_test_ascon_aead128.cpp b/tests/prop_test_ascon_aead128.cpp index 65119a8..30ede4d 100644 --- a/tests/prop_test_ascon_aead128.cpp +++ b/tests/prop_test_ascon_aead128.cpp @@ -57,80 +57,6 @@ TEST(AsconAEAD128, CompileTimeEncryptAndThenDecrypt) static_assert(expected_tag == computed_tag, "Must be able to encrypt and then decrypt using Ascon-AEAD128 during program compilation time itself !"); } -TEST(AsconAEAD128, ForSamePlaintextOneshotEncryptionAndIncrementalEncryptionProducesSameTag) -{ - for (size_t associated_data_len = MIN_AD_LEN; associated_data_len <= MAX_AD_LEN; associated_data_len++) { - for (size_t plaintext_len = MIN_PT_LEN; plaintext_len <= MAX_PT_LEN; plaintext_len++) { - std::array key{}; - std::array nonce{}; - std::array tag_oneshot{}; - std::array tag_multishot{}; - std::vector associated_data(associated_data_len); - std::vector plaintext(plaintext_len); - std::vector ciphertext(plaintext_len); - std::vector decipheredtext(plaintext_len); - - generate_random_data(key); - generate_random_data(nonce); - generate_random_data(associated_data); - generate_random_data(plaintext); - - tag_oneshot.fill(0x3f); - tag_multishot.fill(0x5f); - - auto associated_data_span = std::span(associated_data); - auto plaintext_span = std::span(plaintext); - auto ciphertext_span = std::span(ciphertext); - - // Oneshot encryption - { - ascon_aead128::ascon_aead128_t aead(key, nonce); - - EXPECT_EQ(aead.absorb_data(associated_data), ascon_aead128::ascon_aead128_status_t::absorbed_data); - EXPECT_EQ(aead.finalize_data(), ascon_aead128::ascon_aead128_status_t::finalized_data_absorption_phase); - EXPECT_EQ(aead.encrypt_plaintext(plaintext, ciphertext), ascon_aead128::ascon_aead128_status_t::encrypted_plaintext); - EXPECT_EQ(aead.finalize_encrypt(tag_oneshot), ascon_aead128::ascon_aead128_status_t::finalized_encryption_phase); - } - - std::ranges::fill(ciphertext, 0x00); - - // Incremental encryption - { - ascon_aead128::ascon_aead128_t aead(key, nonce); - - size_t ad_offset = 0; - while (ad_offset < associated_data.size()) { - // Because we don't want to be stuck in an infinite loop if associated_data[ad_offset] = 0 - const auto elen = std::min(std::max(associated_data[ad_offset], 1), associated_data.size() - ad_offset); - - auto ad = associated_data_span.subspan(ad_offset, elen); - - EXPECT_EQ(aead.absorb_data(ad), ascon_aead128::ascon_aead128_status_t::absorbed_data); - ad_offset += elen; - } - - EXPECT_EQ(aead.finalize_data(), ascon_aead128::ascon_aead128_status_t::finalized_data_absorption_phase); - - size_t pt_offset = 0; - while (pt_offset < plaintext.size()) { - // Because we don't want to be stuck in an infinite loop if plaintext[pt_offset] = 0 - const auto elen = std::min(std::max(plaintext[pt_offset], 1), plaintext.size() - pt_offset); - - auto pt = plaintext_span.subspan(pt_offset, elen); - auto ct = ciphertext_span.subspan(pt_offset, elen); - - EXPECT_EQ(aead.encrypt_plaintext(pt, ct), ascon_aead128::ascon_aead128_status_t::encrypted_plaintext); - pt_offset += elen; - } - - EXPECT_EQ(aead.finalize_encrypt(tag_multishot), ascon_aead128::ascon_aead128_status_t::finalized_encryption_phase); - } - - EXPECT_EQ(tag_oneshot, tag_multishot); - } - } -} - TEST(AsconAEAD128, EncryptThenDecrypt) { for (size_t associated_data_len = MIN_AD_LEN; associated_data_len <= MAX_AD_LEN; associated_data_len++) { @@ -262,6 +188,161 @@ TEST(AsconAEAD128, DecryptionFailureDueToBitFlippingInCipherText) } } +TEST(AsconAEAD128, ForSamePlaintextOneshotEncryptionAndIncrementalEncryptionProducesSameTag) +{ + for (size_t associated_data_len = MIN_AD_LEN; associated_data_len <= MAX_AD_LEN; associated_data_len++) { + for (size_t plaintext_len = MIN_PT_LEN; plaintext_len <= MAX_PT_LEN; plaintext_len++) { + std::array key{}; + std::array nonce{}; + std::array tag_oneshot{}; + std::array tag_multishot{}; + std::vector associated_data(associated_data_len); + std::vector plaintext(plaintext_len); + std::vector ciphertext(plaintext_len); + std::vector decipheredtext(plaintext_len); + + generate_random_data(key); + generate_random_data(nonce); + generate_random_data(associated_data); + generate_random_data(plaintext); + + tag_oneshot.fill(0x3f); + tag_multishot.fill(0x5f); + + auto associated_data_span = std::span(associated_data); + auto plaintext_span = std::span(plaintext); + auto ciphertext_span = std::span(ciphertext); + + // Oneshot encryption + { + ascon_aead128::ascon_aead128_t aead(key, nonce); + + EXPECT_EQ(aead.absorb_data(associated_data), ascon_aead128::ascon_aead128_status_t::absorbed_data); + EXPECT_EQ(aead.finalize_data(), ascon_aead128::ascon_aead128_status_t::finalized_data_absorption_phase); + EXPECT_EQ(aead.encrypt_plaintext(plaintext, ciphertext), ascon_aead128::ascon_aead128_status_t::encrypted_plaintext); + EXPECT_EQ(aead.finalize_encrypt(tag_oneshot), ascon_aead128::ascon_aead128_status_t::finalized_encryption_phase); + } + + std::ranges::fill(ciphertext, 0x00); + + // Incremental encryption + { + ascon_aead128::ascon_aead128_t aead(key, nonce); + + size_t ad_offset = 0; + while (ad_offset < associated_data.size()) { + // Because we don't want to be stuck in an infinite loop if associated_data[ad_offset] = 0 + const auto elen = std::min(std::max(associated_data[ad_offset], 1), associated_data.size() - ad_offset); + + auto ad = associated_data_span.subspan(ad_offset, elen); + + EXPECT_EQ(aead.absorb_data(ad), ascon_aead128::ascon_aead128_status_t::absorbed_data); + ad_offset += elen; + } + + EXPECT_EQ(aead.finalize_data(), ascon_aead128::ascon_aead128_status_t::finalized_data_absorption_phase); + + size_t pt_offset = 0; + while (pt_offset < plaintext.size()) { + // Because we don't want to be stuck in an infinite loop if plaintext[pt_offset] = 0 + const auto elen = std::min(std::max(plaintext[pt_offset], 1), plaintext.size() - pt_offset); + + auto pt = plaintext_span.subspan(pt_offset, elen); + auto ct = ciphertext_span.subspan(pt_offset, elen); + + EXPECT_EQ(aead.encrypt_plaintext(pt, ct), ascon_aead128::ascon_aead128_status_t::encrypted_plaintext); + pt_offset += elen; + } + + EXPECT_EQ(aead.finalize_encrypt(tag_multishot), ascon_aead128::ascon_aead128_status_t::finalized_encryption_phase); + } + + EXPECT_EQ(tag_oneshot, tag_multishot); + } + } +} + +TEST(AsconAEAD128, ForSameCiphertextOneshotDecryptionAndIncrementalDecryptionProducesSamePlaintext) +{ + for (size_t associated_data_len = MIN_AD_LEN; associated_data_len <= MAX_AD_LEN; associated_data_len++) { + for (size_t plaintext_len = MIN_PT_LEN; plaintext_len <= MAX_PT_LEN; plaintext_len++) { + std::array key{}; + std::array nonce{}; + std::array tag{}; + std::vector associated_data(associated_data_len); + std::vector plaintext(plaintext_len); + std::vector ciphertext(plaintext_len); + std::vector decipheredtext_oneshot(plaintext_len); + std::vector decipheredtext_multishot(plaintext_len); + + generate_random_data(key); + generate_random_data(nonce); + generate_random_data(associated_data); + generate_random_data(plaintext); + + std::ranges::fill(decipheredtext_oneshot, 0x3f); + std::ranges::fill(decipheredtext_multishot, 0x5f); + + auto associated_data_span = std::span(associated_data); + auto ciphertext_span = std::span(ciphertext); + auto decipheredtext_oneshot_span = std::span(decipheredtext_oneshot); + auto decipheredtext_multishot_span = std::span(decipheredtext_multishot); + + ascon_aead128::ascon_aead128_t enc_obj(key, nonce); + + EXPECT_EQ(enc_obj.absorb_data(associated_data), ascon_aead128::ascon_aead128_status_t::absorbed_data); + EXPECT_EQ(enc_obj.finalize_data(), ascon_aead128::ascon_aead128_status_t::finalized_data_absorption_phase); + EXPECT_EQ(enc_obj.encrypt_plaintext(plaintext, ciphertext), ascon_aead128::ascon_aead128_status_t::encrypted_plaintext); + EXPECT_EQ(enc_obj.finalize_encrypt(tag), ascon_aead128::ascon_aead128_status_t::finalized_encryption_phase); + + // Oneshot decryption + { + ascon_aead128::ascon_aead128_t aead(key, nonce); + + EXPECT_EQ(aead.absorb_data(associated_data), ascon_aead128::ascon_aead128_status_t::absorbed_data); + EXPECT_EQ(aead.finalize_data(), ascon_aead128::ascon_aead128_status_t::finalized_data_absorption_phase); + EXPECT_EQ(aead.decrypt_ciphertext(ciphertext, decipheredtext_oneshot_span), ascon_aead128::ascon_aead128_status_t::decrypted_ciphertext); + EXPECT_EQ(aead.finalize_decrypt(tag), ascon_aead128::ascon_aead128_status_t::decryption_success_as_tag_matches); + } + + // Incremental decryption + { + ascon_aead128::ascon_aead128_t aead(key, nonce); + + size_t ad_offset = 0; + while (ad_offset < associated_data.size()) { + // Because we don't want to be stuck in an infinite loop if associated_data[ad_offset] = 0 + const auto elen = std::min(std::max(associated_data[ad_offset], 1), associated_data.size() - ad_offset); + + auto ad = associated_data_span.subspan(ad_offset, elen); + + EXPECT_EQ(aead.absorb_data(ad), ascon_aead128::ascon_aead128_status_t::absorbed_data); + ad_offset += elen; + } + + EXPECT_EQ(aead.finalize_data(), ascon_aead128::ascon_aead128_status_t::finalized_data_absorption_phase); + + size_t ct_offset = 0; + while (ct_offset < ciphertext.size()) { + // Because we don't want to be stuck in an infinite loop if ciphertext[ct_offset] = 0 + const auto elen = std::min(std::max(ciphertext[ct_offset], 1), ciphertext.size() - ct_offset); + + auto ct = ciphertext_span.subspan(ct_offset, elen); + auto dt = decipheredtext_multishot_span.subspan(ct_offset, elen); + + EXPECT_EQ(aead.decrypt_ciphertext(ct, dt), ascon_aead128::ascon_aead128_status_t::decrypted_ciphertext); + ct_offset += elen; + } + + EXPECT_EQ(aead.finalize_decrypt(tag), ascon_aead128::ascon_aead128_status_t::decryption_success_as_tag_matches); + } + + EXPECT_EQ(decipheredtext_oneshot, plaintext); + EXPECT_EQ(decipheredtext_oneshot, decipheredtext_multishot); + } + } +} + static ascon_aead128::ascon_aead128_t get_new_aead_instance() { From e52d588a806cdce3a3388e105821d780c05dd6b1 Mon Sep 17 00:00:00 2001 From: Anjan Roy Date: Sat, 19 Apr 2025 16:23:15 +0400 Subject: [PATCH 26/27] Update benchmark results for x86_64 desktop target Signed-off-by: Anjan Roy --- ..._6.14.0-15-generic_x86_64_with_g++_14.json | 1268 ++++++++--------- 1 file changed, 634 insertions(+), 634 deletions(-) rename bench_result_on_Linux_6.11.0-9-generic_x86_64_with_g++_14.json => bench_result_on_Linux_6.14.0-15-generic_x86_64_with_g++_14.json (62%) diff --git a/bench_result_on_Linux_6.11.0-9-generic_x86_64_with_g++_14.json b/bench_result_on_Linux_6.14.0-15-generic_x86_64_with_g++_14.json similarity index 62% rename from bench_result_on_Linux_6.11.0-9-generic_x86_64_with_g++_14.json rename to bench_result_on_Linux_6.14.0-15-generic_x86_64_with_g++_14.json index a3e45e2..292f759 100644 --- a/bench_result_on_Linux_6.11.0-9-generic_x86_64_with_g++_14.json +++ b/bench_result_on_Linux_6.14.0-15-generic_x86_64_with_g++_14.json @@ -1,10 +1,10 @@ { "context": { - "date": "2024-12-03T20:36:58+04:00", + "date": "2025-04-19T16:21:34+04:00", "host_name": "linux", "executable": "./build/perf/perf.out", "num_cpus": 16, - "mhz_per_cpu": 1413, + "mhz_per_cpu": 644, "cpu_scaling_enabled": false, "caches": [ { @@ -32,8 +32,8 @@ "num_sharing": 16 } ], - "load_avg": [0.0952148,0.281738,0.36377], - "library_version": "v1.9.0-8-g3fd1e6a7", + "load_avg": [0.206055,0.427246,0.473633], + "library_version": "v1.9.1-7-gf4f93b55", "library_build_type": "release", "json_schema_version": 1 }, @@ -49,12 +49,12 @@ "aggregate_name": "mean", "aggregate_unit": "time", "iterations": 10, - "real_time": 2.0492247840551340e+02, - "cpu_time": 2.0490696879744937e+02, + "real_time": 2.1592939886252674e+02, + "cpu_time": 2.1583110649829541e+02, "time_unit": "ns", - "CYCLES": 9.5955847024005857e+02, - "CYCLES/ BYTE": 1.4993101097500915e+01, - "bytes_per_second": 3.1233692211745095e+08 + "CYCLES": 1.0102698732266267e+03, + "CYCLES/ BYTE": 1.5785466769166042e+01, + "bytes_per_second": 2.9652835521482223e+08 }, { "name": "ascon_aead128_encrypt/32/32_median", @@ -67,12 +67,12 @@ "aggregate_name": "median", "aggregate_unit": "time", "iterations": 10, - "real_time": 2.0489515233461742e+02, - "cpu_time": 2.0488685101160928e+02, + "real_time": 2.1586364515006434e+02, + "cpu_time": 2.1582200065583098e+02, "time_unit": "ns", - "CYCLES": 9.5952349179748205e+02, - "CYCLES/ BYTE": 1.4992554559335657e+01, - "bytes_per_second": 3.1236753210534251e+08 + "CYCLES": 1.0102987758852172e+03, + "CYCLES/ BYTE": 1.5785918373206519e+01, + "bytes_per_second": 2.9654067086285740e+08 }, { "name": "ascon_aead128_encrypt/32/32_stddev", @@ -85,12 +85,12 @@ "aggregate_name": "stddev", "aggregate_unit": "time", "iterations": 10, - "real_time": 9.8726849550048817e-02, - "cpu_time": 9.3353712208144438e-02, + "real_time": 2.3465094957970645e-01, + "cpu_time": 1.8658338742675104e-01, "time_unit": "ns", - "CYCLES": 2.3413850825728696e-01, - "CYCLES/ BYTE": 3.6584141915201088e-03, - "bytes_per_second": 1.4228575160960815e+05 + "CYCLES": 3.6839145291298953e-01, + "CYCLES/ BYTE": 5.7561164517654613e-03, + "bytes_per_second": 2.5615094206346382e+05 }, { "name": "ascon_aead128_encrypt/32/32_cv", @@ -103,12 +103,12 @@ "aggregate_name": "cv", "aggregate_unit": "percentage", "iterations": 10, - "real_time": 4.8177657384507107e-04, - "cpu_time": 4.5559071395187453e-04, + "real_time": 1.0867021851392220e-03, + "cpu_time": 8.6448793435724993e-04, "time_unit": "ns", - "CYCLES": 2.4400650457362031e-04, - "CYCLES/ BYTE": 2.4400650457362031e-04, - "bytes_per_second": 4.5555213467879125e-04 + "CYCLES": 3.6464657877643243e-04, + "CYCLES/ BYTE": 3.6464657877643243e-04, + "bytes_per_second": 8.6383287654866366e-04 }, { "name": "ascon_aead128_encrypt/32/32_min", @@ -121,12 +121,12 @@ "aggregate_name": "min", "aggregate_unit": "time", "iterations": 10, - "real_time": 2.0479799015270390e+02, - "cpu_time": 2.0478328475113145e+02, + "real_time": 2.1559764767224942e+02, + "cpu_time": 2.1558540033534001e+02, "time_unit": "ns", - "CYCLES": 9.5921245576345370e+02, - "CYCLES/ BYTE": 1.4987694621303964e+01, - "bytes_per_second": 3.1212109469905668e+08 + "CYCLES": 1.0095033688678253e+03, + "CYCLES/ BYTE": 1.5773490138559771e+01, + "bytes_per_second": 2.9595846098154330e+08 }, { "name": "ascon_aead128_encrypt/32/32_max", @@ -139,12 +139,12 @@ "aggregate_name": "max", "aggregate_unit": "time", "iterations": 10, - "real_time": 2.0508678534887099e+02, - "cpu_time": 2.0504862083002755e+02, + "real_time": 2.1628641563971556e+02, + "cpu_time": 2.1624656307423896e+02, "time_unit": "ns", - "CYCLES": 9.5991108119913349e+02, - "CYCLES/ BYTE": 1.4998610643736461e+01, - "bytes_per_second": 3.1252550752752000e+08 + "CYCLES": 1.0106803504364989e+03, + "CYCLES/ BYTE": 1.5791880475570295e+01, + "bytes_per_second": 2.9686611384838170e+08 }, { "name": "ascon_aead128_encrypt/32/256_mean", @@ -157,12 +157,12 @@ "aggregate_name": "mean", "aggregate_unit": "time", "iterations": 10, - "real_time": 5.5770607598270715e+02, - "cpu_time": 5.5765769782110067e+02, + "real_time": 6.0241629067167230e+02, + "cpu_time": 6.0230284221166096e+02, "time_unit": "ns", - "CYCLES": 2.6113324565175844e+03, - "CYCLES/ BYTE": 9.0671265851305005e+00, - "bytes_per_second": 5.1644622412277234e+08 + "CYCLES": 2.8200752661347560e+03, + "CYCLES/ BYTE": 9.7919280074123449e+00, + "bytes_per_second": 4.7816500444149280e+08 }, { "name": "ascon_aead128_encrypt/32/256_median", @@ -175,12 +175,12 @@ "aggregate_name": "median", "aggregate_unit": "time", "iterations": 10, - "real_time": 5.5761242912136913e+02, - "cpu_time": 5.5755576261467945e+02, + "real_time": 6.0242332737813717e+02, + "cpu_time": 6.0236150239790140e+02, "time_unit": "ns", - "CYCLES": 2.6115758334129714e+03, - "CYCLES/ BYTE": 9.0679716437950404e+00, - "bytes_per_second": 5.1654026334208554e+08 + "CYCLES": 2.8194622637045959e+03, + "CYCLES/ BYTE": 9.7897995267520699e+00, + "bytes_per_second": 4.7811825565943271e+08 }, { "name": "ascon_aead128_encrypt/32/256_stddev", @@ -193,12 +193,12 @@ "aggregate_name": "stddev", "aggregate_unit": "time", "iterations": 10, - "real_time": 4.9403537148464993e-01, - "cpu_time": 5.0527278072341253e-01, + "real_time": 5.3238651556561312e-01, + "cpu_time": 4.4456325403968122e-01, "time_unit": "ns", - "CYCLES": 5.3948668995398119e-01, - "CYCLES/ BYTE": 1.8732176859391158e-03, - "bytes_per_second": 4.6705856660594506e+05 + "CYCLES": 1.6606674875080167e+00, + "CYCLES/ BYTE": 5.7662065568391714e-03, + "bytes_per_second": 3.5295883851929376e+05 }, { "name": "ascon_aead128_encrypt/32/256_cv", @@ -211,12 +211,12 @@ "aggregate_name": "cv", "aggregate_unit": "percentage", "iterations": 10, - "real_time": 8.8583465872078544e-04, - "cpu_time": 9.0606259484560443e-04, + "real_time": 8.8375185699580180e-04, + "cpu_time": 7.3810585453530544e-04, "time_unit": "ns", - "CYCLES": 2.0659441068389615e-04, - "CYCLES/ BYTE": 2.0659441206115632e-04, - "bytes_per_second": 9.0437018374814066e-04 + "CYCLES": 5.8887346286475408e-04, + "CYCLES/ BYTE": 5.8887346317030090e-04, + "bytes_per_second": 7.3815280340634173e-04 }, { "name": "ascon_aead128_encrypt/32/256_min", @@ -229,12 +229,12 @@ "aggregate_name": "min", "aggregate_unit": "time", "iterations": 10, - "real_time": 5.5731525946313707e+02, - "cpu_time": 5.5723631020642165e+02, + "real_time": 6.0172133163834758e+02, + "cpu_time": 6.0172226929611372e+02, "time_unit": "ns", - "CYCLES": 2.6105999100089193e+03, - "CYCLES/ BYTE": 9.0645830208643030e+00, - "bytes_per_second": 5.1518300119289583e+08 + "CYCLES": 2.8184320178928579e+03, + "CYCLES/ BYTE": 9.7862222843502007e+00, + "bytes_per_second": 4.7769129400879174e+08 }, { "name": "ascon_aead128_encrypt/32/256_max", @@ -247,12 +247,12 @@ "aggregate_name": "max", "aggregate_unit": "time", "iterations": 10, - "real_time": 5.5904186579505199e+02, - "cpu_time": 5.5902465596330205e+02, + "real_time": 6.0327692208161102e+02, + "cpu_time": 6.0289983010387346e+02, "time_unit": "ns", - "CYCLES": 2.6119843630542814e+03, - "CYCLES/ BYTE": 9.0693901494940317e+00, - "bytes_per_second": 5.1683638471677089e+08 + "CYCLES": 2.8232639067506830e+03, + "CYCLES/ BYTE": 9.8029996762176488e+00, + "bytes_per_second": 4.7862612819182903e+08 }, { "name": "ascon_aead128_encrypt/32/2048_mean", @@ -265,12 +265,12 @@ "aggregate_name": "mean", "aggregate_unit": "time", "iterations": 10, - "real_time": 3.3794444401849346e+03, - "cpu_time": 3.3791272525403720e+03, + "real_time": 3.7193740083679331e+03, + "cpu_time": 3.7185752528729536e+03, "time_unit": "ns", - "CYCLES": 1.5825719811252447e+04, - "CYCLES/ BYTE": 7.6085191400252130e+00, - "bytes_per_second": 6.1554391653439713e+08 + "CYCLES": 1.7374687033310387e+04, + "CYCLES/ BYTE": 8.3532149198607613e+00, + "bytes_per_second": 5.5936384885585868e+08 }, { "name": "ascon_aead128_encrypt/32/2048_median", @@ -283,12 +283,12 @@ "aggregate_name": "median", "aggregate_unit": "time", "iterations": 10, - "real_time": 3.3791708984238130e+03, - "cpu_time": 3.3789117810335229e+03, + "real_time": 3.7160583064436423e+03, + "cpu_time": 3.7157631202669058e+03, "time_unit": "ns", - "CYCLES": 1.5823414749825009e+04, - "CYCLES/ BYTE": 7.6074109374158709e+00, - "bytes_per_second": 6.1558282801918888e+08 + "CYCLES": 1.7383294550654027e+04, + "CYCLES/ BYTE": 8.3573531493528979e+00, + "bytes_per_second": 5.5977734120222950e+08 }, { "name": "ascon_aead128_encrypt/32/2048_stddev", @@ -301,12 +301,12 @@ "aggregate_name": "stddev", "aggregate_unit": "time", "iterations": 10, - "real_time": 2.7326794967518704e+00, - "cpu_time": 2.7322228871123175e+00, + "real_time": 1.6473792569815423e+01, + "cpu_time": 1.6517006943925274e+01, "time_unit": "ns", - "CYCLES": 9.9819628780556826e+00, - "CYCLES/ BYTE": 4.7990206171447140e-03, - "bytes_per_second": 4.9755868831726775e+05 + "CYCLES": 3.2471668547106972e+01, + "CYCLES/ BYTE": 1.5611379110004169e-02, + "bytes_per_second": 2.4598148918684470e+06 }, { "name": "ascon_aead128_encrypt/32/2048_cv", @@ -319,12 +319,12 @@ "aggregate_name": "cv", "aggregate_unit": "percentage", "iterations": 10, - "real_time": 8.0861796816589443e-04, - "cpu_time": 8.0855874399470397e-04, + "real_time": 4.4291841941015639e-03, + "cpu_time": 4.4417568075741688e-03, "time_unit": "ns", - "CYCLES": 6.3074305605728459e-04, - "CYCLES/ BYTE": 6.3074305641147555e-04, - "bytes_per_second": 8.0832362233160618e-04 + "CYCLES": 1.8689066735333400e-03, + "CYCLES/ BYTE": 1.8689066736312817e-03, + "bytes_per_second": 4.3975221081945740e-03 }, { "name": "ascon_aead128_encrypt/32/2048_min", @@ -337,12 +337,12 @@ "aggregate_name": "min", "aggregate_unit": "time", "iterations": 10, - "real_time": 3.3759458860133955e+03, - "cpu_time": 3.3758963819362348e+03, + "real_time": 3.7091773817820090e+03, + "cpu_time": 3.7063237038606121e+03, "time_unit": "ns", - "CYCLES": 1.5815867514662934e+04, - "CYCLES/ BYTE": 7.6037824589725638e+00, - "bytes_per_second": 6.1469951079390395e+08 + "CYCLES": 1.7296621723243130e+04, + "CYCLES/ BYTE": 8.3156835207899658e+00, + "bytes_per_second": 5.5255972752423406e+08 }, { "name": "ascon_aead128_encrypt/32/2048_max", @@ -355,12 +355,12 @@ "aggregate_name": "max", "aggregate_unit": "time", "iterations": 10, - "real_time": 3.3839750428359935e+03, - "cpu_time": 3.3837671308923186e+03, + "real_time": 3.7653379759297009e+03, + "cpu_time": 3.7642989461420270e+03, "time_unit": "ns", - "CYCLES": 1.5847372136805774e+04, - "CYCLES/ BYTE": 7.6189289119258525e+00, - "bytes_per_second": 6.1613265476087356e+08 + "CYCLES": 1.7406526770110682e+04, + "CYCLES/ BYTE": 8.3685224856301357e+00, + "bytes_per_second": 5.6120300497050846e+08 }, { "name": "ascon_aead128_encrypt/32/16384_mean", @@ -373,12 +373,12 @@ "aggregate_name": "mean", "aggregate_unit": "time", "iterations": 10, - "real_time": 2.6007233821371825e+04, - "cpu_time": 2.5992052046675268e+04, + "real_time": 2.8754101663187728e+04, + "cpu_time": 2.8751587926078046e+04, "time_unit": "ns", - "CYCLES": 1.2152733482126320e+05, - "CYCLES/ BYTE": 7.4029809223479042e+00, - "bytes_per_second": 6.3158072632916462e+08 + "CYCLES": 1.3452802312114989e+05, + "CYCLES/ BYTE": 8.1949331823312566e+00, + "bytes_per_second": 5.7096087176467419e+08 }, { "name": "ascon_aead128_encrypt/32/16384_median", @@ -391,12 +391,12 @@ "aggregate_name": "median", "aggregate_unit": "time", "iterations": 10, - "real_time": 2.5969839414959770e+04, - "cpu_time": 2.5969454713835821e+04, + "real_time": 2.8757353285209225e+04, + "cpu_time": 2.8755731211499013e+04, "time_unit": "ns", - "CYCLES": 1.2151228116317837e+05, - "CYCLES/ BYTE": 7.4020639110123270e+00, - "bytes_per_second": 6.3212725030573809e+08 + "CYCLES": 1.3450496108829568e+05, + "CYCLES/ BYTE": 8.1935283314020282e+00, + "bytes_per_second": 5.7087751318268132e+08 }, { "name": "ascon_aead128_encrypt/32/16384_stddev", @@ -409,12 +409,12 @@ "aggregate_name": "stddev", "aggregate_unit": "time", "iterations": 10, - "real_time": 6.9078576990846429e+01, - "cpu_time": 6.0278840758820351e+01, + "real_time": 4.0391951939884962e+01, + "cpu_time": 4.2132484980645117e+01, "time_unit": "ns", - "CYCLES": 7.3075503473225538e+01, - "CYCLES/ BYTE": 4.4514804743694758e-03, - "bytes_per_second": 1.4582342314761674e+06 + "CYCLES": 1.4679215572382907e+02, + "CYCLES/ BYTE": 8.9420172828707893e-03, + "bytes_per_second": 8.3617039526641939e+05 }, { "name": "ascon_aead128_encrypt/32/16384_cv", @@ -427,12 +427,12 @@ "aggregate_name": "cv", "aggregate_unit": "percentage", "iterations": 10, - "real_time": 2.6561293471387992e-03, - "cpu_time": 2.3191258870432600e-03, + "real_time": 1.4047370497961521e-03, + "cpu_time": 1.4653968013512890e-03, "time_unit": "ns", - "CYCLES": 6.0130919171971981e-04, - "CYCLES/ BYTE": 6.0130919167054387e-04, - "bytes_per_second": 2.3088643631537465e-03 + "CYCLES": 1.0911641479458495e-03, + "CYCLES/ BYTE": 1.0911641478847307e-03, + "bytes_per_second": 1.4644968449099842e-03 }, { "name": "ascon_aead128_encrypt/32/16384_min", @@ -445,12 +445,12 @@ "aggregate_name": "min", "aggregate_unit": "time", "iterations": 10, - "real_time": 2.5946110205961675e+04, - "cpu_time": 2.5945713095017516e+04, + "real_time": 2.8692003901376396e+04, + "cpu_time": 2.8688129158110842e+04, "time_unit": "ns", - "CYCLES": 1.2143964900907576e+05, - "CYCLES/ BYTE": 7.3976394376873635e+00, - "bytes_per_second": 6.2774563243754888e+08 + "CYCLES": 1.3428539363449693e+05, + "CYCLES/ BYTE": 8.1801531210098020e+00, + "bytes_per_second": 5.6929572708756280e+08 }, { "name": "ascon_aead128_encrypt/32/16384_max", @@ -463,12 +463,12 @@ "aggregate_name": "max", "aggregate_unit": "time", "iterations": 10, - "real_time": 2.6151061123895957e+04, - "cpu_time": 2.6150719577699558e+04, + "real_time": 2.8835454415244312e+04, + "cpu_time": 2.8835628336755581e+04, "time_unit": "ns", - "CYCLES": 1.2164801166882756e+05, - "CYCLES/ BYTE": 7.4103320948359865e+00, - "bytes_per_second": 6.3270567819361436e+08 + "CYCLES": 1.3474605790554415e+05, + "CYCLES/ BYTE": 8.2082150283591702e+00, + "bytes_per_second": 5.7222274445033979e+08 }, { "name": "ascon_hash256/32_mean", @@ -481,12 +481,12 @@ "aggregate_name": "mean", "aggregate_unit": "time", "iterations": 10, - "real_time": 3.0983880675091569e+02, - "cpu_time": 3.0964124516287512e+02, + "real_time": 3.0904697484984297e+02, + "cpu_time": 3.0901137522909460e+02, "time_unit": "ns", - "CYCLES": 1.4485988089996529e+03, - "CYCLES/ BYTE": 4.5268712781239152e+01, - "bytes_per_second": 1.0334556558574334e+08 + "CYCLES": 1.4451169035263983e+03, + "CYCLES/ BYTE": 4.5159903235199948e+01, + "bytes_per_second": 1.0355610937157983e+08 }, { "name": "ascon_hash256/32_median", @@ -499,12 +499,12 @@ "aggregate_name": "median", "aggregate_unit": "time", "iterations": 10, - "real_time": 3.0961636869500666e+02, - "cpu_time": 3.0957626451137685e+02, + "real_time": 3.0899126128941998e+02, + "cpu_time": 3.0895133482014762e+02, "time_unit": "ns", - "CYCLES": 1.4485928860794781e+03, - "CYCLES/ BYTE": 4.5268527689983692e+01, - "bytes_per_second": 1.0336712154658279e+08 + "CYCLES": 1.4451166548899241e+03, + "CYCLES/ BYTE": 4.5159895465310129e+01, + "bytes_per_second": 1.0357618632150459e+08 }, { "name": "ascon_hash256/32_stddev", @@ -517,12 +517,12 @@ "aggregate_name": "stddev", "aggregate_unit": "time", "iterations": 10, - "real_time": 6.3235523973715257e-01, - "cpu_time": 4.0656958121171211e-01, + "real_time": 2.2913411715242224e-01, + "cpu_time": 2.2872259838531880e-01, "time_unit": "ns", - "CYCLES": 1.0939001650133127e-01, - "CYCLES/ BYTE": 3.4184380156666023e-03, - "bytes_per_second": 1.3557899035863436e+05 + "CYCLES": 6.4985429251946031e-02, + "CYCLES/ BYTE": 2.0307946641233135e-03, + "bytes_per_second": 7.6610459541182179e+04 }, { "name": "ascon_hash256/32_cv", @@ -535,12 +535,12 @@ "aggregate_name": "cv", "aggregate_unit": "percentage", "iterations": 10, - "real_time": 2.0409168443690558e-03, - "cpu_time": 1.3130343181440556e-03, + "real_time": 7.4142164719053437e-04, + "cpu_time": 7.4017533566765506e-04, "time_unit": "ns", - "CYCLES": 7.5514363136106575e-05, - "CYCLES/ BYTE": 7.5514363136106575e-05, - "bytes_per_second": 1.3118994471625174e-03 + "CYCLES": 4.4968977314823112e-05, + "CYCLES/ BYTE": 4.4968977314823112e-05, + "bytes_per_second": 7.3979661852965797e-04 }, { "name": "ascon_hash256/32_min", @@ -553,12 +553,12 @@ "aggregate_name": "min", "aggregate_unit": "time", "iterations": 10, - "real_time": 3.0922586085250339e+02, - "cpu_time": 3.0920506977186608e+02, + "real_time": 3.0878288250732169e+02, + "cpu_time": 3.0877242696579594e+02, "time_unit": "ns", - "CYCLES": 1.4483750179767376e+03, - "CYCLES/ BYTE": 4.5261719311773049e+01, - "bytes_per_second": 1.0308345567503674e+08 + "CYCLES": 1.4450023075054651e+03, + "CYCLES/ BYTE": 4.5156322109545783e+01, + "bytes_per_second": 1.0341302132455446e+08 }, { "name": "ascon_hash256/32_max", @@ -571,12 +571,12 @@ "aggregate_name": "max", "aggregate_unit": "time", "iterations": 10, - "real_time": 3.1105955223881904e+02, - "cpu_time": 3.1042808751850276e+02, + "real_time": 3.0950459293207950e+02, + "cpu_time": 3.0943878817320558e+02, "time_unit": "ns", - "CYCLES": 1.4487721899316994e+03, - "CYCLES/ BYTE": 4.5274130935365605e+01, - "bytes_per_second": 1.0349118797958215e+08 + "CYCLES": 1.4452392850045267e+03, + "CYCLES/ BYTE": 4.5163727656391458e+01, + "bytes_per_second": 1.0363619677590182e+08 }, { "name": "ascon_hash256/64_mean", @@ -589,12 +589,12 @@ "aggregate_name": "mean", "aggregate_unit": "time", "iterations": 10, - "real_time": 4.4709559844692239e+02, - "cpu_time": 4.4675596377410454e+02, + "real_time": 4.4608419145747803e+02, + "cpu_time": 4.4604958243452882e+02, "time_unit": "ns", - "CYCLES": 2.0902779405617052e+03, - "CYCLES/ BYTE": 3.2660592821276644e+01, - "bytes_per_second": 1.4325565662615603e+08 + "CYCLES": 2.0851656882581419e+03, + "CYCLES/ BYTE": 3.2580713879033468e+01, + "bytes_per_second": 1.4348320113094556e+08 }, { "name": "ascon_hash256/64_median", @@ -607,12 +607,12 @@ "aggregate_name": "median", "aggregate_unit": "time", "iterations": 10, - "real_time": 4.4646618659603365e+02, - "cpu_time": 4.4638181429442056e+02, + "real_time": 4.4558870358928925e+02, + "cpu_time": 4.4557350649847132e+02, "time_unit": "ns", - "CYCLES": 2.0902007247093661e+03, - "CYCLES/ BYTE": 3.2659386323583846e+01, - "bytes_per_second": 1.4337501685639668e+08 + "CYCLES": 2.0856232415570839e+03, + "CYCLES/ BYTE": 3.2587863149329436e+01, + "bytes_per_second": 1.4363511099427122e+08 }, { "name": "ascon_hash256/64_stddev", @@ -625,12 +625,12 @@ "aggregate_name": "stddev", "aggregate_unit": "time", "iterations": 10, - "real_time": 1.1352168388552062e+00, - "cpu_time": 1.0542266746318776e+00, + "real_time": 1.4952382593420368e+00, + "cpu_time": 1.4716217184960441e+00, "time_unit": "ns", - "CYCLES": 2.7367944269415967e-01, - "CYCLES/ BYTE": 4.2762412920962448e-03, - "bytes_per_second": 3.3615196529083228e+05 + "CYCLES": 1.4470257209904749e+00, + "CYCLES/ BYTE": 2.2609776890476170e-02, + "bytes_per_second": 4.6958879107860604e+05 }, { "name": "ascon_hash256/64_cv", @@ -643,12 +643,12 @@ "aggregate_name": "cv", "aggregate_unit": "percentage", "iterations": 10, - "real_time": 2.5390919588531248e-03, - "cpu_time": 2.3597372169942236e-03, + "real_time": 3.3519194088826323e-03, + "cpu_time": 3.2992334853537237e-03, "time_unit": "ns", - "CYCLES": 1.3092968996296052e-04, - "CYCLES/ BYTE": 1.3092968996296052e-04, - "bytes_per_second": 2.3465179191357439e-03 + "CYCLES": 6.9396198543783744e-04, + "CYCLES/ BYTE": 6.9396198543783744e-04, + "bytes_per_second": 3.2727788854532884e-03 }, { "name": "ascon_hash256/64_min", @@ -661,12 +661,12 @@ "aggregate_name": "min", "aggregate_unit": "time", "iterations": 10, - "real_time": 4.4626021565420990e+02, - "cpu_time": 4.4625362594019026e+02, + "real_time": 4.4539949910926225e+02, + "cpu_time": 4.4537387164920182e+02, "time_unit": "ns", - "CYCLES": 2.0900855099611636e+03, - "CYCLES/ BYTE": 3.2657586093143181e+01, - "bytes_per_second": 1.4231457142848322e+08 + "CYCLES": 2.0810539250516977e+03, + "CYCLES/ BYTE": 3.2516467578932776e+01, + "bytes_per_second": 1.4215837497146121e+08 }, { "name": "ascon_hash256/64_max", @@ -679,12 +679,12 @@ "aggregate_name": "max", "aggregate_unit": "time", "iterations": 10, - "real_time": 4.4971301061648876e+02, - "cpu_time": 4.4970799094990542e+02, + "real_time": 4.5030642073073096e+02, + "cpu_time": 4.5020210742313446e+02, "time_unit": "ns", - "CYCLES": 2.0910418742241527e+03, - "CYCLES/ BYTE": 3.2672529284752386e+01, - "bytes_per_second": 1.4341620163906008e+08 + "CYCLES": 2.0857766749616849e+03, + "CYCLES/ BYTE": 3.2590260546276326e+01, + "bytes_per_second": 1.4369949400715971e+08 }, { "name": "ascon_hash256/512_mean", @@ -697,12 +697,12 @@ "aggregate_name": "mean", "aggregate_unit": "time", "iterations": 10, - "real_time": 2.3622464165620127e+03, - "cpu_time": 2.3613398476986254e+03, + "real_time": 2.3620641192827866e+03, + "cpu_time": 2.3618838042287921e+03, "time_unit": "ns", - "CYCLES": 1.1052010819462228e+04, - "CYCLES/ BYTE": 2.1585958631762164e+01, - "bytes_per_second": 2.1682638017294246e+08 + "CYCLES": 1.1050743339230057e+04, + "CYCLES/ BYTE": 2.1583483084433706e+01, + "bytes_per_second": 2.1677631295154759e+08 }, { "name": "ascon_hash256/512_median", @@ -715,12 +715,12 @@ "aggregate_name": "median", "aggregate_unit": "time", "iterations": 10, - "real_time": 2.3607914364680410e+03, - "cpu_time": 2.3600573657254581e+03, + "real_time": 2.3618854940636693e+03, + "cpu_time": 2.3616750147418088e+03, "time_unit": "ns", - "CYCLES": 1.1051976228182491e+04, - "CYCLES/ BYTE": 2.1585891070668929e+01, - "bytes_per_second": 2.1694388133055922e+08 + "CYCLES": 1.1050731480077500e+04, + "CYCLES/ BYTE": 2.1583459922026368e+01, + "bytes_per_second": 2.1679528184349442e+08 }, { "name": "ascon_hash256/512_stddev", @@ -733,12 +733,12 @@ "aggregate_name": "stddev", "aggregate_unit": "time", "iterations": 10, - "real_time": 3.7898096615810246e+00, - "cpu_time": 3.0580581902861210e+00, + "real_time": 2.3467457583918145e+00, + "cpu_time": 2.3682493581319539e+00, "time_unit": "ns", - "CYCLES": 3.8073145791341489e-01, - "CYCLES/ BYTE": 7.4361612873713847e-04, - "bytes_per_second": 2.8032848547532392e+05 + "CYCLES": 4.2664196111136160e-01, + "CYCLES/ BYTE": 8.3328508029562813e-04, + "bytes_per_second": 2.1708536510373568e+05 }, { "name": "ascon_hash256/512_cv", @@ -751,12 +751,12 @@ "aggregate_name": "cv", "aggregate_unit": "percentage", "iterations": 10, - "real_time": 1.6043244409263079e-03, - "cpu_time": 1.2950521261336104e-03, + "real_time": 9.9351484120777231e-04, + "cpu_time": 1.0026951173007601e-03, "time_unit": "ns", - "CYCLES": 3.4449066702229360e-05, - "CYCLES/ BYTE": 3.4449066702229360e-05, - "bytes_per_second": 1.2928707533268399e-03 + "CYCLES": 3.8607535078367605e-05, + "CYCLES/ BYTE": 3.8607535078367605e-05, + "bytes_per_second": 1.0014256730727640e-03 }, { "name": "ascon_hash256/512_min", @@ -769,12 +769,12 @@ "aggregate_name": "min", "aggregate_unit": "time", "iterations": 10, - "real_time": 2.3592048655885733e+03, - "cpu_time": 2.3591696374418561e+03, + "real_time": 2.3594257939212598e+03, + "cpu_time": 2.3593603740207163e+03, "time_unit": "ns", - "CYCLES": 1.1051438237077969e+04, - "CYCLES/ BYTE": 2.1584840306792909e+01, - "bytes_per_second": 2.1628303921594399e+08 + "CYCLES": 1.1050106309493724e+04, + "CYCLES/ BYTE": 2.1582238885729929e+01, + "bytes_per_second": 2.1625377796874809e+08 }, { "name": "ascon_hash256/512_max", @@ -787,12 +787,12 @@ "aggregate_name": "max", "aggregate_unit": "time", "iterations": 10, - "real_time": 2.3692611868128488e+03, - "cpu_time": 2.3672683806186142e+03, + "real_time": 2.3676723275060549e+03, + "cpu_time": 2.3675886951394286e+03, "time_unit": "ns", - "CYCLES": 1.1052669570051890e+04, - "CYCLES/ BYTE": 2.1587245254007598e+01, - "bytes_per_second": 2.1702551265248665e+08 + "CYCLES": 1.1051675259034622e+04, + "CYCLES/ BYTE": 2.1585303240301997e+01, + "bytes_per_second": 2.1700796776860017e+08 }, { "name": "ascon_hash256/4096_mean", @@ -805,12 +805,12 @@ "aggregate_name": "mean", "aggregate_unit": "time", "iterations": 10, - "real_time": 1.7752801002065960e+04, - "cpu_time": 1.7745130319553617e+04, + "real_time": 1.7702641419502943e+04, + "cpu_time": 1.7700754474017740e+04, "time_unit": "ns", - "CYCLES": 8.2760538701496320e+04, - "CYCLES/ BYTE": 2.0205209643920000e+01, - "bytes_per_second": 2.3083328630834037e+08 + "CYCLES": 8.2751944283903664e+04, + "CYCLES/ BYTE": 2.0203111397437418e+01, + "bytes_per_second": 2.3140295127079391e+08 }, { "name": "ascon_hash256/4096_median", @@ -823,12 +823,12 @@ "aggregate_name": "median", "aggregate_unit": "time", "iterations": 10, - "real_time": 1.7692237953502066e+04, - "cpu_time": 1.7682467283793980e+04, + "real_time": 1.7692111913973589e+04, + "cpu_time": 1.7689532192648931e+04, "time_unit": "ns", - "CYCLES": 8.2753048376870400e+04, - "CYCLES/ BYTE": 2.0203380951384375e+01, - "bytes_per_second": 2.3164191499530387e+08 + "CYCLES": 8.2748756083650194e+04, + "CYCLES/ BYTE": 2.0202333028234911e+01, + "bytes_per_second": 2.3154936804544562e+08 }, { "name": "ascon_hash256/4096_stddev", @@ -841,12 +841,12 @@ "aggregate_name": "stddev", "aggregate_unit": "time", "iterations": 10, - "real_time": 1.2002878665015290e+02, - "cpu_time": 1.1984940734862251e+02, + "real_time": 2.3399707323674626e+01, + "cpu_time": 2.4102773076925644e+01, "time_unit": "ns", - "CYCLES": 1.7366737108581955e+01, - "CYCLES/ BYTE": 4.2399260518998913e-03, - "bytes_per_second": 1.5459195369890518e+06 + "CYCLES": 7.8547774396976839e+00, + "CYCLES/ BYTE": 1.9176702733636924e-03, + "bytes_per_second": 3.1462541435809026e+05 }, { "name": "ascon_hash256/4096_cv", @@ -859,12 +859,12 @@ "aggregate_name": "cv", "aggregate_unit": "percentage", "iterations": 10, - "real_time": 6.7611182390984207e-03, - "cpu_time": 6.7539322163533916e-03, + "real_time": 1.3218201040831818e-03, + "cpu_time": 1.3616805493972125e-03, "time_unit": "ns", - "CYCLES": 2.0984321007407801e-04, - "CYCLES/ BYTE": 2.0984321007407801e-04, - "bytes_per_second": 6.6971257122946199e-03 + "CYCLES": 9.4919551530410877e-05, + "CYCLES/ BYTE": 9.4919551530410877e-05, + "bytes_per_second": 1.3596430496251848e-03 }, { "name": "ascon_hash256/4096_min", @@ -877,12 +877,12 @@ "aggregate_name": "min", "aggregate_unit": "time", "iterations": 10, - "real_time": 1.7666296729754329e+04, - "cpu_time": 1.7666032462591891e+04, + "real_time": 1.7681287705832772e+04, + "cpu_time": 1.7678977566539841e+04, "time_unit": "ns", - "CYCLES": 8.2748382323104233e+04, - "CYCLES/ BYTE": 2.0202241778101619e+01, - "bytes_per_second": 2.2737335317034158e+08 + "CYCLES": 8.2745887579214192e+04, + "CYCLES/ BYTE": 2.0201632709769090e+01, + "bytes_per_second": 2.3074839717835262e+08 }, { "name": "ascon_hash256/4096_max", @@ -895,12 +895,12 @@ "aggregate_name": "max", "aggregate_unit": "time", "iterations": 10, - "real_time": 1.8014653183121492e+04, - "cpu_time": 1.8014424042607112e+04, + "real_time": 1.7751891381613063e+04, + "cpu_time": 1.7750935868187520e+04, "time_unit": "ns", - "CYCLES": 8.2804885746893226e+04, - "CYCLES/ BYTE": 2.0216036559300104e+01, - "bytes_per_second": 2.3185737989972261e+08 + "CYCLES": 8.2768987325728769e+04, + "CYCLES/ BYTE": 2.0207272296320500e+01, + "bytes_per_second": 2.3168760662677142e+08 }, { "name": "ascon_hash256/16384_mean", @@ -913,12 +913,12 @@ "aggregate_name": "mean", "aggregate_unit": "time", "iterations": 10, - "real_time": 7.0285071666253076e+04, - "cpu_time": 7.0278110367387970e+04, + "real_time": 7.0377256648914772e+04, + "cpu_time": 7.0371024937280483e+04, "time_unit": "ns", - "CYCLES": 3.2857922752893809e+05, - "CYCLES/ BYTE": 2.0054884492733038e+01, - "bytes_per_second": 2.3313349729795256e+08 + "CYCLES": 3.2861432654290018e+05, + "CYCLES/ BYTE": 2.0057026766534435e+01, + "bytes_per_second": 2.3282517447383475e+08 }, { "name": "ascon_hash256/16384_median", @@ -931,12 +931,12 @@ "aggregate_name": "median", "aggregate_unit": "time", "iterations": 10, - "real_time": 7.0167888524007256e+04, - "cpu_time": 7.0163389783593128e+04, + "real_time": 7.0302680633057695e+04, + "cpu_time": 7.0292971650777457e+04, "time_unit": "ns", - "CYCLES": 3.2857529391041771e+05, - "CYCLES/ BYTE": 2.0054644403712018e+01, - "bytes_per_second": 2.3351209388710901e+08 + "CYCLES": 3.2857519167084794e+05, + "CYCLES/ BYTE": 2.0054638163503903e+01, + "bytes_per_second": 2.3308162420133710e+08 }, { "name": "ascon_hash256/16384_stddev", @@ -949,12 +949,12 @@ "aggregate_name": "stddev", "aggregate_unit": "time", "iterations": 10, - "real_time": 2.4858004681269193e+02, - "cpu_time": 2.4752473910251450e+02, + "real_time": 2.2551192538526544e+02, + "cpu_time": 2.2231087783976403e+02, "time_unit": "ns", - "CYCLES": 1.7868390477466299e+01, - "CYCLES/ BYTE": 1.0906000047281677e-03, - "bytes_per_second": 8.1542582924778911e+05 + "CYCLES": 1.1648377999326385e+02, + "CYCLES/ BYTE": 7.1096057124794831e-03, + "bytes_per_second": 7.3050530190790235e+05 }, { "name": "ascon_hash256/16384_cv", @@ -967,12 +967,12 @@ "aggregate_name": "cv", "aggregate_unit": "percentage", "iterations": 10, - "real_time": 3.5367403193820178e-03, - "cpu_time": 3.5220744810659636e-03, + "real_time": 3.2043295820730583e-03, + "cpu_time": 3.1591251944660865e-03, "time_unit": "ns", - "CYCLES": 5.4380767195310981e-05, - "CYCLES/ BYTE": 5.4380767195310981e-05, - "bytes_per_second": 3.4976776769476722e-03 + "CYCLES": 3.5446957294497943e-04, + "CYCLES/ BYTE": 3.5446957294497943e-04, + "bytes_per_second": 3.1375700826114816e-03 }, { "name": "ascon_hash256/16384_min", @@ -985,12 +985,12 @@ "aggregate_name": "min", "aggregate_unit": "time", "iterations": 10, - "real_time": 7.0136474582500683e+04, - "cpu_time": 7.0131834927025920e+04, + "real_time": 7.0238941796832514e+04, + "cpu_time": 7.0231087305569410e+04, "time_unit": "ns", - "CYCLES": 3.2856094765978865e+05, - "CYCLES/ BYTE": 2.0053768778063272e+01, - "bytes_per_second": 2.3097236567975894e+08 + "CYCLES": 3.2856278173607629e+05, + "CYCLES/ BYTE": 2.0053880721196062e+01, + "bytes_per_second": 2.3083211329315358e+08 }, { "name": "ascon_hash256/16384_max", @@ -1003,12 +1003,12 @@ "aggregate_name": "max", "aggregate_unit": "time", "iterations": 10, - "real_time": 7.0938428287196555e+04, - "cpu_time": 7.0934892803220733e+04, + "real_time": 7.0993414451000150e+04, + "cpu_time": 7.0977992473657883e+04, "time_unit": "ns", - "CYCLES": 3.2862146099647711e+05, - "CYCLES/ BYTE": 2.0057462219023261e+01, - "bytes_per_second": 2.3361715855642444e+08 + "CYCLES": 3.2894097942799801e+05, + "CYCLES/ BYTE": 2.0076964076415894e+01, + "bytes_per_second": 2.3328700478058425e+08 }, { "name": "ascon_permutation<1>_mean", @@ -1021,12 +1021,12 @@ "aggregate_name": "mean", "aggregate_unit": "time", "iterations": 10, - "real_time": 6.5266810033649465e+00, - "cpu_time": 6.5260558258494381e+00, + "real_time": 6.5262973329886149e+00, + "cpu_time": 6.5259251317179103e+00, "time_unit": "ns", - "CYCLES": 3.0533881500455863e+01, - "CYCLES/ BYTE": 7.6334703751139654e-01, - "bytes_per_second": 6.1292978327344217e+09 + "CYCLES": 3.0515574840849325e+01, + "CYCLES/ BYTE": 7.6288937102123322e-01, + "bytes_per_second": 6.1294041663113022e+09 }, { "name": "ascon_permutation<1>_median", @@ -1039,12 +1039,12 @@ "aggregate_name": "median", "aggregate_unit": "time", "iterations": 10, - "real_time": 6.5217757316558815e+00, - "cpu_time": 6.5213878789396631e+00, + "real_time": 6.5268480541904257e+00, + "cpu_time": 6.5265543678268259e+00, "time_unit": "ns", - "CYCLES": 3.0539846007737133e+01, - "CYCLES/ BYTE": 7.6349615019342831e-01, - "bytes_per_second": 6.1336637018866587e+09 + "CYCLES": 3.0519105992006203e+01, + "CYCLES/ BYTE": 7.6297764980015503e-01, + "bytes_per_second": 6.1288082226032181e+09 }, { "name": "ascon_permutation<1>_stddev", @@ -1057,12 +1057,12 @@ "aggregate_name": "stddev", "aggregate_unit": "time", "iterations": 10, - "real_time": 1.2836177105642856e-02, - "cpu_time": 1.2877873295303674e-02, + "real_time": 6.3903199339217483e-03, + "cpu_time": 6.2196806496846013e-03, "time_unit": "ns", - "CYCLES": 2.8788381544358178e-02, - "CYCLES/ BYTE": 7.1970953848211861e-04, - "bytes_per_second": 1.2064603584688557e+07 + "CYCLES": 1.7150710957291655e-02, + "CYCLES/ BYTE": 4.2876777369062018e-04, + "bytes_per_second": 5.8401368161751525e+06 }, { "name": "ascon_permutation<1>_cv", @@ -1075,12 +1075,12 @@ "aggregate_name": "cv", "aggregate_unit": "percentage", "iterations": 10, - "real_time": 1.9667235305394788e-03, - "cpu_time": 1.9733011238265768e-03, + "real_time": 9.7916469444633792e-04, + "cpu_time": 9.5307263325089780e-04, "time_unit": "ns", - "CYCLES": 9.4283399717551058e-04, - "CYCLES/ BYTE": 9.4283399700935313e-04, - "bytes_per_second": 1.9683500319165039e-03 + "CYCLES": 5.6203139042077140e-04, + "CYCLES/ BYTE": 5.6203139010398725e-04, + "bytes_per_second": 9.5280661181945984e-04 }, { "name": "ascon_permutation<1>_min", @@ -1093,12 +1093,12 @@ "aggregate_name": "min", "aggregate_unit": "time", "iterations": 10, - "real_time": 6.5144465848214139e+00, - "cpu_time": 6.5141916784072880e+00, + "real_time": 6.5168667675828118e+00, + "cpu_time": 6.5167756042383385e+00, "time_unit": "ns", - "CYCLES": 3.0463268498487459e+01, - "CYCLES/ BYTE": 7.6158171246218642e-01, - "bytes_per_second": 6.1040166717816420e+09 + "CYCLES": 3.0486403011636746e+01, + "CYCLES/ BYTE": 7.6216007529091867e-01, + "bytes_per_second": 6.1181977730455770e+09 }, { "name": "ascon_permutation<1>_max", @@ -1111,12 +1111,12 @@ "aggregate_name": "max", "aggregate_unit": "time", "iterations": 10, - "real_time": 6.5539582256606321e+00, - "cpu_time": 6.5530620492759537e+00, + "real_time": 6.5383947527070223e+00, + "cpu_time": 6.5378729952510835e+00, "time_unit": "ns", - "CYCLES": 3.0567186882197120e+01, - "CYCLES/ BYTE": 7.6417967205492798e-01, - "bytes_per_second": 6.1404395164773474e+09 + "CYCLES": 3.0541753321817627e+01, + "CYCLES/ BYTE": 7.6354383304544071e-01, + "bytes_per_second": 6.1380048093086176e+09 }, { "name": "ascon_permutation<8>_mean", @@ -1129,12 +1129,12 @@ "aggregate_name": "mean", "aggregate_unit": "time", "iterations": 10, - "real_time": 2.6812514501364156e+01, - "cpu_time": 2.6801580352696782e+01, + "real_time": 2.6758833293593511e+01, + "cpu_time": 2.6757173246064895e+01, "time_unit": "ns", - "CYCLES": 1.2548621558187148e+02, - "CYCLES/ BYTE": 3.1371553895467876e+00, - "bytes_per_second": 1.4924498475817456e+09 + "CYCLES": 1.2510760025496938e+02, + "CYCLES/ BYTE": 3.1276900063742357e+00, + "bytes_per_second": 1.4949282029981132e+09 }, { "name": "ascon_permutation<8>_median", @@ -1147,12 +1147,12 @@ "aggregate_name": "median", "aggregate_unit": "time", "iterations": 10, - "real_time": 2.6796803239938278e+01, - "cpu_time": 2.6792335776481231e+01, + "real_time": 2.6749190727926663e+01, + "cpu_time": 2.6746670120171910e+01, "time_unit": "ns", - "CYCLES": 1.2548880842665943e+02, - "CYCLES/ BYTE": 3.1372202106664862e+00, - "bytes_per_second": 1.4929642691050150e+09 + "CYCLES": 1.2510736428238738e+02, + "CYCLES/ BYTE": 3.1276841070596850e+00, + "bytes_per_second": 1.4955132691146379e+09 }, { "name": "ascon_permutation<8>_stddev", @@ -1165,12 +1165,12 @@ "aggregate_name": "stddev", "aggregate_unit": "time", "iterations": 10, - "real_time": 3.0266663212956586e-02, - "cpu_time": 1.7023649946272760e-02, + "real_time": 3.2349446721529188e-02, + "cpu_time": 3.2481947770551120e-02, "time_unit": "ns", - "CYCLES": 1.0958326548025395e-02, - "CYCLES/ BYTE": 2.7395815361434372e-04, - "bytes_per_second": 9.4720085255216889e+05 + "CYCLES": 9.1269074640614976e-03, + "CYCLES/ BYTE": 2.2817267777837597e-04, + "bytes_per_second": 1.8101704818816253e+06 }, { "name": "ascon_permutation<8>_cv", @@ -1183,12 +1183,12 @@ "aggregate_name": "cv", "aggregate_unit": "percentage", "iterations": 10, - "real_time": 1.1288259894989220e-03, - "cpu_time": 6.3517336374382244e-04, + "real_time": 1.2089259037042605e-03, + "cpu_time": 1.2139528892622525e-03, "time_unit": "ns", - "CYCLES": 8.7326934653438572e-05, - "CYCLES/ BYTE": 8.7326931438331260e-05, - "bytes_per_second": 6.3466176373493718e-04 + "CYCLES": 7.2952462084324636e-05, + "CYCLES/ BYTE": 7.2952459263341254e-05, + "bytes_per_second": 1.2108745277875461e-03 }, { "name": "ascon_permutation<8>_min", @@ -1201,12 +1201,12 @@ "aggregate_name": "min", "aggregate_unit": "time", "iterations": 10, - "real_time": 2.6789465566770083e+01, - "cpu_time": 2.6789057162312378e+01, + "real_time": 2.6735011487194505e+01, + "cpu_time": 2.6733163302868650e+01, "time_unit": "ns", - "CYCLES": 1.2546517777412882e+02, - "CYCLES/ BYTE": 3.1366294443532201e+00, - "bytes_per_second": 1.4902991284594300e+09 + "CYCLES": 1.2509285612653257e+02, + "CYCLES/ BYTE": 3.1273214031633145e+00, + "bytes_per_second": 1.4900352802517030e+09 }, { "name": "ascon_permutation<8>_max", @@ -1219,12 +1219,12 @@ "aggregate_name": "max", "aggregate_unit": "time", "iterations": 10, - "real_time": 2.6883521017959474e+01, - "cpu_time": 2.6840249206445741e+01, + "real_time": 2.6846482402074400e+01, + "cpu_time": 2.6845001947365326e+01, "time_unit": "ns", - "CYCLES": 1.2549783530894166e+02, - "CYCLES/ BYTE": 3.1374458827235414e+00, - "bytes_per_second": 1.4931469875047770e+09 + "CYCLES": 1.2512129204334479e+02, + "CYCLES/ BYTE": 3.1280323010836200e+00, + "bytes_per_second": 1.4962688682527790e+09 }, { "name": "ascon_permutation<12>_mean", @@ -1237,12 +1237,12 @@ "aggregate_name": "mean", "aggregate_unit": "time", "iterations": 10, - "real_time": 3.8003528469261973e+01, - "cpu_time": 3.7995299275384959e+01, + "real_time": 3.8047380970893144e+01, + "cpu_time": 3.8045856585428552e+01, "time_unit": "ns", - "CYCLES": 1.7792239086308891e+02, - "CYCLES/ BYTE": 4.4480597715772223e+00, - "bytes_per_second": 1.0527620267661904e+09 + "CYCLES": 1.7791133078675301e+02, + "CYCLES/ BYTE": 4.4477832696688253e+00, + "bytes_per_second": 1.0513643859396050e+09 }, { "name": "ascon_permutation<12>_median", @@ -1255,12 +1255,12 @@ "aggregate_name": "median", "aggregate_unit": "time", "iterations": 10, - "real_time": 3.7996177474534669e+01, - "cpu_time": 3.7989471154564328e+01, + "real_time": 3.8029492222762975e+01, + "cpu_time": 3.8025962256002657e+01, "time_unit": "ns", - "CYCLES": 1.7792045119744097e+02, - "CYCLES/ BYTE": 4.4480112799360239e+00, - "bytes_per_second": 1.0529233262957029e+09 + "CYCLES": 1.7791241656441184e+02, + "CYCLES/ BYTE": 4.4478104141102959e+00, + "bytes_per_second": 1.0519129039346846e+09 }, { "name": "ascon_permutation<12>_stddev", @@ -1273,12 +1273,12 @@ "aggregate_name": "stddev", "aggregate_unit": "time", "iterations": 10, - "real_time": 1.9670634974981366e-02, - "cpu_time": 1.8217693721471938e-02, + "real_time": 4.7578451564838788e-02, + "cpu_time": 4.8598016657493567e-02, "time_unit": "ns", - "CYCLES": 1.0825279040496266e-02, - "CYCLES/ BYTE": 2.7063198534749768e-04, - "bytes_per_second": 5.0456094018903648e+05 + "CYCLES": 4.7908131950828619e-03, + "CYCLES/ BYTE": 1.1977030614689372e-04, + "bytes_per_second": 1.3408534833141002e+06 }, { "name": "ascon_permutation<12>_cv", @@ -1291,12 +1291,12 @@ "aggregate_name": "cv", "aggregate_unit": "percentage", "iterations": 10, - "real_time": 5.1760022732866436e-04, - "cpu_time": 4.7947230496679270e-04, + "real_time": 1.2505053002527839e-03, + "cpu_time": 1.2773537257170459e-03, "time_unit": "ns", - "CYCLES": 6.0842702191576930e-05, - "CYCLES/ BYTE": 6.0842704290265239e-05, - "bytes_per_second": 4.7927349900614836e-04 + "CYCLES": 2.6928094876796785e-05, + "CYCLES/ BYTE": 2.6928089541514828e-05, + "bytes_per_second": 1.2753461133418350e-03 }, { "name": "ascon_permutation<12>_min", @@ -1309,12 +1309,12 @@ "aggregate_name": "min", "aggregate_unit": "time", "iterations": 10, - "real_time": 3.7981162725859477e+01, - "cpu_time": 3.7975972704401265e+01, + "real_time": 3.8004672447627300e+01, + "cpu_time": 3.8003230817429866e+01, "time_unit": "ns", - "CYCLES": 1.7791097105477178e+02, - "CYCLES/ BYTE": 4.4477742763692945e+00, - "bytes_per_second": 1.0517209725767082e+09 + "CYCLES": 1.7790098061291980e+02, + "CYCLES/ BYTE": 4.4475245153229945e+00, + "bytes_per_second": 1.0482331575650944e+09 }, { "name": "ascon_permutation<12>_max", @@ -1327,12 +1327,12 @@ "aggregate_name": "max", "aggregate_unit": "time", "iterations": 10, - "real_time": 3.8033266307134390e+01, - "cpu_time": 3.8032901352152663e+01, + "real_time": 3.8159280659223015e+01, + "cpu_time": 3.8159449270727762e+01, "time_unit": "ns", - "CYCLES": 1.7794955908049783e+02, - "CYCLES/ BYTE": 4.4487389770124466e+00, - "bytes_per_second": 1.0532975761109118e+09 + "CYCLES": 1.7791748443333421e+02, + "CYCLES/ BYTE": 4.4479371108333554e+00, + "bytes_per_second": 1.0525420902281375e+09 }, { "name": "ascon_permutation<16>_mean", @@ -1345,12 +1345,12 @@ "aggregate_name": "mean", "aggregate_unit": "time", "iterations": 10, - "real_time": 4.9550907388505912e+01, - "cpu_time": 4.9542412617175806e+01, + "real_time": 4.9592021838604595e+01, + "cpu_time": 4.9588024068453443e+01, "time_unit": "ns", - "CYCLES": 2.3173970598368152e+02, - "CYCLES/ BYTE": 5.7934926495920394e+00, - "bytes_per_second": 8.0739371306653488e+08 + "CYCLES": 2.3176266979320599e+02, + "CYCLES/ BYTE": 5.7940667448301504e+00, + "bytes_per_second": 8.0665229929090488e+08 }, { "name": "ascon_permutation<16>_median", @@ -1363,12 +1363,12 @@ "aggregate_name": "median", "aggregate_unit": "time", "iterations": 10, - "real_time": 4.9484480648248550e+01, - "cpu_time": 4.9473209808883283e+01, + "real_time": 4.9537877197557165e+01, + "cpu_time": 4.9533995097822341e+01, "time_unit": "ns", - "CYCLES": 2.3173848278844838e+02, - "CYCLES/ BYTE": 5.7934620697112100e+00, - "bytes_per_second": 8.0851839283268297e+08 + "CYCLES": 2.3174680482430915e+02, + "CYCLES/ BYTE": 5.7936701206077288e+00, + "bytes_per_second": 8.0752622393845892e+08 }, { "name": "ascon_permutation<16>_stddev", @@ -1381,12 +1381,12 @@ "aggregate_name": "stddev", "aggregate_unit": "time", "iterations": 10, - "real_time": 1.2458196885935950e-01, - "cpu_time": 1.2613068371741099e-01, + "real_time": 1.4305293733118732e-01, + "cpu_time": 1.4209317647538833e-01, "time_unit": "ns", - "CYCLES": 5.8072151889045380e-03, - "CYCLES/ BYTE": 1.4518032425493092e-04, - "bytes_per_second": 2.0479443463271491e+06 + "CYCLES": 5.8169800574431732e-02, + "CYCLES/ BYTE": 1.4542450114291990e-03, + "bytes_per_second": 2.2960874867420304e+06 }, { "name": "ascon_permutation<16>_cv", @@ -1399,12 +1399,12 @@ "aggregate_name": "cv", "aggregate_unit": "percentage", "iterations": 10, - "real_time": 2.5142217453773246e-03, - "cpu_time": 2.5459132297824929e-03, + "real_time": 2.8845957883457105e-03, + "cpu_time": 2.8654736530585850e-03, "time_unit": "ns", - "CYCLES": 2.5059215313380378e-05, - "CYCLES/ BYTE": 2.5059205739245063e-05, - "bytes_per_second": 2.5364878536754030e-03 + "CYCLES": 2.5098865415355582e-04, + "CYCLES/ BYTE": 2.5098865364759092e-04, + "bytes_per_second": 2.8464401437402797e-03 }, { "name": "ascon_permutation<16>_min", @@ -1417,12 +1417,12 @@ "aggregate_name": "min", "aggregate_unit": "time", "iterations": 10, - "real_time": 4.9469433549338703e+01, - "cpu_time": 4.9464538928151697e+01, + "real_time": 4.9511026006436381e+01, + "cpu_time": 4.9508334940846581e+01, "time_unit": "ns", - "CYCLES": 2.3173240479751749e+02, - "CYCLES/ BYTE": 5.7933101199379378e+00, - "bytes_per_second": 8.0253664291678607e+08 + "CYCLES": 2.3173034660342799e+02, + "CYCLES/ BYTE": 5.7932586650856992e+00, + "bytes_per_second": 8.0026336157305121e+08 }, { "name": "ascon_permutation<16>_max", @@ -1435,12 +1435,12 @@ "aggregate_name": "max", "aggregate_unit": "time", "iterations": 10, - "real_time": 4.9848229732002935e+01, - "cpu_time": 4.9841960928564795e+01, + "real_time": 4.9989530931481532e+01, + "cpu_time": 4.9983545318597763e+01, "time_unit": "ns", - "CYCLES": 2.3175452916506333e+02, - "CYCLES/ BYTE": 5.7938632291265835e+00, - "bytes_per_second": 8.0866012029548800e+08 + "CYCLES": 2.3192581394731485e+02, + "CYCLES/ BYTE": 5.7981453486828718e+00, + "bytes_per_second": 8.0794476420571792e+08 }, { "name": "ascon_xof128/32/64_mean", @@ -1453,12 +1453,12 @@ "aggregate_name": "mean", "aggregate_unit": "time", "iterations": 10, - "real_time": 4.4814578108722242e+02, - "cpu_time": 4.4806971167543668e+02, + "real_time": 4.4823400176606174e+02, + "cpu_time": 4.4819333232381058e+02, "time_unit": "ns", - "CYCLES": 2.0973485490939242e+03, - "CYCLES/ BYTE": 2.1847380719728378e+01, - "bytes_per_second": 2.1425246326733494e+08 + "CYCLES": 2.0973247830065279e+03, + "CYCLES/ BYTE": 2.1847133156317994e+01, + "bytes_per_second": 2.1419331402211428e+08 }, { "name": "ascon_xof128/32/64_median", @@ -1471,12 +1471,12 @@ "aggregate_name": "median", "aggregate_unit": "time", "iterations": 10, - "real_time": 4.4800249366865529e+02, - "cpu_time": 4.4797725126524574e+02, + "real_time": 4.4823707060580119e+02, + "cpu_time": 4.4818410293255084e+02, "time_unit": "ns", - "CYCLES": 2.0974077006059715e+03, - "CYCLES/ BYTE": 2.1847996881312199e+01, - "bytes_per_second": 2.1429659685414988e+08 + "CYCLES": 2.0974529525288517e+03, + "CYCLES/ BYTE": 2.1848468255508873e+01, + "bytes_per_second": 2.1419769160025615e+08 }, { "name": "ascon_xof128/32/64_stddev", @@ -1489,12 +1489,12 @@ "aggregate_name": "stddev", "aggregate_unit": "time", "iterations": 10, - "real_time": 3.1679388419850030e-01, - "cpu_time": 3.0286971853611544e-01, + "real_time": 1.9402200025298783e-01, + "cpu_time": 1.8784440862093718e-01, "time_unit": "ns", - "CYCLES": 3.2669409395189869e-01, - "CYCLES/ BYTE": 3.4030634683547456e-03, - "bytes_per_second": 1.4469716197785098e+05 + "CYCLES": 6.7509460600585358e-01, + "CYCLES/ BYTE": 7.0322355011821873e-03, + "bytes_per_second": 8.9749537318522649e+04 }, { "name": "ascon_xof128/32/64_cv", @@ -1507,12 +1507,12 @@ "aggregate_name": "cv", "aggregate_unit": "percentage", "iterations": 10, - "real_time": 7.0689917782990996e-04, - "cpu_time": 6.7594329775966158e-04, + "real_time": 4.3285872889725586e-04, + "cpu_time": 4.1911468795618627e-04, "time_unit": "ns", - "CYCLES": 1.5576528474155326e-04, - "CYCLES/ BYTE": 1.5576528426960350e-04, - "bytes_per_second": 6.7535821885652777e-04 + "CYCLES": 3.2188367365692464e-04, + "CYCLES/ BYTE": 3.2188367466184128e-04, + "bytes_per_second": 4.1901185257937841e-04 }, { "name": "ascon_xof128/32/64_min", @@ -1525,12 +1525,12 @@ "aggregate_name": "min", "aggregate_unit": "time", "iterations": 10, - "real_time": 4.4784804299779955e+02, - "cpu_time": 4.4781110211242355e+02, + "real_time": 4.4795646921723966e+02, + "cpu_time": 4.4792371237651651e+02, "time_unit": "ns", - "CYCLES": 2.0967185418273893e+03, - "CYCLES/ BYTE": 2.1840818144035307e+01, - "bytes_per_second": 2.1395351963015804e+08 + "CYCLES": 2.0961521628465935e+03, + "CYCLES/ BYTE": 2.1834918362985348e+01, + "bytes_per_second": 2.1400612139502805e+08 }, { "name": "ascon_xof128/32/64_max", @@ -1543,12 +1543,12 @@ "aggregate_name": "max", "aggregate_unit": "time", "iterations": 10, - "real_time": 4.4870196960574151e+02, - "cpu_time": 4.4869558662061962e+02, + "real_time": 4.4860283911794647e+02, + "cpu_time": 4.4858529921579310e+02, "time_unit": "ns", - "CYCLES": 2.0976529509492912e+03, - "CYCLES/ BYTE": 2.1850551572388451e+01, - "bytes_per_second": 2.1437610534251356e+08 + "CYCLES": 2.0981403965487243e+03, + "CYCLES/ BYTE": 2.1855629130715879e+01, + "bytes_per_second": 2.1432221011622655e+08 }, { "name": "ascon_xof128/256/64_mean", @@ -1561,12 +1561,12 @@ "aggregate_name": "mean", "aggregate_unit": "time", "iterations": 10, - "real_time": 1.4107904416551241e+03, - "cpu_time": 1.4104192898204981e+03, + "real_time": 1.4126246415735925e+03, + "cpu_time": 1.4124297893761827e+03, "time_unit": "ns", - "CYCLES": 6.6033994664089323e+03, - "CYCLES/ BYTE": 2.0635623332527913e+01, - "bytes_per_second": 2.2688298672105026e+08 + "CYCLES": 6.6035215375941370e+03, + "CYCLES/ BYTE": 2.0636004804981678e+01, + "bytes_per_second": 2.2656052007473800e+08 }, { "name": "ascon_xof128/256/64_median", @@ -1579,12 +1579,12 @@ "aggregate_name": "median", "aggregate_unit": "time", "iterations": 10, - "real_time": 1.4103642614644207e+03, - "cpu_time": 1.4101519224380249e+03, + "real_time": 1.4118685614680767e+03, + "cpu_time": 1.4117168257420117e+03, "time_unit": "ns", - "CYCLES": 6.6033236431181849e+03, - "CYCLES/ BYTE": 2.0635386384744329e+01, - "bytes_per_second": 2.2692590422155154e+08 + "CYCLES": 6.6034401957230875e+03, + "CYCLES/ BYTE": 2.0635750611634649e+01, + "bytes_per_second": 2.2667435527096993e+08 }, { "name": "ascon_xof128/256/64_stddev", @@ -1597,12 +1597,12 @@ "aggregate_name": "stddev", "aggregate_unit": "time", "iterations": 10, - "real_time": 1.1516103339538504e+00, - "cpu_time": 9.8730836360343210e-01, + "real_time": 2.6054033940943229e+00, + "cpu_time": 2.3969114327289969e+00, "time_unit": "ns", - "CYCLES": 4.9431871933234089e-01, - "CYCLES/ BYTE": 1.5447460109972652e-03, - "bytes_per_second": 1.5868450171470572e+05 + "CYCLES": 8.7832739806446991e-01, + "CYCLES/ BYTE": 2.7447731405815961e-03, + "bytes_per_second": 3.8366524902141799e+05 }, { "name": "ascon_xof128/256/64_cv", @@ -1615,12 +1615,12 @@ "aggregate_name": "cv", "aggregate_unit": "percentage", "iterations": 10, - "real_time": 8.1628730954740069e-04, - "cpu_time": 7.0001053639098018e-04, + "real_time": 1.8443706257254831e-03, + "cpu_time": 1.6970128007478674e-03, "time_unit": "ns", - "CYCLES": 7.4858218383865523e-05, - "CYCLES/ BYTE": 7.4858219017900150e-05, - "bytes_per_second": 6.9941119873305566e-04 + "CYCLES": 1.3300893970953431e-04, + "CYCLES/ BYTE": 1.3300894075770852e-04, + "bytes_per_second": 1.6934338290486540e-03 }, { "name": "ascon_xof128/256/64_min", @@ -1633,12 +1633,12 @@ "aggregate_name": "min", "aggregate_unit": "time", "iterations": 10, - "real_time": 1.4096075891225000e+03, - "cpu_time": 1.4095650125343313e+03, + "real_time": 1.4101773992171945e+03, + "cpu_time": 1.4101793725584937e+03, "time_unit": "ns", - "CYCLES": 6.6026232645705595e+03, - "CYCLES/ BYTE": 2.0633197701783001e+01, - "bytes_per_second": 2.2652987276531455e+08 + "CYCLES": 6.6022622931013648e+03, + "CYCLES/ BYTE": 2.0632069665941767e+01, + "bytes_per_second": 2.2584578335196871e+08 }, { "name": "ascon_xof128/256/64_max", @@ -1651,12 +1651,12 @@ "aggregate_name": "max", "aggregate_unit": "time", "iterations": 10, - "real_time": 1.4126609985356395e+03, - "cpu_time": 1.4126172239169564e+03, + "real_time": 1.4179529821473004e+03, + "cpu_time": 1.4168960573476677e+03, "time_unit": "ns", - "CYCLES": 6.6044722985693716e+03, - "CYCLES/ BYTE": 2.0638975933029286e+01, - "bytes_per_second": 2.2702039079748091e+08 + "CYCLES": 6.6054059240465549e+03, + "CYCLES/ BYTE": 2.0641893512645485e+01, + "bytes_per_second": 2.2692148688816994e+08 }, { "name": "ascon_xof128/2048/64_mean", @@ -1669,12 +1669,12 @@ "aggregate_name": "mean", "aggregate_unit": "time", "iterations": 10, - "real_time": 9.1228308333215500e+03, - "cpu_time": 9.1218257075779220e+03, + "real_time": 9.1555171940919336e+03, + "cpu_time": 9.1541278629689423e+03, "time_unit": "ns", - "CYCLES": 4.2697493093778532e+04, - "CYCLES/ BYTE": 2.0216616048190591e+01, - "bytes_per_second": 2.3153274461918169e+08 + "CYCLES": 4.2702206179445355e+04, + "CYCLES/ BYTE": 2.0218847622843441e+01, + "bytes_per_second": 2.3072028888148856e+08 }, { "name": "ascon_xof128/2048/64_median", @@ -1687,12 +1687,12 @@ "aggregate_name": "median", "aggregate_unit": "time", "iterations": 10, - "real_time": 9.1205782576748861e+03, - "cpu_time": 9.1175891156906200e+03, + "real_time": 9.1378399673296699e+03, + "cpu_time": 9.1356447960848636e+03, "time_unit": "ns", - "CYCLES": 4.2697241130820403e+04, - "CYCLES/ BYTE": 2.0216496747547538e+01, - "bytes_per_second": 2.3164018215718251e+08 + "CYCLES": 4.2697108613376840e+04, + "CYCLES/ BYTE": 2.0216434002545853e+01, + "bytes_per_second": 2.3118237476809612e+08 }, { "name": "ascon_xof128/2048/64_stddev", @@ -1705,12 +1705,12 @@ "aggregate_name": "stddev", "aggregate_unit": "time", "iterations": 10, - "real_time": 7.4829298976683898e+00, - "cpu_time": 7.6671053664548436e+00, + "real_time": 4.5104452996483289e+01, + "cpu_time": 4.3681857201597396e+01, "time_unit": "ns", - "CYCLES": 1.3173827521736767e+00, - "CYCLES/ BYTE": 6.2376075174942899e-04, - "bytes_per_second": 1.9448358687674504e+05 + "CYCLES": 1.4163099204399892e+01, + "CYCLES/ BYTE": 6.7060128892170523e-03, + "bytes_per_second": 1.0944073231764406e+06 }, { "name": "ascon_xof128/2048/64_cv", @@ -1723,12 +1723,12 @@ "aggregate_name": "cv", "aggregate_unit": "percentage", "iterations": 10, - "real_time": 8.2024209747884975e-04, - "cpu_time": 8.4052311590271064e-04, + "real_time": 4.9264778865348259e-03, + "cpu_time": 4.7718207409253007e-03, "time_unit": "ns", - "CYCLES": 3.0853866508749035e-05, - "CYCLES/ BYTE": 3.0853865467027862e-05, - "bytes_per_second": 8.3998307538152316e-04 + "CYCLES": 3.3167136950449364e-04, + "CYCLES/ BYTE": 3.3167136991727147e-04, + "bytes_per_second": 4.7434377292176165e-03 }, { "name": "ascon_xof128/2048/64_min", @@ -1741,12 +1741,12 @@ "aggregate_name": "min", "aggregate_unit": "time", "iterations": 10, - "real_time": 9.1156631665736386e+03, - "cpu_time": 9.1149800443460699e+03, + "real_time": 9.1224770635392269e+03, + "cpu_time": 9.1219884502445984e+03, "time_unit": "ns", - "CYCLES": 4.2695734120255642e+04, - "CYCLES/ BYTE": 2.0215783200878619e+01, - "bytes_per_second": 2.3116937846429026e+08 + "CYCLES": 4.2694434257748777e+04, + "CYCLES/ BYTE": 2.0215167735676506e+01, + "bytes_per_second": 2.2846413659962255e+08 }, { "name": "ascon_xof128/2048/64_max", @@ -1759,12 +1759,12 @@ "aggregate_name": "max", "aggregate_unit": "time", "iterations": 10, - "real_time": 9.1362973126141023e+03, - "cpu_time": 9.1361581452979935e+03, + "real_time": 9.2507321369487854e+03, + "cpu_time": 9.2443393148449595e+03, "time_unit": "ns", - "CYCLES": 4.2699796856658410e+04, - "CYCLES/ BYTE": 2.0217706845008713e+01, - "bytes_per_second": 2.3170648643493763e+08 + "CYCLES": 4.2741110668841764e+04, + "CYCLES/ BYTE": 2.0237268309110682e+01, + "bytes_per_second": 2.3152846679425126e+08 }, { "name": "ascon_xof128/16384/64_mean", @@ -1777,12 +1777,12 @@ "aggregate_name": "mean", "aggregate_unit": "time", "iterations": 10, - "real_time": 7.0821938131091592e+04, - "cpu_time": 7.0812367323232145e+04, + "real_time": 7.0853195643739979e+04, + "cpu_time": 7.0848188601823480e+04, "time_unit": "ns", - "CYCLES": 3.3120493747474754e+05, - "CYCLES/ BYTE": 2.0136486957365488e+01, - "bytes_per_second": 2.3227713147621441e+08 + "CYCLES": 3.3118744989868288e+05, + "CYCLES/ BYTE": 2.0135423753567785e+01, + "bytes_per_second": 2.3215848867666808e+08 }, { "name": "ascon_xof128/16384/64_median", @@ -1795,12 +1795,12 @@ "aggregate_name": "median", "aggregate_unit": "time", "iterations": 10, - "real_time": 7.0746632322558507e+04, - "cpu_time": 7.0725951010100631e+04, + "real_time": 7.0835832574194486e+04, + "cpu_time": 7.0830247720364147e+04, "time_unit": "ns", - "CYCLES": 3.3120889696969697e+05, - "CYCLES/ BYTE": 2.0136727685414456e+01, - "bytes_per_second": 2.3255962121725607e+08 + "CYCLES": 3.3117932725430594e+05, + "CYCLES/ BYTE": 2.0134929915753037e+01, + "bytes_per_second": 2.3221717730219623e+08 }, { "name": "ascon_xof128/16384/64_stddev", @@ -1813,12 +1813,12 @@ "aggregate_name": "stddev", "aggregate_unit": "time", "iterations": 10, - "real_time": 1.7623068429838827e+02, - "cpu_time": 1.7833775627586857e+02, + "real_time": 5.4875638906096356e+01, + "cpu_time": 5.3369256873020262e+01, "time_unit": "ns", - "CYCLES": 1.4133918159908747e+01, - "CYCLES/ BYTE": 8.5930923960740536e-04, - "bytes_per_second": 5.8288259976697806e+05 + "CYCLES": 2.2991375471748082e+01, + "CYCLES/ BYTE": 1.3978219430610473e-03, + "bytes_per_second": 1.7470068546580526e+05 }, { "name": "ascon_xof128/16384/64_cv", @@ -1831,12 +1831,12 @@ "aggregate_name": "cv", "aggregate_unit": "percentage", "iterations": 10, - "real_time": 2.4883629133699335e-03, - "cpu_time": 2.5184549396833887e-03, + "real_time": 7.7449772600263406e-04, + "cpu_time": 7.5329035118967976e-04, "time_unit": "ns", - "CYCLES": 4.2674237490757141e-05, - "CYCLES/ BYTE": 4.2674238134328031e-05, - "bytes_per_second": 2.5094274070913704e-03 + "CYCLES": 6.9421034760772546e-05, + "CYCLES/ BYTE": 6.9421034300972583e-05, + "bytes_per_second": 7.5250612829890753e-04 }, { "name": "ascon_xof128/16384/64_min", @@ -1849,12 +1849,12 @@ "aggregate_name": "min", "aggregate_unit": "time", "iterations": 10, - "real_time": 7.0700268685932955e+04, - "cpu_time": 7.0697314646465151e+04, + "real_time": 7.0808127659008867e+04, + "cpu_time": 7.0803884498479645e+04, "time_unit": "ns", - "CYCLES": 3.3118171010101010e+05, - "CYCLES/ BYTE": 2.0135074787269584e+01, - "bytes_per_second": 2.3098165380093479e+08 + "CYCLES": 3.3117259422492399e+05, + "CYCLES/ BYTE": 2.0134520563285751e+01, + "bytes_per_second": 2.3174220211432609e+08 }, { "name": "ascon_xof128/16384/64_max", @@ -1867,12 +1867,12 @@ "aggregate_name": "max", "aggregate_unit": "time", "iterations": 10, - "real_time": 7.1210179797190271e+04, - "cpu_time": 7.1209118686868780e+04, + "real_time": 7.0986820668320142e+04, + "cpu_time": 7.0975419452886941e+04, "time_unit": "ns", - "CYCLES": 3.3122249545454548e+05, - "CYCLES/ BYTE": 2.0137554441545809e+01, - "bytes_per_second": 2.3265381552681643e+08 + "CYCLES": 3.3124955673758866e+05, + "CYCLES/ BYTE": 2.0139199704376743e+01, + "bytes_per_second": 2.3230363865633932e+08 }, { "name": "ascon_xof128/32/512_mean", @@ -1885,12 +1885,12 @@ "aggregate_name": "mean", "aggregate_unit": "time", "iterations": 10, - "real_time": 2.3894971945116599e+03, - "cpu_time": 2.3892993523205782e+03, + "real_time": 2.3894631899052547e+03, + "cpu_time": 2.3892488021598811e+03, "time_unit": "ns", - "CYCLES": 1.1173532205007587e+04, - "CYCLES/ BYTE": 2.0539581259205121e+01, - "bytes_per_second": 2.2768394811480433e+08 + "CYCLES": 1.1174410932640716e+04, + "CYCLES/ BYTE": 2.0541196567354259e+01, + "bytes_per_second": 2.2768675183900091e+08 }, { "name": "ascon_xof128/32/512_median", @@ -1903,12 +1903,12 @@ "aggregate_name": "median", "aggregate_unit": "time", "iterations": 10, - "real_time": 2.3871354246227120e+03, - "cpu_time": 2.3866247038570846e+03, + "real_time": 2.3892645500770400e+03, + "cpu_time": 2.3891117955640684e+03, "time_unit": "ns", - "CYCLES": 1.1174962766954714e+04, - "CYCLES/ BYTE": 2.0542210968666751e+01, - "bytes_per_second": 2.2793696923857671e+08 + "CYCLES": 1.1175961168449472e+04, + "CYCLES/ BYTE": 2.0544046265532117e+01, + "bytes_per_second": 2.2769968601628709e+08 }, { "name": "ascon_xof128/32/512_stddev", @@ -1921,12 +1921,12 @@ "aggregate_name": "stddev", "aggregate_unit": "time", "iterations": 10, - "real_time": 7.7481075601520839e+00, - "cpu_time": 7.7483193429569059e+00, + "real_time": 1.8733328437223022e+00, + "cpu_time": 1.8679940235865875e+00, "time_unit": "ns", - "CYCLES": 3.9834699371555553e+00, - "CYCLES/ BYTE": 7.3225550378333238e-03, - "bytes_per_second": 7.3274286831511825e+05 + "CYCLES": 5.3365006026376651e+00, + "CYCLES/ BYTE": 9.8097437575109057e-03, + "bytes_per_second": 1.7790869188684653e+05 }, { "name": "ascon_xof128/32/512_cv", @@ -1939,12 +1939,12 @@ "aggregate_name": "cv", "aggregate_unit": "percentage", "iterations": 10, - "real_time": 3.2425681762457814e-03, - "cpu_time": 3.2429253100627357e-03, + "real_time": 7.8399736461166511e-04, + "cpu_time": 7.8183319455802204e-04, "time_unit": "ns", - "CYCLES": 3.5650946039877197e-04, - "CYCLES/ BYTE": 3.5650946070536912e-04, - "bytes_per_second": 3.2182456180250779e-03 + "CYCLES": 4.7756437764872434e-04, + "CYCLES/ BYTE": 4.7756437777833003e-04, + "bytes_per_second": 7.8137480749273971e-04 }, { "name": "ascon_xof128/32/512_min", @@ -1957,12 +1957,12 @@ "aggregate_name": "min", "aggregate_unit": "time", "iterations": 10, - "real_time": 2.3843334868413594e+03, - "cpu_time": 2.3841353650014644e+03, + "real_time": 2.3869285568079863e+03, + "cpu_time": 2.3868845049724864e+03, "time_unit": "ns", - "CYCLES": 1.1164675086499292e+04, - "CYCLES/ BYTE": 2.0523299791358994e+01, - "bytes_per_second": 2.2563602046565196e+08 + "CYCLES": 1.1165544205597895e+04, + "CYCLES/ BYTE": 2.0524897436760835e+01, + "bytes_per_second": 2.2730499823316175e+08 }, { "name": "ascon_xof128/32/512_max", @@ -1975,12 +1975,12 @@ "aggregate_name": "max", "aggregate_unit": "time", "iterations": 10, - "real_time": 2.4111676295010357e+03, - "cpu_time": 2.4109625709464763e+03, + "real_time": 2.3935020163132886e+03, + "cpu_time": 2.3932601756604718e+03, "time_unit": "ns", - "CYCLES": 1.1177757648582776e+04, - "CYCLES/ BYTE": 2.0547348618718338e+01, - "bytes_per_second": 2.2817496354686463e+08 + "CYCLES": 1.1182513037831926e+04, + "CYCLES/ BYTE": 2.0556090143073394e+01, + "bytes_per_second": 2.2791215865983877e+08 }, { "name": "ascon_xof128/256/512_mean", @@ -1993,12 +1993,12 @@ "aggregate_name": "mean", "aggregate_unit": "time", "iterations": 10, - "real_time": 3.3494726008086573e+03, - "cpu_time": 3.3490487917035971e+03, + "real_time": 3.3571831157433612e+03, + "cpu_time": 3.3569937642239374e+03, "time_unit": "ns", - "CYCLES": 1.5677989507340792e+04, - "CYCLES/ BYTE": 2.0414048837683325e+01, - "bytes_per_second": 2.2931896947644168e+08 + "CYCLES": 1.5677591878877894e+04, + "CYCLES/ BYTE": 2.0413531092288927e+01, + "bytes_per_second": 2.2878006065955079e+08 }, { "name": "ascon_xof128/256/512_median", @@ -2011,12 +2011,12 @@ "aggregate_name": "median", "aggregate_unit": "time", "iterations": 10, - "real_time": 3.3484427228064669e+03, - "cpu_time": 3.3481453069240051e+03, + "real_time": 3.3502014110115351e+03, + "cpu_time": 3.3499148240423065e+03, "time_unit": "ns", - "CYCLES": 1.5678699063540345e+04, - "CYCLES/ BYTE": 2.0414972738984822e+01, - "bytes_per_second": 2.2938072572869420e+08 + "CYCLES": 1.5677010229259995e+04, + "CYCLES/ BYTE": 2.0412773736015620e+01, + "bytes_per_second": 2.2925956197424400e+08 }, { "name": "ascon_xof128/256/512_stddev", @@ -2029,12 +2029,12 @@ "aggregate_name": "stddev", "aggregate_unit": "time", "iterations": 10, - "real_time": 2.6597177616155245e+00, - "cpu_time": 2.6041759910196669e+00, + "real_time": 1.4696009666947145e+01, + "cpu_time": 1.4736846695257459e+01, "time_unit": "ns", - "CYCLES": 2.1621005701262734e+00, - "CYCLES/ BYTE": 2.8152351111200178e-03, - "bytes_per_second": 1.7819237594365378e+05 + "CYCLES": 5.2693167327734880e+00, + "CYCLES/ BYTE": 6.8610894835248902e-03, + "bytes_per_second": 9.9802986436278548e+05 }, { "name": "ascon_xof128/256/512_cv", @@ -2047,12 +2047,12 @@ "aggregate_name": "cv", "aggregate_unit": "percentage", "iterations": 10, - "real_time": 7.9407061307902431e-04, - "cpu_time": 7.7758675761035187e-04, + "real_time": 4.3774822999766861e-03, + "cpu_time": 4.3898939736828164e-03, "time_unit": "ns", - "CYCLES": 1.3790674940265325e-04, - "CYCLES/ BYTE": 1.3790674909737813e-04, - "bytes_per_second": 7.7705030835645620e-04 + "CYCLES": 3.3610498177801993e-04, + "CYCLES/ BYTE": 3.3610498117675583e-04, + "bytes_per_second": 4.3623988099555609e-03 }, { "name": "ascon_xof128/256/512_min", @@ -2065,12 +2065,12 @@ "aggregate_name": "min", "aggregate_unit": "time", "iterations": 10, - "real_time": 3.3461549347041496e+03, - "cpu_time": 3.3460142265226591e+03, + "real_time": 3.3485734853475524e+03, + "cpu_time": 3.3484440984117223e+03, "time_unit": "ns", - "CYCLES": 1.5674545014729481e+04, - "CYCLES/ BYTE": 2.0409563821262346e+01, - "bytes_per_second": 2.2895951382843912e+08 + "CYCLES": 1.5670885346046043e+04, + "CYCLES/ BYTE": 2.0404798627664118e+01, + "bytes_per_second": 2.2664764337805933e+08 }, { "name": "ascon_xof128/256/512_max", @@ -2083,12 +2083,12 @@ "aggregate_name": "max", "aggregate_unit": "time", "iterations": 10, - "real_time": 3.3544787201339218e+03, - "cpu_time": 3.3543048164203719e+03, + "real_time": 3.3885018805521004e+03, + "cpu_time": 3.3885196799462792e+03, "time_unit": "ns", - "CYCLES": 1.5681720834431058e+04, - "CYCLES/ BYTE": 2.0418907336498773e+01, - "bytes_per_second": 2.2952681847923371e+08 + "CYCLES": 1.5689511846297582e+04, + "CYCLES/ BYTE": 2.0429051883199978e+01, + "bytes_per_second": 2.2936025731004077e+08 }, { "name": "ascon_xof128/2048/512_mean", @@ -2101,12 +2101,12 @@ "aggregate_name": "mean", "aggregate_unit": "time", "iterations": 10, - "real_time": 1.1062652174091865e+04, - "cpu_time": 1.1061733793702115e+04, + "real_time": 1.1067238907318726e+04, + "cpu_time": 1.1065653939681015e+04, "time_unit": "ns", - "CYCLES": 5.1770161999842159e+04, - "CYCLES/ BYTE": 2.0222719531188346e+01, - "bytes_per_second": 2.3142890211611563e+08 + "CYCLES": 5.1789278706774043e+04, + "CYCLES/ BYTE": 2.0230186994833609e+01, + "bytes_per_second": 2.3134676514428455e+08 }, { "name": "ascon_xof128/2048/512_median", @@ -2119,12 +2119,12 @@ "aggregate_name": "median", "aggregate_unit": "time", "iterations": 10, - "real_time": 1.1056980032771075e+04, - "cpu_time": 1.1055551969063188e+04, + "real_time": 1.1061055581827710e+04, + "cpu_time": 1.1059286672982704e+04, "time_unit": "ns", - "CYCLES": 5.1769685936390182e+04, - "CYCLES/ BYTE": 2.0222533568902413e+01, - "bytes_per_second": 2.3155786415614092e+08 + "CYCLES": 5.1789369532606979e+04, + "CYCLES/ BYTE": 2.0230222473674601e+01, + "bytes_per_second": 2.3147966738432199e+08 }, { "name": "ascon_xof128/2048/512_stddev", @@ -2137,12 +2137,12 @@ "aggregate_name": "stddev", "aggregate_unit": "time", "iterations": 10, - "real_time": 1.5981077165793195e+01, - "cpu_time": 1.6162585196700743e+01, + "real_time": 1.2782490150389801e+01, + "cpu_time": 1.3139337662730682e+01, "time_unit": "ns", - "CYCLES": 3.3913052721741721e+00, - "CYCLES/ BYTE": 1.3247285904760822e-03, - "bytes_per_second": 3.3736212971951801e+05 + "CYCLES": 4.5606639773509556e+00, + "CYCLES/ BYTE": 1.7815094001873289e-03, + "bytes_per_second": 2.7425292185620678e+05 }, { "name": "ascon_xof128/2048/512_cv", @@ -2155,12 +2155,12 @@ "aggregate_name": "cv", "aggregate_unit": "percentage", "iterations": 10, - "real_time": 1.4445972732668952e-03, - "cpu_time": 1.4611258504433318e-03, + "real_time": 1.1549845681868114e-03, + "cpu_time": 1.1873982083981064e-03, "time_unit": "ns", - "CYCLES": 6.5506947267897510e-05, - "CYCLES/ BYTE": 6.5506945711877617e-05, - "bytes_per_second": 1.4577355145998668e-03 + "CYCLES": 8.8061932724975769e-05, + "CYCLES/ BYTE": 8.8061934407343407e-05, + "bytes_per_second": 1.1854625314737504e-03 }, { "name": "ascon_xof128/2048/512_min", @@ -2173,12 +2173,12 @@ "aggregate_name": "min", "aggregate_unit": "time", "iterations": 10, - "real_time": 1.1050293268090130e+04, - "cpu_time": 1.1050118854076263e+04, + "real_time": 1.1058679614450832e+04, + "cpu_time": 1.1056474024948684e+04, "time_unit": "ns", - "CYCLES": 5.1765425617551889e+04, - "CYCLES/ BYTE": 2.0220869381856208e+01, - "bytes_per_second": 2.3062339946866396e+08 + "CYCLES": 5.1782814937628296e+04, + "CYCLES/ BYTE": 2.0227662085011055e+01, + "bytes_per_second": 2.3079522123686859e+08 }, { "name": "ascon_xof128/2048/512_max", @@ -2191,12 +2191,12 @@ "aggregate_name": "max", "aggregate_unit": "time", "iterations": 10, - "real_time": 1.1100500435078880e+04, - "cpu_time": 1.1100348038828733e+04, + "real_time": 1.1093079898864105e+04, + "cpu_time": 1.1092084083372913e+04, "time_unit": "ns", - "CYCLES": 5.1776968747533741e+04, - "CYCLES/ BYTE": 2.0225378417005366e+01, - "bytes_per_second": 2.3167171627802402e+08 + "CYCLES": 5.1797216011369019e+04, + "CYCLES/ BYTE": 2.0233287504441023e+01, + "bytes_per_second": 2.3153855326964253e+08 }, { "name": "ascon_xof128/16384/512_mean", @@ -2209,12 +2209,12 @@ "aggregate_name": "mean", "aggregate_unit": "time", "iterations": 10, - "real_time": 7.2715338346910401e+04, - "cpu_time": 7.2709382810867362e+04, + "real_time": 7.2988252650663868e+04, + "cpu_time": 7.2980496257796462e+04, "time_unit": "ns", - "CYCLES": 3.4028444655172416e+05, - "CYCLES/ BYTE": 2.0139941202161701e+01, - "bytes_per_second": 2.3237735488581654e+08 + "CYCLES": 3.4028660051975056e+05, + "CYCLES/ BYTE": 2.0140068686064780e+01, + "bytes_per_second": 2.3154279340533134e+08 }, { "name": "ascon_xof128/16384/512_median", @@ -2227,12 +2227,12 @@ "aggregate_name": "median", "aggregate_unit": "time", "iterations": 10, - "real_time": 7.2693700362876392e+04, - "cpu_time": 7.2691767763846321e+04, + "real_time": 7.2715676714912275e+04, + "cpu_time": 7.2701204781705368e+04, "time_unit": "ns", - "CYCLES": 3.4028160292580980e+05, - "CYCLES/ BYTE": 2.0139772900438555e+01, - "bytes_per_second": 2.3243347733050644e+08 + "CYCLES": 3.4027956211018714e+05, + "CYCLES/ BYTE": 2.0139652113529067e+01, + "bytes_per_second": 2.3240330160305279e+08 }, { "name": "ascon_xof128/16384/512_stddev", @@ -2245,12 +2245,12 @@ "aggregate_name": "stddev", "aggregate_unit": "time", "iterations": 10, - "real_time": 7.0426429931192303e+01, - "cpu_time": 6.9928429633565855e+01, + "real_time": 8.7188306667488700e+02, + "cpu_time": 8.7207738404982570e+02, "time_unit": "ns", - "CYCLES": 1.3594711562016574e+01, - "CYCLES/ BYTE": 8.0461131037722110e-04, - "bytes_per_second": 2.2329140476068488e+05 + "CYCLES": 3.0606480126033688e+01, + "CYCLES/ BYTE": 1.8114631069698097e-03, + "bytes_per_second": 2.6857567176512638e+06 }, { "name": "ascon_xof128/16384/512_cv", @@ -2263,12 +2263,12 @@ "aggregate_name": "cv", "aggregate_unit": "percentage", "iterations": 10, - "real_time": 9.6852234387196029e-04, - "cpu_time": 9.6175248544558061e-04, + "real_time": 1.1945525958100283e-02, + "cpu_time": 1.1949458126035451e-02, "time_unit": "ns", - "CYCLES": 3.9951022445423881e-05, - "CYCLES/ BYTE": 3.9951025790028571e-05, - "bytes_per_second": 9.6090001915377578e-04 + "CYCLES": 8.9943242194331596e-05, + "CYCLES/ BYTE": 8.9943243749868071e-05, + "bytes_per_second": 1.1599396716915584e-02 }, { "name": "ascon_xof128/16384/512_min", @@ -2281,12 +2281,12 @@ "aggregate_name": "min", "aggregate_unit": "time", "iterations": 10, - "real_time": 7.2644218388429581e+04, - "cpu_time": 7.2637842737720697e+04, + "real_time": 7.2681268190428003e+04, + "cpu_time": 7.2674444386694784e+04, "time_unit": "ns", - "CYCLES": 3.4026728840125393e+05, - "CYCLES/ BYTE": 2.0138925686627243e+01, - "bytes_per_second": 2.3190371450673521e+08 + "CYCLES": 3.4025971517671517e+05, + "CYCLES/ BYTE": 2.0138477460743086e+01, + "bytes_per_second": 2.2390257093435729e+08 }, { "name": "ascon_xof128/16384/512_max", @@ -2299,12 +2299,12 @@ "aggregate_name": "max", "aggregate_unit": "time", "iterations": 10, - "real_time": 7.2860810866159969e+04, - "cpu_time": 7.2857823928944825e+04, + "real_time": 7.5468610706737309e+04, + "cpu_time": 7.5461393451143042e+04, "time_unit": "ns", - "CYCLES": 3.4031021159874607e+05, - "CYCLES/ BYTE": 2.0141466122084879e+01, - "bytes_per_second": 2.3260602687510625e+08 + "CYCLES": 3.4037035187110188e+05, + "CYCLES/ BYTE": 2.0145025560552906e+01, + "bytes_per_second": 2.3248887752203184e+08 } ] } From 19e27bcb42b26dfb189abcd321e03554eaf08fc7 Mon Sep 17 00:00:00 2001 From: Anjan Roy Date: Sat, 19 Apr 2025 16:30:11 +0400 Subject: [PATCH 27/27] Update project documentation Signed-off-by: Anjan Roy --- README.md | 77 ++++++++++++++++++++++++++++++++++++++----------------- 1 file changed, 54 insertions(+), 23 deletions(-) diff --git a/README.md b/README.md index 872e46f..1fa1e14 100644 --- a/README.md +++ b/README.md @@ -50,23 +50,44 @@ make release_ubsan_test -j # Run release tests with UndefinedBehaviorSanitizer Test results (pass/fail) are printed to the console. ```bash -PASSED TESTS (16/16): - 1 ms: build/test/test.out AsconCXOF128.CompileTimeComputeXofOutput - 1 ms: build/test/test.out AsconAEAD128.CompileTimeEncryptAndThenDecrypt +PASSED TESTS (37/37): + 1 ms: build/test/test.out AsconAEAD128.ValidEncryptionSequence + 1 ms: build/test/test.out AsconAEAD128.FinalizeDataCalledTwice + 1 ms: build/test/test.out AsconAEAD128.DecryptCiphertextAfterFinalizeDecrypt 1 ms: build/test/test.out AsconXof128.CompileTimeComputeXofOutput - 2 ms: build/test/test.out AsconHash256.CompileTimeComputeMessageDigest + 1 ms: build/test/test.out AsconAEAD128.AbsorbDataAfterFinalizeData + 1 ms: build/test/test.out AsconAEAD128.DecryptCiphertextBeforeFinalizeData + 1 ms: build/test/test.out AsconAEAD128.FinalizeDecryptBeforeFinalizeData + 1 ms: build/test/test.out AsconAEAD128.EncryptPlaintextAfterFinalizeEncrypt + 1 ms: build/test/test.out AsconAEAD128.FinalizeDecryptCalledTwice + 1 ms: build/test/test.out AsconAEAD128.AbsorbDataAfterEncrypt + 1 ms: build/test/test.out AsconAEAD128.AbsorbDataAfterDecrypt + 1 ms: build/test/test.out AsconHash256.CompileTimeComputeMessageDigest + 2 ms: build/test/test.out AsconAEAD128.MultipleDecryptCiphertextCalls + 2 ms: build/test/test.out AsconAEAD128.MultipleAbsorbDataCalls + 2 ms: build/test/test.out AsconAEAD128.MultipleEncryptPlaintextCalls + 2 ms: build/test/test.out AsconAEAD128.FinalizeDataWithoutAbsorb + 2 ms: build/test/test.out AsconAEAD128.EncryptPlaintextBeforeFinalizeData + 2 ms: build/test/test.out AsconCXOF128.CompileTimeComputeXofOutput + 2 ms: build/test/test.out AsconAEAD128.CompileTimeEncryptAndThenDecrypt + 2 ms: build/test/test.out AsconAEAD128.FinalizeEncryptBeforeFinalizeData + 2 ms: build/test/test.out AsconAEAD128.FinalizeEncryptCalledTwice + 3 ms: build/test/test.out AsconAEAD128.ValidDecryptionSequence 4 ms: build/test/test.out AsconAEAD128.KnownAnswerTests - 6 ms: build/test/test.out AsconHash256.ForSameMessageOneshotHashingAndIncrementalHashingProducesSameDigest - 7 ms: build/test/test.out AsconXof128.KnownAnswerTests - 8 ms: build/test/test.out AsconHash256.KnownAnswerTests - 449 ms: build/test/test.out AsconAEAD128.DecryptionFailureDueToBitFlippingInAssociatedData - 451 ms: build/test/test.out AsconAEAD128.DecryptionFailureDueToBitFlippingInCipherText - 452 ms: build/test/test.out AsconAEAD128.DecryptionFailureDueToBitFlippingInNonce - 452 ms: build/test/test.out AsconAEAD128.DecryptionFailureDueToBitFlippingInKey - 453 ms: build/test/test.out AsconAEAD128.DecryptionFailureDueToBitFlippingInTag - 457 ms: build/test/test.out AsconAEAD128.EncryptThenDecrypt - 638 ms: build/test/test.out AsconXof128.ForSameMessageOneshotHashingAndIncrementalHashingProducesSameOutput - 3126 ms: build/test/test.out AsconCXOF128.ForSameMessageOneshotHashingAndIncrementalHashingProducesSameOutput + 4 ms: build/test/test.out AsconCXOF128.KnownAnswerTests + 7 ms: build/test/test.out AsconHash256.ForSameMessageOneshotHashingAndIncrementalHashingProducesSameDigest + 9 ms: build/test/test.out AsconHash256.KnownAnswerTests + 10 ms: build/test/test.out AsconXof128.KnownAnswerTests + 557 ms: build/test/test.out AsconAEAD128.DecryptionFailureDueToBitFlippingInCipherText + 557 ms: build/test/test.out AsconAEAD128.DecryptionFailureDueToBitFlippingInNonce + 558 ms: build/test/test.out AsconAEAD128.DecryptionFailureDueToBitFlippingInTag + 558 ms: build/test/test.out AsconAEAD128.DecryptionFailureDueToBitFlippingInKey + 559 ms: build/test/test.out AsconAEAD128.DecryptionFailureDueToBitFlippingInAssociatedData + 565 ms: build/test/test.out AsconAEAD128.ForSameCiphertextOneshotDecryptionAndIncrementalDecryptionProducesSamePlaintext + 566 ms: build/test/test.out AsconAEAD128.EncryptThenDecrypt + 566 ms: build/test/test.out AsconAEAD128.ForSamePlaintextOneshotEncryptionAndIncrementalEncryptionProducesSameTag + 737 ms: build/test/test.out AsconXof128.ForSameMessageOneshotHashingAndIncrementalHashingProducesSameOutput + 3203 ms: build/test/test.out AsconCXOF128.ForSameMessageOneshotHashingAndIncrementalHashingProducesSameOutput ``` > [!NOTE] @@ -93,7 +114,7 @@ make perf -j # Run benchmarks with CPU cycle counting (requires libPFM) ### On 12th Gen Intel(R) Core(TM) i7-1260P -JSON benchmark result lives in [bench_result_on_Linux_6.11.0-9-generic_x86_64_with_g++_14](./bench_result_on_Linux_6.11.0-9-generic_x86_64_with_g++_14.json). +JSON benchmark result lives in [bench_result_on_Linux_6.14.0-15-generic_x86_64_with_g++_14](./bench_result_on_Linux_6.14.0-15-generic_x86_64_with_g++_14.json). ### On ARM Cortex-A72 ( i.e. Raspberry Pi 4B ) @@ -108,7 +129,7 @@ This section demonstrates how to use the Ascon header-only library for authentic Ascon-AEAD128 provides authenticated encryption with associated data. The associated data is authenticated but not encrypted. ```cpp -#include +#include "ascon/aead/ascon_aead128.hpp" #include #include @@ -122,15 +143,25 @@ int main() { std::array tag{}; // Encryption - ascon_aead128::encrypt(key, nonce, ad, plaintext, ciphertext, tag); + ascon_aead128::ascon_aead128_t enc_handle(key, nonce); + + assert(enc_handle.absorb_data(ad) == ascon_aead128::ascon_aead128_status_t::absorbed_data); + assert(enc_handle.finalize_data() == ascon_aead128::ascon_aead128_status_t::finalized_data_absorption_phase); + assert(enc_handle.encrypt_plaintext(plaintext, ciphertext) == ascon_aead128::ascon_aead128_status_t::encrypted_plaintext); + assert(enc_handle.finalize_encrypt(tag) == ascon_aead128::ascon_aead128_status_t::finalized_encryption_phase); // Decryption std::array decrypted_plaintext{}; - bool success = ascon_aead128::decrypt(key, nonce, ad, ciphertext, decrypted_plaintext, tag); + + ascon_aead128::ascon_aead128_t dec_handle(key, nonce); + + assert(dec_handle.absorb_data(ad) == ascon_aead128::ascon_aead128_status_t::absorbed_data); + assert(dec_handle.finalize_data() == ascon_aead128::ascon_aead128_status_t::finalized_data_absorption_phase); + assert(dec_handle.decrypt_ciphertext(ciphertext, decrypted_plaintext) == ascon_aead128::ascon_aead128_status_t::decrypted_ciphertext); + const bool success = dec_handle.finalize_decrypt(tag) == ascon_aead128::ascon_aead128_status_t::decryption_success_as_tag_matches; if (success) { std::cout << "Decryption successful!" << std::endl; - // Check decrypted_plaintext } else { std::cout << "Decryption failed!" << std::endl; } @@ -144,7 +175,7 @@ int main() { Ascon-Hash256 computes a 256-bit (32-byte) hash. ```cpp -#include +#include "ascon/hashes/ascon_hash256.hpp" #include #include @@ -167,8 +198,8 @@ int main() { Ascon-XOF128 and Ascon-CXOF128 are extendable output functions. XOF128 produces a variable-length output, while CXOF128 allows for customization with an application-specific string. ```cpp -#include -#include +#include "ascon/hashes/ascon_xof128.hpp" +#include "ascon/hashes/ascon_cxof128.hpp" #include #include