TIMECOP
/ crypto_encrypt

Primitives for crypto_encrypt

This page lists all primitives grouped under operation crypto_encrypt.

For each primitive, all listed implementations were checked across a number of compilers, compiler options, and hosts.

The progress bar shows the relative number of successes, fails, and errors:

  • Success. The constant-time checker didn't find any cases where the execution time of the tested code depends on secret data.
  • Fail. The execution time of the tested code depends on secret data.
  • Error.

Errors can have multiple causes:
  • The constant-time checker encountered an error and couldn't be completed.
  • Valgrind found memory issues, but none of them are related to constant-time checks.
  • The constant-time checker timed out after 6 minutes.
  • The tested code produced invalid results. More details can be found near the start of the output file. Example:
    crypto_aead_decrypt returns nonzero 

The absolute number of successes, fails, and errors is shown to the left of the progress bar.

The following code was used to flag secret data, and test implementations:

1void timecop_doit(void)
2{
3 crypto_encrypt(c,&clen,m,mlen,p);
4 poison(s, slen);
5 crypto_encrypt_open(t,&tlen,c,clen,s);
6}

Click an implementation to see all checked compiler options.

3hfe
Description
3-variable multivariate hidden field equations with a prefix
Designers
Jintai Ding
Bo-Yin Yang
Implementations:
4hfe
Description
4-variable multivariate hidden field equations with a prefix
Designers
Jintai Ding
Bo-Yin Yang
Implementations:
cargocult2048
Description
Based on rsa2048 but sends along a random 12-byte nonce for AES-256-GCM instead of using nonce 0.
Implementations:
mcnie3q1281
Implementations:
mcnie3q1282
Implementations:
mcnie3q1921
Implementations:
mcnie3q1922
Implementations:
mcnie3q2561
Implementations:
mcnie3q2562
Implementations:
mcnie4q1281
Implementations:
mcnie4q1282
Implementations:
mcnie4q1921
Implementations:
mcnie4q1922
Implementations:
mcnie4q2561
Implementations:
mcnie4q2562
Implementations:
ntruees401ep2
Description
CCA-2 secure product-form NTRU public-key encryption with 112-bit equivalent security.
Relevant parameters: N=401, q=2048, maximum message length = 60 bytes.
Hybrid encryption with Salsa20 and SHA-1.
Designers
eBATS package created by Virendra Kumar (Security Innovation)

Implementations:
ntruees439ep1
Description
CCA-2 secure product-form NTRU public-key encryption with 128-bit equivalent security.
Relevant parameters: N=439, q=2048, maximum message length = 65 bytes.
Hybrid encryption with Salsa20 and SHA-256.
Designers
eBATS package created by Virendra Kumar (Security Innovation)

Implementations:
ntruees593ep1
Description
CCA-2 secure product-form NTRU public-key encryption with 192-bit equivalent security.
Relevant parameters: N=593, q=2048, maximum message length = 86 bytes.
Hybrid encryption with Salsa20 and SHA-256.
Designers
eBATS package created by Virendra Kumar (Security Innovation)

Implementations:
ntruees743ep1
Description
CCA-2 secure product-form NTRU public-key encryption with 256-bit equivalent security.
Relevant parameters: N=743, q=2048, maximum message length = 106 bytes.
Hybrid encryption with Salsa20 and SHA-256.
Designers
eBATS package created by Virendra Kumar (Security Innovation)

Implementations:
ntruees787ep1
Description
NTRU encryption with N=787 and q=587
Designers
Mark Etzel (NTRU Cryptosystems)
Implementations:
pqrsa15
Implementations:
rsa2048
Implementations: