RustCrypto: AEAD-STREAM

Generic pure-Rust implementation of the STREAM online authenticated encryption construction as described in the paper Online Authenticated-Encryption and its Nonce-Reuse Misuse-Resistance.

About

The STREAM construction supports encrypting/decrypting sequences of AEAD message segments, which is useful in cases where the overall message is too large to fit in a single buffer and needs to be processed incrementally.

STREAM defends against reordering and truncation attacks which are common in naive schemes which attempt to provide these properties, and is proven to meet the security definition of "nonce-based online authenticated encryption" (nOAE) as given in the aforementioned paper.

Diagram

Legend:

• 𝐄k: AEAD encryption under key k
• 𝐌: message
• 𝐍: nonce
• 𝐀: additional associated data
• 𝐂: ciphertext
• 𝜏: MAC tag

License

Licensed under either of:

• Apache License, Version 2.0
• MIT license

at your option.

Contribution

Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.