EDGE Toolkit

Multi-purpose cross-platform hybrid cryptography tool for symmetric and asymmetric encryption, cipher-based message authentication code (CMAC/PMAC/GMAC/VMAC), recursive hash digest, hash-based message authentication code (HMAC), HMAC-based key derivation function (HKDF), password-based key derivation function (PBKDF2/Argon2/Scrypt), password-hashing scheme (Bcrypt/Argon2/Makwa), shared key agreement (ECDH/VKO/X25519), digital signature (RSA/ECDSA/EdDSA/GOST/SPHINCS+), X.509 CSRs, CRLs and Certificates, and TCP instant server with TLS 1.3 and TLCP encryption layers for small or embedded systems.

Fully OpenSSL/LibreSSL/GmSSL/RHash/Mcrypt compliant

Implements

1. Anubis Involutional SPN 128-bit block cipher (Barreto, ESAT/COSIC)
2. BSI TR-03111 ECKA-EG (Elliptic Curve Key Agreement based on ElGamal)
3. CHASKEY Message Authentication Code (Nicky Mouha, ESAT/COSIC)
4. CubeHash and SipHash64/128 (Daniel J. Bernstein & JP Aumasson)
5. DSTU 7564:2014 A New Standard of Ukraine: The Kupyna Hash Function
6. DSTU 7624:2014 A Encryption Standard of Ukraine: Kalyna Block Cipher
7. GB/T 32907-2016 - SM4 128-bit Block Cipher
8. GB/T 32918.4-2016 SM2 Elliptic Curve Asymmetric Encryption
9. GB/T 38636-2020 - Transport Layer Cryptography Protocol (TLCP)
10. GM/T 0001-2012 ZUC Zu Chongzhi Stream cipher 128/256-bit key
11. GM/T 0002-2012 SM4 Block cipher with 128-bit key
12. GM/T 0003-2012 SM2 Public key algorithm 256-bit
13. GM/T 0004-2012 SM3 Message digest algorithm 256-bit hash value
14. GM/T 0044-2016 SM9 Public key algorithm 256-bit
15. GM/T 0086-2020 Specification of key management system based on SM9
16. GOST 28147-89 64-bit block cipher (RFC 5830)
17. GOST R 34.10-2012 VKO key agreement function (RFC 7836)
18. GOST R 34.10-2012 public key signature function (RFC 7091)
19. GOST R 34.11-2012 Streebog hash function (RFC 6986)
20. GOST R 34.11-94 CryptoPro hash function (RFC 5831)
21. GOST R 34.12-2015 128-bit block cipher Kuznechik (RFC 7801)
22. GOST R 34.12-2015 64-bit block cipher Magma (RFC 8891)
23. GOST R 50.1.114-2016 GOST R 34.10-2012 and GOST R 34.11-2012
24. HC-128 Stream Cipher simplified version of HC-256 (Wu, ESAT/COSIC)
25. IGE (Infinite Garble Extension) Mode of Operation for Block ciphers
26. ISO/IEC 10118-3:2003 RIPEMD128/160/256 and Whirlpool (ESAT/COSIC)
27. ISO/IEC 18033-3:2010 HIGHT, SEED, Camellia and MISTY1 Block ciphers
28. ISO/IEC 18033-4:2011 KCipher-2 stream cipher (RFC 7008)
29. ISO/IEC 29192-3:2012 Trivium Stream cipher with 80-bit key
30. ISO/IEC 18033-5:2015 IBE - Identity-based Encryption Mechanisms
31. ISO/IEC 18033-5:2015/Amd.1:2021(E) SM9 Mechanism
32. ISO/IEC 29192-2:2019 PRESENT, CLEFIA and LEA block ciphers
33. ISO/IEC 15946-5:2022 Barreto-Naehrig and Barreto-Lynn-Scott Curves
34. KS X 1213-1 ARIA 128-bit block cipher with 128/192/256-bit keys
35. KS X 3246 LEA - Lightweight Encryption Algorithm (TTAK.KO-12.0223)
36. KS X 3262 LSH - A New Fast Secure Hash Function Family (in Korean)
37. NIST SP800-186 X25519 Diffie-Hellman (OpenSSL compliant)
38. NIST SP800-38D GCM AEAD mode for 128-bit block ciphers (RFC 5288)
39. RFC 1423: Privacy Enhancement for Internet Electronic Mail
40. RFC 2104: HMAC - Keyed-Hashing for Message Authentication
41. RFC 2144: CAST-128 64-bit Block cipher with 128-bit key
42. RFC 2612: The CAST-256 Encryption Algorithm
43. RFC 3610: Counter with CBC-MAC Mode of Operation (CCM Mode)
44. RFC 4009: The SEED Encryption Algorithm (KISA)
45. RFC 4253: Serpent 128-bit Block cipher with 128/192/256-bit keys
46. RFC 4493: Cipher-based Message Authentication Code (CMAC)
47. RFC 4503: Rabbit Stream Cipher Algorithm with 128-bit key
48. RFC 4543: Galois Message Authentication Code (GMAC)
49. RFC 4764: EAX Authenticated-Encryption Mode of Operation
50. RFC 4648: Base16, Base32, and Base64 Data Encodings
51. RFC 5246: Transport Layer Security (TLS) Protocol Version 1.2
52. RFC 5280: Internet X.509 PKI Certificate Revocation List (CRL)
53. RFC 5297: Synthetic Initialization Vector (SIV Mode)
54. RFC 5869: HMAC-based Key Derivation Function (HKDF)
55. RFC 6114: The 128-Bit Blockcipher CLEFIA (Sony)
56. RFC 7008: KCipher-2 Encryption Algorithm (KDDI R&D Laboratories)
57. RFC 7253: OCB (and PMAC) Authenticated-Encryption Algorithm
58. RFC 7292: PKCS #12 Personal Information Exchange Syntax v1.1
59. RFC 7539: ChaCha20-Poly1305 AEAD Stream cipher
60. RFC 7693: The BLAKE2 Cryptographic Hash and MAC (JP Aumasson)
61. RFC 7748: Curve25519 and Curve448: Elliptic Curves for Security
62. RFC 7914: The Scrypt Password-Based Key Derivation Function
63. RFC 8032: Ed25519 Signature a.k.a. EdDSA (Daniel J. Bernstein)
64. RFC 8446: Transport Layer Security (TLS) Protocol Version 1.3
65. RFC 9058: MGM AEAD mode for 64 and 128 bit ciphers (E. Griboedova)
66. RFC 9367: GOST Cipher Suites for Transport Layer Security (TLS 1.3)
67. SBRC 2007: Curupira 96-bit block cipher with 96/144/192-bit keys
68. STB 34.101.31-2011 Belorussian standard (Bel-T) block cipher
69. STB 34.101.45-2013 Belorussian BignV1 public key algorithhm
70. STB 34.101.77-2020 Belorussian standard BASH hash function
71. TTAS.KO-12.0004/R1 128-bit Block Cipher SEED (ISO/IEC 18033-3:2010)
72. TTAS.KO-12.0040/R1 64-bit Block Cipher HIGHT (ISO/IEC 18033-3:2010)
73. TTAS.KO-12.0011/R2 HAS-160 Korean-standardized hash algorithm
74. TTAK.KO-12.0015/R3 EC-KCDSA Korean Digital Signature Algorithm
75. TTAK.KO-12.0223 LEA 128-bit block cipher (ISO/IEC 29192-2:2019)
76. TTAK.KO-12.0276 LSH Message digest algorithm (KS X 3262)
77. US FIPS 197 Advanced Encryption Standard (AES)
78. US FIPS 180-2 Secure Hash Standard (SHS) SHA1 and SHA2 Algorithms
79. US FIPS 202 SHA-3 Permutation-Based Hash (instance of the Keccak)
80. US FIPS 203 Module-Lattice-Based Key-Encapsulation Mechanism (ML-KEM)
81. US FIPS 204 Module-Lattice-Based Digital Signature Standard (ML-DSA)
82. US FIPS 205 Stateless Hash-Based Digital Signature Standard (SLH-DSA)

Command-line Integrated Security Suite

Asymmetric

• Public key algorithms:

  Algorithm	256	512	ECDH	Signature	Encryption	PKI
  ECDSA	O	O	O	O	O	O
  ECGDSA	O	O		O
  EC-KCDSA	O	O		O
  ANSSI	O		O	O	O
  Koblitz	O		O	O	O
  BignV1	O	O	O	O
  Curve25519	O		O	O		O
  Curve448			O	O
  GOST2012	O	O	O	O		O
  RSA				O	O	O
  SM2	O		O	O	O	O
  SM9	O		O	O	O
  NUMS	O	O	O	O	O
  ElGamal				O	O
  EC-ElGamal	O				O
  ML-DSA/KEM				O	O	O
  SLH-DSA	O			O		O

• Subjacent Elliptic Curves:

  Curve	ECDSA	EC-GDSA	EC-KCDSA	ECKA-EG
  P-224 (secp224r1)	O	O	O
  P-256 (secp256r1)	O	O	O	O
  P-384 (secp384r1)	O	O	O
  P-521 (secp521r1)	O	O	O
  B-283 (sect283r1)			O
  B-409 (sect409r1)			O
  B-571 (sect571r1)			O
  BLS12-381				O
  Ed25519				O
  Pallas				O
  ANSSI (frp256v1)	O
  Koblitz (secp256k1)	O			O
  SM2 (sm2p256v1)	O

• Supported ParamSets:

  Algorithm	A	B	C	D
  GOST R 34.10-2012 256-bit	O	O	O	O
  GOST R 34.10-2012 512-bit	O	O	O

Symmetric

• Stream ciphers:

  Cipher	Key Size	IV	Modes
  Ascon 1.2	128	128	AEAD Stream Cipher
  Chacha20Poly1305	256	96/192	AEAD Stream Cipher
  Grain128a	128	40-96	AEAD Stream Cipher
  HC-128	128	128	XOR Stream
  HC-256	256	256	XOR Stream
  KCipher-2	128	128	XOR Stream
  Rabbit	128	64	XOR Stream
  RC4 [Obsolete]	40/128	-	XOR Stream
  Salsa20	256	64/192	XOR Stream
  Skein512	Any	Any	MAC + XOR Stream
  Spritz	Any	Any	XOR Stream
  Trivium	80	80	XOR Stream
  ZUC-128 Zu Chongzhi	128	128	MAC + XOR Stream
  ZUC-256 Zu Chongzhi	256	184	MAC + XOR Stream

• Permutation ciphers:

  Cipher	Key	IV	Mode
  Xoodyak	128	128	Lightweight AEAD Permutation Cipher

• 256-bit> block ciphers:

  Cipher	Block Size	Key Size	Modes
  Kalyna256	256	256/512	EAX, SIV, CTR, OFB, IGE
  Kalyna512	512	512	EAX, SIV, CTR, OFB, IGE
  SHACAL-2	256	128 to 512	EAX, SIV, CTR, OFB, IGE
  Threefish256	256	256	EAX, SIV, CTR, OFB, IGE
  Threefish512	512	512	EAX, SIV, CTR, OFB, IGE
  Threefish1024	1024	1024	EAX, SIV, CTR, OFB, IGE

• 128-bit block ciphers:

  Cipher	Block Size	Key Size	Modes
  AES (Rijndael)	128	128/192/256	All modes supported
  Anubis	128	128 to 320	All modes supported
  ARIA	128	128/192/256	All modes supported
  Bel-T	128	128/192/256	All modes supported
  Camellia	128	128/192/256	All modes supported
  CAST256	128	128/192/256	All modes supported
  CLEFIA	128	128/192/256	All modes supported
  CRYPTON	128	128/192/256	All modes supported
  E2	128	128/192/256	All modes supported
  Kalyna128	128	128/256	All modes supported
  Kuznechik	128	256	All modes supported
  LEA	128	128/192/256	All modes supported
  LOKI97	128	128/192/256	All modes supported
  MARS	128	128 to 448	All modes supported
  NOEKEON	128	128	All modes supported
  RC6	128	128/192/256	All modes supported
  SEED	128	128	All modes supported
  Serpent	128	128/192/256	All modes supported
  SM4	128	128	All modes supported
  Twofish	128	128/192/256	All modes supported

• 96-bit block ciphers:

  Cipher	Block Size	Key Size	Modes
  Curupira	96	96/144/192	EAX, LETTERSOUP, CTR, IGE

• 64-bit block ciphers:

  Cipher	Block Size	Key Size	Modes
  DES [Obsolete]	64	64	EAX, CFB-8, CTR, OFB
  3DES [Obsolete]	64	192	EAX, CFB-8, CTR, OFB
  Blowfish	64	128	EAX, CFB-8, CTR, OFB
  CAST5	64	128	EAX, CFB-8, CTR, OFB
  GOST89 (TC26)	64	256	EAX, MGM, CFB-8, CTR
  HIGHT	64	128	EAX, CFB-8, CTR, OFB
  IDEA [Obsolete]	64	128	EAX, CFB-8, CTR, OFB
  Khazad	64	128	EAX, MGM, CFB-8, CTR
  Magma	64	256	EAX, CFB-8, CTR, OFB
  MISTY1	64	128	EAX, CFB-8, CTR, OFB
  PRESENT	64	80/128	EAX, MGM, CFB-8, CTR
  RC2 [Obsolete]	64	128	EAX, CFB-8, CTR, OFB
  RC5 [Obsolete]	64	128	EAX, CFB-8, CTR, OFB
  SAFER+	64	64/128	EAX, CFB-8, CTR, OFB
  TWINE	64	80/128	EAX, MGM, CFB-8, CTR

• Modes of Operation:

  Mode		Blocks	Keys
  EAX	Encrypt-Authenticate-Translate	All	Any
  GCM	Galois/Counter Mode (AEAD)	128	128/192/256
  OCB1	Offset Codebook v1 (AEAD)	128	128/192/256
  OCB3	Offset Codebook v3 (AEAD)	128	128/192/256
  MGM	Multilinear Galois Mode (AEAD)	64/128	Any
  CCM	Counter with CBC-MAC (AEAD)	128	128/192/256
  SIV	Synthetic IV Mode (AEAD)	All	Any
  CBC	Cipher-Block Chaining	All	Any
  CFB	Cipher Feedback Mode	All	Any
  CFB-8	Cipher Feedback Mode 8-bit	All	Any
  CTR	Counter Mode (default)	All	Any
  ECB	Eletronic Codebook Mode	All	Any
  IGE	Infinite Garble Extension	All	Any
  OFB	Output Feedback Mode	All	Any

• Message Digest Algorithms:

  Algorithm	128	160	192	256	512	MAC
  BASH				O	O
  Bel-T				O
  BLAKE-2B				O	O	O
  BLAKE-2S	O			O		O
  BLAKE-3				O		O
  BMW				O	O
  Chaskey	O					O
  CubeHash				O	O
  ECHO				O	O
  ESCH				O
  Fugue				O	O
  GOST94 CryptoPro				O
  Grøstl				O	O
  Hamsi				O	O
  Haraka v2				O
  HAS-160		O
  JH				O	O
  Kupyna				O	O	O
  Legacy Keccak				O	O
  LSH				O	O
  Luffa				O	O
  MD4 [Obsolete]	O
  MD5 [Obsolete]	O
  MD6				O	O
  Poly1305	O					O
  Radio-Gatun				O
  RIPEMD	O	O		O
  SHA1 [Obsolete]		O
  SHA2 (default)				O	O
  SHA3				O	O
  SHAKE				O	O
  SHAvite-3				O	O
  SIMD				O	O
  SipHash	O					O
  Skein				O	O	O
  SM3				O
  Streebog				O	O
  Tiger			O
  Whirlpool					O
  Xoodyak				O		O
  ZUC-256 Zu Chongzhi	O					O

  • MAC refers to keyed hash function, like HMAC.

AEAD

Authenticated encryption (AE) and authenticated encryption with associated data (AEAD) are forms of encryption which simultaneously assure the confidentiality and authenticity of data. Provides both authenticated encryption (confidentiality and authentication) and the ability to check the integrity and authentication of additional authenticated data (AAD) that is sent in the clear.

AEAD OpenSSL-PHP compliance

<?php
function encrypt($plaintext, $key, $aad = '') {
    $nonceSize = 12; // Chacha20-Poly1305 standard nonce size

    $nonce = random_bytes($nonceSize);
    $ciphertext = openssl_encrypt(
        $plaintext,
        'chacha20-poly1305',
        $key,
        OPENSSL_RAW_DATA,
        $nonce,
        $tag,
        $aad
    );
    return $nonce . $ciphertext . $tag;
}

function decrypt($ciphertext, $key, $aad = '') {
    $nonceSize = 12; // Chacha20-Poly1305 standard nonce size
    $tagSize = 16;   // Assuming a 16-byte tag

    $nonce = substr($ciphertext, 0, $nonceSize);
    $tag = substr($ciphertext, -$tagSize);
    $ciphertext = substr($ciphertext, $nonceSize, -$tagSize);

    return openssl_decrypt(
        $ciphertext,
        'chacha20-poly1305',
        $key,
        OPENSSL_RAW_DATA,
        $nonce,
        $tag,
        $aad
    );
}

// Example usage:
$keyHex = ''; // Provide your key in hexadecimal format
$key = hex2bin($keyHex);
$plaintext = "Hello, Chacha20-Poly1305!";

// Encrypt
$ciphertext = encrypt($plaintext, $key);
echo "Encrypted: " . bin2hex($ciphertext) . PHP_EOL;

// Decrypt
$decrypted = decrypt($ciphertext, $key);
echo "Decrypted: " . $decrypted . PHP_EOL;
?>

ANSSI

Parameters for the ANSSI FRP256v1 Elliptic curve, Agence nationale de la sécurité des systèmes d'information. "Publication d'un paramétrage de courbe elliptique visant des applications de passeport électronique et de l'administration électronique française." 21 November 2011.

Curupira

Curupira is a 96-bit block cipher, with keys of 96, 144 or 192 bits, and variable number of rounds, an algorithm described at SBRC 2007 by Paulo S. L. M. Barreto and Marcos A. Simplício Jr., from Escola Politécnica da Universidade de São Paulo (USP), São Paulo, Brazil.

$$ \text{Curupira}[K] \equiv \sigma[\kappa(R)] \circ \pi \circ \gamma \circ \left( \prod_{r=1}^{R-1} \sigma[\kappa(r)] \circ \theta \circ \pi \circ \gamma \right) \circ \sigma[\kappa(0)] $$

Digital Signature Algorithms

ElGamal-based algorithms

Here are the main differences between ECDSA, ECGDSA, and ECKCDSA:

$\text{ECDSA: Compute } r = x([k]B); \text{ s must be a root of } H(m)s^{-1} + rs^{-1}a - k \text{ modulo } n,$ $\text{ so compute } s \equiv k^{-1} \left( H(m) + ra \right) \pmod{n}.$

$\text{ECGDSA: Compute } r = x([k]B); \text{ s must be a root of } r^{-1}H(m) + r^{-1}sa - k \text{ modulo } n,$ $\text{ so compute } s \equiv a^{-1} \left( kr - H(m) \right) \pmod{n}.$

$\text{ECKCDSA: Compute } r = H(x([k]B)); \text{ s must be a root of } r \oplus H(m,h) + sa - k \text{ modulo } n,$ $\text{ so compute } s \equiv a^{-1} \left( k - r \oplus H(m,h) \right) \pmod{n}.$

Schnorr-based algorithms

$\text{BignV1: Compute } R = [k]G; s_0$ must be a root of $h(OID(H) \parallel R \parallel H(X)),$ $\text{ so compute } s_1 \equiv (k - H(X) - (s_0 + 2^l)d) \mod q.$

$\text{EdDSA: Compute } R = [k] G; S \equiv k + H(R \parallel m) \cdot d \mod q $, where $H$ is a hash function and $d$ is the private key.

Notes

1. $H(m)$ represents the hash value of the message.
2. $k^{-1}$ denotes the modular multiplicative inverse of $k$ modulo $(p-1)$.
3. $\equiv$ indicates congruence.
4. $\oplus$ represents the XOR operation.

ElGamal

The ElGamal algorithm is a public-key cryptography system that enables secure communication between two parties, involving asymmetric keypair generation and cryptographic operations. Initially, a large prime number $p$ and a generator $g$ for a finite cyclic group are generated. Each entity possesses a private key $x$, kept secret, and a public key $Y$, derived from $g^x \mod p$. To encrypt a symmetric key, the sender uses the session key, computes two components (a) and (b), and sends $g^k \mod p$ and $Y^k \cdot \text{key} \mod p$ to the recipient. The recipient, using their private key, decrypts the symmetric key. The ElGamal algorithm is known for its security based on the difficulty of solving the discrete logarithm problem and provides confidentiality and authentication properties. It was described by Taher A. Elgamal in 1985.

ElGamal Theory

Key Generation

1. Generate a large prime number $p$.
2. Select a generator $g \in [2, p-2]$.
3. Generate a private key $x$ randomly.
4. Compute the public key $Y = g^x \mod p$.

Digital Signature

1. Select a random value $k$ such that $1 < k < p-1$, $\text{gcd}(k, p-1) = 1$.
2. Compute the first signature component: $r = g^k \mod p$.
3. Compute the second signature component: $s \equiv (H(m) - x \cdot r) \cdot k^{-1} \mod (p-1)$.

Digital Signature Verification

1. Receive the message $m$ and the signature components $(r, s)$.
2. Compute $w \equiv s^{-1} \mod (p-1)$.
3. Compute $u_1 \equiv H(m) \cdot w \mod (p-1)$.
4. Compute $u_2 \equiv r \cdot w \mod (p-1)$.
5. Compute $v \equiv g^{u_1} \cdot Y^{u_2} \mod p$.
6. The signature is valid if $v \equiv r \mod p$.

Key Agreement

1. Bob generates his key pair $(x_B, Y_B)$.
2. Bob shares his public key $Y_B$ with Alice.
3. Alice generates a random symmetric key $K_{\text{sym}}$.
4. Alice encrypts $K_{\text{sym}}$ using Bob's public key: $a = g^{k_A} \mod p, \ b = Y_B^{k_A} \cdot K_{\text{sym}} \mod p$.
5. Alice sends the ciphertext $(a, b)$ to Bob.
6. Bob decrypts the received ciphertext using his private key to obtain: $K_{\text{sym}} = (b \cdot a^{-x_B}) \mod p$.
7. Now, both Alice and Bob have the shared symmetric key $K_{\text{sym}}$ for further communication.

EC-ElGamal

The EC-ElGamal algorithm is a cryptographic scheme based on elliptic curves that enables the encryption of messages between two parties using a shared public key. Is a cryptographic scheme that allows secure message transmission over an insecure channel. The algorithm relies on the mathematical properties of elliptic curves to ensure the confidentiality of messages.

Pure EC-ElGamal

EC-ElGamal encryption using elliptic curves allows secure message transmission by having Alice generate a private key $y$ and a public key $Y = y \cdot G$, while Bob encrypts a message $M$ with a random value $r$, computing $C_1 = r \cdot G$ and $C_2 = r \cdot Y + M$, and Alice decrypts using $M = C_2 - y \cdot C_1$.

EC-ElGamal Theory

With ElGamal encryption using elliptic curves, Alice generates a private key $y$ and a public key of:

$Y = y \cdot G$

where $G$ is the base point on the curve. She can share this public key $Y$ with Bob. When Bob wants to encrypt something for Alice, he generates a random value $r$ and the message value $M$, and then computes:

$C_1 = r \cdot G$

$C_2 = r \cdot Y + M$

To decrypt, Alice takes her private key $y$ and computes:

$M = C_2 - y \cdot C_1$

This works because:

$M = C_2 - y \cdot C_1 = r \cdot y \cdot G + M - y \cdot r \cdot G = M$

EC-ElGamal with Verifiable Encryption

Initially, each party generates its private key as a random number $x$ and computes its corresponding public key $Q = x \cdot G$, where $G$ is a base point on the elliptic curve. To encrypt a message $M$, the sender selects a random value $r$ and computes $C1 = r \cdot G$ and $C2 = M \cdot H + r \cdot Q$, where $H$ is another point on the elliptic curve. These values are then combined to form the additional authentication data (AAD), which is used along with the message for symmetric encryption. A nonce value is also generated to ensure randomness in the cipher. The receiver uses their private key $x$ to derive $t = x \cdot C1$ and from it, the symmetric key used to decrypt the message. The algorithm also includes a zero-knowledge proof (ZKP) mechanism based on Schnorr, allowing the receiver to verify the authenticity of the received message without revealing their private key.

EC-ElGamal with Schnorr Proof

We initially create a private key as a random number $x$ and a public key of:

$Q = x \cdot G$

With standard ElGamal encryption, we generate a random value $r$ to give:

$t = r \cdot Q$

We then create a symmetric key from this elliptic curve point:

$AEADKey = \text{Derive}(t)$

and where $\text{Derive}$ just converts a point on the curve to a byte array value that is the length of the required symmetric encryption key (such as for 32 bytes in the case of 256-bit Anubis).

Next, we compute the ciphertext values of:

$C1 = r \cdot G$
$C2 = M \cdot H + r \cdot Q$

and where $M$ is the $msg$ value converted into a scalar value. We then append these together to create the additional data that will be used for the symmetric key encryption of the message:

$AAD = C1 \parallel C2$

We then generate a nonce value ($\text{Nonce}$) and then perform symmetric key encryption on the message:

$cipher = \text{EncAEADKey}(\text{msg}, \text{Nonce}, \text{AAD})$

The ciphertext then has values of $C1$, $C2$, $\text{Nonce}$, and $\text{cipher}$. $C1$, $C2$ are points on the curve, and the $\text{Nonce}$ value and $\text{cipher}$ are byte array values. To decrypt, we take the private key ($x$) and derive:

$t = x \cdot C1$
$AEADKey = \text{Derive}(t)$
$AAD = C1 \parallel C2$
$msg = \text{DecAEADKey}(\text{cipher}, \text{Nonce}, \text{AAD})$

Here is an overview of the method:

To generate the proof, we generate a random value ($r$) and a blinding factor ($b$) to give two points on the elliptic curve:

$R1 = r \cdot G$
$R2 = r \cdot Q + b \cdot H$

Next, we create the challenge bytes with:

$chall = C1 \parallel C2 \parallel R1 \parallel R2 \parallel \text{Nonce}$

We take this value and hash it ($H$()), and create a scalar value with ($ek$) to produce:

$c = H(\text{chall}) \cdot ek$

We then create two Schnorr proof values:

$S1 = b - c \cdot m$
$S2 = r - c \cdot b$

To verify the proof, we reconstruct $R1$:

$R1 = c \cdot C1 + S2 \cdot G$

We reconstruct $R2$:

$R2 = c \cdot C2 + S1 \cdot Q + S1 \cdot H$

This works because:

$R2 = c \cdot C2 + S1 \cdot Q + S1 \cdot H$
$\quad = c \cdot (b \cdot Q + m \cdot H) + (r - cb) \cdot Q + (b - cm) \cdot H$
$\quad = (cb + r - cb) \cdot Q + (cm + b - cm) \cdot H$
$\quad = r \cdot Q + b \cdot H$

We then reconstruct the challenge with:

$chall = C1 \parallel C2 \parallel R1 \parallel R2 \parallel \text{Nonce}$

We take this value and hash it ($H$()), and create a scalar value with ($ek$) to produce:

$c = H(\text{chall}) \cdot ek$

This value is then checked against the challenge in the proof, and if they are the same, the proof is verified.

GOST (GOvernment STandard of Russian Federation)

GOST refers to a set of technical standards maintained by the Euro-Asian Council for Standardization, Metrology and Certification (EASC), a regional standards organization operating under the auspices of the Commonwealth of Independent States (CIS).

Key sizes

• Bit-length Equivalence

  Symmetric Key Size	RSA and EG Key Size	ECC Key Size
  80	1024	160
  112	2048	224
  128	3072	256
  192	7680	384
  256	15360	512

IBE

Identity-Based Encryption (IBE) is a cryptographic scheme that enables users to encrypt and decrypt messages using easily memorable and publicly known information, such as an email address or user identity, as the public key. In IBE, the sender encrypts a message with the recipient's identity, and the recipient, possessing a private key generated by a trusted authority known as Key Generation Authority (KGA), can decrypt the message. Unlike traditional public-key cryptography, IBE eliminates the need for a centralized public key directory, as the user's identity itself serves as the public key. This convenience in key management makes IBE particularly suitable for secure communication in decentralized or large-scale systems, where distributing and managing individual public keys may be impractical.

IBE Key Management System (KMS)

Figure 1

 +---------------------------------------------------------------+
 |                  IBE Key Management System                    |
 |      +---------------------------+  +-------------------+     |
 |      |  Private Key Generation   |--|                   |     |
 |      |      Center (PKG)         |  |                   |     |
 |      +---------------------------+  |                   |     |
 |                  |  Revoke/Update   |                   |     |
 |                  |                  |                   |     |
 |      +---------------------------+  |      Public       |     |
 |      |       Registration        |  |     Parameter     |     |
 |      |       Service (RA)        |  |      Service      |     |
 |      +---------------------------+  |       (PPS)       |     |
 |                  |  Registration    |                   |     |
 |                  |  Application     |                   |     |
 |      +---------------------------+  |                   |     |
 |      |         Terminal          |  |                   |     |
 |      |    Entity (User/Client)   |--|                   |     |
 |      +---------------------------+  +-------------------+     |
 +---------------------------------------------------------------+

The IBE's Key Management System (KMS) consists of the Private Key Generator (PKG), Registration Agency (RA), Public Parameter Server (PPS), and User Terminal Entity (User/Client). The system architecture is illustrated in Figure 1. The functions of each entity are described below.

1. Private Key Generation Center (PKG):

• Function: Uses the system master key and related parameters to generate private keys for users. Provides related management and query services.

2. Registration Service (RA):

• Functions:
  • Undertakes tasks related to user key application registration, authentication, management, and business communication with PKG.
  • Provides symmetric, asymmetric, and hash cryptographic services.
  • Receives key data returned by PKG and writes it into the key carrier of the terminal entity.

3. Public Parameter Service (PPS):

• Function: A user-oriented information service system, providing publicly accessible addresses for secure query and distribution of public parameters and policies. Public parameters include password parameters and user ID status directories that can be shared publicly.

4. User Terminal Entity (User/Client):

• Functions:
  • Terminal application system of the user information service system.
  • Applies for keys directly from PKG or through a local agent.
  • Realizes the storage and use of its own private keys.

IBE Key Management System Architecture:

• Secure Channels: The generation and distribution of user keys mainly involve entities such as PKG, RA, and User/Client. This is achieved by establishing secure channels between PKG and RA, and between RA and User/Client, ensuring secure transfer and download of keys.

Summary: The architecture of the IBE Key Management System ensures secure generation of private keys by PKG, tasks of key registration and application are carried out by RA, public parameters are provided by PPS, and users interact with the system through the User/Client terminal. Secure channels facilitate the transfer and download of keys between these entities, ensuring the overall security of the key management system.

IKM (input key material value)

Keying material is in general to include things like shared Diffie-Hellman secrets (which are not suitable as symmetric keys), which have more structure than normal keys.

MAC

MAC (Message Authentication Code) is a cryptographic function used to ensure the integrity and authenticity of a message. It takes a message and a secret key as inputs and produces a fixed-size authentication tag, which is appended to the message. The receiver can then verify the authenticity of the message by recomputing the MAC using the shared secret key and comparing it to the received tag. If they match, the message is deemed authentic and unaltered.

ML-KEM, ML-DSA

Module-lattice-based algorithms, such as KEM (Key Encapsulation Mechanism) and DSA (Digital Signature Algorithm), are promising solutions in post-quantum cryptography that provide security against attacks from quantum computers. KEM facilitates secure key exchange by encapsulating a secret key in an object, leveraging complex mathematical problems like the Shortest Vector Problem (SVP) or Learning With Errors (LWE) to ensure security and efficiency. Meanwhile, DSA generates and verifies digital signatures, ensuring the authenticity and integrity of messages while also using lattice structures for protection against quantum algorithms. Together, these approaches represent a significant advancement for information security in the future.

NUMS

Microsoft Nothing Up My Sleeve Elliptic curves
NUMS (Nothing Up My Sleeve) curves, which are supported in the MSRElliptic Curve Cryptography Library (a.k.a. MSR ECCLib).

These curves are elliptic curves over a prime field, just like the NIST or Brainpool curves. However, the domain-parameters are choosen using a VERY TIGHT DESIGN SPACE to ensure, that the introduction of a backdoor is infeasable. For a desired size of $s$ bits the prime $p$ is choosen as $p = 2^s - c$ with the smallest $c$ where $c>0$ and $p$ mod 4 = 3 and $p$ being prime.

PBKDF2

PBKDF2 (Password-Based Key Derivation Function 2) is a widely used cryptographic function designed to derive secure cryptographic keys from weak passwords or passphrases. It applies a pseudorandom function, such as HMAC-SHA1, HMAC-SHA256, or HMAC-SHA512, multiple times in a loop, with a salt and a user-defined number of iterations, effectively increasing the computational cost of key generation. This technique enhances the resilience against brute-force attacks, making it more difficult and time-consuming for attackers to obtain the original password from the derived key.

Post-Quantum Cryptography (PQC)

Quantum computing is in an early stage of development and faces significant challenges, including the control and correction of quantum errors. Predictions vary, but many experts agree that we are still several years, or even decades, away from having the ability to build a quantum computer large enough to threaten public key cryptography algorithms currently considered secure. Scalable, sufficiently powerful quantum computers have not yet been constructed. Therefore, post-quantum cryptography is more of a precautionary measure, as classical algorithms remain secure for most everyday applications. Understand which algorithms have been compromised with the advent of quantum algorithms like Shor and Grover:

• Security Level

  Name	Function	pre-quantum	post-quantum
  AES-128	block cipher	128	64 (Grover)
  AES-256	block cipher	256	128 (Grover)
  Salsa20	stream cipher	256	128 (Grover)
  GMAC	MAC	128	128
  Poly1305	MAC	128	128
  SHA-256	hash function	256	128 (Grover)
  SHA-3	hash function	256	128 (Grover)
  RSA-3072	encryption	128	broken (Shor)
  RSA-3072	signature	128	broken (Shor)
  256-bit ECDH	key exchange	128	broken (Shor)
  256-bit ECDSA	signature	128	broken (Shor)

ShangMi (SM) National secret SM2/SM3/SM4 algorithms

SM2 is a public key cryptographic algorithm based on elliptic curves, used for e.g. generation and verification of digital signatures; SM3, a hashing algorithm comparable to SHA-256; and SM4, a block cipher algorithm for symmetric cryptography comparable to AES-128. These standards are becoming widely used in Chinese commercial applications such as banking and telecommunications and are sometimes made mandatory for products procured by Chinese government agencies. SM4 is part of the ARMv8.4-A expansion to the ARM architecture.

SM9 GM/T 0044-2016 Public key algorithm 256-bit

Parameters for the sm9p256v1 Elliptic curve

SM9 is a Chinese National Identity Based Cryptography Standard and was originally published using a 256-bit Barreto-Naehrig Curve as its primary example. The new paper suggests that because attacks against some Barreto-Naehrig curves have improved that the SM9 standard should adopt a 384-bit Barreto-Naehrig Curve. The authors go on to suggest that this curve offers roughly 118 bits of security.

XOR

XOR (Exclusive OR) is a logical operator that works on bits. Let’s denote it by ^. If the two bits it takes as input are the same, the result is 0, otherwise it is 1. This implements an exclusive or operation, i.e. exactly one argument has to be 1 for the final result to be 1. We can show this using a truth table:

• exclusive or

  x	y	x^y
  0	0	0
  0	1	1
  1	0	1
  1	1	0

ZUC (Zu Chongzhi cipher)

The ZUC-256 cipher is a symmetric key encryption algorithm widely used in 5G communication technologies, providing robust and efficient security. The ZUC-256 algorithm is based on the original ZUC cipher, developed by the Chinese Academy of Sciences and adopted by the 3rd Generation Partnership Project (3GPP) standard to ensure data integrity and confidentiality in fifth-generation mobile networks. Its name pays tribute to Zu Chongzhi, a 5th-century Chinese mathematician and astronomer, renowned for his contributions to mathematics, astronomy, and hydraulic engineering. His remarkable approximation of the value of π (pi) enabled more precise calculations in various scientific fields.

Features

• Cryptographic Functions:

  • Asymmetric Encryption
  • Symmetric Encryption + AEAD Modes
  • Digital Signature
  • Recursive Hash Digest + Check
  • ECDH (Shared Key Agreement)
  • CMAC (Cipher-based message authentication code)
  • HMAC (Hash-based message authentication code)
  • HKDF (HMAC-based key derivation function)
  • PBKDF2 (Password-based key derivation function)
  • PHS (Password-hashing scheme)
  • TLS (Transport Layer Security v1.2 and 1.3)
  • TLCP (Transport Layer Cryptography Protocol v1.1)
  • PKCS12 (Personal Information Exchange Syntax v1.1)
  • X.509 CSRs, CRLs and Certificates

• Non-cryptographic Functions:

  • Hex string encoder/dump/decoder (xxd-like)
  • Base32 encoder/decoder
  • Base64 encoder/decoder
  • Base85 encoder/decoder
  • Privacy-Enhanced Mail (PEM format)
  • RandomArt (OpenSSH-like)

Usage

Usage of ./edgetk:
  -algorithm string
    	Public key algorithm: EC, Ed25519, GOST2012, SM2. (default "RSA")
  -base32 string
    	Encode binary string to Base32 format and vice-versa. [enc|dec]
  -base64 string
    	Encode binary string to Base64 format and vice-versa. [enc|dec]
  -base85 string
    	Encode binary string to Base85 format and vice-versa. [enc|dec]
  -bits int
    	Key length. (for keypair generation and symmetric encryption)
  -cacert string
    	CA Certificate path. (for TLCP Protocol)
  -cakey string
    	CA Private key. (for TLCP Protocol)
  -cert string
    	Certificate path.
  -check
    	Check hashsum file. ('-' for STDIN)
  -cipher string
    	Symmetric algorithm: aes, blowfish, magma or sm4. (default "aes")
  -crl string
    	Certificate Revocation List path.
  -crypt string
    	Bulk Encryption with Stream and Block ciphers. [enc|dec|help]
  -curve string
    	Subjacent curve (ECDSA, BLS12381G1 and G2.) (default "ecdsa")
  -days int
    	Defines the validity of the certificate from the date of creation.
  -digest
    	Target file/wildcard to generate hashsum list. ('-' for STDIN)
  -factorp string
    	Makwa private Factor P. (for Makwa Password-hashing Scheme)
  -factorq string
    	Makwa private Factor Q. (for Makwa Password-hashing Scheme)
  -hex string
    	Encode binary string to hex format and vice-versa. [enc|dump|dec]
  -hid uint
    	Hierarchy Identifier. (for SM9 User Private Key) (default 1)
  -id string
    	User Identifier. (for SM9 User Private Key operations)
  -info string
    	Additional info. (for HKDF command and AEAD bulk encryption)
  -ipport string
    	Local Port/remote's side Public IP:Port.
  -iter int
    	Iter. (for Password-based key derivation function) (default 1)
  -iv string
    	Initialization Vector. (for symmetric encryption)
  -kdf string
    	Key derivation function. [pbkdf2|hkdf|scrypt|argon2|lyra2re2]
  -key string
    	Asymmetric key, symmetric key or HMAC key, depending on operation.
  -mac string
    	Compute Hash/Cipher-based message authentication code.
  -master string
    	Master key path. (for sm9 setup) (default "Master.pem")
  -md string
    	Hash algorithm: sha256, sha3-256 or whirlpool. (default "sha256")
  -mode string
    	Mode of operation: GCM, MGM, CBC, CFB8, OCB, OFB. (default "CTR")
  -modulus string
    	Makwa modulus. (Makwa hash Public Parameter)
  -nopad
    	No padding. (for Base64 and Base32 encoding)
  -params string
    	ElGamal Public Parameters path.
  -paramset string
    	Elliptic curve ParamSet: A, B, C, D. (for GOST2012) (default "A")
  -pass string
    	Password/Passphrase. (for Private key PEM encryption)
  -passout string
    	User Password. (for SM9 User Private Key PEM encryption)
  -peerid string
    	Remote's side User Identifier. (for SM9 Key Exchange)
  -pkey string
    	Subcommands: keygen|certgen, sign|verify|derive, text|modulus.
  -prv string
    	Private key path. (for keypair generation) (default "Private.pem")
  -pub string
    	Public key path. (for keypair generation) (default "Public.pem")
  -rand int
    	Generate random cryptographic key with given bit length.
  -recover
    	Recover Passphrase from Makwa hash with Private Parameters.
  -recursive
    	Process directories recursively. (for DIGEST command only)
  -root string
    	Root CA Certificate path.
  -salt string
    	Salt. (for HKDF and PBKDF2 commands)
  -signature string
    	Input signature. (for VERIFY command and MAC verification)
  -subj string
    	Subject: Identity for which a digital certificate.
  -tcp string
    	Encrypted TCP/IP Transfer Protocol. [server|ip|client]
  -tweak string
    	Additional 128-bit parameter input. (for THREEFISH encryption)
  -version
    	Print version info.
  -wrap int
    	Wrap lines after N columns. (for Base64/32 encoding) (default 64)

Examples

Asymmetric EG keypair generation:

./edgetk -pkey setup -algorithm elgamal [-bits 4096] > ElGamalParams.pem
./edgetk -pkey keygen -algorithm elgamal -params ElGamalParams.pem [-pass "passphrase"] [-prv Private.pem] [-pub Public.pem]

EG Digital signature:

./edgetk -pkey sign -algorithm elgamal -key Private.pem [-pass "passphrase"] < file.ext > sign.txt
sign=$(cat sign.txt|awk '{print $2}')
./edgetk -pkey verify -algorithm elgamal -key Public.pem -signature $sign < file.ext
echo $?

EG Encryption scheme:

./edgetk -pkey wrapkey -algorithm elgamal -key Public.pem > cipher.txt
ciphertext=$(cat cipher.txt|grep "Cipher"|awk '{print $2}')
./edgetk -pkey unwrapkey -algorithm elgamal -key Private.pem [-pass "passphrase"] -cipher $ciphertext

Asymmetric RSA keypair generation:

./edgetk -pkey keygen -bits 4096 [-pass "passphrase"] [-prv Private.pem] [-pub Public.pem]

Parse keys info:

./edgetk -pkey [text|modulus] [-pass "passphrase"] -key Private.pem
./edgetk -pkey [text|modulus|randomart|fingerprint] -key Public.pem

Digital signature:

./edgetk -pkey sign -key Private.pem [-pass "passphrase"] < file.ext > sign.txt
sign=$(cat sign.txt|awk '{print $2}')
./edgetk -pkey verify -key Public.pem -signature $sign < file.ext
echo $?

Encryption/decryption with RSA algorithm:

./edgetk -pkey encrypt -key Public.pem < plaintext.ext > ciphertext.ext
./edgetk -pkey decrypt -key Private.pem < ciphertext.ext > plaintext.ext

Asymmetric EC keypair generation (256-bit):

./edgetk -pkey keygen -bits 256 -algorithm EC [-pass "passphrase"] [-prv Private.pem] [-pub Public.pem]

EC Diffie-Hellman:

./edgetk -pkey derive -algorithm EC -key Private.pem -pub Peerkey.pem

Generate Self Signed Certificate:

./edgetk -pkey certgen -key Private.pem [-pass "passphrase"] [-cert "output.crt"]

Generate Certificate Signing Request:

./edgetk -pkey req -key Private.pem [-pass "passphrase"] [-cert Certificate.csr]

Sign CSR with CA Certificate:

./edgetk -pkey x509 -key Private.pem -root CACert.pem -cert Certificate.csr > Certificate.crt

Parse Certificate info:

./edgetk -pkey [text|modulus] -cert Certificate.pem

Generate Certificate Revocation List:

./edgetk -pkey crl -cert CACert.pem -key Private.pem -crl old.crl serials.txt > NewCRL.crl

TLS Layer (TCP/IP):

./edgetk -tcp ip > MyExternalIP.txt
./edgetk -tcp server -cert Certificate.pem -key Private.pem [-ipport "8081"]
./edgetk -tcp client -cert Certificate.pem -key Private.pem [-ipport "127.0.0.1:8081"]

Symmetric key generation (256-bit):

./edgetk -rand 256

Encryption/decryption with block cipher:

./edgetk -crypt enc -key $256bitkey < plaintext.ext > ciphertext.ext
./edgetk -crypt dec -key $256bitkey < ciphertext.ext > plaintext.ext

Message digest:

./edgetk -digest [-recursive] "*.*" > hash.txt
./edgetk -check hash.txt
echo $?
or
./edgetk -check hash.txt|grep FAILED^|Not found!

Bcrypt:

./edgetk -digest -md bcrypt -key "yourkey" [-iter 10] > key.bcrypt
./edgetk -check -md bcrypt -key "yourkey" < key.bcrypt
echo $?

HMAC:

./edgetk -mac hmac -key "secret" < file.ext
./edgetk -mac hmac -key "secret" -signature $256bitmac < file.ext
echo $?

HKDF (HMAC-based key derivation function) (128-bit):

./edgetk -kdf hkdf -bits 128 -key "IKM" [-salt "salt"] [-info "AD"]

SM9 (Chinese IBE Standard)

Private Key Generation:

• Generate a master key

./edgetk -pkey setup -algorithm <sm9encrypt|sm9sign> [-master "Master.pem"] [-pub "Public.pem"]

• Generate a private key and a UID (User ID) and an HID (Hierarchy ID).

./edgetk -pkey keygen -algorithm <sm9encrypt|sm9sign> [-master "Master.pem"] [-prv "Private.pem"] [-id "uid"] [-hid 1]

Message Encryption:

• To encrypt a message:
  • Use the master public key.
  • Include the UID and HID associated with the private key.
  • Perform the encryption process.

./edgetk -pkey encrypt -algorithm sm9encrypt [-key "Public.pem"] [-id "uid"] [-hid 1] < FILE

Message Decryption:

• To decrypt a message:
  • Use the associated private key.
  • Use the corresponding UID.
  • Perform the decryption process.

./edgetk -pkey decrypt -algorithm sm9encrypt [-key "Private.pem"] [-id "uid"] < FILE

Digital Signature:

• To sign a message:
  • Use the private key (UID and HID are associated).
  • Perform the signature process.

./edgetk -pkey sign -algorithm sm9sign [-key "Private.pem"] < FILE

Digital Signature Verification:

• To verify the signature of a message:
  • Use the master public key.
  • Use the UID and HID associated with the private key that performed the signature.
  • Perform the signature verification process.

./edgetk -pkey verify -algorithm sm9sign [-key "Public.pem"] [-id "uid"] [-hid 1] [signature "sign"] < FILE

Hex Encoder/Decoder:

./edgetk -hex enc < file.ext > file.hex
./edgetk -hex dec < file.hex > file.ext
./edgetk -hex dump < file.ext

Base32/64 Encoder/Decoder:

./edgetk -base32 enc [-wrap 0] [-nopad] < file.ext > file.b32
./edgetk -base32 dec [-nopad] < file.b32 > file.ext

Try:

./edgetk -crypt help   // Describes bulk encryption usage and arguments
./edgetk -kdf help     // Describes key derivation function usage
./edgetk -mac help     // Describes message authentication code usage
./edgetk -pkey help    // Describes public key cryptography usage
./edgetk -tcp help     // Describes TLS 1.3 Protocol parameters and usage
./edgetk -help,-h      // Full list of the flags and their defaults
./edgetk -version      // Print version info

Acknowledgments

• Sergey Matveev (GoGOST Library Author)
• RyuaNerin (go-krypto Library Author)
• Sun Yimin (GMSM Library Author)
• Damian Gryski (Anubis, SipHash, Misty1 Libraries Author)
• Dana Booth (Main Contributor)
• Deatil (go-cryptobin, go-hash Libraries Author)

Contribute

Use issues for everything

• You can help and get help by:
  • Reporting doubts and questions
• You can contribute by:
  • Reporting issues
  • Suggesting new features or enhancements
  • Improve/fix documentation

License

This project is licensed under the ISC License.

Copyright (c) 2020-2024 Pedro F. Albanese - ALBANESE Research Lab.