cover_crypt
Advanced tools
Implementation of the CoverCrypt public key algorithm which partitions ciphertexts using attributes and allows issuing user keys with access policies over these attributes.
CoverCrypt has been designed as a fast alternative to Key Policy Attribute Based Encryption schemes such as GPSW06 (>50x faster).
It is typically used in a hybrid encryption scheme as a KEM to encapsulate the symmetric key of a DEM (AES 256 GCM in the provided hybrid implementation)
CoverCrypt encryption over 1 partition:
time: [156.28 µs 156.73 µs 157.21 µs]
Found 538 outliers among 5000 measurements (10.76%)
207 (4.14%) high mild
331 (6.62%) high severe
CoverCrypt encryption over 3 partitions
time: [255.07 µs 255.70 µs 256.36 µs]
Found 364 outliers among 5000 measurements (7.28%)
135 (2.70%) high mild
229 (4.58%) high severe
CoverCrypt decryption with a 1 partition access user key
time: [208.39 µs 209.17 µs 209.98 µs]
Found 601 outliers among 5000 measurements (12.02%)
41 (0.82%) low mild
139 (2.78%) high mild
421 (8.42%) high severe
CoverCrypt decryption with a 3 partition access user key
time: [260.87 µs 261.85 µs 262.85 µs]
Found 669 outliers among 5000 measurements (13.38%)
13 (0.26%) low mild
160 (3.20%) high mild
496 (9.92%) high severe
Single threaded measurement over thousands of samples on an Intel(R) Core(TM) i7-8700 CPU @ 3.20GHz
Run cargo bench to get the details (see below)
The crate is separated in 3 main modules:
cover_crypt_core: contains the cryptographic code for CoverCrypt.api.rs: exposes the public API with policy managementinterfaces: contains interfaces useful for Cosmian matching those in crypto_base as well as a Foreign Function Interface (FFI) useful to integrate with other languages. In particular, the code in this module demonstrates the use of hybrid cryptography involving ABE and AES and exposes it as a FFI.To build the core only, run
cargo build --release
To build the Cosmian interfaces without FFI, pass the interfaces feature flag, i.e.
cargo build --release --features interfaces
To build everything, including the FFI, pass the ffi feature flag, or use --all-features i.e.
cargo build --release --all-features
The latter will build a shared library and one can verify that the FFI symbols are present using (linux)
objdump -T target/release/libcover_crypt.so
The code contains numerous tests that you can run using
cargo test --release --all-features
Go to the build directory for an example on hw to build for GLIBC 2.17
maturin develop --cargo-extra-args="--release --features python
Benchmarking is using Criterion library.
Run all benchmarks:
cargo bench --features ffi
note: unfortunately, we cannot automatically tell Criterion to run benchmarks with ffi feature activated, we need to specify it.
Run only non-FFI benchmarks:
cargo bench
To generate a Flamegraph on Criterion's benchmark:
cargo flamegraph --bench benches --features ffi -- --bench
FAQs
Key Policy attribute encryption based on subset cover
We found that cover_crypt demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
NIST will stop enriching most CVEs under a new risk-based model, narrowing the NVD's scope as vulnerability submissions continue to surge.
Company News
/Security News
Socket is an initial recipient of OpenAI's Cybersecurity Grant Program, which commits $10M in API credits to defenders securing open source software.
Security News
Socket CEO Feross Aboukhadijeh joins 10 Minutes or Less, a podcast by Ali Rohde, to discuss the recent surge in open source supply chain attacks.