feat: stream cipher trait and chacha encryption

Cargo.toml

@@ -19,6 +19,7 @@ sha2 ="0.10.8"
 ark-ff ={ version="^0.4.0", features=["std"] }
 ark-crypto-primitives={ version="0.4.0", features=["sponge"] }
 des = "0.8.1"
+chacha20 = "0.9.1"
 
 [patch.crates-io]
 ark-ff ={ git="https://github.com/arkworks-rs/algebra/" }

README.md

@@ -20,14 +20,22 @@ Ronkathon is a rust implementation of a collection of cryptographic primitives.
 
 ## Primitives
 - [Fields and Their Extensions](src/field/README.md)
+ - [Binary Fields](src/field/binary_towers/README.md)
 - [Curves and Their Pairings](src/curve/README.md)
 - [Polynomials](src/polynomial/mod.rs)
 - [KZG Commitments](src/kzg/README.md)
 - [Reed-Solomon Codes](src/codes/README.md)
+- [Merkle Proofs](src/tree/README.md)
+
+### Signatures
 - [Tiny ECDSA](src/ecdsa.rs)
-- [RSA](src/rsa/README.md)
+
+### Encryption
+- [RSA](src/encryption/asymmetric/rsa/README.md)
+- [DES](src/encryption/symmetric/des/README.md)
+
+### Hash
 - [Sha256 Hash](src/hashes/README.md)
-- [Merkle Proofs](src/tree/README.md)
 - [Poseidon Hash](src/hashes/poseidon/README.md)
 
 ## In Progress

src/encryption/mod.rs

@@ -1,3 +1,3 @@
-//! Contains cryptographic primitives like symmetric and assymetric encryption.
+//! Contains cryptographic primitives like symmetric and asymmetric encryption.
 pub mod asymmetric;
 pub mod symmetric;

src/encryption/symmetric/README.md

@@ -0,0 +1,40 @@
+# Symmetric Encryption algorithms
+
+[Symmetric encryption](https://en.wikipedia.org/wiki/Symmetric-key_algorithm) algorithms are cryptographic algorithms that uses same key for encryption and decryption.
+
+## Block Ciphers
+
+TODO
+
+## Stream ciphers
+
+[stream ciphers](https://en.wikipedia.org/wiki/Stream_cipher) are symmetric encryption cryptography primitives that works on digits, often bits, rather than fixed-size blocks as in [block-ciphers](https://en.wikipedia.org/wiki/Block_cipher).
+
+$$
+\begin{align*}
+\operatorname{Enc}(s,m)=c=G(s)\oplus m \\
+\operatorname{Dec}(s,c)=m=c \oplus G(s)
+\end{align*}
+$$
+
+- Plaintext digits can be of any size, as cipher works on bits, i.e. $c,m\in \{ 0,1 \}^{L}$
+- $G$ is a PRG that generatoes **Keystream** which is a pseudorandom digit stream that is combined with plaintext to obtain ciphertext.
+- Keystream is generated using a seed value using **shift registers**.
+- **Seed** is the key value required for decrypting ciphertext.
+- Can be approximated as one-time pad (OTP), where keystream is used only once.
+- Keystream has to be updated for every new plaintext bit encrypted. Updation of keystream can depend on plaintext or can happen independent of it.
+
+```mermaid
+flowchart LR
+k[Key]-->ksg["Key Stream Generator"]
+ksg--s_i-->xor
+x["Plaintext (x_i)"]:::hiddenBorder-->xor["⊕"]
+xor-->y_i
+y_i["Ciphertext (y_i)"]-.->ksg
+```
+
+Now, encryption in stream ciphers is just XOR operation, i.e. $y_{i}=x_{i} \oplus s_{i}$. Due to this, encryption and decrpytion is the same function which. Then, comes the major question:
+
+## Implementations
+
+- [ChaCha stream cipher](./chacha/README.md)

src/encryption/symmetric/chacha/README.md

@@ -0,0 +1,48 @@
+# ChaCha Encryption
+
+- ChaCha's core is a permutation $P$ that operates on 512-bit strings
+- operates on ARX based design: add, rotate, xor. all of these operations are done 32-bit integers
+- $P$ is supposed to be secure instantiation of *random permutation* and constructions based on $P$ are analysed in *random-permutation* model.
+- using permutation $P$, a pseudorandom function $F$ is constructed that takes a 256 bit key and 128-bit input to 512-bit output with a 128-bit *constant*.
+
+$$
+F_{k}(x)\xlongequal{def} P(\operatorname{const} \parallel k \parallel x)\boxplus \operatorname{const} \parallel k \parallel x
+$$
+
+Then, chacha stream cipher's internal state is defined using $F$ with a 256-bit seed $s$ and 64-bit initialisation vector $IV$ and 64-bit nonce that is used only once for a seed. Often defined as a 4x4 matrix with each cell containing 4 bytes:
+
+| | | | |
+| ------- | ------- | ------ | ------ |
+| "expa" | "nd 3" | "2-by" | "te k" |
+| Key | Key | Key | Key |
+| Key | Key | Key | Key |
+| Counter | Counter | Nonce | Nonce |
+
+
+Let's define what happens inside $F$, it runs a quarter round that takes as input 4 4-byte input and apply constant time ARX operations:
+
+```
+a += b; d ^= a; d <<<= 16;
+c += d; b ^= c; b <<<= 12;
+a += b; d ^= a; d <<<= 8;
+c += d; b ^= c; b <<<= 7;
+```
+
+**quarter round** is run 4 times, for each column and 4 times for each diagonal. ChaCha added diagonal rounds from row rounds in Salsa for better implementation in software. Quarter round by itself, is an invertible transformation, to prevent this, ChaCha adds initial state back to the quarter-round outputs.
+
+This completes 1 round of block scrambling and as implied in the name, ChaCha20 does this for 20 similar rounds. [ChaCha family][chacha-family] proposes different variants with different rounds, namely ChaCha8, ChaCha12.
+
+**Nonce** can be increased to 96 bits, by using 3 nonce cells. [XChaCha][xchacha] takes this a step further and allows for 192-bit nonces.
+
+Reason for constants:
+- prevents zero block during cipher scrambling
+- attacker can only control 25% of the block, when given access to counter as nonce as well.
+
+During initial round, **counters** are initialised to 0, and for next rounds, increase the counter as 64-bit little-endian integer and scramble the block again. Thus, ChaCha can encrypt a maximum of $2^{64}$ 64-byte message. This is so huge, that we'll never ever require to transmit this many amount of data. [IETF][ietf] variant of ChaCha only has one cell of nonce, i.e. 32 bits, and thus, can encrypt a message of $2^{32}$ 64-byte length, i.e. 256 GB.
+
+[uct]: <https://www.cryptography-textbook.com/book/>
+[ietf]: <https://datatracker.ietf.org/doc/html/rfc8439>
+[xchacha]: <https://www.cryptopp.com/wiki/XChaCha20>
+[salsa]: <https://cr.yp.to/snuffle.html>
+[chacha]: <https://cr.yp.to/chacha.html>
+[chacha-family]: <https://cr.yp.to/chacha/chacha-20080128.pdf>