{"id":41771159,"url":"https://github.com/codahale/areion","last_synced_at":"2026-01-25T03:08:14.025Z","repository":{"id":174189752,"uuid":"651662624","full_name":"codahale/areion","owner":"codahale","description":"A Rust implementation of the Areion256 and Areion512 permutations.","archived":false,"fork":false,"pushed_at":"2024-06-10T13:08:04.000Z","size":118,"stargazers_count":3,"open_issues_count":0,"forks_count":1,"subscribers_count":2,"default_branch":"main","last_synced_at":"2024-06-10T14:57:42.521Z","etag":null,"topics":["aes-ni","areion"],"latest_commit_sha":null,"homepage":"","language":"Rust","has_issues":false,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/codahale.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE-APACHE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-06-09T18:52:57.000Z","updated_at":"2024-06-10T14:57:43.776Z","dependencies_parsed_at":null,"dependency_job_id":"858572ac-6345-4456-9b7e-fcd515545914","html_url":"https://github.com/codahale/areion","commit_stats":null,"previous_names":["codahale/areion"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/codahale/areion","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/codahale%2Fareion","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/codahale%2Fareion/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/codahale%2Fareion/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/codahale%2Fareion/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/codahale","download_url":"https://codeload.github.com/codahale/areion/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/codahale%2Fareion/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28742973,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-25T02:46:29.005Z","status":"ssl_error","status_checked_at":"2026-01-25T02:44:29.968Z","response_time":113,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aes-ni","areion"],"created_at":"2026-01-25T03:08:13.916Z","updated_at":"2026-01-25T03:08:14.016Z","avatar_url":"https://github.com/codahale.png","language":"Rust","funding_links":[],"categories":[],"sub_categories":[],"readme":"# areion\n\nAn implementation of the [Areion permutations](https://eprint.iacr.org/2023/794.pdf) and some\npotential uses.\n\n## ⚠️ WARNING: You should not use this. ⚠️\n\nThis implementation passes test vectors, but Areion is a brand-new algorithm with no third-party\ncryptanalysis to date.\n\n## Correctness\n\nThis implementation is compliant with the test vectors in the updated version of the paper\n(2023-09-21).\n\n## Other Fun Stuff\n\nThis repository also includes a few different hash algorithms based on the Areion512 permutation.\n\n### Areion-256-Sponge\n\nAreion-256-Sponge uses the Areion512 permutation in a sponge construction with a 256-bit rate. On\nx86_64 platforms, it's roughly as fast as vectorized SHA-256; on Apple Silicon it's about half as\nfast.\n\n### Areion-512-MMO\n\nAreion-512-MMO is a Matyas-Meyer-Oseas hash function using a single-key Even-Mansour block cipher\nbased on the Areion-512 permutation.\n\nThe [single-key Even-Mansour](https://eprint.iacr.org/2011/541.pdf) scheme uses a public permutation\n`P` to construct a block cipher for key `K` and plaintext block `M`:\n\n```text\nSEM(K, M) = P(M ^ K) ^ K\n```\n\nThe Matyas-Meyer-Oseas mode uses a block cipher `E(K, M)` to construct a hash function, calculating\nthe current hash state `H_i` given the previous hash state `H_{i-1}` and current message block\n`M_i`:\n\n```text\nMMO(H_{i-1}, M_i) = E(H_{i-1}, M_i) ^ M_i\n```\n\nThese can be combined into a single form:\n\n```text\nSEM-MMO(H_{i-1}, M_i) = P(M_i ^ H_{i-1}) ^ H_{i-1} ^ M_i\n```\n\nAreion-512-MMO uses four 128-bit words, initialized with the same constants as SHA-512:\n\n```text\nH_0 = (0x6a09e667f3bcc908bb67ae8584caa73b, 0x3c6ef372fe94f82ba54ff53a5f1d36f1,\n       0x510e527fade682d19b05688c2b3e6c1f, 0x1f83d9abfb41bd6b5be0cd19137e2179)\n```\n\nIt then iterates through the message in 512-bit blocks, updating the state words using the `MMO-SEM`\ncompression function. To produce a final digest, the same padding as SHA-512 is used (i.e. appending\nan`0x80` byte, padding to the nearest block, and appending a 128-bit big-endian counter of the\nmessage length in bits), and the final state words are serialized in big-endian form.\n\nThe resulting hash function offers 256 bits of collision resistance if the permutation `P` (i.e.\nAreion-512) is indistinguishable from a random permutation. Untruncated digests are vulnerable to\nlength-extension attacks. With dedicated AES and 128-bit vector instructions, performance is ~1.7x\nthat of vectorized SHA-256 on x86_64 processors and ~1.1x that of fully-accelerated SHA-256 on Apple\nSilicon processors.\n\n### Areion-512-HAIFA\n\nAreion-512-HAIFA is a HAIFA-style hash function based on the Areion512 permutation, allowing for\nvariable digest lengths (0..64 bytes), and immune to length extension attacks.\n\nAreion-512-MMO uses four 128-bit words, initialized with the same constants as SHA-512, plus a\nconstant tweak, consisting of the SHA-512-256 constants, XORed with the output size.\n\n, with the\nfinal word XORed with the output size in bits:\n\n```text\nH_0 = (0x6a09e667f3bcc908bb67ae8584caa73b, 0x3c6ef372fe94f82ba54ff53a5f1d36f1,\n       0x510e527fade682d19b05688c2b3e6c1f, 0x1f83d9abfb41bd6b5be0cd19137e2179)\nT = (0x22312194fc2bf72c9f555fa3c84c64c2, 0x2393b86b6f53b151963877195940eabd,\n     0x96283ee2a88effe3be5e1e2553863992, 0x2b0199fc2c85b8aa0eb72ddc81c52ca2 ^ output_size)\n```\n\nThe tweak can also be used to incorporate a salt, domain separation string, and other metadata.\n\nIts compression function uses a 128-bit counter of the number of bits which have been processed,\nincluding the current block:\n\n```text\nC(H, T, M, #bits) = P(H ^ T ^ M ^ #bits) ^ H ^ T\n```\n\nThe resulting hash function offers 256 bits of collision resistance if the permutation `P` (i.e.\nAreion-512) is indistinguishable from a random permutation. This construction is not vulnerable to\nlength-extension attacks. With dedicated AES and 128-bit vector instructions, performance is ~1.7x\nthat of vectorized SHA-256 on x86_64 processors and ~1.2x that of fully-accelerated SHA-256 on Apple\nSilicon processors.\n\n## License\n\nCopyright © 2023 Coda Hale\n\nDistributed under the Apache License 2.0 or MIT License.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcodahale%2Fareion","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcodahale%2Fareion","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcodahale%2Fareion/lists"}