{"id":15833681,"url":"https://github.com/itzmeanjan/acorn","last_synced_at":"2026-01-12T06:26:00.659Z","repository":{"id":41973624,"uuid":"477410292","full_name":"itzmeanjan/acorn","owner":"itzmeanjan","description":"Accelerating Acorn: A Lightweight Authenticated Cipher","archived":false,"fork":false,"pushed_at":"2022-04-21T13:20:34.000Z","size":339,"stargazers_count":2,"open_issues_count":1,"forks_count":0,"subscribers_count":3,"default_branch":"master","last_synced_at":"2024-10-06T13:41:33.777Z","etag":null,"topics":["acorn","acorn128","authenticated-encryption","caeser-competition","caeser-crypto","cpu","dpcpp","fpga","gpu","lightweight-authenticated-cipher","oneapi","sycl","verified-decryption"],"latest_commit_sha":null,"homepage":"","language":"C++","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/itzmeanjan.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2022-04-03T17:11:25.000Z","updated_at":"2023-04-30T09:27:17.000Z","dependencies_parsed_at":"2022-08-12T01:10:10.419Z","dependency_job_id":null,"html_url":"https://github.com/itzmeanjan/acorn","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/itzmeanjan/acorn","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/itzmeanjan%2Facorn","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/itzmeanjan%2Facorn/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/itzmeanjan%2Facorn/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/itzmeanjan%2Facorn/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/itzmeanjan","download_url":"https://codeload.github.com/itzmeanjan/acorn/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/itzmeanjan%2Facorn/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28336316,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-12T06:09:07.588Z","status":"ssl_error","status_checked_at":"2026-01-12T06:05:18.301Z","response_time":98,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["acorn","acorn128","authenticated-encryption","caeser-competition","caeser-crypto","cpu","dpcpp","fpga","gpu","lightweight-authenticated-cipher","oneapi","sycl","verified-decryption"],"created_at":"2024-10-05T13:41:33.481Z","updated_at":"2026-01-12T06:26:00.633Z","avatar_url":"https://github.com/itzmeanjan.png","language":"C++","funding_links":[],"categories":[],"sub_categories":[],"readme":"# acorn\nAccelerating Acorn: A Lightweight Authenticated Cipher\n\n## Overview\n\nAfter implementing `ascon` --- a fast, lightweight cryptographic suite, implementing authenticated encryption ( read AEAD ) \u0026 cryptographically secure hashing, I decided to take up another winner ( in lightweight application category ) of CAESER AEAD competition --- `acorn` : a lightweight authenticated cipher suite.\n\n\u003e Read more about AEAD [here](https://en.wikipedia.org/wiki/Authenticated_encryption)\n\n\u003e Read more about CAESER competition [here](https://competitions.cr.yp.to/caesar-submissions.html)\n\n\u003e Read Acorn128 v3 specification [here](https://competitions.cr.yp.to/round3/acornv3.pdf), that's what is implemented here ⭐\n\n\u003e If interested in Ascon, see my work [here](https://github.com/itzmeanjan/ascon)\n\nAcorn128 is a lightweight authenticated cipher which implements following two functions\n\n- Authenticated encryption\n- Verified decryption\n\nSimply speaking, given a plain text byte array, which is of importance ( imagine it carries some data which is not supposed to be read by everyone ) \u0026 some associated data bytes ( which can be public, doesn't carry something to be kept secret, _think of data packet header_ ), authenticated encryption procedure generates equal number of encrypted bytes ( i.e. `len(enc) == len(text)` ) and 128 -bit authenticated tag ( think of it as MAC, see [here](https://en.wikipedia.org/wiki/Message_authentication_code) ). This procedure requires two more inputs\n\n- 128 -bit secret key\n- 128 -bit public message nonce **( don't use same nonce twice with same secret key )**\n\nAfter that encrypted text can be decrypted by another party who has access to following pieces of information\n\n- 128 -bit secret key\n- 128 -bit public message nonce\n- 128 -bit authentication tag ( computed 👆 )\n- Encrypted bytes ( computed 👆 )\n- Associated data bytes\n\nVerified decryption procedure should generate two pieces of outputs\n\n- Decrypted data bytes ( `len(dec) == len(enc)` )\n- Boolean flag denoting successful verification\n\nAfter that boolean flag should be tested for truthfulness, if it doesn't pass that test, decrypted data bytes should not be consumed !\n\nIf any of authentication tag/ encrypted bytes/ associated data bytes are mutated ( even a single bit flipped ), verified decryption process should fail.\n\nHere I keep a C++ header-only library, implementing **Acorn128 v3**, which can be compiled down to CPU/ GPGPU ( using SYCL kernels ) executable code. Other than that single work-item SYCL kernels ( read SYCL `single_task` ) which can be used for synthesizing Acorn-128 FPGA h/w image, are also made available, accompanied with emulated testing ( to check functional correctness ), FPGA h/w benchmark \u0026 example usage code. Single work-item Acorn128 encrypt kernel takes following as input\n\n- N -many independent, non-overlapping, equal-length plain text byteslices\n- N -many independent, non-overlapping, equal-length associated data byteslices\n- N -many independent, non-overlapping secret keys ( each secret key is of 128 -bit )\n- N -many independent, non-overlapping public message nonces ( each nonce is of 128 -bit )\n\nEncrypt produces following in result\n\n- N -many independent, non-overlapping, equal-length encrypted byteslices\n- N -many independent, non-overlapping authentication tags ( each tag is of 128 -bit )\n\nSingle work-item FPGA offloadable Acorn128 decrypt kernel takes following as input\n\n- N -many independent, non-overlapping, equal-length plain text byteslices\n- N -many independent, non-overlapping, equal-length associated data byteslices\n- N -many independent, non-overlapping secret keys ( each secret key is of 128 -bit )\n- N -many independent, non-overlapping public message nonces ( each nonce is of 128 -bit )\n- N -many independent, non-overlapping authentication tags ( each tag is of 128 -bit )\n\nOutput computed by decrypt kernel looks like\n\n- N -many independent, non-overlapping, equal-length decrypted byteslices\n- N -many independent, non-overlapping verification flag ( each value is boolean )\n\n\u003e Read more about SYCL [here](https://www.khronos.org/registry/SYCL)\n\n\u003e Before consuming each of decrypted byteslices, make sure that respective verification flag is **true**, otherwise something is off !\n\n## Prerequisites\n\n- Make sure you've installed `g++`/ `clang++`/ `dpcpp`; I prefer `dpcpp`, find more [here](https://www.intel.com/content/www/us/en/developer/tools/oneapi/dpc-compiler.html)\n\n\u003e If you happen to be using something other than `dpcpp`, consider updating Makefile.\n\n\u003e If you're interested in synthesizing FPGA h/w image, you must have `dpcpp` along with supported FPGA h/w such as Intel Arria 10 or Intel Stratix 10. I prefer using Intel Devcloud; find more about FPGA synthesis/ execution on Intel Devcloud [here](https://github.com/intel/FPGA-Devcloud/tree/9a7370d)\n\n```bash\n$ dpcpp --version\n\nIntel(R) oneAPI DPC++/C++ Compiler 2022.0.0 (2022.0.0.20211123)\nTarget: x86_64-unknown-linux-gnu\nThread model: posix\nInstalledDir: /opt/intel/oneapi/compiler/2022.0.2/linux/bin-llvm\n```\n\nor\n\n```bash\n$ g++ --version\n\ng++ (Ubuntu 10.3.0-1ubuntu1~20.04) 10.3.0\n```\n\n- You'll need system development utilities like `make`, `cmake`\n\n```bash\n$ make --version\n\nGNU Make 4.2.1\n```\n\n```bash\n$ cmake --version\n\ncmake version 3.16.3\n```\n\n- For benchmarking Acorn128 implementation on CPU, you must have `google-benchmark` globally installed; see [here](https://github.com/google/benchmark/tree/60b16f1#installation)\n\n- Make sure you've C++ standard library, implementing `C++20` specification, installed\n\n## Testing\n\nFor testing functional correctness of Acorn128 cipher suite on CPU, run\n\n```bash\nmake\n```\n\nThis will run two kinds of tests\n\n- Test that everything works as expected in ideal scenario\n- Test that if any of followings are mutated ( even a single bit flipped ), verified decryption certainly fails\n  - Associated data bytes\n  - Encrypted data bytes\n  - 128 -bit authentication tag\n  - 128 -bit public message nonce\n  - 128 -bit secret key\n\nTo be sure that sythesized FPGA h/w image from Acorn128 encrypt/ decrypt kernels behave as they should, emulate FPGA design using\n\n```bash\nmake fpga_emu_test\n```\n\n## Benchmarking\n\nFor benchmarking authenticated encryption \u0026 verified decryption of Acorn128 cipher suite, run\n\n\u003e `google-benchmark` header files, source files \u0026 library must be globally installed !\n\n```bash\nmake benchmark\n```\n\n```bash\n2022-04-13T13:30:10+00:00\nRunning ./bench/a.out\nRun on (4 X 2300.14 MHz CPU s)\nCPU Caches:\n  L1 Data 32 KiB (x2)\n  L1 Instruction 32 KiB (x2)\n  L2 Unified 256 KiB (x2)\n  L3 Unified 46080 KiB (x1)\nLoad Average: 0.16, 0.15, 0.10\n----------------------------------------------------------------------------------\nBenchmark                        Time             CPU   Iterations UserCounters...\n----------------------------------------------------------------------------------\nacorn_encrypt_64B_32B         1593 ns         1593 ns       437893 bytes_per_second=57.4812M/s items_per_second=627.848k/s\nacorn_encrypt_128B_32B        1810 ns         1810 ns       391869 bytes_per_second=84.3073M/s items_per_second=552.516k/s\nacorn_encrypt_256B_32B        2178 ns         2178 ns       321253 bytes_per_second=126.09M/s items_per_second=459.08k/s\nacorn_encrypt_512B_32B        3075 ns         3075 ns       235572 bytes_per_second=168.713M/s items_per_second=325.199k/s\nacorn_encrypt_1024B_32B       4547 ns         4547 ns       153358 bytes_per_second=221.504M/s items_per_second=219.947k/s\nacorn_encrypt_2048B_32B       7704 ns         7704 ns        91038 bytes_per_second=257.49M/s items_per_second=129.807k/s\nacorn_encrypt_4096B_32B      13994 ns        13993 ns        50042 bytes_per_second=281.337M/s items_per_second=71.464k/s\nacorn_decrypt_64B_32B         1601 ns         1601 ns       436588 bytes_per_second=57.1972M/s items_per_second=624.746k/s\nacorn_decrypt_128B_32B        1811 ns         1811 ns       386671 bytes_per_second=84.2784M/s items_per_second=552.327k/s\nacorn_decrypt_256B_32B        2238 ns         2238 ns       314230 bytes_per_second=122.705M/s items_per_second=446.755k/s\nacorn_decrypt_512B_32B        3073 ns         3073 ns       228023 bytes_per_second=168.812M/s items_per_second=325.391k/s\nacorn_decrypt_1024B_32B       4744 ns         4744 ns       147653 bytes_per_second=212.276M/s items_per_second=210.783k/s\nacorn_decrypt_2048B_32B       8085 ns         8085 ns        86586 bytes_per_second=245.355M/s items_per_second=123.689k/s\nacorn_decrypt_4096B_32B      14770 ns        14770 ns        47390 bytes_per_second=266.536M/s items_per_second=67.7043k/s\n```\n\n\u003e In above console output, `acorn_{encrypt|decrypt}_X_Y` denotes for testing encrypt/ decrypt routine of Acorn128 cipher suite plain text/ cipher text length is X -bytes while associated data length is Y -bytes. You'll notice Y = 32 -bytes always, while X is varied !\n\nFor benchmarking Acorn128 cipher suite implementation on FPGA h/w, see [here](./results/fpga.md)\n\n## Usage\n\n`acorn` is a header-only C++ library, using it is as easy as including header file `include/acorn.hpp` in your program \u0026 adding `./include` directory to your `INCLUDE_PATH` during compilation.\n\n- **A**uthenticated **E**ncryption with **A**ssociated **D**ata related routines that you'll be generally interested in, are kept in `acorn::` namespace.\n- FPGA synthesizable Acorn-128 AEAD kernels are kept in `acorn_fpga::` namespace, whose implementation is available in `include/acorn_fpga.hpp`\n- Also see `include/utils.hpp`, if that helps you in anyways.\n\nSee full example of using\n\n- Acorn128 API [here](https://github.com/itzmeanjan/acorn/blob/10f524a/example/acorn128.cpp)\n- Acorn128 FPGA Kernels [here](https://github.com/itzmeanjan/acorn/blob/b622943/example/acorn128_fpga.cpp)\n\n## FPGA Optimization Report\n\nOne can use `dpcpp` compiler along with Intel oneAPI basekit for generating FPGA optimization reports based on early linked FPGA image. Issue following command for doing so\n\n\u003e Find more about Intel oneAPI basekit [here](https://www.intel.com/content/www/us/en/developer/tools/oneapi/base-toolkit.html#gs.xs0wio)\n\n```bash\nmake fpga_opt_test\n```\n\nThese estimates are helpful during development, as it allows one to get feedback on FPGA design without waiting for lengthy FPGA h/w synthesis phase.\n\nNote, it doesn't produce any executable binary, instead render `test/reports/report.html` to view FPGA optimization report. \n\n## FPGA Design\n\nAfter going through a lengthy ( ~02:30 hours ) FPGA h/w synthesis phase, while targeting Intel Arria 10 board on Intel Devcloud, I obtained following results in optimization report.\n\n![clock_freq](./opt/clock_freq.png)\n![area_usage](./opt/area_usage.png)\n![res_utilization](./opt/res_util.png)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fitzmeanjan%2Facorn","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fitzmeanjan%2Facorn","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fitzmeanjan%2Facorn/lists"}