{"id":15370309,"url":"https://github.com/jedisct1/areion","last_synced_at":"2026-01-26T22:45:51.409Z","repository":{"id":195535808,"uuid":"691777963","full_name":"jedisct1/areion","owner":"jedisct1","description":"The AREION public crypto permutation, implemented in Zig.","archived":false,"fork":false,"pushed_at":"2025-12-01T15:10:37.000Z","size":31,"stargazers_count":5,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-12-03T23:46:23.079Z","etag":null,"topics":["aes","areion","areion512-md","hash","permutation","zig","zig-package"],"latest_commit_sha":null,"homepage":"","language":"Zig","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/jedisct1.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2023-09-14T21:46:37.000Z","updated_at":"2025-12-01T15:10:41.000Z","dependencies_parsed_at":"2025-05-24T23:11:00.994Z","dependency_job_id":"46fd0121-37db-449f-b28f-0b4b451bc7a2","html_url":"https://github.com/jedisct1/areion","commit_stats":null,"previous_names":["jedisct1/areion"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/jedisct1/areion","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jedisct1%2Fareion","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jedisct1%2Fareion/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jedisct1%2Fareion/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jedisct1%2Fareion/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/jedisct1","download_url":"https://codeload.github.com/jedisct1/areion/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jedisct1%2Fareion/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28791127,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-26T21:49:50.245Z","status":"ssl_error","status_checked_at":"2026-01-26T21:48:29.455Z","response_time":59,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aes","areion","areion512-md","hash","permutation","zig","zig-package"],"created_at":"2024-10-01T13:40:52.109Z","updated_at":"2026-01-26T22:45:51.382Z","avatar_url":"https://github.com/jedisct1.png","language":"Zig","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Areion\n\nFast Zig implementation of the [Areion](https://eprint.iacr.org/2023/794.pdf) permutation family presented at CHES 2023. This library provides both Areion512 and Areion256 variants, optimized for speed particularly on small inputs.\n\n## Features\n\n- **Areion512**: 512-bit permutation with 32-byte input blocks and 32-byte hash output\n- **Areion256**: 256-bit permutation with 16-byte input blocks and 16-byte hash output\n- **AreionOCH**: Authenticated encryption with associated data (AEAD) using OCH mode\n- AES-based permutation using hardware acceleration when available\n- Merkle-Damgård construction with Davies-Meyer compression\n- Comprehensive test vectors included\n- Optimized for performance on small inputs\n\n## Building\n\n```bash\n# Build the library (creates zig-out/lib/libareion.a)\nzig build\n\n# Build with optimizations\nzig build --release=fast    # Optimized for performance\nzig build --release=safe    # Optimized with safety checks\nzig build --release=small   # Optimized for size\n\n# Run tests\nzig build test\n```\n\n## Usage\n\nThis library provides a standard hash function interface compatible with other Zig crypto libraries:\n\n```zig\nconst std = @import(\"std\");\nconst areion = @import(\"areion\");\n\n// Areion512 hash function\nvar output512: [32]u8 = undefined;\nareion.Areion512.hash(\"your message here\", \u0026output512, .{});\n\n// Areion256 hash function  \nvar output256: [16]u8 = undefined;\nareion.Areion256.hash(\"your message here\", \u0026output256, .{});\n\n// Direct permutation usage (advanced)\nvar state512 = areion.Areion512{};\nstate512.absorb([_]u8{0x01} ** 32);  // Absorb 32-byte input\nstate512.permute();                   // Apply permutation\nconst squeezed = state512.squeeze();  // Extract 32-byte output\n\n// Authenticated encryption with AreionOCH\nconst key: [32]u8 = ...; // 256-bit key\nconst npub: [24]u8 = ...; // 192-bit public nonce\nconst nsec: [8]u8 = ...; // 64-bit secret nonce\nconst plaintext = \"secret message\";\nconst associated_data = \"metadata\";\n\nvar ciphertext: [plaintext.len + 8]u8 = undefined;\nvar tag: [32]u8 = undefined;\nareion.AreionOCH.encrypt(\u0026ciphertext, \u0026tag, plaintext, associated_data, npub, nsec, key);\n\n// Decryption\nvar decrypted: [plaintext.len]u8 = undefined;\nvar recovered_nsec: [8]u8 = undefined;\ntry areion.AreionOCH.decrypt(\u0026decrypted, \u0026recovered_nsec, \u0026ciphertext, tag, associated_data, npub, key);\n```\n\n## API Reference\n\n### Areion512\n\n- `block_length`: 32 bytes (input block size)\n- `digest_length`: 32 bytes (output hash size)\n- `hash(input, output, options)`: Main hash function\n- `fromBytes(bytes)`: Create instance from 64-byte state\n- `absorb(bytes)`: Absorb 32-byte input block\n- `squeeze()`: Extract 32-byte output\n- `permute()`: Apply 15-round permutation\n\n### Areion256\n\n- `block_length`: 16 bytes (input block size)\n- `digest_length`: 16 bytes (output hash size)\n- `hash(input, output, options)`: Main hash function\n- `fromBytes(bytes)`: Create instance from 32-byte state\n- `absorb(bytes)`: Absorb 16-byte input block\n- `squeeze()`: Extract 16-byte output\n- `permute()`: Apply 10-round permutation\n\n### AreionOCH\n\nAuthenticated encryption with associated data (AEAD) based on the OCH construction (CCS 2025).\n\n- `key_length`: 32 bytes\n- `npub_length`: 24 bytes (public nonce)\n- `nsec_length`: 8 bytes (secret nonce, embedded in ciphertext)\n- `tag_length`: 32 bytes (authentication tag)\n- `encrypt(c, tag, m, ad, npub, nsec, key)`: Encrypt and authenticate\n- `decrypt(m, nsec, c, tag, ad, npub, key)`: Decrypt and verify (returns `AuthenticationError` on failure)\n\nSecurity properties:\n- 128-bit NAE (nonce-based authenticated encryption) security\n- 128-bit CMT (context commitment) security\n- 256-bit nonces with nonce privacy (secret nonce embedded in ciphertext)\n\n## Algorithm Details\n\n### State Structure\n- **Areion512**: 4 AES blocks (512 bits total)\n  - blocks[0-1]: Rate (32 bytes) for input absorption\n  - blocks[2-3]: Capacity (32 bytes) for internal state\n- **Areion256**: 2 AES blocks (256 bits total)\n  - blocks[0]: Rate (16 bytes) for input absorption\n  - blocks[1]: Capacity (16 bytes) for internal state\n\n### Padding Scheme\nStandard Merkle-Damgård padding:\n1. Append 0x80 byte\n2. Pad with zeros\n3. Append 32-bit big-endian bit length\n4. Handle multi-block padding when necessary\n\n## Performance\n\nThis implementation is optimized for:\n- Small input sizes (common in cryptographic applications)\n- Hardware AES acceleration when available\n- Low memory overhead\n- Cache-friendly memory access patterns\n\n## Papers and References\n\nThis implementation is based on:\n- **Areion**: [Areion: Highly-Efficient Permutations and Its Applications](https://eprint.iacr.org/2023/794.pdf) (CHES 2023)\n  - Authors: Clémence Bouvier, Pierre Briaud, Pyrros Chaidos, Léo Perrin, Robin Salen, Vesselin Velichkov, Danny Willems\n- **OCH**: OCH authenticated encryption mode (CCS 2025)\n\nImplementation uses corrected test vectors from the updated Areion paper.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjedisct1%2Fareion","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjedisct1%2Fareion","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjedisct1%2Fareion/lists"}