{"id":50487028,"url":"https://github.com/systemslibrarian/crypto-lab-model-breach","last_synced_at":"2026-06-01T23:03:34.695Z","repository":{"id":351968680,"uuid":"1213217740","full_name":"systemslibrarian/crypto-lab-model-breach","owner":"systemslibrarian","description":"Browser-based HiAE threat model case study — AESL, Theorem 1 candidate enumeration, MITM state recovery, byte decomposition, guess-and-determine key recovery. Security claims are contracts. The threat model is the fine print. No backends. No simulated math.","archived":false,"fork":false,"pushed_at":"2026-04-17T08:06:59.000Z","size":89,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-04-17T10:14:55.300Z","etag":null,"topics":["aead","aes","algebraic-attacks","browser-demo","crypto-lab","cryptography","meet-in-the-middle","security-analysis","threat-modeling","typescript","vite"],"latest_commit_sha":null,"homepage":"https://systemslibrarian.github.io/crypto-lab-model-breach/","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/systemslibrarian.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-04-17T06:47:41.000Z","updated_at":"2026-04-17T08:10:21.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/systemslibrarian/crypto-lab-model-breach","commit_stats":null,"previous_names":["systemslibrarian/crypto-lab-model-breach"],"tags_count":null,"template":false,"template_full_name":null,"purl":"pkg:github/systemslibrarian/crypto-lab-model-breach","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/systemslibrarian%2Fcrypto-lab-model-breach","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/systemslibrarian%2Fcrypto-lab-model-breach/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/systemslibrarian%2Fcrypto-lab-model-breach/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/systemslibrarian%2Fcrypto-lab-model-breach/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/systemslibrarian","download_url":"https://codeload.github.com/systemslibrarian/crypto-lab-model-breach/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/systemslibrarian%2Fcrypto-lab-model-breach/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33797128,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-01T02:00:06.963Z","response_time":115,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aead","aes","algebraic-attacks","browser-demo","crypto-lab","cryptography","meet-in-the-middle","security-analysis","threat-modeling","typescript","vite"],"created_at":"2026-06-01T23:03:30.897Z","updated_at":"2026-06-01T23:03:34.690Z","avatar_url":"https://github.com/systemslibrarian.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# crypto-lab-model-breach — When the Contract Breaks\n\n\u003e \"Whether therefore ye eat, or drink, or whatsoever ye do, do all to the glory of God.\"\n\u003e — 1 Corinthians 10:31\n\n## What It Is\n\nA live case study in the most important and most misunderstood idea in\napplied cryptography: security claims are contracts, and the threat model\nis the fine print.\n\nHiAE (ePrint 2025/377) is a real AEAD scheme achieving 340 Gbps on x86\nand 180 Gbps on ARM — the fastest cross-platform AEAD ever published.\nIt claims 256-bit security against key-recovery attacks in the\nnonce-respecting setting. That claim is correct.\n\nThis demo uses the algebraic attack from ePrint 2025/1203 (Hu et al.,\nJune 2025 — https://eprint.iacr.org/2025/1203.pdf) as a live illustration\nof what happens when an adversary operates outside the assumed boundaries:\nunder a stronger model where the attacker can submit unlimited forgeries\nto the decryption oracle, security falls to 2^209. The HiAE designers\nresponded in ePrint 2025/1235, maintaining their claims are intact under\nthe original model. Both positions are correct — which is exactly the point.\n\nImplements real AESL (one AES round, zero round key), a structurally correct\ntoy-scale HiAE, and simulates all three attack phases with line-by-line output\nand full-scale complexity annotations. No backends. No simulated math.\n\n## When to Use It\n\n- You need to teach the difference between a security claim and absolute safety\n- You are evaluating an AEAD for a deployment and need to reason about\n  your actual adversary model, not just the scheme's stated security level\n- You want to understand why \"no known attack\" always has an asterisk\n- You are building systems that expose decryption as a service and need to\n  understand the implications\n\n## Live Demo\n\nhttps://systemslibrarian.github.io/crypto-lab-model-breach/\n\n## What Can Go Wrong\n\n- **The threat model mismatch:** This attack requires both an encryption oracle\n  AND a decryption oracle that accepts 2^128 forgery attempts. If your deployment\n  cannot expose a decryption oracle to adversaries, you are in the standard model\n  and HiAE's 256-bit claim holds.\n- **Toy scale vs full scale:** The demo runs on 4-block reduced HiAE with ~2^8\n  search spaces. Full attack: 2^130 data, 2^209 time. Not browser-runnable.\n  The algebraic structure is identical — only the scale differs.\n- **The concurrent paper:** Bille \u0026 Tischhauser (ePrint 2025/1180) independently\n  reached the same conclusions simultaneously. This is not a solo discovery —\n  it reflects a known gap in this family of AEADs.\n\n## Real-World Usage\n\nThe same extended-oracle attack framework was applied to AEGIS first, then\nRocca, now HiAE. The pattern suggests any AES-round-function-based AEAD with\ninsufficient key mixing at initialization/finalization may share this\nstructural property. If you are designing a new AEAD, your security analysis\nshould explicitly address the extended decryption oracle model even if you\nchoose to exclude it from your formal claims.\n\nHiAE itself is the IETF CFRG draft draft-pham-cfrg-hiae. Deployment decisions\nshould account for whether 6G or GPU/NPU interconnect environments can expose\ndecryption oracles to adversaries capable of 2^128 queries.\n\n## Stack\n\nVite + TypeScript strict + vanilla CSS. GitHub Pages. No backends.\nNo external crypto libraries. WebCrypto API only for all primitives.\n\n## Build\n\n```bash\nnpm install\nnpm run build\nnpm run dev    # local dev server\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsystemslibrarian%2Fcrypto-lab-model-breach","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsystemslibrarian%2Fcrypto-lab-model-breach","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsystemslibrarian%2Fcrypto-lab-model-breach/lists"}