Advanced Encryption Standard
An implementation of AES, a symetric-key algorithm to encrypt and decrypt files (buffer
s and string
s) securely. It should provide good security against cryptographic attacks.
Includes
- AES-128, AES-192 and AES-256.
- ECB, CBC, PCBC, CFB, OFB and CTR cipher modes.
- New
buffer
s support and cast fromstring
s. - New
AesCipher
object for various encryption/decryption methods. - New non-padding, ANSI X9.23, ISO 10126, PCKS#7, ISO/IEC 7816-4 and zero pads.
Implementation
In order to implement this asset, download the model or use require
. Check if the asset is the original one and insert it to your place. Here is an example of a way to start using it:
local AES = require(11195079384) -- Or reference a ModuleScript
local cipher = AES.new("This is a sample", Aes.modes.CTR, Aes.pads.Pkcs7)
encrypted = cipher:Encrypt("Lorem ipsum dolor sit amet")
decrypted = cipher:Decrypt(encrypted)
print(buffer.tostring(decrypted)) --Expected output: Lorem ipsum dolor sit amet
A correct use of this algorithm is to keep the key secret and IV unpredictable, and all the confidential processes must be done in the server. This implementation might not resistant to side-channel attacks.
Information
This module includes 6 modes of block cipher operations:
Mode |
Description |
Parallelizable |
---|---|---|
ECB | Message divided into blocks which are then encrypted. IV is not an input. Note: this mode is just trivial and it should not be used in practice. | Yes |
CBC | Plaintext is divided and ther XORed with the previous one before being encrypted. | Decryption only |
PCBC | Plaintext is divided and XORed with both the previous plaintext and ciphertext before being encrypted. | No |
CFB | Plaintext is made into a self-synchronizing stream cipher. Segment size property is 16 by default. | Decryption only |
OFB | Plaintext generates keystream blocks which are then XORed with the plaintext blocks. | No |
CTR | Generates keystream blocks by encrypting succesive values of a counter. More information is related below. | Yes |
Plaintext or ciphertext is the main input and contains the data wanted to encrypt or decrypt respectively. Its length must be a multiple of 16 bytes. Note: OFB and CTR are symmetric.
Key is the most important information that lets the algorithm encode and decode data. Key sizes are 16 (AES-128), 24 (AES-192) and 32 (AES-256) bytes long.
Initialization vector is a block which is used to randomize the encryption. It is an input of the encryption/decryption methods, zeroes are by default. It is ignored by ECB and CTR modes. It must be 16 bytes long.
Counter is a function which produces a sequence that should not repeat for a long time. It should be 16 bytes long. Incrementing-by-one counter is used by default, other counter properties may be used for parallelization optimizations.
Parallelization can be done using Actor
s (see Parallel Luau) but only works for specific modes related above. CTR mode must be done organizedly in order to get safe encryption. Deeper documentation about custom modes or pads can be found in the main module.
Performance
The algorithm has been benchmarked with an Intel® Core™ i5-10300H CPU @ 2.50GHz processor with a 32 GB RAM, using ECB mode with a key size of 16 (AES-128) and Luau native code:
Plaintext size |
Encryption av. time |
Decryption av. time |
---|---|---|
16 bytes | 0.0000061 |
0.0000086 |
32 bytes | 0.0000067 |
0.0000097 |
80 bytes | 0.0000088 |
0.0000124 |
1600 bytes (1.6 KB) | 0.0000688 |
0.0001054 |
3200 bytes | 0.0001337 |
0.0002072 |
160000 bytes (160 KB) | 0.0061583 |
0.0090831 |
1000000 bytes (1 MB) | 0.0373192 |
0.0568667 |
5000000 bytes (5 MB) | 0.1924914 |
0.2852383 |
10000000 bytes (10 MB) | 0.3832369 |
0.5708973 |
The module has been optimized for Luau, requiring string
, buffer
and bit32
libraries. As shown, cycles are really fast for any ammount of data. More can be encrypted without crashing by using parallelization and rest turns, but at the cost of sacrificing time.
- Great and useful
- Great
- Good
- Needs improvements
0 voters
I would appreciate the feedback, since this optimization took me a lot of research and time!