The best crypto you've never heard of, brought to you by Phil Rogaway
Go implementation of Miscreant: Advanced symmetric encryption library which provides the AES-SIV (RFC 5297), AES-PMAC-SIV, and STREAM constructions. These algorithms are easy-to-use (or rather, hard-to-misuse) and support encryption of individual messages or message streams.
All types are designed to be thread-compatible: Methods of an instance shared between multiple threads (or goroutines) must not be accessed concurrently. Callers are responsible for implementing their own mutual exclusion.
About AES-SIV and AES-PMAC-SIV
AES-SIV and AES-PMAC-SIV provide nonce-reuse misuse-resistance (NRMR): accidentally reusing a nonce with this construction is not a security catastrophe, unlike more popular AES encryption modes like AES-GCM where nonce reuse leaks both the authentication key and the XOR of both plaintexts, both of which can potentially be leveraged for full plaintext recovery attacks.
With AES-SIV, the worst outcome of reusing a nonce is an attacker can see you've sent the same plaintext twice, as opposed to almost all other AES modes where it can facilitate chosen ciphertext attacks and/or full plaintext recovery.
Help and Discussion
Have questions? Want to suggest a feature or change?
- Gitter: web-based chat about miscreant projects including miscreant.go
- Google Group: join via web or email (email@example.com)
Though this library is written by cryptographic professionals, it has not undergone a thorough security audit, and cryptographic professionals are still humans that make mistakes.
This library makes an effort to use constant time operations throughout its implementation, however actual constant time behavior has not been verified.
Use this library at your own risk.
Code of Conduct
We abide by the Contributor Covenant and ask that you do as well.
For more information, please see CODE_OF_CONDUCT.md.
Bug reports and pull requests are welcome on GitHub at: