Skip to content

oasisprotocol/deoxysii-js

Repository files navigation

deoxysii.js - JavaScript Deoxys-II-256-128

GitHub CI version size downloads License: MIT

This package provides a pure-JavaScript implementation of the Deoxys-II-256-128 v1.43 algorithm from the final CAESAR portfolio.

Deoxys is an authenticated encryption scheme based on a 128-bit lightweight ad-hoc tweakable block cipher. It may be used in two modes to handle nonce-respecting users (Deoxys-I) or nonce-reusing user (Deoxys-II).

It has been designed by Jérémy Jean, Ivica Nikolić, Thomas Peyrin and Yannick Seurin.

Usage

Install the package as a dependency of your project:

npm add '@oasisprotocol/deoxysii'

The AEAD class can then be used to encrypt and decrypt, with an optional authenticated data field which can be very useful when constructing protocols.

import { AEAD, KeySize, NonceSize } from '@oasisprotocol/deoxysii';

// Define a key (ensure the size matches requirements)
const key = crypto.getRandomValues(new Uint8Array(KeySize));
const aead = new AEAD(key);

// Encryption
const nonce = crypto.getRandomValues(new Uint8Array(NonceSize));
const plaintext = new TextEncoder().encode("Hello World");
const associatedData = new Uint8Array([0x1, 0x2, 0x3]);

const encrypted = aead.encrypt(nonce, plaintext, associatedData);
console.log('Encrypted:', encrypted);

// Decryption
try {
    const decrypted = aead.decrypt(nonce, encrypted, associatedData);
    console.log('Decrypted:', new TextDecoder().decode(decrypted));
} catch (error) {
    console.error('Decryption failed:', error);
}

Notes

Warning

It is unclear what the various JavaScript implementations will do to the ct32 code or the underlying bitsliced AES round function, and it is quite possible that it may be vulnerable to side channels.

Users that require a more performant and secure implementation are suggested to investigate WebAssembly, or (even better) calling native code.

Development

  • Node.js - version 18+
  • typescript - version 5.x, for type safety
  • pnpm - package manager
  • gh act - run GitHub actions locally
  • vitest - tests, benchmarking & coverage
  • biome - lint & formatting
  • tsup - compilation & bundling
  • publint - packaging checks

License & Acknowledgements

This project is released under the MIT License.

This project utilizes modified code originally developed by Franz X Antesberger. The original code for uint32.js is available at fxa/uint32.js. We have adapted this code for TypeScript. We appreciate the contributions of Franz X Antesberger to the open-source community.