bounty: AES-GCM

[0xJepsen]

Advanced Encryption Standard: Galois Counter Mode (AES-GCM)

AES-GCM is a block cipher mode of operation for the AES block cipher that is, specifically, counter mode. The effect is that the block cipher becomes a stream cipher.

CTR (Counter) mode: Provides confidentiality. GCM (Galois/Counter Mode): Provides both confidentiality and authentication. For Clarity AES-GCM depends is a specification depending upon the counter mode of operation of AES (AES-CTR) and thus counter mode support is required for the completion of this bounty. That being said Ronkathon already has an AES implementation that should be utilized for this so the AES algorithm doesn't need to be implemented.

Requirements

• [x] #142
• [x] #141
• [x] #143
• [x] #144

Resources

• Wikipedia Block cipher mode of operation
• Wikipedia Galois/Counter Mode
• NIST SP 800-38A (CTR mode with test vectors)
• NIST SP 800-38D (GCM mode with test vectors)
• NIST GCM spec (with GHASH test vectors)
• Difference in Five Modes in AES
• AES-GCM explanation
• Video From David Wong explaining GCM

Criteria

For timely submissions of bounties that meet the implementation requirements, a bounty of at least $250 will be awarded to the contributor. Additional bounty amounts are available and will be rewarded based on the following criteria:

• Correctness and security: Thorough convincing that both implementations are completely correct and secure. All requirements must be met.
• Code clarity and quality: Succinct, easy-to-follow code with appropriate naming conventions. Utilize Rust's type system for flexibility and security (e.g., compile-time checks where possible). Avoid external crates. Optimizations should be a lower priority than clarity, but can be included behind a feature flag as a bonus.
• Documentation quality: Provide comprehensive READMEs, Cargo docs, and inline comments where code itself is not self-explanatory. Remember that ronkathon is primarily an educational toolbox, so prioritize clarity and readability to facilitate learning.
• Comparison and vulnerability analysis: As a bonus, include a brief comparison of AES-CTR and AES-GCM, highlighting their strengths, weaknesses, and appropriate use cases. This will enhance the educational value of the implementation. Can you show where either of the two are vulnerable? Hint

[mrdaybird]

Randomly came across this bounty on github feed but I couldn't find any info about bounty program at ronkathon. Is this open to public? asking because this looks interesting to work on!

[0xJepsen]

Randomly came across this bounty on github feed but I couldn't find any info about bounty program at ronkathon. Is this open to public? asking because this looks interesting to work on!

We had created the bounty as a party of an event called zkhack. @devloper are we open to continuing the bounty?

[0xJepsen]

Randomly came across this bounty on github feed but I couldn't find any info about bounty program at ronkathon. Is this open to public? asking because this looks interesting to work on!

We are working on a more general bounty process to reward contributors and hope to have some more information available soon

[brunny-eth]

@mrdaybird -- we're opening up bounties for contributors! if you'd like to take a crack at this one, feel free to assign it to yourself and get started 😄

[mrdaybird]

@brunny-eth Awesome! I would love to do this over the weekend. Please assign it to me if that's okay!

[brunny-eth]

assigned to you ser @mrdaybird

[mrdaybird]

@brunny-eth I think I have completed all the requirements for this bounty! (with PR #157 #158 and #159) We now have an implementation of GCM+GHASH, and an improved modes of operation readme. I hope that everything look good!

EDIT: added PR #159 along with others

[brunny-eth]

sounds good -- standby, @mrdaybird, we will get back to you very shortly 🫡