The CEX Cryptographic library in C++
The CEX Cryptographic library in C++
CEX is being written from the ground-up as a powerful and accessible post-quantum secure cryptographic library; a flexible security model, performance-oriented, designed for ease of use, and the automation of complex tasks.
There are some new ideas, and new technologies, as I intend to push the envelope, and so am authoring this with a determination to make the fastest, most intuitive, most secure implementations possible.
This library is being built in two stages; the symmetric cryptography, which consists of ciphers, hash functions, MACs, RNGs, TRNGs etc, preliminary work has been completed as of version v1.0. That work is still evolving however, as improvements and additions to the symmetric cryptography will continue throughout the libraries lifetime. The second half is the the addition of asymmetric cryptography, with a strong focus on post-quantum security. This work is well under way, and this release contains the NTRU (NTRU Prime), RingLWE (New Hope), ModuleLWE (Kyber) and McEliece (Niederreiter) asymmetric ciphers, as well as the Dilithium, XMSS, Rainbow, and SPHINCS+ signature schemes.
Though efforts have been made towards future compatibility with other platforms, this is currently a Windows-only library, but is currently scheduled for multi-platform compatibility (Android, Linux, and possibly iOS) by the spring of 2021. This has been tested on MSVC-2017 and MSVC-2019 in ARM/x86/x64 debug and release modes, using the MSVC and Intel compiler tool-chains, and future efforts will be made to add support for Intel/Clang and GCC compilers once testing begins on other operating systems. This project also requires OpenMP support.
Only a limited number of CPUs have been tested so far; an AMD K9, and Intel i3, i5, and i7 processors; for the moment, newer Intel and AMD cpu's are all that is supported, (testing on a wider range of hardware profiles is ongoing).
Works with or without intrinsics, set the test project and the library to a supported instruction set to test the intrinsics enhanced implementations. The SIMD support is set to AVX2 by default, (AVX implementations are also in place on some ciphers and protocols, set the enhanced instruction flag to your system supported set: arch:AVX2, or the minimum supported instructions arch:AVX, or None, arch:IA32). The library also has experimental AVX512 support (untested), that can be enabled through the CexConfig.h file.
The Win folder contains a visual studio test project, which tests each cipher and protocol with it's official test vectors, and has a set of digest and symmetric cipher speed tests. Make sure the project properties SIMD and OpenMP support are enabled before running the project, and for speed tests, compile in release mode. If running the executable, the Win\Test\Vectors folder containing the cipher KAT files must be in the executables path.
For more information on the current capabilities of the library, refer to the libraries help pages.
Note: This is still an early stage in the development of this library (pre-alpha), and much of the work is formative and evolving, so stay tuned, be patient.. writing a new library is a big job! (eta is the summer of 2021).
Note: Each cipher can be deployed as either the standard form (AES, Serpent), or the extended hybrid using cSHAKE or HKDF(SHA2) key expansion
Note: Integrated an optional built-in authentication generator (KMAC) to each stream cipher
Note: Every message digest implementation has both parallel and sequential modes of operation
This project is licensed under the GPL version 3 (GPLv3): https://www.gnu.org/licenses/gpl-3.0.en.html
This project contains strong cryptography, before downloading the source files, it is your responsibility to check if the extended symmetric cipher key lengths (512 bit and higher), and other cryptographic algorithms contained in this project are legal in your country. If you use this code, please do so responsibly and in accordance to law in your region.