Quasor
Quasor: A High-Security AEAD
Version 6.0
1. Overview
Quasor is an experimental, high-security Authenticated Encryption with Associated Data (AEAD) scheme implemented in Rust. It is designed for modern applications where robustness, defense-in-depth, and resistance to common implementation pitfalls are critical.
The construction is based on a duplex sponge using SHAKE256, providing a strong foundation for post-quantum security. It is augmented with several advanced features not commonly found in standard AEADs like AES-GCM.
⚠️ Warning: Quasor is a research-grade cipher. It has not undergone formal, third-party cryptographic review. It should be used for experimental, educational, or research purposes, not for production systems handling sensitive data.
2. Core Features
- Post-Quantum Resistance: The core cipher uses a SHAKE256 sponge, which is built on a 1600-bit permutation. The large internal state provides a high security margin against both classical and quantum cryptanalysis, including attacks like Grover’s algorithm.
- Nonce-Misuse Resistance: Implements a Synthetic Initialization Vector (SIV) mechanism using a keyed BLAKE3 hash. The nonce is derived deterministically from the message and associated data. This prevents catastrophic failure in the event of accidental nonce reuse, a common and critical vulnerability in other AEADs.
- Forward Secrecy & Key Erasure: An automatic rekeying mechanism is integrated into the duplexing process. After every 1 MiB of data, the sponge’s internal state is used to generate a new key, and the old key material is cryptographically erased. This ensures that a single state compromise does not reveal past messages.
- Memory-Hard Key Derivation: Uses Argon2id with its recommended secure defaults to derive the master encryption key from a user-provided password. This provides strong protection against offline brute-force and dictionary attacks.
- Secure Memory Management: The implementation uses the
zeroizecrate to securely overwrite sensitive key material in memory as soon as it goes out of scope.
3. Cryptographic Construction
Quasor is a stateful AEAD built on the following primitives:
| Role | Primitive | Rationale |
|---|---|---|
| Password Hashing | Argon2id | Memory-hard KDF to protect user passwords. |
| Nonce Derivation (SIV) | BLAKE3 (Keyed) | Extremely fast, parallelizable hash for deriving a unique nonce from message content. |
| Core Cipher | SHAKE256 Duplex | A single, elegant primitive for providing both confidentiality and authentication. |
The high-level process is as follows:
- A master key
Kis derived from a password and salt using Argon2id. - A nonce
Nis derived viaN = BLAKE3(K, AD || Plaintext). - A SHAKE256 sponge is initialized by absorbing
K,N, andAD. - The plaintext is processed sequentially, duplexing with the sponge to produce ciphertext. The sponge is automatically re-keyed every 1 MiB.
- A final authentication tag
Tis squeezed from the sponge’s state.
For a complete technical description, see the SPEC.md file.
4. Usage Example
use quasor::Quasor;
fn main() {
// 1. Derive the master key from a password and a unique salt.
// This is intentionally slow.
let quasor = Quasor::new(b"a_very_strong_password", b"a_unique_salt_for_this_user").unwrap();
let plaintext = b"This data is highly confidential.";
let associated_data = b"message_id:12345";
// 2. Encrypt the data.
// The nonce is derived internally and returned.
let (ciphertext, tag, nonce) = quasor.encrypt(plaintext, associated_data);
// 3. Store the ciphertext, tag, and nonce together.
// ...
// 4. Decrypt the data.
let result = quasor.decrypt(&nonce, &ciphertext, associated_data, &tag);
assert!(result.is_ok());
assert_eq!(result.unwrap(), plaintext);
}
5. Building and Testing
The project is a standard Cargo package.
Run all unit and integration tests
$ cargo test