A pure Go implementation of the HiAE (High-throughput Authenticated Encryption) algorithm as specified in the IETF Internet-Draft draft-pham-cfrg-hiae.
HiAE is a high-throughput authenticated encryption algorithm designed for next-generation wireless systems (6G) and high-speed data transmission applications. This implementation provides:
- Correctness: Passes all 10 specification test vectors
- Security: Constant-time operations and proper error handling
- Performance: Optimized state management with cycling index approach
- Standards Compliance: Follows RFC 5116 AEAD interface
- Pure Go implementation with no external dependencies
- Full specification compliance including all edge cases
- Comprehensive test suite with all specification test vectors
- Optimized state rotation using cycling indices
- Secure memory handling and constant-time comparisons
- Support for arbitrary message and associated data lengths
go get github.com/hiae-aead/go-hiaepackage main
import (
"fmt"
"github.com/hiae-aead/go-hiae"
)
func main() {
// 32-byte key (256 bits)
key := make([]byte, 32)
// 16-byte nonce (128 bits)
nonce := make([]byte, 16)
message := []byte("Hello, World!")
associatedData := []byte("metadata")
// Encrypt
ciphertext, tag, err := hiae.Encrypt(message, associatedData, key, nonce)
if err != nil {
panic(err)
}
// Decrypt
plaintext, err := hiae.Decrypt(ciphertext, tag, associatedData, key, nonce)
if err != nil {
panic(err)
}
fmt.Printf("Original: %s\n", message)
fmt.Printf("Decrypted: %s\n", plaintext)
}// Create reusable cipher instance
cipher := hiae.NewHiAE()
// Manual initialization (for custom protocols)
cipher.init(key, nonce)
// Process associated data block by block
for _, block := range adBlocks {
cipher.absorb(block)
}
// Encrypt message blocks
for _, block := range msgBlocks {
ctBlock := cipher.enc(block)
// ... handle ciphertext block
}
// Generate authentication tag
tag := cipher.finalize(adLenBits, msgLenBits)- Key Length: 32 bytes (256 bits)
- Nonce Length: 16 bytes (128 bits)
- Tag Length: 16 bytes (128 bits)
- Block Size: 16 bytes (128 bits, AES block size)
- Maximum Message Length: 2^61 - 1 bytes
- Maximum Associated Data Length: 2^61 - 1 bytes
Run the complete test suite:
go test -vRun benchmarks:
go test -bench=.The test suite includes:
- All 10 specification test vectors
- AESL function validation
- Utility function tests
- Error condition testing
- Performance benchmarks
The implementation passes all test vectors from the specification:
- Empty plaintext, no AD
- Single block plaintext, no AD
- Empty plaintext with AD
- Rate-aligned plaintext (256 bytes)
- Rate + 1 byte plaintext
- Rate - 1 byte plaintext
- Medium plaintext with AD
- Single byte plaintext
- Two blocks plaintext
- All zeros plaintext
- Nonce Reuse: Never reuse a (key, nonce) pair for encryption
- Constant-Time: Authentication tag verification uses constant-time comparison
- Memory Safety: Sensitive data is properly zeroed after use
- Input Validation: All inputs are validated for correct lengths
The HiAE state consists of 16 AES blocks (256 bytes total). The implementation uses a cycling index optimization to avoid expensive memory copies during state rotation.
- AESL Function: Single AES round without AddRoundKey (SubBytes + ShiftRows + MixColumns)
- Update Functions: Core state update operations for absorption, encryption, and decryption
- Diffusion: 32 rounds of updates for complete state mixing
- Partial Blocks: Special handling for non-aligned ciphertext during decryption
While the reference implementation prioritizes correctness and clarity, it includes optimizations that benefit all architectures:
- Efficient state rotation
- Minimal memory allocations
- Cache-friendly data access patterns
This implementation follows:
- HiAE specification in
draft-pham-cfrg-hiae - RFC 5116 AEAD interface standards
- Go cryptography best practices
This implementation is provided for reference and educational purposes. See the main repository for licensing terms.
This implementation is part of the HiAE specification development. For issues or contributions, please refer to the main specification repository.