From b90e364a421b46fdb91ec82f04c057a59d63d25a Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Mon, 9 Dec 2024 00:16:23 +0100 Subject: [PATCH] Add a table summarizing the differences between the variants --- README.md | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/README.md b/README.md index 7edda3a..ad6a510 100644 --- a/README.md +++ b/README.md @@ -16,6 +16,20 @@ Portable C implementations of the [AEGIS](https://datatracker.ietf.org/doc/draft - Unauthenticated encryption and decryption (not recommended - only implemented for specific protocols) - Deterministic pseudorandom stream generation. +## Key differences between AEGIS variants + +| **Feature** | **AEGIS-128L** | **AEGIS-256** | **AEGIS-128X2** | **AEGIS-128X4** | **AEGIS-256X2** | **AEGIS-256X4** | +| -------------------- | --------------------------------------------------------------------- | -------------------------------------------- | ----------------------------------------------- | ----------------------------------------------- | ----------------------------------------------- | ----------------------------------------------- | +| **Key Length** | 128 bits | 256 bits | 128 bits | 128 bits | 256 bits | 256 bits | +| **Nonce Length** | 128 bits | 256 bits | 128 bits | 128 bits | 256 bits | 256 bits | +| **State Size** | 1024 bits (8 x 128-bit blocks) | 768 bits (6 x 128-bit blocks) | 2048 bits (2 x 1024-bit states) | 4096 bits (4 x 1024-bit states) | 1536 bits (2 x 768-bit states) | 3072 bits (4 x 768-bit states) | +| **Input Rate** | 256 bits per update | 128 bits per update | 512 bits per update | 1024 bits per update | 256 bits per update | 512 bits per update | +| **Parallelism** | None | None | 2 parallel lanes | 4 parallel lanes | 2 parallel lanes | 4 parallel lanes | +| **Performance** | High on standard CPUs | High on standard CPUs | Higher on CPUs with AVX2 | Higher on CPUs with AVX-512 | Higher on CPUs with AVX2 | Higher on CPUs with AVX-512 | +| **Target Use Case** | Standard applications | Applications requiring higher security | High-throughput applications on modern hardware | High-throughput applications on modern hardware | High-security applications with modern hardware | High-security applications with modern hardware | +| **Security Level** | 128-bit security | 256-bit security | 128-bit security | 128-bit security | 256-bit security | 256-bit security | +| **Special Features** | Optimized for high performance on standard CPUs with AES instructions | Optimized for high security with larger keys | Parallelized version of AEGIS-128L | Parallelized version of AEGIS-128L | Parallelized version of AEGIS-256 | Parallelized version of AEGIS-256 | + ## Installation Note that the compiler makes a difference. Zig (or a recent `clang` with target-specific options such as `-march=native`) produces more efficient code than `gcc`.