SIV

Synthetic Initial Value (SIV)¶

Very similar to CCM but uses CMAC rather than CBC-MAC

https://github.com/miscreant/meta/wiki/AES-SIV

The SIV mode creates a MAC from the mac_key, the message and some optional data. Then it uses the MAC as the IV for encryption.

This makes it hard for duplicate IVs to be present as in both the message, key and other CMAC parameters need to be the same.

Implementation¶

from aes_lib import AES
from cmac import CMAC

import os

message = b"THISISATEST!"

#Generate Keys
aes_key = os.urandom(16)
mac_key = bytearray(os.urandom(16))
iv = os.urandom(16)
cmac_obj = CMAC(mac_key)

#Per message IV with CMAC
message_iv = cmac_obj.hash(message)

#AES-CTR with CMAC as the IV
aes_obj = AES(aes_key)
output = aes_obj.ctr_encryption(message_iv, message)
print(f"Encrypted Data: {output}")
#Encrypted Data: b'=\xd1\xfe0\xa8m\x86D\xfaG\x9c\xec'