pd_cipher::constants

Security constants and cryptographic parameters. Security constants and parameters for PD.Cipher operations.

This module centralizes all cryptographic constants to ensure consistency, security, and maintainability. All values are based on current security best practices as of 2025.

Constants

PBKDF2_DEFAULT_ITERATIONS

PBKDF2 iteration count for password-based key derivation.

Security Rationale: 800,000 iterations provides strong resistance against brute-force attacks while maintaining reasonable performance on modern hardware. This value follows OWASP recommendations for 2025 and provides approximately 1 second of computation time on average consumer hardware.

pub const PBKDF2_DEFAULT_ITERATIONS: ...

PBKDF2_SALT_LENGTH

Salt length in bytes for PBKDF2 key derivation.

Security Rationale: 32 bytes (256 bits) provides ample entropy for salt generation and exceeds NIST SP 800-132 recommendations. This length ensures resistance against rainbow table attacks and provides sufficient uniqueness for billions of password derivations.

pub const PBKDF2_SALT_LENGTH: ...

AES_128_KEY_SIZE

AES-128 key size in bytes.

Security Rationale: 128-bit keys provide adequate security for most applications and are widely supported in hardware acceleration.

pub const AES_128_KEY_SIZE: ...

AES_192_KEY_SIZE

AES-192 key size in bytes.

Security Rationale: 192-bit keys provide enhanced security margin while maintaining good performance characteristics.

pub const AES_192_KEY_SIZE: ...

AES_256_KEY_SIZE

AES-256 key size in bytes.

Security Rationale: 256-bit keys provide maximum security and are required for top-secret classifications. Recommended for long-term storage.

pub const AES_256_KEY_SIZE: ...

CHACHA_KEY_SIZE

ChaCha20 and XChaCha20 key size in bytes.

Security Rationale: 256-bit keys are the standard for ChaCha20 family ciphers, providing excellent security and performance on all platforms.

pub const CHACHA_KEY_SIZE: ...

AES_GCM_NONCE_SIZE

AES-GCM nonce size in bytes.

Security Rationale: 96-bit (12 bytes) is the standard nonce size for AES-GCM, providing optimal performance and security. This size allows for 2^32 encryptions before nonce exhaustion under proper key management.

pub const AES_GCM_NONCE_SIZE: ...

CHACHA20_NONCE_SIZE

ChaCha20-Poly1305 nonce size in bytes.

Security Rationale: 96-bit nonce is standard for ChaCha20-Poly1305, compatible with RFC 8439 specification.

pub const CHACHA20_NONCE_SIZE: ...

XCHACHA20_NONCE_SIZE

XChaCha20-Poly1305 nonce size in bytes.

Security Rationale: 192-bit nonce eliminates nonce reuse concerns and allows for random nonce generation without collision risk.

pub const XCHACHA20_NONCE_SIZE: ...

BLAKE2B_HASH_SIZE

BLAKE2b hash output size for cipher token generation.

Security Rationale: 512-bit output provides maximum collision resistance and produces 128-character hex strings for deterministic cipher tokens.

pub const BLAKE2B_HASH_SIZE: ...

CURRENT_FORMAT_VERSION

Format version for serialized ciphertext.

Compatibility: This version number ensures forward compatibility and proper handling of data format changes.

pub const CURRENT_FORMAT_VERSION: ...

MIN_PASSWORD_LENGTH

Minimum password length for security.

Security Rationale: 8 characters minimum provides basic protection against brute force attacks when combined with PBKDF2.

pub const MIN_PASSWORD_LENGTH: ...

MAX_PASSWORD_LENGTH

Maximum password length to prevent DoS attacks.

Security Rationale: 1024 characters is sufficient for any practical password while preventing memory exhaustion attacks.

pub const MAX_PASSWORD_LENGTH: ...

MAX_TOKEN_COUNT

Maximum number of tokens in a single encryption operation.

Security Rationale: Limiting token count prevents memory exhaustion and ensures reasonable processing times.

pub const MAX_TOKEN_COUNT: ...

MAX_TOKEN_SIZE

Maximum size of a single token in bytes.

Security Rationale: 64KB limit prevents memory exhaustion while supporting reasonable token sizes for most applications.

pub const MAX_TOKEN_SIZE: ...

MIN_CIPHERTEXT_SIZE

Minimum size for a valid ciphertext in bytes.

Security Rationale: A valid ciphertext must contain at least:

Format version (1 byte)
Algorithm identifier (1 byte)
Salt (32 bytes for PBKDF2)
Nonce/IV (12-24 bytes depending on algorithm)
At least one encrypted token (16+ bytes)
Authentication tag (16 bytes) Total: ~64 bytes minimum for the smallest valid ciphertext.

pub const MIN_CIPHERTEXT_SIZE: ...

MIN_KDF_ITERATIONS

Minimum KDF iterations for security.

Security Rationale: 100,000 iterations is the absolute minimum for PBKDF2 to provide basic protection against brute force attacks.

pub const MIN_KDF_ITERATIONS: ...

MAX_KDF_ITERATIONS

Maximum KDF iterations to prevent DoS.

Security Rationale: 10 million iterations provides extreme security but could cause DoS if unchecked. This limit ensures reasonable bounds.

pub const MAX_KDF_ITERATIONS: ...

MAX_HASH_LENGTH

Maximum hash length in characters (Blake2b hex output).

Security Rationale: Blake2b produces 64 bytes (512 bits) which becomes 128 characters when encoded as uppercase hexadecimal.

pub const MAX_HASH_LENGTH: ...

DEFAULT_HASH_LENGTH

Default hash length for full tokens before truncation.

Implementation Note: Full Blake2b hashes are 128 characters when hex-encoded. This is the baseline for calculating compression ratios.

pub const DEFAULT_HASH_LENGTH: ...

PROGRESS_REPORT_INTERVAL

Interval for reporting progress during batch operations.

Implementation Note: Progress callbacks are invoked every 1000 tokens to balance between responsiveness and performance overhead.

pub const PROGRESS_REPORT_INTERVAL: ...

DEFAULT_MIN_TRUNCATION_LENGTH

Default starting length for adaptive truncation attempts.

Implementation Note: Starting at 4 characters (16 bits) provides 65,536 possible values. This aggressively searches for the shortest possible tokens while expecting initial collisions.

pub const DEFAULT_MIN_TRUNCATION_LENGTH: ...

DEFAULT_TRUNCATION_STEP_SIZE

Default increment when collision detected during truncation.

Implementation Note: Incrementing by 2 characters adds 8 bits (256x more possibilities) per step, efficiently exploring the collision probability curve.

pub const DEFAULT_TRUNCATION_STEP_SIZE: ...

PLT_SEGMENTS

Number of segments for Piecewise Linear Transformation.

Security Rationale: 64 segments provides sufficient granularity for order-preserving transformation while maintaining efficiency.

pub const PLT_SEGMENTS: ...

PLT_SLOPE_MIN

Minimum slope value for PLT segments.

Security Rationale: 0.8 ensures sufficient variation while preventing extreme distortions that could leak information about the distribution.

pub const PLT_SLOPE_MIN: ...

PLT_SLOPE_MAX

Maximum slope value for PLT segments.

Security Rationale: 1.2 provides bounded variation that preserves approximate scale relationships needed for ML models.

pub const PLT_SLOPE_MAX: ...

PLT_MIN_VALUE

Minimum expected value for PLT input range.

Implementation Note: Default range covers most common numeric values. Can be configured per-dataset for optimal transformation.

pub const PLT_MIN_VALUE: ...

PLT_MAX_VALUE

Maximum expected value for PLT input range.

Implementation Note: Default range covers most common numeric values. Can be configured per-dataset for optimal transformation.

pub const PLT_MAX_VALUE: ...

NUMERIC_MAX_ABSOLUTE_VALUE

Maximum absolute value for parseable numeric values.

Security Rationale: Values beyond 1e50 are impractical for most applications and may cause precision issues. This limit prevents overflow while supporting reasonable scientific and financial calculations.

pub const NUMERIC_MAX_ABSOLUTE_VALUE: ...

PLT_GLOBAL_OFFSET_MIN

Minimum value for PLT global offset randomization.

Security Rationale: Global offset adds unpredictability to the transformation while maintaining order preservation. Range is chosen to be significant but not overwhelming relative to typical input values.

pub const PLT_GLOBAL_OFFSET_MIN: ...

PLT_GLOBAL_OFFSET_MAX

Maximum value for PLT global offset randomization.

Security Rationale: Paired with PLT_GLOBAL_OFFSET_MIN to provide symmetric randomization range for the global offset parameter.

pub const PLT_GLOBAL_OFFSET_MAX: ...

PLT_SEED_STRING

Seed string for PLT initialization.

Security Rationale: Used to derive deterministic but unpredictable parameters for the piecewise linear transformation from the encryption key.

pub const PLT_SEED_STRING: ...

NUMERIC_BATCH_SIZE

Batch size for lookup table operations.

Performance Note: Processing tokens in batches of 1000 balances memory usage with I/O efficiency when building lookup tables.

pub const NUMERIC_BATCH_SIZE: ...

Constants​

PBKDF2_DEFAULT_ITERATIONS​

PBKDF2_SALT_LENGTH​

AES_128_KEY_SIZE​

AES_192_KEY_SIZE​

AES_256_KEY_SIZE​

CHACHA_KEY_SIZE​

AES_GCM_NONCE_SIZE​

CHACHA20_NONCE_SIZE​

XCHACHA20_NONCE_SIZE​

BLAKE2B_HASH_SIZE​

CURRENT_FORMAT_VERSION​

MIN_PASSWORD_LENGTH​

MAX_PASSWORD_LENGTH​

MAX_TOKEN_COUNT​

MAX_TOKEN_SIZE​

MIN_CIPHERTEXT_SIZE​

MIN_KDF_ITERATIONS​

MAX_KDF_ITERATIONS​

MAX_HASH_LENGTH​

DEFAULT_HASH_LENGTH​

PROGRESS_REPORT_INTERVAL​

DEFAULT_MIN_TRUNCATION_LENGTH​

DEFAULT_TRUNCATION_STEP_SIZE​

PLT_SEGMENTS​

PLT_SLOPE_MIN​

PLT_SLOPE_MAX​

PLT_MIN_VALUE​

PLT_MAX_VALUE​

NUMERIC_MAX_ABSOLUTE_VALUE​

PLT_GLOBAL_OFFSET_MIN​

PLT_GLOBAL_OFFSET_MAX​

PLT_SEED_STRING​

NUMERIC_BATCH_SIZE​