xref: /aosp_15_r20/external/tink/docs/PRIMITIVES.md (revision e7b1675dde1b92d52ec075b0a92829627f2c52a5) 
1# Tink Primitives
2
3[Tink](https://github.com/google/tink) performs cryptographic tasks via
4so-called
5[*primitives* and *interfaces*](https://developers.google.com/tink/design/primitives_and_interfaces).
6
7## Supported primitives and their implementations
8
9### Primitives supported by language
10
11See https://developers.google.com/tink/primitives-by-language
12
13### Primitive implementations supported by language
14
15See https://developers.google.com/tink/supported-key-types
16
17## General properties of all primitives
18
19-   stateless (hence thread-safe)
20-   copy-safe (for the parameters)
21-   at least 128-bit security (with an exception for RSA)
22
23## Authenticated Encryption with Associated Data
24
25See https://developers.google.com/tink/aead
26
27## Streaming Authenticated Encryption with Associated Data
28
29See https://developers.google.com/tink/streaming-aead
30
31## Deterministic Authenticated Encryption with Associated Data
32
33See https://developers.google.com/tink/deterministic-aead
34
35## Message Authentication Code
36
37See https://developers.google.com/tink/mac
38
39## Pseudo Random Function Families
40
41The PRF set primitive allows to redact data in a deterministic fashion, for
42example personal identifiable information or internal IDs, or to come up with a
43user ID from user information without revealing said information in the ID. This
44allows someone with access to the output of the PRF without access to the key do
45some types of analysis, while limiting others.
46
47Note that while in theory PRFs can be used in other ways, for example for
48encryption or message authentication, the corresponding primitives should only
49be used for these use cases.
50
51WARNING: Since PRFs operate deterministically on their input, using a PRF to
52redact will not automatically provide anonymity, but only provide pseudonymity.
53It is an important tool to build privacy aware systems, but has to be used
54carefully.
55
56Minimal properties:
57
58-   without knowledge of the key the PRF is indistinguishable from a random
59    function
60-   at least 128-bit security, also in multi-user scenarios (when an attacker is
61    not targeting a specific key, but any key from a set of up to 2<sup>32</sup>
62    keys)
63-   at least 16 byte of output available
64
65WARNING: While HMAC-SHA-2 and HKDF-SHA-2 behave like a cryptographically secure
66hash function if the key is revealed, and still provide some protection against
67revealing the input, AES-CMAC is only secure as long as the key is secure.
68
69Since Tink operates on key sets, this primitive exposes a corresponding set of
70PRFs instead of a single PRF. The PRFs are indexed by a 32 bit key id. This can
71be used to rotate the key used to redact a piece of information, without losing
72the previous association.
73
74## Hybrid Encryption
75
76See https://developers.google.com/tink/hybrid
77
78## Digital Signatures
79
80See https://developers.google.com/tink/digital-signature
81