1*e7b1675dSTing-Kang Chang# Tink Primitives 2*e7b1675dSTing-Kang Chang 3*e7b1675dSTing-Kang Chang[Tink](https://github.com/google/tink) performs cryptographic tasks via 4*e7b1675dSTing-Kang Changso-called 5*e7b1675dSTing-Kang Chang[*primitives* and *interfaces*](https://developers.google.com/tink/design/primitives_and_interfaces). 6*e7b1675dSTing-Kang Chang 7*e7b1675dSTing-Kang Chang## Supported primitives and their implementations 8*e7b1675dSTing-Kang Chang 9*e7b1675dSTing-Kang Chang### Primitives supported by language 10*e7b1675dSTing-Kang Chang 11*e7b1675dSTing-Kang ChangSee https://developers.google.com/tink/primitives-by-language 12*e7b1675dSTing-Kang Chang 13*e7b1675dSTing-Kang Chang### Primitive implementations supported by language 14*e7b1675dSTing-Kang Chang 15*e7b1675dSTing-Kang ChangSee https://developers.google.com/tink/supported-key-types 16*e7b1675dSTing-Kang Chang 17*e7b1675dSTing-Kang Chang## General properties of all primitives 18*e7b1675dSTing-Kang Chang 19*e7b1675dSTing-Kang Chang- stateless (hence thread-safe) 20*e7b1675dSTing-Kang Chang- copy-safe (for the parameters) 21*e7b1675dSTing-Kang Chang- at least 128-bit security (with an exception for RSA) 22*e7b1675dSTing-Kang Chang 23*e7b1675dSTing-Kang Chang## Authenticated Encryption with Associated Data 24*e7b1675dSTing-Kang Chang 25*e7b1675dSTing-Kang ChangSee https://developers.google.com/tink/aead 26*e7b1675dSTing-Kang Chang 27*e7b1675dSTing-Kang Chang## Streaming Authenticated Encryption with Associated Data 28*e7b1675dSTing-Kang Chang 29*e7b1675dSTing-Kang ChangSee https://developers.google.com/tink/streaming-aead 30*e7b1675dSTing-Kang Chang 31*e7b1675dSTing-Kang Chang## Deterministic Authenticated Encryption with Associated Data 32*e7b1675dSTing-Kang Chang 33*e7b1675dSTing-Kang ChangSee https://developers.google.com/tink/deterministic-aead 34*e7b1675dSTing-Kang Chang 35*e7b1675dSTing-Kang Chang## Message Authentication Code 36*e7b1675dSTing-Kang Chang 37*e7b1675dSTing-Kang ChangSee https://developers.google.com/tink/mac 38*e7b1675dSTing-Kang Chang 39*e7b1675dSTing-Kang Chang## Pseudo Random Function Families 40*e7b1675dSTing-Kang Chang 41*e7b1675dSTing-Kang ChangThe PRF set primitive allows to redact data in a deterministic fashion, for 42*e7b1675dSTing-Kang Changexample personal identifiable information or internal IDs, or to come up with a 43*e7b1675dSTing-Kang Changuser ID from user information without revealing said information in the ID. This 44*e7b1675dSTing-Kang Changallows someone with access to the output of the PRF without access to the key do 45*e7b1675dSTing-Kang Changsome types of analysis, while limiting others. 46*e7b1675dSTing-Kang Chang 47*e7b1675dSTing-Kang ChangNote that while in theory PRFs can be used in other ways, for example for 48*e7b1675dSTing-Kang Changencryption or message authentication, the corresponding primitives should only 49*e7b1675dSTing-Kang Changbe used for these use cases. 50*e7b1675dSTing-Kang Chang 51*e7b1675dSTing-Kang ChangWARNING: Since PRFs operate deterministically on their input, using a PRF to 52*e7b1675dSTing-Kang Changredact will not automatically provide anonymity, but only provide pseudonymity. 53*e7b1675dSTing-Kang ChangIt is an important tool to build privacy aware systems, but has to be used 54*e7b1675dSTing-Kang Changcarefully. 55*e7b1675dSTing-Kang Chang 56*e7b1675dSTing-Kang ChangMinimal properties: 57*e7b1675dSTing-Kang Chang 58*e7b1675dSTing-Kang Chang- without knowledge of the key the PRF is indistinguishable from a random 59*e7b1675dSTing-Kang Chang function 60*e7b1675dSTing-Kang Chang- at least 128-bit security, also in multi-user scenarios (when an attacker is 61*e7b1675dSTing-Kang Chang not targeting a specific key, but any key from a set of up to 2<sup>32</sup> 62*e7b1675dSTing-Kang Chang keys) 63*e7b1675dSTing-Kang Chang- at least 16 byte of output available 64*e7b1675dSTing-Kang Chang 65*e7b1675dSTing-Kang ChangWARNING: While HMAC-SHA-2 and HKDF-SHA-2 behave like a cryptographically secure 66*e7b1675dSTing-Kang Changhash function if the key is revealed, and still provide some protection against 67*e7b1675dSTing-Kang Changrevealing the input, AES-CMAC is only secure as long as the key is secure. 68*e7b1675dSTing-Kang Chang 69*e7b1675dSTing-Kang ChangSince Tink operates on key sets, this primitive exposes a corresponding set of 70*e7b1675dSTing-Kang ChangPRFs instead of a single PRF. The PRFs are indexed by a 32 bit key id. This can 71*e7b1675dSTing-Kang Changbe used to rotate the key used to redact a piece of information, without losing 72*e7b1675dSTing-Kang Changthe previous association. 73*e7b1675dSTing-Kang Chang 74*e7b1675dSTing-Kang Chang## Hybrid Encryption 75*e7b1675dSTing-Kang Chang 76*e7b1675dSTing-Kang ChangSee https://developers.google.com/tink/hybrid 77*e7b1675dSTing-Kang Chang 78*e7b1675dSTing-Kang Chang## Digital Signatures 79*e7b1675dSTing-Kang Chang 80*e7b1675dSTing-Kang ChangSee https://developers.google.com/tink/digital-signature 81