IACR Transactions on Symmetric Cryptology (Jun 2020)

Xoodyak, a lightweight cryptographic scheme

  • Joan Daemen,
  • Seth Hoffert,
  • Michaël Peeters,
  • Gilles Van Assche,
  • Ronny Van Keer

DOI
https://doi.org/10.13154/tosc.v2020.iS1.60-87
Journal volume & issue
Vol. 2020, no. S1

Abstract

Read online

In this paper, we present Xoodyak, a cryptographic primitive that can be used for hashing, encryption, MAC computation and authenticated encryption. Essentially, it is a duplex object extended with an interface that allows absorbing strings of arbitrary length, their encryption and squeezing output of arbitrary length. It inherently hashes the history of all operations in its state, allowing to derive its resistance against generic attacks from that of the full-state keyed duplex. Internally, it uses the Xoodoo[12] permutation that, with its width of 48 bytes, allows for very compact implementations. The choice of 12 rounds justifies a security claim in the hermetic philosophy: It implies that there are no shortcut attacks with higher success probability than generic attacks. The claimed security strength is 128 bits. We illustrate the versatility of Xoodyak by describing a number of use cases, including the ones requested by NIST in the lightweight competition. For those use cases, we translate the relatively detailed security claim that we make for Xoodyak into simple ones.

Keywords