Skip to content

Latest commit

 

History

History
36 lines (28 loc) · 2.91 KB

README.md

File metadata and controls

36 lines (28 loc) · 2.91 KB

Efficient constant-time software implementations of Skinny-128 tweakable block ciphers and Romulus AEAD schemes

Skinny is a tweakable block cipher family that operates either on 64-bit or 128-bit blocks which is used in the Romulus AEAD scheme, a NIST LWC finalist.

This repository provides efficient constant-time software implementations of Skinny-128 on various platforms. The implementations are aimed to be used in sequential operating modes. For parallel modes of operation, there is a very fast bitsliced AVX2 implementation from Stefan Kölbl which processes 64 128-bit blocks at a time (i.e. 1KiB). This repository contains two types of implementations:

This repository also provides implementations of the following variants of Romulus:

  • crypto_aead/romulus-n
  • crypto_aead/romulus-m
  • crypto_aead/romulus-t
  • crypto_hash/romulus-h
  • crypto_aead_hash/romulus-n-h
  • crypto_aead_hash/romulus-t-h
  • crypto_aead_hash/romulus-m-h

Note that the goal of the crypto_aead_hash directory is to provide an implementation which supports both AEAD and hash functionalities. Because the tweakey schedule in crypto_aead/romulus-n/m takes advantage of the fact that half of TK1 is always null for Romulus-N/M, the code slightly differs in crypto_aead_hash to be compliant with Romulus-H.

For each algorithm, one can find:

  • opt32: 32-bit word oriented C implementation
  • armv7m: ARMv7-M assembly implementation for Cortex-M processors.
  • armv7a: ARMv7-A assembly implementation for AArch32 Cortex-A processors.
  • armv8a: ARMv8-A assembly implementation for AArch64 Cortex-A processors.
  • x86: SSSE3 intrinsics implementation for x86 processors with support of SSSE3 instructions.

Note that the Romulus implementations have also been submitted to the eBACS benchmarking suite.