International Association for Cryptologic Research

International Association
for Cryptologic Research


The design of Xoodoo and Xoofff

Joan Daemen , Radboud University
Seth Hoffert
Gilles Van Assche , STMicroelectronics
Ronny Van Keer , STMicroelectronics
DOI: 10.13154/tosc.v2018.i4.1-38
Search ePrint
Search Google
Presentation: Slides
Abstract: This paper presents Xoodoo, a 48-byte cryptographic permutation with excellent propagation properties. Its design approach is inspired by Keccak-p, while it is dimensioned like Gimli for efficiency on low-end processors. The structure consists of three planes of 128 bits each, which interact per 3-bit columns through mixing and nonlinear operations, and which otherwise move as three independent rigid objects. We analyze its differential and linear propagation properties and, in particular, prove lower bounds on the weight of trails using the tree search-based technique of Mella et al. (ToSC 2017). Xoodoo’s primary target application is in the Farfalle construction that we instantiate for the doubly-extendable cryptographic keyed (or deck) function Xoofff. Combining a relatively narrow permutation with the parallelism of Farfalle results in very efficient schemes on a wide range of platforms, from low-end devices to high-end processors with vector instructions.
Video from TOSC 2018
  title={The design of Xoodoo and Xoofff},
  journal={IACR Transactions on Symmetric Cryptology},
  publisher={Ruhr-Universität Bochum},
  volume={2018, Issue 4},
  author={Joan Daemen and Seth Hoffert and Gilles Van Assche and Ronny Van Keer},