International Association for Cryptologic Research

International Association
for Cryptologic Research


Xoodyak, a lightweight cryptographic scheme

Joan Daemen , Radboud University, Nijmegen, Netherlands
Seth Hoffert
Michaël Peeters , STMicroelectronics, Diegem, Belgium
Gilles Van Assche , STMicroelectronics, Diegem, Belgium
Ronny Van Keer , STMicroelectronics, Diegem, Belgium
DOI: 10.13154/tosc.v2020.iS1.60-87
Search ePrint
Search Google
Abstract: In this paper, we present Xoodyak, a cryptographic primitive that can be used for hashing, encryption, MAC computation and authenticated encryption. Essentially, it is a duplex object extended with an interface that allows absorbing strings of arbitrary length, their encryption and squeezing output of arbitrary length. It inherently hashes the history of all operations in its state, allowing to derive its resistance against generic attacks from that of the full-state keyed duplex. Internally, it uses the Xoodoo[12] permutation that, with its width of 48 bytes, allows for very compact implementations. The choice of 12 rounds justifies a security claim in the hermetic philosophy: It implies that there are no shortcut attacks with higher success probability than generic attacks. The claimed security strength is 128 bits. We illustrate the versatility of Xoodyak by describing a number of use cases, including the ones requested by NIST in the lightweight competition. For those use cases, we translate the relatively detailed security claim that we make for Xoodyak into simple ones.
Video from TOSC 2020
  title={Xoodyak, a lightweight cryptographic scheme},
  journal={IACR Transactions on Symmetric Cryptology},
  publisher={Ruhr-Universität Bochum},
  volume={2020, Special Issue 1},
  author={Joan Daemen and Seth Hoffert and Michaël Peeters and Gilles Van Assche and Ronny Van Keer},