Cryptology ePrint Archive: Report 2016/660
The SKINNY Family of Block Ciphers and its Low-Latency Variant MANTIS
Christof Beierle and Jérémy Jean and Stefan Kölbl and Gregor Leander and Amir Moradi and Thomas Peyrin and Yu Sasaki and Pascal Sasdrich and Siang Meng Sim
Abstract: We present a new tweakable block cipher family SKINNY , whose goal is to compete with NSA recent design SIMON in terms of hardware/software performances, while proving in addition much stronger security guarantees with regards to differential/linear attacks. In particular, unlike SIMON, we are able to provide strong bounds for all versions, and not only in the single-key model, but also in the related-key or related-tweak model. SKINNY has flexible block/key/tweak sizes and can also benefit from very efficient threshold implementations for side-channel protection. Regarding performances, it outperforms all known ciphers for ASIC round-based implementations, while still reaching an extremely small area for serial implementations and a very good efficiency for software and micro-controllers implementations (SKINNY has the smallest total number of AND/OR/XOR gates used for encryption process).
Secondly, we present MANTIS, a dedicated variant of SKINNY for low-latency implementations, that constitutes a very efficient solution to the problem of designing a tweakable block cipher for memory encryption. MANTIS basically reuses well understood, previously studied, known components. Yet, by putting those components together in a new fashion, we obtain a competitive cipher to PRINCE in latency and area, while being enhanced with a tweak input.
Category / Keywords: secret-key cryptography / lightweight encryption, low-latency, tweakable block cipher, MILP
Original Publication (with major differences): IACR-CRYPTO-2016
Date: received 27 Jun 2016, last revised 14 Oct 2016
Contact author: thomas peyrin at gmail com
Available format(s): PDF | BibTeX Citation
Version: 20161014:133907 (All versions of this report)
Short URL: ia.cr/2016/660
Discussion forum: Show discussion | Start new discussion
[ Cryptology ePrint archive ]