Paper 2015/1182

Chaskey: a MAC Algorithm for Microcontrollers -- Status Update and Proposal of Chaskey-12 --

Nicky Mouha


The Chaskey MAC algorithm was presented by Mouha et al. at SAC 2014. It is designed for real-world applications where 128-bit keys are required, but standard cryptographic algorithms cannot be implemented because of stringent requirements on speed, energy consumption, or code size. Shortly after its publication, Chaskey was considered for standardization by ISO/IEC JTC 1/SC 27/WG 2. At the October 2015 meeting, the ISO/IEC committee decided to terminate the study period on Chaskey, and to circulate a first working draft. Since Chaskey was introduced, many follow-up results were published, including improved cryptanalysis results, new security proofs and more efficient implementations. This paper gives a comprehensive overview of those results, and introduces a twelve-round variant of Chaskey: Chaskey-12. Although the original eight-round Chaskey remains unbroken, Chaskey-12 has a much more conservative design, while reducing the performance by only 15% to 30%, depending on the platform.

Available format(s)
Secret-key cryptography
Publication info
Preprint. MINOR revision.
Chaskey-12Message Authentication CodeMicrocontrollerPermutation-BasedARX
Contact author(s)
Nicky Mouha @ esat kuleuven be
2015-12-13: received
Short URL
Creative Commons Attribution


      author = {Nicky Mouha},
      title = {Chaskey: a MAC Algorithm for Microcontrollers -- Status Update and Proposal of Chaskey-12 --},
      howpublished = {Cryptology ePrint Archive, Paper 2015/1182},
      year = {2015},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.