Paper 2018/767

Xoodoo cookbook

Joan Daemen, Seth Hoffert, Michaël Peeters, Gilles Van Assche, and Ronny Van Keer

Abstract

This document presents Xoodoo, a 48-byte cryptographic permutation that allows very efficient symmetric crypto on a wide range of platforms and a suite of cryptographic functions built on top of it. The central function in this suite is Xoofff, obtained by instantiating Farfalle with Xoodoo. Xoofff is what we call a deck function and can readily be used for MAC computation, stream encryption and key derivation. The suite includes two session authenticated encryption (SAE) modes: Xoofff-SANE and Xoofff-SANSE. Both are built on top of Xoofff and differ in their robustness with respect to nonce misuse. Other members of the suite are a tweakable wide block cipher Xoofff-WBC and authenticated encryption mode Xoofff-WBC-AE, obtained by instantiating the Farfalle-WBC and Farfalle-WBC-AE constructions with Xoofff. Finally, for lightweight applications, we define Xoodyak, a cryptographic scheme that can be used for hashing, encryption, MAC computation and authenticated encryption. Essentially, it is a duplex object extended with an interface that allows absorbing strings of arbitrary length, their encryption and squeezing output of arbitrary length. This paper is a specification and security claim reference for the Xoodoo suite. It is a standing document: over time, we may extend the Xoodoo suite, and we will update it accordingly.

Note: Added Xoodyak