Paper 2020/336

Gimli Encryption in 715.9 psec

Santosh Ghosh, Michael Kounavis, and Sergej Deutsch


We study the encryption latency of the Gimli cipher, which has recently been submitted to NIST’s Lightweight Cryptography competition. We develop two optimized hardware engines for the 24 round Gimli permutation, characterized by a total latency or 3 and 4 cycles, respectively, in a range of frequencies up to 4.5 GHz. Specifically, we utilize Intel’s 10 nm FinFET process to synthesize a critical path of 15 logic levels, supporting a depth-3 Gimli pipeline capable of computing the result of the Gimli permutation in frequencies up to 3.9 GHz. On the same process technology, a depth-4 pipeline employs a critical path of 12 logic levels and can compute the Gimli permutation in frequencies up to 4.5 GHz. Gimli demonstrates a total unrolled data path latency of 715.9 psec. Compared to our AES implementation, our fastest pipelined Gimli engine demonstrates 3.39 times smaller latency. When compared to the latency of the PRINCE lightweight block cipher, the pipelined Gimli latency is 1.7 times smaller. The paper suggests that the Gimli cipher, and our proposed optimized implementations have the potential to provide breakthrough performance for latency critical applications, in domains such as data storage, networking, IoT and gaming.

Available format(s)
Publication info
Preprint. MINOR revision.
Lightweight CryptographyPermutationBlock cipherGimliAESPRINCENISTEncryptionDatapath design
Contact author(s)
santosh ghosh @ intel com
2020-04-28: revised
2020-03-18: received
See all versions
Short URL
Creative Commons Attribution


      author = {Santosh Ghosh and Michael Kounavis and Sergej Deutsch},
      title = {Gimli Encryption in 715.9 psec},
      howpublished = {Cryptology ePrint Archive, Paper 2020/336},
      year = {2020},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.