Randomization with GIMLI

GIMLI is a cross-platform method which produces a 384-bit permutation state with high levels of security. and has excellent performance…

Randomization with GIMLI

GIMLI is a cross-platform method which produces a 384-bit permutation state with high levels of security. and has excellent performance across a range of 8-bit, 16-bit, 32-bit and 64-bit platforms [paper]. It has 24 rounds and uses simple EX-OR, AND, OR, and Cyclic shift operations. In the following we will generate a seed value, and which is used to create an initial state for GIMLI.

GIMLI is focused on producing a relatively large state size (384 bits) and is efficient for energy consumption and processor requirements. It is free from side channel attacks and has protection against short messages. A few other methods for permuations includes:

  • Keccak provides a 1,600-bit permutation and is energy-efficient and has 24 rounds.
  • Chaskey provides a 128-bit permutation for a 128-bit key and runs well on microcontrollers [link].
  • Salsa20 and ChaCha20 provide a 512-bit permutation and is efficient on embedded systems.

A state in GIMLI is defined as 3×4 matrix of 32-bit words. A column j is defined with 96 bits, and row i by 128 bits. The algorithm used is:

To generate a sample, we generate a seed of 0x9e3779b9 and create our 3x4 matrix:

Seed:	 0x9e3779b9 2654435769
00000000 9e3779ba 3c6ef37a daa66d46 
78dde724 1715611a b54cdb2e 53845566 
f1bbcfc8 8ff34a5a 2e2ac522 cc624026 
----------------------
ba11c85a 91bad119 380ce880 d24c2c68 
3eceffea 277a921c 4f73a0bd da5a9cd8 
84b673f0 34e52ff7 9e2bef49 f41bb8d6 
----------------------
ea223492 3fbb2166 68314a61 9165986e 
67fca6e0 bd9c5b3b 71d12d9c c13c4a87 
b4683e05 8298cbfb a5b64fa5 717d83e1 
----------------------
bf11569b acff7155 3b5c36bd f9e06baa 
f51bd351 bf8a897e 877cfcea 39a4c248 
e17db921 17650092 05c7b1b6 abb9a379 
----------------------

If we change the seed value to 0x9e3779b8, we see the permuation changes greatly:

Seed:	 0x9e3779b8 2654435768
00000000 9e3779b9 3c6ef378 daa66d43 
78dde720 17156115 b54cdb28 5384555f 
f1bbcfc0 8ff34a51 2e2ac518 cc62401b 
----------------------
bfaf61f2 6c896d82 cf9682ef 345a2120 
397498c8 df6136e3 60234065 66960283 
caa12626 da2b16e9 f8a01954 23bbec34 
----------------------
2844a96a 8662d9bf f98322a5 5281d29d 
1c8e0d68 98588f1f b49848ba 481af1b7 
1a1874ba 141b5d14 48cf2713 75bb932c 
----------------------
3df8e05d eef36199 ae4769de 19263580 
e51a6793 0acd040d e5f3053b 5f4ab0bd 
15a432e2 8832ddd8 98944796 001445a2 
----------------------

The coding used is:

GIMLI is proposed as one of the standards by NIST for light-weight crypto. It is certainly fast, but is it also efficient on IoT devices, and is it also secure?