Duel of the Cybersecurity Titans for Lightweight Crypto: Meet Romulus

Duel of the Cybersecurity Titans for Lightweight Crypto: Meet Romulus

The NIST competition for lightweight cryptography has reached the final stage, and with a shortlist of 10 candidates. Each differs in their approach, but they aim to create a cryptography method that is secure, has a low footprint, and is robust against attacks.

So while many of the contenders, such as ASCON, GIFT and Isap, use the sponge method derived from the SHA-3 standard (Keccak), Romulus takes a more traditional approach and looks towards a more traditional light-weight crypto approach. Overall it is defined as a tweakable block cipher (TBC) and which supports authenticated encryption with associated data (AEAD). For its more traditional approach, it uses the Skinny lightweight tweakable block cipher and the details were published here [here]:

SKINNY

SKINNY is a lightweight block cipher. It a 64-bit or 128-bit block size, and a key size of 64 bits, 128 bits and 256 bits. The methods are SKINNY-64–64 (64-bit block, 64-bit key and 32 rounds); SKINNY-64–128 (64-bit block, 128-bit key, and 36 rounds); SKINNY-64–192 (64-bit block, 192-bit key, and 40 rounds); SKINNY-128–128 (128-bit block, 128-bit key, and 40 rounds); SKINNY-128–256 (128-bit block, 256-bit key, and 48 rounds); SKINNY-128–384 (128-bit block, 384 key, and 56 rounds). For a 64-bit block it uses a 4x4 matrix for nibbles and a 4x4 matrix of bytes for a 128-bit block size.

For a 64-bit block it uses a 4x4 matrix for nibbles (4 bits), and a 4x4 matrix of bytes for a 128-bit block size. For the 4x4 matrix, each round we have operations of SC (SubCells); AC (AddConstants); ShiftRows (SR); and MixColums (MC):

For the SubCells (SC) we either have a 4-bit S-box (for 64-bit block) or a 8-bit S-box (for 128-bit block):

The AddRoundTweakey (ART) process takes part of the key and applies it within each round.

Demo

Here is the demo Romulus AEAD:

and the code:

and SKINNY: