In Cybersecurity, from Luxembourgian Sponges to Towns, it is Time to SPARKLE!

Here’s a quick question … do you know the Luxembourgish for sponges? Also, where is the world would you find a place called Esch? Well…

In Cybersecurity, from Luxembourgian Sponges to Towns, it is Time to SPARKLE!

Here’s a quick question … do you know the Luxembourgish for sponges? Also, where in the world would you find a place called Esch? Well, you might do soon, especially if a SPARKLE-derived method wins the NIST competition for lightweight cryptography.

NIST has previously defined two classic standards: AES and SHA-3, and they have reached the final stage for the assessment of two more key standards: quantum robust cryptography and light-weight cryptography. The results of these are likely to be announced within the next 12 months. For light-weight cryptography, we are down to the last 10, and Sparkle is one of the contenders.

Overall, Sparkle is a family of permutations and Christof Beierle, Alex Biryukov, Luan Cardoso dos Santos, Johann Großschädl, Léo Perrin, Aleksei Udovenko, Vesselin Velichkov, and Qingju Wang. Christof, Alex, Luan , Johann G, Aleksei, and Qingju are from the University of Luxembourgh, L´eo from Inria, Paris, and Vesselin from the University of Edinburgh [here]:

The submitted version for the NIST competition includes Schwaemm [1] which is a lightweight cryptography method and provides confidentiality, integrity and authentication and Esch which provides a hashing method that is preimage and collision-resistant. Both methods use a sponge construction using a cryptographic permutation (as used in SHA-3). Esch256 (Efficient, Sponge-based, and Cheap Hashing) implements the hashing method for a 256-bit hash and has a block size of 16 bytes, a security level of 128 bits and a data limit up to 2¹³².

For Schwaemm, the name is derived from “Sponge-based Cipher for Hardened but Weightless Authenticated Encryption on Many Microcontrollers”, and which is also the Luxembourgish word of “sponge”. Esch256 is also a part of a name of a place in Luxembourg:

SPARKLE is similar to SPARKX and its name derives from SPARx, but Key LEss. For AEAD, we have Schwaemm128–128, Schwaemm256–128, Schwaemm192–192, and Schwaemm256–256, and which support block sizes of 16, 32, 24 and 64 bytes, respectively. These give a security level that ranges from 120 bits to 248 bits.

Here is a demo of the code:

https://asecuritysite.com/encryption/lw_sparkle

and a running version here:

sparkle-1
A C repl by billbuchananreplit.com

Is it any good?

In Table 1, we see a sample run using an Arduino Due with an ARM Cortex M3 running at 84MHz. The tests are taken in comparison with the ChaCha20 stream cipher, and where the higher the value the better the performance. We can see that Sparkle, Xoodyak and ASCON are the fastest of all. Sparkle has a 100% improvement, and Xoodyak gives a 60% increase in speed over ChaCha20. Elephant, ISAP and PHOTON-Beetle have the worst performance for encryption (with around 1/20th of the speed of ChaCha20).

Table 1: Arduino Due with an ARM Cortex M3 running at 84MHz for encryption against ChaCha20 [1]

Not all of the finalists can do hash functions. Table 2 outlines these.

Table 2: Arduino Due with an ARM Cortex M3 running at 84MHz for hashing against BLAKE2s [1]

Again, we see Sparkle and Xoodyak in the lead, with Sparkle actually faster in the test than BLAKE2s, and Xoodyak just a little bit slower. ASCON has a weaker performance, and PHOTON-Beetle is relatively slow. For all the tests, the ranking for authenticated encryption is (and where the higher the rank the better):

and for hashing SPARKLE and Xoodyak are ranked the same:

References

[1] https://rweather.github.io/lightweight-crypto/performance.html