Will Joan Daemon Win The NIST Standard For a Third Time? Meet Xoodyak — The Light-Weight Cipher

In 2022, NIST defined the winner of the PQC (Post Quantum Cryptography) competition. These were Kyber for Key Exchange/Public Key…
Prof. J.J.C. Daemen (Joan) [Ref]

Will Joan Daemon Win The NIST Standard For a Third Time? Meet Xoodyak — The Light-Weight Cipher

In 2022, NIST defined the winner of the PQC (Post Quantum Cryptography) competition. These were Kyber for Key Exchange/Public Key Encryption, and Crystals for Digital Signatures. 2023 will bring the winner of the light-weight cryptography competition that has been running since 2018. Currently, there are 10 finalists: ASCON, Elephant, GIFT-COFB, Grain128-AEAD, ISAP, Photon-Beetle, Romulus, Sparkle, TinyJambu, and Xoodyak.

Xoodyak comes from the Keccak research team, and which was successful in the SHA-3 competition. Overall, Keccak was evaluated as the most efficient and secure hashing method.

John Daemon also co-authored the Rijndael cipher that eventually became AES. With Xoodoo permutation we can apply it with the Xoodyak function. With this, we store a 384-bit state for the encryption and which relates to the sequence of the input data. With this, we can create a fixed-length hash, a pseudo-random bit value, or an output of a variable length. This can thus produce either a hash function, a random bit stream, or an encryption method.

The following is some code. This generates a 128-bit encryption key based on a password (and uses PBKDF2) and also a message. It uses a static salt value for the key generation and a fixed message for the additional data (“Test 1”) [here]:

package main

import (
 "fmt"
 "os"

 "github.com/inmcm/xoodoo/xoodyak"
  "io"
  "crypto/rand"
   "golang.org/x/crypto/pbkdf2"
 "crypto/sha256"
)

func main() {

 argCount := len(os.Args[1:])
 msg:="Hello"
 passwd:="qwerty"

 if argCount > 0 {
  msg = os.Args[1]
 }
 if argCount > 1 {
  passwd = os.Args[2]
 }

 myMsg := []byte(msg)

 myHash := xoodyak.HashXoodyak(myMsg)
 fmt.Printf("Msg:\t\t%s\nHash:\t\t%x\n", myMsg, myHash)





     myNonce := make([]byte, 16) // 16 bytes for nonce/IV
    if _, err := io.ReadFull(rand.Reader,  myNonce); err != nil {
      panic(err.Error())
    }

  salt:=[]byte("000000000000")
  myKey := pbkdf2.Key([]byte(passwd), salt, 10000, 16, sha256.New)



 myAD := []byte("Test 1")

 myCt, myTag, _ := xoodyak.CryptoEncryptAEAD(myMsg, myKey, myNonce, myAD)
 myPt, valid, _ := xoodyak.CryptoDecryptAEAD(myCt, myKey, myNonce, myAD, myTag)


 fmt.Printf( "\n\nMsg:\t\t%s\n", myMsg)
 fmt.Printf( "Password:\t%s\n",passwd)
 fmt.Printf( "Key:\t\t%x\n", myKey)
 fmt.Printf( "Nonce:\t\t%x\n", myNonce)
 fmt.Printf("Add Data:\t%x\n", myAD)
 fmt.Printf( "\nCiphertext:\t%x\n", myCt)
 fmt.Printf( "AuthTag:\t%x\n", myTag)
 fmt.Printf("Decrypt:\t%t\n", valid)
 fmt.Printf("Plaintext:\t%s", myPt)

}

A sample run gives the hash value and also the keyed encryption method [here]:

Msg:  The quick brown fox jumps over the lazy dog
Hash:  087376b970c53ed0339a4fe54f4462f0f34e4e50ed09b4314ed24b32ba9822cb


Msg:  The quick brown fox jumps over the lazy dog
Key:  002a6d5befd08b3927d71d408f2015b4
Nonce:  bdb14e4a78bf0b780cbc299662b0619b
Add Data: 546573742031

Ciphertext: f88c4748e8255a748e472a3c95f820fcbef5c8c3634d857d4ac5219301b27a11d9536d09ec0281be9e17e9
AuthTag: 4da1da35acb4be1fe1abf7ce65c8e4ea
Decrypt: true
Plaintext: The quick brown fox jumps over the lazy dog

Is it any good?

In Table 1, we see a sample run using an Arduino Due with an ARM Cortex M3 running at 84MHz. The tests are taken in comparison with the ChaCha20 stream cipher, and where the higher the value the better the performance. We can see that Sparkle, Xoodyak and ASCON are the fastest of all. Sparkle has a 100% improvement, and Xoodyak gives a 60% increase in speed over ChaCha20. Elephant, ISAP and PHOTON-Beetle have the worst performance for encryption (with around 1/20th of the speed of ChaCha20).

Table 1: Arduino Due with an ARM Cortex M3 running at 84MHz for encryption against ChaCha20 [1]

Not all of the finalists can do hash functions. Table 2 outlines these.

Table 2: Arduino Due with an ARM Cortex M3 running at 84MHz for hashing against BLAKE2s [1]

Again, we see Sparkle and Xoodyak in the lead, with Sparkle actually faster in the test than BLAKE2s, and Xoodyak just a little bit slower. ASCON has a weaker performance, and PHOTON-Beetle is relatively slow. For all the tests, the ranking for authenticated encryption is (and where the higher the rank the better):

and for hashing SPARKLE and Xoodyak are ranked the same:

Conclusions

We watch and wait for the light-weight announcement, and while performance benchmarks put Xoodyak and Sparkle are two of the fastest light-weight ciphers, there are other measurements that are assessed including security, energy footprint, and memory footprint. So it is not a given that Xoodyak and Sparkle will win in the end, but for performance in both Authenticated Encryption with Additional Data (AEAD) and hashing, they are well out in front in terms of performance.

Here is an outline of SPARKLE:

https://medium.com/asecuritysite-when-bob-met-alice/in-cybersecurity-from-luxembourgian-sponges-to-towns-it-is-time-to-sparkle-de9c518e1c66?sk=8e164765dc80229a7f0df803033a68a8

References

[1] https://rweather.github.io/lightweight-crypto/performance.html