2 research outputs found
Secure and Fast Implementations of Two Involution Ciphers
Anubis and Khazad are closely related involution block ciphers. Building on two recent AES software results, this work presents a number of constant-time software implementations of Anubis and Khazad for processors with a byte-vector shuffle instruction, such as those that support SSSE3. For Anubis, the first is serial in the sense that it employs only one cipher instance and is compatible with all standard block cipher modes. Efficiency is largely due to the S-box construction that is simple to realize using a byte shuffler. The equivalent for Khazad runs two parallel instances in counter mode. The second for each cipher is a parallel bit-slice implementation in counter mode
STRIBOB / WHIRLBOB Security Analysis Addendum
This memo collects references to published cryptanalytic results
which are directly relevant to the security evaluation of CAESAR first
round algorithm STRIBOB and its second round tweaked variant, WHIRLBOB.
During the first year after initial publication of STRIBOB and WHIRLBOB,
no cryptanalytic
breaks or other serious issues have emerged. The main difference in
the security between the two variants is that WHIRLBOB allows easier
creation of constant-time software implementations resistant to cache
timing attacks