The authenticated encryption schemes Kravatte-SANE and Kravatte-SANSE

This note defines Kravatte-SANE and Kravatte-SANSE. Both are session authenticated encryption schemes and differ in their robustness with respect to nonce misuse. They are defined as instances of modes on top of the deck function Kravatte, where a deck function is a keyed function with variable-length input strings, an arbitrary-length output and certain incrementality properties

Xoodoo cookbook

This document presents Xoodoo, a 48-byte cryptographic permutation that allows very efficient symmetric crypto on a wide range of platforms and a suite of cryptographic functions built on top of it. The central function in this suite is Xoofff, obtained by instantiating Farfalle with Xoodoo. Xoofff is what we call a deck function and can readily be used for MAC computation, stream encryption and key derivation. The suite includes two session authenticated encryption (SAE) modes: Xoofff-SANE and Xoofff-SANSE. Both are built on top of Xoofff and differ in their robustness with respect to nonce misuse. Other members of the suite are a tweakable wide block cipher Xoofff-WBC and authenticated encryption mode Xoofff-WBC-AE, obtained by instantiating the Farfalle-WBC and Farfalle-WBC-AE constructions with Xoofff. Finally, for lightweight applications, we define Xoodyak, a cryptographic scheme that can be used for hashing, encryption, MAC computation and authenticated encryption. Essentially, it is a duplex object extended with an interface that allows absorbing strings of arbitrary length, their encryption and squeezing output of arbitrary length. This paper is a specification and security claim reference for the Xoodoo suite. It is a standing document: over time, we may extend the Xoodoo suite, and we will update it accordingly