International Association for Cryptologic Research (IACR)
Abstract
This paper reports new software implementation results for the Skinny-128 tweakable block ciphers on various SIMD architectures.
More precisely, we introduce a decomposition of the 8-bit S-box into four 4-bit S-boxes in order to take advantage of vector permute instructions, leading to significant performance improvements over previous constant-time implementations.
Since our approach is of particular interest when Skinny-128 is used in sequential modes of operation, we also report how it benefits to the Romulus authenticated encryption scheme, a finalist of the NIST LWC standardization process
