In 2022, NIST defined the winner of the PQC (Post Quantum Cryptography) competition. These were Kyber for Key Exchange/Public Key Encryption, and Crystals for Digital Signatures. 2023 will bring the winner of the light-weight cryptography competition that has been running since 2018. Currently, there are 10 finalists: ASCON, Elephant, GIFT-COFB, Grain128-AEAD, ISAP, Photon-Beetle, Romulus, Sparkle, TinyJambu, and Xoodyak. This page outlines the Xoodyak cipher.
Golang xoodyak |
Outline
Xoodyak comes from the Keccak research team, and which was successful in the SHA-3 competition. Overall, Keccak was evaluated as the most efficient and secure hashing method.
Joan Daemon also co-authored the Rijndael cipher that eventually became AES. With Xoodoo permutation we can apply it with the Xoodyak function. With this, we store a 384-bit state for the encryption and which relates to the sequence of the input data. With this, we can create a fixed-length hash, a pseudo-random bit value, or an output of a variable length. This can thus produce either a hash function, a random bit stream, or an encryption method.
The following is some code. This generates a 128-bit encryption key based on a password (and uses PBKDF2) and also a message. It uses a static salt value for the key generation and a fixed message for the additional data (“Test 1”):
package main import ( "fmt" "os" "github.com/inmcm/xoodoo/xoodyak" "io" "crypto/rand" "golang.org/x/crypto/pbkdf2" "crypto/sha256" ) func main() { argCount := len(os.Args[1:]) msg:="Hello" passwd:="qwerty" if argCount > 0 { msg = os.Args[1] } if argCount > 1 { passwd = os.Args[2] } myMsg := []byte(msg) myHash := xoodyak.HashXoodyak(myMsg) fmt.Printf("Msg:\t\t%s\nHash:\t\t%x\n", myMsg, myHash) myNonce := make([]byte, 16) // 16 bytes for nonce/IV if _, err := io.ReadFull(rand.Reader, myNonce); err != nil { panic(err.Error()) } salt:=[]byte("000000000000") myKey := pbkdf2.Key([]byte(passwd), salt, 10000, 16, sha256.New) myAD := []byte("Test 1") myCt, myTag, _ := xoodyak.CryptoEncryptAEAD(myMsg, myKey, myNonce, myAD) myPt, valid, _ := xoodyak.CryptoDecryptAEAD(myCt, myKey, myNonce, myAD, myTag) fmt.Printf( "\n\nMsg:\t\t%s\n", myMsg) fmt.Printf( "Password:\t%s\n",passwd) fmt.Printf( "Key:\t\t%x\n", myKey) fmt.Printf( "Nonce:\t\t%x\n", myNonce) fmt.Printf("Add Data:\t%x\n", myAD) fmt.Printf( "\nCiphertext:\t%x\n", myCt) fmt.Printf( "AuthTag:\t%x\n", myTag) fmt.Printf("Decrypt:\t%t\n", valid) fmt.Printf("Plaintext:\t%s", myPt) }
A sample run gives the hash value and also the keyed encryption method:
Msg: The quick brown fox jumps over the lazy dog Hash: 087376b970c53ed0339a4fe54f4462f0f34e4e50ed09b4314ed24b32ba9822cb Msg: The quick brown fox jumps over the lazy dog Key: 002a6d5befd08b3927d71d408f2015b4 Nonce: bdb14e4a78bf0b780cbc299662b0619b Add Data: 546573742031 Ciphertext: f88c4748e8255a748e472a3c95f820fcbef5c8c3634d857d4ac5219301b27a11d9536d09ec0281be9e17e9 AuthTag: 4da1da35acb4be1fe1abf7ce65c8e4ea Decrypt: true Plaintext: The quick brown fox jumps over the lazy dog
Is it any good?
In Table 1, we see a sample run using an Arduino Due with an ARM Cortex M3 running at 84MHz. The tests are taken in comparison with the ChaCha20 stream cipher, and where the higher the value the better the performance. We can see that Sparkle, Xoodyak and ASCON are the fastest of all. Sparkle has a 100% improvement, and Xoodyak gives a 60% increase in speed over ChaCha20. Elephant, ISAP and PHOTON-Beetle have the worst performance for encryption (with around 1/20th of the speed of ChaCha20).
Table 1: Arduino Due with an ARM Cortex M3 running at 84MHz for encryption against ChaCha20 [1]
Not all of the finalists can do hash functions. Table 2 outlines these.
Table 2: Arduino Due with an ARM Cortex M3 running at 84MHz for hashing against BLAKE2s [1]
Again, we see Sparkle and Xoodyak in the lead, with Sparkle actually faster in the test than BLAKE2s, and Xoodyak just a little bit slower. ASCON has a weaker performance, and PHOTON-Beetle is relatively slow. For all the tests, the ranking for authenticated encryption is (and where the higher the rank the better):
and for hashing SPARKLE and Xoodyak are ranked the same:
References
[1] https://rweather.github.io/lightweight-crypto/performance.html