SPARKLE (SCHWAEMM and ESCH) AEAD - Light-weight cipherSparkle is a family of permutations. Schwaemm [1] is a light-weight cryptography method and provides confidentiality, integrity and authentication, while Esch provides a hashing method that is preimage and collision resistant. Both methods use a sponge construction using a cryptographic permutation (as used in SHA-3). Esch256 (Efficient, Sponge-based, and Cheap Hashing) implements the hashing method for a 256-bit hash, and has a block size of 16 bytes, a security level of 128 bits and a data limit up to \(2^{132}\). It was designed by Christof Beierle, Alex Biryukov, Luan Cardoso dos Santos, Johann Großschädl, Léo Perrin, Aleksei Udovenko, Vesselin Velichkov, and Qingju Wang. Schwaemm stands for Sponge-based Cipher for Hardened but Weightless Authenticated Encryption on Many Microcontrollers, and is also the Luxembourgish word of "sponge". |
Outline
NIST has previously defined two classic standards: AES and SHA-3, and they have reached the final stage for the assessment of two more key standards: quantum robust cryptography and light-weight cryptography. The results of these are likely to be announced within the next 12 months. For light-weight cryptography, we are down to the last 10, and Sparkle is one of the contenders. Overall, Sparkle is a family of permutations and Christof Beierle, Alex Biryukov, Luan Cardoso dos Santos, Johann Großschädl, Léo Perrin, Aleksei Udovenko, Vesselin Velichkov, and Qingju Wang. Christof, Alex, Luan, Johann, Aleksei, and Qingju are from the University of Luxembourgh, L'eo from Inria, Paris, and Vesselin from the University of Edinburgh.
The submitted version for the NIST competition includes Schwaemm [1] which is a lightweight cryptography method and provides confidentialfity, integrity and authentication and Esch which provides a hashing method that is preimage and collision-resistant. Both methods use a sponge construction using a cryptographic permutation (as used in SHA-3). Esch256 (Efficient, Sponge-based, and Cheap Hashing) implements the hashing method for a 256-bit hash and has a block size of 16 bytes, a security level of 128 bits and a data limit up to \(2^{132}\).
For Schwaemm, the name is derived from "Sponge-based Cipher for Hardened but Weightless Authenticated Encryption on Many Microcontrollers", and which is also the Luxembourgish word of "sponge". Esch256 is also a part of a name of a place in Luxembourg. SPARKLE is similar to SPARKX and its name derives from SPARx, but Key LEss.
For AEAD, we have Schwaemm128–128, Schwaemm256–128, Schwaemm192–192, and Schwaemm256–256, and which support block sizes of 16 (128 bits), 32 (256 bits), 24 (192 bits) and 64 bytes, respectively. These give a security level that ranges from 120 bits to 248 bits.
Overall we have four C files and a few header files. To compile we can use the gcc compiler:
gcc main.c encrypt.c sparkle_ref.c util.c -o sparkle.exe
An outline of the C code is [1]. A sample run is:
SPARKLE AEAD light-weight cipher Plaintext: hello Key: 0123456789ABCDEF0123456789ABCDEF Nonce: 000000000000111111111111 Additional Information: Plaintext: hello Cipher: 4CA2FBA4962EA6592C92E8, Len: 21 Plaintext: hello, Len: 5 Success!
References
[1] Beierle, C., Biryukov, A., dos Santos, L. C., Großschädl, J., Perrin, L., Udovenko, A., ... & Biryukov, A. (2019). Schwaemm and Esch: lightweight authenticated encryption and hashing using the Sparkle permutation family. NIST round, 2. [paper]