Romulus AEAD - Light-weight cipherRomulus is a light weight block cipher and was written by Tetsu Iwata, Mustafa Khairallah, Kazuhiko Minematsu and Thomas Peyrin [1][2]. The NIST competition for lightweight cryptography has reached the final stage, and with a shortlist of 10 candidates. Each differs in their approach, but they aim to create a cryptography method that is secure, has a low footprint, and is robust against attacks. So while many of the contenders, such as ASCON, GIFT and Isap, use the sponge method derived from the SHA-3 standard (Keccak), Romulus takes a more traditional approach and looks towards a more traditional light-weight crypto approach. Overall it is defined as a tweakable block cipher (TBC) and which supports authenticated encryption with associated data (AEAD). For its more traditional approach, it uses the SKINNY lightweight tweakable block cipher. |
Outline
The NIST competition for lightweight cryptography has reached the final stage, and with a shortlist of 10 candidates. Each differs in their approach, but they aim to create a cryptography method that is secure, has a low footprint, and is robust against attacks. So while many of the contenders, such as ASCON, GIFT and Isap, use the sponge method derived from the SHA-3 standard (Keccak), Romulus takes a more traditional approach and looks towards a more traditional light-weight crypto approach. Overall it is defined as a tweakable block cipher (TBC) and which supports authenticated encryption with associated data (AEAD). For its more traditional approach, it uses the Skinny lightweight tweakable block cipher and the details were published [here][2].
SKINNY is a light-weight block cipher. It a 64-bit or 128-bit block size, and a key size of 64 bits, 128 bits and 256 bits. The methods are SKINNY-64-64 (64-bit block, 64-bit key and 32 rounds); SKINNY-64-128 (64-bit block, 128-bit key, and 36 rounds); SKINNY-64-192 (64-bit block, 192-bit key, and 40 rounds); SKINNY-128-128 (128-bit block, 128-bit key, and 40 rounds); SKINNY-128-256 (128-bit block, 256-bit key, and 48 rounds); SKINNY-128-384 (128-bit block, 384 key, and 56 rounds). For a 64-bit block it uses a 4x4 matrix for nibbles, and a 4x4 matrix of bytes for a 128-bit block size. :
For a 64-bit block it uses a 4x4 matrix for nibbles (4 bits), and a 4x4 matrix of bytes for a 128-bit block size. For the 4x4 matrix, each round we have operations of SC (SubCells); AC (AddConstants); ShiftRows (SR); and MixColums (MC):
Ref: https://sites.google.com/site/skinnycipher/design
For the SubCells (SC) we either have a 4-bit S-box (for 64-bit block) or a 8-bit S-box (for 128-bit block):
The AddRoundTweakey (ART) process takes part of the key, and applies it within each round.
Overall we have three C files and a few header files. To compile we can use the gcc compiler:
gcc main.c encrypt.c skinny_reference.c -o romulus.exe
An outline of the C code is [1]. A sample run is:
Romulus-AEAD light-weight cipher Plaintext: abc Key: 0123456789ABCDEF0123456789ABCDEF Nonce: AABB000000000111111111111 Additional Information: abc Plaintext: abc Cipher: 0D99B4B2236F4DC96EED, Len: 19 Plaintext: abc, Len: 3 Success!
References
[1] Romulus GitHub [here].
[2] Iwata, T., Khairallah, M., Minematsu, K., & Peyrin, T. (2020). Duel of the titans: The romulus and remus families of lightweight aead algorithms. IACR Transactions on Symmetric Cryptology, 43-120. [paper]