NOTICE: Due to a lapse in annual appropriations, most of this website is not being updated. Learn more.

Form submissions will still be accepted but will not receive responses at this time. Sections of this site for programs using non-appropriated funds (such as NVLAP) or those that are excepted from the shutdown (such as CHIPS and NVD) will continue to be updated.

U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

PUBLICATIONS

Simpira v2: A Family of Efficient Permutations Using the AES Found Function

Published

Author(s)

Shay Gueron, Nicky Mouha

Abstract

This paper introduces Simpira, a family of cryptographic permutations that supports inputs of 128× b bits, where b is a positive integer.Itsdesigngoalis toachievehighthroughputonvirtually all modern64- bitprocessors, that nowadaysalready havenativeinstructionsfor AES.Toachieve thisgoal,Simpirausesonlyonebuildingblock: theAES round function. For b = 1, Simpira corresponds to 12- round AES with fixed round keys, whereas for b ≥ 2, Simpira is a Generalized Feistel Structure(GFS) with an F-function that consists of two rounds of AES. We claim that there are no structural distinguishers for Simpira with a complexity below 2128, and analyze its security against a variety of attacksinthissetting.Thethroughput ofSimpiraisclose tothetheoretical optimum, namely, the number of AES rounds in the construction. For example, on the Intel Skylake processor, Simpira has throughput below 1 cycle per byte for b ≤ 4 and b = 6. For larger permutations, where moving data in memory has a more pronounced effect, Simpira with b =32(512byteinputs) evaluates732AES rounds,andperformsat824 cycles (1.61cyclesperbyte),whichisless than13% off the theoretical optimum. If the data is stored in interleaved buffers, this overhead is reduced to less than 1%. The Simpira family offers an efficient solution when processing wide blocks, larger than 128 bits, is desired.
Proceedings Title
LNCS: Advanced in Cryptology - ASIACRYPT 2016
Conference Dates
December 4-8, 2016
Conference Location
Hanoi, VN
Conference Title
The 22nd Annual International Conference on the Theory and Application of Cryptology and
Information Security, ASIACRYPT 2016
Pub Type
Conferences

Download Paper

https://doi.org/10.1007/978-3-662-53887-6
Local Download

Keywords

Cryptographic permutation, AES-NI, Generalized Feistel Structure (GFS), Beyond Birthday-Bound (BBB) security, hash function, Lamport signature, wide-block encryption, Even-Mansour
Cryptography

Citation

Gueron, S. and Mouha, N. (2016), Simpira v2: A Family of Efficient Permutations Using the AES Found Function, LNCS: Advanced in Cryptology - ASIACRYPT 2016, Hanoi, VN, [online], https://doi.org/10.1007/978-3-662-53887-6, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=921927 (Accessed October 13, 2025)

Issues

If you have any questions about this publication or are having problems accessing it, please contact [email protected].

Created November 8, 2016, Updated November 4, 2024
Was this page helpful?