Bhaumik, R.
, Datta, N.
, Dutta, A.
, Mouha, N.
and Nandi, M.
(2016),
Simpira v2: A Family of Efficient Permutations Using the AES Found Function, LNCS: Advanced in Cryptology - ASIACRYPT 2016, Hanoi, VN, [online], https://doi.org/10.1007/978-3-662-53887-6, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=921927
(Accessed May 31, 2023)
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Simpira v2: A Family of Efficient Permutations Using the AES Found Function
Published
Author(s)
Ritam Bhaumik, Nilanjan Datta, Avijit Dutta, Nicky Mouha, Mrudil Nandi
Abstract
This paper introduces Simpira, a family of cryptographic permutations that supports inputs of 128× b bits, where b is a positive integer.Itsdesigngoalis toachievehighthroughputonvirtually all modern64- bitprocessors, that nowadaysalready havenativeinstructionsfor AES.Toachieve thisgoal,Simpirausesonlyonebuildingblock: theAES round function. For b = 1, Simpira corresponds to 12- round AES with fixed round keys, whereas for b ≥ 2, Simpira is a Generalized Feistel Structure(GFS) with an F-function that consists of two rounds of AES. We claim that there are no structural distinguishers for Simpira with a complexity below 2128, and analyze its security against a variety of attacksinthissetting.Thethroughput ofSimpiraisclose tothetheoretical optimum, namely, the number of AES rounds in the construction. For example, on the Intel Skylake processor, Simpira has throughput below 1 cycle per byte for b ≤ 4 and b = 6. For larger permutations, where moving data in memory has a more pronounced effect, Simpira with b =32(512byteinputs) evaluates732AES rounds,andperformsat824 cycles (1.61cyclesperbyte),whichisless than13% off the theoretical optimum. If the data is stored in interleaved buffers, this overhead is reduced to less than 1%. The Simpira family offers an efficient solution when processing wide blocks, larger than 128 bits, is desired.Proceedings Title
LNCS: Advanced in Cryptology - ASIACRYPT 2016
Conference Dates
December 4-8, 2016
Conference Location
Hanoi, VN
Conference Title
The 22nd Annual International Conference on the Theory and Application of Cryptology and
Information Security, ASIACRYPT 2016
Information Security, ASIACRYPT 2016
Pub Type
Conferences
Download Paper
Keywords
Cryptographic permutation, AES-NI, Generalized Feistel Structure (GFS), Beyond Birthday-Bound (BBB) security, hash function, Lamport signature, wide-block encryption, Even-Mansour
Citation
Created November 8, 2016, Updated October 12, 2021