Xoodyak, a lightweight cryptographic scheme

  • Joan Daemen Radboud University, Nijmegen, Netherlands
  • Seth Hoffert
  • Michaël Peeters STMicroelectronics, Diegem, Belgium
  • Gilles Van Assche STMicroelectronics, Diegem, Belgium
  • Ronny Van Keer STMicroelectronics, Diegem, Belgium
Keywords: lightweight cryptography, permutation-based cryptography, sponge construction, duplex construction, authenticated encryption, hashing


In this paper, we present Xoodyak, a cryptographic primitive that can be used for hashing, encryption, MAC computation and authenticated encryption. Essentially, it is a duplex object extended with an interface that allows absorbing strings of arbitrary length, their encryption and squeezing output of arbitrary length. It inherently hashes the history of all operations in its state, allowing to derive its resistance against generic attacks from that of the full-state keyed duplex. Internally, it uses the Xoodoo[12] permutation that, with its width of 48 bytes, allows for very compact implementations. The choice of 12 rounds justifies a security claim in the hermetic philosophy: It implies that there are no shortcut attacks with higher success probability than generic attacks. The claimed security strength is 128 bits. We illustrate the versatility of Xoodyak by describing a number of use cases, including the ones requested by NIST in the lightweight competition. For those use cases, we translate the relatively detailed security claim that we make for Xoodyak into simple ones.

How to Cite
Daemen, J., Hoffert, S., Peeters, M., Van Assche, G., & Van Keer, R. (2020). Xoodyak, a lightweight cryptographic scheme. IACR Transactions on Symmetric Cryptology, 2020(S1), 60-87. https://doi.org/10.13154/tosc.v2020.iS1.60-87