Gimli (cipher)
Gimli is a 384-bit cryptographically secure pseudorandom permutation that can be used to construct a hash function or stream cipher by using it in a sponge construction.
One stated design goal is the ability to deliver high speeds on many different platforms from 8-bit AVR CPUs to 64-bit desktop CPUs while still maintaining high security.
It has been submitted to the second round of the NIST Lightweight Cryptography Standardization Process.
Algorithm
Gimli has a 384-bit state represented by a 3×4 matrix of 32-bit words. A column is represented by 3×32 = 96 bits while a row is represented by 4×32 = 128 bits.Each round, each of the 4 columns is separately split into 3 32-bit words x, y and z.
Those are then transformed according to the following 3 steps in parallel.
Step 1:
Step 2:
Step 3:
After every fourth round starting from the first round, the first and second word and the third and fourth word are swapped. This is called "Small-Swap".
After every fourth round starting from the third round, the first and third word and the second and fourth word are swapped. This is called "Big-Swap".
The round number decrements starting from 24 and when it reaches 24, 20, 16, 12, 8 or 4, the round number or is xored into the first word of the state.
The magic constant is chosen to be the upper 3 bytes of, which would be, where is the golden ratio
An implementation of the core permutation in C/C++ appears below.
- include
- define ROTL )
Implementation and usage
- : a cryptographic library that constructs all primitives using Gimli and Curve25519
- : like libhydrogen and maintained by Tesla