1. Statement of the Technical Field
The inventive arrangements relate to cryptographic systems. More particularly, the inventive arrangements concern cryptographic systems implementing a customizable encryption algorithm based on a sponge construction with authenticated and non-authenticated modes of operation.
2. Description of the Related Art
Sponge functions may be used in cryptographic applications. In this regard, the sponge functions can be used to implement symmetric cryptography functionalities (e.g., key derivation, message encryption, and authentication code computation). A detailed discussion of sponge functions is provided in a document entitled “Cryptographic Sponge Functions”, which was written by Bertoni et al. and published on Jan. 14, 2011 (“Bertoni”). As stated in Bertoni, a sponge function instantiates a sponge construction. The sponge construction is a simple iterated construction for building a function F based on a fixed length permutation. The function F has a variable-length input and an arbitrary output length. The fixed length permutation operates on a state of b=r+c bits, where r is the bitrate and c is the capacity. The capacity c determines the security level of the sponge construction.
During operation, each of the bits b is initialized to zero and an input message is cut into blocks of r bits. Thereafter, absorbing operations are performed in which: the r bits of each block are respectively XORed with the first r initialized bits; and a first permutation operation is performed using the results of the XOR operation as inputs. Next, squeezing operations are performed in which a second permutation operation is performed using the output bits of the first permutation operation as input bits. The output of the second permutation operation may then be truncated to the first l bits.
Duplex constructions are closely related to the sponge construction. Duplex constructions comprise a plurality of duplexing stages. During a first duplexing stage, all bits of the state are set to zero and a first input string τ0 is padded. The first input string τ0 is then XORed with the first r initialized bits. Then, a permutation function is applied to the results of the XOR operations so as to generate a set of first output bits. The first output bits are then truncated to the first l bits. In a next duplexing stage, a second input string τ1 is padded. The second input string τ1 is then XORed with the first output bits of the first duplexing stage. The permutation function is applied to the results of the XOR operations so as to generate a set of second output bits. The second output bits are then truncated to the first l bits.