
Xoodoo cookbook [pdf] - lainon
https://eprint.iacr.org/2018/767.pdf
======
throwawaymath
Not much discussion :)

Three of the authors are part of the Keccak team [1], which won SHA-3. This
paper presents a new pseudorandom function (PRF) called Xoodoo, which is based
on the team’s recently developed construction Farfalle [2]. Judging by the
fact that the Xoodoo PRF suite has the same design goals as last year’s Gimli
permutation [3], this is intended to be an especially useful primitive for
embedded and low power systems. This has been a push in the research community
for the last few years.

The authors also introduce a “Doubly Extendable Cryptographic Keyed” function
(a “Deck function”) in this paper. This function incrementally computes a
pseudorandom string from a sequence of input strings. It natively offers
authenticated encryption in one primitive - that’s not new for cryptography,
but it’s another large focus in the research community because it neatly
handles confidentiality, integrity and authentication while tying off nonce
misuse.

Deck-SANE (used in Xoofff-SANE, both introduced here) is the primitive
providing authenticated encryption with an initial nonce. According to the
authors it supersedes their previous attempt at session authenticated
encryption in the Farfalle-SAE primitive, which was found to be vulnerable.
Deck-SANSE (used in Xoofff-SANSE, again both introduced here) is like Deck-
SANE, except it uses a _synthetic_ nonce for authenticated encryption.
Practically this means users need to ensure a different key/nonce combination
is used at the beginning of each session for Deck-SANE, whereas they need not
for Deck-SANSE. This likewise supersedes the authors’ previous work Farfalle-
SIV for similar reasons.

From there the authors introduce new block-cipher specifications based on the
Xoofff PRFs, called Xoofff-WBC and Xoofff-WBC-AE. As you could guess Xoofff-
WBC-AE is the authenticated encryption cipher built over the vanilla Xoofff-
WBC cipher.

____________________

1\. [https://keccak.team](https://keccak.team)

2\. [https://keccak.team/farfalle.html](https://keccak.team/farfalle.html)

3\.
[https://gimli.cr.yp.to/gimli-20170627.pdf](https://gimli.cr.yp.to/gimli-20170627.pdf)

