Gimli: a cross-platform permutation

Jul 1, 2017·
Daniel J. Bernstein
Stefan Kölbl
Stefan Kölbl
,
Stefan Lucks
,
Pedro Maat Costa Massolino
,
Florian Mendel
,
Kashif Nawaz
,
Tobias Schneider
,
Peter Schwabe
,
François-Xavier Standaert
,
Yosuke Todo
,
Benoît Viguier
,
Tomsilav Nad
· 0 min read
Abstract
This paper presents Gimli, a 384-bit permutation designed to achieve high security with high performance across a broad range of platforms, including 64-bit Intel/AMD server CPUs, 64-bit and 32-bit ARM smartphone CPUs, 32-bit ARM microcontrollers, 8-bit AVR microcontrollers, FPGAs, ASICs without side-channel protection, and ASICs with side-channel protection.
Type
Publication
publications
Permutations Lightweight
Authors
Daniel J. Bernstein
Stefan Kölbl
Authors
Stefan Kölbl
Staff Engineer, Tech Lead Manager

I am a Staff Engineer and Tech Lead Manager at Google, where I work in the Security Engineering team. My focus is on post-quantum cryptography and enabling developers at Google and across the internet to use cryptography safely and correctly.

I have a PhD in cryptography and an extensive background in the design and analysis of symmetric-key algorithms, post-quantum cryptography, and lightweight cryptography. I have contributed to several cryptographic standardization efforts, including the SKINNY cipher, which is part of the ISO/IEC 29192-2 standard. I also contributed to the SPHINCS+ signature scheme, which was standardized by NIST as FIPS 205. I currently represent Switzerland in the ISO/IEC JTC 1/SC 27/WG 2 committee for cryptography and security mechanisms.

Before joining Google, I was a Senior Technology Manager at Cybercrypt and a postdoctoral researcher at the Technical University of Denmark, working on the H2020 PQCRYPTO project.

%!s() %!s()
Authors
Stefan Lucks
Authors
Pedro Maat Costa Massolino
Authors
Florian Mendel
Authors
Kashif Nawaz
Authors
Tobias Schneider
Authors
Peter Schwabe
Authors
François-Xavier Standaert
Authors
Yosuke Todo
Authors
Benoît Viguier
Authors
Tomsilav Nad