Home Projects Research Papers Contact

The Subterranean 2.0 Cipher Suite

Subterranean 2.0 can be used for hashing, MAC computation, stream encryption and several types of session authenticated encryption schemes. At its core it has a duplex object with a 257-bit state and a lightweight single-round permutation. This makes Subterranean 2.0 very well suited for low-area and low-energy implementations in dedicated hardware. We have submitted Subterranean 2.0 to the NIST Lightweight Cryptography Competition. It passed to the 2nd round but did not make it to the final. Still, we believe it has a future in applications where energy consumption matter as there is strong evidence that in dedicated hardware its energy consumption is an order of magnitude better than its NIST LWC competitors, see here, here and here, and its security margin is still comfortable.



Third-party cryptanalysis

Here we list published cryptanalysis of Subterranean performed by third parties.


Fukang Liu, Takanori Isobe and Willi Meier

Keywords: cryptanalysis

The authors present a full-state recovery attack in a nonce-misuse scenario with data complexity of about 33 Kbytes. In a nonce-respecting scenario and if the number of blank rounds is reduced from the nominal 8 to 4, they do a key-recovery attack with computational complexity 2122 round function calls and data complexity 271.5 bytes.

Get the paper and bibtex from ToSC

Security Analysis of Subterranean 2.0


Ling Song, Yi Tu, Danping Shi and Lei Hu

Keywords: cryptanalysis

More cryptanalysis of Subterranean.

Get the paper and bibtex from IACR Cryptology ePrint Archive

Third-party implementations

Here we list of implementations made by third parties.

Subterranean for 8-bit AVR microcontrollers and 32-bit microcontrollers


Rhys Weatherley

The authors present an optimized implementation of most NIST lightweight competition submissions for 32-bit microcontroller platforms, such as ESP32, and 8-bit AVR microcontrollers. The implementations are more than 2 times faster on those platforms than the reference code.

Source code on the authors GitHub


(top) Last modified: March 22, 2023