The Subterranean 2.0 Cipher Suite
Subterranean 2.0 can be used for hashing, MAC computation, stream encryption and several types of session authenticated encryption schemes. At its core it has a duplex object with a 257-bit state and a lightweight single-round permutation. This makes Subterranean 2.0 very well suited for low-area and low-energy implementations in dedicated hardware. We have submitted Subterranean 2.0 to the NIST Lightweight Cryptography Competition. It passed to the 2nd round but did not make it to the final. Still, we believe it has a future in applications where energy consumption matter as there is strong evidence that in dedicated hardware its energy consumption is an order of magnitude better than its NIST LWC competitors, see here, here and here, and its security margin is still comfortable.
Resources:
Authors:
Third-party cryptanalysis
Here we list published cryptanalysis of Subterranean performed by third parties.
2019
Keywords: cryptanalysis
The authors present a full-state recovery attack in a nonce-misuse scenario with data complexity of about 33 Kbytes. In a nonce-respecting scenario and if the number of blank rounds is reduced from the nominal 8 to 4, they do a key-recovery attack with computational complexity 2122 round function calls and data complexity 271.5 bytes.
Get the paper and bibtex from ToSC
Security Analysis of Subterranean 2.0
2020
Keywords: cryptanalysis
More cryptanalysis of Subterranean.
Get the paper and bibtex from IACR Cryptology ePrint Archive
Third-party implementations
Here we list of implementations made by third parties.
Subterranean for 8-bit AVR microcontrollers and 32-bit microcontrollers
2020
The authors present an optimized implementation of most NIST lightweight competition submissions for 32-bit microcontroller platforms, such as ESP32, and 8-bit AVR microcontrollers. The implementations are more than 2 times faster on those platforms than the reference code.
Source code on the authors GitHub
| (top) | Last modified: March 22, 2023 |