Subterranean 2.0 can be used for hashing, MAC computation, stream encryption and several types of session authenticated encryption schemes. At its core it has a duplex object with a 257-bit state and a lightweight single-round permutation. This makes Subterranean 2.0 very well suited for low-area and low-energy implementations in dedicated hardware. We have submitted Subterranean 2.0 to the NIST Lightweight Cryptography Competition and it has passed to the 2nd round..
Here we list published cryptanalysis of Subterranean performed by third parties. At this moment there is a single paper.
Cube-Based Cryptanalysis of Subterranean-SAE
2019
Keywords: modes: hashing, design, security reduction proofs: indifferentiability
The authors present a full-state recovery attack in a nonce-misuse scenario with data complexity of about 33 Kbytes. In a nonce-respecting scenario and if the number of blank rounds is reduced from the nominal 8 to 4, they do a key-recovery attack with computational complexity 2122 round function calls and data complexity 271.5 bytes.
Get the paper and bibtex from ToSC
Here we list of implementations made by third parties.
Subterranean for 8-bit AVR microcontrollers and 32-bit microcontrollers
2020
The authors present an optimized implementation of most NIST lightweight competition submissions for 32-bit microcontroller platforms, such as ESP32, and 8-bit AVR microcontrollers. The implementations are more than 2 times faster on those platforms than the reference code.
Source code on the authors GitHub
(top) | Last modified: June 16, 2020 |