Permutation-based encryption, authentication and authenticated encryption

While mainstream symmetric cryptography has been dominated by block ciphers, we have proposed an alternative based on fixed-width permutations with modes built on top of the sponge and duplex construction, and our concrete proposal K . Our permutationbased approach is scalable and suitable for high-end CPUs as well as resource-constrained platforms. The la er is illustrated by the small K instances and the sponge functions Quark, Photon and Spongent, all addressing lightweight applications. We have proven that the sponge and duplex construction resist against generic a acks with complexity up to 2c/2, where c is the capacity. This provides a lower bound on the width of the underlying permutation. However, for keyed modes and bounded data complexity, a security strength level above c/2 can be proven. ForMAC computation, encryption and even authenticated encryptionwith a passive adversary, a security strength level of almost c against generic a acks can be a ained. This increase in security allows reducing the capacity leading to a be er efficiency. We argue that for keyed modes of the sponge and duplex constructions the requirements on the underlying permutation can be relaxed, allowing to significantly reduce its number of rounds. Finally, we present two generalizations of the sponge and duplex constructions that allow more freedom in tuning the parameters leading to even higher efficiency. We illustrate our generic constructions with proposals for concrete instantiations calling reduced-round versions of the K f [1600] and K f [200] permutations.