Secure and fast implementations of two involution ciphers

    Research output: Chapter in Book/Report/Conference proceedingConference contributionScientificpeer-review

    1 Citation (Scopus)


    Anubis and Khazad are closely related involution block ciphers. Building on two recent AES software results, this work presents a number of constant-time software implementations of Anubis and Khazad for processors with a byte-vector shuffle instruction, such as those that support SSSE3. For Anubis, the first is serial in the sense that it employs only one cipher instance and is compatible with all standard block cipher modes. Efficiency is largely due to the S-box construction that is simple to realize using a byte shuffler. The equivalent for Khazad runs two parallel instances in counter mode. The second for each cipher is a parallel bit-slice implementation in counter mode.

    Original languageEnglish
    Title of host publicationInformation Security Technology for Applications - 15th Nordic Conference on Secure IT Systems, NordSec 2010, Revised Selected Papers
    Number of pages14
    Volume7127 LNCS
    Publication statusPublished - 2012
    Publication typeA4 Article in a conference publication
    Event15th Nordic Conference on Secure IT Systems, NordSec 2010 - Espoo, Finland
    Duration: 27 Oct 201029 Oct 2010

    Publication series

    NameLecture Notes in Computer Science
    Volume7127 LNCS
    ISSN (Print)03029743
    ISSN (Electronic)16113349


    Conference15th Nordic Conference on Secure IT Systems, NordSec 2010


    • Anubis
    • block ciphers
    • involution ciphers
    • Khazad
    • software implementation
    • timing attacks

    ASJC Scopus subject areas

    • Theoretical Computer Science
    • Computer Science(all)


    Dive into the research topics of 'Secure and fast implementations of two involution ciphers'. Together they form a unique fingerprint.

    Cite this