@inproceedings{d63acbd88bc044609d5200d4b3014d4d,
title = "Secure and fast implementations of two involution ciphers",
abstract = "Anubis and Khazad are closely related involution block ciphers. Building on two recent AES software results, this work presents a number of constant-time software implementations of Anubis and Khazad for processors with a byte-vector shuffle instruction, such as those that support SSSE3. For Anubis, the first is serial in the sense that it employs only one cipher instance and is compatible with all standard block cipher modes. Efficiency is largely due to the S-box construction that is simple to realize using a byte shuffler. The equivalent for Khazad runs two parallel instances in counter mode. The second for each cipher is a parallel bit-slice implementation in counter mode.",
keywords = "Anubis, block ciphers, involution ciphers, Khazad, software implementation, timing attacks",
author = "Brumley, {Billy Bob}",
year = "2012",
doi = "10.1007/978-3-642-27937-9_19",
language = "English",
isbn = "9783642279362",
volume = "7127 LNCS",
series = "Lecture Notes in Computer Science",
pages = "269--282",
booktitle = "Information Security Technology for Applications - 15th Nordic Conference on Secure IT Systems, NordSec 2010, Revised Selected Papers",
note = "15th Nordic Conference on Secure IT Systems, NordSec 2010 ; Conference date: 27-10-2010 Through 29-10-2010",
}