Kravatte is a pseudo-random function(*), on top of which we define simple modes:

  • Kravatte-SAE, an authenticated encryption scheme supporting sessions, like Ketje and Keyak;
  • Kravatte-SIV, an authenticated encryption scheme using the synthetic initial value (SIV) technique, robust under nonce repetitions;
  • Kravatte-WBC, a wide-block cipher for authenticated encryption with minimal expansion.

Kravatte builds upon the Keccak-p permutations and the novel Farfalle construction, which can somehow be seen as the parallel counterpart of the sponge construction. It thus provides inherent parallelism that can be readily exploited on platforms supporting SIMD instruction sets or multiple cores.

(*) From a secret key and an input string, a pseudo-random function (or PRF) is a deterministic function that produces an arbitrary-length output, with the property that these output bits look like independent uniformly-drawn random bits to an adversary not knowing the key.

Technical details

SynopsisThe Kravatte pseudo-random function
Designed byGuido Bertoni, Joan Daemen, Seth Hoffert, Michaël Peeters, Gilles Van Assche and Ronny Van Keer
ImplementsA pseudo-random function (PRF)
ConstructionThe Farfalle construction
PrimitiveThe Keccak-p[1600, 4] and Keccak-p[1600, 6] permutations
Parameterized byNo parameter
InstancesJust Kravatte.
StatusRelies on strong components, but otherwise only recently published.