MANTIS

The πš‚π™Ίπ™Έπ™½π™½πšˆ family of block ciphers and its low-latency variant π™Όπ™°π™½πšƒπ™Έπš‚. We present a new tweakable block cipher family πš‚π™Ίπ™Έπ™½π™½πšˆ, whose goal is to compete with NSA recent design πš‚π™Έπ™Όπ™Ύπ™½ in terms of hardware/software performances, while proving in addition much stronger security guarantees with regards to differential/linear attacks. In particular, unlike πš‚π™Έπ™Όπ™Ύπ™½, we are able to provide strong bounds for all versions, and not only in the single-key model, but also in the related-key or related-tweak model. πš‚π™Ίπ™Έπ™½π™½πšˆ has flexible block/key/tweak sizes and can also benefit from very efficient threshold implementations for side-channel protection. Regarding performances, it outperforms all known ciphers for ASIC round-based implementations, while still reaching an extremely small area for serial implementations and a very good efficiency for software and micro-controllers implementations (πš‚π™Ίπ™Έπ™½π™½πšˆ has the smallest total number of AND/OR/XOR gates used for encryption process). Secondly, we present π™Όπ™°π™½πšƒπ™Έπš‚, a dedicated variant of πš‚π™Ίπ™Έπ™½π™½πšˆ for low-latency implementations, that constitutes a very efficient solution to the problem of designing a tweakable block cipher for memory encryption. π™Όπ™°π™½πšƒπ™Έπš‚ basically reuses well understood, previously studied, known components. Yet, by putting those components together in a new fashion, we obtain a competitive cipher to π™Ώπšπ™Έπ™½π™²π™΄ in latency and area, while being enhanced with a tweak input.