NIST submission
Pyjamask has been submitted to the NIST call for lightweight cryptography as an authenticated encryption with associated data (AEAD) scheme. The Pyjamask AEAD scheme is based on a new block cipher with two instances, Pyjamask-96 and Pyjamask-128, and on the AEAD operating mode OCB.
Pyjamask targets side-channel resistance as one of its main goal. More precisely, it strongly minimizes the number of nonlinear gates used in its internal primitive in order to allow efficient masked implementations, especially for high-order masking. Even though Pyjamask minimizes such an important criterion, it remains rather lightweight and efficient, thanks to a general bitslice construction that enables to computation of all nonlinear gates in parallel. As for the operating mode, we adopt the provably secure AEAD mode OCB. It has been extensively studied and has the benefit to offer full parallelization. Of course, other block cipher-based modes can be considered as well if other performance profiles are to be targeted.
| Member | Mode | Block cipher | Block size | Key size | Nonce size | Tag size |
| Pyjamask-128-AEAD | OCB | Pyjamask-128 | 128 | 128 | 96 | 128 |
| Pyjamask-96-AEAD | OCB | Pyjamask-96 | 96 | 128 | 64 | 96 |