In Cybersecurity, from Luxembourgian Sponges to Towns, it is Time to SPARKLE!
Here’s a quick question … do you know the Luxembourgish for sponges? Also, where in the world would you find a place called Esch? Well, you might do soon, especially if a SPARKLE-derived method wins the NIST competition for lightweight cryptography.
NIST has previously defined two classic standards: AES and SHA-3, and they have reached the final stage for the assessment of two more key standards: quantum robust cryptography and light-weight cryptography. The results of these are likely to be announced within the next 12 months. For light-weight cryptography, we are down to the last 10, and Sparkle is one of the contenders.
Overall, Sparkle is a family of permutations and Christof Beierle, Alex Biryukov, Luan Cardoso dos Santos, Johann Großschädl, Léo Perrin, Aleksei Udovenko, Vesselin Velichkov, and Qingju Wang. Christof, Alex, Luan , Johann G, Aleksei, and Qingju are from the University of Luxembourgh, L´eo from Inria, Paris, and Vesselin from the University of Edinburgh [here]:
The submitted version for the NIST competition includes Schwaemm  which is a lightweight cryptography method and provides confidentiality, integrity and authentication and Esch which provides a hashing method that is preimage and collision-resistant. Both methods use a sponge construction using a cryptographic permutation (as used in SHA-3). Esch256 (Efficient, Sponge-based, and Cheap Hashing) implements the hashing method for a 256-bit hash and has a block size of 16 bytes, a security level of 128 bits and a data limit up to 2¹³².
For Schwaemm, the name is derived from “Sponge-based Cipher for Hardened but Weightless Authenticated Encryption on Many Microcontrollers”, and which is also the Luxembourgish word of “sponge”. Esch256 is also a part of a name of a place in Luxembourg:
SPARKLE is similar to SPARKX and its name derives from SPARx, but Key LEss. For AEAD, we have Schwaemm128–128, Schwaemm256–128, Schwaemm192–192, and Schwaemm256–256, and which support block sizes of 16, 32, 24 and 64 bytes, respectively. These give a security level that ranges from 120 bits to 248 bits.
Here is a demo of the code:
and a running version here: