From Syllab
Jump to: navigation, search

Joltik is authenticated encryption scheme based on a 64-bit lightweight ad-hoc tweakable block cipher. It may be used in to modes to handle nonce-respecting users or nonce-reusing user.

It has been designed by Jérémy Jean, Ivica Nikolić and Thomas Peyrin.


The ad-hoc tweakable block cipher is an AES-based instantiation of the more general so-called TWEAKEY framework.

The overall overhead for decryption capability is minimal in Joltik, as we use a novel very lightweight MDS diffusion matrix in the round function, which is involutory.

Depending on the tweak and key sizes, the internal cipher corresponds to one of the two following designs:

Joltik tweakey.png

Joltik tweakey 3.png

Note: A circle in the figures means a field multiplication.


  • Joltik is very lightweight. First estimations show that Joltik can be implemented in hardware in 2100 and 2600 GE, depending on the mode considered.
  • Joltik provides 64-bit security for both privacy and authenticity.
  • Joltik behaves very good for small messages.
  • Joltik has a good security margin for all the recommended parameters.


The last version of the document (August 28, 2015) can be found here.