.

Gimli


Reading time: about 1 minute

Gimli is a 384-bit permutation function. It can be used in sponge constructions.

GIMLI-Hash

GIMLI-Hash is a simple hash function built on the Gimli permutation.

Test vectors

The test vectors on the Gimli paper are incorrect. The authors have provided corrected values here.

  • Input: "" (Empty string)

  • Output: b0634b2c0b082aedc5c0a2fe4ee3adcfc989ec05de6f00addb04b3aaac271f67

  • Input: "There's plenty for the both of us, may the best Dwarf win."
  • Output: 4afb3ff784c7ad6943d49cf5da79facfa7c4434e1ce44f5dd4b28f91a84d22c8

Useful links

Implementation in Rust

pub(crate) fn gimli(state: &mut [u32; 12]) {
  for round in (1..25).rev() {
    for col in 0..4 {
      let x = state[col].rotate_left(24);
      let y = state[col + 4].rotate_left(9);
      let z = state[col + 8];

      state[col + 8] = x ^ (z << 1) ^ ((y & z) << 2);
      state[col + 4] = y ^ x ^ ((x | z) << 1);
      state[col] = z ^ y ^ ((x & y) << 3);
    }

    if (round & 3) == 0 {
      // Small swap
      state.swap(0, 1);
      state.swap(2, 3);
    }

    if (round & 3) == 2 {
      // Big swap
      state.swap(0, 2);
      state.swap(1, 3);
    }

    if (round & 3) == 0 {
      // Add constant
      state[0] ^= 0x9e377900 | round as u32;
    }
  }
}

Citation

If you find this work useful, please cite it as: 
@article{yaltirakli,
  title   = "Gimli",
  author  = "Yaltirakli, Gokberk",
  journal = "gkbrk.com",
  year    = "2025",
  url     = "https://www.gkbrk.com/gimli"
}
Not using BibTeX? Click here for more citation styles.
IEEE Citation
Gokberk Yaltirakli, "Gimli", July, 2025. [Online]. Available: https://www.gkbrk.com/gimli. [Accessed Jul. 23, 2025].
APA Style
Yaltirakli, G. (2025, July 23). Gimli. https://www.gkbrk.com/gimli
Bluebook Style
Gokberk Yaltirakli, Gimli, GKBRK.COM (Jul. 23, 2025), https://www.gkbrk.com/gimli

Comments

Search

More links

This page is valid HTML. Click to validate.

It's not actually valid? Send me an email.

© 2025 Gokberk Yaltirakli