Gimli

Gimli is a 384-bit permutation function. It can be used in sponge constructions.

GIMLI-Hash

GIMLI-Hash is a simple hash function built on the Gimli permutation.

Test vectors

The test vectors on the Gimli paper are incorrect. The authors have provided corrected values here.

• Input: "" (Empty string)

• Output: b0634b2c0b082aedc5c0a2fe4ee3adcfc989ec05de6f00addb04b3aaac271f67

• Input: "There's plenty for the both of us, may the best Dwarf win."

• Output: 4afb3ff784c7ad6943d49cf5da79facfa7c4434e1ce44f5dd4b28f91a84d22c8

Useful links

• Gimli paper

Implementation in Rust

pub(crate) fn gimli(state: &mut [u32; 12]) {
  for round in (1..25).rev() {
    for col in 0..4 {
      let x = state[col].rotate_left(24);
      let y = state[col + 4].rotate_left(9);
      let z = state[col + 8];

      state[col + 8] = x ^ (z << 1) ^ ((y & z) << 2);
      state[col + 4] = y ^ x ^ ((x | z) << 1);
      state[col] = z ^ y ^ ((x & y) << 3);
    }

    if (round & 3) == 0 {
      // Small swap
      state.swap(0, 1);
      state.swap(2, 3);
    }

    if (round & 3) == 2 {
      // Big swap
      state.swap(0, 2);
      state.swap(1, 3);
    }

    if (round & 3) == 0 {
      // Add constant
      state[0] ^= 0x9e377900 | round as u32;
    }
  }
}

Leave a Comment