Ghidle: Efficient Large-State Block Ciphers for Post-quantum Security

In this paper we propose a new family of highly efficient and quantum secure AES-based block cipher dubbed Ghidle, which supports a key size of 256 bits and a state size of 256 or 512 bits. The large state size implies a “bigger birthday bound” security when these are embedded in modes of operation. Ghidle achieves high efficiency in both the encryption and the decryption by taking advantage of three consecutive executions of AES rounds in AES-NI, while Pholkos, which is an existing quantum-secure block cipher, is designed to be fast for only encryption performance due to the limitation of two consecutive executions of AES rounds. We run benchmarks of Ghidle on x86(_64) and arm64 environments and compare their performance with Pholkos. In our performance evaluation on modern x86 processors, the decryption of Ghidle-512 outperforms that of Pholkos-512 by about 54% while the encryption performance remains the same. We also evaluate the performance on mobile devices with arm64-based processors and the result shows that Ghidle-256 outperforms Pholkos-256 by about 32% for decryption while the encryption remains almost the same. Furthermore, Ghidle-512 outperforms Pholkos-512 by about 21% and 53% for both encryption and decryption, respectively.