In Cybersecurity, Where Would You Find Dumbo, Jumbo and a Pink Elephant?

6 min readApr 25, 2021

Well, you will find these names as part of the method of light-weight encryption method known as Elephant, and which is one of the final contenders for a NIST competition [here]. Whichever method wins the competition will probably become a standard on billions of devices.

Within Elephant [1] we have three different variations: Dumbo, Jumbo and Delirium (and which is a Belgian beer with a pink elephant logo).It was created by Tim Beyne, Yu Long Chen, Christoph Dobraunig, and Bart Mennink. Tim and Yu are from KU Leuven and imec-COSIC, Belgium, and Christoph and Bart from Radboud University, The Netherlands.

Overall, Elephant is an authenticated encryption scheme, based on a nonce-based encrypt-then-MAC construction. We can thus provide a nonce (also known as an initialization vector — IV) and which is the salt value for the cipher. This makes sure that the ciphertext will change when we are using the same key and the same plaintext. Along it supports Authenticated encryption with Associated Data (AEAD) and where we can provide additional data for the cipher. Unlike the nonce value, this additional data is not sent with the ciphertext or used within the encryption method but can be used to authenticate the ciphertext. An example might be to link a packet sequence number to the additional data so that the cipher could not be played-back for another sequence number.

Within lightweight crypto, we must optimize for memory storage, processing requirements, energy drain, and so on, along with keeping compatibility with a wide range of device, and for both a hardware and software implementation.

One of the strengths of Elephant is that it has a low footprint and can use a 160-bit permutation. This small value reduces the footprint of the method within memory. In order to speed the encryption process, the method can also be parallelized. There are three main methods:

Dumbo: Elephant-Spongent-π[160] — this method is well-matched to hardware and gives the baseline level of security. The 160 value relates to the bit size of the permutation that is operated on. Overall it gives 112-bit security levels.
Jumbo: Elephant-Spongent-π[176] —this is an improved method and achieves 127-bit security.

In Cybersecurity, Where Would You Find Dumbo, Jumbo and a Pink Elephant?

Written by Prof Bill Buchanan OBE

More from Prof Bill Buchanan OBE

SSL/TLS: The Dinosaur Protocols? Meet Message Layer Security (MLS)

Go, on, ask a cybersecurity professional to explain how SSL/TLS works and then ask them to explain PKI (Public Key Infrastructure) and…

TCP, TLS, IPSec and OpenSSL: The Old Dinosaurs Need Replaced? Meet WireGuard

In the mid-1960s, Larry Roberts sketched out a plan for a packet-switched network named ARPANET. In a matter of half a century, this has…

Just Git … and Smashing Windows

Thank you, Linus Torvalds

All Change in Cybersecurity!

A Warning from the NSA, CISA and NIST on Post-Quantum Cryptography

Recommended from Medium

Elliptic Curve Integrated Encryption Scheme (ECIES): Encrypting Using Elliptic Curves

With ECC (Elliptic Curve Cryptography), we have an opportunity to use both the power of public-key encryption, with the speed and security…

The Future of Security Teams

Hint: It won’t be cloud vs enterprise

Lists

General Coding Knowledge

Now in AI: Handpicked by Better Programming

Productivity

Code Review Etiquette For The Modern Developer

After over a decade of reviewing code on a daily basis, here’s what works, and what doesn’t.

Post Quantum Cryptography

Day 20 — Quantum30 Challenge

Is Julia Faster than Python and Numba?

Numba is very fast, but is it fast enough?

Securing Large Language Models (LLMs) in Your Organization: Mitigating Security and Privacy Risks

Large Language Models (LLMs) have revolutionized various aspects of our digital landscape, from customer service chatbots to content…