For the full specification of Isap we refer to the official specification document: Isap v2.0
Isap's Authenticated Encryption Mode
Isap is a sponge-based mode of operation for authenticated encryption and is designed with a focus on robustness against various kinds of implementation attacks. The recommended key, tag and nonce length is 128 bits. Isap can be instantiated with either Ascon-p or Keccak-p as the underlying permutation, each with two possible parameterizations, which gives the following 4 instantiations:
Proposed instantiations of Isap
|Cipher||Permutation||Bit size of||Rounds|
The encryption/decryption process consists of the following building blocks:
- IsapRk: Derives the session keys K*A or K*E from the long term key K.
- IsapEnc: Stream encryption of message blocks Mi...t using K*E .
- IsapMac: Absorbs associated data blocks Ai...s and ciphertext blocks Ci...t and generates tag T using K*A .
These building blocks are used together with Key K, Nonce N, Associated Data A, Ciphertext C, and Tag T in an Encrypt-then-MAC fashion to perform authenticated encryption 𝓔 or authenticated decryption 𝓓:
Authenticated encryption 𝓔 and decryption 𝓓 in Isap [tex]
IsapRk, IsapEnc, and IsapMac are defined as follows:
The re-keying function IsapRk [tex]
The stream encryption with re-keying IsapEnc [tex]
The suffix-keyed sponge with re-keying IsapMac [tex]