Spook is an algorithm for authenticated encryption with associated data submitted to the NIST Lightweight Cryptography competition. It is primarily designed to support low energy implementation, especially when protection against side-channel attacks is required. For this purpose, Spook is mixing a leakage-resistant mode of operation with bitslice ciphers enabling efficient and low latency implementations. The leakage-resistant mode of operation leverages a key derivation function to prevent differential side-channel analysis, a duplex sponge construction to efficiently process the data, and a authentication mechanism based on a tweakable block cipher providing strong data integrity guarantees even if the tag verification mechanism leaks. The underlying bitslice ciphers are optimized for masking countermeasures against side-channel attacks.

Spook is an efficient single-pass algorithm. It provides state-of-the-art black box security with several prominent features: (i) nonce misuse-resilience, (ii) beyond-birthday security with respect to the size of the tweakable block cipher, (iii) multi-user security at minimum cost with a public tweak.

The Spook v1 specifications are available here. The Spook v2 specifications are available here. A small errata for the L-box is available here