Arnab Roy

@HarryR In MiMC( EM mode as in the figure above) , the round constant at the first round can easily be combined with the plaintext/input. So from the security perspective...

@knarz The "peeling off" is the same thing which I described as combining with the input/output for the first/last round.

@kobigurk yes, if xL and xR denote the left and right output _after swapping_

@HarryR So far I have not found any security issues with the fixed key version of MiMC or Feistel MiMC. I am not aware of any analysis which shows any...

@HarryR, @kobigurk There is new analysis of Feistel-MiMC which may or may not have an effect on the mode. My updated comment is that, I have to check this further...

The cryptanalysis of Feistel-MiMC (and GMiMC) block cipher (https://eprint.iacr.org/2019/951) is due to the extremely simple key scheduling. There is a fix for this and it will be uploaded soon. The...