Academia.eduAcademia.edu

Outline

Title
Abstract
Introduction
Design Choices
Results and Discussion
Conclusion
References
All Topics
Computer Science
Cryptography

A Survey on Authenticated Encryption--ASIC Designer’s Perspective

Profile image of Elif Bilge KavunElif Bilge Kavun

2018, ACM Computing Surveys

https://doi.org/10.1145/3131276
visibility

description

21 pages

link

1 file

Abstract

Authenticated encryption (AE) has been a vital operation in cryptography due to its ability to provide confidentiality, integrity, and authenticity at the same time. Its use has soared in parallel with widespread use of the internet and has led to several new schemes. There have been studies investigating software performance of various schemes. However, the same is yet to be done for hardware. We present a comprehensive survey of hardware (specifically ASIC) performance of the most commonly used AE schemes in the literature. These schemes include encrypt-then-MAC combination, block-cipher-based AE modes, and the recently introduced permutation-based AE scheme. For completeness, we implemented each scheme with various standardized block ciphers and/or hash algorithms, and their lightweight versions. Our evaluation targets minimizing the time-area product while maximizing the throughput on an ASIC platform. We used 45nm NANGATE Open Cell Library for syntheses. We present area, speed,...

Related papers

Hardware architectures for PRESENT block cipher and their FPGA implementations
Tarun Goel

IET Circuits, Devices & Systems, 2019

Data security is essential for the proliferation of the Internet of things and cyber-physical system technologies. Data security can be efficiently achieved by incorporating lightweight cryptography techniques. In this study, a set of highperformance hardware architectures for PRESENT lightweight block cipher are proposed that perform encryption, decryption and integrated encryption/decryption operations. Datapath of the architectures is of 64 bit width that supports standard 80 and 128 bits key lengths. The architectures are synthesised on Xilinx Virtex-5 XC5VLX110T (ff1136-1) field-programmable gate array device of ML-505 platform. To perform functional verification, a large number of test vectors are used. Performance measurement is performed by evaluating maximum frequency, throughput, power dissipation and energy consumption. Experimentally, it is found that the proposed architectures are resource-efficient, high-performance and suitable for lightweight, latency-critical and low-power applications in comparison with existing architectures.

View PDFchevron_right
TriviA: A Fast and Secure Authenticated Encryption Scheme
Muhammad Hammad Hassan

Lecture Notes in Computer Science, 2015

In this paper, we propose a new hardware friendly authenticated encryption (AE) scheme TriviA based on (i) a stream cipher for generating keys for the ciphertext and the tag, and (ii) a pairwise independent hash to compute the tag. We have adopted one of the ISO-standardized stream ciphers for lightweight cryptography, namely Trivium, to obtain our underlying stream cipher. This new stream cipher has a state that is a little larger than the state of Trivium to accommodate a 128-bit secret key and IV. Our pairwise independent hash is also an adaptation of the EHC or "Encode-Hash-Combine" hash, that requires the optimum number of field multiplications and hence requires small hardware footprint. We have implemented the design in synthesizable RTL. Pre-layout synthesis, using 65 nm standard cell technology under typical operating conditions, reveals that TriviA is able to achieve a high throughput of 91.2 Gbps for an area of 24.4 KGE. We prove that our construction has at least 128-bit security for privacy and 124-bit security of authenticity under the assumption that the underlying stream cipher produces a pseudorandom bit stream.

View PDFchevron_right
Light-OCB: Parallel Lightweight Authenticated Cipher with Full Security
NILanjan Datta

Security, Privacy, and Applied Cryptography Engineering, 2022

This paper proposes a lightweight authenticated encryption (AE) scheme, called Light-OCB, which can be viewed as a lighter variant of the CAESAR winner OCB as well as a faster variant of the high profile NIST LWC competition submission LOCUS-AEAD. Light-OCB is structurally similar to LOCUS-AEAD and uses a nonce-based derived key that provides optimal security, and short-tweak tweakable blockcipher (tBC) for efficient domain separation. Light-OCB improves over LOCUS-AEAD by reducing the number of primitive calls, and thereby significantly optimizing the throughput. To establish our claim, we provide FPGA hardware implementation details and benchmark for Light-OCB against LOCUS-AEAD and several other well-known AEs. The implementation results depict that, when instantiated with the tBC TweGIFT64, Light-OCB achieves an extremely low hardware footprint-consuming only around 1128 LUTs and 307 slices (significantly lower than that for LOCUS-AEAD) while maintaining a throughput of 880 Mbps, which is almost twice that of LOCUS-AEAD. To the best of our knowledge, this figure is significantly better than all the known implementation results of other lightweight ciphers with parallel structures.

View PDFchevron_right
Fides: Lightweight Authenticated Cipher with Side-Channel Resistance for Constrained Hardware
Qingju Wang, Begül Bilgin

Lecture Notes in Computer Science, 2013

In this paper, we present a novel lightweight authenticated cipher optimized for hardware implementations called Fides. It is an online nonce-based authenticated encryption scheme with authenticated data whose area requirements are as low as 793 GE and 1001 GE for 80-bit and 96-bit security, respectively. This is at least two times smaller than its closest competitors Hummingbird-2 and Grain-128a. While being extremely compact, Fides is both throughput and latency efficient, even in its most serial implementations. This is attained by our novel sponge-like design approach. Moreover, cryptographically optimal 5-bit and 6-bit S-boxes are used as basic nonlinear components while paying a special attention on the simplicity of providing first order side-channel resistance with threshold implementation.

View PDFchevron_right
High speed authenticated encryption for slow changing key applications using reconfigurable devices
Habib Mehrez

2013 IFIP Wireless Days (WD), 2013

Since its acceptance as the adopted authenticated encryption algorithm, AES-GCM has been utilized in various security-constrained applications. This paper describes the benefits of adding key-synthesized property to AES-GCM using FPGAs. Presented architectures can be used for applications which require encryption and authentication with slow changing keys like Virtual Private Networks (VPNs). Three methods are selected to implement the SubBytes of AES to increase the flexibility of the presented work. Furthermore, we propose a protocol to protect the bitstream of the proposed architectures. Our architectures were evaluated using Virtex5 and Virtex4 FPGAs. It is shown that the performance of the presented AES-GCM architectures outperforms the previously reported ones.

View PDFchevron_right
SPAE a mode of operation for AES on low-cost hardware
sebastien riou

IACR Cryptol. ePrint Arch., 2019

We propose SPAE, a single pass, patent free, authenticated encryption with associated data (AEAD) for AES. The algorithm has been developped to address the needs of a growing trend in IoT systems: storing code and data on a low cost flash memory external to the main SOC. Existing AEAD algorithms such as OCB, GCM, CCM, EAX , SIV, provide the required functionality however in practice each of them suffer from various drawbacks for this particular use case. Academic contributions such as ASCON and AEGIS-128 are suitable and efficient however they require the development of new hardware accelerators and they use primitives which are not ‘approved’ by governemental institutions such as NIST, BSI, ANSSI. From a silicon manufacturer point of view, an efficient AEAD which use existing AES hardware is much more enticing: the AES is required already by most industry standards invovling symmetric encryption (GSMA, EMVco, FIDO, Bluetooth, ZigBee to name few). This paper expose the properties of...

View PDFchevron_right
Advanced Encryption Standard New Instructions (AES-NI) Analysis: Security, Performance, and Power Consumption
Eslam Abdallah

Proceedings of the 2020 12th International Conference on Computer and Automation Engineering, 2020

Advanced Encryption Standard New Instructions (AES-NI), which is a hardware accelerated version of the Advanced Encryption Standard (AES), are a set of instructions that enable fast and secure data encryption and decryption. AES-NI consists of seven instructions and supports all usage and modes of operations of AES. In this paper, we analyze AES-NI from security, performance, and power consumption perspectives. We compare AES-NI with the traditional AES. Through our experiments, we measure confusion, diffusion, randomness, as well as encryption and decryption speed, and power consumption. Our experiments are carried out on different processor platforms and with different encryption workloads. Our experimental results show that AES-NI achieves up to 13.5x speed over AES at 90% reduced energy consumption over AES. The low energy footprint makes AES-NI a candidate for secure communication for IoT and other lightweight edge devices.

View PDFchevron_right
High Performance Design of Hardware Based on AES using Minimal Resources
anil kumar

Increasing need of data protection in computer networks led to the development of several cryptographic algorithms hence sending data securely over a transmission link is critically important in many applications. Hardware implementation of cryptographic algorithms are physically secure than software implementations since outside attackers cannot modify them. In order to achieve higher performance in today's heavily loaded communication networks, hardware implementation is a wise choice in terms of better speed and reliability. This paper presents the hardware implementation of Advanced Encryption Standard (AES) algorithm using Xilinx–virtex5 Field Programmable Gate Array (FPGA). In order to achieve higher speed and lesser area, Sub Byte operation, Inverse Sub Byte operation, Mix Column operation and Inverse Mix Column operations are designed as Look Up Tables (LUTs) and Read Only Memories (ROMs). This approach gives a throughput of 3.74Gbps utilizing only 1% of total slices in xc5vlx110t-3-ff1136 target device.

View PDFchevron_right
General-purpose FPGA platform for efficient encryption and hashing
Ruby B. Lee

2010

Many applications require protection of secret or sensitive information, from sensor nodes and embedded applications to large distributed systems. The confidentiality of data can be protected by encryption using symmetric-key ciphers, and the integrity of the data can be ensured by using a cryptographic hash function to calculate a "digital fingerprint." In this paper, we propose reconfigurable FPGA hardware components that enable rapid deployment of cryptographic and other algorithms. The novelty of our hardware components is in their general-purpose design which enables easy mappings of algorithms to allow customizations of data protection for different usage scenarios. Since we utilize only a small part of an FPGA chip, our design can be readily integrated with other processing needs of a mobile device, a sensor node or a System-on-Chip. Important block ciphers like the Advanced Encryption Standard (AES) as well as advanced cryptographic hash algorithms like Whirlpool map well onto our general-purpose components. Our solution facilitates easy hardware implementation of customizable encryption and hashing solutions, with area and speed performance comparable to custom FPGA implementations targeted at a specific cipher or hash algorithm. We achieve the best efficiency in Mbps/slice for Whirlpool. Furthermore, the components that we have proposed can be used for many other applications -not just for implementing block ciphers and cryptographic hash functions.

View PDFchevron_right
Efficient Hardware Implementation of the Lightweight Block Encryption Algorithm LEA
yusra mahmood

Sensors, 2014

Recently, due to the advent of resource-constrained trends, such as smartphones and smart devices, the computing environment is changing. Because our daily life is deeply intertwined with ubiquitous networks, the importance of security is growing. A lightweight encryption algorithm is essential for secure communication between these kinds of resource-constrained devices, and many researchers have been investigating this field. Recently, a lightweight block cipher called LEA was proposed. LEA was originally targeted for efficient implementation on microprocessors, as it is fast when implemented in software and furthermore, it has a small memory footprint. To reflect on recent technology, all required calculations utilize 32-bit wide operations. In addition, the algorithm is comprised of not complex S-Box-like structures but simple Addition, Rotation, and XOR operations. To the best of our knowledge, this paper is the first report on a comprehensive hardware implementation of LEA. We present various hardware structures and their implementation results according to key sizes. Even though LEA was originally targeted at software efficiency, it also shows high efficiency when implemented as hardware.

View PDFchevron_right

References (45)

  1. AES. 2001. Advanced Encryption Standard. FIPS PUB 197, Federal Information Processing Standards Publication.
  2. Jean-Philippe Aumasson, Luca Henzen, Willi Meier, and María Naya-Plasencia. 2010. QUARK: A lightweight hash. In Cryptographic Hardware and Embedded Systems (CHES'10). Lecture Notes in Comput. Sci., Vol. 6225. Springer-Verlag, 1-15.
  3. Mihir Bellare and Chanathip Namprempre. 2000. Authenticated encryption: Relations among notions and analysis of the generic composition paradigm. In Advances in Cryptology (ASIACRYPT'00). Lecture Notes in Comput. Sci., Vol. 1976. Springer-Verlag, 531-545.
  4. Mihir Bellare and Chanathip Namprempre. 2008. Authenticated encryption: Relations among notions and analysis of the generic composition paradigm. J. Cryptol. 21, 4 (2008), 469-491.
  5. Mihir Bellare, Phillip Rogaway, and David Wagner. 2004. The EAX mode of operation. In Fast Software Encryption (FSE'04). Lecture Notes in Comput. Sci., Vol. 3017. Springer-Verlag, 389-407.
  6. Steven M. Bellovin. 1996. Problem areas for the IP security protocols. In USENIX Security Symposium 1996. 205-214.
  7. Guido Bertoni, Joan Daemen, Michaël Peeters, and Gilles Van Assche. 2008. Keccak Specifications. Retrieved from https://keccak.team/obsolete/Keccak-specifications.pdf. Retrieval date July 15, 2014.
  8. Guido Bertoni, Joan Daemen, Michaël Peeters, and Gilles Van Assche. 2012. Duplexing the sponge: Single-pass au- thenticated encryption and other applications. In Selected Areas in Cryptography (SAC'11). Lecture Notes in Computer Science, Vol. 7118. Springer-Verlag, 320-337.
  9. Begül Bilgin, Andrey Bogdanov, Miroslav Knezevic, Florian Mendel, and Qingju Wang. 2013. Fides: Lightweight au- thenticated cipher with side-channel resistance for constrained hardware. In Cryptographic Hardware and Embedded Systems (CHES'13). Lecture Notes in Comput. Sci., Vol. 8086. Springer-Verlag, 142-158.
  10. John Black and Hector Urtubia. 2002. Side-channel attacks on symmetric encryption schemes: The case for authen- ticated encryption. In USENIX Security Symposium 2002. 327-338.
  11. Andrey Bogdanov, Miroslav Knežević, Gregor Leander, Deniz Toz, Kerem Varıcı, and Ingrid Verbauwhede. 2011. SPONGENT: A lightweight hash function. In Cryptographic Hardware and Embedded Systems (CHES'11). Lecture Notes in Comput. Sci., Vol. 6917. Springer-Verlag, 312-325.
  12. Andrey Bogdanov, Lars R. Knudsen, Gregor Leander, Christof Paar, Axel Poschmann, Matthew J. B. Robshaw, Yannick Seurin, and Charlotte Vikkelsø. 2007. PRESENT: An ultra-lightweight block cipher. In Cryptographic Hardware and Embedded Systems (CHES'07). Lecture Notes in Comput. Sci., Vol. 4727. Springer-Verlag, 450-466.
  13. Andrey Bogdanov, Florian Mendel, Francesco Regazzoni, Vincent Rijmen, and Elmar Tischhauser. 2013. ALE: AES- based lightweight authenticated encryption. In Fast Software Encryption (FSE'13). Lecture Notes in Computer Science, Vol. 8424. Springer-Verlag, 1-20.
  14. CAESAR. 2013. Competition for Authenticated Encryption: Security, Applicability, and Robustness. Retrieved from http://competitions.cr.yp.to/caesar.html.
  15. DES. 1977. Data Encryption Standard. FIPS PUB 46, Federal Information Processing Standards Publication.
  16. Doug Whiting, Russ Housley, and Niels Ferguson. 2003. Counter with CBC-MAC (CCM). Internet Engineering Task Force (IETF)-RFC 3610 (informational).
  17. Thomas Eisenbarth, Sandeep Kumar, Christof Paar, Axel Poschmann, and Leif Uhsadel. 2007. A survey of lightweight- cryptography implementations. IEEE Des. Test 24, 6 (2007), 522-533.
  18. Daniel Engels, Markku-Juhani O. Saarinen, Peter Schweitzer, and Eric M. Smith. 2011. The hummingbird-2 light- weight authenticated encryption algorithm. IACR Cryptology ePrint Archive (2011), 126.
  19. Conrado P. L. Gouvêa and Julio López. 2012. High speed implementation of authenticated encryption for the MSP430X microcontroller. In Cryptology and Information Security in Latin America (LATINCRYPT'12). Lecture Notes in Comput. Sci., Vol. 7533. Springer-Verlag, 288-304.
  20. Jian Guo, Thomas Peyrin, and Axel Poschmann. 2011. The PHOTON family of lightweight hash functions. In Advances in Cryptology (CRYPTO'11). Lecture Notes in Computer Science, Vol. 6841. Springer-Verlag, 222-239.
  21. HELION. 2014. AES-CCM cores. Retrieved from http://www.heliontech.com/aes_ccm.htm. Retrieval date July 15, 2014.
  22. HELION. 2014. AES-GCM cores. Retrieved from http://www.heliontech.com/aes_gcm.htm. Retrieval date July 15, 2014.
  23. IPSec. 2007. Internet Protocol Security. Internet Engineering Task Force (IETF)-RFC 4835.
  24. ISO/IEC 19772:2009. 2013. Information Technology-Security Techniques-Authenticated Encryption.
  25. ISO/IEC 29192-2:2012. 2012. Information Technology-Security Techniques-Lightweight Cryptography-Part 2: Block Ciphers.
  26. ISO/IEC 9797-1:2011. 2011. Information Technology-Security Techniques-Message Authentication Codes (MACs)-Part 1: Mechanisms Using a Block Cipher.
  27. Sukumar Jairam, Madhusudan Rao, Jithendra Srinivas, Parimala Vishwanath, H. Udayakumar, and Jagdish C. Rao. 2008. Clock gating for power optimization in ASIC Design Cycle Theory & Practice. In International Symposium on Low Power Electronics and Design (ISLPED'08). ACM, 307-308.
  28. Miroslav Knežević, Ventzislav Nikov, and Peter Rombouts. 2012. Low-latency encryption-is "lightweight = Light + wait?" In Cryptographic Hardware and Embedded Systems (CHES'12). Lecture Notes in Comput. Sci., Vol. 7428. Springer- Verlag, 426-446.
  29. Ted Krovetz and Phillip Rogaway. 2011. The software performance of authenticated-encryption modes. In Fast Soft- ware Encryption (FSE'11). Lecture Notes in Comput. Sci., Vol. 6733. Springer-Verlag, 306-327.
  30. Ted Krovetz and Phillip Rogaway. 2013. The OCB Authenticated-Encryption Algorithm. Internet Engineering Task Force (IETF) -draft-krovetz-ocb-04.
  31. Chae Lim and Tymur Korkishko. 2006. mCrypton -A lightweight block cipher for security of low-cost RFID tags and sensors. In Information Security Applications 2006. Lecture Notes in Comput. Sci., Vol. 3786. Springer-Verlag, 243-258.
  32. Helger Lipmaa, David Wagner, and Phillip Rogaway. 2000. Comments to NIST Concerning AES Modes of Operation: CTR-Mode Encryption.
  33. David McGrew and Kenny Paterson. 2012. Authenticated Encryption with AES-CBC and HMAC-SHA. Internet Engi- neering Task Force (IETF). Retrieved from https://tools.ietf.org/html/draft-mcgrew-aead-aes-cbc-hmac-sha2-01.
  34. David McGrew and John Viega. 2005. The Galois/Counter Mode of Operation (GCM). NIST Modes Operation Symmetric Key Block Ciphers.
  35. Amir Moradi, Axel Poschmann, San Ling, Christof Paar, and Huaxiong Wang. 2011. Pushing the limits: A very com- pact and a threshold implementation of AES. In Advances in Cryptology (EUROCRYPT'11). Lecture Notes in Comput. Sci., Vol. 6632. Springer-Verlag, 69-88.
  36. NANGATE. 2008. 45 nm Open Cell Library. (2008).
  37. Dang Khoa Nguyen, Leonardo Lanante, and Hiroshi Ochi. 2013. High throughput-Resource saving hardware imple- mentation of AES-CCM for robust security network. J. Automation and Control Eng. 1, 3 (2013), 250-254.
  38. Milind M. Parelkar and Kris Gaj. 2005. Implementation of EAX mode of operation for FPGA bitstream encryption and authentication. In Proceedings of IEEE International Conference on Field-Programmable Technology.
  39. Phillip Rogaway, Mihir Bellare, and John Black. 2003. OCB: A block-cipher mode of operation for efficient authenti- cated encryption. ACM Trans. Inf. Syst. Secur. 6, 3 (2003), 365-403.
  40. Akashi Satoh, Takeshi Sugawara, and Takafumi Aoki. 2009. High-performance hardware architectures for galois counter mode. IEEE Trans. Comput. 58, 7 (2009), 917-930.
  41. SHA. 2002. Secure Hash Standard. FIPS PUB 180-2, Federal Information Processing Standards Publication.
  42. SHA-3. 2007. Cryptographic Hash Algorithm Competition. NIST. (2007).
  43. Taizo Shirai, Kyoji Shibutani, Toru Akishita, Shiho Moriai, and Tetsu Iwata. 2007. The 128-bit block cipher CLEFIA (extended abstract). In Fast Software Encryption (FSE'07). Lecture Notes in Comput. Sci., Vol. 4593. Springer-Verlag, 181-195.
  44. Antonio Giuseppe Maria Strollo, Ettore Napoli, and Davide De Caro. 2000. New clock-gating techniques for low- power flip-flops. In Proceedings of the International Symposium on Low Power Electronics and Design (ISLPED'00). ACM, 114-119.
  45. Tolga Yalçın and Elif Bilge Kavun. 2013. On the implementation aspects of sponge-based authenticated encryption for pervasive devices. In Smart Card Research and Advanced Applications (CARDIS'12). Lecture Notes in Comput. Sci., Vol. 7771. Springer-Verlag, 141-157.

Related papers

Authenticated Encryption – A Hardware Designer ’ s Perspective
Elif Bilge Kavun

2019

Authenticated encryption (AE) has been a vital operation in cryptography due to its ability to provide confidentiality, integrity, and authenticity at the same time. Its use has soared in parallel with widespread use of the Internet and has led to several new schemes. There have been studies investigating software performance of various schemes. However, the same is yet to be done for hardware. We present a comprehensive survey of hardware (specifically ASIC) performance of the most commonly used AE schemes in the literature. These schemes include encrypt-thenMAC combination, block cipher based AE modes, and the recently-introduced permutation-based AE scheme. For completeness, we implemented each scheme with various standardized block ciphers and/or hash algorithms, and their lightweight versions. Our evaluation targets minimizing the timearea product while maximizing the throughput on an ASIC platform. We used 45 nm NANGATE Open Cell Library for syntheses. We present area, speed, ...

View PDFchevron_right
Performance Evaluation of Lightweight Advanced Encryption Standard Hardware Implementation
herman acla

International Journal of Recent Technology and Engineering (IJRTE), 2019

Advanced Encryption Standard (AES) is one of the most secured encryption algorithm because of its robustness and complexity. Because of its complexity, AES has slow computation. This paper presents a Lightweight Advanced Encryption Standard (LAES) design by replacing the MixColumn transformation of the traditional AES with a 128-bit permutation to lessen its computational complexity. Implementation of hardware cryptographic encryption aims to find the best trade-off between throughput and resource utilization. The proposed design is synthesized on various Field Programmable Gate Array (FPGA) devices and achieves the maximum clock frequency of 480.50 MHz with the highest throughput of 6.15 Gbps when synthesized on Virtex 7 XC7VX690T. The results on other devices show a higher throughput, better performance efficiency, and lesser area utilization when compared to the existing AES hardware implementation.

View PDFchevron_right
AES-GCM and AEGIS: Efficient and High Speed Hardware Implementations
Habib Mehrez

Journal of Signal Processing Systems, 2016

Authenticated Encryption (AE) is a block cipher mode of operation which provides confidentiality and integrity simultaneously. In terms of the hardware implementation, it produces smaller area compared to two separated algorithms. Therefore, it has become popular and a number of modes have been proposed. This paper presents two efficient hardware implementations for AE schemes, AES-GCM and AEGIS. In terms of AES-GCM, the performance of the system is always determined by the Galois Hash (GHASH) architecture because of the inherent computation feedback. This paper introduces an efficient method for implementing the pipelined Karatsuba Ofman Algorithm (KOA)-based GHASH on FPGAs. In particular, the computation feedback is removed by analyzing the complexity of the computation process. In addition, an efficient AEGIS is also implemented using only five AES rounds. The proposed architectures are evaluated with three different implementations of AES SubBytes (BRAMs-based SubBytes, composite field-based SubBytes, and LUT-based SubBytes) to increase the flexibility of the presented work. The presented architectures are implemented using Xilinx Virtex-5 FPGAs. Our comparison to previous work reveals that our architectures are more performance-efficient (Throughput/Slices).

View PDFchevron_right
On Efficient Message Authentication Via Block Cipher Design Techniques
K. Subbalakshmi

Lecture Notes in Computer Science, 2007

In an effort to design a MAC scheme that is built using block cipher components and runs faster than the modes of operation for message authentication, Daemen and Rijmen have proposed a generic MAC construction ALRED and a concrete ALRED instance Pelican. The Pelican MAC uses four rounds of AES as a building block to compute the authentication tag in a CBC-like manner. It is about 2.5 times faster than a CBC-MAC with AES, but it is not proven secure. Minematsu and Tsunoo observed that one can build almost universal (AU2) hash functions using differentially uniform permutations (e.g., four AES rounds with independent keys), and hence, provably secure MAC schemes as well. They proposed two MAC schemes MT-MAC and PC-MAC. MT-MAC hashes the message using a Wegman-Carter binary tree. Its speedup for long messages approaches 2.5, but it is not very memory efficient. PC-MAC hashes the message in a CBC-like manner. It is more memory efficient. However, its speedup over the message authentication modes is about 1.4. We notice that using a non-linear permutation as a building block, one can construct almost XOR universal (AXU 2) hash functions whose security is close to the maximum differential probability of the underlying non-linear permutation. Hence, using four AES rounds as a building block will lead to efficient Wegman-Carter MAC schemes that offer much better security than the modes of operation for message authentication. If the target security is that of the message authentication modes with AES, then one can use non-linear permutations defined on 64-bit blocks and achieve greater speedup and better key agility. For instance, the ideally achievable speedup when using the 64-bit components we suggest is 3.3 to 5.0 as opposed to the 2.5 speedup when using four AES rounds.

View PDFchevron_right
ESTATE: A Lightweight and Low Energy Authenticated Encryption Mode
NILanjan Datta

IACR Transactions on Symmetric Cryptology, 2020

NIST has recently initiated a standardization project for efficient lightweight authenticated encryption schemes. SUNDAE, a candidate in this project, achieves optimal state size which results in low circuit overhead on top of the underlying block cipher. In addition, SUNDAE provides security in nonce-misuse scenario as well. However, in addition to the block cipher circuit, SUNDAE also requires some additional circuitry for multiplication by a primitive element. Further, it requires an additional block cipher invocation to create the starting state. In this paper, we propose a new lightweight and low energy authenticated encryption family, called ESTATE, that significantly improves the design of SUNDAE in terms of implementation costs (both hardware area and energy) and efficient processing of short messages. In particular, ESTATE does not require an additional multiplication circuit, and it reduces the number of block cipher calls by one. Moreover, it provides integrity security e...

View PDFchevron_right

Related topics

  • Computer Science
  • Cryptography
  • Block Cipher
  • Authenticated Encryption
  • Application Specific Integrated ...

    • Cited by

    Authenticated Encryption Based on Chaotic Neural Networks and Duplex Construction
    Nabil Abdoun

    Symmetry

    In this paper, we propose, implement and analyze an Authenticated Encryption with Associated Data Scheme (AEADS) based on the Modified Duplex Construction (MDC) that contains a chaotic compression function (CCF) based on our chaotic neural network revised (CNNR). Unlike the standard duplex construction (SDC), in the MDC there are two phases: the initialization phase and the duplexing phase, each contain a CNNR formed by a neural network with single layer, and followed by a set of non-linear functions. The MDC is implemented with two variants of width, i.e., 512 and 1024 bits. We tested our proposed scheme against the different cryptanalytic attacks. In fact, we evaluated the key and the message sensitivity, the collision resistance analysis and the diffusion effect. Additionally, we tested our proposed AEADS using the different statistical tests such as NIST, Histogram, chi-square, entropy, and correlation analysis. The experimental results obtained on the security performance of th...

    View PDFchevron_right
    580 California St., Suite 400
    San Francisco, CA, 94104
    © 2025 Academia. All rights reserved