Hardware Oriented Authenticated Encryption Based on Tweakable Block Ciphers

2022 ◽  
Author(s):  
Mustafa Khairallah
Keyword(s):  
Block Ciphers ◽  
Authenticated Encryption

scholarly journals Six shades lighter: a bit-serial implementation of the AES family

2021 ◽  
Author(s):  
Sergio Roldán Lombardía ◽  
Fatih Balli ◽  
Subhadeep Banik
Keyword(s):  
Block Cipher ◽  
Block Ciphers ◽  
Authenticated Encryption ◽  
Current Standard ◽  
Asic Circuit ◽  
The Family ◽  
Encryption And Decryption ◽  
Preliminary Version ◽  
Reduction In Area ◽  
Bit Serial

AbstractRecently, cryptographic literature has seen new block cipher designs such as , or that aim to be more lightweight than the current standard, i.e., . Even though family of block ciphers were designed two decades ago, they still remain as the de facto encryption standard, with being the most widely deployed variant. In this work, we revisit the combined one-in-all implementation of the family, namely both encryption and decryption of each as a single ASIC circuit. A preliminary version appeared in Africacrypt 2019 by Balli and Banik, where the authors design a byte-serial circuit with such functionality. We improve on their work by reducing the size of the compact circuit to 2268 GE through 1-bit-serial implementation, which achieves 38% reduction in area. We also report stand-alone bit-serial versions of the circuit, targeting only a subset of modes and versions, e.g., and . Our results imply that, in terms of area, and can easily compete with the larger members of recently designed family, e.g., , . Thus, our implementations can be used interchangeably inside authenticated encryption candidates such as , or in place of .

scholarly journals Efficient and high speed key-independent AES-based authenticated encryption architecture using FPGAs

2017 ◽  
Vol 7 (1.5) ◽  
pp. 230
Author(s):  
A. Murali ◽  
K Hari Kishore
Keyword(s):  
High Speed ◽  
Hash Functions ◽  
Data Integrity ◽  
Block Ciphers ◽  
Authenticated Encryption ◽  
Time Data ◽  
Cryptographic Primitives ◽  
Security Services ◽  
High Security ◽  
Security Levels

Data manipulations are made with the use of communication and networking systems. But at the same time, data integrity is also a needed and important property that must be maintained in every data communicating systems. For this, the security levels are provided with cryptographic primitives like hash functions and block ciphers which are deployed into the systems. For efficient architectures, FPGA-based systems like AES-GCM and AEGIS-128 plays in the best part of the re-configurability, which supports the security services of such communication and networking systems. We possibly focus on the performance of the systems with the high security of the FPGA bit streams. GF (2128) multiplier is implemented for authentication tasks for high-speed targets. And also, the implementations were evaluated by using vertex 4.5 FPGA’s

scholarly journals The Area-Latency Symbiosis: Towards Improved Serial Encryption Circuits

2020 ◽  
pp. 239-278
Author(s):  
Fatih Balli ◽  
Andrea Caforio ◽  
Subhadeep Banik
Keyword(s):  
Block Cipher ◽  
Block Ciphers ◽  
Significant Loss ◽  
Authenticated Encryption ◽  
End User ◽  
Maximum Throughput ◽  
Mode Of Operation ◽  
Encryption Schemes ◽  
Bit Serial

The bit-sliding paper of Jean et al. (CHES 2017) showed that the smallest-size circuit for SPN based block ciphers such as AES, SKINNY and PRESENT can be achieved via bit-serial implementations. Their technique decreases the bit size of the datapath and naturally leads to a significant loss in latency (as well as the maximum throughput). Their designs complete a single round of the encryption in 168 (resp. 68) clock cycles for 128 (resp. 64) bit blocks. A follow-up work by Banik et al. (FSE 2020) introduced the swap-and-rotate technique that both eliminates this loss in latency and achieves even smaller footprints.In this paper, we extend these results on bit-serial implementations all the way to four authenticated encryption schemes from NIST LWC. Our first focus is to decrease latency and improve throughput with the use of the swap-and-rotate technique. Our block cipher implementations have the most efficient round operations in the sense that a round function of an n-bit block cipher is computed in exactly n clock cycles. This leads to implementations that are similar in size to the state of the art, but have much lower latency (savings up to 20 percent). We then extend our technique to 4- and 8-bit implementations. Although these results are promising, block ciphers themselves are not end-user primitives, as they need to be used in conjunction with a mode of operation. Hence, in the second part of the paper, we use our serial block ciphers to bootstrap four active NIST authenticated encryption candidates: SUNDAE-GIFT, Romulus, SAEAES and SKINNY-AEAD. In the wake of this effort, we provide the smallest block-cipher-based authenticated encryption circuits known in the literature so far.

scholarly journals Efficient Length Doubling From Tweakable Block Ciphers

2017 ◽  
pp. 253-270 ◽  
Author(s):  
Yu Long Chen ◽  
Atul Luykx ◽  
Bart Mennink ◽  
Bart Preneel
Keyword(s):  
Block Cipher ◽  
Block Ciphers ◽  
Encryption Scheme ◽  
Authenticated Encryption ◽  
Arbitrary Length ◽  
Pseudorandom Permutation ◽  
Cryptographic Primitive ◽  
Length Data ◽  
Tweakable Block Cipher ◽  
Integral Data

We present a length doubler, LDT, that turns an n-bit tweakable block cipher into an efficient and secure cipher that can encrypt any bit string of length [n..2n − 1]. The LDT mode is simple, uses only two cryptographic primitive calls (while prior work needs at least four), and is a strong length-preserving pseudorandom permutation if the underlying tweakable block ciphers are strong tweakable pseudorandom permutations. We demonstrate that LDT can be used to neatly turn an authenticated encryption scheme for integral data into a mode for arbitrary-length data.

scholarly journals Minimizing Key Materials: The Even–Mansour Cipher Revisited and Its Application to Lightweight Authenticated Encryption

2020 ◽  
Vol 2020 ◽  
pp. 1-6
Author(s):  
Ping Zhang ◽  
Qian Yuan
Keyword(s):  
Open Problem ◽  
Provable Security ◽  
Simple Structure ◽  
Block Ciphers ◽  
Authenticated Encryption ◽  
Maximal Multiplicity ◽  
Symmetric Key ◽  
Security Bound

The Even–Mansour cipher has been widely used in block ciphers and lightweight symmetric-key ciphers because of its simple structure and strict provable security. Its research has been a hot topic in cryptography. This paper focuses on the problem to minimize the key material of the Even–Mansour cipher while its security bound remains essentially the same. We introduce four structures of the Even–Mansour cipher with a short key and derive their security by Patarin’s H-coefficients technique. These four structures are proven secure up to O˜2k/μ adversarial queries, where k is the bit length of the key material and μ is the maximal multiplicity. Then, we apply them to lightweight authenticated encryption modes and prove their security up to about minb/2,c,k−log μ-bit adversarial queries, where b is the size of the permutation and c is the capacity of the permutation. Finally, we leave it as an open problem to settle the security of the t-round iterated Even–Mansour cipher with short keys.

Improved Meet-in-the-Middle Attacks on Reduced-Round Kiasu-BC and Joltik-BC

2019 ◽  
Vol 62 (12) ◽  
pp. 1761-1776 ◽  
Author(s):  
Ya Liu ◽  
Yifan Shi ◽  
Dawu Gu ◽  
Zhiqiang Zeng ◽  
Fengyu Zhao ◽  
...  
Keyword(s):  
Block Cipher ◽  
Block Ciphers ◽  
Authenticated Encryption ◽  
Caesar Competition ◽  
Encryption Algorithms ◽  
Lightweight Block Cipher

Abstract Kiasu-BC and Joltik-BC are internal tweakable block ciphers of authenticated encryption algorithms Kiasu and Joltik submitted to the CAESAR competition. Kiasu-BC is a 128-bit block cipher, of which tweak and key sizes are 64 and 128 bits, respectively. Joltik-BC-128 is a 64-bit lightweight block cipher supporting 128 bits tweakey. Its designers recommended the key and tweak sizes are both 64 bits. In this paper, we propose improved meet-in-the-middle attacks on 8-round Kiasu-BC, 9-round and 10-round Joltik-BC-128 by exploiting properties of their structures and using precomputation tables and the differential enumeration. For Kiasu-BC, we build a 5-round distinguisher to attack 8-round Kiasu-BC with $2^{109}$ plaintext–tweaks, $2^{112.8}$ encrytions and $2^{92.91}$ blocks. Compared with previously best known cryptanalytic results on 8-round Kiasu-BC under chosen plaintext attacks, the data and time complexities are reduced by $2^{7}$ and $2^{3.2}$ times, respectively. For the recommended version of Joltik-BC-128, we construct a 6-round distinguisher to attack 9-round Joltik-BC-128 with $2^{53}$ plaintext–tweaks, $2^{56.6}$ encryptions and $2^{52.91}$ blocks, respectively. Compared with previously best known results, the data and time complexities are reduced by $2^7$ and $2^{5.1}$ times, respectively. In addition, we present a 6.5-round distinguisher to attack 10-round Joltik-BC-128 with $2^{53}$ plaintext–tweaks, $2^{101.4}$ encryptions and $2^{76.91}$ blocks.

scholarly journals A Security Analysis of Deoxys and its Internal Tweakable Block Ciphers

2017 ◽  
pp. 73-107 ◽  
Author(s):  
Carlos Cid ◽  
Tao Huang ◽  
Thomas Peyrin ◽  
Yu Sasaki ◽  
Ling Song
Keyword(s):  
Linear Programming ◽  
Mixed Integer Linear Programming ◽  
Block Cipher ◽  
Security Analysis ◽  
Block Ciphers ◽  
Mixed Integer ◽  
Authenticated Encryption ◽  
Search Tool ◽  
Caesar Competition ◽  
Milp Model

In this article, we provide the first independent security analysis of Deoxys, a third-round authenticated encryption candidate of the CAESAR competition, and its internal tweakable block ciphers Deoxys-BC-256 and Deoxys-BC-384. We show that the related-tweakey differential bounds provided by the designers can be greatly improved thanks to a Mixed Integer Linear Programming (MILP) based search tool. In particular, we develop a new method to incorporate linear incompatibility in the MILP model. We use this tool to generate valid differential paths for reduced-round versions of Deoxys-BC-256 and Deoxys-BC-384, later combining them into broader boomerang or rectangle attacks. Here, we also develop a new MILP model which optimises the two paths by taking into account the effect of the ladder switch technique. Interestingly, with the tweak in Deoxys-BC providing extra input as opposed to a classical block cipher, we can even consider beyond full-codebook attacks. As these primitives are based on the TWEAKEY framework, we further study how the security of the cipher is impacted when playing with the tweak/key sizes. All in all, we are able to attack 10 rounds of Deoxys-BC-256 (out of 14) and 13 rounds of Deoxys-BC-384 (out of 16). The extra rounds specified in Deoxys-BC to balance the tweak input (when compared to AES) seem to provide about the same security margin as AES-128. Finally we analyse why the authenticated encryption modes of Deoxys mostly prevent our attacks on Deoxys-BC to apply to the authenticated encryption primitive.

scholarly journals SUNDAE: Small Universal Deterministic Authenticated Encryption for the Internet of Things

2018 ◽  
pp. 1-35
Author(s):  
Subhadeep Banik ◽  
Andrey Bogdanov ◽  
Atul Luykx ◽  
Elmar Tischhauser
Keyword(s):  
Internet Of Things ◽  
Research Effort ◽  
Block Ciphers ◽  
Research Area ◽  
The Internet ◽  
Authenticated Encryption ◽  
Secure Storage ◽  
Constrained Environments ◽  
Deterministic Authenticated Encryption ◽  
The Internet Of Things

Lightweight cryptography was developed in response to the increasing need to secure devices for the Internet of Things. After significant research effort, many new block ciphers have been designed targeting lightweight settings, optimizing efficiency metrics which conventional block ciphers did not. However, block ciphers must be used in modes of operation to achieve more advanced security goals such as data confidentiality and authenticity, a research area given relatively little attention in the lightweight setting. We introduce a new authenticated encryption (AE) mode of operation, SUNDAE, specially targeted for constrained environments. SUNDAE is smaller than other known lightweight modes in implementation area, such as CLOC, JAMBU, and COFB, however unlike these modes, SUNDAE is designed as a deterministic authenticated encryption (DAE) scheme, meaning it provides maximal security in settings where proper randomness is hard to generate, or secure storage must be minimized due to expense. Unlike other DAE schemes, such as GCM-SIV, SUNDAE can be implemented efficiently on both constrained devices, as well as the servers communicating with those devices. We prove SUNDAE secure relative to its underlying block cipher, and provide an extensive implementation study, with results in both software and hardware, demonstrating that SUNDAE offers improved compactness and power consumption in hardware compared to other lightweight AE modes, while simultaneously offering comparable performance to GCM-SIV on parallel high-end platforms.

scholarly journals SKINNY-AEAD and SKINNY-Hash

2020 ◽  
pp. 88-131 ◽  
Author(s):  
Christof Beierle ◽  
Jérémy Jean ◽  
Stefan Kölbl ◽  
Gregor Leander ◽  
Amir Moradi ◽  
...  
Keyword(s):  
Internal State ◽  
Block Ciphers ◽  
Third Party ◽  
Authenticated Encryption ◽  
Lightweight Cryptography ◽  
The Family ◽  
Encryption Schemes ◽  
Standardization Process

We present the family of authenticated encryption schemes SKINNY-AEAD and the family of hashing schemes SKINNY-Hash. All of the schemes employ a member of the SKINNY family of tweakable block ciphers, which was presented at CRYPTO 2016, as the underlying primitive. In particular, for authenticated encryption, we show how to instantiate members of SKINNY in the Deoxys-I-like ΘCB3 framework to fulfill the submission requirements of the NIST lightweight cryptography standardization process. For hashing, we use SKINNY to build a function with larger internal state and employ it in a sponge construction. To highlight the extensive amount of third-party analysis that SKINNY obtained since its publication, we briefly survey the existing cryptanalysis results for SKINNY-128-256 and SKINNY-128-384 as of February 2020. In the last part of the paper, we provide a variety of ASIC implementations of our schemes and propose new simple SKINNY-AEAD and SKINNY-Hash variants with a reduced number of rounds while maintaining a very comfortable security margin. https://csrc.nist.gov/Projects/Lightweight-Cryptography

Sign in / Sign up

Export Citation Format

Share Document