An Ultra-Fast Authenticated Encryption Scheme with Associated Data Using AES-OTR

Abstract

Applications relying on the Ethernet IEEE 802.3ba and IEEE802.3b standards require secure data encryption and authentication at extremely high speeds (at least 100 Gbit/s). The Galois/Counter Mode (GCM) is currently considered the de facto standard for hardware high-speed authenticated encryption, although other algorithms have been proposed in the literature such as the Offset Codebook Mode (OCB). The challenge in terms of providing security for high-speed applications is to achieve implementations that explore the parallelism of these algorithms; however, this translates into area cost. In this work, we propose an alternative to GCM and OCB. We show that a combination of the Offset Two-Round authenticated-encryption scheme with the AES block cipher (known as AES-OTR) is exceptionally well suited for exploiting fine-grained parallelism, and can therefore be used to achieve ultra-high-speed data encryption rates. The experiments reported in this paper show that our pipeline-parallel implementation of AES-OTR outperforms the GCM and OCB schemes in terms of throughput per area while using almost half of the logic resources. Our implementation used a Stratix 4 FPGA device as well as several devices from the Virtex family. Implementations of AES-OTR on Stratix 4 used 11kALMs and achieved a throughput of 143.65 Gbit/s. On the Virtex Ultrascale, our design used 31,859 LUTs with a throughput of 204.92 Gbit/s.