Abstract
NIST has recently initiated a standardization project for efficient lightweight authenticated encryption schemes. SUNDAE, a candidate in this project, achieves optimal state size which results in low circuit overhead on top of the underlying block cipher. In addition, SUNDAE provides security in nonce-misuse scenario as well. However, in addition to the block cipher circuit, SUNDAE also requires some additional circuitry for multiplication by a primitive element. Further, it requires an additional block cipher invocation to create the starting state. In this paper, we propose a new lightweight and low energy authenticated encryption family, called ESTATE, that significantly improves the design of SUNDAE in terms of implementation costs (both hardware area and energy) and efficient processing of short messages. In particular, ESTATE does not require an additional multiplication circuit, and it reduces the number of block cipher calls by one. Moreover, it provides integrity security even under the release of unverified plaintext (or RUP) model. ESTATE is based on short-tweak tweakable block ciphers (or tBC, small ’t’ denotes short tweaks) and we instantiate it with two recently designed tBCs: TweAES and TweGIFT. We also propose a low latency variant of ESTATE, called sESTATE, that uses a round-reduced (6 rounds) variant of TweAES called TweAES-6. We provide comprehensive FPGA based hardware implementation for all the three instances. The implementation results depict that ESTATE_TweGIFT-128 (681 LUTs, 263 slices) consumes much lesser area as compared to SUNDAE_GIFT-128 (931 LUTs, 310 slices). When we moved to the AES variants, along with the area-efficiency (ESTATE_TweAES consumes 1901 LUTs, 602 slices while SUNDAE_AES-128 needs 1922 LUTs, 614 slices), we also achieve higher throughput for short messages (For 16-byte message, a throughput of 1251.10 and 945.36 Mbps for ESTATE_TweAES and SUNDAE_AES-128 respectively).
Highlights
In recent years, lightweight authenticated encryption with associated data (AEAD) has seen a sudden surge in interest due to the advent of Internet of things (IoT)
By the H-coefficient technique of Theorem 1, we obtain for the remaining distance of (4): AdvAΠERUP(A) ≤ ratio + bad, where ratio = 0 given the bound of Lemma 2 and bad is set to be the bound of Lemma 1
We first describe the hardware implementation results for TweAES and TweGIFT followed by the implementation details of our cipher family ESTATE
Summary
Lightweight authenticated encryption with associated data (AEAD) has seen a sudden surge in interest due to the advent of Internet of things (IoT). The present AEAD standards are not suitable in the spectrum of lightweight applications as they are designed for more general use-cases. This leads to the call for standardization process for new lightweight AE designs. The designs are mainly (tweakable) block cipher, stream cipher or permutation-based. Block cipher based designs have one particular advantage. Received: 2019-12-10, Revised: 2020-03-15, Accepted: 2020-04-01, Published: 2020-06-22 as we can have a concrete security proof in the standard model. It is attractive to design a TBC-based AEAD with a small state (low storage), fewer primitive invocations (low energy) as well as concrete security analysis. The designs mainly target the following properties
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
