Abstract
In CHES 2017, Chakraborti et al. proposed COFB, a rate-1 sequential block cipher-based authenticated encryption (AE) with only 1.5n-bit state, where n denotes the block size. They used a novel approach, the so-called combined feedback, where each block cipher input has a combined effect of the previous block cipher output and the current plaintext block. In this paper, we first study the security of a general rate-1 feedback-based AE scheme in terms of its overall internal state size. For a large class of feedback functions, we show that the overlying AE scheme can be attacked in 2r queries if the internal state size is n + r bits for some r ≥ 0. This automatically shows that a birthday bound (i.e. 2n/2 queries) secure AE scheme must have at least 1.5n-bit state, whence COFB is almost-optimal (use 1.5n-bit state and provides security up to 2n/2/n queries). We propose a new feedback function, called the hybrid feedback or HyFB, which is a hybrid composition of plaintext and ciphertext feedbacks. HyFB has a key advantage of lower XOR counts over the combined feedback function. This essentially helps in reducing the hardware footprint. Based on HyFB we propose a new AE scheme, called HyENA, that achieves the state size, rate, and security of COFB. In addition, HyENA has significantly lower XOR counts as compared to COFB, whence it is expected to have a smaller implementation as compared to COFB.
Highlights
The era of the so-called Internet of Things (IoT)—communication networks interconnecting several small devices—is rapidly emerging
Several lightweight authenticated encryption (AE) schemes have mushroomed in recent years, including: Ascon [DEMS16], ACORN [Wu16], CLOC/SILC [IMG+,IMG+16], JAMBU [WH16] etc. from the CAESAR competition, and COFB [CIMN17a], Beetle [CDNY18], SUNDAE [BBLT18], SAEB [NMSS18] etc. from the ongoing NIST LwC project
HyFB Feedback Function: With an aim of reducing the XOR counts, we propose a new feedback function, called the Hybrid feedback or HyFB, which is a hybrid of Plaintext Feedback (PFB) and Ciphertext Feedback (CFB)
Summary
The era of the so-called Internet of Things (IoT)—communication networks interconnecting several small devices—is rapidly emerging. Authenticated encryption or AE is a symmetrickey cryptographic primitive that is expected to play a key role in securing IoT networks. This expectation is largely due to the fact that AE schemes can achieve both confidentiality and authenticity—two major concerns in information security. In particular lightweight AE schemes have seen a sudden surge in demand. The recently concluded CAESAR competition and the ongoing NIST LwC project gave new impetus to the design and analysis of lightweight AE schemes. Several lightweight AE schemes have mushroomed in recent years, including: Ascon [DEMS16], ACORN [Wu16], CLOC/SILC [IMG+,IMG+16], JAMBU [WH16] etc. Several lightweight AE schemes have mushroomed in recent years, including: Ascon [DEMS16], ACORN [Wu16], CLOC/SILC [IMG+,IMG+16], JAMBU [WH16] etc. from the CAESAR competition, and COFB [CIMN17a], Beetle [CDNY18], SUNDAE [BBLT18], SAEB [NMSS18] etc. from the ongoing NIST LwC project
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
