Abstract
The bit-sliding paper of Jean et al. (CHES 2017) showed that the smallest-size circuit for SPN based block ciphers such as AES, SKINNY and PRESENT can be achieved via bit-serial implementations. Their technique decreases the bit size of the datapath and naturally leads to a significant loss in latency (as well as the maximum throughput). Their designs complete a single round of the encryption in 168 (resp. 68) clock cycles for 128 (resp. 64) bit blocks. A follow-up work by Banik et al. (FSE 2020) introduced the swap-and-rotate technique that both eliminates this loss in latency and achieves even smaller footprints.In this paper, we extend these results on bit-serial implementations all the way to four authenticated encryption schemes from NIST LWC. Our first focus is to decrease latency and improve throughput with the use of the swap-and-rotate technique. Our block cipher implementations have the most efficient round operations in the sense that a round function of an n-bit block cipher is computed in exactly n clock cycles. This leads to implementations that are similar in size to the state of the art, but have much lower latency (savings up to 20 percent). We then extend our technique to 4- and 8-bit implementations. Although these results are promising, block ciphers themselves are not end-user primitives, as they need to be used in conjunction with a mode of operation. Hence, in the second part of the paper, we use our serial block ciphers to bootstrap four active NIST authenticated encryption candidates: SUNDAE-GIFT, Romulus, SAEAES and SKINNY-AEAD. In the wake of this effort, we provide the smallest block-cipher-based authenticated encryption circuits known in the literature so far.
Highlights
The number of applications that rely on standard cryptographic primitives to establish a secure communication channel grow larger each day
Given the large variety of platforms these applications are run by, the available device resources spread to a large spectrum. Those applications related to IoT, sensor networks, RFID, vehicle-to-vehicle communication suffer from having tight security budgets. They rely on the future promise by an emerging field, that is lightweight cryptography, where new standards of primitives that are cheaper in terms of hardware footprint, energy, power and latency are anticipated
In the first part of the paper, we provide 1/4/8-bit-serial architectures for the popular 128-bit block size variants of the block ciphers AES, SKINNY, GIFT∗ and GIFT, which are popular among NIST candidates
Summary
The number of applications that rely on standard cryptographic primitives to establish a secure communication channel grow larger each day. Given the large variety of platforms these applications are run by, the available device resources spread to a large spectrum. In this spectrum, those applications related to IoT, sensor networks, RFID, vehicle-to-vehicle communication suffer from having tight security budgets. Those applications related to IoT, sensor networks, RFID, vehicle-to-vehicle communication suffer from having tight security budgets They rely on the future promise by an emerging field, that is lightweight cryptography, where new standards of primitives that are cheaper in terms of hardware footprint, energy, power and latency are anticipated. The candidates, 32 of which are elected for the second round, provide new designs for an authenticated encryption primitive, with the final goal of attaining security and lightweightness at the same time
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
