Cryptology ePrint Archive: Report 2016/190

A MAC Mode for Lightweight Block Ciphers

Atul Luykx, Bart Preneel, Elmar Tischhauser, Kan Yasuda

Abstract: Lightweight cryptography strives to protect communication in constrained environments without sacrificing security. However, security often conflicts with efficiency, shown by the fact that many new lightweight block cipher designs have block sizes as low as 64 or 32 bits. Due to the birthday bound, such low block sizes lead to impractical limits on how much data a mode of operation can process per key. MAC (message authentication code) modes of operation frequently have bounds which degrade with both the number of messages queried and the message length. We present a MAC mode of operation, LightMAC, where the message length has no effect on the security bound, allowing an order of magnitude more data to be processed per key. Furthermore, LightMAC is incredibly simple, has almost no overhead over the block cipher, and is parallelizable. As a result, LightMAC not only offers compact authentication for resource-constrained platforms, but also allows high-performance parallel implementations. We highlight this in a comprehensive implementation study, instantiating LightMAC with PRESENT and the AES. Moreover, LightMAC allows flexible trade-offs between rate and maximum message length. Unlike PMAC and its many derivatives, LightMAC is not covered by patents. Altogether, this makes it a promising authentication primitive for a wide range of platforms and use cases.

Category / Keywords: secret-key cryptography / lightweight, MAC, LightMAC, message length, birthday bound, integrity, verification

Original Publication (in the same form): IACR-FSE-2016

Date: received 23 Feb 2016

Contact author: atul luykx at esat kuleuven be

Available format(s): PDF | BibTeX Citation

Version: 20160223:163122 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]