Paper 2013/791

APE: Authenticated Permutation-Based Encryption for Lightweight Cryptography

Elena Andreeva, Begül Bilgin, Andrey Bogdanov, Atul Luykx, Bart Mennink, Nicky Mouha, and Kan Yasuda

Abstract

The domain of lightweight cryptography focuses on cryptographic algorithms for extremely constrained devices. It is very costly to avoid nonce reuse in such environments, because this requires either a secure pseudorandom number generator (PRNG), or non-volatile memory to store a counter. At the same time, a lot of cryptographic schemes actually require the nonce assumption for their security. In this paper, we propose APE as the first permutation-based authenticated encryption scheme that is resistant against nonce misuse. We formally prove that APE is secure, based on the security of the underlying permutation. To decrypt, APE processes the ciphertext blocks in reverse order, and uses inverse permutation calls. APE therefore requires a permutation that is both efficient for forward and inverse calls. We instantiate APE with the permutations of three recent lightweight hash function designs: quark, photon, and spongent. For any of these permutations, an implementation that supports both encryption and decryption requires less than 1.9~kGE and 2.8~kGE for 80-bit and 128-bit security levels, respectively.

Note: Minor modifications.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
A major revision of an IACR publication in FSE 2014
Keywords
APEAuthenticated EncryptionSponge FunctionOnlineDeterministicPermutation-basedMisuse Resistant
Contact author(s)
ape @ esat kuleuven be
History
2014-05-14: last of 2 revisions
2013-11-30: received
See all versions
Short URL
https://ia.cr/2013/791
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2013/791,
      author = {Elena Andreeva and Begül Bilgin and Andrey Bogdanov and Atul Luykx and Bart Mennink and Nicky Mouha and Kan Yasuda},
      title = {{APE}: Authenticated Permutation-Based Encryption for Lightweight Cryptography},
      howpublished = {Cryptology {ePrint} Archive, Paper 2013/791},
      year = {2013},
      url = {https://eprint.iacr.org/2013/791}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.