Paper 2017/849

FAST: Disk Encryption and Beyond

Debrup Chakraborty and Sebati Ghosh and Cuauhtemoc Mancillas Lopez and Palash Sarkar

Abstract

This work introduces \sym{FAST} which is a new family of cryptographic primitives. Several instantiations of \sym{FAST} are described. These are targeted towards two goals, the specific task of disk encryption and a more general scheme suitable for a wide variety of practical applications. A major contribution of this work is to present detailed and careful implementations of several instantiations of FAST in both software and hardware. For disk encryption, the results from the implementations show that FAST compares very favourably to the IEEE disk encryption standards XCB and EME2 as well as the more recent proposal AEZ. Formally, FAST is a new family of tweakable enciphering schemes. It is built using a fixed input length pseudo-random function and an appropriate hash function. FAST uses a single-block key, is parallelisable and can be instantiated using only the encryption function of a block cipher. The hash function can be instantiated using either the Horner's rule based usual polynomial hashing or hashing based on the more efficient Bernstein-Rabin-Winograd polynomials. Security of FAST has been rigorously analysed using the standard provable security approach and concrete security bounds have been derived. Based on our implementation results, we put forward FAST as a serious candidate for standardisation and deployment.

Note: Added detailed comparison to AEZ instantiated with the full AES.