Cryptology ePrint Archive: Report 2018/720

{Adiantum}: length-preserving encryption for entry-level processors

Paul Crowley and Eric Biggers

Abstract: We present HBSH, a simple construction for tweakable length-preserving encryption which supports the fastest options for hashing and stream encryption for processors without AES or other crypto instructions, with a provable quadratic advantage bound. Our composition Adiantum uses NH, Poly1305, XChaCha12, and a single AES invocation. On an ARM Cortex-A7 processor, Adiantum decrypts 4096-byte messages at 10.6 cycles per byte, over five times faster than AES-256-XTS, with a constant-time implementation. We also define HPolyC which is simpler and has excellent key agility at 13.6 cycles per byte.

Category / Keywords: secret-key cryptography, super-pseudorandom permutation, variable input length, tweakable encryption, disk encryption

Original Publication (in the same form): IACR-FSE-2019

Date: received 1 Aug 2018, last revised 28 Nov 2018

Contact author: paulcrowley at google com

Available format(s): PDF | BibTeX Citation

Note: As submitted to ToSC Volume 2018 Issue 4

Version: 20181128:222245 (All versions of this report)

Short URL: ia.cr/2018/720


[ Cryptology ePrint archive ]