Paper 2018/720

{Adiantum}: length-preserving encryption for entry-level processors

Paul Crowley and Eric Biggers

Abstract

We present HBSH, a simple construction for tweakable length-preserving encryption which supports the fastest options for hashing and stream encryption for processors without AES or other crypto instructions, with a provable quadratic advantage bound. Our composition Adiantum uses NH, Poly1305, XChaCha12, and a single AES invocation. On an ARM Cortex-A7 processor, Adiantum decrypts 4096-byte messages at 10.6 cycles per byte, over five times faster than AES-256-XTS, with a constant-time implementation. We also define HPolyC which is simpler and has excellent key agility at 13.6 cycles per byte.

Note: Fix minor formatting issues

Metadata
Available format(s)
PDF
Publication info
Published by the IACR in FSE 2019
Keywords
secret-key cryptographysuper-pseudorandom permutationvariable input lengthtweakable encryptiondisk encryption
Contact author(s)
paulcrowley @ google com
History
2019-01-07: last of 4 revisions
2018-08-03: received
See all versions
Short URL
https://ia.cr/2018/720
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2018/720,
      author = {Paul Crowley and Eric Biggers},
      title = {{Adiantum}: length-preserving encryption for entry-level processors},
      howpublished = {Cryptology ePrint Archive, Paper 2018/720},
      year = {2018},
      note = {\url{https://eprint.iacr.org/2018/720}},
      url = {https://eprint.iacr.org/2018/720}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.