Cryptology ePrint Archive: Report 2018/720

HPolyC: length-preserving encryption for entry-level processors

Paul Crowley and Eric Biggers

Abstract: We present HPolyC, a construction which builds on Poly1305, XChaCha12, and a single block cipher invocation per message to offer length-preserving encryption with a fast constant-time implementation where crypto instructions are absent. On an ARM Cortex-A7 processor, HPolyC decrypts 4096-byte messages at 14.5 cycles per byte, over four times faster than AES-256-XTS. Assuming secure primitives, we prove an advantage bound of $\approx 2^{-111}q^2(l + 156)$, where $q$ is the number of queries and $l$ is the sum of message and tweak length in bits.

Category / Keywords: secret-key cryptography / SPRP, VIL, tweakable encryption, disk encryption

Date: received 1 Aug 2018

Contact author: paulcrowley at google com

Available format(s): PDF | BibTeX Citation

Version: 20180803:125623 (All versions of this report)

Short URL: ia.cr/2018/720

Discussion forum: Show discussion | Start new discussion