Paper 2018/916
Forking a Blockcipher for Authenticated Encryption of Very Short Messages
Elena Andreeva, Reza Reyhanitabar, Kerem Varici, and Damian Vizár
Abstract
Highly efficient encryption and authentication of short messages has been identified as an essential requirement for enabling security in constrained computation and communication scenarios such as the CAN FD in automotive systems (with maximum message length of 64 bytes), massive IoT and critical communication domains of 5G, and Narrowband IoT (NB-IoT), to mention some. Accordingly, NIST has specified, as a design requirement in the lightweight cryptography project, that AEAD submissions shall be “optimized to be efficient for short messages (e.g., as short as 8 bytes)”. We propose AEAD schemes that exceed in efficiency over all previous general-purpose modular AEAD designs at processing (very) short inputs. The main ingredient in our solution is a new low-level primitive, called a tweakable forkcipher, which we introduce and formalize in this paper. We give an instance of the tweakable forkcipher and dub it ForkAES. It is based on the tweakable blockcipher KIASU, which relies on the round function of AES and uses the TWEAKEY framework to derive round keys from a 128-bit secret key and a 64-bit tweak. Finally, we demonstrate the applicability of a tweakable forkcipher by designing several provably secure nonce-based AEAD modes of operation, optimized to be efficient for short messages. Considering the AES block size (16 bytes) as a reference, our new AE schemes can beat all known schemes for single-block messages while still performing better than majority of the existing schemes for combined message and associated data lengths up to 4 blocks. While ForkAES as a concrete instantiation for a forkcipher is based on KIASU, we note that our solution provides a general recipe for lightweight AEAD for short messages, even for very resource-constrained scenarios in which AES may not be considered a lightweight option. In those environments, our schemes can be instantiated using a forkcipher that is realized based on the best off-the-shelf lightweight blockcipher, following the TWEAKEY framework.
Metadata
- Available format(s)
- Category
- Secret-key cryptography
- Publication info
- Preprint. MINOR revision.
- Keywords
- Authenticated encryptionshort messageslightweight cryptographyforkcipherForkAES
- Contact author(s)
-
elean @ dtu dk
damian vizar @ csem ch - History
- 2019-11-08: last of 3 revisions
- 2018-09-26: received
- See all versions
- Short URL
- https://ia.cr/2018/916
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2018/916, author = {Elena Andreeva and Reza Reyhanitabar and Kerem Varici and Damian Vizár}, title = {Forking a Blockcipher for Authenticated Encryption of Very Short Messages}, howpublished = {Cryptology {ePrint} Archive, Paper 2018/916}, year = {2018}, url = {https://eprint.iacr.org/2018/916} }