Paper 2020/1374

ELM : A Low-Latency and Scalable Memory Encryption Scheme

Akiko Inoue, NEC (Japan)
Kazuhiko Minematsu, NEC (Japan)
Maya Oda, Tohoku University
Rei Ueno, Tohoku University
Naofumi Homma, Tohoku University

Memory encryption with an authentication tree has received significant attentions due to the increasing threats of active attacks and the widespread use of non-volatile memories. It is also gradually deployed to real-world systems, as shown by SGX available in Intel processors. The topic of memory encryption has been recently extensively studied, most actively from the viewpoint of system architecture. In this paper, we study the topic from the viewpoint of provable secure symmetric-key designs, with a primal focus on latency which is an important criterion for memory. A progress in such a direction can be observed in the memory encryption scheme inside SGX (SGX integrity tree or SIT). It uses dedicated, low-latency symmetric-key components, i.e., a message authentication code (MAC) and an authenticated encryption (AE) scheme based on AES-GCM. SIT has an excellent latency, however, it has a scalability issue for its on-chip memory size. By carefully examining the required behavior of MAC and AE schemes and their interactions in the tree operations, we develop a new memory encryption scheme called ELM. It consists of fully-parallelizable, low-latency MAC and AE schemes and utilizes an incremental property of the MAC. Our AE scheme is similar to OCB, however it improves OCB in terms of decryption latency. To showcase the effectiveness, we consider instantiations of ELM using the same cryptographic cores as SIT, and show that ELM has significantly lower latency than SIT for large memories. We also conducted preliminary hardware implementations to show that the total implementation size is comparable to SIT.

Note: Preliminary version. Refer to IEEE TIFS for the published version.

Available format(s)
Secret-key cryptography
Publication info
Published elsewhere. IEEE Transactions on Information Forensics and Security
Memory encryption Authentication Tree Latency Mode of Operations SGX
Contact author(s)
a_inoue @ nec com
k-minematsu @ nec com
rei ueno a8 @ tohoku ac jp
naofumi homma c8 @ tohoku ac jp
2022-07-20: revised
2020-11-10: received
See all versions
Short URL
Creative Commons Attribution


      author = {Akiko Inoue and Kazuhiko Minematsu and Maya Oda and Rei Ueno and Naofumi Homma},
      title = {ELM : A Low-Latency and Scalable Memory Encryption Scheme},
      howpublished = {Cryptology ePrint Archive, Paper 2020/1374},
      year = {2020},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.