Paper 2020/608

The Area-Latency Symbiosis: Towards Improved Serial Encryption Circuits

Fatih Balli, Andrea Caforio, and Subhadeep Banik


The bit-sliding paper of Jean et al. (CHES 2017) showed that the smallest-size circuit for SPN based block ciphers such as AES, SKINNY and PRESENT can be achieved via bit-serial implementations. Their technique decreases the bit size of the datapath and naturally leads to a significant loss in latency (as well as the maximum throughput). Their designs complete a single round of the encryption in 168 (resp. 68) clock cycles for 128 (resp. 64) bit blocks. A follow-up work by Banik et al. (FSE 2020) introduced the swap-and-rotate technique that both eliminates this loss in latency and achieves even smaller footprints. In this paper, we extend these results on bit-serial implementations all the way to four authenticated encryption schemes from NIST LWC. Our first focus is to decrease latency and improve throughput with the use of the swap-and-rotate technique. Our block cipher implementations have the most efficient round operations in the sense that a round function of an $n$-bit block cipher is computed in exactly $n$ clock cycles. This leads to implementations that are similar in size to the state of the art, but have much lower latency (savings up to 20 percent). We then extend our technique to 4- and 8-bit implementations. Although these results are promising, block ciphers themselves are not end-user primitives, as they need to be used in conjunction with a mode of operation. Hence, in the second part of the paper, we use our serial block ciphers to bootstrap four active NIST authenticated encryption candidates: SUNDAE-GIFT, Romulus, SAEAES and SKINNY-AEAD. In the wake of this effort, we provide the smallest block-cipher-based authenticated encryption circuits known in the literature so far.

Available format(s)
Secret-key cryptography
Publication info
Published by the IACR in TCHES 2021
lightweightlatencyswaprotateblockcipherauthenticated encryptionNIST LWCAESSKINNYGIFT
Contact author(s)
fatih balli @ epfl ch
andrea caforio @ epfl ch
subhadeep banik @ epfl ch
2020-10-09: last of 3 revisions
2020-05-25: received
See all versions
Short URL
Creative Commons Attribution


      author = {Fatih Balli and Andrea Caforio and Subhadeep Banik},
      title = {The Area-Latency Symbiosis: Towards Improved Serial Encryption Circuits},
      howpublished = {Cryptology ePrint Archive, Paper 2020/608},
      year = {2020},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.