## Cryptology ePrint Archive: Report 2020/608

Low-latency Meets Low-area: An Improved Bit-Sliding Technique for AES, SKINNY and GIFT

Fatih Balli and Andrea Caforio and Subhadeep Banik

Abstract: The bit-sliding work of Jean et al. (CHES 2017) showed that the smallest-size circuit for SPN based blockciphers such as AES, SKINNY and, PRESENT can be achieved via bit-serial implementations. Their technique decreases the bitsize of the datapath, and it naturally leads to significant loss in latency (as well as the maximum throughput). Their designs complete a single round of the encryption in 168, 168 (for 128-bit blocks), 68 clock cycles (for 64-bit block) respectively. A follow-up work by Banik et al. (FSE 2020) introduced the swap-and-rotate technique that both eliminates this loss in latency and achieves even smaller footprint.

In the paper, we extend these results on bit-serial implementations all the way to three authenticated encryption schemes from NIST LWC. Our first focus is to decrease latency and improve throughput with the use of swap-and-rotate technique. Our blockcipher implementations have the most efficient round operations in the sense that a round function of a $n$-bit blockcipher is computed in exactly $n$ clock cycles. This leads to implementations that are similar in size to the state-of-the-art, but have much lower latency (savings up to 20 percent).

Though these results are promising, blockciphers themselves are not end-user primitives, as they need to used together with a mode of operation. Hence, in the second part of the paper, we use our blockciphers in bit-serial implementations for three active NIST authenticated encryption candidates: SUNDAE-GIFT, Romulus and SAEAES. We provide the smallest blockcipher-based authenticated encryption circuits known in the literature so far.

Category / Keywords: secret-key cryptography / lightweight, latency, swap, rotate, blockcipher, authenticated encryption, NIST LWC, AES, SKINNY, GIFT

Date: received 23 May 2020, last revised 30 May 2020

Contact author: fatih balli at epfl ch, andrea caforio@epfl ch, subhadeep banik@epfl ch

Available format(s): PDF | BibTeX Citation

Short URL: ia.cr/2020/608

[ Cryptology ePrint archive ]