You are looking at a specific version 20211122:124602 of this paper. See the latest version.

Paper 2021/1523

Perfect Trees: Designing Energy-Optimal Symmetric Encryption Primitives

Andrea Caforio and Subhadeep Banik and Yosuke Todo and Willi Meier and Takanori Isobe and Fukang Liu and Bin Zhang

Abstract

Energy efficiency is critical in battery-driven devices, and designing energy- optimal symmetric-key ciphers is one of the goals for the use of ciphers in such environments. In the paper by Banik et al. (IACR ToSC 2018), stream ciphers were identified as ideal candidates for low-energy solutions. One of the main conclusions of this paper was that Trivium, when implemented in an unrolled fashion, was by far the most energy-efficient way of encrypting larger quantity of data. In fact, it was shown that as soon as the number of databits to be encrypted exceeded 320 bits, Trivium consumed the least amount of energy on STM 90 nm ASIC circuits and outperformed the Midori family of block ciphers even in the least energy hungry ECB mode (Midori was designed specifically for energy efficiency). In this work, we devise the first heuristic energy model in the realm of stream ciphers that links the underlying algebraic topology of the state update function to the consumptive behaviour. The model is then used to derive a metric that exhibits a heavy negative correlation with the energy consumption of a broad range of stream cipher architectures, i.e., the families of Trivium-like, Grain-like and Subterranean-like constructions. We demonstrate that this correlation is especially pronounced for Trivium-like ciphers which leads us to establish a link between the energy consumption and the security guarantees that makes it possible to find several alternative energy- optimal versions of Trivium that meet the requirements but consume less energy. We present two such designs Trivium-LE(F) and Trivium-LE(S) that consume around 15% and 25% less energy respectively making them the to date most energy-efficient encryption primitives. They inherit the same security level as Trivium, i.e., 80-bit security. We further present Triad-LE as an energy-efficient variant satisfying a higher security level. The simplicity and wide applicability of our model has direct consequences for the conception of future hardware-targeted stream ciphers as for the first time it is possible to optimize for energy during the design phase. Moreover, we extend the reach of our model beyond plain encryption primitives and propose a novel energy-efficient message authentication code Trivium-LE-MAC.

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
Published by the IACR in FSE 2021
Keywords
stream ciphersenergypowertriviumhardwareasic
Contact author(s)
andrea caforio @ epfl ch
subhadeep banik @ epfl ch
yosuke todo xt @ hco ntt co jp
willimeier48 @ gmail com
takanori isobe @ ai u-hyogo ac jp
liufukangs @ 163 com
martin_zhangbin @ hotmail com
History
2021-11-22: revised
2021-11-22: received
See all versions
Short URL
https://ia.cr/2021/1523
License
Creative Commons Attribution
CC BY
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.