Cryptology ePrint Archive: Report 2021/960

The SPEEDY Family of Block Ciphers - Engineering an Ultra Low-Latency Cipher from Gate Level for Secure Processor Architectures

Gregor Leander and Thorben Moos and Amir Moradi and Shahram Rasoolzadeh

Abstract: We introduce SPEEDY, a family of ultra low-latency block ciphers. We mix engineering expertise into each step of the cipher’s design process in order to create a secure encryption primitive with an extremely low latency in CMOS hardware. The centerpiece of our constructions is a high-speed 6-bit substitution box whose coordinate functions are realized as two-level NAND trees. In contrast to other low-latency block ciphers such as PRINCE, PRINCEv2, MANTIS and QARMA, we neither constrain ourselves by demanding decryption at low overhead, nor by requiring a super low area or energy. This freedom together with our gate- and transistor-level considerations allows us to create an ultra low-latency cipher which outperforms all known solutions in single-cycle encryption speed. Our main result, SPEEDY-6-192, is a6-round 192-bit block and 192-bit key cipher which can be executed faster in hardware than any other known encryption primitive (including Gimli in Even-Mansour scheme and the Orthros pseudorandom function) and offers 128-bit security. One round more, i.e., SPEEDY-7-192, provides full 192-bit security. SPEEDY primarily targets hardware security solutions embedded in high-end CPUs, where area and energy restrictions are secondary while high performance is the number one priority.

Category / Keywords: secret-key cryptography / Low-Latency Cryptography, High-Speed Encryption, Block Cipher

Original Publication (with minor differences): IACR-CHES-2021

Date: received 16 Jul 2021

Contact author: gregor leander at rub de, thorben moos at rub de, amir moradi at rub de, shahram rasoolzadeh at ru nl

Available format(s): PDF | BibTeX Citation

Version: 20210722:090912 (All versions of this report)

Short URL: ia.cr/2021/960


[ Cryptology ePrint archive ]