Paper 2023/1361

Let's Go Eevee! A Friendly and Suitable Family of AEAD Modes for IoT-to-Cloud Secure Computation

Amit Singh Bhati, COSIC, KU Leuven
Erik Pohle, COSIC, KU Leuven
Aysajan Abidin, COSIC, KU Leuven
Elena Andreeva, Technical University of Vienna
Bart Preneel, COSIC, KU Leuven

IoT devices collect privacy-sensitive data, e.g., in smart grids or in medical devices, and send this data to cloud servers for further processing. In order to ensure confidentiality as well as authenticity of the sensor data in the untrusted cloud environment, we consider a transciphering scenario between embedded IoT devices and multiple cloud servers that perform secure multi-party computation (MPC). Concretely, the IoT devices encrypt their data with a lightweight symmetric cipher and send the ciphertext to the cloud servers. To obtain the secret shares of the cleartext message for further processing, the cloud servers engage in an MPC protocol to decrypt the ciphertext in a distributed manner. This way, the plaintext is never exposed to the individual servers. As an important building block in this scenario, we propose a new, provably secure family of lightweight modes for authenticated encryption with associated data (AEAD), called Eevee. The Eevee family has fully parallel decryption, making it suitable for MPC protocols for which the round complexity depends on the complexity of the function they compute. Further, our modes use the lightweight forkcipher primitive that offers fixed-length output expansion and a compact yet parallelizable internal structure. All Eevee members improve substantially over the few available state-of-the-art (SotA) MPC-friendly modes and other standard solutions. We benchmark the Eevee family on a microcontroller and in MPC. Our proposed mode Jolteon (when instantiated with ForkSkinny) provides 1.85x to 3.64x speedup in IoT-encryption time and 3x to 4.5x speedup in both MPC-decryption time and data for very short queries of 8 bytes and, 1.55x to 3.04x and 1.23x to 2.43x speedup, respectively, in MPC-decryption time and data for queries up to 500 bytes when compared against SotA MPC-friendly modes instantiated with SKINNY. We also provide two advanced modes, Umbreon and Espeon, that show a favorable performance-security trade-off with stronger security guarantees such as nonce-misuse security. Additionally, all Eevee members have full $n$-bit security (where $n$ is the block size of the underlying primitive), use a single primitive and require smaller state and HW area when compared with the SotA modes under their original security settings.

Note: This is the full version (with complete proofs, additional experiments and benchmarking results) of the Eevee paper from ACM CCS 2023.

Available format(s)
Secret-key cryptography
Publication info
Published elsewhere. Major revision. ACM CCS 2023
Authenticated encryptionforkcipherlightweightonlinenonce misusebeyond birthdayMPCtransciphering
Contact author(s)
amitsingh bhati @ esat kuleuven be
erik pohle @ esat kuleuven be
aysajan abidin @ esat kuleuven be
elena andreeva @ tuwien ac at
bart preneel @ esat kuleuven be
2023-09-13: approved
2023-09-11: received
See all versions
Short URL
Creative Commons Attribution


      author = {Amit Singh Bhati and Erik Pohle and Aysajan Abidin and Elena Andreeva and Bart Preneel},
      title = {Let's Go Eevee! A Friendly and Suitable Family of AEAD Modes for IoT-to-Cloud Secure Computation},
      howpublished = {Cryptology ePrint Archive, Paper 2023/1361},
      year = {2023},
      doi = {10.1145/3576915.3623091},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.