The Area-Latency Symbiosis: Towards Improved Serial Encryption Circuits
The bit-sliding paper of Jean et al. (CHES 2017) showed that the smallest-size circuit for SPN based block ciphers such as AES, SKINNY and PRESENT can be achieved via bit-serial implementations. Their technique decreases the bit size of the datapath and naturally leads to a significant loss in laten...
Saved in:
| Published in | IACR transactions on cryptographic hardware and embedded systems Vol. 2021; no. 1; pp. 239 - 278 |
|---|---|
| Main Authors | , , |
| Format | Journal Article |
| Language | English |
| Published |
Ruhr-Universität Bochum
03.12.2020
|
| Subjects | |
| Online Access | Get full text |
Cover
Loading…
| Abstract | The bit-sliding paper of Jean et al. (CHES 2017) showed that the smallest-size circuit for SPN based block ciphers such as AES, SKINNY and PRESENT can be achieved via bit-serial implementations. Their technique decreases the bit size of the datapath and naturally leads to a significant loss in latency (as well as the maximum throughput). Their designs complete a single round of the encryption in 168 (resp. 68) clock cycles for 128 (resp. 64) bit blocks. A follow-up work by Banik et al. (FSE 2020) introduced the swap-and-rotate technique that both eliminates this loss in latency and achieves even smaller footprints.In this paper, we extend these results on bit-serial implementations all the way to four authenticated encryption schemes from NIST LWC. Our first focus is to decrease latency and improve throughput with the use of the swap-and-rotate technique. Our block cipher implementations have the most efficient round operations in the sense that a round function of an n-bit block cipher is computed in exactly n clock cycles. This leads to implementations that are similar in size to the state of the art, but have much lower latency (savings up to 20 percent). We then extend our technique to 4- and 8-bit implementations. Although these results are promising, block ciphers themselves are not end-user primitives, as they need to be used in conjunction with a mode of operation. Hence, in the second part of the paper, we use our serial block ciphers to bootstrap four active NIST authenticated encryption candidates: SUNDAE-GIFT, Romulus, SAEAES and SKINNY-AEAD. In the wake of this effort, we provide the smallest block-cipher-based authenticated encryption circuits known in the literature so far. |
|---|---|
| AbstractList | The bit-sliding paper of Jean et al. (CHES 2017) showed that the smallest-size circuit for SPN based block ciphers such as AES, SKINNY and PRESENT can be achieved via bit-serial implementations. Their technique decreases the bit size of the datapath and naturally leads to a significant loss in latency (as well as the maximum throughput). Their designs complete a single round of the encryption in 168 (resp. 68) clock cycles for 128 (resp. 64) bit blocks. A follow-up work by Banik et al. (FSE 2020) introduced the swap-and-rotate technique that both eliminates this loss in latency and achieves even smaller footprints.In this paper, we extend these results on bit-serial implementations all the way to four authenticated encryption schemes from NIST LWC. Our first focus is to decrease latency and improve throughput with the use of the swap-and-rotate technique. Our block cipher implementations have the most efficient round operations in the sense that a round function of an n-bit block cipher is computed in exactly n clock cycles. This leads to implementations that are similar in size to the state of the art, but have much lower latency (savings up to 20 percent). We then extend our technique to 4- and 8-bit implementations. Although these results are promising, block ciphers themselves are not end-user primitives, as they need to be used in conjunction with a mode of operation. Hence, in the second part of the paper, we use our serial block ciphers to bootstrap four active NIST authenticated encryption candidates: SUNDAE-GIFT, Romulus, SAEAES and SKINNY-AEAD. In the wake of this effort, we provide the smallest block-cipher-based authenticated encryption circuits known in the literature so far. |
| Author | Caforio, Andrea Balli, Fatih Banik, Subhadeep |
| Author_xml | – sequence: 1 givenname: Fatih surname: Balli fullname: Balli, Fatih – sequence: 2 givenname: Andrea surname: Caforio fullname: Caforio, Andrea – sequence: 3 givenname: Subhadeep surname: Banik fullname: Banik, Subhadeep |
| BookMark | eNpNkF1rwjAUhsNwMOf8DesfqMt3mt2JOCcIu9Bdh9M0nRFtJOkc_ffr6hi7Oi_nheeF5x6NmtA4hB4JnnEpCvnU2r1LswvFlMw8mVGmc6qKGzSmQvZRUzH6l-_QNKUDxpgKLIjSY7Ta7V02jw7yDbSusV227U6lD8mn52wXviBWKVufzjFcXJVtXfRwzJaNjd259aHJFj7aT9-mB3RbwzG56e-doPeX5W7xmm_eVuvFfJNbyoo2V6BKRQHA0kI7XkinLOBaYub6qnLcKlFqkEKBprQueCkY5xWreGWlIpxN0PrKrQIczDn6E8TOBPBmeIT4YSC23h6dUVhSQhwpWE1-lrS0QLQllnPJK6J6lrqybAwpRVf_8Qg2g14z6DWDXuOJ6fWaXi_7BlXfcWE |
| CitedBy_id | crossref_primary_10_1049_2024_7047055 |
| ContentType | Journal Article |
| DBID | AAYXX CITATION DOA |
| DOI | 10.46586/tches.v2021.i1.239-278 |
| DatabaseName | CrossRef DOAJ Directory of Open Access Journals |
| DatabaseTitle | CrossRef |
| DatabaseTitleList | CrossRef |
| Database_xml | – sequence: 1 dbid: DOA name: DOAJ Directory of Open Access Journals url: https://www.doaj.org/ sourceTypes: Open Website |
| DeliveryMethod | fulltext_linktorsrc |
| EISSN | 2569-2925 |
| EndPage | 278 |
| ExternalDocumentID | oai_doaj_org_article_706211e183f1486e96ca19c1c4464d17 10_46586_tches_v2021_i1_239_278 |
| GroupedDBID | AAFWJ AAYXX AFPKN ALMA_UNASSIGNED_HOLDINGS CITATION GROUPED_DOAJ M~E OK1 |
| ID | FETCH-LOGICAL-c238t-7a7b72aaac289e486e7ca0f603e7a7de4c75b9a657a922f84b5344d3d4dc67143 |
| IEDL.DBID | DOA |
| ISSN | 2569-2925 |
| IngestDate | Thu Jul 04 21:10:46 EDT 2024 Fri Aug 23 03:12:25 EDT 2024 |
| IsDoiOpenAccess | true |
| IsOpenAccess | true |
| IsPeerReviewed | true |
| IsScholarly | true |
| Issue | 1 |
| Language | English |
| LinkModel | DirectLink |
| MergedId | FETCHMERGED-LOGICAL-c238t-7a7b72aaac289e486e7ca0f603e7a7de4c75b9a657a922f84b5344d3d4dc67143 |
| OpenAccessLink | https://doaj.org/article/706211e183f1486e96ca19c1c4464d17 |
| PageCount | 40 |
| ParticipantIDs | doaj_primary_oai_doaj_org_article_706211e183f1486e96ca19c1c4464d17 crossref_primary_10_46586_tches_v2021_i1_239_278 |
| PublicationCentury | 2000 |
| PublicationDate | 2020-12-03 |
| PublicationDateYYYYMMDD | 2020-12-03 |
| PublicationDate_xml | – month: 12 year: 2020 text: 2020-12-03 day: 03 |
| PublicationDecade | 2020 |
| PublicationTitle | IACR transactions on cryptographic hardware and embedded systems |
| PublicationYear | 2020 |
| Publisher | Ruhr-Universität Bochum |
| Publisher_xml | – name: Ruhr-Universität Bochum |
| SSID | ssj0002505179 |
| Score | 2.1909468 |
| Snippet | The bit-sliding paper of Jean et al. (CHES 2017) showed that the smallest-size circuit for SPN based block ciphers such as AES, SKINNY and PRESENT can be... |
| SourceID | doaj crossref |
| SourceType | Open Website Aggregation Database |
| StartPage | 239 |
| SubjectTerms | Authenticated Encryption Block Cipher Latency Lightweight Rotate Swap |
| Title | The Area-Latency Symbiosis: Towards Improved Serial Encryption Circuits |
| URI | https://doaj.org/article/706211e183f1486e96ca19c1c4464d17 |
| Volume | 2021 |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| link | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwrV09T8MwELVQJxYEAkT5UgbWtHHs2AkbVC0VAhZaqZtlO46UgRQ1KVL_PXd2QdlYWJ0oSt5dfO_Z5ztC7hJZaekY7vprEXNp8J8zPE5zYB-WOmY1Lg28von5kj-vslWv1RfmhIXywAG4sUwEaBQHnlcBcxeuEFbTwlILOoaXNJwjp1lPTOEcjIEdXC0kdHGIsmKMILSjLxD7dFSDMmRFnGJztV446lXt9-FldkyO9rwwegjvc0IOXHNKnsCIMOR0_KKR2-6i992Hqddt3d5HC5_w2kZhWcCVUVjoiqaN3ez8RBBN6o3d1l17Rpaz6WIyj_edD2ILIbSLpZZGplprC3rI4WdLq5NKJMzBpdJxKzNTaJFJXaRplXOTMc5LVvLSCuxofk4GzbpxFyQChmZzm5ZFonHPLskNIMdEkVXOUqP5kCQ_AKjPUOBCgTDwmCmPmfKYqZoqwEwBZkPyiED93o4Vqv0A2E3t7ab-stvlfzzkihymqH8xvYRdk0G32bobIAmdufX-8A0f9rcf |
| link.rule.ids | 315,786,790,870,2115,27955,27956 |
| linkProvider | Directory of Open Access Journals |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=The+Area-Latency+Symbiosis%3A+Towards+Improved+Serial+Encryption+Circuits&rft.jtitle=IACR+transactions+on+cryptographic+hardware+and+embedded+systems&rft.au=Balli%2C+Fatih&rft.au=Caforio%2C+Andrea&rft.au=Banik%2C+Subhadeep&rft.date=2020-12-03&rft.issn=2569-2925&rft.eissn=2569-2925&rft.spage=239&rft.epage=278&rft_id=info:doi/10.46586%2Ftches.v2021.i1.239-278&rft.externalDBID=n%2Fa&rft.externalDocID=10_46586_tches_v2021_i1_239_278 |
| thumbnail_l | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=2569-2925&client=summon |
| thumbnail_m | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=2569-2925&client=summon |
| thumbnail_s | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=2569-2925&client=summon |