TriviA and uTriviA : two fast and secure authenticated encryption schemes
In this paper, we propose two hardware optimized authenticated encryption schemes: TriviA-v2 and uTriviA. Both TriviA-v2, an efficient hardware optimization of TriviA-0-v1, and uTriviA are based on (i) a stream cipher for generating keys for the ciphertext and the tag, and (ii) a pairwise independen...
Saved in:
Main Authors: | , , , |
---|---|
Other Authors: | |
Format: | Article |
Language: | English |
Published: |
2020
|
Subjects: | |
Online Access: | https://hdl.handle.net/10356/139518 |
Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
Institution: | Nanyang Technological University |
Language: | English |
id |
sg-ntu-dr.10356-139518 |
---|---|
record_format |
dspace |
spelling |
sg-ntu-dr.10356-1395182020-05-20T03:34:25Z TriviA and uTriviA : two fast and secure authenticated encryption schemes Chakraborti, Avik Chattopadhyay, Anupam Muhammad Hassan Mridul Nandi School of Computer Science and Engineering Engineering::Computer science and engineering Trivium Stream Cipher In this paper, we propose two hardware optimized authenticated encryption schemes: TriviA-v2 and uTriviA. Both TriviA-v2, an efficient hardware optimization of TriviA-0-v1, and uTriviA are based on (i) a stream cipher for generating keys for the ciphertext and the tag, and (ii) a pairwise independent hash to compute the tag. We have adopted one of the ISO-standardized stream ciphers for lightweight cryptography, namely Trivium, to obtain our underlying stream cipher. The main structure of TriviA-v2 remains same as TriviA-0-v1, except some changes in the internal functions. The stream cipher used both in TriviA-v2 and uTriviA has a 384-bit state, slightly larger than Trivium, and can accommodate a 128-bit secret key and IV. TriviA-v2 uses a pairwise independent hash which is an adaptation of the EHC or “Encode-Hash-Combine” hash that requires the optimum number of field multiplications and hence requires small hardware footprint. uTriviA uses a pairwise independent hash which is an adaptation of the HC or “Hash-Combine” hash which is close to EHC but does not use any encode function. We prove that TriviA-v2 construction has at least 128-bit security for privacy and 124-bit security of authenticity under the assumption that the underlying stream cipher produces a pseudorandom bit stream. The uTriviA construction achieves at least 128-bit security for privacy and 93-bit security of authenticity under the same assumption. We have implemented the designs in synthesizable RTL. Pre-layout synthesis using 65 nm standard cell technology reveals that TriviA-v2 is able to achieve a high throughput of 65.9 Gbps for an area of 21.2 KGE, whereas TriviA-0-v1 achieved a much higher hardware area. The uTriviA design achieves a hardware area of only 16.74 KGE, which is lowest among all the TriviA variants but with a lower throughput of 36.76 Gbps. Finally, we provide a brief comparison between the three constructions TriviA-0-v1, TriviA-v2 and uTriviA and the other standard implementations in terms of hardware area-efficiency metric. 2020-05-20T03:34:25Z 2020-05-20T03:34:25Z 2016 Journal Article Chakraborti, A., Chattopadhyay, A., Muhammad Hassan, & Mridul Nandi. (2018). TriviA and uTriviA : two fast and secure authenticated encryption schemes. Journal of Cryptographic Engineering, 8(1), 29-48. doi:10.1007/s13389-016-0137-2 2190-8508 https://hdl.handle.net/10356/139518 10.1007/s13389-016-0137-2 2-s2.0-85044611641 1 8 29 48 en Journal of Cryptographic Engineering © 2016 Springer-Verlag Berlin Heidelberg. All rights reserved. |
institution |
Nanyang Technological University |
building |
NTU Library |
country |
Singapore |
collection |
DR-NTU |
language |
English |
topic |
Engineering::Computer science and engineering Trivium Stream Cipher |
spellingShingle |
Engineering::Computer science and engineering Trivium Stream Cipher Chakraborti, Avik Chattopadhyay, Anupam Muhammad Hassan Mridul Nandi TriviA and uTriviA : two fast and secure authenticated encryption schemes |
description |
In this paper, we propose two hardware optimized authenticated encryption schemes: TriviA-v2 and uTriviA. Both TriviA-v2, an efficient hardware optimization of TriviA-0-v1, and uTriviA are based on (i) a stream cipher for generating keys for the ciphertext and the tag, and (ii) a pairwise independent hash to compute the tag. We have adopted one of the ISO-standardized stream ciphers for lightweight cryptography, namely Trivium, to obtain our underlying stream cipher. The main structure of TriviA-v2 remains same as TriviA-0-v1, except some changes in the internal functions. The stream cipher used both in TriviA-v2 and uTriviA has a 384-bit state, slightly larger than Trivium, and can accommodate a 128-bit secret key and IV. TriviA-v2 uses a pairwise independent hash which is an adaptation of the EHC or “Encode-Hash-Combine” hash that requires the optimum number of field multiplications and hence requires small hardware footprint. uTriviA uses a pairwise independent hash which is an adaptation of the HC or “Hash-Combine” hash which is close to EHC but does not use any encode function. We prove that TriviA-v2 construction has at least 128-bit security for privacy and 124-bit security of authenticity under the assumption that the underlying stream cipher produces a pseudorandom bit stream. The uTriviA construction achieves at least 128-bit security for privacy and 93-bit security of authenticity under the same assumption. We have implemented the designs in synthesizable RTL. Pre-layout synthesis using 65 nm standard cell technology reveals that TriviA-v2 is able to achieve a high throughput of 65.9 Gbps for an area of 21.2 KGE, whereas TriviA-0-v1 achieved a much higher hardware area. The uTriviA design achieves a hardware area of only 16.74 KGE, which is lowest among all the TriviA variants but with a lower throughput of 36.76 Gbps. Finally, we provide a brief comparison between the three constructions TriviA-0-v1, TriviA-v2 and uTriviA and the other standard implementations in terms of hardware area-efficiency metric. |
author2 |
School of Computer Science and Engineering |
author_facet |
School of Computer Science and Engineering Chakraborti, Avik Chattopadhyay, Anupam Muhammad Hassan Mridul Nandi |
format |
Article |
author |
Chakraborti, Avik Chattopadhyay, Anupam Muhammad Hassan Mridul Nandi |
author_sort |
Chakraborti, Avik |
title |
TriviA and uTriviA : two fast and secure authenticated encryption schemes |
title_short |
TriviA and uTriviA : two fast and secure authenticated encryption schemes |
title_full |
TriviA and uTriviA : two fast and secure authenticated encryption schemes |
title_fullStr |
TriviA and uTriviA : two fast and secure authenticated encryption schemes |
title_full_unstemmed |
TriviA and uTriviA : two fast and secure authenticated encryption schemes |
title_sort |
trivia and utrivia : two fast and secure authenticated encryption schemes |
publishDate |
2020 |
url |
https://hdl.handle.net/10356/139518 |
_version_ |
1681059806107926528 |