TriviA and uTriviA : two fast and secure authenticated encryption schemes

In this paper, we propose two hardware optimized authenticated encryption schemes: TriviA-v2 and uTriviA. Both TriviA-v2, an efficient hardware optimization of TriviA-0-v1, and uTriviA are based on (i) a stream cipher for generating keys for the ciphertext and the tag, and (ii) a pairwise independen...

Full description

Saved in:
Bibliographic Details
Main Authors: Chakraborti, Avik, Chattopadhyay, Anupam, Muhammad Hassan, Mridul Nandi
Other Authors: School of Computer Science and Engineering
Format: Article
Language:English
Published: 2020
Subjects:
Online Access:https://hdl.handle.net/10356/139518
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Nanyang Technological University
Language: English
id sg-ntu-dr.10356-139518
record_format dspace
spelling sg-ntu-dr.10356-1395182020-05-20T03:34:25Z TriviA and uTriviA : two fast and secure authenticated encryption schemes Chakraborti, Avik Chattopadhyay, Anupam Muhammad Hassan Mridul Nandi School of Computer Science and Engineering Engineering::Computer science and engineering Trivium Stream Cipher In this paper, we propose two hardware optimized authenticated encryption schemes: TriviA-v2 and uTriviA. Both TriviA-v2, an efficient hardware optimization of TriviA-0-v1, and uTriviA are based on (i) a stream cipher for generating keys for the ciphertext and the tag, and (ii) a pairwise independent hash to compute the tag. We have adopted one of the ISO-standardized stream ciphers for lightweight cryptography, namely Trivium, to obtain our underlying stream cipher. The main structure of TriviA-v2 remains same as TriviA-0-v1, except some changes in the internal functions. The stream cipher used both in TriviA-v2 and uTriviA has a 384-bit state, slightly larger than Trivium, and can accommodate a 128-bit secret key and IV. TriviA-v2 uses a pairwise independent hash which is an adaptation of the EHC or “Encode-Hash-Combine” hash that requires the optimum number of field multiplications and hence requires small hardware footprint. uTriviA uses a pairwise independent hash which is an adaptation of the HC or “Hash-Combine” hash which is close to EHC but does not use any encode function. We prove that TriviA-v2 construction has at least 128-bit security for privacy and 124-bit security of authenticity under the assumption that the underlying stream cipher produces a pseudorandom bit stream. The uTriviA construction achieves at least 128-bit security for privacy and 93-bit security of authenticity under the same assumption. We have implemented the designs in synthesizable RTL. Pre-layout synthesis using 65 nm standard cell technology reveals that TriviA-v2 is able to achieve a high throughput of 65.9 Gbps for an area of 21.2 KGE, whereas TriviA-0-v1 achieved a much higher hardware area. The uTriviA design achieves a hardware area of only 16.74 KGE, which is lowest among all the TriviA variants but with a lower throughput of 36.76 Gbps. Finally, we provide a brief comparison between the three constructions TriviA-0-v1, TriviA-v2 and uTriviA and the other standard implementations in terms of hardware area-efficiency metric. 2020-05-20T03:34:25Z 2020-05-20T03:34:25Z 2016 Journal Article Chakraborti, A., Chattopadhyay, A., Muhammad Hassan, & Mridul Nandi. (2018). TriviA and uTriviA : two fast and secure authenticated encryption schemes. Journal of Cryptographic Engineering, 8(1), 29-48. doi:10.1007/s13389-016-0137-2 2190-8508 https://hdl.handle.net/10356/139518 10.1007/s13389-016-0137-2 2-s2.0-85044611641 1 8 29 48 en Journal of Cryptographic Engineering © 2016 Springer-Verlag Berlin Heidelberg. All rights reserved.
institution Nanyang Technological University
building NTU Library
country Singapore
collection DR-NTU
language English
topic Engineering::Computer science and engineering
Trivium
Stream Cipher
spellingShingle Engineering::Computer science and engineering
Trivium
Stream Cipher
Chakraborti, Avik
Chattopadhyay, Anupam
Muhammad Hassan
Mridul Nandi
TriviA and uTriviA : two fast and secure authenticated encryption schemes
description In this paper, we propose two hardware optimized authenticated encryption schemes: TriviA-v2 and uTriviA. Both TriviA-v2, an efficient hardware optimization of TriviA-0-v1, and uTriviA are based on (i) a stream cipher for generating keys for the ciphertext and the tag, and (ii) a pairwise independent hash to compute the tag. We have adopted one of the ISO-standardized stream ciphers for lightweight cryptography, namely Trivium, to obtain our underlying stream cipher. The main structure of TriviA-v2 remains same as TriviA-0-v1, except some changes in the internal functions. The stream cipher used both in TriviA-v2 and uTriviA has a 384-bit state, slightly larger than Trivium, and can accommodate a 128-bit secret key and IV. TriviA-v2 uses a pairwise independent hash which is an adaptation of the EHC or “Encode-Hash-Combine” hash that requires the optimum number of field multiplications and hence requires small hardware footprint. uTriviA uses a pairwise independent hash which is an adaptation of the HC or “Hash-Combine” hash which is close to EHC but does not use any encode function. We prove that TriviA-v2 construction has at least 128-bit security for privacy and 124-bit security of authenticity under the assumption that the underlying stream cipher produces a pseudorandom bit stream. The uTriviA construction achieves at least 128-bit security for privacy and 93-bit security of authenticity under the same assumption. We have implemented the designs in synthesizable RTL. Pre-layout synthesis using 65 nm standard cell technology reveals that TriviA-v2 is able to achieve a high throughput of 65.9 Gbps for an area of 21.2 KGE, whereas TriviA-0-v1 achieved a much higher hardware area. The uTriviA design achieves a hardware area of only 16.74 KGE, which is lowest among all the TriviA variants but with a lower throughput of 36.76 Gbps. Finally, we provide a brief comparison between the three constructions TriviA-0-v1, TriviA-v2 and uTriviA and the other standard implementations in terms of hardware area-efficiency metric.
author2 School of Computer Science and Engineering
author_facet School of Computer Science and Engineering
Chakraborti, Avik
Chattopadhyay, Anupam
Muhammad Hassan
Mridul Nandi
format Article
author Chakraborti, Avik
Chattopadhyay, Anupam
Muhammad Hassan
Mridul Nandi
author_sort Chakraborti, Avik
title TriviA and uTriviA : two fast and secure authenticated encryption schemes
title_short TriviA and uTriviA : two fast and secure authenticated encryption schemes
title_full TriviA and uTriviA : two fast and secure authenticated encryption schemes
title_fullStr TriviA and uTriviA : two fast and secure authenticated encryption schemes
title_full_unstemmed TriviA and uTriviA : two fast and secure authenticated encryption schemes
title_sort trivia and utrivia : two fast and secure authenticated encryption schemes
publishDate 2020
url https://hdl.handle.net/10356/139518
_version_ 1681059806107926528