Duel of the titans : the Romulus and Remus families of lightweight AEAD algorithms

In this article, we propose two new families of very lightweight and efficient authenticated encryption with associated data (AEAD) modes, Romulus and Remus, that provide security beyond the birthday bound with respect to the block-length n. The former uses a tweakable block cipher (TBC) as internal...

Full description

Saved in:
Bibliographic Details
Main Authors: Iwata, Tetsu, Khairallah, Mustafa, Minematsu, Kazuhiko, Peyrin, Thomas
Other Authors: School of Physical and Mathematical Sciences
Format: Article
Language:English
Published: 2020
Subjects:
Online Access:https://hdl.handle.net/10356/145111
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Nanyang Technological University
Language: English
id sg-ntu-dr.10356-145111
record_format dspace
spelling sg-ntu-dr.10356-1451112023-02-28T19:35:13Z Duel of the titans : the Romulus and Remus families of lightweight AEAD algorithms Iwata, Tetsu Khairallah, Mustafa Minematsu, Kazuhiko Peyrin, Thomas School of Physical and Mathematical Sciences Temasek Laboratories @ NTU Science::Mathematics Romulus and Remus Authenticated Encryption In this article, we propose two new families of very lightweight and efficient authenticated encryption with associated data (AEAD) modes, Romulus and Remus, that provide security beyond the birthday bound with respect to the block-length n. The former uses a tweakable block cipher (TBC) as internal primitive and can be proven secure in the standard model. The later uses a block cipher (BC) as internal primitive and can be proven secure in the ideal cipher model. Both our modes allow to switch very easily from the nonce-respecting to the nonce-misuse scenario. Previous constructions, such as ΘCB3, are quite computationally efficient, yet needing a large memory for implementation, which makes them unsuitable for platforms where lightweight cryptography should play a key role. Romulus and Remus break this barrier by introducing a new architecture evolved from a BC mode COFB. They achieve the best of what can be possible with TBC – the optimal computational efficiency (rate-1 operation) and the minimum state size of a TBC mode (i.e., (n + t)-bit for n-bit block, t-bit tweak TBC), with almost equivalent provable security as ΘCB3. Actually, our comparisons show that both our designs present superior performances when compared to all other recent lightweight AEAD modes, being BC-based, TBC-based or sponge-based, in the nonce-respecting or nonce-misuse scenario. We eventually describe how to instantiate Romulus and Remus modes using the Skinny lightweight tweakable block cipher proposed at CRYPTO 2016, including the hardware implementation results. Nanyang Technological University Published version The second and fourth authors are supported by Temasek Laboratories, Singapore. 2020-12-11T05:11:45Z 2020-12-11T05:11:45Z 2020 Journal Article Iwata, T., Khairallah, M., Minematsu, K., & Peyrin, T. (2020). Duel of the titans : the Romulus and Remus families of lightweight AEAD algorithms. IACR Transactions on Symmetric Cryptology, 2020(1), 43-120. doi:10.13154/tosc.v2020.i1.43-120 2519-173X https://hdl.handle.net/10356/145111 10.13154/tosc.v2020.i1.43-120 1 2020 43 120 en IACR Transactions on Symmetric Cryptology © 2020 Tetsu Iwata, Mustafa Khairallah, Kazuhiko Minematsu, Thomas Peyrin. This work is licensed under a Creative Commons Attribution 4.0 International License. application/pdf
institution Nanyang Technological University
building NTU Library
continent Asia
country Singapore
Singapore
content_provider NTU Library
collection DR-NTU
language English
topic Science::Mathematics
Romulus and Remus
Authenticated Encryption
spellingShingle Science::Mathematics
Romulus and Remus
Authenticated Encryption
Iwata, Tetsu
Khairallah, Mustafa
Minematsu, Kazuhiko
Peyrin, Thomas
Duel of the titans : the Romulus and Remus families of lightweight AEAD algorithms
description In this article, we propose two new families of very lightweight and efficient authenticated encryption with associated data (AEAD) modes, Romulus and Remus, that provide security beyond the birthday bound with respect to the block-length n. The former uses a tweakable block cipher (TBC) as internal primitive and can be proven secure in the standard model. The later uses a block cipher (BC) as internal primitive and can be proven secure in the ideal cipher model. Both our modes allow to switch very easily from the nonce-respecting to the nonce-misuse scenario. Previous constructions, such as ΘCB3, are quite computationally efficient, yet needing a large memory for implementation, which makes them unsuitable for platforms where lightweight cryptography should play a key role. Romulus and Remus break this barrier by introducing a new architecture evolved from a BC mode COFB. They achieve the best of what can be possible with TBC – the optimal computational efficiency (rate-1 operation) and the minimum state size of a TBC mode (i.e., (n + t)-bit for n-bit block, t-bit tweak TBC), with almost equivalent provable security as ΘCB3. Actually, our comparisons show that both our designs present superior performances when compared to all other recent lightweight AEAD modes, being BC-based, TBC-based or sponge-based, in the nonce-respecting or nonce-misuse scenario. We eventually describe how to instantiate Romulus and Remus modes using the Skinny lightweight tweakable block cipher proposed at CRYPTO 2016, including the hardware implementation results.
author2 School of Physical and Mathematical Sciences
author_facet School of Physical and Mathematical Sciences
Iwata, Tetsu
Khairallah, Mustafa
Minematsu, Kazuhiko
Peyrin, Thomas
format Article
author Iwata, Tetsu
Khairallah, Mustafa
Minematsu, Kazuhiko
Peyrin, Thomas
author_sort Iwata, Tetsu
title Duel of the titans : the Romulus and Remus families of lightweight AEAD algorithms
title_short Duel of the titans : the Romulus and Remus families of lightweight AEAD algorithms
title_full Duel of the titans : the Romulus and Remus families of lightweight AEAD algorithms
title_fullStr Duel of the titans : the Romulus and Remus families of lightweight AEAD algorithms
title_full_unstemmed Duel of the titans : the Romulus and Remus families of lightweight AEAD algorithms
title_sort duel of the titans : the romulus and remus families of lightweight aead algorithms
publishDate 2020
url https://hdl.handle.net/10356/145111
_version_ 1759855992750735360