Design, analysis and implementation of hardware-oriented authenticated encryption
Lightweight cryptography is one the fastest growing areas in symmetric key cryptography. Its importance has increased due to applications such as pervasive computing and the Internet of Things (IoT). Among the goals of lightweight cryptography is authenticated encryption for constrained environments...
Saved in:
Main Author: | |
---|---|
Other Authors: | |
Format: | Thesis-Doctor of Philosophy |
Language: | English |
Published: |
Nanyang Technological University
2021
|
Subjects: | |
Online Access: | https://hdl.handle.net/10356/145739 |
Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
Institution: | Nanyang Technological University |
Language: | English |
id |
sg-ntu-dr.10356-145739 |
---|---|
record_format |
dspace |
spelling |
sg-ntu-dr.10356-1457392023-02-28T23:36:19Z Design, analysis and implementation of hardware-oriented authenticated encryption Khairallah, Mustafa [Mustafa Mahmoud Mohammed Kairallah] Anupam Chattopadhyay Thomas Peyrin School of Physical and Mathematical Sciences thomas.peyrin@ntu.edu.sg, anupam@ntu.edu.sg Science::Mathematics::Discrete mathematics::Cryptography Lightweight cryptography is one the fastest growing areas in symmetric key cryptography. Its importance has increased due to applications such as pervasive computing and the Internet of Things (IoT). Among the goals of lightweight cryptography is authenticated encryption for constrained environments. Tweakable block ciphers have been proposed around two decades ago as new more powerful primitives compared to traditional block ciphers. Essentially, they provide simpler schemes that easier to understand and provide higher security bounds. Over the last few years, they have gained a growing attention due to their promising security properties. However, they have been less studied in the context of lightweight cryptography. It is in this spirit that we need to study the use of tweakable block ciphers for lightweight authenticated encryption, especially applications targeted towards hardware acceleration. We show that tweakable block ciphers offer very efficient schemes. They achieve competitive performance, very small area and strong provable security with large margins. In the first part of this thesis, we study some of the hardware implementation aspects of symmetric key cryptography. We study the implementation of cryptanalytic attacks with a case study on SHA-1, showing that attacks with time complexity 2^64 ∼ 2^80 are practical, and discussing the different technologies that can be used to implement such attacks. We also study the hardware performance of the state-of-the-art tweakable block cipher-based mode ΘCB3. We show that some properties that are good for software performance, e.g. parallelism, are not necessarily helpful in case of hardware implementation. Then, we analyze the potential of tweakable block cipher-based schemes. We show that for a given security level and under certain assumptions, they can offer the most efficient schemes in terms of the security- area-performance trade-off. Afterwards, we describe a framework for studying a class of tweakable block cipher-based schemes. We apply our framework to two of the round 2 candidates of the lightweight standardization project initiated by the National Institute of Standards and Technology (NIST). We show gaps in the initial analyses provided by the designers. Last but not least, we provide two families of tweakable block cipher-based schemes. The first family is Romulus. Its members enjoy full 128-bit AEAD security based on standard Tweakable Pseudo-Random Permutation (TPRP) assumptions. It has variants that are either nonce-respecting or nonce-misuse resistant. Its main distinguishing feature is that there is no state overhead beyond the tweakable block cipher’s state. The second family is Remus. The tweakable block cipher used in Remus is built on top of a block cipher. It achieves flexible provable security between the birthday bound (64-bit security) and full 128-bit security based on the Ideal Cipher Model. The choice of the security level decides the state size, which ranges between 256 bits and 384 bits. Doctor of Philosophy 2021-01-06T08:29:54Z 2021-01-06T08:29:54Z 2021 Thesis-Doctor of Philosophy Khairallah, M. (2021). Design, analysis and implementation of hardware-oriented authenticated encryption. Singapore: Nanyang Technological University. https://hdl.handle.net/10356/145739 10.32657/10356/145739 en This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License (CC BY-NC 4.0). application/pdf Nanyang Technological University |
institution |
Nanyang Technological University |
building |
NTU Library |
continent |
Asia |
country |
Singapore Singapore |
content_provider |
NTU Library |
collection |
DR-NTU |
language |
English |
topic |
Science::Mathematics::Discrete mathematics::Cryptography |
spellingShingle |
Science::Mathematics::Discrete mathematics::Cryptography Khairallah, Mustafa [Mustafa Mahmoud Mohammed Kairallah] Design, analysis and implementation of hardware-oriented authenticated encryption |
description |
Lightweight cryptography is one the fastest growing areas in symmetric key cryptography. Its importance has increased due to applications such as pervasive computing and the Internet of Things (IoT). Among the goals of lightweight cryptography is authenticated encryption for constrained environments. Tweakable block ciphers have been proposed around two decades ago as new more powerful primitives compared to traditional block ciphers. Essentially, they provide simpler schemes that easier to understand and provide higher security bounds. Over the last few years, they have gained a growing attention due to their promising security properties. However, they have been less studied in the context of lightweight cryptography. It is in this spirit that we need to study the use of tweakable block ciphers for lightweight authenticated encryption, especially applications targeted towards hardware acceleration. We show that tweakable block ciphers offer very efficient schemes. They achieve competitive performance, very small area and strong provable security with large margins. In the first part of this thesis, we study some of the hardware implementation aspects of symmetric key cryptography. We study the implementation of cryptanalytic attacks with a case study on SHA-1, showing that attacks with time complexity 2^64 ∼ 2^80 are practical, and discussing the different technologies that can be used to implement such attacks. We also study the hardware performance of the state-of-the-art tweakable block cipher-based mode ΘCB3. We show that some properties that are good for software performance, e.g. parallelism, are not necessarily helpful in case of hardware implementation. Then, we analyze the potential of tweakable block cipher-based schemes. We show that for a given security level and under certain assumptions, they can offer the most efficient schemes in terms of the security- area-performance trade-off. Afterwards, we describe a framework for studying a class of tweakable block cipher-based schemes. We apply our framework to two of the round 2 candidates of the lightweight standardization project initiated by the National Institute of Standards and Technology (NIST). We show gaps in the initial analyses provided by the designers. Last but not least, we provide two families of tweakable block cipher-based schemes. The first family is Romulus. Its members enjoy full 128-bit AEAD security based on standard Tweakable Pseudo-Random Permutation (TPRP) assumptions. It has variants that are either nonce-respecting or nonce-misuse resistant. Its main distinguishing feature is that there is no state overhead beyond the tweakable block cipher’s state. The second family is Remus. The tweakable block cipher used in Remus is built on top of a block cipher. It achieves flexible provable security between the birthday bound (64-bit security) and full 128-bit security based on the Ideal Cipher Model. The choice of the security level decides the state size, which ranges between 256 bits and 384 bits. |
author2 |
Anupam Chattopadhyay |
author_facet |
Anupam Chattopadhyay Khairallah, Mustafa [Mustafa Mahmoud Mohammed Kairallah] |
format |
Thesis-Doctor of Philosophy |
author |
Khairallah, Mustafa [Mustafa Mahmoud Mohammed Kairallah] |
author_sort |
Khairallah, Mustafa [Mustafa Mahmoud Mohammed Kairallah] |
title |
Design, analysis and implementation of hardware-oriented authenticated encryption |
title_short |
Design, analysis and implementation of hardware-oriented authenticated encryption |
title_full |
Design, analysis and implementation of hardware-oriented authenticated encryption |
title_fullStr |
Design, analysis and implementation of hardware-oriented authenticated encryption |
title_full_unstemmed |
Design, analysis and implementation of hardware-oriented authenticated encryption |
title_sort |
design, analysis and implementation of hardware-oriented authenticated encryption |
publisher |
Nanyang Technological University |
publishDate |
2021 |
url |
https://hdl.handle.net/10356/145739 |
_version_ |
1759853914970128384 |