Design, analysis and implementation of hardware-oriented authenticated encryption

Lightweight cryptography is one the fastest growing areas in symmetric key cryptography. Its importance has increased due to applications such as pervasive computing and the Internet of Things (IoT). Among the goals of lightweight cryptography is authenticated encryption for constrained environments...

Full description

Saved in:
Bibliographic Details
Main Author: Khairallah, Mustafa [Mustafa Mahmoud Mohammed Kairallah]
Other Authors: Anupam Chattopadhyay
Format: Thesis-Doctor of Philosophy
Language:English
Published: Nanyang Technological University 2021
Subjects:
Online Access:https://hdl.handle.net/10356/145739
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Nanyang Technological University
Language: English
id sg-ntu-dr.10356-145739
record_format dspace
spelling sg-ntu-dr.10356-1457392023-02-28T23:36:19Z Design, analysis and implementation of hardware-oriented authenticated encryption Khairallah, Mustafa [Mustafa Mahmoud Mohammed Kairallah] Anupam Chattopadhyay Thomas Peyrin School of Physical and Mathematical Sciences thomas.peyrin@ntu.edu.sg, anupam@ntu.edu.sg Science::Mathematics::Discrete mathematics::Cryptography Lightweight cryptography is one the fastest growing areas in symmetric key cryptography. Its importance has increased due to applications such as pervasive computing and the Internet of Things (IoT). Among the goals of lightweight cryptography is authenticated encryption for constrained environments. Tweakable block ciphers have been proposed around two decades ago as new more powerful primitives compared to traditional block ciphers. Essentially, they provide simpler schemes that easier to understand and provide higher security bounds. Over the last few years, they have gained a growing attention due to their promising security properties. However, they have been less studied in the context of lightweight cryptography. It is in this spirit that we need to study the use of tweakable block ciphers for lightweight authenticated encryption, especially applications targeted towards hardware acceleration. We show that tweakable block ciphers offer very efficient schemes. They achieve competitive performance, very small area and strong provable security with large margins. In the first part of this thesis, we study some of the hardware implementation aspects of symmetric key cryptography. We study the implementation of cryptanalytic attacks with a case study on SHA-1, showing that attacks with time complexity 2^64 ∼ 2^80 are practical, and discussing the different technologies that can be used to implement such attacks. We also study the hardware performance of the state-of-the-art tweakable block cipher-based mode ΘCB3. We show that some properties that are good for software performance, e.g. parallelism, are not necessarily helpful in case of hardware implementation. Then, we analyze the potential of tweakable block cipher-based schemes. We show that for a given security level and under certain assumptions, they can offer the most efficient schemes in terms of the security- area-performance trade-off. Afterwards, we describe a framework for studying a class of tweakable block cipher-based schemes. We apply our framework to two of the round 2 candidates of the lightweight standardization project initiated by the National Institute of Standards and Technology (NIST). We show gaps in the initial analyses provided by the designers. Last but not least, we provide two families of tweakable block cipher-based schemes. The first family is Romulus. Its members enjoy full 128-bit AEAD security based on standard Tweakable Pseudo-Random Permutation (TPRP) assumptions. It has variants that are either nonce-respecting or nonce-misuse resistant. Its main distinguishing feature is that there is no state overhead beyond the tweakable block cipher’s state. The second family is Remus. The tweakable block cipher used in Remus is built on top of a block cipher. It achieves flexible provable security between the birthday bound (64-bit security) and full 128-bit security based on the Ideal Cipher Model. The choice of the security level decides the state size, which ranges between 256 bits and 384 bits. Doctor of Philosophy 2021-01-06T08:29:54Z 2021-01-06T08:29:54Z 2021 Thesis-Doctor of Philosophy Khairallah, M. (2021). Design, analysis and implementation of hardware-oriented authenticated encryption. Singapore: Nanyang Technological University. https://hdl.handle.net/10356/145739 10.32657/10356/145739 en This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License (CC BY-NC 4.0). application/pdf Nanyang Technological University
institution Nanyang Technological University
building NTU Library
continent Asia
country Singapore
Singapore
content_provider NTU Library
collection DR-NTU
language English
topic Science::Mathematics::Discrete mathematics::Cryptography
spellingShingle Science::Mathematics::Discrete mathematics::Cryptography
Khairallah, Mustafa [Mustafa Mahmoud Mohammed Kairallah]
Design, analysis and implementation of hardware-oriented authenticated encryption
description Lightweight cryptography is one the fastest growing areas in symmetric key cryptography. Its importance has increased due to applications such as pervasive computing and the Internet of Things (IoT). Among the goals of lightweight cryptography is authenticated encryption for constrained environments. Tweakable block ciphers have been proposed around two decades ago as new more powerful primitives compared to traditional block ciphers. Essentially, they provide simpler schemes that easier to understand and provide higher security bounds. Over the last few years, they have gained a growing attention due to their promising security properties. However, they have been less studied in the context of lightweight cryptography. It is in this spirit that we need to study the use of tweakable block ciphers for lightweight authenticated encryption, especially applications targeted towards hardware acceleration. We show that tweakable block ciphers offer very efficient schemes. They achieve competitive performance, very small area and strong provable security with large margins. In the first part of this thesis, we study some of the hardware implementation aspects of symmetric key cryptography. We study the implementation of cryptanalytic attacks with a case study on SHA-1, showing that attacks with time complexity 2^64 ∼ 2^80 are practical, and discussing the different technologies that can be used to implement such attacks. We also study the hardware performance of the state-of-the-art tweakable block cipher-based mode ΘCB3. We show that some properties that are good for software performance, e.g. parallelism, are not necessarily helpful in case of hardware implementation. Then, we analyze the potential of tweakable block cipher-based schemes. We show that for a given security level and under certain assumptions, they can offer the most efficient schemes in terms of the security- area-performance trade-off. Afterwards, we describe a framework for studying a class of tweakable block cipher-based schemes. We apply our framework to two of the round 2 candidates of the lightweight standardization project initiated by the National Institute of Standards and Technology (NIST). We show gaps in the initial analyses provided by the designers. Last but not least, we provide two families of tweakable block cipher-based schemes. The first family is Romulus. Its members enjoy full 128-bit AEAD security based on standard Tweakable Pseudo-Random Permutation (TPRP) assumptions. It has variants that are either nonce-respecting or nonce-misuse resistant. Its main distinguishing feature is that there is no state overhead beyond the tweakable block cipher’s state. The second family is Remus. The tweakable block cipher used in Remus is built on top of a block cipher. It achieves flexible provable security between the birthday bound (64-bit security) and full 128-bit security based on the Ideal Cipher Model. The choice of the security level decides the state size, which ranges between 256 bits and 384 bits.
author2 Anupam Chattopadhyay
author_facet Anupam Chattopadhyay
Khairallah, Mustafa [Mustafa Mahmoud Mohammed Kairallah]
format Thesis-Doctor of Philosophy
author Khairallah, Mustafa [Mustafa Mahmoud Mohammed Kairallah]
author_sort Khairallah, Mustafa [Mustafa Mahmoud Mohammed Kairallah]
title Design, analysis and implementation of hardware-oriented authenticated encryption
title_short Design, analysis and implementation of hardware-oriented authenticated encryption
title_full Design, analysis and implementation of hardware-oriented authenticated encryption
title_fullStr Design, analysis and implementation of hardware-oriented authenticated encryption
title_full_unstemmed Design, analysis and implementation of hardware-oriented authenticated encryption
title_sort design, analysis and implementation of hardware-oriented authenticated encryption
publisher Nanyang Technological University
publishDate 2021
url https://hdl.handle.net/10356/145739
_version_ 1759853914970128384