Fast AES-based universal hash functions and MACs: featuring LeMac and Macs
Ultra-fast AES round-based software cryptographic authentication/encryption primitives have recently seen important developments, fuelled by the authenticated encryption competition CAESAR and the prospect of future high-profile applications such as post-5G telecommunication technology security stan...
Saved in:
| Main Authors: | , , , , , |
|---|---|
| Other Authors: | |
| Format: | Article |
| Language: | English |
| Published: |
2024
|
| Subjects: | |
| Online Access: | https://hdl.handle.net/10356/181651 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Nanyang Technological University |
| Language: | English |
| id |
sg-ntu-dr.10356-181651 |
|---|---|
| record_format |
dspace |
| spelling |
sg-ntu-dr.10356-1816512024-12-16T15:35:58Z Fast AES-based universal hash functions and MACs: featuring LeMac and Macs Bariant, Augustin Baudrin, Jules Leurent, Gaëtan Pernot, Clara Perrin, Léo Peyrin, Thomas School of Physical and Mathematical Sciences Mathematical Sciences Universal hash function Authentication Ultra-fast AES round-based software cryptographic authentication/encryption primitives have recently seen important developments, fuelled by the authenticated encryption competition CAESAR and the prospect of future high-profile applications such as post-5G telecommunication technology security standards. In particular, Universal Hash Functions (UHF) are crucial primitives used as core components in many popular modes of operation for various use-cases, such as Message Authentication Codes (MACs), authenticated encryption, wide block ciphers, etc. In this paper, we extend and improve upon existing design approaches and present a general framework for the construction of UHFs, relying only on the AES round function and 128-bit word-wide XORs. This framework, drawing inspiration from tweakable block ciphers design, allows both strong security arguments and extremely high throughput. The security with regards to differential cryptanalysis is guaranteed thanks to an optimized MILP modelling strategy, while performances are pushed to their limits with a deep study of the details of AES-NI software implementations. In particular, our framework not only takes into account the number of AES-round calls per message block, but also the very important role of XOR operations and the overall scheduling of the computations. We instantiate our findings with two concrete UHF candidates, both requiring only 2 AES rounds per 128-bit message block, and each used to construct two MACs. First, LeMac, a large-state primitive that is the fastest MAC as of today on modern Intel processors, reaching performances of 0.068 c/B on Intel Ice Lake (an improvement of 60% in throughput compared to the state-of-the-art). The second MAC construction, PetitMac, provides an interesting memory/throughput tradeoff, allowing good performances on many platforms. National Research Foundation (NRF) Published version This work was supported by the bilateral NRF/ANR grant SELECT (NRF-NRFI08- 2022-0013/ANR-20-CE48-0017). Thomas Peyrin is supported by the Singapore NRF Investigatorship grant (NRF-NRFI08-2022-0013). Augustin Bariant is supported by the French DGA. Léo Perrin is supported by the European Research Council (ERC, grant agreement no. 101041545 “ReSCALE”). This work was also supported by project Cryptanalyse from PEPR Cybersécurité (22-PECY-0010). 2024-12-11T08:24:45Z 2024-12-11T08:24:45Z 2024 Journal Article Bariant, A., Baudrin, J., Leurent, G., Pernot, C., Perrin, L. & Peyrin, T. (2024). Fast AES-based universal hash functions and MACs: featuring LeMac and Macs. IACR Transactions On Symmetric Cryptology, 2024(2), 35-67. https://dx.doi.org/10.46586/tosc.v2024.i2.35-67 2519-173X https://hdl.handle.net/10356/181651 10.46586/tosc.v2024.i2.35-67 2-s2.0-85202983094 2 2024 35 67 en NRF-NRFI08-2022-0013 IACR Transactions on Symmetric Cryptology © The Authors. Licensed under Creative Commons License CC-BY 4.0. application/pdf |
| institution |
Nanyang Technological University |
| building |
NTU Library |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
NTU Library |
| collection |
DR-NTU |
| language |
English |
| topic |
Mathematical Sciences Universal hash function Authentication |
| spellingShingle |
Mathematical Sciences Universal hash function Authentication Bariant, Augustin Baudrin, Jules Leurent, Gaëtan Pernot, Clara Perrin, Léo Peyrin, Thomas Fast AES-based universal hash functions and MACs: featuring LeMac and Macs |
| description |
Ultra-fast AES round-based software cryptographic authentication/encryption primitives have recently seen important developments, fuelled by the authenticated encryption competition CAESAR and the prospect of future high-profile applications such as post-5G telecommunication technology security standards. In particular, Universal Hash Functions (UHF) are crucial primitives used as core components in many popular modes of operation for various use-cases, such as Message Authentication Codes (MACs), authenticated encryption, wide block ciphers, etc. In this paper, we extend and improve upon existing design approaches and present a general framework for the construction of UHFs, relying only on the AES round function and 128-bit word-wide XORs. This framework, drawing inspiration from tweakable block ciphers design, allows both strong security arguments and extremely high throughput. The security with regards to differential cryptanalysis is guaranteed thanks to an optimized MILP modelling strategy, while performances are pushed to their limits with a deep study of the details of AES-NI software implementations. In particular, our framework not only takes into account the number of AES-round calls per message block, but also the very important role of XOR operations and the overall scheduling of the computations. We instantiate our findings with two concrete UHF candidates, both requiring only 2 AES rounds per 128-bit message block, and each used to construct two MACs. First, LeMac, a large-state primitive that is the fastest MAC as of today on modern Intel processors, reaching performances of 0.068 c/B on Intel Ice Lake (an improvement of 60% in throughput compared to the state-of-the-art). The second MAC construction, PetitMac, provides an interesting memory/throughput tradeoff, allowing good performances on many platforms. |
| author2 |
School of Physical and Mathematical Sciences |
| author_facet |
School of Physical and Mathematical Sciences Bariant, Augustin Baudrin, Jules Leurent, Gaëtan Pernot, Clara Perrin, Léo Peyrin, Thomas |
| format |
Article |
| author |
Bariant, Augustin Baudrin, Jules Leurent, Gaëtan Pernot, Clara Perrin, Léo Peyrin, Thomas |
| author_sort |
Bariant, Augustin |
| title |
Fast AES-based universal hash functions and MACs: featuring LeMac and Macs |
| title_short |
Fast AES-based universal hash functions and MACs: featuring LeMac and Macs |
| title_full |
Fast AES-based universal hash functions and MACs: featuring LeMac and Macs |
| title_fullStr |
Fast AES-based universal hash functions and MACs: featuring LeMac and Macs |
| title_full_unstemmed |
Fast AES-based universal hash functions and MACs: featuring LeMac and Macs |
| title_sort |
fast aes-based universal hash functions and macs: featuring lemac and macs |
| publishDate |
2024 |
| url |
https://hdl.handle.net/10356/181651 |
| _version_ |
1819113072168534016 |