ICEPOLE: High-Speed, Hardware-Oriented Authenticated Encryption

Morawiecki, Pawel; Gaj, Kris; Homsirikamol, Ekawat; Matusiewicz, Krystian; Pieprzyk, Josef; Rogawski, Marcin; Srebrny, Marian; Wójcik, Marcin

doi:10.1007/978-3-662-44709-3_22

Cited by 22 publications

(26 citation statements)

References 17 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Some of the available implementations are in the original documents of ICEPOLE [37] and SCREAM [21]. Cryptographic Engineering Research Group of George Mason University maintains a website [1] with results for some CAESAR submissions such as Deoxys [29], Ascon [18], PAEQ [14], ICEPOLE, Joltik [30], POET [6], CLOC [26], Keyac [13], OCB [32], PRIMATEs in its versions GIBBON and HANUMAN [8] and AES-COPA [10].…”

Section: B Hardware Implementation Of Authenticated Encryptionmentioning

confidence: 99%

ELmD: A Pipelineable Authenticated Encryption and Its Hardware Implementation

Bossuet

Datta

Mancillas-López

et al. 2016

IEEE Trans. Comput.

View full text Add to dashboard Cite

International audienceAuthenticated encryption schemes which resist misuse of nonce at some desired level of privacy are two-pass or Macthen- Encrypt constructions (inherently inefficient but provide full privacy) and online constructions like McOE, sponge-type authenticated encryptions (such as duplex) and COPA. Only the last one is almost parallelizable except that for associated data processing, the final block-cipher call is sequential (it needs to wait for the encryption of all the previous ones). In this paper, we design a new online secure authenticated encryption, called ELmD or Encrypt-Linear mix-Decrypt, which is completely (two-stage) parallel (even in associated data) and fully pipeline implementable. It also provides full privacy when associated data is not repeated. Like COPA, our construction is based on EME, an Encrypt-Mix-Encrypt type SPRP construction (secure against chosen plaintext and ciphertext). But unlike EME, we have used an online computable efficient linear mixing instead of a non-linear mixing. We have also provided the hardware implementation of the construction and compare the performance with similar constructions like COPA and EME2

show abstract

Section: B Hardware Implementation Of Authenticated Encryptionmentioning

confidence: 99%

ELmD: A Pipelineable Authenticated Encryption and Its Hardware Implementation

Bossuet

Datta

Mancillas-López

et al. 2016

IEEE Trans. Comput.

View full text Add to dashboard Cite

show abstract

“…There are standardized AESbased implementations [13], [16] and CAESAR candidates based on sponge constructions [2], [3], [18] and block ciphers [17], [15], [14] depicted. It seems that ASCON provides, together with Keccak MonkeyDuplex [18], excellent performance per area.…”

Section: A Related Workmentioning

confidence: 99%

“…All AES implementations are a magnitude slower than even the slowest ASCON-fast implementation. Only Norx [2] and ICEPOLE [3] achieve similar or higher performance. However, Norx is more than twice as large (59 kGE) as the largest ASCON design (26 kGE).…”

Section: A Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Suit up! -- Made-to-Measure Hardware Implementations of ASCON

Groß

Wenger

Dobraunig

et al. 2015

2015 Euromicro Conference on Digital System Design

View full text Add to dashboard Cite

Abstract-Having ciphers that provide confidentiality and authenticity, that are fast in software and efficient in hardware, these are the goals of the CAESAR authenticated encryption competition. In this paper, the promising CAESAR candidate ASCON is implemented in hardware and optimized for different typical applications to fully explore ASCON's design space. Thus, we are able to present hardware implementations of Ascon suitable for RFID tags, Wireless Sensor Nodes, Embedded Systems, and applications that need maximum performance. For instance, we show that an ASCON implementation with a single unrolled round transformation is only 7 kGE large, but can process up to 5.5 Gbit/sec of data (0.75 cycles/byte), which is already enough to encrypt a Gigabit Ethernet connection. Besides, ASCON is not only fast and small, it can also be easily protected against DPA attacks. A threshold implementation of ASCON just requires about 8 kGE of chip area, which is only 3.1 times larger than the unprotected low-area optimized implementation.

show abstract

“…Schemes1: Minalpher [55] OAE1d Leaks equality of block-aligned prefixes and the XOR of the block directly following this prefix. E.g., if , [53], ICEPOLE [46], iFeed [62], Jambu [60], Keyak [18], MORUS [61], NORX [13], STRIBOB [54] OAE0a Retains full security as long as all ( , ) pairs are unique among the encryption queries. If a pair repeats, all privacy is lost, but authenticity remains unchanged.…”

Section: Oae1mentioning

confidence: 99%

Online Authenticated-Encryption and its Nonce-Reuse Misuse-Resistance

Hoang

Reyhanitabar

Rogaway

et al. 2015

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract.A definition of online authenticated-encryption (OAE), call it OAE1, was given by Fleischmann, Forler, and Lucks (2012). It has become a popular definitional target because, despite allowing encryption to be online, security is supposed to be maintained even if nonces get reused. We argue that this expectation is effectively wrong. OAE1 security has also been claimed to capture best-possible security for any online-AE scheme. We claim that this understanding is wrong, too. So motivated, we redefine OAE-security, providing a radically different formulation, OAE2. The new notion effectively does capture best-possible security for a user's choice of plaintext segmentation and ciphertext expansion. It is achievable by simple techniques from standard tools. Yet even for OAE2, nonce-reuse can still be devastating. The picture to emerge is that no OAE definition can meaningfully tolerate nonce-reuse, but, at the same time, OAE security ought never have been understood to turn on this question.

show abstract

ICEPOLE: High-Speed, Hardware-Oriented Authenticated Encryption

Cited by 22 publications

References 17 publications

ELmD: A Pipelineable Authenticated Encryption and Its Hardware Implementation

ELmD: A Pipelineable Authenticated Encryption and Its Hardware Implementation

Suit up! -- Made-to-Measure Hardware Implementations of ASCON

Online Authenticated-Encryption and its Nonce-Reuse Misuse-Resistance

Contact Info

Product

Resources

About