International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

ESTATE: A Lightweight and Low Energy Authenticated Encryption Mode

Authors:
Avik Chakraborti , NTT Secure Platform Laboratories, Tokyo, Japan; Indian Statistical Institute, Kolkata, India
Nilanjan Datta , Indian Statistical Institute, Kolkata, India
Ashwin Jha , Indian Statistical Institute, Kolkata, India
Cuauhtemoc Mancillas-López , Computer Science Department, Center for Research and Advanced Studies of the National Polytechnic Institute (CINVESTAV-IPN), Mexico City, Mexico
Mridul Nandi , Indian Statistical Institute, Kolkata, India
Yu Sasaki , NTT Secure Platform Laboratories, Tokyo, Japan
Download:
DOI: 10.13154/tosc.v2020.iS1.350-389
URL: https://tosc.iacr.org/index.php/ToSC/article/view/8624
Search ePrint
Search Google
Abstract: NIST has recently initiated a standardization project for efficient lightweight authenticated encryption schemes. SUNDAE, a candidate in this project, achieves optimal state size which results in low circuit overhead on top of the underlying block cipher. In addition, SUNDAE provides security in nonce-misuse scenario as well. However, in addition to the block cipher circuit, SUNDAE also requires some additional circuitry for multiplication by a primitive element. Further, it requires an additional block cipher invocation to create the starting state. In this paper, we propose a new lightweight and low energy authenticated encryption family, called ESTATE, that significantly improves the design of SUNDAE in terms of implementation costs (both hardware area and energy) and efficient processing of short messages. In particular, ESTATE does not require an additional multiplication circuit, and it reduces the number of block cipher calls by one. Moreover, it provides integrity security even under the release of unverified plaintext (or RUP) model. ESTATE is based on short-tweak tweakable block ciphers (or tBC, small ’t’ denotes short tweaks) and we instantiate it with two recently designed tBCs: TweAES and TweGIFT. We also propose a low latency variant of ESTATE, called sESTATE, that uses a round-reduced (6 rounds) variant of TweAES called TweAES-6. We provide comprehensive FPGA based hardware implementation for all the three instances. The implementation results depict that ESTATE_TweGIFT-128 (681 LUTs, 263 slices) consumes much lesser area as compared to SUNDAE_GIFT-128 (931 LUTs, 310 slices). When we moved to the AES variants, along with the area-efficiency (ESTATE_TweAES consumes 1901 LUTs, 602 slices while SUNDAE_AES-128 needs 1922 LUTs, 614 slices), we also achieve higher throughput for short messages (For 16-byte message, a throughput of 1251.10 and 945.36 Mbps for ESTATE_TweAES and SUNDAE_AES-128 respectively).
Video from TOSC 2020
BibTeX
@article{tosc-2020-30517,
  title={ESTATE: A Lightweight and Low Energy Authenticated Encryption Mode},
  journal={IACR Transactions on Symmetric Cryptology},
  publisher={Ruhr-Universität Bochum},
  volume={2020, Special Issue 1},
  pages={350-389},
  url={https://tosc.iacr.org/index.php/ToSC/article/view/8624},
  doi={10.13154/tosc.v2020.iS1.350-389},
  author={Avik Chakraborti and Nilanjan Datta and Ashwin Jha and Cuauhtemoc Mancillas-López and Mridul Nandi and Yu Sasaki},
  year=2020
}