Performance comparison of AES-GCM-SIV and AES-GCM algorithms for authenticated encryption on FPGA platforms

Authenticated encryption schemes achieve both authentication and encryption in one algorithm and are a must for ensuring security of devices today. In this regard, we investigate architectures for a recently proposed algorithm, AES-GCM-SIV, which achieves complete nonce-misuse resistance. We present detailed architectures for AES-GCM-SIV and contrast with that of an existing standard, AES-GCM. We use modern FPGA platforms for our implementation and discuss the hardware performance in terms of area, throughput, power and energy. Proposed optimizations are implemented and compared with unoptimized architectures. Our observations show that AES-GCM-SIV is able to achieve about 95% of the performance of AES-GCM in terms of throughput while consuming only about 4% more area in terms of LUT count and energy per bit. For this added overhead, it provides better security in terms of nonce-misuse resistance and greater flexibility with respect to reusability of main components of AES-GCM. To the best of our knowledge, this is the first paper which discusses a hardware implementation of AES-GCM-SIV.

[1]  David Canright,et al.  A Very Compact S-Box for AES , 2005, CHES.

[2]  Kris Gaj,et al.  CAESAR Hardware API , 2016, IACR Cryptol. ePrint Arch..

[3]  Sandhya Koteshwara,et al.  FPGA implementation and comparison of AES-GCM and Deoxys authenticated encryption schemes , 2017, 2017 IEEE International Symposium on Circuits and Systems (ISCAS).

[4]  Akashi Satoh,et al.  A Compact Rijndael Hardware Architecture with S-Box Optimization , 2001, ASIACRYPT.

[5]  Vijay Kumar,et al.  Efficient Rijndael Encryption Implementation with Composite Field Arithmetic , 2001, CHES.

[6]  Vincent Rijmen,et al.  The Design of Rijndael: AES - The Advanced Encryption Standard , 2002 .

[7]  Phillip Rogaway,et al.  Authenticated-encryption with associated-data , 2002, CCS '02.

[8]  Keshab K. Parhi,et al.  On the Optimum Constructions of Composite Field for the AES Algorithm , 2006, IEEE Transactions on Circuits and Systems II: Express Briefs.

[9]  Yehuda Lindell,et al.  GCM-SIV: Full Nonce Misuse-Resistant Authenticated Encryption at Under One Cycle per Byte , 2015, CCS.

[10]  Debdeep Mukhopadhyay,et al.  Security analysis of concurrent error detection against differential fault analysis , 2014, Journal of Cryptographic Engineering.

[11]  D. McGrew,et al.  The Galois/Counter Mode of Operation (GCM) , 2005 .

[12]  Keshab K. Parhi,et al.  Implementation approaches for the Advanced Encryption Standard algorithm , 2002 .

[13]  Israel Koren,et al.  Countermeasures against EM analysis for a secured FPGA-based AES implementation , 2013, 2013 International Conference on Reconfigurable Computing and FPGAs (ReConFig).

[14]  Sandhya Koteshwara,et al.  Comparative Study of Authenticated Encryption Targeting Lightweight IoT Applications , 2017, IEEE Design & Test.

[15]  Alexis Bonnecaze,et al.  AES side-channel countermeasure using random tower field constructions , 2013, Des. Codes Cryptogr..

[16]  Juraj Somorovsky,et al.  Nonce-Disrespecting Adversaries: Practical Forgery Attacks on GCM in TLS , 2016, WOOT.

[17]  Wei Zhao,et al.  FPGA based optimization for masked AES implementation , 2011, 2011 IEEE 54th International Midwest Symposium on Circuits and Systems (MWSCAS).

[18]  Gang Zhou,et al.  Efficient and High-Throughput Implementations of AES-GCM on FPGAs , 2007, 2007 International Conference on Field-Programmable Technology.

[19]  Gang Zhou,et al.  Improving Throughput of AES-GCM with Pipelined Karatsuba Multipliers on FPGAs , 2009, ARC.

[20]  Christof Paar,et al.  Dietary Recommendations for Lightweight Block Ciphers: Power, Energy and Area Analysis of Recently Developed Architectures , 2013, RFIDSec.