A MAC Mode for Lightweight Block Ciphers

Lightweight cryptography strives to protect communication in constrained environments without sacrificing security. However, security often conflicts with efficiency, shown by the fact that many new lightweight block cipher designs have block sizes as low as 64 or 32 bits. Such low block sizes lead to impractical limits on how much data a mode of operation can process per key. MAC message authentication code modes of operation frequently have bounds which degrade with both the number of messages queried and the message length. We present a MAC mode of operation, LightMAC, where the message length has no effect on the security bound, allowing an order of magnitude more data to be processed per key. Furthermore, LightMAC is incredibly simple, has almost no overhead over the block cipher, and is parallelizable. As a result, LightMAC not only offers compact authentication for resource-constrained platforms, but also allows high-performance parallel implementations. We highlight this in a comprehensive implementation study, instantiating LightMAC with PRESENT and the AES. Moreover, LightMAC allows flexible trade-offs between rate and maximum message length. Unlike PMAC and its many derivatives, LightMAC is not covered by patents. Altogether, this makes it a promising authentication primitive for a wide range of platforms and use cases.

[1]  Jongsung Kim,et al.  HIGHT: A New Block Cipher Suitable for Low-Resource Device , 2006, CHES.

[2]  Mridul Nandi,et al.  Improved security analysis of PMAC , 2007, J. Math. Cryptol..

[3]  Jason Smith,et al.  The SIMON and SPECK Families of Lightweight Block Ciphers , 2013, IACR Cryptol. ePrint Arch..

[4]  Kan Yasuda,et al.  PMAC with Parity: Minimizing the Query-Length Influence , 2012, CT-RSA.

[5]  Kazue Sako,et al.  Advances in Cryptology – ASIACRYPT 2012 , 2012, Lecture Notes in Computer Science.

[6]  Thomas Peyrin,et al.  The LED Block Cipher , 2011, IACR Cryptol. ePrint Arch..

[7]  Krzysztof Pietrzak,et al.  A Tight Bound for EMAC , 2006, ICALP.

[8]  Kazue Sako,et al.  Advances in cryptology -- ASIACRYPT 2012 : 18th International Conference on the Theory and Application of Cryptology and Information Security, Beijing, China, December 2-6 2012 : proceedings , 2012 .

[9]  Wenling Wu,et al.  LBlock: A Lightweight Block Cipher , 2011, ACNS.

[10]  Jian Guo,et al.  Implementing Lightweight Block Ciphers on x86 Architectures , 2013, IACR Cryptol. ePrint Arch..

[11]  Ingrid Verbauwhede,et al.  Chaskey: An Efficient MAC Algorithm for 32-bit Microcontrollers , 2014, Selected Areas in Cryptography.

[12]  François-Xavier Standaert,et al.  Improving the security and efficiency of block ciphers based on LS-designs , 2016, Designs, Codes and Cryptography.

[13]  Bo Zhu,et al.  The Simeck Family of Lightweight Block Ciphers , 2015, CHES.

[14]  Noen Given RECTANGLE : A Bit-slice Lightweight Block Cipher Suitable for Multiple Platforms , 2015 .

[15]  Dongdai Lin,et al.  RECTANGLE: A Bit-slice Ultra-Lightweight Block Cipher Suitable for Multiple Platforms , 2014, IACR Cryptol. ePrint Arch..

[16]  S. Kyoji,et al.  Piccolo: An Ultra-Lightweight Blockcipher , 2011 .

[17]  Mihir Bellare,et al.  The Security of Cipher Block Chaining , 1994, CRYPTO.

[18]  Christof Paar,et al.  Block Ciphers - Focus on the Linear Layer (feat. PRIDE) , 2014, CRYPTO.

[19]  Yevgeniy Dodis,et al.  Improving the Security of MACs Via Randomized Message Preprocessing , 2007, FSE.

[20]  Yusi Zhang,et al.  Using an Error-Correction Code for Fast, Beyond-Birthday-Bound Authentication , 2015, CT-RSA.

[21]  Peng Wang,et al.  3kf9: Enhancing 3GPP-MAC beyond the Birthday Bound , 2012, ASIACRYPT.

[22]  Kan Yasuda,et al.  The Sum of CBC MACs Is a Secure PRF , 2010, CT-RSA.

[23]  Christophe De Cannière,et al.  KATAN and KTANTAN - A Family of Small and Efficient Hardware-Oriented Block Ciphers , 2009, CHES.

[24]  Kyoji Shibutani,et al.  The 128-Bit Blockcipher CLEFIA (Extended Abstract) , 2007, FSE.

[25]  Daniel J. Bernstein,et al.  How to Stretch Random Functions: The Security of Protected Counter Sums , 1999, Journal of Cryptology.

[26]  Joan Daemen,et al.  AES Proposal : Rijndael , 1998 .

[27]  Tsuyoshi Takagi,et al.  Cryptographic Hardware and Embedded Systems – CHES 2016 , 2016, Lecture Notes in Computer Science.

[28]  Mridul Nandi,et al.  Improved security analysis for OMAC as a pseudorandom function , 2009, J. Math. Cryptol..

[29]  François-Xavier Standaert,et al.  LS-Designs: Bitslice Encryption for Efficient Masked Software Implementations , 2014, FSE.

[30]  Anne Canteaut,et al.  PRINCE - A Low-Latency Block Cipher for Pervasive Computing Applications - Extended Abstract , 2012, ASIACRYPT.

[31]  Shiho Moriai,et al.  Lightweight Cryptography for the Cloud: Exploit the Power of Bitslice Implementation , 2012, CHES.

[32]  Christof Paar,et al.  New Lightweight DES Variants , 2007, FSE.

[33]  John Black,et al.  A Block-Cipher Mode of Operation for Parallelizable Message Authentication , 2002, EUROCRYPT.

[34]  Daesung Kwon,et al.  LEA: A 128-Bit Block Cipher for Fast Encryption on Common Processors , 2013, WISA.

[35]  Mihir Bellare,et al.  XOR MACs: New Methods for Message Authentication Using Finite Pseudorandom Functions , 1995, CRYPTO.

[36]  Alex Biryukov,et al.  Fast Software Encryption: 14th International Workshop, FSE 2007, Luxembourg, Luxembourg, March 26-28, 2007, Revised Selected Papers , 2007, FSE 2007.

[37]  Tsuyoshi Takagi,et al.  Cryptographic Hardware and Embedded Systems - CHES 2011 - 13th International Workshop, Nara, Japan, September 28 - October 1, 2011. Proceedings , 2011, CHES.

[38]  Andrey Bogdanov,et al.  PRESENT: An Ultra-Lightweight Block Cipher , 2007, CHES.

[39]  Kan Yasuda,et al.  A New Variant of PMAC: Beyond the Birthday Bound , 2011, CRYPTO.

[40]  Kaoru Kurosawa,et al.  Stronger Security Bounds for OMAC, TMAC, and XCBC , 2003, INDOCRYPT.

[41]  Yee Wei Law,et al.  KLEIN: A New Family of Lightweight Block Ciphers , 2010, RFIDSec.

[42]  Chae Hoon Lim,et al.  mCrypton - A Lightweight Block Cipher for Security of Low-Cost RFID Tags and Sensors , 2005, WISA.

[43]  Suhap Sahin,et al.  RoadRunneR: A Small and Fast Bitslice Block Cipher for Low Cost 8-Bit Processors , 2015, LightSec.

[44]  María Naya-Plasencia,et al.  Block Ciphers That Are Easier to Mask: How Far Can We Go? , 2013, CHES.

[45]  Ronald L. Rivest,et al.  The RC5 Encryption Algorithm , 1994, FSE.

[46]  Jean-Jacques Quisquater,et al.  SEA: A Scalable Encryption Algorithm for Small Embedded Applications , 2006, CARDIS.

[47]  Masanobu Katagi,et al.  The 128-Bit Blockcipher CLEFIA , 2007, RFC.

[48]  Vincent Rijmen,et al.  The Design of Rijndael: AES - The Advanced Encryption Standard , 2002 .

[49]  A. E. Harmanci,et al.  ITUbee: A Software Oriented Lightweight Block Cipher , 2013, LightSec.

[50]  Mihir Bellare,et al.  Improved Security Analyses for CBC MACs , 2005, CRYPTO.

[51]  Kazuhiko Minematsu,et al.  $\textnormal{\textsc{TWINE}}$ : A Lightweight Block Cipher for Multiple Platforms , 2012, Selected Areas in Cryptography.