Efficient Design Strategies Based on the AES Round Function

We show several constructions based on the AES round function that can be used as building blocks for MACs and authenticated encryption schemes. They are found by a search of the space of all secure constructions based on an efficient design strategy that has been shown to be one of the most optimal among all the considered. We implement the constructions on the latest Intel's processors. Our benchmarks show that on Intel Skylake the smallest construction runs at 0.188 c/B, while the fastest at only 0.125 c/B, i.e. five times faster than AES-128.

[1]  Dawu Gu,et al.  Differential and Linear Cryptanalysis Using Mixed-Integer Linear Programming , 2011, Inscrypt.

[2]  Vincent Rijmen,et al.  The Design of Rijndael: AES - The Advanced Encryption Standard , 2002 .

[3]  Alex Biryukov,et al.  The Design of a Stream Cipher LEX , 2006, Selected Areas in Cryptography.

[4]  Vincent Rijmen,et al.  A New MAC Construction ALRED and a Specific Instance ALPHA-MAC , 2005, FSE.

[5]  Jérémy Jean,et al.  Improved Key Recovery Attacks on Reduced-Round AES in the Single-Key Setting , 2013, IACR Cryptol. ePrint Arch..

[6]  Tao Huang,et al.  Leaked-State-Forgery Attack against the Authenticated Encryption Algorithm ALE , 2013, ASIACRYPT.

[7]  Vincent Rijmen,et al.  The MAC function Pelican 2 . 0 , 2014 .

[8]  Andrey Bogdanov,et al.  Comb to Pipeline: Fast Software Encryption Revisited , 2015, FSE.

[9]  Vincent Rijmen,et al.  The Pelican MAC Function , 2005, IACR Cryptol. ePrint Arch..

[10]  Bart Preneel,et al.  AEGIS: A Fast Authenticated Encryption Algorithm , 2013, Selected Areas in Cryptography.

[11]  Dmitry Khovratovich,et al.  The LOCAL attack: Cryptanalysis of the authenticated encryption scheme ALE , 2013, IACR Cryptol. ePrint Arch..

[12]  Peter Schwabe,et al.  Faster and Timing-Attack Resistant AES-GCM , 2009, CHES.

[13]  Vincent Rijmen,et al.  ALE: AES-Based Lightweight Authenticated Encryption , 2013, FSE.

[14]  Lei Hu,et al.  Automatic Security Evaluation and (Related-key) Differential Characteristic Search: Application to SIMON, PRESENT, LBlock, DES(L) and Other Bit-Oriented Block Ciphers , 2014, ASIACRYPT.

[15]  Lars R. Knudsen,et al.  Bivium as a Mixed-Integer Linear Programming Problem , 2009, IMACC.

[16]  Vincent Rijmen,et al.  Improved Impossible Differential Cryptanalysis of 7-Round AES-128 , 2010, INDOCRYPT.

[17]  Keting Jia,et al.  Improved Single-Key Attacks on 9-Round AES-192/256 , 2014, FSE.

[18]  Goce Jakimoski,et al.  ASC-1: An Authenticated Encryption Stream Cipher , 2011, Selected Areas in Cryptography.

[19]  Vincent Rijmen,et al.  The Design of Rijndael , 2002, Information Security and Cryptography.