Abstract
A large number of the symmetric-key mode of operations, such as classical CBC-MAC, have serial structures. While a serial mode gives an implementation advantage in terms of required memory or footprint compared to the parallel counterparts, it wastes the capability of parallel process even when it is available. The problem is becoming more relevant as lightweight cryptography is going to be deployed in the real world. In this article, we propose an alternative implementation strategy for serial MAC modes and serial authenticated encryption (AE) modes that allows 2-block parallel operation for verification/decryption. Our proposal maintains the original functionality and security. It is simple yet novel, and generally applicable to a wide range of existing modes including two NIST recommendations, CMAC and CCM. We demonstrate the effectiveness of our proposal by showing several case studies with software implementations.
Keywords
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
- 1.
We use the term pincer verification to cover both MAC and AE modes. Note that pincer verification for AE is in fact authenticated decryption, not just verification.
- 2.
- 3.
\({\textsf {CMAC}}\) is a generic mode for 128-bit block ciphers. This paper assumes \(\textsf {AES-128} \) as the underlying block cipher for \({\textsf {CMAC}}\). The same applies to \(\mathsf{CCM} \).
- 4.
- 5.
Our proposal covers AE schemes that do not necessarily require nonce, such as deterministic AE. We focus on nonce-based AE for simplicity.
- 6.
We write \((M,T^*)\) instead of \((M',T')\) written at Sect. 2: this is convenient and intuitive to understand the data flow of pincer verification.
- 7.
More precisely we only need \(F^{-1}_f\) for F.
- 8.
- 9.
Strictly speaking it is not, because of the specification of \(\texttt {encode}\), however this difference is not critical.
- 10.
References
NIST Lightweight Cryptography. https://csrc.nist.gov/projects/lightweight-cryptography. National Institute of Standards and Technology
Recommendation for Block Cipher Modes of Operation: The CCM Mode for Authentication and Confidentiality. NIST Special Publication 800-38C (2004). National Institute of Standards and Technology
Recommendation for Block Cipher Modes of Operation: the CMAC Mode for Authentication. NIST Special Publication 800-38B (2005). National Institute of Standards and Technology
Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC. NIST Special Publication 800-38D (2007). National Institute of Standards and Technology
SHA-3 Derived Functions: cSHAKE, KMAC, TupleHash and ParallelHash. NIST Special Publication 800-185 (2016). National Institute of Standards and Technology
Wireless connectivity market analysis. TSR report (2018). www.t-s-r.co.jp/e/report/4543.html
Espressif milestones (2019). www.espressif.com/en/company/about-us/milestones
Adomnicai, A., Peyrin, T.: Fixslicing AES-like ciphers. IACR TCHES 2021(1), 402–425 (2021). https://doi.org/10.46586/tches.v2021.i1.402-425. https://tches.iacr.org/index.php/TCHES/article/view/8739
Avanzi, R.: The QARMA block cipher family. IACR Trans. Symm. Cryptol. 2017(1), 4–44 (2017). https://doi.org/10.13154/tosc.v2017.i1.4-44
Banik, S., et al.: Midori: a block cipher for low energy. In: Iwata, T., Cheon, J.H. (eds.) ASIACRYPT 2015. LNCS, vol. 9453, pp. 411–436. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-48800-3_17
Banik, S., et al.: GIFT-COFB. Submission to NIST Lightweight Cryptography (2019)
Beierle, C., et al.: The SKINNY family of block ciphers and its low-latency variant MANTIS. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9815, pp. 123–153. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53008-5_5
Bellare, M., Namprempre, C.: Authenticated encryption: relations among notions and analysis of the generic composition paradigm. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 531–545. Springer, Heidelberg (2000). https://doi.org/10.1007/3-540-44448-3_41
Bernstein, D.J.: The Poly1305-AES message-authentication code. In: Gilbert, H., Handschuh, H. (eds.) FSE 2005. LNCS, vol. 3557, pp. 32–49. Springer, Heidelberg (2005). https://doi.org/10.1007/11502760_3
Bernstein, D.J., et al.: Gimli: a cross-platform permutation. In: Fischer, W., Homma, N. (eds.) CHES 2017. LNCS, vol. 10529, pp. 299–320. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-66787-4_15
Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: Duplexing the sponge: single-pass authenticated encryption and other applications. In: Miri, A., Vaudenay, S. (eds.) SAC 2011. LNCS, vol. 7118, pp. 320–337. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-28496-0_19
Biham, E.: A fast new DES implementation in software. In: Biham, E. (ed.) FSE 1997. LNCS, vol. 1267, pp. 260–272. Springer, Heidelberg (1997). https://doi.org/10.1007/BFb0052352
Black, J., Rogaway, P.: CBC MACs for arbitrary-length messages: the three-key constructions. J. Cryptol. 18(2), 111–131 (2005). https://doi.org/10.1007/s00145-004-0016-3
Bogdanov, A., et al.: PRESENT: an ultra-lightweight block cipher. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 450–466. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-74735-2_31
Bogdanov, A., Lauridsen, M.M., Tischhauser, E.: Comb to pipeline: fast software encryption revisited. In: Leander, G. (ed.) FSE 2015. LNCS, vol. 9054, pp. 150–171. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-48116-5_8
Borghoff, J., et al.: PRINCE – a low-latency block cipher for pervasive computing applications. In: Wang, X., Sako, K. (eds.) ASIACRYPT 2012. LNCS, vol. 7658, pp. 208–225. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-34961-4_14
Bosselaers, A., Preneel, B. (eds.): Integrity Primitives for Secure Information Systems. LNCS, vol. 1007. Springer, Heidelberg (1995). https://doi.org/10.1007/3-540-60640-8
Chakraborti, A., Iwata, T., Minematsu, K., Nandi, M.: Blockcipher-based authenticated encryption: how small can we go? In: Fischer, W., Homma, N. (eds.) CHES 2017. LNCS, vol. 10529, pp. 277–298. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-66787-4_14
Chakraborti, A., Iwata, T., Minematsu, K., Nandi, M.: Blockcipher-based authenticated encryption: how small can we go? J. Cryptol. 33(3), 703–741 (2019). https://doi.org/10.1007/s00145-019-09325-z
Dobraunig, C., Eichlseder, M., Mendel, F., Schläffer, M.: Ascon. Submission to NIST Lightweight Cryptography (2019)
Gueron, S., Kounavis, M.E.: Efficient implementation of the Galois Counter Mode using a carry-less multiplier and a fast reduction algorithm. Inf. Process. Lett. 110(14–15), 549–553 (2010)
Guo, C., Khairallah, M., Minematsu, K., Peyrin, T.: Romulus v1.3. Submission to NIST Lightweight Cryptography (2021)
Hoffert, J.D.S., Peeters, M., Assche, G.V., Keer, R.V., Mella, S.: Zoodyak. Submission to NIST Lightweight Cryptography (2019)
Iwata, T., Khairallah, M., Minematsu, K., Peyrin, T.: Duel of the titans: the Romulus and Remus families of lightweight AEAD algorithms. IACR Trans. Symm. Cryptol. 2020(1), 43–120 (2020). https://doi.org/10.13154/tosc.v2020.i1.43-120
Iwata, T., Kurosawa, K.: OMAC: one-key CBC MAC. In: Johansson, T. (ed.) FSE 2003. LNCS, vol. 2887, pp. 129–153. Springer, Heidelberg (2003). https://doi.org/10.1007/978-3-540-39887-5_11
Iwata, T., Minematsu, K., Guo, J., Morioka, S.: CLOC: authenticated encryption for short input. In: Cid, C., Rechberger, C. (eds.) FSE 2014. LNCS, vol. 8540, pp. 149–167. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46706-0_8
Kurosawa, K., Iwata, T.: TMAC: two-key CBC MAC. In: Joye, M. (ed.) CT-RSA 2003. LNCS, vol. 2612, pp. 33–49. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-36563-X_3
Liskov, M., Rivest, R.L., Wagner, D.: Tweakable block ciphers. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 31–46. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-45708-9_3
Matsuda, S., Moriai, S.: Lightweight cryptography for the cloud: exploit the power of Bitslice implementation. In: Prouff, E., Schaumont, P. (eds.) CHES 2012. LNCS, vol. 7428, pp. 408–425. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-33027-8_24
Matsui, M.: How far can we go on the x64 processors? In: Robshaw, M. (ed.) FSE 2006. LNCS, vol. 4047, pp. 341–358. Springer, Heidelberg (2006). https://doi.org/10.1007/11799313_22
Minematsu, K., Tsunoo, Y.: Provably secure MACs from differentially-uniform permutations and AES-based implementations. In: Robshaw, M. (ed.) FSE 2006. LNCS, vol. 4047, pp. 226–241. Springer, Heidelberg (2006). https://doi.org/10.1007/11799313_15
Mouha, N., Mennink, B., Van Herrewege, A., Watanabe, D., Preneel, B., Verbauwhede, I.: Chaskey: an efficient MAC algorithm for 32-bit microcontrollers. In: Joux, A., Youssef, A. (eds.) SAC 2014. LNCS, vol. 8781, pp. 306–323. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-13051-4_19
Naito, Y., Matsui, M., Sugawara, T., Suzuki, D.: SAEB: a lightweight blockcipher-based AEAD mode of operation. IACR TCHES 2018(2), 192–217 (2018). https://doi.org/10.13154/tches.v2018.i2.192-217. https://tches.iacr.org/index.php/TCHES/article/view/885
Naito, Y., Sugawara, T.: Lightweight authenticated encryption mode of operation for tweakable block ciphers. IACR TCHES 2020(1), 66–94 (2019). https://doi.org/10.13154/tches.v2020.i1.66-94. https://tches.iacr.org/index.php/TCHES/article/view/8393
Nandi, M.: Fast and secure CBC-type MAC algorithms. In: Dunkelman, O. (ed.) FSE 2009. LNCS, vol. 5665, pp. 375–393. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-03317-9_23
Renner, S., Pozzobon, E., Mottok, J.: A hardware in the loop benchmark suite to evaluate NIST LWC ciphers on microcontrollers. In: Meng, W., Gollmann, D., Jensen, C.D., Zhou, J. (eds.) ICICS 2020. LNCS, vol. 12282, pp. 495–509. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-61078-4_28
Rogaway, P.: Efficient instantiations of tweakable blockciphers and refinements to modes OCB and PMAC. In: Lee, P.J. (ed.) ASIACRYPT 2004. LNCS, vol. 3329, pp. 16–31. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-30539-2_2
Rogaway, P., Shrimpton, T.: A provable-security treatment of the key-wrap problem. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 373–390. Springer, Heidelberg (2006). https://doi.org/10.1007/11761679_23
Schwabe, P., Stoffelen, K.: All the AES you need on Cortex-M3 and M4. In: Avanzi, R., Heys, H. (eds.) SAC 2016. LNCS, vol. 10532, pp. 180–194. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-69453-5_10
Wang, B., Gu, X., Yang, Y.: Saber on ESP32. In: Conti, M., Zhou, J., Casalicchio, E., Spognardi, A. (eds.) ACNS 2020. LNCS, vol. 12146, pp. 421–440. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-57808-4_21
Zhang, L., Wu, W., Zhang, L., Wang, P.: CBCR: CBC MAC with rotating transformations. Sci. China Inf. Sci. 54(11), 2247–2255 (2011)
Acknowledgements
The authors would like to thank the anonymous reviewers for their insightful comments, and thank Thomas Peyrin and Mustafa Khairallah for feedback.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Minematsu, K., Inoue, A., Moriwaki, K., Shigeri, M., Kubo, H. (2022). Parallel Verification of Serial MAC and AE Modes. In: AlTawy, R., Hülsing, A. (eds) Selected Areas in Cryptography. SAC 2021. Lecture Notes in Computer Science, vol 13203. Springer, Cham. https://doi.org/10.1007/978-3-030-99277-4_10
Download citation
DOI: https://doi.org/10.1007/978-3-030-99277-4_10
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-99276-7
Online ISBN: 978-3-030-99277-4
eBook Packages: Computer ScienceComputer Science (R0)