sp-AELM: Sponge Based Authenticated Encryption Scheme for Memory Constrained Devices

  • Megha AgrawalEmail author
  • Donghoon Chang
  • Somitra Sanadhya
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9144)


In authenticated encryption schemes, there are two techniques for handling long ciphertexts while working within the constraints of a low buffer size: Releasing unverified plaintext (RUP) or Producing intermediate tags (PIT). In this paper, in addition to these two techniques, we propose another way to handle a long ciphertext with a low buffer size by storing and releasing only one (generally, or only few) intermediate state, without releasing or storing any part of an unverified plaintext and without need of generating any intermediate tag. In this paper we explain this generalized technique using our new construction sp-AELM. sp-AELM is a sponge based authenticated encryption scheme that provides support for limited memory devices. We also provide its security proof for privacy and authenticity in an ideal permutation model, using a code based game playing framework. Furthermore, we also present two more variants of sp-AELM that serve the same purpose and are more efficient than sp-AELM.

The ongoing CAESAR competition has 9 submissions which are based on the Sponge construction. We apply our generalized technique of storing single intermediate state to all these submissions, to determine their suitability with a devices having limited memory. Our findings show that only ASCON and one of the PRIMATE’s mode(namely GIBBON) satisify the limited memory constraint using this technique, while the remaining 8 schemes (namely, Artemia, ICEPOLE, Ketje, Keyak, NORX, \(\Pi \)-cipher, STRIBOB and two of the PRIMATEs mode: APE & HANUMAN) are not suitable for this scenario directly.


Authenticated encryption CAESAR Cryptographic module Remote key authenticated encryption Decrypt-then-mask protocol Privacy Authenticity 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    CAESAR: Competition for authenticated encryption: Security, applicability, and robustness (2014).
  2. 2.
    Agrawal, M., Chang, D., Sanadhya, S.: A new authenticated encryption technique for handling long ciphertexts in memory constrained devices. Cryptology ePrint Archive, Report 2015/331 (2015).
  3. 3.
    Andreeva, E., Bilgin, B., Bogdanov, A., Luykx, A., Mennink, B., Mouha, N., Yasuda, K.: APE: Authenticated permutation-based encryption for lightweight cryptography. IACR Cryptology ePrint Archive 2013, 791 (2013)Google Scholar
  4. 4.
    Bellare, M., Namprempre, C.: Authenticated Encryption: Relations Among Notions and Analysis of the Generic Composition Paradigm. J. Cryptol. 21(4), 469–491 (2008)zbMATHMathSciNetCrossRefGoogle Scholar
  5. 5.
    Bellare, M., Rogaway, P.: Encode-then-encipher encryption: how to exploit nonces or redundancy in plaintexts for efficient cryptography. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 317–330. Springer, Heidelberg (2000) CrossRefGoogle Scholar
  6. 6.
    Bellare, M., Rogaway, P.: Code-Based Game-Playing Proofs and the Security of Triple Encryption. IACR Cryptology ePrint Archive 2004, 331 (2004)Google Scholar
  7. 7.
    Bellare, M., Rogaway, P., Wagner, D.: EAX: A Conventional Authenticated-Encryption Mode. IACR Cryptology ePrint Archive 2003, 69 (2003)Google Scholar
  8. 8.
    Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: Duplexing the sponge: single-pass authenticated encryption and other applications. In: Miri, A., Vaudenay, S. (eds.) SAC 2011. LNCS, vol. 7118, pp. 320–337. Springer, Heidelberg (2012) CrossRefGoogle Scholar
  9. 9.
    Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: Cryptographic sponge functions (2011).
  10. 10.
    Blaze, M.: High-bandwidth encryption with low-bandwidth smartcards. In: Gollmann, G. (ed.) Fast Software Encryption. Lecture Notes in Computer Science, vol. 1039, pp. 33–40. Springer, Heidelberg (1996) CrossRefGoogle Scholar
  11. 11.
    Blaze, M., Feigenbaum, J., Naor, M.: A formal treatment of remotely keyed encryption. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 251–265. Springer, Heidelberg (1998) CrossRefGoogle Scholar
  12. 12.
    Dobraunig, C., Eichlseder, M., Mendel, F., Schlaffer, M.: Ascon v1.
  13. 13.
    Gligoroski, D., Mihajloska, H., Samardjiska, S., Jacobsen, H., El-Hadedy, M., Jensen, R.E.: PiCipher v1.
  14. 14.
    Dodis, Y.: Concealment and Its Applications to Authenticated Encryption. In: Dent, A.W., Zheng, Y. (eds.) Practical Signcryption. Information Security and Cryptography, pp. 149–173. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  15. 15.
    Dworkin, M.J.: Sp 800–38c. recommendation for block cipher modes of operation: The CCM mode for authentication and confidentiality. Technical report, Gaithersburg, MD, United States (2004)Google Scholar
  16. 16.
    Andreeva, E., Bogdanov, A., Luykx, A., Mennink, B., Mouha, N., Yasuda, K.: How to securely release unverified plaintext in authenticated encryption. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014. LNCS, vol. 8873, pp. 105–125. Springer, Heidelberg (2014) Google Scholar
  17. 17.
    Andreeva, E., Bilgin, B., Bogdanov, A., Luykx, A., Mendel, F., Mennink, B., Mouha, N., Wang, Q., Yasuda, K.: PRIMATEs v1.
  18. 18.
    Fouque, P.-A., Joux, A., Martinet, G., Valette, F.: Authenticated On-Line Encryption. In: Matsui, M., Zuccherato, R.J. (eds.) Selected Areas in Cryptography. Lecture Notes in Computer Science, vol. 3006, pp. 145–159. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  19. 19.
    Bertoni, G., Daemen, J., Peeters, M., Van Assche, G., Van Keer, R.: Ketje v1.
  20. 20.
    Bertoni, G., Daemen, J., Peeters, M., Van Assche, G., Van Keer, R.: Ketje v1.
  21. 21.
    Alizadeh, J., Aref, M.R., Bagheri, N.: Artemia v1.
  22. 22.
    Neves, S., Aumasson, J.-P., Jovanovic, P.: NORX: Parallel and Scalable AEAD (2014).
  23. 23.
    Kohno, T., Viega, J., Whiting, D.: CWC: a high-performance conventional authenticated encryption mode. In: Roy, B., Meier, W. (eds.) FSE 2004. LNCS, vol. 3017, pp. 408–426. Springer, Heidelberg (2004) CrossRefGoogle Scholar
  24. 24.
    Lucks, S.: On the security of remotely keyed encryption. In: Biham, E. (ed.) FSE 1997. LNCS, vol. 1267, pp. 219–229. Springer, Heidelberg (1997) CrossRefGoogle Scholar
  25. 25.
    Saarinen, M.-J.O.: The CBEAMr1 Authenticated Encryption Algorithm.
  26. 26.
    Saarinen, M.-J.O.: The STRIBOBr 1 Authenticated Encryption Algorithm.
  27. 27.
    McGrew, D.A., Viega, J.: The security and performance of the galois/counter mode (GCM) of operation. In: Canteaut, A., Viswanathan, K. (eds.) INDOCRYPT 2004. LNCS, vol. 3348, pp. 343–355. Springer, Heidelberg (2004) CrossRefGoogle Scholar
  28. 28.
    Morawiecki, P., Gaj, K., Homsirikamol, E., Matusiewicz, K., Pieprzyk, J., Rogawski, M., Srebrny, M., Wojcik, M.: ICEPOLE v1.
  29. 29.
    Rogaway, P., Bellare, M., Black, J.: OCB: A block-cipher mode of operation for efficient authenticated encryption. ACM Trans. Inf. Syst. Secur. 6(3), 365–403 (2003)CrossRefGoogle Scholar
  30. 30.
    Wu, H., Preneel, B.: AEGIS: A Fast Authenticated Encryption Algorithm. In: Lange, T., Lauter, K., Lisoněk, P. (eds.) SAC 2013. LNCS, vol. 8282, pp. 185–202. Springer, Heidelberg (2014) CrossRefGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  • Megha Agrawal
    • 1
    Email author
  • Donghoon Chang
    • 1
  • Somitra Sanadhya
    • 1
  1. 1.Indraprastha Institute of Information TechnologyDelhi (IIIT-D)India

Personalised recommendations