Optimizing Online Permutation-Based AE Schemes for Lightweight Applications

  • Yu Sasaki
  • Kan Yasuda
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10701)


We explore ways to optimize online, permutation-based authenticated-encryption (AE) schemes for lightweight applications. The lightweight applications demand that AE schemes operate in resource-constrained environments, which raise two issues: (1) implementation costs must be low, and (2) ensuring proper use of a nonce is difficult due to its small size and lack of randomness. Regarding the implementation costs, recently it has been recognized that permutation-based (rather than block-cipher-based) schemes frequently show advantages. However, regarding the security under nonce misuse, the standard permutation-based duplex construction cannot ensure confidentiality. There exists one permutation-based scheme named APE which offers certain robustness against nonce misuse. Unfortunately, the APE construction has several drawbacks such as ciphertext expansion and bidirectional permutation circuits. The ciphertext expansion would require more bandwidth, and the bidirectional circuits would require a larger hardware footprint. In this paper, we propose new constructions of online permutation-based AE that require less bandwidth, a smaller hardware footprint and lower computational costs. We provide security proofs for the new constructions, demonstrating that they are as secure as the APE construction.


AEAD Permutation-based Sponge APE Bandwidth Hardware footprint Inverse-free 


  1. 1.
    Andreeva, E., Bilgin, B., Bogdanov, A., Luykx, A., Mendel, F., Mennink, B., Mouha, N., Wang, Q., Yasuda, K.: PRIMATEs v1. Submission to CAESAR (2014)Google Scholar
  2. 2.
    Andreeva, E., Bilgin, B., Bogdanov, A., Luykx, A., Mennink, B., Mouha, N., Yasuda, K.: APE: authenticated permutation-based encryption for lightweight cryptography. In: Cid, C., Rechberger, C. (eds.) FSE 2014. LNCS, vol. 8540, pp. 168–186. Springer, Heidelberg (2015). Google Scholar
  3. 3.
    Aumasson, J.-P., Henzen, L., Meier, W., Naya-Plasencia, M.: Quark: a lightweight hash. In: Mangard, S., Standaert, F.-X. (eds.) CHES 2010. LNCS, vol. 6225, pp. 1–15. Springer, Heidelberg (2010). CrossRefGoogle Scholar
  4. 4.
    Bellare, M., Namprempre, C.: Authenticated encryption: relations among notions and analysis of the generic composition paradigm. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 531–545. Springer, Heidelberg (2000). CrossRefGoogle Scholar
  5. 5.
    Bernstein, D.: CAESAR Competition (2013).
  6. 6.
    Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: On the indifferentiability of the sponge construction. In: Smart, N. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 181–197. Springer, Heidelberg (2008). CrossRefGoogle Scholar
  7. 7.
    Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: Duplexing the sponge: single-pass authenticated encryption and other applications. In: Miri, A., Vaudenay, S. (eds.) SAC 2011. LNCS, vol. 7118, pp. 320–337. Springer, Heidelberg (2012). CrossRefGoogle Scholar
  8. 8.
    Bogdanov, A., Knežević, M., Leander, G., Toz, D., Varıcı, K., Verbauwhede, I.: spongent: a lightweight hash function. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 312–325. Springer, Heidelberg (2011). CrossRefGoogle Scholar
  9. 9.
    CRYPTREC Lightweight Cryptography Working Group: CRYPTREC cryptographic technology guideline (lightweight cryptography) (2017).
  10. 10.
    Dinca, L.M., Hancke, G.: Behavioural sensor data as randomness source for IoT devices. In: ISIE 2017, pp. 2038–2043. IEEE (2017)Google Scholar
  11. 11.
    Dworkin, M.: Recommendation for block cipher modes of operation: Galois/Counter Mode (GCM) and GMAC. NIST Special Publication 800-38D (2007)Google Scholar
  12. 12.
    Fleischmann, E., Forler, C., Lucks, S.: McOE: a family of almost foolproof on-line authenticated encryption schemes. In: Canteaut, A. (ed.) FSE 2012. LNCS, vol. 7549, pp. 196–215. Springer, Heidelberg (2012). CrossRefGoogle Scholar
  13. 13.
    Guo, J., Peyrin, T., Poschmann, A.: The PHOTON family of lightweight hash functions. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 222–239. Springer, Heidelberg (2011). CrossRefGoogle Scholar
  14. 14.
    Hoang, V.T., Krovetz, T., Rogaway, P.: AEZ v1: Authenticated-encryption by enciphering. Submission to CAESAR (2014)Google Scholar
  15. 15.
    JTC 1/SC 27: Information technology–Security techniques–Lightweight cryptography–Part 1: General. ISO/IEC 29192-1 (2012)Google Scholar
  16. 16.
    Kannan, S., Karimi, N., Sinanoglu, O., Karri, R.: Security vulnerabilities of emerging nonvolatile main memories and countermeasures. IEEE Trans. CAD Integr. Circ. Syst. 34(1), 2–15 (2015)CrossRefGoogle Scholar
  17. 17.
    LoRa Alliance: LoRa specification (2015).
  18. 18.
    McKay, K.A., Bassham, L., Turan, M.S., Mouha, N.: Report on lightweight cryptography. NISTIR 8114 (2017).
  19. 19.
    Mennink, B., Reyhanitabar, R., Vizár, D.: Security of full-state keyed sponge and duplex: applications to authenticated encryption. In: Iwata, T., Cheon, J.H. (eds.) ASIACRYPT 2015. LNCS, vol. 9453, pp. 465–489. Springer, Heidelberg (2015). CrossRefGoogle Scholar
  20. 20.
    Rogaway, P.: Nonce-based symmetric encryption. In: Roy, B., Meier, W. (eds.) FSE 2004. LNCS, vol. 3017, pp. 348–358. Springer, Heidelberg (2004). CrossRefGoogle Scholar
  21. 21.
    Rogaway, P., Shrimpton, T.: A provable-security treatment of the key-wrap problem. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 373–390. Springer, Heidelberg (2006). CrossRefGoogle Scholar
  22. 22.
    Sasaki, Y., Yasuda, K.: How to incorporate associated data in sponge-based authenticated encryption. In: Nyberg, K. (ed.) CT-RSA 2015. LNCS, vol. 9048, pp. 353–370. Springer, Cham (2015). Google Scholar
  23. 23.
    Shrimpton, T., Terashima, R.S.: A modular framework for building variable-input-length tweakable ciphers. In: Sako, K., Sarkar, P. (eds.) ASIACRYPT 2013. LNCS, vol. 8269, pp. 405–423. Springer, Heidelberg (2013). CrossRefGoogle Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  1. 1.NTT Secure Platform LaboratoriesTokyoJapan

Personalised recommendations