Skip to main content
SpringerLink
Log in

PAE: Towards More Efficient and BBB-Secure AE from a Single Public Permutation

  • Conference paper
  • First Online:
Information and Communications Security (ICICS 2023)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14252))

Included in the following conference series:

Abstract

Four observations can be made regarding recent trends that have emerged in the evolution of authenticated encryption schemes: (1) regarding simplicity, the adoption of public permutations as primitives has allowed for sparing a key schedule and the need for storing round keys; (2) using the sums of permutation outputs, inputs, or outputs and inputs has been a well-studied means to achieve higher security beyond the birthday bound; (3) concerning robustness, schemes can provide graceful security degradation if a limited amount of nonces repeats during the lifetime of a key; and (4) Andreeva et al.’s ForkCipher approach can increase the efficiency of a scheme since they can use fewer rounds per output branch compared to full-round primitives.

In this work, we improve the state of the art by combining those aspects for efficient authenticated encryption. We propose PAE, an efficient nonce-based AE scheme that employs a public permutation and one call to an XOR-universal hash function. PAE provides O(2n/3)-bit security and high throughput by combining forked public-permutation-based variants of \(\textsf {nEHtM}\) and Encrypted Davies-Meyer. Thus, it can use a single, in part round-reduced, public permutation for most operations, spare a key schedule, and guarantee security beyond the birthday bound even under limited nonce reuse.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    We deliberately exclude block-cipher- and tweakable block-cipher-based AE schemes from the discussion here as this paper studies only permutation-based AE.

References

  1. Andreeva, E., et al.: APE: authenticated permutation-based encryption for lightweight cryptography. In: Cid, C., Rechberger, C. (eds.) FSE 2014. LNCS, vol. 8540, pp. 168–186. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46706-0_9

    Chapter  Google Scholar 

  2. Andreeva, E., Lallemand, V., Purnal, A., Reyhanitabar, R., Roy, A., Vizár, D.: Forkcipher: a new primitive for authenticated encryption of very short messages. In: Galbraith, S.D., Moriai, S. (eds.) ASIACRYPT 2019. LNCS, vol. 11922, pp. 153–182. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-34621-8_6

    Chapter  Google Scholar 

  3. Beierle, C., et al.: Schwaemm and esch: lightweight authenticated encryption and hashing using the sparkle permutation family (2021)

    Google Scholar 

  4. Bernstein, D.J.: The Poly1305-AES message-authentication code. In: Gilbert, H., Handschuh, H. (eds.) FSE 2005. LNCS, vol. 3557, pp. 32–49. Springer, Heidelberg (2005). https://doi.org/10.1007/11502760_3

    Chapter  Google Scholar 

  5. Beyne, T., Chen, Y.L., Dobraunig, C., Mennink, B.: Dumbo, jumbo, and delirium: parallel authenticated encryption for the lightweight circus. IACR Trans. Symmetric Cryptol. 2020(S1), 5–30 (2020)

    Google Scholar 

  6. Beyne, T., Chen, Y.L., Dobraunig, C., Mennink, B.: Multi-user security of the elephant v2 authenticated encryption mode. In: AlTawy, R., Hülsing, A. (eds.) SAC 2021. LNCS, vol. 13203, pp. 155–178. Springer, Cham (2022). https://doi.org/10.1007/978-3-030-99277-4_8

    Chapter  Google Scholar 

  7. Bhattacharjee, A., Bhaumik, R., Dutta, A., List, E.: PAE: towards more efficient and BBB-secure AE from a single public permutation. Cryptology ePrint Archive, Paper 2023/978 (2023)

    Google Scholar 

  8. Bhattacharjee, A., Bhaumik, R., Nandi, M.: A sponge-based PRF with good multi-user security. In: Smith, B., Wu, H. (eds.) Selected Areas in Cryptography. LNCS, Springer, Cham (2022)

    Google Scholar 

  9. Bhattacharjee, A., Bhaumik, R., Nandi, M.: Offset-based BBB-secure tweakable block-ciphers with updatable caches. In: Isobe, T., Sarkar, S. (eds.) INDOCRYPT 2022. LNCS, vol. 13774, pp. 171–194. Springer, Cham (2022). https://doi.org/10.1007/978-3-031-22912-1_8

    Chapter  Google Scholar 

  10. Bhattacharjee, A., Chakraborti, A., Datta, N., Mancillas-López, C., Nandi, M.: ISAP+: ISAP with fast authentication. In: Isobe, T., Sarkar, S. (eds.) INDOCRYPT 2022. LNCS, vol. 13774, pp. 195–219. Springer, Cham (2022). https://doi.org/10.1007/978-3-031-22912-1_9

    Chapter  Google Scholar 

  11. Bhattacharjee, A., Dutta, A., List, E., Nandi, M.: CENCPP\(^*\): beyond-birthday-secure encryption from public permutations. Des. Codes Cryptogryphy 90(6), 1381–1425 (2022)

    Article  MathSciNet  MATH  Google Scholar 

  12. Bhattacharjee, A., López, C.M., List, E., Nandi, M.: The oribatida v1.3 family of lightweight authenticated encryption schemes. J. Math. Cryptol. 15(1), 305–344 (2021)

    Article  MathSciNet  MATH  Google Scholar 

  13. Bhaumik, R., Chailloux, A., Frixons, P., Mennink, B., Naya-Plasencia, M.: Block cipher doubling for a post-quantum world. IACR Cryptology ePrint Archive, p. 1342 (2022)

    Google Scholar 

  14. Chakraborti, A., Datta, N., Nandi, M., Yasuda, K.: Beetle family of lightweight and secure authenticated encryption ciphers. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2018(2), 218–241 (2018)

    Article  Google Scholar 

  15. Chen, Y.L.: A modular approach to the security analysis of two-permutation constructions. In: Agrawal, S., Lin, D. (eds.) ASIACRYPT 2022. LNCS, vol. 13791, pp. 379–409. Springer, Cham (2022). https://doi.org/10.1007/978-3-031-22963-3_13

    Chapter  Google Scholar 

  16. Chen, Y.L., Dutta, A., Nandi, M.: Multi-user BBB security of public permutations based MAC. Cryptogr. Commun. 14(5), 1145–1177 (2022)

    Article  MathSciNet  MATH  Google Scholar 

  17. Chen, Y.L., Lambooij, E., Mennink, B.: How to build pseudorandom functions from public random permutations. In: Boldyreva, A., Micciancio, D. (eds.) CRYPTO 2019. LNCS, vol. 11692, pp. 266–293. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-26948-7_10

    Chapter  Google Scholar 

  18. Chen, Y.L., Mennink, B., Preneel, B.: Categorization of faulty nonce misuse resistant message authentication. In: Tibouchi, M., Wang, H. (eds.) ASIACRYPT 2021. LNCS, vol. 13092, pp. 520–550. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-92078-4_18

    Chapter  Google Scholar 

  19. Cogliati, B., Seurin, Y.: EWCDM: an efficient, beyond-birthday secure, nonce-misuse resistant MAC. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9814, pp. 121–149. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53018-4_5

    Chapter  Google Scholar 

  20. Daemen, J., Hoffert, S., Peeters, M., Van Assche, G., Van Keer, R.: Xoodyak, a lightweight cryptographic scheme. IACR Trans. Symmetric Cryptol. 2020(S1), 60–87 (2020)

    Article  Google Scholar 

  21. Dobraunig, C., et al.: ISAP v2.0. IACR Trans. Symmetric Cryptol. 2020(S1), 390–416 (2020)

    Google Scholar 

  22. Dobraunig, C., Eichlseder, M., Mendel, F., Schläffer, M.: Ascon v1.2, September 27 2019. Submission to the NIST LwC competition. https://csrc.nist.gov/CSRC/media/Projects/lightweight-cryptography/documents/round-2/spec-doc-rnd2/ascon-spec-round2.pdf

  23. Dobraunig, C., Eichlseder, M., Mendel, F., Schläffer, M.: Ascon v1.2: lightweight authenticated encryption and hashing. J. Cryptol. 34(3), 33 (2021)

    Google Scholar 

  24. Dobraunig, C., Eichlseder, M., Mendel, F., Schläffer, M.: Reference, highly optimized, masked C and ASM implementations of Ascon (2023). https://github.com/ascon/ascon-c. Accessed 28 June 2023

  25. Dutta, A., Nandi, M.: BBB secure nonce based MAC using public permutations. In: Nitaj, A., Youssef, A. (eds.) AFRICACRYPT 2020. LNCS, vol. 12174, pp. 172–191. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-51938-4_9

    Chapter  Google Scholar 

  26. Dutta, A., Nandi, M., Talnikar, S.: Beyond birthday bound secure MAC in faulty nonce model. In: Ishai, Y., Rijmen, V. (eds.) EUROCRYPT 2019. LNCS, vol. 11476, pp. 437–466. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-17653-2_15

    Chapter  MATH  Google Scholar 

  27. Dutta, A., Nandi, M., Talnikar, S.: Permutation based EDM: an inverse free BBB secure PRF. IACR Trans. Symmetric Cryptol. 2021(2), 31–70 (2021)

    Article  Google Scholar 

  28. Duval, S., Leurent, G.: Lightweight MACs from universal hash functions. In: Belaïd, S., Güneysu, T. (eds.) CARDIS 2019. LNCS, vol. 11833, pp. 195–215. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-42068-0_12

    Chapter  Google Scholar 

  29. Hoang, V.T., Tessaro, S.: Key-alternating ciphers and key-length extension: exact bounds and multi-user security. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9814, pp. 3–32. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53018-4_1

    Chapter  Google Scholar 

  30. Mennink, B., Neves, S.: Encrypted Davies-Meyer and its dual: towards optimal security using mirror theory. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10403, pp. 556–583. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-63697-9_19

    Chapter  Google Scholar 

  31. Mennink, B., Neves, S.: Optimal PRFs from blockcipher designs. IACR Trans. Symmetric Cryptol. 2017(3), 228–252 (2017)

    Article  Google Scholar 

  32. Minematsu, K.: How to thwart birthday attacks against MACs via small randomness. In: Hong, S., Iwata, T. (eds.) FSE 2010. LNCS, vol. 6147, pp. 230–249. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-13858-4_13

    Chapter  Google Scholar 

  33. Mouha, N.: Chaskey: a MAC algorithm for microcontrollers - status update and proposal of Chaskey-12. IACR Cryptology ePrint Archive, p. 1182 (2015)

    Google Scholar 

  34. Mouha, N., Mennink, B., Van Herrewege, A., Watanabe, D., Preneel, B., Verbauwhede, I.: Chaskey: an efficient MAC algorithm for 32-bit microcontrollers. In: Joux, A., Youssef, A. (eds.) SAC 2014. LNCS, vol. 8781, pp. 306–323. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-13051-4_19

    Chapter  Google Scholar 

  35. Nir, Y., Langley, A.: RFC 8439: ChaCha20 and Poly1305 for IETF Protocols (2018)

    Google Scholar 

  36. De Santis, F., Schauer, A., Sigl, G.: ChaCha20-Poly1305 authenticated encryption for high-speed embedded IoT applications. In: Atienza, D., Di Natale, G. (eds.) Design, Automation & Test in Europe Conference & Exhibition, pp. 692–697. IEEE (2017)

    Google Scholar 

  37. Turan, M.S., et al.: NIST Internal Report 8454 - Status Report on the Final Round of the NIST Lightweight Cryptography Standardization Process. Technical report, US National Institute of Standards and Technology (2023)

    Google Scholar 

  38. Zhang, P.: Permutation-based lightweight authenticated cipher with beyond conventional security. Secur. Commun. Netw. 2021, 1–9 (2021)

    Google Scholar 

Download references

Acknowledgments

This research is partially supported by Nanyang Technological University in Singapore under Start-up Grant 04INS00397C230, and Ministry of Education in Singapore under Grants RG91/20 and MOE2019-T2-1-060. A part of this research was carried out when Ritam Bhaumik was at Inria Paris funded by the European Research Council (ERC) under the European Union’s Horizon 2020 research and innovation programme (grant agreement no. 714294 - acronym QUASYModo). We thank the anonymous reviewers of ICICS 2023 for their good comments, Florian DeSantis for helpful thoughts on their ChaCha-Poly1305 implementation, and Shun Li for help with implementation equipment.

Author information

Authors and Affiliations

  1. Indian Statistical Institute, Kolkata, India

    Arghya Bhattacharjee

  2. École polytechnique fédérale de Lausanne, Lausanne, Switzerland

    Ritam Bhaumik

  3. Institute for Advancing Intelligence, TCG CREST, Kolkata, India

    Avijit Dutta

  4. School of Physical and Mathematical Sciences, Nanyang Technological University, Singapore, Singapore

    Eik List

Authors
  1. Arghya Bhattacharjee
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ritam Bhaumik
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Avijit Dutta
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Eik List
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Avijit Dutta .

Editor information

Editors and Affiliations

  1. Nankai University, Tianjin, China

    Ding Wang

  2. Columbia University, New York, NY, USA

    Moti Yung

  3. Nankai University, Tianjin, China

    Zheli Liu

  4. Xidian University, Xi’an, China

    Xiaofeng Chen

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Bhattacharjee, A., Bhaumik, R., Dutta, A., List, E. (2023). PAE: Towards More Efficient and BBB-Secure AE from a Single Public Permutation. In: Wang, D., Yung, M., Liu, Z., Chen, X. (eds) Information and Communications Security. ICICS 2023. Lecture Notes in Computer Science, vol 14252. Springer, Singapore. https://doi.org/10.1007/978-981-99-7356-9_5

Download citation

  • DOI: https://doi.org/10.1007/978-981-99-7356-9_5

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-99-7355-2

  • Online ISBN: 978-981-99-7356-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation