AES-LBBB: AES Mode for Lightweight and BBB-Secure Authenticated Encryption

Authors

  • Yusuke Naito Mitsubishi Electric Corporation, Kanagawa, Japan
  • Yu Sasaki NTT Secure Platform Laboratories, Tokyo, Japan
  • Takeshi Sugawara The University of Electro-Communications, Tokyo, Japan

DOI:

https://doi.org/10.46586/tches.v2021.i3.298-333

Keywords:

AES, authenticated encryption, backward compatibility, beyond-birthday-bound security, lightweight, AES accelerator, AES coprocessor

Abstract

In this paper, a new lightweight authenticated encryption scheme AESLBBB is proposed, which was designed to provide backward compatibility with advanced encryption standard (AES) as well as high security and low memory. The primary design goal, backward compatibility, is motivated by the fact that AES accelerators are now very common for devices in the field; we are interested in designing an efficient and highly secure mode of operation that exploits the best of those AES accelerators. The backward compatibility receives little attention in the NIST lightweight cryptography standardization process, in which only 3 out of 32 round-2 candidates are based on AES. Our mode, LBBB, is inspired by the design of ALE in the sense that the internal state size is a minimum 2n bits when using a block cipher of length n bits for the key and data. Unfortunately, there is no security proof of ALE, and forgery attacks have been found on ALE. In LBBB, we introduce an additional feed from block cipher’s output to the key state via a certain permutation λ, which enables us to prove beyond-birthday-bound (BBB) security. We then specify its AES instance, AES-LBBB, and evaluate its performance for (i) software implementation on a microcontroller with an AES coprocessor and (ii) hardware implementation for an application-specific integrated circuit (ASIC) to show that AES-LBBB performs better than the current state-of-the-art Remus-N2 with AES-128.

Downloads

Published

2021-07-09

Issue

Section

Articles

How to Cite

AES-LBBB: AES Mode for Lightweight and BBB-Secure Authenticated Encryption. (2021). IACR Transactions on Cryptographic Hardware and Embedded Systems, 2021(3), 298-333. https://doi.org/10.46586/tches.v2021.i3.298-333