APE: Authenticated Permutation-Based Encryption for Lightweight Cryptography

Elena Andreeva; Begül Bilgin; Andrey Bogdanov; Atul Luykx; Bart Mennink; Nicky Mouha; Kan Yasuda

doi:10.1007/978-3-662-46706-0_9

APE: Authenticated Permutation-Based Encryption for Lightweight Cryptography

Elena Andreeva, Begül Bilgin, Andrey Bogdanov, Atul Luykx, Bart Mennink, Nicky Mouha, Kan Yasuda

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

40 Citations (Scopus)

138 Downloads (Pure)

Abstract

The domain of lightweight cryptography focuses on cryptographic algorithms for extremely constrained devices. It is very costly to avoid nonce reuse in such environments, because this requires either a hardware source of randomness, or non-volatile memory to store a counter. At the same time, a lot of cryptographic schemes actually require the nonce assumption for their security. In this paper, we propose APE as the first permutation-based authenticated encryption scheme that is resistant against nonce misuse. We formally prove that APE is secure, based on the security of the underlying permutation. To decrypt, APE processes the ciphertext blocks in reverse order, and uses inverse permutation calls. APE therefore requires a permutation that is both efficient for forward and inverse calls. We instantiate APE with the permutations of three recent lightweight hash function designs: Quark, Photon, and Spongent. For any of these permutations, an implementation that sup- ports both encryption and decryption requires less than 1.9 kGE and 2.8 kGE for 80-bit and 128-bit security levels, respectively.

Original language	English
Title of host publication	Fast Software Encryption
Subtitle of host publication	21st International Workshop, FSE 2014, London, UK, March 3-5, 2014. Revised Selected Papers
Editors	Carlos Cid, Christian Rechberger
Place of Publication	London
Publisher	Springer
Pages	168-186
Number of pages	16
ISBN (Electronic)	978-3-662-46706-0
ISBN (Print)	978-3-662-46706-0
DOIs	https://doi.org/10.1007/978-3-662-46706-0_9
Publication status	Published - Mar 2014
Event	21st International Workshop on Fast Software Encryption, FSE 2014 - London, United Kingdom Duration: 3 Mar 2014 → 5 Mar 2014 Conference number: 21

Publication series

Name	Lecture Notes in Computer Science
Publisher	Springer
Volume	8540
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Workshop

Workshop	21st International Workshop on Fast Software Encryption, FSE 2014
Abbreviated title	FSE
Country/Territory	United Kingdom
City	London
Period	3/03/14 → 5/03/14

Keywords

SCS-Cybersecurity
APE
Authenticated encryption
Sponge function
Online
Deterministic
Permutation-based
Misuse resistant

Access to Document

10.1007/978-3-662-46706-0_9

Andreeva2014apeAccepted author version, 467 KB

Cite this

Andreeva, E., Bilgin, B., Bogdanov, A., Luykx, A., Mennink, B., Mouha, N., & Yasuda, K. (2014). APE: Authenticated Permutation-Based Encryption for Lightweight Cryptography. In C. Cid, & C. Rechberger (Eds.), Fast Software Encryption: 21st International Workshop, FSE 2014, London, UK, March 3-5, 2014. Revised Selected Papers (pp. 168-186). ( Lecture Notes in Computer Science; Vol. 8540). Springer. https://doi.org/10.1007/978-3-662-46706-0_9

Andreeva, Elena ; Bilgin, Begül ; Bogdanov, Andrey et al. / APE: Authenticated Permutation-Based Encryption for Lightweight Cryptography. Fast Software Encryption: 21st International Workshop, FSE 2014, London, UK, March 3-5, 2014. Revised Selected Papers. editor / Carlos Cid ; Christian Rechberger. London : Springer, 2014. pp. 168-186 ( Lecture Notes in Computer Science).

@inproceedings{9381d07ec723440890278da214105c56,

title = "APE: Authenticated Permutation-Based Encryption for Lightweight Cryptography",

abstract = "The domain of lightweight cryptography focuses on cryptographic algorithms for extremely constrained devices. It is very costly to avoid nonce reuse in such environments, because this requires either a hardware source of randomness, or non-volatile memory to store a counter. At the same time, a lot of cryptographic schemes actually require the nonce assumption for their security. In this paper, we propose APE as the first permutation-based authenticated encryption scheme that is resistant against nonce misuse. We formally prove that APE is secure, based on the security of the underlying permutation. To decrypt, APE processes the ciphertext blocks in reverse order, and uses inverse permutation calls. APE therefore requires a permutation that is both efficient for forward and inverse calls. We instantiate APE with the permutations of three recent lightweight hash function designs: Quark, Photon, and Spongent. For any of these permutations, an implementation that sup- ports both encryption and decryption requires less than 1.9 kGE and 2.8 kGE for 80-bit and 128-bit security levels, respectively.",

keywords = "SCS-Cybersecurity, APE, Authenticated encryption, Sponge function, Online, Deterministic, Permutation-based, Misuse resistant",

author = "Elena Andreeva and Beg{\"u}l Bilgin and Andrey Bogdanov and Atul Luykx and Bart Mennink and Nicky Mouha and Kan Yasuda",

year = "2014",

month = mar,

doi = "10.1007/978-3-662-46706-0_9",

language = "English",

isbn = "978-3-662-46706-0",

series = " Lecture Notes in Computer Science",

publisher = "Springer",

pages = "168--186",

editor = "Carlos Cid and Christian Rechberger",

booktitle = "Fast Software Encryption",

address = "Germany",

note = "21st International Workshop on Fast Software Encryption, FSE 2014, FSE ; Conference date: 03-03-2014 Through 05-03-2014",

}

Andreeva, E, Bilgin, B, Bogdanov, A, Luykx, A, Mennink, B, Mouha, N & Yasuda, K 2014, APE: Authenticated Permutation-Based Encryption for Lightweight Cryptography. in C Cid & C Rechberger (eds), Fast Software Encryption: 21st International Workshop, FSE 2014, London, UK, March 3-5, 2014. Revised Selected Papers. Lecture Notes in Computer Science, vol. 8540, Springer, London, pp. 168-186, 21st International Workshop on Fast Software Encryption, FSE 2014, London, United Kingdom, 3/03/14. https://doi.org/10.1007/978-3-662-46706-0_9

APE: Authenticated Permutation-Based Encryption for Lightweight Cryptography. / Andreeva, Elena; Bilgin, Begül; Bogdanov, Andrey et al.
Fast Software Encryption: 21st International Workshop, FSE 2014, London, UK, March 3-5, 2014. Revised Selected Papers. ed. / Carlos Cid; Christian Rechberger. London: Springer, 2014. p. 168-186 ( Lecture Notes in Computer Science; Vol. 8540).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

TY - GEN

T1 - APE: Authenticated Permutation-Based Encryption for Lightweight Cryptography

AU - Andreeva, Elena

AU - Bilgin, Begül

AU - Bogdanov, Andrey

AU - Luykx, Atul

AU - Mennink, Bart

AU - Mouha, Nicky

AU - Yasuda, Kan

N1 - Conference code: 21

PY - 2014/3

Y1 - 2014/3

N2 - The domain of lightweight cryptography focuses on cryptographic algorithms for extremely constrained devices. It is very costly to avoid nonce reuse in such environments, because this requires either a hardware source of randomness, or non-volatile memory to store a counter. At the same time, a lot of cryptographic schemes actually require the nonce assumption for their security. In this paper, we propose APE as the first permutation-based authenticated encryption scheme that is resistant against nonce misuse. We formally prove that APE is secure, based on the security of the underlying permutation. To decrypt, APE processes the ciphertext blocks in reverse order, and uses inverse permutation calls. APE therefore requires a permutation that is both efficient for forward and inverse calls. We instantiate APE with the permutations of three recent lightweight hash function designs: Quark, Photon, and Spongent. For any of these permutations, an implementation that sup- ports both encryption and decryption requires less than 1.9 kGE and 2.8 kGE for 80-bit and 128-bit security levels, respectively.

AB - The domain of lightweight cryptography focuses on cryptographic algorithms for extremely constrained devices. It is very costly to avoid nonce reuse in such environments, because this requires either a hardware source of randomness, or non-volatile memory to store a counter. At the same time, a lot of cryptographic schemes actually require the nonce assumption for their security. In this paper, we propose APE as the first permutation-based authenticated encryption scheme that is resistant against nonce misuse. We formally prove that APE is secure, based on the security of the underlying permutation. To decrypt, APE processes the ciphertext blocks in reverse order, and uses inverse permutation calls. APE therefore requires a permutation that is both efficient for forward and inverse calls. We instantiate APE with the permutations of three recent lightweight hash function designs: Quark, Photon, and Spongent. For any of these permutations, an implementation that sup- ports both encryption and decryption requires less than 1.9 kGE and 2.8 kGE for 80-bit and 128-bit security levels, respectively.

KW - SCS-Cybersecurity

KW - APE

KW - Authenticated encryption

KW - Sponge function

KW - Online

KW - Deterministic

KW - Permutation-based

KW - Misuse resistant

U2 - 10.1007/978-3-662-46706-0_9

DO - 10.1007/978-3-662-46706-0_9

M3 - Conference contribution

SN - 978-3-662-46706-0

T3 - Lecture Notes in Computer Science

SP - 168

EP - 186

BT - Fast Software Encryption

A2 - Cid, Carlos

A2 - Rechberger, Christian

PB - Springer

CY - London

T2 - 21st International Workshop on Fast Software Encryption, FSE 2014

Y2 - 3 March 2014 through 5 March 2014

ER -

Andreeva E, Bilgin B, Bogdanov A, Luykx A, Mennink B, Mouha N et al. APE: Authenticated Permutation-Based Encryption for Lightweight Cryptography. In Cid C, Rechberger C, editors, Fast Software Encryption: 21st International Workshop, FSE 2014, London, UK, March 3-5, 2014. Revised Selected Papers. London: Springer. 2014. p. 168-186. ( Lecture Notes in Computer Science). doi: 10.1007/978-3-662-46706-0_9

APE: Authenticated Permutation-Based Encryption for Lightweight Cryptography

Abstract

Publication series

Workshop

Keywords

Access to Document

Fingerprint

Cite this