Architecture Optimization and Performance Comparison of Nonce-Misuse-Resistant Authenticated Encryption Algorithms

• Published in: IEEE transactions on very large scale integration (VLSI) systems Vol. 27; no. 5; pp. 1053 - 1066
• Main Authors: Koteshwara, Sandhya, Das, Amitabh, Parhi, Keshab K.
• Format: Journal Article
• Language: English
• Published: New York IEEE 01.05.2019; The Institute of Electrical and Electronics Engineers, Inc. (IEEE)
• Subjects: Advanced Encryption Standard in Galois Counter mode (AES-GCM); AES-GCM-synthetic IV (SIV); Algorithms; Applicability; Application specific integrated circuits; Architecture; authenticated encryption (AE); Authentication; Co-design; Competition for AE: Security; Deoxys; Encryption; Field programmable gate arrays; Gate arrays; Integrated circuits; nonce-misuse resistance; Optimization; pipelineable on-line encryption with authentication tag (POET); PRIMATE-APE; Resistance; Robustness (CAESAR) competition; Security
• ISSN: 1063-8210; 1557-9999
• DOI: 10.1109/TVLSI.2019.2894656

This paper presents a performance comparison of new authenticated encryption (AE) algorithms which are aimed at providing better security and resource efficiency compared to existing standards. Specifically, these algorithms improve the security of existing AE standards by providing a critical property termed nonce-misuse resistance. This paper addresses algorithm to architectural mappings of several candidates from the ongoing Competition for AE: Security, Applicability, and Robustness as well as a submission from the Crypto Forum Research Group. Implementations of the architectures on both field-programmable gate arrays and application-specific integrated circuits platforms are provided and compared with the architecture of a popular standard: Advanced Encryption Standard in Galois Counter mode (AES-GCM). Optimizations that are applicable to AE, in general, and nonce-misuse-resistant architectures, in particular, are presented. A hardware-software codesign approach to optimization is also discussed. The implementations via proposed optimizations demonstrate that new AE algorithms can provide comparable performance as standard AES-GCM while enhancing security and resource utilization for specific use-case scenarios.