AES-LBBB: AES Mode for Lightweight and BBB-Secure Authenticated Encryption

• Main Authors: Yusuke Naito, Yu Sasaki, Takeshi Sugawara
• Format: Article
• Language: English
• Published: Ruhr-Universität Bochum 2021-07-01
• Series: Transactions on Cryptographic Hardware and Embedded Systems
• Subjects: AES; authenticated encryption; backward compatibility; beyond-birthday-bound security; lightweight; AES accelerator
• Online Access: https://tches.iacr.org/index.php/TCHES/article/view/8976

In this paper, a new lightweight authenticated encryption scheme AESLBBB is proposed, which was designed to provide backward compatibility with advanced encryption standard (AES) as well as high security and low memory. The primary design goal, backward compatibility, is motivated by the fact that AES accelerators are now very common for devices in the field; we are interested in designing an efficient and highly secure mode of operation that exploits the best of those AES accelerators. The backward compatibility receives little attention in the NIST lightweight cryptography standardization process, in which only 3 out of 32 round-2 candidates are based on AES. Our mode, LBBB, is inspired by the design of ALE in the sense that the internal state size is a minimum 2n bits when using a block cipher of length n bits for the key and data. Unfortunately, there is no security proof of ALE, and forgery attacks have been found on ALE. In LBBB, we introduce an additional feed from block cipher’s output to the key state via a certain permutation λ, which enables us to prove beyond-birthday-bound (BBB) security. We then specify its AES instance, AES-LBBB, and evaluate its performance for (i) software implementation on a microcontroller with an AES coprocessor and (ii) hardware implementation for an application-specific integrated circuit (ASIC) to show that AES-LBBB performs better than the current state-of-the-art Remus-N2 with AES-128.