Efficient constructions for large‐state block ciphers based on AES New Instructions

Abstract Large‐state block ciphers with 256 bits or 512 bits block sizes receive much attention from the viewpoint of long‐term security. Existing large‐state block ciphers, such as Haraka‐v2 and Pholkos, consist of only the AES New Instructions set (AES‐NI) and a word shuffle that can be efficientl...

Full description

Saved in:
Bibliographic Details
Main Authors: Rentaro Shiba, Kosei Sakamoto, Takanori Isobe
Format: Article
Language:English
Published: Wiley 2022-05-01
Series:IET Information Security
Subjects:
Online Access:https://doi.org/10.1049/ise2.12053
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1832546690380333056
author Rentaro Shiba
Kosei Sakamoto
Takanori Isobe
author_facet Rentaro Shiba
Kosei Sakamoto
Takanori Isobe
author_sort Rentaro Shiba
collection DOAJ
description Abstract Large‐state block ciphers with 256 bits or 512 bits block sizes receive much attention from the viewpoint of long‐term security. Existing large‐state block ciphers, such as Haraka‐v2 and Pholkos, consist of only the AES New Instructions set (AES‐NI) and a word shuffle that can be efficiently executed by SIMD instructions for fast software implementation. In Haraka‐v2 and Pholkos, the AES round function is executed twice in parallel at each step and its outputs are shuffled (called two‐round constructions). In this study, optimal constructions based on AES‐NI and efficient word shuffles for such large‐state block ciphers in terms of the encryption speed for software are explored. Specifically, an optimal class of word shuffles that can achieve security in a smaller number of rounds from the class of word shuffles that can be efficiently implemented in SIMD to contribute to the improvement of the performance of large‐state block ciphers is identified. Their speed for each CPU architecture is measured. As a result, the authors reveal the constructions such that two rounds of the AES round function is executed in parallel at each step and its outputs are shuffled (called two‐round constructions) and are optimal in all CPUs with Skylake architecture or later versions. Furthermore, the authors reveal that there is a clear difference in word shuffle instructions with respect to the speed, even if they theoretically require the same number of cycles. Consequently, the authors clarify the optimal construction for each architecture by taking these differences into consideration.
format Article
id doaj-art-b635cd0b0e1f4c2e8f20505c351e9f80
institution Kabale University
issn 1751-8709
1751-8717
language English
publishDate 2022-05-01
publisher Wiley
record_format Article
series IET Information Security
spelling doaj-art-b635cd0b0e1f4c2e8f20505c351e9f802025-02-03T06:47:34ZengWileyIET Information Security1751-87091751-87172022-05-0116314516010.1049/ise2.12053Efficient constructions for large‐state block ciphers based on AES New InstructionsRentaro Shiba0Kosei Sakamoto1Takanori Isobe2Graduate School of Applied Informatics University of Hyogo Hyogo JapanGraduate School of Applied Informatics University of Hyogo Hyogo JapanGraduate School of Applied Informatics University of Hyogo Hyogo JapanAbstract Large‐state block ciphers with 256 bits or 512 bits block sizes receive much attention from the viewpoint of long‐term security. Existing large‐state block ciphers, such as Haraka‐v2 and Pholkos, consist of only the AES New Instructions set (AES‐NI) and a word shuffle that can be efficiently executed by SIMD instructions for fast software implementation. In Haraka‐v2 and Pholkos, the AES round function is executed twice in parallel at each step and its outputs are shuffled (called two‐round constructions). In this study, optimal constructions based on AES‐NI and efficient word shuffles for such large‐state block ciphers in terms of the encryption speed for software are explored. Specifically, an optimal class of word shuffles that can achieve security in a smaller number of rounds from the class of word shuffles that can be efficiently implemented in SIMD to contribute to the improvement of the performance of large‐state block ciphers is identified. Their speed for each CPU architecture is measured. As a result, the authors reveal the constructions such that two rounds of the AES round function is executed in parallel at each step and its outputs are shuffled (called two‐round constructions) and are optimal in all CPUs with Skylake architecture or later versions. Furthermore, the authors reveal that there is a clear difference in word shuffle instructions with respect to the speed, even if they theoretically require the same number of cycles. Consequently, the authors clarify the optimal construction for each architecture by taking these differences into consideration.https://doi.org/10.1049/ise2.12053AES‐NI, block cipher, cryptography, private key cryptography
spellingShingle Rentaro Shiba
Kosei Sakamoto
Takanori Isobe
Efficient constructions for large‐state block ciphers based on AES New Instructions
IET Information Security
AES‐NI, block cipher, cryptography, private key cryptography
title Efficient constructions for large‐state block ciphers based on AES New Instructions
title_full Efficient constructions for large‐state block ciphers based on AES New Instructions
title_fullStr Efficient constructions for large‐state block ciphers based on AES New Instructions
title_full_unstemmed Efficient constructions for large‐state block ciphers based on AES New Instructions
title_short Efficient constructions for large‐state block ciphers based on AES New Instructions
title_sort efficient constructions for large state block ciphers based on aes new instructions
topic AES‐NI, block cipher, cryptography, private key cryptography
url https://doi.org/10.1049/ise2.12053
work_keys_str_mv AT rentaroshiba efficientconstructionsforlargestateblockciphersbasedonaesnewinstructions
AT koseisakamoto efficientconstructionsforlargestateblockciphersbasedonaesnewinstructions
AT takanoriisobe efficientconstructionsforlargestateblockciphersbasedonaesnewinstructions