Comparison of aead-algorithms for embedded systems іnternet of things

: pp. 76-91
Lviv Polytechnic National University
Lviv Polytechnic National University
Lviv Polytechnic National University

The article compares the performance and memory requirements of AES-GCM and ChaCha20Poly1305 AED encryption solutions for typical 8/16/32-bit embedded low-end processors in the Internet of Things device with different approaches to providing tolerance to Timing Attacks and Simple Power Analysis Attacks. Particular attention is given to the low-level multiplication implementation in GF(2128) with constant execution time as a key GCM operation, since low-end processors do not have ready instructions for carry-less multiplication. For each AVR/MSP430/ARM Cortex-M3 processor core, a carry-less multiplication with a constant execution time, which is similar in efficiency to algorithms with a non-constant execution time, is proposed.

[1] Alex Biryukov and Leo Perrin. State of the Art in Lightweight Symmetric Cryptography. Cryptology ePrint Archive, Report 2017/511, 2017.

[2] Sergey Panasenko and Sergey Smagin. Lightweight Cryptography: Underlying Principles and Approaches. International Journal of Computer Theory and Engineering, Vol. 3, No. 4, August 2011, pp. 516-520.

[3] Sovyn Ya., Nakonechny Yu., Opirskyy I., Stakhiv M. Analysis of hardware support of cryptography in Internet of Things-devices // Ukrainian Scientific Journal of Information Security, 2018, vol. 24, issue 1, p. 36-48.

[4] Eldewahi A. E. W., Sharfi T. M. H., Mansor A. A., Mohamed N. A. F. and Alwahbani S. M. H. SSL/TLS attacks: Analysis and evaluation. 2015 International Conference on Computing, Control, Networking, Electronics and Embedded Systems Engineering (ICCNEEE), Khartoum, 2015, pp. 203-208.

[5] Schaumont P. Security in the Internet of Things: A challenge of scale. Design, Automation & Test in Europe Conference & Exhibition (DATE), 2017, Lausanne, 2017, pp. 674-679.

[6] Yang Y., Wu L., Yin G., Li L. and Zhao H. A Survey on Security and Privacy Issues in Internet-of-Things. IEEE Internet of Things Journal, Vol. 4, No. 5, pp. 1250-1258, Oct., 2017.

[7] Dworkin M. Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) for Confidentiality and Authentication, NIST Special Publication 800-38D, November, 2007.

[8] McGrew D. An interface and algorithms for authenticated encryption. IETF RFC 5116. January, 2008.

[9] Nir Y., Langley A. ChaCha20 and Poly1305 for IETF Protocols. RFC 8439. June 2018.

[10] Langley A., Chang W., Mavrogiannopoulos N., Strombergson J., Josefsson S. ChaCha20-Poly1305 Cipher Suites for Transport Layer Security (TLS). RFC 7905. June 2016.

[11] "CAESAR Competition for Authenticated Encryption: Security, Applicability, and Robustness". 2012.

[12] Intel Architecture Instruction Set Extensions and Future Features Programming Reference. March, 2018.

[13] Shay Gueron. Intel Advanced Encryption Standard (AES) New Instructions Set. Intel White Paper, 2012.

[14] Shay Gueron, Michael E. Kounavis. Intel carry-less multiplication instruction and its usage for computing the GCM mode. Intel White Paper, April, 2014.

[15] ARM Architecture Reference Manual. ARMv8, for ARMv8-A architecture profile. December, 2017.

[16] Agner Fog. Instruction tables. Lists of instruction latencies, throughputs and micro-operation breakdowns for Intel, AMD and VIA CPUs. 2018.

[17] Shay Gueron, Adam Langley, Yehuda Lindell. AES-GCM-SIV Nonce Misuse-Resistant Authenticated Encryption. CFRG Meeting EUROCRYPT 2016, May, 2016.

[18] Daemen J. and Rijmen V. The design of Rijndael. Springer-Verlag New York, Inc. Secaucus, NJ, USA, 2002.

[19] Conrado P. L. Gouvea, Julio Lopez. High Speed Implementation of Authenticated Encryption for the MSP430X Microcontroller. Progress in Cryptology LATINCRYPT 2012. LNCS, Vol. 7533, pp. 288-304. Springer, Heidelberg (2012).

[20] "The Cifra Project. A collection of cryptographic primitives targeted at embedded use.", Feb., 2017.

[21] F. De Santis, A. Schauer and G. Sigl. ChaCha20-Poly1305 authenticated encryption for high-speed embedded IoT applications. Design, Automation & Test in Europe Conference & Exhibition (DATE), 2017, Lausanne, 2017, pp. 692-697.

[22] Atmel Corporation. 8-bit AVR Microcontroller with 8/16K Bytes of ISP Flash and USB Controller. Technical Reference Manual, 2008.

[23] Texas Instruments. User's Guide. MSP430FR58xx/59xx/68xx, and MSP430FR69xx Family, 2015.

[24] ARM, "ARM and Thumb-2 Instruction Set", 2016.

[25] McGrew D. A. and Viega J. The Galois/Counter Mode of Operation (GCM). Submission to NIST, 2005.

[26] Loup Vaillant. The design of Poly1305, 2017.