Adiantum: length-preserving encryption for entry-level processors

CryptoDB

Adiantum: length-preserving encryption for entry-level processors

Authors:	Paul Crowley , Google LLC Eric Biggers , Google LLC
Download:	DOI: 10.13154/tosc.v2018.i4.39-61 URL: https://tosc.iacr.org/index.php/ToSC/article/view/7360 Search ePrint Search Google
Presentation:	Slides
Abstract:	We present HBSH, a simple construction for tweakable length-preserving encryption which supports the fastest options for hashing and stream encryption for processors without AES or other crypto instructions, with a provable quadratic advantage bound. Our composition Adiantum uses NH, Poly1305, XChaCha12, and a single AES invocation. On an ARM Cortex-A7 processor, Adiantum decrypts 4096-byte messages at 10.6 cycles per byte, over five times faster than AES-256-XTS, with a constant-time implementation. We also define HPolyC which is simpler and has excellent key agility at 13.6 cycles per byte.

Video from TOSC 2018

BibTeX

@article{tosc-2018-29245,
  title={Adiantum: length-preserving encryption for entry-level processors},
  journal={IACR Transactions on Symmetric Cryptology},
  publisher={Ruhr-Universität Bochum},
  volume={2018, Issue 4},
  pages={39-61},
  url={https://tosc.iacr.org/index.php/ToSC/article/view/7360},
  doi={10.13154/tosc.v2018.i4.39-61},
  author={Paul Crowley and Eric Biggers},
  year=2018
}

International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

Adiantum: length-preserving encryption for entry-level processors

Video from TOSC 2018

BibTeX

International Association for Cryptologic Research

International Associationfor Cryptologic Research

CryptoDB

Adiantum: length-preserving encryption for entry-level processors

Video from TOSC 2018

BibTeX

International Association
for Cryptologic Research