KIASU
From Syllab
KIASU is authenticated encryption scheme based on the first ad-hoc tweakable AES used in two modes. It was designed by Jérémy Jean, Ivica Nikolić and Thomas Peyrin.
Contents |
Design
The ad-hoc tweakable AES is produced from AES by adding 64-bit tweak T to the first two rows of the state of AES in each round (i.e. AddRoundKey is replaced by AddRoundKey & AddTweak).
Features
- The tweakable block cipher provides 128-bit security (including related-key related-tweak attacks). The first mode greatly benefits from this as the security of the whole modes goes beyond birthday bound. The second might benefit as well (conjecture).
- Speed overhead compared to AES is minimal. The two modes are based on parallel calls of AES, thus are extremelly efficient in software.
- Easy to implement given AES code. Backwards compatible with AES (set tweak=0). Security reduction of the tweakable cipher to the security of AES.
Software
The design is fast in software in general and very fast on the processors with AES-NI support.
| Intel Sandy Bridge | Intel Haswell | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 128 | 256 | 512 | 1024 | 2048 | 4096 | 128 | 256 | 512 | 1024 | 2048 | 4096 | |
| KIASU = | 5.42 | 2.93 | 2.45 | 2.27 | 2.07 | 1.98 | 1.81 | 1.59 | 1.48 | 1.44 | 1.40 | 1.39 |
| KIASU=\= | 1.41 | 1.21 | 1.11 | 1.06 | 1.03 | 1.02 | 0.97 | 0.84 | 0.78 | 0.76 | 0.75 | 0.74 |
Downloads
The revised (April 2, 2014) document can be found here. The first version of the submission document can be found here.
