doi: 10.3934/amc.2020108

${\sf {FAST}}$: Disk encryption and beyond

1. 

Indian Statistical Institute, 203, B.T. Road, Kolkata, India 700108

2. 

Computer Science Department, CINVESTAV-IPN, Mexico, D.F., 07360, Mexico

* Corresponding author: Sebati Ghosh

Received  February 2020 Published  September 2020

This work introduces ${\sf {FAST}}$ which is a new family of tweakable enciphering schemes. Several instantiations of ${\sf {FAST}}$ are described. These are targeted towards two goals, the specific task of disk encryption and a more general scheme suitable for a wide variety of practical applications. A major contribution of this work is to present detailed and careful software implementations of all of these instantiations. For disk encryption, the results from the implementations show that ${\sf {FAST}}$ compares very favourably to the IEEE disk encryption standards XCB and EME2 as well as the more recent proposal AEZ. ${\sf {FAST}}$ is built using a fixed input length pseudo-random function and an appropriate hash function. It uses a single-block key, is parallelisable and can be instantiated using only the encryption function of a block cipher. The hash function can be instantiated using either the Horner's rule based usual polynomial hashing or hashing based on the more efficient Bernstein-Rabin-Winograd polynomials. Security of ${\sf {FAST}}$ has been rigorously analysed using the standard provable security approach and concrete security bounds have been derived. Based on our implementation results, we put forward ${\sf {FAST}}$ as a serious candidate for standardisation and deployment.

Citation: Debrup Chakraborty, Sebati Ghosh, Cuauhtemoc Mancillas López, Palash Sarkar. ${\sf {FAST}}$: Disk encryption and beyond. Advances in Mathematics of Communications, doi: 10.3934/amc.2020108
References:
[1]

Public comments on the XTS-AES mode, http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/comments/XTS/collected_XTS_comments.pdf. Google Scholar

[2]

IEEE Std 1619-2007: Standard for Cryptographic Protection of Data on Block-Oriented Storage Devices, IEEE Computer Society, 2008. Available at: http://standards.ieee.org/findstds/standard/1619-2007.html. Google Scholar

[3]

IEEE Std 1619.2-2010: IEEE Standard for Wide-block Encryption for Shared Storage Media, March 2011. Available at: http://standards.ieee.org/findstds/standard/1619.2-2010.html. Google Scholar

[4]

M. Bellare, D. Cash and S. Keelveedhi, Ciphers that securely encipher their own keys, in (eds. Y. Chen, G. Danezis and V. Shmatikov) Proceedings of the 18th ACM Conference on Computer and Communications Security, CCS 2011, Chicago, Illinois, USA, October 17-21, 2011, 2011,423–432. doi: 10.1145/2046707.2046757.  Google Scholar

[5]

M. Bellare, A. Desai, E. Jokipii and P. Rogaway, A concrete security treatment of symmetric encryption, in 38th Annual Symposium on Foundations of Computer Science, FOCS '97, Miami Beach, Florida, USA, October 19-22, 1997, IEEE Computer Society, 1997,394–403. doi: 10.1109/SFCS.1997.646128.  Google Scholar

[6]

D. J. Bernstein, Polynomial evaluation and message authentication, 2007. Available at: http://cr.yp.to/papers.html#pema. Google Scholar

[7]

R. Bhaumik and M. Nandi, An inverse-free single-keyed tweakable enciphering scheme, in (eds. T. Iwata and J. H. Cheon) Advances in Cryptology - ASIACRYPT 2015 - 21st International Conference on the Theory and Application of Cryptology and Information Security, Auckland, New Zealand, November 29 - December 3, 2015, Proceedings, Part II, Lecture Notes in Computer Science, 9453, Springer, 2015,159–180. doi: 10.1007/978-3-662-48800-3_7.  Google Scholar

[8]

D. Chakraborty, S. Ghosh and P. Sarkar, A fast single-key two-level universal hash function, IACR Trans. Symmetric Cryptol., 2017 (2017), 106–128. Google Scholar

[9]

D. ChakrabortyV. Hernandez-Jimenez and P. Sarkar, Another look at XCB, Cryptography and Communications, 7 (2015), 439-468.  doi: 10.1007/s12095-015-0127-8.  Google Scholar

[10]

D. Chakraborty, C. Mancillas-López, F. Rodríguez-Henríquez and P. Sarkar, Efficient hardware implementations of BRW polynomials and tweakable enciphering schemes, IEEE Trans. Computers, 62 (2013), 279–294. doi: 10.1109/TC.2011.227.  Google Scholar

[11]

D. Chakraborty, C. Mancillas-López and P. Sarkar, STES: A stream cipher based low cost scheme for securing stored data, IEEE Trans. Computers, 64 (2015), 2691–2707. doi: 10.1109/TC.2014.2366739.  Google Scholar

[12]

D. Chakraborty and M. Nandi, An improved security bound for HCTR, in (eds. K. Nyberg) Fast Software Encryption, 15th International Workshop, FSE 2008, Lausanne, Switzerland, February 10-13, 2008, Revised Selected Papers, Lecture Notes in Computer Science, 5086, Springer, 2008,289–302. doi: 10.1007/978-3-540-71039-4_18.  Google Scholar

[13]

D. Chakraborty and P. Sarkar, A new mode of encryption providing a tweakable strong pseudo-random permutation, in (eds. M. J. B. Robshaw) FSE, Lecture Notes in Computer Science, 4047, Springer, 2006,293–309. doi: 10.1007/11799313_19.  Google Scholar

[14]

D. Chakraborty and P. Sarkar, HCH: A new tweakable enciphering scheme using the hash-counter-hash approach, IEEE Transactions on Information Theory, 54 (2008), 1683-1699.  doi: 10.1109/TIT.2008.917623.  Google Scholar

[15]

D. Chakraborty and P. Sarkar, On modes of operations of a block cipher for authentication and authenticated encryption, Cryptography and Communications, 8 (2016), 455-511.  doi: 10.1007/s12095-015-0153-6.  Google Scholar

[16]

P. Crowley and E. Biggers, Adiantum: Length-preserving encryption for entry-level processors, IACR Trans. Symmetric Cryptol., 2018 (2018), 39–61. Google Scholar

[17]

M. J. Dworkin, SP 800-38E. Recommendation for Block Cipher Modes of Operation: The XTS-AES Mode for Confidentiality on Storage Devices, Technical report, Gaithersburg, MD, United States, 2010. Google Scholar

[18]

S. Gueron and M. E. Kounavis, Efficient implementation of the galois counter mode using a carry-less multiplier and a fast reduction algorithm, Inf. Process. Lett., 110 (2010), 549-553.  doi: 10.1016/j.ipl.2010.04.011.  Google Scholar

[19]

S. Gueron, A. Langley and Y. Lindell, AES-GCM-SIV: Specification and analysis, IACR Cryptology ePrint Archive, 168 (2017). doi: 10.1007/978-3-319-52153-4.  Google Scholar

[20]

S. Halevi, EME$^{ * }$: Extending EME to handle arbitrary-length messages with associated data, in (eds. A. Canteaut and K. Viswanathan) INDOCRYPT, Lecture Notes in Computer Science, 3348, Springer 2004,315–327. doi: 10.1007/978-3-540-30556-9_25.  Google Scholar

[21]

S. Halevi, Invertible universal hashing and the TET encryption mode, in (eds. A. Menezes) CRYPTO, Lecture Notes in Computer Science, 4622, Springer, (2007), pages 412–429. doi: 10.1007/978-3-540-74143-5_23.  Google Scholar

[22]

S. Halevi and H. Krawczyk, Security under key-dependent inputs, in (eds. P. Ning, S. De Capitani di Vimercati, and P. F. Syverson) Proceedings of the 2007 ACM Conference on Computer and Communications Security, CCS 2007, Alexandria, Virginia, USA, October 28-31, 2007, 2007,466–475. doi: 10.1007/11935308.  Google Scholar

[23]

S. Halevi and P. Rogaway, A tweakable enciphering mode, in (eds. D. Boneh) CRYPTO, Lecture Notes in Computer Science, 2729, Springer, 2003,482–499. doi: 10.1007/978-3-540-45146-4_28.  Google Scholar

[24]

S. Halevi and P. Rogaway, A parallelizable enciphering mode, in (eds. T. Okamoto) CT-RSA, Lecture Notes in Computer Science, 2964, Springer, 2004,292–304. doi: 10.1007/978-3-540-24660-2_23.  Google Scholar

[25]

V. T. Hoang, T. Krovetz and P. Rogaway, Robust authenticated-encryption AEZ and the problem that it solves, in (eds. E. Oswald and M. Fischlin) Advances in Cryptology - EUROCRYPT 2015 - 34th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Sofia, Bulgaria, April 26-30, 2015, Proceedings, Part I, Lecture Notes in Computer Science, 9056, Springer, 2015, 15–44. doi: 10.1007/978-3-662-46800-5_2.  Google Scholar

[26]

M. Liskov, R. L. Rivest and D. Wagner, Tweakable block ciphers, in (eds. M. Yung) CRYPTO, Lecture Notes in Computer Science, 2442, Springer, 2002, 31–46. doi: 10.1007/3-540-45708-9_3.  Google Scholar

[27]

D. A. McGrew and S. R. Fluhrer, The extended codebook (XCB) mode of operation, Cryptology ePrint Archive, Report 2004/278, 2004, Available at: http://eprint.iacr.org/. Google Scholar

[28]

D. A. McGrew and S. R. Fluhrer, The security of the extended codebook (xcb) mode of operation, in (eds. C. M. Adams, A. Miri, and M. J. Wiener) Selected Areas in Cryptography, Lecture Notes in Computer Science, 4876, Springer, 2007,311–327. doi: 10.1007/978-3-540-77360-3_20.  Google Scholar

[29]

D. A. McGrew and J. Viega, Arbitrary block length mode, 2004. Google Scholar

[30]

K. Minematsu, Parallelizable rate-1 authenticated encryption from pseudorandom functions, in (eds. P. Q. Nguyen and E. Oswald) Advances in Cryptology - EUROCRYPT 2014 - 33rd Annual International Conference on the Theory and Applications of Cryptographic Techniques, Copenhagen, Denmark, May 11-15, 2014. Proceedings, Lecture Notes in Computer Science, 8441, Springer, 2014,275–292. doi: 10.1007/978-3-642-55220-5_16.  Google Scholar

[31]

M. Naor and O. Reingold, On the construction of pseudorandom permutations: Luby-Rackoff revisited, J. Cryptology, 12 (1999), 29-66.  doi: 10.1007/PL00003817.  Google Scholar

[32]

M. O. Rabin and S. Winograd, Fast evaluation of polynomials by rational preparation, Comm. Pure Appl. Math., 25 (1972), 433-458.  doi: 10.1002/cpa.3160250405.  Google Scholar

[33]

P. Rogaway, Efficient instantiations of tweakable blockciphers and refinements to modes OCB and PMAC, in (eds. P. J. Lee) ASIACRYPT, Lecture Notes in Computer Science, 3329, Springer, 2004, 16–31. doi: 10.1007/978-3-540-30539-2_2.  Google Scholar

[34]

P. Rogaway and T. Shrimpton, A provable-security treatment of the key-wrap problem, in (eds. Serge Vaudenay) EUROCRYPT, Lecture Notes in Computer Science, 4004, Springer, 2006,373–390. doi: 10.1007/11761679_23.  Google Scholar

[35]

P. Sarkar, A general mixing strategy for the ECB-Mix-ECB mode of operation, Inf. Process. Lett., 109 (2008), 121-123.  doi: 10.1016/j.ipl.2008.09.012.  Google Scholar

[36]

P. Sarkar, Efficient tweakable enciphering schemes from (block-wise) universal hash functions, IEEE Transactions on Information Theory, 55 (2009), 4749-4759.  doi: 10.1109/TIT.2009.2027487.  Google Scholar

[37]

P. Sarkar, Tweakable enciphering schemes using only the encryption function of a block cipher, Inf. Process. Lett., 111 (2011), 945-955.  doi: 10.1016/j.ipl.2011.06.014.  Google Scholar

[38]

P. Wang, D. Feng and W. Wu, HCTR: A variable-input-length enciphering mode, in (eds. D. Feng, D. Lin, and M. Yung) CISC, Lecture Notes in Computer Science, 3822, Springer, 2005,175–188. doi: 10.1007/11599548_15.  Google Scholar

show all references

References:
[1]

Public comments on the XTS-AES mode, http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/comments/XTS/collected_XTS_comments.pdf. Google Scholar

[2]

IEEE Std 1619-2007: Standard for Cryptographic Protection of Data on Block-Oriented Storage Devices, IEEE Computer Society, 2008. Available at: http://standards.ieee.org/findstds/standard/1619-2007.html. Google Scholar

[3]

IEEE Std 1619.2-2010: IEEE Standard for Wide-block Encryption for Shared Storage Media, March 2011. Available at: http://standards.ieee.org/findstds/standard/1619.2-2010.html. Google Scholar

[4]

M. Bellare, D. Cash and S. Keelveedhi, Ciphers that securely encipher their own keys, in (eds. Y. Chen, G. Danezis and V. Shmatikov) Proceedings of the 18th ACM Conference on Computer and Communications Security, CCS 2011, Chicago, Illinois, USA, October 17-21, 2011, 2011,423–432. doi: 10.1145/2046707.2046757.  Google Scholar

[5]

M. Bellare, A. Desai, E. Jokipii and P. Rogaway, A concrete security treatment of symmetric encryption, in 38th Annual Symposium on Foundations of Computer Science, FOCS '97, Miami Beach, Florida, USA, October 19-22, 1997, IEEE Computer Society, 1997,394–403. doi: 10.1109/SFCS.1997.646128.  Google Scholar

[6]

D. J. Bernstein, Polynomial evaluation and message authentication, 2007. Available at: http://cr.yp.to/papers.html#pema. Google Scholar

[7]

R. Bhaumik and M. Nandi, An inverse-free single-keyed tweakable enciphering scheme, in (eds. T. Iwata and J. H. Cheon) Advances in Cryptology - ASIACRYPT 2015 - 21st International Conference on the Theory and Application of Cryptology and Information Security, Auckland, New Zealand, November 29 - December 3, 2015, Proceedings, Part II, Lecture Notes in Computer Science, 9453, Springer, 2015,159–180. doi: 10.1007/978-3-662-48800-3_7.  Google Scholar

[8]

D. Chakraborty, S. Ghosh and P. Sarkar, A fast single-key two-level universal hash function, IACR Trans. Symmetric Cryptol., 2017 (2017), 106–128. Google Scholar

[9]

D. ChakrabortyV. Hernandez-Jimenez and P. Sarkar, Another look at XCB, Cryptography and Communications, 7 (2015), 439-468.  doi: 10.1007/s12095-015-0127-8.  Google Scholar

[10]

D. Chakraborty, C. Mancillas-López, F. Rodríguez-Henríquez and P. Sarkar, Efficient hardware implementations of BRW polynomials and tweakable enciphering schemes, IEEE Trans. Computers, 62 (2013), 279–294. doi: 10.1109/TC.2011.227.  Google Scholar

[11]

D. Chakraborty, C. Mancillas-López and P. Sarkar, STES: A stream cipher based low cost scheme for securing stored data, IEEE Trans. Computers, 64 (2015), 2691–2707. doi: 10.1109/TC.2014.2366739.  Google Scholar

[12]

D. Chakraborty and M. Nandi, An improved security bound for HCTR, in (eds. K. Nyberg) Fast Software Encryption, 15th International Workshop, FSE 2008, Lausanne, Switzerland, February 10-13, 2008, Revised Selected Papers, Lecture Notes in Computer Science, 5086, Springer, 2008,289–302. doi: 10.1007/978-3-540-71039-4_18.  Google Scholar

[13]

D. Chakraborty and P. Sarkar, A new mode of encryption providing a tweakable strong pseudo-random permutation, in (eds. M. J. B. Robshaw) FSE, Lecture Notes in Computer Science, 4047, Springer, 2006,293–309. doi: 10.1007/11799313_19.  Google Scholar

[14]

D. Chakraborty and P. Sarkar, HCH: A new tweakable enciphering scheme using the hash-counter-hash approach, IEEE Transactions on Information Theory, 54 (2008), 1683-1699.  doi: 10.1109/TIT.2008.917623.  Google Scholar

[15]

D. Chakraborty and P. Sarkar, On modes of operations of a block cipher for authentication and authenticated encryption, Cryptography and Communications, 8 (2016), 455-511.  doi: 10.1007/s12095-015-0153-6.  Google Scholar

[16]

P. Crowley and E. Biggers, Adiantum: Length-preserving encryption for entry-level processors, IACR Trans. Symmetric Cryptol., 2018 (2018), 39–61. Google Scholar

[17]

M. J. Dworkin, SP 800-38E. Recommendation for Block Cipher Modes of Operation: The XTS-AES Mode for Confidentiality on Storage Devices, Technical report, Gaithersburg, MD, United States, 2010. Google Scholar

[18]

S. Gueron and M. E. Kounavis, Efficient implementation of the galois counter mode using a carry-less multiplier and a fast reduction algorithm, Inf. Process. Lett., 110 (2010), 549-553.  doi: 10.1016/j.ipl.2010.04.011.  Google Scholar

[19]

S. Gueron, A. Langley and Y. Lindell, AES-GCM-SIV: Specification and analysis, IACR Cryptology ePrint Archive, 168 (2017). doi: 10.1007/978-3-319-52153-4.  Google Scholar

[20]

S. Halevi, EME$^{ * }$: Extending EME to handle arbitrary-length messages with associated data, in (eds. A. Canteaut and K. Viswanathan) INDOCRYPT, Lecture Notes in Computer Science, 3348, Springer 2004,315–327. doi: 10.1007/978-3-540-30556-9_25.  Google Scholar

[21]

S. Halevi, Invertible universal hashing and the TET encryption mode, in (eds. A. Menezes) CRYPTO, Lecture Notes in Computer Science, 4622, Springer, (2007), pages 412–429. doi: 10.1007/978-3-540-74143-5_23.  Google Scholar

[22]

S. Halevi and H. Krawczyk, Security under key-dependent inputs, in (eds. P. Ning, S. De Capitani di Vimercati, and P. F. Syverson) Proceedings of the 2007 ACM Conference on Computer and Communications Security, CCS 2007, Alexandria, Virginia, USA, October 28-31, 2007, 2007,466–475. doi: 10.1007/11935308.  Google Scholar

[23]

S. Halevi and P. Rogaway, A tweakable enciphering mode, in (eds. D. Boneh) CRYPTO, Lecture Notes in Computer Science, 2729, Springer, 2003,482–499. doi: 10.1007/978-3-540-45146-4_28.  Google Scholar

[24]

S. Halevi and P. Rogaway, A parallelizable enciphering mode, in (eds. T. Okamoto) CT-RSA, Lecture Notes in Computer Science, 2964, Springer, 2004,292–304. doi: 10.1007/978-3-540-24660-2_23.  Google Scholar

[25]

V. T. Hoang, T. Krovetz and P. Rogaway, Robust authenticated-encryption AEZ and the problem that it solves, in (eds. E. Oswald and M. Fischlin) Advances in Cryptology - EUROCRYPT 2015 - 34th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Sofia, Bulgaria, April 26-30, 2015, Proceedings, Part I, Lecture Notes in Computer Science, 9056, Springer, 2015, 15–44. doi: 10.1007/978-3-662-46800-5_2.  Google Scholar

[26]

M. Liskov, R. L. Rivest and D. Wagner, Tweakable block ciphers, in (eds. M. Yung) CRYPTO, Lecture Notes in Computer Science, 2442, Springer, 2002, 31–46. doi: 10.1007/3-540-45708-9_3.  Google Scholar

[27]

D. A. McGrew and S. R. Fluhrer, The extended codebook (XCB) mode of operation, Cryptology ePrint Archive, Report 2004/278, 2004, Available at: http://eprint.iacr.org/. Google Scholar

[28]

D. A. McGrew and S. R. Fluhrer, The security of the extended codebook (xcb) mode of operation, in (eds. C. M. Adams, A. Miri, and M. J. Wiener) Selected Areas in Cryptography, Lecture Notes in Computer Science, 4876, Springer, 2007,311–327. doi: 10.1007/978-3-540-77360-3_20.  Google Scholar

[29]

D. A. McGrew and J. Viega, Arbitrary block length mode, 2004. Google Scholar

[30]

K. Minematsu, Parallelizable rate-1 authenticated encryption from pseudorandom functions, in (eds. P. Q. Nguyen and E. Oswald) Advances in Cryptology - EUROCRYPT 2014 - 33rd Annual International Conference on the Theory and Applications of Cryptographic Techniques, Copenhagen, Denmark, May 11-15, 2014. Proceedings, Lecture Notes in Computer Science, 8441, Springer, 2014,275–292. doi: 10.1007/978-3-642-55220-5_16.  Google Scholar

[31]

M. Naor and O. Reingold, On the construction of pseudorandom permutations: Luby-Rackoff revisited, J. Cryptology, 12 (1999), 29-66.  doi: 10.1007/PL00003817.  Google Scholar

[32]

M. O. Rabin and S. Winograd, Fast evaluation of polynomials by rational preparation, Comm. Pure Appl. Math., 25 (1972), 433-458.  doi: 10.1002/cpa.3160250405.  Google Scholar

[33]

P. Rogaway, Efficient instantiations of tweakable blockciphers and refinements to modes OCB and PMAC, in (eds. P. J. Lee) ASIACRYPT, Lecture Notes in Computer Science, 3329, Springer, 2004, 16–31. doi: 10.1007/978-3-540-30539-2_2.  Google Scholar

[34]

P. Rogaway and T. Shrimpton, A provable-security treatment of the key-wrap problem, in (eds. Serge Vaudenay) EUROCRYPT, Lecture Notes in Computer Science, 4004, Springer, 2006,373–390. doi: 10.1007/11761679_23.  Google Scholar

[35]

P. Sarkar, A general mixing strategy for the ECB-Mix-ECB mode of operation, Inf. Process. Lett., 109 (2008), 121-123.  doi: 10.1016/j.ipl.2008.09.012.  Google Scholar

[36]

P. Sarkar, Efficient tweakable enciphering schemes from (block-wise) universal hash functions, IEEE Transactions on Information Theory, 55 (2009), 4749-4759.  doi: 10.1109/TIT.2009.2027487.  Google Scholar

[37]

P. Sarkar, Tweakable enciphering schemes using only the encryption function of a block cipher, Inf. Process. Lett., 111 (2011), 945-955.  doi: 10.1016/j.ipl.2011.06.014.  Google Scholar

[38]

P. Wang, D. Feng and W. Wu, HCTR: A variable-input-length enciphering mode, in (eds. D. Feng, D. Lin, and M. Yung) CISC, Lecture Notes in Computer Science, 3822, Springer, 2005,175–188. doi: 10.1007/11599548_15.  Google Scholar

Figure 1.  The hash functions $ \mathbf{H} $ and $ \mathbf{G} $
Table 1.  Encryption and decryption algorithms for ${\sf FAST}$
Table 2.  A two-round Feistel construction required in Table 1
Table 3.  Computations of ${\sf {vecHorner}}$ and ${\sf {vecHash2L}}$. The string $ 1^n $ denotes the element of $ { \mathbb{F} } $ whose binary representation consists of the all-one string. Here $ \eta $ is a positive integer $ \geq 3 $ and $ \mathfrak{d}(\eta) $ denote the degree of $ {\sf {BRW}}_{\tau}(X_1, \ldots, X_\eta) $, where $ X_1, \ldots, X_\eta \in { \mathbb{F} } $
Table 4.  Game $ G_{{\sf {real}}} $
Table 5.  Game $ G_{{\sf {int}}} $
Table 6.  Game $ G_{{\sf {rnd}}} $
Table 7.  Comparison of different tweakable enciphering schemes according to computational efficiency. [BC] denotes the number of block cipher calls; [M] denotes the number of field multiplications; [D] denotes the number of doubling ('multiplication by $ \alpha $') operations;
type scheme [BC] [M] [D]
enc-mix-enc CMC [23] $ 2m+1 $
EME2$ ^* $ [20] $ 2m+1+m/n $ 2
AEZ [25] $ (5m+4)/2 $ $ \frac{m-2}{4} $
FMix [7] $ 2m+1 $
hash-enc-hash XCB [27] $ m+1 $ $ 2(m+3) $
HCTR [38] $ m $ $ 2(m+1) $
HCHfp [14] $ m+2 $ $ 2(m-1) $
TET [21] $ m+1 $ $ 2m $ $ 2(m-1) $
HEH-BRW[36] $ m+1 $ $ 2+2\lfloor(m-1)/2\rfloor $ $ 2(m-1) $
$ {\sf {TESX}} $ with BRW [37] $ m+1 $ $ 4+2\lfloor(m-1)/2\rfloor $ $ 2(m-1) $
$ {\sf {FAST}}[{\sf {Fx}}_m, {\sf Horner}] $ $ m+1 $ $ 2m+1 $
$ {\sf {FAST}}[{\sf {Fx}}_m, {\sf {BRW}}] $ $ m+1 $ $ 2+2\lfloor(m-1)/2\rfloor $
type scheme [BC] [M] [D]
enc-mix-enc CMC [23] $ 2m+1 $
EME2$ ^* $ [20] $ 2m+1+m/n $ 2
AEZ [25] $ (5m+4)/2 $ $ \frac{m-2}{4} $
FMix [7] $ 2m+1 $
hash-enc-hash XCB [27] $ m+1 $ $ 2(m+3) $
HCTR [38] $ m $ $ 2(m+1) $
HCHfp [14] $ m+2 $ $ 2(m-1) $
TET [21] $ m+1 $ $ 2m $ $ 2(m-1) $
HEH-BRW[36] $ m+1 $ $ 2+2\lfloor(m-1)/2\rfloor $ $ 2(m-1) $
$ {\sf {TESX}} $ with BRW [37] $ m+1 $ $ 4+2\lfloor(m-1)/2\rfloor $ $ 2(m-1) $
$ {\sf {FAST}}[{\sf {Fx}}_m, {\sf Horner}] $ $ m+1 $ $ 2m+1 $
$ {\sf {FAST}}[{\sf {Fx}}_m, {\sf {BRW}}] $ $ m+1 $ $ 2+2\lfloor(m-1)/2\rfloor $
Table 8.  Comparison of different tweakable enciphering schemes according to practical and implementation simplicity. [BCK] denotes the number of block cipher keys; and [HK] denotes the number of blocks in the hash key
type scheme [BCK] [HK] dec module parallel
enc-mix-enc CMC [23] 1 - reqd no
EME2$ ^* $ [20] 1 2 reqd yes
AEZ [25] 1 2 not reqd yes
FMix [7] 1 - not reqd no
hash-enc-hash XCB [27] 3 2 reqd yes
HCTR [38] 1 1 reqd yes
HCHfp [14] 1 1 reqd yes
TET [21] 2 3 reqd yes
HEH-BRW[36] 1 1 reqd yes
$ {\sf {TESX}} $ with BRW [37] 1 2 not reqd yes
$ {\sf {FAST}}[{\sf {Fx}}_m, {\sf Horner}] $ 1 - not reqd yes
$ {\sf {FAST}}[{\sf {Fx}}_m, {\sf {BRW}}] $ 1 - not reqd yes
Note: for both Tables 7 and 8, the block size is $n$ bits, the tweak is a single $n$-bit block and the number of blocks $m\geq 3$ in the message is fixed.
type scheme [BCK] [HK] dec module parallel
enc-mix-enc CMC [23] 1 - reqd no
EME2$ ^* $ [20] 1 2 reqd yes
AEZ [25] 1 2 not reqd yes
FMix [7] 1 - not reqd no
hash-enc-hash XCB [27] 3 2 reqd yes
HCTR [38] 1 1 reqd yes
HCHfp [14] 1 1 reqd yes
TET [21] 2 3 reqd yes
HEH-BRW[36] 1 1 reqd yes
$ {\sf {TESX}} $ with BRW [37] 1 2 not reqd yes
$ {\sf {FAST}}[{\sf {Fx}}_m, {\sf Horner}] $ 1 - not reqd yes
$ {\sf {FAST}}[{\sf {Fx}}_m, {\sf {BRW}}] $ 1 - not reqd yes
Note: for both Tables 7 and 8, the block size is $n$ bits, the tweak is a single $n$-bit block and the number of blocks $m\geq 3$ in the message is fixed.
Table 9.  Comparison of the cycles per byte measure of ${\sf {FAST}}$ with those of XCB, EME2 and AEZ in the setting of $ {\sf {Fx}}_{256} $
scheme Skylake Kabylake
XCB 1.92 1.85
EME2 2.07 1.99
AEZ 1.74 1.70
$ {\sf {FAST}}[{\sf {Fx}}_{256}, {\sf {Horner}}] $ 1.63 1.56
$ {\sf {FAST}}[{\sf {Fx}}_{256}, {\sf {BRW}}] $ 1.24 1.19
scheme Skylake Kabylake
XCB 1.92 1.85
EME2 2.07 1.99
AEZ 1.74 1.70
$ {\sf {FAST}}[{\sf {Fx}}_{256}, {\sf {Horner}}] $ 1.63 1.56
$ {\sf {FAST}}[{\sf {Fx}}_{256}, {\sf {BRW}}] $ 1.24 1.19
Table 10.  Report of cycles per byte measure for the setting of ${\sf {Gn}}$ for $ {\sf {FAST}}[{\sf {Gn}}, \mathfrak{k}, {\sf {vecHorner}}] $ and $ {\sf {FAST}}[{\sf {Gn}}, \mathfrak{k}, 31, {\sf {vecHash2L}}] $
Skylake Kabylake
msg len $ \mathfrak{k} $ $ {\sf {vecHorner}} $ $ {\sf {vecHash2L}} $ $ {\sf {vecHash2L}} $ $ {\sf {vecHorner}} $ $ {\sf {vecHash2L}} $ $ {\sf {vecHash2L}} $
(bytes) (delayed) (normal) (delayed) (normal)
2 1.51 1.38 1.59 1.42 1.32 1.56
512 3 1.40 1.38 1.39 1.32 1.31 1.35
4 1.34 1.37 1.36 1.26 1.31 1.33
2 1.53 1.34 1.48 1.42 1.27 1.42
1024 3 1.45 1.34 1.34 1.35 1.27 1.30
4 1.40 1.33 1.32 1.29 1.27 1.30
2 1.57 1.30 1.35 1.45 1.24 1.30
4096 3 1.54 1.29 1.31 1.43 1.24 1.27
4 1.51 1.29 1.30 1.40 1.24 1.26
2 1.57 1.27 1.32 1.45 1.22 1.27
8192 3 1.56 1.27 1.30 1.44 1.22 1.25
4 1.54 1.27 1.30 1.43 1.22 1.25
Skylake Kabylake
msg len $ \mathfrak{k} $ $ {\sf {vecHorner}} $ $ {\sf {vecHash2L}} $ $ {\sf {vecHash2L}} $ $ {\sf {vecHorner}} $ $ {\sf {vecHash2L}} $ $ {\sf {vecHash2L}} $
(bytes) (delayed) (normal) (delayed) (normal)
2 1.51 1.38 1.59 1.42 1.32 1.56
512 3 1.40 1.38 1.39 1.32 1.31 1.35
4 1.34 1.37 1.36 1.26 1.31 1.33
2 1.53 1.34 1.48 1.42 1.27 1.42
1024 3 1.45 1.34 1.34 1.35 1.27 1.30
4 1.40 1.33 1.32 1.29 1.27 1.30
2 1.57 1.30 1.35 1.45 1.24 1.30
4096 3 1.54 1.29 1.31 1.43 1.24 1.27
4 1.51 1.29 1.30 1.40 1.24 1.26
2 1.57 1.27 1.32 1.45 1.22 1.27
8192 3 1.56 1.27 1.30 1.44 1.22 1.25
4 1.54 1.27 1.30 1.43 1.22 1.25
[1]

Jonathan P. Desi, Evelyn Sander, Thomas Wanner. Complex transient patterns on the disk. Discrete & Continuous Dynamical Systems - A, 2006, 15 (4) : 1049-1078. doi: 10.3934/dcds.2006.15.1049

[2]

Angsuman Das, Avishek Adhikari, Kouichi Sakurai. Plaintext checkable encryption with designated checker. Advances in Mathematics of Communications, 2015, 9 (1) : 37-53. doi: 10.3934/amc.2015.9.37

[3]

Sujay Jayakar, Robert S. Strichartz. Average number of lattice points in a disk. Communications on Pure & Applied Analysis, 2016, 15 (1) : 1-8. doi: 10.3934/cpaa.2016.15.1

[4]

Donatella Donatelli, Bernard Ducomet, Šárka Nečasová. Low Mach number limit for a model of accretion disk. Discrete & Continuous Dynamical Systems - A, 2018, 38 (7) : 3239-3268. doi: 10.3934/dcds.2018141

[5]

Fei Gao. Data encryption algorithm for e-commerce platform based on blockchain technology. Discrete & Continuous Dynamical Systems - S, 2019, 12 (4&5) : 1457-1470. doi: 10.3934/dcdss.2019100

[6]

Aiwan Fan, Qiming Wang, Joyati Debnath. A high precision data encryption algorithm in wireless network mobile communication. Discrete & Continuous Dynamical Systems - S, 2019, 12 (4&5) : 1327-1340. doi: 10.3934/dcdss.2019091

[7]

Karan Khathuria, Joachim Rosenthal, Violetta Weger. Encryption scheme based on expanded Reed-Solomon codes. Advances in Mathematics of Communications, 2020  doi: 10.3934/amc.2020053

[8]

Michael Usher. Floer homology in disk bundles and symplectically twisted geodesic flows. Journal of Modern Dynamics, 2009, 3 (1) : 61-101. doi: 10.3934/jmd.2009.3.61

[9]

Jong-Shenq Guo, Hirokazu Ninomiya, Chin-Chin Wu. Existence of a rotating wave pattern in a disk for a wave front interaction model. Communications on Pure & Applied Analysis, 2013, 12 (2) : 1049-1063. doi: 10.3934/cpaa.2013.12.1049

[10]

Shin-Ichiro Ei, Masayasu Mimura, Tomoyuki Miyaji. Reflection of a self-propelling rigid disk from a boundary. Discrete & Continuous Dynamical Systems - S, 2019  doi: 10.3934/dcdss.2020229

[11]

Paolo Aluffi. Segre classes of monomial schemes. Electronic Research Announcements, 2013, 20: 55-70. doi: 10.3934/era.2013.20.55

[12]

Marx Chhay, Aziz Hamdouni. On the accuracy of invariant numerical schemes. Communications on Pure & Applied Analysis, 2011, 10 (2) : 761-783. doi: 10.3934/cpaa.2011.10.761

[13]

Benjamin Seibold, Rodolfo R. Rosales, Jean-Christophe Nave. Jet schemes for advection problems. Discrete & Continuous Dynamical Systems - B, 2012, 17 (4) : 1229-1259. doi: 10.3934/dcdsb.2012.17.1229

[14]

Eric Bedford, Serge Cantat, Kyounghee Kim. Pseudo-automorphisms with no invariant foliation. Journal of Modern Dynamics, 2014, 8 (2) : 221-250. doi: 10.3934/jmd.2014.8.221

[15]

Yang Lu, Jiguo Li. Forward-secure identity-based encryption with direct chosen-ciphertext security in the standard model. Advances in Mathematics of Communications, 2017, 11 (1) : 161-177. doi: 10.3934/amc.2017010

[16]

Yvo Desmedt, Niels Duif, Henk van Tilborg, Huaxiong Wang. Bounds and constructions for key distribution schemes. Advances in Mathematics of Communications, 2009, 3 (3) : 273-293. doi: 10.3934/amc.2009.3.273

[17]

Yakov Pesin, Samuel Senti. Equilibrium measures for maps with inducing schemes. Journal of Modern Dynamics, 2008, 2 (3) : 397-430. doi: 10.3934/jmd.2008.2.397

[18]

Claire david@lmm.jussieu.fr David, Pierre Sagaut. Theoretical optimization of finite difference schemes. Conference Publications, 2007, 2007 (Special) : 286-293. doi: 10.3934/proc.2007.2007.286

[19]

Tomoyuki Miyaji, Yoshio Tsutsumi. Steady-state mode interactions of radially symmetric modes for the Lugiato-Lefever equation on a disk. Communications on Pure & Applied Analysis, 2018, 17 (4) : 1633-1650. doi: 10.3934/cpaa.2018078

[20]

Yasuhito Miyamoto. Global bifurcation and stable two-phase separation for a phase field model in a disk. Discrete & Continuous Dynamical Systems - A, 2011, 30 (3) : 791-806. doi: 10.3934/dcds.2011.30.791

2019 Impact Factor: 0.734

Article outline

Figures and Tables

[Back to Top]