Pyjamask: Block Cipher and Authenticated Encryption with Highly Efficient Masked Implementation

Pyjamask: Block Cipher and Authenticated Encryption with Highly Efficient Masked Implementation

This paper introduces Pyjamask, a new block cipher family and authenticated encryption proposal submitted to the NIST lightweight cryptography standardization process. Pyjamask targets side-channel resistance as one of its main goal. More precisely, it strongly minimizes the number of nonlinear gat...

Full description

Bibliographic Details
Main Authors: Dahmun Goudarzi, Jérémy Jean, Stefan Kölbl, Thomas Peyrin, Matthieu Rivain, Yu Sasaki, Siang Meng Sim
Format: Article
Language:English
Published: Ruhr-Universität Bochum 2020-06-01
Series:IACR Transactions on Symmetric Cryptology
Subjects:
Block Cipher
Authenticated Encryption
Fast Software Encryption
High-Order Masking
Lightweight Cryptography
Online Access:https://tosc.iacr.org/index.php/ToSC/article/view/8617
id doaj-9eed4702b5994a3fb5deaa4a5fee3fed
record_format Article
spelling doaj-9eed4702b5994a3fb5deaa4a5fee3fed2021-04-02T14:30:45ZengRuhr-Universität BochumIACR Transactions on Symmetric Cryptology2519-173X2020-06-012020S110.13154/tosc.v2020.iS1.31-59Pyjamask: Block Cipher and Authenticated Encryption with Highly Efficient Masked ImplementationDahmun Goudarzi0Jérémy Jean1Stefan Kölbl2Thomas Peyrin3Matthieu Rivain4Yu Sasaki5Siang Meng Sim6PQShield, Oxford, United KingdomAgence nationale de la sécurité des systèmes d’information (ANSSI), Paris, FranceIndependentSchool of Physical and Mathematical Sciences Nanyang Technological University, SingaporeCryptoExperts, Paris, FranceNTT Secure Platform Laboratories, Tokyo, JapanSchool of Physical and Mathematical Sciences Nanyang Technological University, Singapore This paper introduces Pyjamask, a new block cipher family and authenticated encryption proposal submitted to the NIST lightweight cryptography standardization process. Pyjamask targets side-channel resistance as one of its main goal. More precisely, it strongly minimizes the number of nonlinear gates used in its internal primitive in order to allow efficient masked implementations, especially for high-order masking in software. Compared to other block ciphers, our proposal has thus among the smallest number of binary AND computations per input bit at the time of writing. Even though Pyjamask minimizes such an important criterion, it remains rather lightweight and efficient, thanks to a general bitslice construction that enables to computation of all nonlinear gates in parallel. For authenticated encryption, we adopt the provably secure AEAD mode OCB which has been extensively studied and has the benefit to offer full parallelization. Of course, other block cipher-based modes can be considered as well if other performance profiles are to be targeted. The paper first gives the specification of the Pyjamask block cipher and the associated AEAD proposal. We also provide a detailed design rationale for the block cipher which is guided by our aim of software efficiency in the presence of high-order masking. The security of the design is analyzed against most commonly known cryptanalysis techniques. We finally describe efficient (masked) implementations in software and provide implementation results with aggressive performances for masking of very high orders (up to 128). We also provide a rough estimation of the hardware performances which remain much better than those of an AES round-based implementation. https://tosc.iacr.org/index.php/ToSC/article/view/8617Block CipherAuthenticated EncryptionFast Software EncryptionHigh-Order MaskingLightweight Cryptography
collection DOAJ
language English
format Article
sources DOAJ
author Dahmun Goudarzi
Jérémy Jean
Stefan Kölbl
Thomas Peyrin
Matthieu Rivain
Yu Sasaki
Siang Meng Sim
spellingShingle Dahmun Goudarzi
Jérémy Jean
Stefan Kölbl
Thomas Peyrin
Matthieu Rivain
Yu Sasaki
Siang Meng Sim
Pyjamask: Block Cipher and Authenticated Encryption with Highly Efficient Masked Implementation
IACR Transactions on Symmetric Cryptology
Block Cipher
Authenticated Encryption
Fast Software Encryption
High-Order Masking
Lightweight Cryptography
author_facet Dahmun Goudarzi
Jérémy Jean
Stefan Kölbl
Thomas Peyrin
Matthieu Rivain
Yu Sasaki
Siang Meng Sim
author_sort Dahmun Goudarzi
title Pyjamask: Block Cipher and Authenticated Encryption with Highly Efficient Masked Implementation
title_short Pyjamask: Block Cipher and Authenticated Encryption with Highly Efficient Masked Implementation
title_full Pyjamask: Block Cipher and Authenticated Encryption with Highly Efficient Masked Implementation
title_fullStr Pyjamask: Block Cipher and Authenticated Encryption with Highly Efficient Masked Implementation
title_full_unstemmed Pyjamask: Block Cipher and Authenticated Encryption with Highly Efficient Masked Implementation
title_sort pyjamask: block cipher and authenticated encryption with highly efficient masked implementation
publisher Ruhr-Universität Bochum
series IACR Transactions on Symmetric Cryptology
issn 2519-173X
publishDate 2020-06-01
description This paper introduces Pyjamask, a new block cipher family and authenticated encryption proposal submitted to the NIST lightweight cryptography standardization process. Pyjamask targets side-channel resistance as one of its main goal. More precisely, it strongly minimizes the number of nonlinear gates used in its internal primitive in order to allow efficient masked implementations, especially for high-order masking in software. Compared to other block ciphers, our proposal has thus among the smallest number of binary AND computations per input bit at the time of writing. Even though Pyjamask minimizes such an important criterion, it remains rather lightweight and efficient, thanks to a general bitslice construction that enables to computation of all nonlinear gates in parallel. For authenticated encryption, we adopt the provably secure AEAD mode OCB which has been extensively studied and has the benefit to offer full parallelization. Of course, other block cipher-based modes can be considered as well if other performance profiles are to be targeted. The paper first gives the specification of the Pyjamask block cipher and the associated AEAD proposal. We also provide a detailed design rationale for the block cipher which is guided by our aim of software efficiency in the presence of high-order masking. The security of the design is analyzed against most commonly known cryptanalysis techniques. We finally describe efficient (masked) implementations in software and provide implementation results with aggressive performances for masking of very high orders (up to 128). We also provide a rough estimation of the hardware performances which remain much better than those of an AES round-based implementation.
topic Block Cipher
Authenticated Encryption
Fast Software Encryption
High-Order Masking
Lightweight Cryptography
url https://tosc.iacr.org/index.php/ToSC/article/view/8617
work_keys_str_mv AT dahmungoudarzi pyjamaskblockcipherandauthenticatedencryptionwithhighlyefficientmaskedimplementation
AT jeremyjean pyjamaskblockcipherandauthenticatedencryptionwithhighlyefficientmaskedimplementation
AT stefankolbl pyjamaskblockcipherandauthenticatedencryptionwithhighlyefficientmaskedimplementation
AT thomaspeyrin pyjamaskblockcipherandauthenticatedencryptionwithhighlyefficientmaskedimplementation
AT matthieurivain pyjamaskblockcipherandauthenticatedencryptionwithhighlyefficientmaskedimplementation
AT yusasaki pyjamaskblockcipherandauthenticatedencryptionwithhighlyefficientmaskedimplementation
AT siangmengsim pyjamaskblockcipherandauthenticatedencryptionwithhighlyefficientmaskedimplementation
_version_ 1721562128272326656

Similar Items