Paper 2024/1474
Mystrium: Wide Block Encryption Efficient on Entry-Level Processors
Abstract
We present a tweakable wide block cipher called Mystrium and show it as the fastest such primitive on low-end processors that lack dedicated AES or other cryptographic instructions, such as ARM Cortex-A7. Mystrium is based on the provably secure double-decker mode, that requires a doubly extendable cryptographic keyed (deck) function and a universal hash function. We build a new deck function called Xymmer that for its compression part uses Multimixer-128, the fastest universal hash for such processors, and for its expansion part uses a newly designed permutation, $\mathcal{G}_{512}$. Deck functions can also be used in modes to build encryption, authenticated encryption, and authentication schemes, and hence, Xymmer is of independent interest. The current state-of-the-art wide tweakable block cipher Adiantum-XChaCha12-AES encrypts 4096-byte messages at 11.5 cycles per byte on ARM Cortex-A7, while for Mystrium it is 6.8 cycles per byte while having a higher claimed security.
Metadata
- Available format(s)
-
PDF
- Category
- Secret-key cryptography
- Publication info
- Published elsewhere. Minor revision. 14TH INTERNATIONAL CONFERENCE ON SECURITY AND CRYPTOGRAPHY FOR NETWORKS
- DOI
- 10.1007/978-3-031-71073-5_4
- Keywords
- tweakable wide block cipherdeck functionpermutation-based cryptographydisk encryption
- Contact author(s)
-
parisa amirieliasi @ ru nl
koustabh ghosh @ ru nl
joan daemen @ ru nl - History
- 2024-09-21: approved
- 2024-09-20: received
- See all versions
- Short URL
- https://ia.cr/2024/1474
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2024/1474,
author = {Parisa Amiri Eliasi and Koustabh Ghosh and Joan Daemen},
title = {Mystrium: Wide Block Encryption Efficient on Entry-Level Processors},
howpublished = {Cryptology {ePrint} Archive, Paper 2024/1474},
year = {2024},
doi = {10.1007/978-3-031-71073-5_4},
url = {https://eprint.iacr.org/2024/1474}
}