Internet DRAFT - draft-sakemi-areion
draft-sakemi-areion
Network Working Group Y. Sakemi, Ed.
Internet-Draft S. Kanno
Intended status: Informational GMO Cybersecurity by Ierae, Inc.
Expires: 25 April 2024 23 October 2023
Ultra-Low Latency Cryptography Areion
draft-sakemi-areion-00
Abstract
This document specifies a series of cryptographic wide-block
permutations named "Areion"[Areion] for efficient encryption and
hashing of relatively short input data. Additionally, it describes
AEAD scheme constructed from Areion.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on 25 April 2024.
Copyright Notice
Copyright (c) 2023 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents (https://trustee.ietf.org/
license-info) in effect on the date of publication of this document.
Please review these documents carefully, as they describe your rights
and restrictions with respect to this document. Code Components
extracted from this document must include Revised BSD License text as
described in Section 4.e of the Trust Legal Provisions and are
provided without warranty as described in the Revised BSD License.
Sakemi & Kanno Expires 25 April 2024 [Page 1]
Internet-Draft Areion October 2023
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
1.1. Conventions Used in This Document . . . . . . . . . . . . 3
2. Design of Areion Permutation . . . . . . . . . . . . . . . . 3
2.1. Notations . . . . . . . . . . . . . . . . . . . . . . . . 3
2.2. Functions . . . . . . . . . . . . . . . . . . . . . . . . 3
2.3. Areion-256 Permutation . . . . . . . . . . . . . . . . . 4
2.4. Areion-512 Permutation . . . . . . . . . . . . . . . . . 4
3. Permutation-based AEAD schemes by Areion . . . . . . . . . . 4
4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 4
5. Security Considerations . . . . . . . . . . . . . . . . . . . 4
6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 5
7. References . . . . . . . . . . . . . . . . . . . . . . . . . 5
7.1. Normative References . . . . . . . . . . . . . . . . . . 5
7.2. Informative References . . . . . . . . . . . . . . . . . 5
Appendix A. Permutation-based authenticated encryption modes,
OPP . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Appendix B. Example Implementation . . . . . . . . . . . . . . . 6
Appendix C. Test Cases & Test Vectors . . . . . . . . . . . . . 6
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 6
1. Introduction
The recent evolution of communication technologies demands
cryptographic primitives that can offer both robust security and high
efficiency. Wide-block ciphers, which operate on larger block sizes
than traditional block ciphers, have gained attention as a promising
solution to address the limitations of 128-bit block sizes, such as
those in AES-GCM. Notably, concerns regarding the limitations of
128-bit block sizes have been raised in public
comments[PublicCommentOnSP800-38A] on NIST SP800-38A[SP800-38A].
Areion is a novel cryptographic primitive designed to meet these
requirements, offering a wide-block permutation suitable for various
cryptographic constructions.
Areion's design is deeply influenced by the AES instructions and the
Single Instruction, Multiple Data (SIMD) paradigm. The AES-NI
instruction set, which is a part of modern CPUs, provides hardware
support for AES operations. This hardware acceleration is crucial
for Areion, enabling it to achieve low-latency operations.
In this document, we specify a detailed specification of permutation
on Areion.
Sakemi & Kanno Expires 25 April 2024 [Page 2]
Internet-Draft Areion October 2023
Note: While Areion can be applied for hashing, this document focuses
on its encryption capabilities. Hashing functions using Areion are
outside of scope in this document.
1.1. Conventions Used in This Document
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in
BCP14 [RFC2119] [RFC8174] when, and only when, they appear in all
capitals, as shown here.
2. Design of Areion Permutation
The Areion permutation algorithm is designed to provide a robust
foundation for cryptographic constructions. This section provides a
detailed specification of the Areion permutation algorithm for both
Areion-256 and Areion-512.
2.1. Notations
SB: SubBytes
SR: ShiftRows
MC: MixColumns
AC: AddRoundConstant operations of the AES round function. AC is
analogous to the AddRoundKey operation in AES, but instead of a
round key, a constant is added.
^: Bitwise XOR operation
◦: Function composition, where the function on the right is applied
first
2.2. Functions
Based on the operations in the AES round function, we define four
functions F_i for i in {0, 1, 2, 3} as follows.
* F_0 = MC ◦ SR ◦ SB
* F_1 = SR ◦ SB
* F_2 = MC ◦ SR ◦ SB ◦ AC ◦ MC ◦ SR ◦ SB
* F_3 = MC ◦ SR ◦ SB ◦ AC ◦ SR ◦ SB
Sakemi & Kanno Expires 25 April 2024 [Page 3]
Internet-Draft Areion October 2023
2.3. Areion-256 Permutation
Input: A 256-bit block divided into two 128-bit halves: L and R
Procedures:
For each round r from 1 to 10
a. L' = L ^ F_0(R)
b. R' = R ^ F_1(L ^ F_0(R))
c. Update L = L' and R = R'
Output: Concatenation of L and R
2.4. Areion-512 Permutation
Input: A 512-bit block divided into four 128-bit quarters: A, B, C,
and D.
Procedures:
For each round r from 1 to 15:
a. A' = A ^ F_2(D)
b. B' = B ^ F_3(C ^ F_2(D))
c. C' = C ^ F_0(B ^ F_3(C ^ F_2(D)))
d. D' = D ^ F_1(A ^ F_0(B ^ F_3(C ^ F_2(D))))
e. Update A = A', B = B', C = C', and D = D'
Output: Concatenation of A, B, C, and D.
3. Permutation-based AEAD schemes by Areion
The Areion can be constructed as AEADs by combining it with various
permutation-based AEAD. In this document, we describe an Areion-OPP
as concrete example in Appendix A
4. IANA Considerations
This document has no IANA actions.
5. Security Considerations
For security considerations of Areion, this document refers to
Section 5 of [Areion].
Sakemi & Kanno Expires 25 April 2024 [Page 4]
Internet-Draft Areion October 2023
6. Acknowledgements
These research results were obtained from the commissioned
research(No.05801) by National Institute of Information and
Communications Technology (NICT) , Japan.
The authors would like to thank Takanori Isobe, Ryoma Ito, Fukang
Liu, Kazuhiko Minematsu, Motoki Nakahashi, Kosei Sakamoto, and
Rentaro Shiba for their academic insights and advice as a design team
on Areion.
7. References
7.1. Normative References
[Areion] Isobe, T., Ito, R., Liu, F., Minematsu, K., Nakahashi, M.,
Sakamoto, K., and R. Shiba, "Areion: Highly-Efficient
Permutations and Its Applications (Extended Version)",
2023, <https://eprint.iacr.org/2023/794.pdf>.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>.
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
May 2017, <https://www.rfc-editor.org/info/rfc8174>.
7.2. Informative References
[PublicCommentOnSP800-38A]
National Institute of Standards and Technology, "PUBLIC
COMMENTS ON SP 800-38A, Recommendation for Block Cipher
Modes of Operation: Methods and Techniques and SP 800-38A
Addendum, Three Variants of Ciphertext Stealing for CBC
Mode", 2021, <https://csrc.nist.gov/csrc/media/Projects/
crypto-publication-review-project/documents/initial-
comments/sp800-38a-initial-public-comments-2021.pdf>.
[SP800-38A]
Dworkin, M., "Recommendation for Block Cipher Modes of
Operation: Methods and Techniques", 2001,
<https://doi.org/10.6028/NIST.SP.800-38A>.
Sakemi & Kanno Expires 25 April 2024 [Page 5]
Internet-Draft Areion October 2023
Appendix A. Permutation-based authenticated encryption modes, OPP
In this section, we describe the algorithm for Areion-OPP. For
details, see [Areion]. Note: We plan to describe our Internet Draft
based on Section 4.2.2 of [Areion].
(TBD)
Appendix B. Example Implementation
(TBD)
Appendix C. Test Cases & Test Vectors
(TBD)
Authors' Addresses
Yumi Sakemi (editor)
GMO Cybersecurity by Ierae, Inc.
Email: yumi.sakemi@gmo-cybersecurity.com
Satoru Kanno
GMO Cybersecurity by Ierae, Inc.
Email: satoru.kanno@gmo-cybersecurity.com
Sakemi & Kanno Expires 25 April 2024 [Page 6]