We introduce the QARMAv2 family of tweakable block ciphers. It is a redesign of QARMA (from FSE 2017) to improve its security bounds and allow for longer tweaks, while keeping similar latency and area. The wider tweak input caters to both specific use cases and the design of modes of operation with higher security bounds. This is achieved through new key and tweak schedules, revised S-Box and linear layer choices, and a more comprehensive security analysis. QARMAv2 offers competitive latency and area in fully unrolled hardware implementations. Some of our results may be of independent interest. These include: new MILP models of certain classes of diffusion matrices; the comparative analysis of a full reflection cipher against an iterative half-cipher; our boomerang attack framework; and an improved approach to doubling the width of a block cipher.
Bibliographical noteFunding Information:
We express our gratitude to: Arm Limited, for generously funding this research and sponsoring cloud computing time and hardware; Gary Gorman for providing the implementation data on the TSMC 5nm process; Andreas Sandberg for many interesting conversations on cryptographic memory protection; Tim Beyne for a very useful discussion on nonlinear invariants of round functions; for assistance with PEIGEN; for painstakingly double checking our test vectors; and Gurobi Optimization, LLC, for generously providing research licenses of their MILP Solver. Last, but not least, we want to thank the reviewers and the shepherd for outstandingly fulfilling their duties.
© 2023, Ruhr-University of Bochum. All rights reserved.
- Lightweight Cryptography
- Memory Encryption
- Memory Integrity
- Message Authentication Codes
- Reflection Ciphers
- Tweakable Block Ciphers
ASJC Scopus subject areas
- Computer Science Applications
- Computational Mathematics
- Applied Mathematics