The QARMAv2 Family of Tweakable Block Ciphers

Roberto Avanzi; Subhadeep Banik; Orr Dunkelman; Maria Eichlseder; Shibam Ghosh; Marcel Nageler; Francesco Regazzoni

doi:10.46586/tosc.v2023.i3.25-73

The QARMAv2 Family of Tweakable Block Ciphers

Roberto Avanzi, Subhadeep Banik, Orr Dunkelman, Maria Eichlseder, Shibam Ghosh, Marcel Nageler, Francesco Regazzoni

Research output: Contribution to journal › Article › peer-review

Abstract

We introduce the QARMAv2 family of tweakable block ciphers. It is a redesign of QARMA (from FSE 2017) to improve its security bounds and allow for longer tweaks, while keeping similar latency and area. The wider tweak input caters to both specific use cases and the design of modes of operation with higher security bounds. This is achieved through new key and tweak schedules, revised S-Box and linear layer choices, and a more comprehensive security analysis. QARMAv2 offers competitive latency and area in fully unrolled hardware implementations. Some of our results may be of independent interest. These include: new MILP models of certain classes of diffusion matrices; the comparative analysis of a full reflection cipher against an iterative half-cipher; our boomerang attack framework; and an improved approach to doubling the width of a block cipher.

Original language	English
Pages (from-to)	25-73
Number of pages	49
Journal	IACR Transactions on Symmetric Cryptology
Volume	2023
Issue number	3
DOIs	https://doi.org/10.46586/tosc.v2023.i3.25-73
State	Published - 19 Sep 2023

Bibliographical note

Funding Information:
We express our gratitude to: Arm Limited, for generously funding this research and sponsoring cloud computing time and hardware; Gary Gorman for providing the implementation data on the TSMC 5nm process; Andreas Sandberg for many interesting conversations on cryptographic memory protection; Tim Beyne for a very useful discussion on nonlinear invariants of round functions; for assistance with PEIGEN; for painstakingly double checking our test vectors; and Gurobi Optimization, LLC, for generously providing research licenses of their MILP Solver. Last, but not least, we want to thank the reviewers and the shepherd for outstandingly fulfilling their duties.

Publisher Copyright:
© 2023, Ruhr-University of Bochum. All rights reserved.

Keywords

Lightweight Cryptography
Memory Encryption
Memory Integrity
Message Authentication Codes
Reflection Ciphers
Tweakable Block Ciphers

ASJC Scopus subject areas

Software
Computer Science Applications
Computational Mathematics
Applied Mathematics

Access to Document

10.46586/tosc.v2023.i3.25-73

Cite this

@article{fad09bf2b363473398ca526cbb854b0d,

title = "The QARMAv2 Family of Tweakable Block Ciphers",

abstract = "We introduce the QARMAv2 family of tweakable block ciphers. It is a redesign of QARMA (from FSE 2017) to improve its security bounds and allow for longer tweaks, while keeping similar latency and area. The wider tweak input caters to both specific use cases and the design of modes of operation with higher security bounds. This is achieved through new key and tweak schedules, revised S-Box and linear layer choices, and a more comprehensive security analysis. QARMAv2 offers competitive latency and area in fully unrolled hardware implementations. Some of our results may be of independent interest. These include: new MILP models of certain classes of diffusion matrices; the comparative analysis of a full reflection cipher against an iterative half-cipher; our boomerang attack framework; and an improved approach to doubling the width of a block cipher.",

keywords = "Lightweight Cryptography, Memory Encryption, Memory Integrity, Message Authentication Codes, Reflection Ciphers, Tweakable Block Ciphers",

author = "Roberto Avanzi and Subhadeep Banik and Orr Dunkelman and Maria Eichlseder and Shibam Ghosh and Marcel Nageler and Francesco Regazzoni",

note = "Funding Information: We express our gratitude to: Arm Limited, for generously funding this research and sponsoring cloud computing time and hardware; Gary Gorman for providing the implementation data on the TSMC 5nm process; Andreas Sandberg for many interesting conversations on cryptographic memory protection; Tim Beyne for a very useful discussion on nonlinear invariants of round functions; for assistance with PEIGEN; for painstakingly double checking our test vectors; and Gurobi Optimization, LLC, for generously providing research licenses of their MILP Solver. Last, but not least, we want to thank the reviewers and the shepherd for outstandingly fulfilling their duties. Publisher Copyright: {\textcopyright} 2023, Ruhr-University of Bochum. All rights reserved.",

year = "2023",

month = sep,

day = "19",

doi = "10.46586/tosc.v2023.i3.25-73",

language = "English",

volume = "2023",

pages = "25--73",

journal = "IACR Transactions on Symmetric Cryptology",

issn = "2519-173X",

publisher = "Ruhr-Universitat Bochum",

number = "3",

}

TY - JOUR

T1 - The QARMAv2 Family of Tweakable Block Ciphers

AU - Avanzi, Roberto

AU - Banik, Subhadeep

AU - Dunkelman, Orr

AU - Eichlseder, Maria

AU - Ghosh, Shibam

AU - Nageler, Marcel

AU - Regazzoni, Francesco

N1 - Funding Information: We express our gratitude to: Arm Limited, for generously funding this research and sponsoring cloud computing time and hardware; Gary Gorman for providing the implementation data on the TSMC 5nm process; Andreas Sandberg for many interesting conversations on cryptographic memory protection; Tim Beyne for a very useful discussion on nonlinear invariants of round functions; for assistance with PEIGEN; for painstakingly double checking our test vectors; and Gurobi Optimization, LLC, for generously providing research licenses of their MILP Solver. Last, but not least, we want to thank the reviewers and the shepherd for outstandingly fulfilling their duties. Publisher Copyright: © 2023, Ruhr-University of Bochum. All rights reserved.

PY - 2023/9/19

Y1 - 2023/9/19

N2 - We introduce the QARMAv2 family of tweakable block ciphers. It is a redesign of QARMA (from FSE 2017) to improve its security bounds and allow for longer tweaks, while keeping similar latency and area. The wider tweak input caters to both specific use cases and the design of modes of operation with higher security bounds. This is achieved through new key and tweak schedules, revised S-Box and linear layer choices, and a more comprehensive security analysis. QARMAv2 offers competitive latency and area in fully unrolled hardware implementations. Some of our results may be of independent interest. These include: new MILP models of certain classes of diffusion matrices; the comparative analysis of a full reflection cipher against an iterative half-cipher; our boomerang attack framework; and an improved approach to doubling the width of a block cipher.

AB - We introduce the QARMAv2 family of tweakable block ciphers. It is a redesign of QARMA (from FSE 2017) to improve its security bounds and allow for longer tweaks, while keeping similar latency and area. The wider tweak input caters to both specific use cases and the design of modes of operation with higher security bounds. This is achieved through new key and tweak schedules, revised S-Box and linear layer choices, and a more comprehensive security analysis. QARMAv2 offers competitive latency and area in fully unrolled hardware implementations. Some of our results may be of independent interest. These include: new MILP models of certain classes of diffusion matrices; the comparative analysis of a full reflection cipher against an iterative half-cipher; our boomerang attack framework; and an improved approach to doubling the width of a block cipher.

KW - Lightweight Cryptography

KW - Memory Encryption

KW - Memory Integrity

KW - Message Authentication Codes

KW - Reflection Ciphers

KW - Tweakable Block Ciphers

UR - http://www.scopus.com/inward/record.url?scp=85172468176&partnerID=8YFLogxK

U2 - 10.46586/tosc.v2023.i3.25-73

DO - 10.46586/tosc.v2023.i3.25-73

M3 - Article

AN - SCOPUS:85172468176

SN - 2519-173X

VL - 2023

SP - 25

EP - 73

JO - IACR Transactions on Symmetric Cryptology

JF - IACR Transactions on Symmetric Cryptology

IS - 3

ER -

The QARMAv2 Family of Tweakable Block Ciphers

Abstract

Bibliographical note

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this