Subhadeep Banik, Tatsuya Ishikawa, Takanori Isobe, Ryoma Ito, Kazuhiko Minematsu, Kazuma Nakata, Mostafizar Rahman, Kosei Sakamoto

Dialga: A Family of Low-Latency Tweakable Block Ciphers Using Multiple Linear Layers

Introduction

Dialga: a family of low-latency tweakable block ciphers using multiple linear layers. Discover Dialga, a family of low-latency tweakable block ciphers for 128/256-bit tweaks & 256-bit keys. Enhances security with multiple linear layers, significantly reducing hardware delay and area.

Abstract

In this paper, we propose Dialga, a family of low-latency tweakable block ciphers designed to support 128/256-bit tweaks and 256-bit keys. Dialga achieves significantly small latency by leveraging multiple novel strategies. These include the use of multiple linear layers with efficient cell permutations, which enhance security against differential and linear attacks with negligible hardware overhead. We also identify the optimal choice of S-boxes for these permutations using state-ofthe- art evaluation methods by SAT, enabling us to further reduce the delay of the round function. Besides, we design a reflection tweakey schedule that ensures strong security in the related-tweak setting and allows for encryption and decryption without delay overhead, reducing the circuit area. We conducted comprehensive hardware benchmarks involving Dialga and other primitives. As a result, Dialga achieves nearly half the delay of QARMAv2, while achieving approximately a 40% reduction in area, with the same claimed security.

Review

This paper introduces Dialga, a new family of low-latency tweakable block ciphers engineered to support 128/256-bit tweaks and 256-bit keys. The primary contribution lies in achieving exceptionally low latency, a critical feature for various high-performance cryptographic applications. The abstract highlights that Dialga significantly outperforms existing primitives like QARMAv2, claiming nearly half the delay and a substantial 40% reduction in area, all while maintaining the same security assurances. This strong comparative performance immediately positions Dialga as a highly promising candidate for efficient hardware implementations of tweakable block ciphers. The authors detail several innovative strategies employed to achieve Dialga's impressive performance metrics. Key among these is the utilization of multiple linear layers coupled with efficient cell permutations, which are stated to bolster security against common differential and linear attacks without incurring significant hardware overhead. Furthermore, the selection of S-boxes for these permutations was optimized using state-of-the-art SAT evaluation methods, directly contributing to a reduced round function delay. Another notable design choice is the reflection tweakey schedule, which is designed to provide robust security in related-tweak scenarios and facilitates seamless encryption and decryption without additional delay, further contributing to area efficiency. The comprehensive hardware benchmarks conducted by the authors lend strong credibility to their claims regarding Dialga's superior performance. The reported figures—halving the delay and achieving a 40% area reduction compared to QARMAv2 for equivalent security levels—are compelling. This work presents a significant advancement in the design of efficient tweakable block ciphers, offering a solution that could be highly impactful for hardware-constrained environments or applications where processing latency is paramount. The meticulous design approach, from S-box optimization to tweakey scheduling, suggests a well-engineered cryptographic primitive with considerable practical potential.

Full Text

Comments

You need to be logged in to post a comment.