Ultra-Low Latency Cryptography Areion

Ultra-Low Latency Cryptography Areion GMO Cybersecurity by Ierae, Inc.

yumi.sakemi@gmo-cybersecurity.com

GMO Cybersecurity by Ierae, Inc.

satoru.kanno@gmo-cybersecurity.com

Low Latency, AES instruction, Authenticated encryption This document specifies a series of cryptographic wide-block permutations named "Areion" for efficient encryption and hashing of relatively short input data. Additionally, it describes AEAD scheme constructed from Areion.

Introduction The recent evolution of communication technologies demands cryptographic primitives that can offer both robust security and high efficiency. Wide-block ciphers, which operate on larger block sizes than traditional block ciphers, have gained attention as a promising solution to address the limitations of 128-bit block sizes, such as those in AES-GCM. Notably, concerns regarding the limitations of 128-bit block sizes have been raised in public comments on NIST SP800-38A. Areion is a novel cryptographic primitive designed to meet these requirements, offering a wide-block permutation suitable for various cryptographic constructions. Areion's design is deeply influenced by the AES instructions and the Single Instruction, Multiple Data (SIMD) paradigm. The AES-NI instruction set, which is a part of modern CPUs, provides hardware support for AES operations. This hardware acceleration is crucial for Areion, enabling it to achieve low-latency operations. In this document, we specify a detailed specification of permutation on Areion. Note: While Areion can be applied for hashing, this document focuses on its encryption capabilities. Hashing functions using Areion are outside of scope in this document.

Conventions Used in This Document The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP14 when, and only when, they appear in all capitals, as shown here.

Design of Areion Permutation The Areion permutation algorithm is designed to provide a robust foundation for cryptographic constructions. This section provides a detailed specification of the Areion permutation algorithm for both Areion-256 and Areion-512.

Notations

SB:: SubBytes
SR:: ShiftRows
MC:: MixColumns
AC:: AddRoundConstant operations of the AES round function. AC is analogous to the AddRoundKey operation in AES, but instead of a round key, a constant is added.
^:: Bitwise XOR operation
◦:: Function composition, where the function on the right is applied first

Functions Based on the operations in the AES round function, we define four functions F_i for i in {0, 1, 2, 3} as follows.

F_0 = MC ◦ SR ◦ SB
F_1 = SR ◦ SB
F_2 = MC ◦ SR ◦ SB ◦ AC ◦ MC ◦ SR ◦ SB
F_3 = MC ◦ SR ◦ SB ◦ AC ◦ SR ◦ SB

Areion-256 Permutation

Input:: A 256-bit block divided into two 128-bit halves: L and R

Procedures:

Output:: Concatenation of L and R

Areion-512 Permutation

Input:: A 512-bit block divided into four 128-bit quarters: A, B, C, and D.

Procedures:

Output:: Concatenation of A, B, C, and D.

Permutation-based AEAD schemes by Areion The Areion can be constructed as AEADs by combining it with various permutation-based AEAD. In this document, we describe an Areion-OPP as concrete example in

IANA Considerations This document has no IANA actions.

Security Considerations For security considerations of Areion, this document refers to Section 5 of .

Acknowledgements These research results were obtained from the commissioned research(No.05801) by National Institute of Information and Communications Technology (NICT) , Japan. The authors would like to thank Takanori Isobe, Ryoma Ito, Fukang Liu, Kazuhiko Minematsu, Motoki Nakahashi, Kosei Sakamoto, and Rentaro Shiba for their academic insights and advice as a design team on Areion.

References Normative References Key words for use in RFCs to Indicate Requirement Levels In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements. Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words RFC 2119 specifies common key words that may be used in protocol specifications. This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the defined special meanings. Areion: Highly-Efficient Permutations and Its Applications (Extended Version) University of Hyogo National Institute of Information and Communications Technology University of Hyogo NEC University of Hyogo University of Hyogo Mitsubishi Electric Corporation Informative References Recommendation for Block Cipher Modes of Operation: Methods and Techniques National Institute of Standards and Technology PUBLIC COMMENTS ON SP 800-38A, Recommendation for Block Cipher Modes of Operation: Methods and Techniques and SP 800-38A Addendum, Three Variants of Ciphertext Stealing for CBC Mode National Institute of Standards and Technology

Permutation-based authenticated encryption modes, OPP In this section, we describe the algorithm for Areion-OPP. For details, see . Note: We plan to describe our Internet Draft based on Section 4.2.2 of . (TBD)

Example Implementation (TBD)

Test Cases & Test Vectors (TBD)