Adiantum: length-preserving encryption for entry-level processors
DOI:
https://doi.org/10.13154/tosc.v2018.i4.39-61Keywords:
super-pseudorandom permutation, variable input length, tweakable, encryption, disk encryptionAbstract
We present HBSH, a simple construction for tweakable length-preserving encryption which supports the fastest options for hashing and stream encryption for processors without AES or other crypto instructions, with a provable quadratic advantage bound. Our composition Adiantum uses NH, Poly1305, XChaCha12, and a single AES invocation. On an ARM Cortex-A7 processor, Adiantum decrypts 4096-byte messages at 10.6 cycles per byte, over five times faster than AES-256-XTS, with a constant-time implementation. We also define HPolyC which is simpler and has excellent key agility at 13.6 cycles per byte.
Published
Issue
Section
License
Copyright (c) 2018 Paul Crowley, Eric Biggers
This work is licensed under a Creative Commons Attribution 4.0 International License.