CBEAM: efficient authenticated encryption from feebly one-way \(\varphi \) functions. (English) Zbl 1337.94066

Benaloh, Josh (ed.), Topics in cryptology – CT-RSA 2014. The cryptographer’s track at the RSA conference 2014, San Francisco, CA, USA, February 25–28, 2014. Proceedings. Berlin: Springer (ISBN 978-3-319-04851-2/pbk). Lecture Notes in Computer Science 8366, 251-269 (2014).
Summary: We show how efficient and secure cryptographic mixing functions can be constructed from low-degree rotation-invariant \(\varphi \) functions rather than conventional S-Boxes. These novel functions have surprising properties; many exhibit inherent feeble (Boolean circuit) one-wayness and offer speed/area tradeoffs unobtainable with traditional constructs. Recent theoretical results indicate that even if the inverse is not explicitly computed in an implementation, its degree plays a fundamental role to the security of the iterated composition. To illustrate these properties, we present CBEAM, a Cryptographic Sponge Permutation based on a single \(5 \times 1\)-bit Boolean function. This simple nonlinear function is used to construct a 16-bit rotation-invariant \(\varphi \) function of Degree 4 (but with a very complex Degree 11 inverse), which in turn is expanded into an efficient 256-bit mixing function. In addition to flexible tradeoffs in hardware we show that efficient implementation strategies exist for software platforms ranging from low-end microcontrollers to the very latest x86-64 AVX2 instruction set. A rotational bit-sliced software implementation offers not only comparable speeds to AES but also increased security against cache side channel attacks. Our construction supports sponge-based authenticated encryption, hashing, and PRF/PRNG modes and is highly useful as a compact “all-in-one” primitive for pervasive security.
For the entire collection see [Zbl 1283.94001].


94A60 Cryptography
94A62 Authentication, digital signatures and secret sharing


CBEAM; Keccak
Full Text: DOI Link