Adiantum: length-preserving encryption for entry-level processors

Authors

  • Paul Crowley Google LLC, Mountain View, USA
  • Eric Biggers Google LLC, Mountain View, USA

DOI:

https://doi.org/10.13154/tosc.v2018.i4.39-61

Keywords:

super-pseudorandom permutation, variable input length, tweakable, encryption, disk encryption

Abstract

We present HBSH, a simple construction for tweakable length-preserving encryption which supports the fastest options for hashing and stream encryption for processors without AES or other crypto instructions, with a provable quadratic advantage bound. Our composition Adiantum uses NH, Poly1305, XChaCha12, and a single AES invocation. On an ARM Cortex-A7 processor, Adiantum decrypts 4096-byte messages at 10.6 cycles per byte, over five times faster than AES-256-XTS, with a constant-time implementation. We also define HPolyC which is simpler and has excellent key agility at 13.6 cycles per byte.

Downloads

Published

2018-12-13

How to Cite

Crowley, P., & Biggers, E. (2018). Adiantum: length-preserving encryption for entry-level processors. IACR Transactions on Symmetric Cryptology, 2018(4), 39–61. https://doi.org/10.13154/tosc.v2018.i4.39-61

Issue

Volume 2018, Issue 4

Section

Articles

License

Copyright (c) 2018 Paul Crowley, Eric Biggers

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.