The project technical activities have been carried out in three phases (each corresponding to a planned work package), followed by a final phase for dissemination and exploitation of the results.
In Phase 1 (WP1) of the project we made requirement analysis for practical systems employing AE algorithms. Our focus was on requirement analysis for an emerging class of practical application for AE schemes in use cases that require high-performance lightweight AE algorithms for short messages. The selection of this special problem was motivated by its high practical impact on several industrial use cases, such as secure in-vehicle communication over the CAN FD bus in automotive systems, massive IoT, critical communication in 5G, and Narrowband IoT (NB-IoT) applications. In these usage scenarios the messages to be securely communicated are very short, e.g. in the range of one byte to a few hundred bytes. Our analysis revealed the need for new security models and new design paradigms for constructing AE algorithms that can achieve high performance in these use cases that require secure processing and communication of very short messages.
In Phase 2 (WP2) we investigated different approaches towards defining new security models and design paradigms for lightweight and high performance AE schemes to fulfil the requirements of analyzed use cases for short messages as raised by our analysis in previous phase. We devised a new kind of low-level primitive—calling it a tweakable forkcipher—that does yield the most efficient AE design for short messages. We formally defined the syntax and security notions of forkciphers, by putting forth the notion of a pseudorandom tweakable forked permutation. We showed the feasibility of efficiently instantiating a forkcipher by a design called ForkAES.
In Phase 3 (WP3), based on our new primitive—tweakable forkciphers—we designed three provably secure AE modes of operation, all suitable for short messages, but having some different features. Our three new designs, called PAEF, SAEF and fGCM, are efficiently implemented when instantiated with ForkAES. The ForkAES-based instances of our schemes were compared to standard general-purpose AEAD schemes and the results show that our schemes beat all the existing blockcipher-based AEAD modes when instantiated with AES, for the shortest queries.
Finally, we carried out several activities towards dissemination, communication and exploitation of the results. Based on the results obtained in previous phases, we have published a paper that contain all technical details. Our paper is made available at Cryptology ePrint Archive: Report 2018/916, which is an open access online repository of cryptologic research. The paper is also submitted to IACR Eurocrpt 2019 for peer review. In addition to the publication of the results as a paper, we have been presenting the results to European companies and standardization consortiums that are potentially interested in implementation and exploitation of the results in real-world products (e.g. Elektrobit Automotive GmbH, Continental AG, and AUTOSAR standardization consortium) where the researcher has been working as a senior security expert since conclusion of his MSCA fellowship/project in KU Leuven.
