Adiantum: length-preserving encryption for entry-level processors
Abstract
We present HBSH, a simple construction for tweakable length-preserving encryption which
supports the fastest options for hashing and stream encryption for processors
without AES or other crypto instructions, with a provable
quadratic advantage bound. Our composition Adiantum uses NH, Poly1305, XChaCha12,
and a single AES invocation. On an ARM Cortex-A7 processor, Adiantum decrypts
4096-byte messages at 10.6 cycles per byte, over five times faster than
AES-256-XTS, with a constant-time implementation. We also define HPolyC which is
simpler and has excellent key agility at 13.6 cycles per byte.
supports the fastest options for hashing and stream encryption for processors
without AES or other crypto instructions, with a provable
quadratic advantage bound. Our composition Adiantum uses NH, Poly1305, XChaCha12,
and a single AES invocation. On an ARM Cortex-A7 processor, Adiantum decrypts
4096-byte messages at 10.6 cycles per byte, over five times faster than
AES-256-XTS, with a constant-time implementation. We also define HPolyC which is
simpler and has excellent key agility at 13.6 cycles per byte.
Research Areas
