Best interleave size of GIFT-128 on 64-bit ARM processor

Best interleave size of GIFT-128 on 64-bit ARM processor

연구 분야: Cryptography

학회: Journal of Cryptographic Engineering

is a lightweight block cipher published in CHES 2017 and is known to have optimal structure for efficient hardware implementations. On the other hand, the software implementation of is known to be complex due to the bit permutation of the permutation layer. In software implementation, an efficient bitslice implementation on 32-bit ARM processor can be achieved by using the Fixslicing representation published in CHES 2020, but it is difficult to achieve similar efficiency on a 64-bit ARM processor. For an efficient implementation on 64-bit processors, we encrypt two blocks in parallel, called double-block encryption, but the efficiency depends on the interleave size because of the permutation layer. In this paper, we theoretically analyze how the interleave size of two blocks affects operations of permutation layer in on 64-bit ARM processor. Considering the characteristics of the permutation layer, we identify six possible interleave sizes that can be efficient. We then implement all the cases and compare their performance. The best case provides 12% of improvement compared to the worst case. Noticeably, the implementation also shows that the speed of the proposed best case is twice as fast as single-block encryption on 64-bit ARM processor. As far as we know, this is the first implementation of on 64-bit ARM processor and the proposed idea can be easily extended to typical 64-bit CPUs.