Heavy Quark for secure AEAD

Lightweight primitives are generally limited to 80or 128-bit security, because lightweight applications seldom need more than this. However, non-lightweight platforms like multimedia systems-on-chip would also greatly benefit from a smaller hardware footprint, as it reduces development and integration costs, and leaves more circuit area to another component, or to add another functionality. Such systems sometimes need up to 256-bit security, for example to ensure a consistent security level across primitives. This paper thus breaks with the tradition and proposes a 256-bit authenticated encryption scheme with associated data (AEAD), based on the lightweight design Quark. We create a new Quark instance to use in a custom SpongeWrap mode, offering one-pass AEAD supporting arbitrary interleaving of encrypted and associated data, as well as a range of trade-offs between security and usage limit. More than a new primitive, this work provides insights on the scalability of lightweight designs to higher security levels: our new design c-Quark has internal state of 384 bits, and allows the implementation of 256-bit AEAD with in the order of 4000 GE.