The Hardware Performance of Authenticated Encryption Modes

Authenticated encryption has long been a vital operation in cryptography by its ability to provide confidentiality, integrity and authenticity at the same time. Its use has progressed in parallel with the worldwide use of Internet Protocol (IP), which has led to development of several new schemes as well as improved versions of existing ones. There have already been studies investigating software performance of various schemes. However, performance of authenticated encryption schemes on hardware has been left as an open question. We study the comprehensive evaluation of hardware performance of the most commonly used authenticated encryption modes CCM, GCM, OCB3 and EAX. These modes are block cipher based with additional authentication data (AAD). In order to make our evaluation fair, we have implemented each scheme with AES block cipher algorithm. In our evaluation, we targeted ASIC platforms and used 45 nm generic NANGATE Open Cell Library for syntheses. In each design, we have targeted minimizing the time-area product while maximizing the throughput. In the results, area, speed, time-area product, throughput, and power figures are presented for each scheme. Finally, we provide an unbiased discussion on the impact of the structure and complexity of each scheme on hardware implementation, together with recommendations on hardware-friendly authenticated encryption scheme design.