ForkAE is a lightweight authenticated encryption scheme optimized for processing of short messages. It is currently a 2nd round candidate in the NIST lightweight authenticated encryption standardization process. It is based on the well-analyzed lightweight SKINNY primitive.
| ForkAE achieves: |
| 1. Full n-bit AE security in PAEF and n/2-bit in SAEF modes, respectively. |
| 2. Excellent performance for small messages and ability to process arbitrary message lengths. New modes, such as rPAEF, show excellent performance for all messages lengths. |
| 3. Excellent throughput per area in HW and multiple trade-offs in speed-resource design space. |
| 4. Flexible variants: key size: variable block, nonce, tag sizes |
ForkAE is particularly efficient for IoT and similar lightweight applications, such as:
- Automotive systems: the new CAN FD standard has a payload of at most 64 bytes.
- Critical communication, massive IoT domains of 5G, Narrowband IoT (NB-IoT) systems. NB-IoT use cases, such as smart parking lots, use data of just a single bit, so a transport block size of 2 bytes fits the application.
- Low energy communication protocols as Bluetooth, SigFox, LoraWan and ZigBee allow for maximum data of 47, 12, 51-255, and 84 bytes, respectively.
- Medical implant devices, such as pacemakers, transmit messages of length at most 16 bytes. Advanced robotic prosthetics wirelessly transmit bursts of short messages with stringent latency requirements, as well as 1-byte temporal synchronization messages.
- Wireless aircraft tyre pressure monitoring systems usually transmit payloads of less than 10 bytes.
Details
| Synopsis | Lightweight authenticated encryption optimized for the processing of short messages |
| Designed by | Elena Andreeva, Virginie Lallemand, Antoon Purnal, Reza Reyhanitabar, Arnab Roy, Damian Vizár |
| Implements | A Lightweight Scheme Authenticated Encryption with Associated Data AEAD |
| Construction (Mode) | PAEF or SAEF |
| Primitive | ForkSkinny |
| Status | ForkAE is now in the 2nd round of the NIST lightweight symmetric cryptography standardization process |
Standard instances
| Mode | Instance Cipher-[block size]-[tweakey size] | Nonce [part of tweak] | Used for AE of |
| PAEF | ForkSkinny-64-192 | 48 | tiny messages |
| PAEF | ForkSkinny-128-192 | 48 | small messages |
| PAEF | ForkSkinny-128-256 | 112 | small messages |
| PAEF | ForkSkinny-128-288 | 104 | small messages |
| SAEF | ForkSkinny- 128-192 | 56 | small messages |
| SAEF | ForkSkinny- 256-256 | 120 | small messages |