FAN: A Lightweight Authenticated Cryptographic Algorithm

The wide application of the low-end embedded devices has largely stimulated the development of lightweight ciphers. In this paper, we propose a new lightweight authenticated encryption with additional data (AEAD) algorithm, named as Fan, which is based on a first non-Grain-like small-state stream cipher that adopts a novel block-wise structure, inspired by the 4-blade daily electric fan. It takes a 128-bit key, a 64-bit initial vector (IV), and a 192-bit state, promising 128-bit security and up to 72-bit authentication tag with the IV-respecting restriction. It consists of a nonlinear spindle, four linear blades and an accumulator, and updates by constant mutual feedbacks between the linear and nonlinear parts, which rapidly provides highly confused level by parallel diffusing the fastest-changing state of spindle. The key is used both in the initialization and generation phases as part of input and state respectively, making Fan suitable for resource-constrained scenarios with internal state diminishment but no security loss. A thorough security evaluation of the entire AEAD mode is provided, which shows that Fan can achieve enough security margin against known attacks. Furthermore, Fan can be implemented efficiently not only in hardware environments but also in software platforms, whose operations are carefully chosen for bit-slice technique, especially the S-box is newly designed efficiently implemented by logic circuit. The hardware implementation requires about 2327 GE on 90 nm technology with a throughput of 9.6 Gbps. The software implementation runs about 8.0 cycle/byte.