Scalable and Efficient Hardware Architectures for Authenticated Encryption in IoT Applications

Internet of Things (IoT) is a key enabling technology, wherein sensors are placed ubiquitously to collect and exchange information with their surrounding nodes. Due to the inherent interconnectivity, IoT devices are vulnerable to cybersecurity attacks. To mitigate these vulnerabilities, cryptographic primitives can be employed, but they require significant computation, which restricts their adoption in IoT. Moreover, IoT systems have diverse requirements, ranging from high-throughput (TP) to the area constrained. This makes it hard to deploy appropriate security measures in a systematic manner. To address these issues, three generic implementation strategies (unrolled, round-based, and serialized) are proposed for developing highly efficient hardware architectures. They are applicable to all authenticated encryption schemes and are lightweight and fast, compared to conventional public key encryption. In this article, Ascon is implemented as an example based on those three strategies: 1) the unrolled architecture achieves TP of 766.9 Mb/s (Ascon-128) and 1389.2 Mb/s (Ascon-128a), which are suitable for high-throughput IoT applications; 2) the round-based architecture achieves 0.153 (Ascon-128) and 0.244 (Ascon-128a) TP-to-area ratio, which are, respectively, 73.8% and 40.2% better than state-of-the-art results; and 3) a novel serialized implementation technique is proposed wherein the substitution-box (S-box) is processed in multiple-bit-per-cycle, in contrast to the conventional one-bit-per-cycle approach. The TP of the two-bits-per-clock-cycle implementation is increased by 230.8% with only 36.8% additional hardware area. The proposed strategies allow us to scale the number of rounds (round-based) and bits-per-clock-cycle (serialized) to meet differing requirements in TP and area which are demonstrated for smart city IoT applications.