March 17, 2023

Authenticated encryption provides two features which are data confidentiality and tamper detection. In an era when various types of information and objects are connected to networks, it is said that the demand for not only safety but also lightweight features is increasing. We spoke with Research Fellow Kazuhiko Minematsu about the leading edge of "lightweight authenticated encryption" which NEC also continues to research.

Lightweight authenticated encryption is also needed together with device miniaturization

― Why is lightweight authenticated encryption currently attracting attention?

With the progress of IoT, it has become necessary in recent years to make the hardware size and memory as small as possible. I believe that it is common-knowledge that the need to sense real world information and connect to a network is rapidly expanding in a broad range of areas such as agriculture and automobiles.

NIST actually hosted a competition to establish the standard for lightweight authenticated encryption to take advantage of this trend. In fact, no authenticated encryption cryptographic standard with support for the reality of miniaturization and lightweight performance existed until now. The competition resulted in the selection in February 2023 of an encryption method called "ASCON" which was developed at a team of European universities and industries and is expected to further accelerate the operation and implementation of lightweight authenticated encryption.


― What can you tell us about the "ASCON" lightweight authenticated encryption chosen by the recent competition?

It is a form of authenticated encryption which is based on a primitive called "cryptographic permutation" that is trending recently in the pursuit of lightweight processing. In the recent competition, the two methods developed by NEC called "Romulus" and "GIFT-COFB" stayed in the running until the final selection, but "ASCON" prioritized a lightweight footprint even more aggressively than those two methods.

Accelerating the business development of IoT x lightweight authenticated encryption

― What effect did NIST's announcement have on the industry?

NIST is an American organization, but it has significant global impact. It is almost certain that the recent competition result will become the global standard. This will mean that the implementation of lightweight authenticated encryption will advance further. Moreover, in the world of cryptographic technologies, the principle is to provide methods which are free of intellectual property rights. It is the attitude of research institutions and companies that they are expected to contribute to the continuous development of global cryptographic technologies. Research and development as well as service development centered around this method should accelerate at various companies around the world which handle encryption.

NEC also possesses more than enough knowledge about the "cryptographic permutation" which is the basis of "ASCON," so we would like to actively advance the research and development of technologies to implement this technology and other additional ancillary technologies.

For example, there are many areas that still need to be thoroughly investigated for implementation such as safety, delay, and memory encryption, etc. We plan to actively advance research and development which will accelerate IoT while considering the possibility of developing technologies to cover these areas, converting them into libraries, and providing services.

The next target is automatic verification of cryptographic development

― What other types of research are you focusing on besides lightweight authenticated encryption?

This is an abstract way to put it, but cryptography is a type of technology that is truly difficult to create in a safe manner. Therefore, we think that going forward the research should proceed in the direction of asking, "how can we create a truly safe cryptograph without fail?" In current research, we repeat a process in which a person creates an algorithm and then another person demonstrates that it is safe, say by showing a mathematical proof. However, human error inevitably occurs in that process. Mistakes are also made during implementation as well. We believe that eliminating such human errors will become important over the long term.


― Will AI be utilized to achieve that?

We believe that AI is not necessarily required. Mechanical/mathematical tools rather than AI may be sufficient. We believe that technologies which mechanically prove that a cryptographic system is safe will become important going forward. We hope to develop some sort of system which can mechanically support human beings.

Go back to Featured Technologies