ISAP+: An update over ISAP
avik chakraborti
Dear all,
Hope you all are doing well. Merry Christmas and Happy New Year in advance. This mail is regarding our new design ISAP+, a simple variant of the NIST LwC finalist ISAP.
We have analyzed ISAP and found that the security of the mode depends on the 2PI+ security of the underlying hash, instead of the traditional collision security. This motivates us to propose a variant of the mode, dubbed ISAP+, where we replace the plain sponge hash with a feed-forward variant of sponge hash and obtain better security, which in turn helps to achieve better throughput. To be precise, the new hash in the authentication helps ISAP+ to obtain an improved AE security bound O(DT/2^c) as compared to O(T^2/2^c) in ISAP (D: Data complexity, T: Time complexity). We also report the FPGA implementation results, which show that with a little hardware area overhead, ISAP+ improves authentication throughput over ISAP, and obtains a better result in terms of authentication throughput/ area metric.
We would also like to point out that a shorter version of this work (i.e., analysis of the ISAP+ mode) has been accepted at INDOCRYPT 2022, and the full version (with FPGA results) is available at https://eprint.iacr.org/2022/1591.pdf
We would also like to mention that, we have notified the ISAP designers about this update but yet to receive any reply from them (if any).
Please let us know your comments and suggestions, if any.