Advantages of Minalpher
Providing 128-bit security for both of confidentiality and integrity.
Minalpher provides 128-bit security for both of confidentiality and integrity, while the most of AES-based existing authenticated encryption scheme only provides 64-bit security for data.
Reducing the security risk.
Minalpher provides some level of the robustness against nonce misuse and unverified plaintext release. Security against nonce misuse. Minalpher is designed to provide some level of the robustness against the nonce reuse i.e., it provides 128-bit security for integrity and confidentiality against nonce reuse.
Efficient implementation in various platforms.
High-end CPU : Minalpher can perform efficiently by using vperm instruction. The performance is 9.6 cycles per byte on Intel Ivy Bridge. Low-end Microcontroller : Minalpher is designed to become reduced in size on low-end microcontrollers. The small size code on RL78(*) is not greater than 512 ROM bytes. Hardware : In hardware implementations, Minalpher shows high scalability between the speed-area trade-offs: 2.8 kGE @369.3 Mbps and 16.7 kGE @ 9.9 Gbps are achieved in corner cases with a 45-nm CMOS process.
Mode of operations
- AEAD mode Minalpher is designed based on the single-round tweaked Even-Mansour construction.
- MAC mode Some application does not require the confidentiality and only requires the integrity. Minalpher provides the MAC mode, and the computation time is optimized so that it can be faster than simply computing the AEAD mode.
Primitive
- The round function of Minalpher-P Primitive is involution permutation.
- SubNibbles(SN) : SN substitutes each nibble in the state into another value by using the involutive 4-bit S-box.
- ShuffleRows(SR) : SR shuffles nibble positions within each row. Many ciphers have ShiftRows, but Minalpher has ShuffleRows instead of ShiftRows, and ShuffleRows is generalization of ShiftRows.
- MixColumns(MC) : MC is a linear function within each column. The matrix is a binary matrix and the branch number is 4.
- AddConstant(AC) : The state is XORed with the constant RCi which is calculated from the round number.
