ChaCha20-Poly1305 Authenticated Encryption for High-Speed Embedded IoT Applications

Fabrizio De Santis1,a, Andreas Schauer1,b and Georg Sigl1,2,c,d
1Lehrstuhl für Sicherheit in der Informationstechnik, Technische Universität München (TUM), Munich, Germany.
2Fraunhofer Institute for Applied and Integrated Security (AISEC), Munich, Germany.


The ChaCha20 stream cipher and the Poly1305 authenticator are cryptographic algorithms designed by Daniel J. Bernstein with the aim of ensuring high-security margins, while achieving high performance on a broad range of software platforms. In response to the concerns raised about the reliability of the existing IETF/TLS cipher suite, its performance on software platforms, and the ease to realize secure implementations thereof, the IETF has recently published the RFC7905 and RFC7539 to promote the use and standardization of the ChaCha20 stream cipher and Poly1305 authenticator in the TLS protocol. Most interestingly, the RFC7539 specifies how to combine together the ChaCha20 stream cipher and Poly1305 authenticator to construct an Authenticated Encryption with Associated Data (AEAD) scheme to provide confidentiality, integrity, and authenticity of data. In this work, we present compact, constant-time, and fast implementations of the ChaCha20 stream cipher, Poly1305- ChaCha20 authenticator, and ChaCha20-Poly1305 AEAD scheme for ARM Cortex-M4 processors, aimed at evaluating the suitability of such algorithms for high-speed and lightweight IoT applications, e.g. to deploy fast and secure TLS connections between IoT nodes and remote cloud servers, when AES hardware acceleration capabilities are not available.

Full Text (PDF)