CLOC and SILC---Authenticated Encryption Schemes for Constrained Devices

Introduction

An authenticated encryption scheme (AE) is a symmetric-key cryptographic function for both confidentiality and integrity. CLOC and SILC are blockcipher modes for AE designed in 2014, where CLOC stands for Compact Low-Overhead CFB and SILC for SImple Lightweight CFB. The main target of these modes is constrained devices having limited resources for computation and memory, which will play the key role in the forthcoming era of Internet of Things (IoT). CLOC and SILC are designed to minimize the memory and computation overhead beyond the underlying blockcipher, and they show good performance for short input data. The primary focus of CLOC is embedded software, such as low-end 8-bit micro-controllers, and the focus of SILC is small hardware, such as RFID or ASIC, or programmable logic device, e.g. CPLD.

CLOC and SILC are candidates of CAESAR, a cryptographic competition of AE organized by leading cryptographers.

CLOC was first presented at FSE 2014, and SILC was first presented at DIAC 2014.

Designers

CLOC :
Tetsu Iwata (Nagoya University, Japan)
Kazuhiko Minematsu (NEC Corporation, Japan)
Jian Guo (Nanyang Technological University, Singapore)
Sumio Morioka (NEC Europe, United Kingdom)

SILC:
CLOC designers, and Eita Kobayashi (NEC Corporation, Japan)

Specifications

Specification documents for Round 1 CAESAR submission: CLOC v1, SILC v1
Specification documents for Round 2 CAESAR submission: CLOC v2, SILC v2
Specification documents for Round 3 CAESAR submission: CLOC and SILC v3

Talks and slides

Slides from FSE 2014 (CLOC)
Slides from DIAC 2014 (SILC)
Slides from DIAC 2015 (CLOC v2 and SILC v2)
Slides from DIAC 2016 (CLOC and SILC v3)
Slides from ESC 2017 (SILC is INT-RUP secure)

Implementations

Reference C software is available from here
Local copy of round 2 reference C software is available from here
Test vectors of CLOC v1 and SILC v1 are available from here and here (w/ intermediate values)
Test vectors of CLOC v2 and SILC v2 are available from here and here (w/ intermediate values)

Note. With respect to the test vectors of Present, our implementation treats data in bytes, and this should be converted from the little-endian long integer (reversed-ordered bytes) to match the test vectors given by the designers of Present at http://www.lightweightcrypto.org/downloads/implementations/present21.tgz.

Local copy of round 2 hardware submission is available from here for CLOC and here for SILC
Local copy of round 3 reference C software is available from here
Local copy of round 3 reference hardware submission (for 64-bit blockciphers) is available here and the summary is also available here.

Contact

iwata (at) cse (dot) nagoya-u (dot) ac (dot) jp

Last update: July 21, 2017.