Skip to Main content Skip to Navigation
Preprints, Working Papers, ...

SPAE a mode of operation for AES on low-cost hardware

Abstract : We propose SPAE, a single pass, patent free, authenticated encryption with associated data (AEAD) for AES. The algorithm has been developped to address the needs of a growing trend in IoT systems: storing code and data on a low cost flash memory external to the main SOC. Existing AEAD algorithms such as OCB, GCM, CCM, EAX , SIV, provide the required functionality however in practice each of them suffer from various drawbacks for this particular use case. Academic contributions such as ASCON and AEGIS-128 are suitable and efficient however they require the development of new hardware accelerators and they use primitives which are not 'approved' by governemental institutions such as NIST, BSI, ANSSI. From a silicon manufacturer point of view, an efficient AEAD which use existing AES hardware is much more enticing: the AES is required already by most industry standards invovling symmetric encryption (GSMA, EMVco, FIDO, Bluetooth, ZigBee to name few). This paper expose the properties of an ideal AEAD for external memory encryption, present the SPAE algorithm and analyze various security aspects. Performances of SPAE on actual hardware are better than OCB, GCM and CCM.
Document type :
Preprints, Working Papers, ...
Complete list of metadata

Cited literature [46 references]  Display  Hide  Download
Contributor : Cyril Hugounenq <>
Submitted on : Thursday, September 5, 2019 - 11:17:48 AM
Last modification on : Tuesday, May 11, 2021 - 11:36:28 AM
Long-term archiving on: : Thursday, February 6, 2020 - 4:03:10 AM


Files produced by the author(s)


Distributed under a Creative Commons Attribution 4.0 International License


  • HAL Id : hal-02279331, version 1



Philippe Elbaz-Vincent, Cyril Hugounenq, Sébastien Riou. SPAE a mode of operation for AES on low-cost hardware. 2019. ⟨hal-02279331v1⟩



Record views


Files downloads