On Optimality of the Round Function of Rocca

抄録

At ToSC 2021, Sakamoto et al. proposed Rocca, an AES-based encryption scheme, for Beyond 5G applications. They presented a class of round functions that achieved impressive performance in software by improving the design strategy for constructing an efficient AES-based round function that was proposed by Jean and Nikolić at FSE 2016. In this paper, we revisit their design strategy for finding more efficient round functions. We add new requirements further to improve speed of Rocca. Specifically, we focus on the number of temporary registers for updating the round function and search for round functions with the minimum number of required temporary registers. As a result, we find a class of round functions with only one required temporary register, while round function of Rocca requires two temporary registers. We show that new round functions are significantly faster than that of Rocca on the latest Ice Lake and Tiger Lake architectures. We emphasize that, regarding speed, our round functions are optimal among the Rocca class of round functions because the search described in this paper covers all candidates that satisfy the requirements of Rocca.