Yu, Sheng JungSheng JungYuLee, Yu ChiYu ChiLeeLin, Liang HsinLiang HsinLinCHIA-HSIANG YANG2023-07-172023-07-172023-06-0100189200https://scholars.lib.ntu.edu.tw/handle/123456789/633766This work presents the first cryptographic processor that supports the double ratchet protocol with backward secrecy for the Internet-of-Things (IoT) devices. A precomputation-based constant modular divider is used to reduce the area by 39.5% and energy consumption by 18.8%. A hash-based key derivative function (HKDF) module is proposed to reduce the energy consumption of the length selector by 89.8% and the energy consumption of the module by 35% by leveraging the characteristic of the input. A GF(24)2-based S-box is used to reduce the area of S-box by 21.2%. A 1-byte S-box is shared for key generation and text encryption/decryption to reduce the area by 46.8%. Fabricated in a 40-nm CMOS technology, the chip integrates 227k gates in 1.03 mm 2 and dissipates 1.18 mW at 16 MHz from a 0.56-V supply. The chip achieves a 211 734× lower energy consumption than the CPU solution. Compared with the state-of-the-art end-to-end protocol cryptographic processor, this work achieves an 18.5× higher energy efficiency for secure hash algorithm (SHA), 3× higher energy efficiency for advanced encryption standard (AES), and a 41% less energy for protocol establishment, with 10% smaller area.Backward secrecy | cryptographic processor | digital integrated circuit | double ratchet | end-to-end encryption | Internet of Things (IoT)[SDGs]SDG7journal article10.1109/JSSC.2022.32208382-s2.0-85142807829https://api.elsevier.com/content/abstract/scopus_id/85142807829