GCM implementations of Camellia-128 and SMS4 by optimizing the polynomial multiplier

In some scenarios, the cryptographic primitives should support more than one functionality. Authenticated Encryption/Verified Decryption (AEVD) combines encryption and authentication at the same time, which is useful in communication protocols (DNS, IPSEC, etc.). Nevertheless, authenticated encryption needs some optimizations to ensure fast performance. One solution could be the use of the Galois Counter Mode (GCM) scheme. To reach fast performances, this work broadens some GCM models described in Chakraborty et al.’s [D. Chakraborty, C. Mancillas Lopez, F. Rodriguez Henriquez, P. Sarkar, Efficient hardware implementations of BRW polynomials and tweakable enciphering schemes, Comput IEEE Trans 62 (2) (2013) 279–294, doi:10.1109/TC.2011.227] work with two changes. The first one is focused on speeding-up the polynomial multiplier necessary to perform the authentication process. That polynomial multiplier is extended for supporting four stages, based on the well-known Karatsuba–Ofman algorithm. The second one is the modification of two known block ciphers such as Camellia-128 and SMS4 with the GCM scheme. The constructed GCM is able to support variable-length messages greater than 512 bits. The throughput of the polynomial multiplier is greater than 28 Gbps for all the tested platforms. The independent block ciphers in encryption-only mode reach a throughput greater than 28 Gbps, and for all the GCM cases reported in this manuscript the throughput is greater than 9.5 Gbps.