Diamond: Design and Implementation of Breach-Resilient Authenticated Encryption Framework For Internet of Things
Saif E. Nouma, Gokhan Mumcu, Attila A. Yavuz
TL;DR
Diamond tackles the challenge of secure, high-throughput communication for resource-constrained IoT by integrating forward-secure encryption with aggregate MACs under an offline-online (OO) paradigm. It presents a modular, provably secure FAAE framework built from a CTR-based forward-secure encryption (FSE) and a forward-secure aggregate MAC (FAMAC), leveraging PRF-based key evolution and OO precomputation to minimize online latency. The paper provides formal security proofs in the standard model, supports two concrete instantiations (Diamond_1: AES-128/GHASH and Diamond_2: ChaCha20/Poly1305), and demonstrates substantial performance gains (e.g., up to 3.5x online speedups and up to 47% offline preprocessing reductions) across 64-bit A72, 32-bit M4, and 8-bit AVR platforms, with open-source availability. Collectively, Diamond offers breach-resilient confidentiality and authenticity with compact tag aggregation and scalable E2E latency improvements, making it practical for medical IoT, UAVs, and smart-city deployments.
Abstract
Resource-constrained Internet of Things (IoT) devices, from medical implants to small drones, must transmit sensitive telemetry under adversarial wireless channels while operating under stringent computing and energy budgets. Authenticated Encryption (AE) is essential for ensuring confidentiality, integrity, and authenticity. However, existing lightweight AE standards lack forward-security guarantees, compact tag aggregation, and offline-online (OO) optimizations required for modern high-throughput IoT pipelines. We introduce Diamond, the first provable secure Forward-secure and Aggregate Authenticated Encryption (FAAE) framework that extends and generalizes prior FAAE constructions through a lightweight key evolution mechanism, an OO-optimized computation pipeline, and a set of performance-tiered instantiations tailored to heterogeneous IoT platforms. Diamond substantially reduces amortized offline preprocessing (up to 47%) and achieves up to an order-ofmagnitude reduction in end-to-end latency for large telemetry batches. Our comprehensive evaluation across 64-bit ARM Cortex-A72, 32-bit ARM Cortex-M4, and 8-bit AVR architectures confirms that Diamond consistently outperforms baseline FAAE variants and NIST lightweight AE candidates across authenticated encryption throughput and end-to-end verification latency while maintaining compact tag aggregation and strong breach resilience. We formally prove the security of Diamond and provide two concrete instantiations optimized for compliance and high efficiency. Our open-source release enables reproducibility and seamless integration into IoT platforms.
