We propose SPAE, a single pass, patent free, authenticated encryption
with associated data (AEAD) for AES. The algorithm has been developped to address
the needs of a growing trend in IoT systems: storing code and data on a low cost
flash memory external to the main SOC. Existing AEAD algorithms such as OCB,
GCM, CCM, EAX , SIV, provide the required functionality however in practice
each of them suffer from various drawbacks for this particular use case. Academic
contributions such as ASCON and AEGIS-128 are suitable and efficient however
they require the development of new hardware accelerators and they use primitives
which are not ‘approved’ by governemental institutions such as NIST, BSI, ANSSI.
From a silicon manufacturer point of view, an efficient AEAD which use existing
AES hardware is much more enticing: the AES is required already by most industry
standards invovling symmetric encryption (GSMA, EMVco, FIDO, Bluetooth, ZigBee
to name few). This paper expose the properties of an ideal AEAD for external
memory encryption, present the SPAE algorithm and analyze various security aspects.
Performances of SPAE on actual hardware are better than OCB, GCM and CCM.