Resource-constrained Internet of Things (IoT) devices, from medical implants to small drones, must transmit sensitive telemetry under adversarial wireless channels while operating under stringent computing and energy budgets. Authenticated Encryption (AE) is essential for ensuring confidentiality, integrity, and authenticity. However, existing lightweight AE standards lack forward-security guarantees, compact tag aggregation, and offline-online (OO) optimizations required for modern high-throughput IoT pipelines. We introduce Diamond, the first provable secure Forward-secure and Aggregate Authenticated Encryption (FAAE) framework that extends and generalizes prior FAAE constructions through a lightweight key evolution mechanism, an OO-optimized computation pipeline, and a set of performance-tiered instantiations tailored to heterogeneous IoT platforms. Diamond substantially reduces amortized offline preprocessing (up to 47%) and achieves up to an order-ofmagnitude reduction in end-to-end latency for large telemetry batches. Our comprehensive evaluation across 64-bit ARM Cortex-A72, 32-bit ARM Cortex-M4, and 8-bit AVR architectures confirms that Diamond consistently outperforms baseline FAAE variants and NIST lightweight AE candidates across authenticated encryption throughput and end-to-end verification latency while maintaining compact tag aggregation and strong breach resilience. We formally prove the security of Diamond and provide two concrete instantiations optimized for compliance and high efficiency. Our open-source release enables reproducibility and seamless integration into IoT platforms.

翻译：资源受限的物联网（IoT）设备——从医疗植入体到小型无人机——必须在对抗性无线信道下传输敏感遥测数据，同时受限于严格的计算与能耗预算。认证加密（AE）对于确保机密性、完整性和真实性至关重要。然而，现有的轻量级AE标准缺乏前向安全性保证、紧凑标签聚合以及现代高吞吐量物联网流水线所需的离线-在线（OO）优化。我们提出了Diamond，首个可证明安全的前向安全聚合认证加密（FAAE）框架，通过轻量级密钥演化机制、OO优化计算流水线以及一套针对异构物联网平台定制的性能分级实例，扩展并泛化了先前的FAAE构造。Diamond显著降低了摊销离线预处理开销（最高达47%），并对大规模遥测批量处理实现了端到端延迟的数量级降低。我们在64位ARM Cortex-A72、32位ARM Cortex-M4和8位AVR架构上的综合评估表明，Diamond在认证加密吞吐量和端到端验证延迟方面持续优于基准FAAE变体及NIST轻量级AE候选方案，同时保持紧凑标签聚合与强大的泄露恢复能力。我们形式化证明了Diamond的安全性，并提供了针对合规性与高效性优化的两个具体实例。开源发布确保了结果可复现性及与物联网平台的无缝集成。