Cryptographic Hardware and Embedded Systems, CHES 2010

Volume 6225 of the series Lecture Notes in Computer Science pp 398-412

ARMADILLO: A Multi-purpose Cryptographic Primitive Dedicated to Hardware

  • Stéphane BadelAffiliated withEPFL, Lausanne
  • , Nilay DağtekinAffiliated withEPFL, Lausanne
  • , Jorge NakaharaJr.Affiliated withEPFL, Lausanne
  • , Khaled OuafiAffiliated withEPFL, Lausanne
  • , Nicolas RefféAffiliated withOridao, Montpellier
  • , Pouyan SepehrdadAffiliated withEPFL, Lausanne
  • , Petr SušilAffiliated withEPFL, Lausanne
  • , Serge VaudenayAffiliated withEPFL, Lausanne


This paper describes and analyzes the security of a general-purpose cryptographic function design, with application in RFID tags and sensor networks. Based on these analyzes, we suggest minimum parameter values for the main components of this cryptographic function, called ARMADILLO. With fully serial architecture we obtain that 2 923 GE could perform one compression function computation within 176 clock cycles, consuming 44 μW at 1 MHz clock frequency. This could either authenticate a peer or hash 48 bits, or encrypt 128 bits on RFID tags. A better tradeoff would use 4 030 GE, 77 μW of power and 44 cycles for the same, to hash (resp. encrypt) at a rate of 1.1 Mbps (resp. 2.9 Mbps). As other tradeoffs are proposed, we show that ARMADILLO offers competitive performances for hashing relative to a fair Figure Of Merit (FOM).