A review of lightweight block ciphers

Abstract

Embedded systems are deployed in various domains, including industrial installations, critical and nomadic environments, private spaces and public infrastructures. Their operation typically involves access, storage and communication of sensitive and/or critical information that requires protection, making the security of their resources and services an imperative design concern. The demand for applicable cryptographic components is therefore strong and growing. However, the limited resources of these devices, in conjunction with the ever-present need for smaller size and lower production costs, hinder the deployment of secure algorithms typically found in other environments and necessitate the adoption of lightweight alternatives. This paper provides a survey of lightweight cryptographic algorithms, presenting recent advances in the field and identifying opportunities for future research. More specifically, we examine lightweight implementations of symmetric-key block ciphers in hardware and software architectures. We evaluate 52 block ciphers and 360 implementations based on their security, performance and cost, classifying them with regard to their applicability to different types of embedded devices and referring to the most important cryptanalysis pertaining to these ciphers.

This is a preview of subscription content, log in to check access.

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9

References

  1. 1.

    Abed, F., List, E., Lucks, S., Wenzel, J.: Cryptanalysis of the SPECK family of block ciphers. IACR Cryptology ePrint Archive: Report 568 (2013)

  2. 2.

    Agren, M.: Some instant- and practical-time related-key attacks on KTANTAN32/48/64. In: Miri, A., Vaudenay, S. (eds.) 18th International Conference on Selected Areas in Cryptography (SAC’11), Springer, pp. 213–229 (2011)

  3. 3.

    Ahmaadian, Z., Salmasizadeh, M., Aref, M.R.: Biclique cryptanalysis of the full-round KLEIN block cipher. IET Inf. Secur. 8, 294–301 (2015)

    Article  Google Scholar 

  4. 4.

    Albrecht, M.R., Driessen, B., Kavun, E.B., Leander, G., Paar, C., Yalcin, T.: Block Ciphers Focus On The Linear Layer (feat. PRIDE). In: Advances in Cryptology—CRYPTO, Springer, LNCS, vol. 8616, pp. 57–76 (2014)

  5. 5.

    Aldabbagh, S.S.M., Shaikhli, I.F.T.A., Alahmad, M.A.: HISEC: A New Lightweight Block Cipher Algorithm. In: International Conference on Security of Information and Networks (SIN’14), Glasgow, Scotland, UK, pp. 151–157 (2014)

  6. 6.

    Alkhzaimi, H.A., Lauridsen, M.M.: Cryptanalysis of the SIMON family of block ciphers. IACR Cryptology ePrint Archive: Report 543 (2013)

  7. 7.

    Akishita, T., Hiwatari, H.: Very compact hardware implementations of the blockcipher CLEFIA. In: Selected Areas in Cryptography (SAC’12). Springer, LNCS, 7118, pp. 278–292 (2012)

  8. 8.

    Anjali, A., Priyanka, Pal, S.K.: A Survey of Cryptanalytic Attacks on Lightweight Block Ciphers. Int. J. Comput. Sci. Inf. Secur. 2(2), 472–481 (2012)

  9. 9.

    Aoki, K., Ichikawa, T., Kanda, M., Matsui, M., Moriai, S., Nakajima, J., Tokita, T.: Camellia: a 128-bit block cipher suitable for multiple platforms design and analysis. In: Selected Areas in Cryptography (SAC’01), Springer, LNCS, pp. 39–56 (2001)

  10. 10.

    Aumasson, J.-P., Naya-Plasencia, M., Saarinen, M.-J.O.: Practical attack on 8 rounds of the lightweight block cipher klein. IN: Progress in Cryptology INDOCRYPT 2011, Springer, LNCS, 7107, pp. 134–145 (2011)

  11. 11.

    Azimi, S.A., Ahmadian, Z., Mohajeri, J., Aref, M.R.: Impossible differential cryptanalysis of Piccolo lightweight block cipher. In: International ISC Conference on Information Security and Cryptology (ISCISC), Tehran, September, pp. 89–94 (2014)

  12. 12.

    Bansod, G., Raval, N., Pisharoty, N.: Implementation of a new lightweight encryption design for embedded security. IEEE Trans. Inf. Forensics Secur. 10(1), 142–151 (2014)

    Article  Google Scholar 

  13. 13.

    Batina, L., Das, A., Ege, B., Kavun, E.B., Mentens, N., Paar, C., Verbauwhede, I., Yalcin, T.: Dietary recommendations for lightweight block ciphers power, energy and area analysis of recently developed architectures. In: Hutter, M., Schmidt, J.-M. (eds.) RFIDsec 2013, vol. 8262, pp. 101–110. Springer, LNCS (2013)

  14. 14.

    Bay, A., Nakahara, J.Jr., Vaudenay, S.: Cryptanalysis of reduced-round MIBS Block Cipher. In: Cryptology and Network Security (CANS), Springer, LNCS, 6467(5005), pp. 1–19 (2010)

  15. 15.

    Beaulieu, R., Treatman-Clark, S., Douglas, S., Weeks, B., Smith, J., Wingers, L.: The SIMON and speck families of lightweight block ciphers. In: 52nd ACM/EDAC/IEEE Design Automation Conference (DAC), San Francisco, pp. 1–6 (2013)

  16. 16.

    Biham, E.: New types of cryptanalytic attacks using related keys. J. Cryptol. 7(4), 229–246 (1994)

    Article  MATH  Google Scholar 

  17. 17.

    Biham, E., Dunkelman, O., Keller, N.: A related-key rectangle attack on the full KASUMI. In: Advances in Cryptology ASIACRYPT 2005, Springer, LNCS, 3788, pp. 443–461 (2005)

  18. 18.

    Blondeau, C., Gerard, B.: Differential Cryptanalysis of PUFFIN and PUFFIN2. Workshop on Lightweight Cryptography, ECRYPT (2011)

    Google Scholar 

  19. 19.

    Blondeau, C., Nyberg, K.: Links between truncated differential and multidimensional linear properties of block ciphers and underlying attack complexities. In: EUROCRYPT 2014, Springer, LNCS, 8441, pp. 165–182 (2014)

  20. 20.

    Bogdanov, A., Khovratovich, D., Rechbergerm, C.: Biclique Cryptanalysis of the full AES. In: ASIACRYPT 2011, Springer, LNCS, 7073, pp. 344–371 (2011)

  21. 21.

    Bogdanov, A., Knudsen, L.R., Leander, G., Paar, C., Poschmann, A.: PRESENT: An Ultra-Lightweight Block Cipher. In: Cryptographic Hardware and Embedded Systems, CHES 2007, Springer, LNCS, 4727, pp. 450–466 (2007)

  22. 22.

    Borghoff, J., et al.: PRINCE A Low-latency Block Cipher for Pervasive Computing Applications. In: Advances in Cryptology ASIACRYPT 2012, Springer, LNCS, 7658, pp. 208–225 (2012)

  23. 23.

    Bos, J.W., Osvik, D.A., Stefan, D.: Fast Implementations of AES on Various Platforms. IACR Cryptology ePrint Archive: Report 501 (2009)

  24. 24.

    Akiroglu, M.: Software implementation and performance comparison of popular block ciphers on 8-bit low-cost microcontroller. Int. J. Phys. Sci. 5(9), 13381343 (2010)

  25. 25.

    Canniere, D.E., C., Dunkelman, O., Knezevic, M.: KATAN and KTANTAN—A family of small and efficient hardware-oriented block ciphers. In: Cryptographic Hardware and Embedded Systems, CHES 2009, Springer, LNCS, 5747, pp. 272–288 (2009)

  26. 26.

    Canright, D.: A very compact S-box for AES. In: Cryptographic Hardware and Embedded Systems, CHES 2005, Springer, LNCS, 3659, pp. 441–455 (2005)

  27. 27.

    Cazorla, M., Marquet, K., Minier, M.: Survey and benchmark of lightweight block ciphers for wireless sensor networks. In: 10th International Conference on Security and Cryptography, SECRYPT, IEEE, 29–31 July, 2013, Reykjavik, pp. 1–6 (2013)

  28. 28.

    Cheng, H., Heys, H.M.: Compact ASIC implementation of the ICEBERG block cipher with concurrent error detection. IEEE International Symposium on Circuits and Systems—ISCAS 2008, Seattle, Wash, pp. 2921–2924 (2008)

  29. 29.

    Cheng, H., Heys, H.M., Wang, C.: PUFFIN: A novel compact block cipher targeted to embedded digital systems. In: 11th EUROMICRO Conference on Digital System Design Architectures—DSD 2008, Methods and Tools, Parma, Italy, pp. 383–390 (2008)

  30. 30.

    Courtois, N.T.: An improved differential attack on full GOST. IACR Cryptology ePrint Archive: Report, 138 (2012)

  31. 31.

    De Cnudde, T., Reparaz, O., Bilgin, B., Nikova, S., Nikov, V., Rijmen, V.: Masking AES with d+1 Shares in Hardware. In: Cryptographic Hardware and Embedded Systems (CHES 2016), Springer, LNCS, 9813, pp. 192–212 (2016)

  32. 32.

    Daemen, J., Peeters, M., Van Assche, G., Rijmen, V.: The NOEKEON Block Cipher, pp. 1–30. http://gro.noekeon.org/ (2000)

  33. 33.

    Daemen, J., Peeters, M., Van Assche, G., Rijmen, V.: On Noekeon, no! http://gro.noekeon.org/ (2001)

  34. 34.

    Das, S.: Halka: a lightweight, software friendly block cipher using ultra-lightweight 8-bit S-box. IACR Cryptology ePrint Archive: Report 110 (2014)

  35. 35.

    Dinu, D., Corre, Y.L., Khovratovich, D., Perrin, L., Grobshadl, J., Biryukov, A.: Triathlon of lightweight block ciphers for the internet of things. NIST Lightweight Cryptography Workshop 2015, NIST, July 20–21, 2015, Gaithersburg, pp. 1–18 (2015)

  36. 36.

    Eisenbarth, T., Kumar, S., Paar, C., Poschmann, A., Uhsadel, L.: A survey of lightweight-cryptography implementations. IEEE Des. Test Comput. 24(6), 522533 (2007)

    Article  Google Scholar 

  37. 37.

    Eisenbarth, T., et al.: Compact implementation and performance evaluation of block ciphers in ATtiny devices. In: Progress in Cryptology—AFRICACRYPT 2012, Springer, LNCS, 7374, pp. 172–187 (2012)

  38. 38.

    Engels, D., Fan, X., Gong, G., Hu, H., Smith, E.M.: Hummingbird: ultra-lightweight cryptography for resource-constrained devices. In: Financial Cryptography and Data Security—FC 2010, Springer, LNCS, 6054, pp. 3–18 (2010)

  39. 39.

    Engels, D., Saarinen, M.O., Schweitzer, P., Smith, E.M.: The hummingbird-2 lightweight authenticated encryption algorithm. RFID Security and Privacy, Springer, LNCS 7055, 19–31 (2011)

    Article  Google Scholar 

  40. 40.

    Engels, S., Kavun, E.B., Mihajloska, H., Paar, C., Yalcin, T.: A non-linear/linear instruction set extension for lightweight block ciphers. In: 21st IEEE Symposium on Computer Arithmetics (ARITH’21), IEEE Computer Society, Austin, TX, pp. 76–75 (2014)

  41. 41.

    EPCGLOBAL: EPC Tag Data Standard Version 1.5 EPCglobal Specification (2010)

  42. 42.

    ETSI’S Security Algorithms Group Of Experts (SAGE): Specification of the 3GPP confidentiality and integrity algorithms, Document 2: Kasumi specification (2007)

  43. 43.

    Fysarakis, K., Hatzivasilis, G., Askoxylakis, I.G., Manifavas, C.: RT-SPDM: real-time security, privacy and dependability management of heterogeneous systems. In: Human Aspects of Information Security, Privacy and Trust (HCI International 2015), Springer, LNCS, 9190, pp. 619–630 (2015)

  44. 44.

    Fysarakis, K., Hatzivasilis, G., Papaefstathiou, I., Manifavas, C.: RtVMF—a secure real-time vehicle management framework with critical incident response. IEEE Pervasive Comput. Mag. Spec. Issue Smart Veh. Spaces 15(1), 22–30 (2016)

  45. 45.

    Fysarakis, K., Hatzivasilis, G., Rantos, K., Papanikolaou, A., Manifavas, C.: Embedded systems security challenges. In: Measurable Security for Embedded Computing and Communication Systems—MeSeCCs 2014, 7–9 January, 2014, Lisbon, Portugal, pp. 1–10 (2014)

  46. 46.

    Gerard, B., Grosso, V., Naya-Plasencia, M., Standaert, F.-X.: Block ciphers that are easier to mask: how far can we go? In: Cryptographic Hardware and Embedded Systems, CHES 2013, LNCS, vol. 8086, pp. 383–399. Springer, Berlin (2013)

  47. 47.

    Gligoroski, D.: Edon-library of Reconfigurable Cryptographic Primitives Suitable for Embedded Systems. Workshop on Cryptographic Hardware and Embedded Systems (2003)

  48. 48.

    Gong, Z., Nikova, S., Law, Y.W.: KLEIN: a new family of lightweight block ciphers. RFID Security and Privacy, Springer, LNCS 7055, 1–18 (2012)

    Article  Google Scholar 

  49. 49.

    Grosso, V., Laurent, G., Standaert, F.-X., Varici, K.: LS-Designs: Bitslice encryption for efficient masked software implementations. In: Fast Software Encryption, FSE 2014, Springer, LNCS, 8540 (2014)

  50. 50.

    Guo, J., Peyrin, T., Poschmann, A.: The PHOTON family of lightweight hash functions. In: Advances in Cryptology CRYPTO 2011, Springer, LNCS, 6841, pp. 222–239 (2011)

  51. 51.

    Guo, J., Peyrin, T., Poschmann, A., Robshaw, M.J.B.: The LED Block Cipher, Cryptographic Hardware and Embedded Systems, CHES 2011. Springer, LNCS 6917, 326–341 (2011)

    MATH  Google Scholar 

  52. 52.

    Guo, X., Schaumont, P.: The technology dependence of lightweight hash implementation cost. ECRYPT Workshop on Lightweight Cryptography (LC ’11) (2011)

  53. 53.

    Guo, X.: Secure and Efficient Implementations of Cryptographic Primitives. Virginia Polytechnic Institute and State University, Blacksburg (2012)

    Google Scholar 

  54. 54.

    Hamalainen, P., et al.: Design and implementation of low-area and low-power AES encryption hardware core. In: 9th IEEE EUROMICRO Conference Digital System Design: Architectures, Methods and Tools, 2006. DSD 2006, pp. 577–583 (2006)

  55. 55.

    Hatzivasilis, G., Floros, G., Papaefstathiou, I., Manifavas, C.: Lightweight Authenticated Encryption for Embedded On-Chip Systems, Information Security Journal: A Global Perspective. Taylor & Francis, Bristol (2016)

    Google Scholar 

  56. 56.

    Hatzivasilis, G., Gasparis, E., Theodoridis, A., Manifavas, C.: ULCL: an Ultra-Lightweight Cryptographic Library for Embedded Systems. In: Measurable Security for Embedded Computing and Communication Systems—MeSeCCs 2014, 7–9 January, 2014, Lisbon, Portugal, pp. 11–18 (2014)

  57. 57.

    Hatzivasilis, G., Manifavas, C.: Building trust in ad hoc distributed resource-sharing networks using reputation-based systems. In: 16th Panhellenic Conference on Informatics (PCI 2012), IEEE, 5–7 October, 2012, Piraeus, Greece, pp. 416–421 (2012)

  58. 58.

    Hatzivasilis, G., Papaefstathiou, I., Manifavas, C.: ModConTR: a modular and configurable trust and reputation-based system for secure routing. In: 11th ACS/IEEE International Conference on Computer Systems and Applications (AICCSA’2014), IEEE, Doha, Qatar, 10–13 November, 2014, pp. 56–63 (2014)

  59. 59.

    Hatzivasilis, G., Papaefstathiou, I., Manifavas, C., Askoxylakis, I.: Lightweight password hashing scheme for embedded systems. In: 9th WG 11.2 International Conference on Information Security Theory and Practice (WISTP), IFIP, Springer, LNCS, 9311, pp. 249–259 (2015)

  60. 60.

    Hong, D., et al., HIGHT: a new block cipher suitable for low-resource device. In: Cryptographic Hardware and Embedded Systems, CHES 2006, Springer, LNCS, 4249, pp. 46–59 (2006)

  61. 61.

    Hong, D., Lee, J.-K., Kim, D.-C., Kwon, D., Ryu, K.H., Lee, D.-G.: LEA: a 128-bit block cipher for fast encryption on common processors. In: International Workshop on Information Security Applications (WISA 2013), Springer, LNCS, 8267, pp. 3–27 (2014)

  62. 62.

    Huand, J., Vaudenay, S., Lai, X.: On the key schedule of lightweight block ciphers. In: Progress in Cryptology INDOCRYPT 2014, Springer, LNCS, 8885, pp. 124–142 (2014)

  63. 63.

    Indesteege, S., Keller, N., Dunkelman, O., Biham, E., Preneel, B.: A practical attack on Keeloq. In: Advances in Cryptology—EUROCRYPT 2008, Springer, LNCS, 4965, pp. 1–18 (2008)

  64. 64.

    Isobe, T.: A single-key attack on the full GOST block cipher. In: Fast Software Encryption, FSE 2011, Springer, LNCS, 6733, pp. 290–305 (2011)

  65. 65.

    Israsena, P., Wongnamkum, S.: Hardware implementation of a TEA-based lightweight encryption for RFID security. RFID Secur. 2009(3), 417433 (2009)

    Google Scholar 

  66. 66.

    Izadi, M., Sadeghiyan, B., Sadeghian, S.S., Khanooki, H.A.: MIBS: a new lightweight block cipher. In: Cryptology and Network Security (CANS), Springer, LNCS, 5888, pp. 334–348 (2009)

  67. 67.

    Jacob, J.: BEST-1: a light weight block cipher. In: IOSR Journal of Computer Engineering (IOSR-JCE), vol. 16, issue 2, ver. XII, March–April, pp. 91–95 (2014)

  68. 68.

    Jean, J., Nikoli, I., Peyrin, T., Wang, L., Wu, S.: Security analysis of PRINCE. In: Fast Software Encryption, FSE 2013, Springer, LNCS, 8424, pp. 92–111 (2014)

  69. 69.

    Jeong, K., Kang, H., Lee, C., Sung, J., Hong, S.: Biclique cryptanalysis of lightweight block ciphers present, piccolo and led. IACR Cryptol. ePrint Arch. p. 621 (2012)

  70. 70.

    Jeong, K., Lee, C., Lim, J.I.: Improved differential fault analysis on lightweight block cipher LBlock for wireless sensor networks. EURASIP J. Wirel. Commun. Netw. (JWCN), 2013/1/151 (2013)

  71. 71.

    Jeong, K., Lee, Y., Sung, J., Hong, S.: Improved differential fault analysis on PRESENT-80/128. Int. J. Comput. Math. 90(12), 25532563 (2013)

    Article  MATH  Google Scholar 

  72. 72.

    Junod, P.: On the Complexity of Matsui’s Attack. In: Selected areas in cryptography (SAC’01), Springer, LNCS, 2259, pp. 199–211 (2001)

  73. 73.

    Kaps, J.-P.: Chai-tea, cryptographic hardware implementations of xtea. In: Progress in Cryptology INDOCRYPT 2008, Springer, LNCS, 5365, pp. 363–375 (2008)

  74. 74.

    Karakoc, F., Demirci, H., Harmanci, A.E.: ITUbee: a software oriented lightweight block cipher. Lightweight Cryptography for Security and Privacy, Springer, LNCS 8162, 16–27 (2013)

    Article  MATH  Google Scholar 

  75. 75.

    Kelsey, J., Schneier, B., Wagner, D.: Related-key cryptanalysis of 3-WAY. In: Biham-DES, CAST, DES-X, newDES, RC2, and TEA, ICICS’97. Springer, pp. 233–246 (1997)

  76. 76.

    Khovratovich, D., Leurent, G., Rechberger, C.: Narrow-Bicliques: Cryptanalysis of Full IDEA. In: EUROCRYPT 2012, Springer, LNCS, 7237, pp. 392–410 (2012)

  77. 77.

    Kim, Y., Yoon, H.: First Experimental Result of Power Analysis Attacks on a FPGA Implementation of LEA. IACR Cryptology ePrint Archive: Report, 999 (2014)

  78. 78.

    Kitsos, P., Sklavos, N., Parousi, M., Skodras, A.N.: A comparative study of hardware architectures for lightweight block ciphers. Comput. Electr. Eng. 38(1), 148160 (2012)

    Article  Google Scholar 

  79. 79.

    Knudsen, L.R., Raddum, H.: On Noekeon. Public reports of the NESSIE project. Report: NES/DOC/UIB/WP3/009/1 (2001)

  80. 80.

    Knudsen, L., Leander, G., Poschmann, A., Robshaw, M.J.B.: PRINTcipher: a block cipher for IC-printing. In: Cryptographic hardware and embedded systems, CHES 2010, Springer, LNCS, 6225, pp. 16–32 (2010)

  81. 81.

    Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: Advances in Cryptology, CRYPTO’99, Springer, pp. 388–397 (1999)

  82. 82.

    Koo, B., Hong, D., Kwon, D.: Related-key attack on the full HIGHT. In: Information Security and Cryptology, ICISC 2010, Springer, LNCS, 6829, pp. 49–67 (2011)

  83. 83.

    Kumar, M., Pal, S.K., Panigrahi, A.: FeW: a lightweight block cipher. IACR Cryptology ePrint Archive: Report 326 (2014)

  84. 84.

    Lai, X., Massey, J.L.: A proposal for a new block encryption standard. In: Advances in Cryptology EUROCRYPT ’90, Springer, LNCS, 473, pp. 389–404 (1991)

  85. 85.

    Leander, G.: On linear hulls, statistical saturation attacks. In: PRESENT and a cryptanalysis of PUFFIN, EUROCRYPT 2011, Springer, LNCS, 6632, pp. 303–322 (2011)

  86. 86.

    Leander, G., Minaud, B., Ronjom, S.: A Generic Approach to Invariant Subspace Attacks: Cryptanalysis of Robin, iSCREAM and Zorro. In: EUROCRYPT 2015, IACR, Sofia, Bulgaria, 26–30 April (2015)

  87. 87.

    Leander, G., Paar, C., Poschmann, A., Schramm, K.: New lightweight des variants, fast software encryption. In: FSE 2007, Springer, LNCS, 4593, pp. 196–210 (2007)

  88. 88.

    Lee, D., Kim, D.-C., Kwon, D., Kim, H.: Efficient hardware implementation of the lightweight block encryption algorithm LEA. Sensors 14, 975–994 (2014)

    Article  Google Scholar 

  89. 89.

    Lee, Y., Jeong, K., Lee, C., Sung, J., Hong, S.: Related-key cryptanalysis on the full PRINTcipher suitable for IC-printing. Int. J. Distrib. Sens. Netw. 2014. article ID 389476, p. 10 (2014)

  90. 90.

    Lim, C.H.: A revised version of CRYPTON: CRYPTON V1.0. In: Fast Software Encryption, FSE 1999, Springer, LNCS, 1636, pp. 31–45 (1999)

  91. 91.

    Lim, C.H., Korkishko, T.: mCrypton–a lightweight block cipher for security of low-cost RFID tags and Sensors. Information Security Applications, Springer, LNCS 3786, 243–258 (2006)

    Article  Google Scholar 

  92. 92.

    Lim, Y.-I., Lee, J.-H., You, Y., Cho, K.-R.: Implementation of HIGHT cryptic circuit for RFID tag. IEICE Electron. Express 6(4), 180186 (2009)

    Article  Google Scholar 

  93. 93.

    Lu, J.: Related-key rectangle attack on 36 rounds of the XTEA block cipher. Int. J. Inf. Secur. 8(1), 111 (2008)

    Google Scholar 

  94. 94.

    Mace, F., Standaert, F.-X., Quisquater, J.: ASIC implementations of the block cipher sea for constrained applications. In: RFID Security (RFIDsec 2007), Malaga, Spain, pp. 103–114 (2007)

  95. 95.

    Manifavas, C., Hatzivasilis, G., Fysarakis, K., Papaefstathiou, I.: A survey of lightweight stream ciphers for embedded systems. Secur. Commun. Netw. 21(9), 1226–1246 (2015)

    Google Scholar 

  96. 96.

    Manifavas, C., Hatzivasilis, G., Fysarakis, K., Rantos, K.: Lightweight cryptography for embedded systems a comparative analysis. In: 6th International Workshop on Autonomous and Spontaneous Security SETOP 2012, Springer, LNCS, 8247, pp. 333–349 (2012)

  97. 97.

    Matsui, M.: New block encryption algorithm MISTY. In: Fast Software Encryption (FSE 1997) Springer, LNCS, 1267, pp. 54–68 (1997)

  98. 98.

    Mentens, N., Genoe, J., Preneel, B., Verbauwhede, I.: A low-cost implementation of Trivium, SASC, pp. 197–204 (2008)

  99. 99.

    Moradi, A., Poschmann, A., Ling, S., Paar, C., Wang, H.: Pushing the limits: a very compact and a threshold implementation of AES. In: Advances in Cryptology EUROCRYPT 2011, Springer, LNCS, 6632, pp. 69–88 (2011)

  100. 100.

    Mukherjee, S., Sahoo, B.: A survey on hardware implementation of IDEA cryptosystem. Inf. Secur. J.: A Glob. Perspect. 20(4–5), 210218 (2011)

  101. 101.

    Needham, R., Wheeler, D.: TEA extensions. Technical report, Computer Laboratory, University of Cambridge, October (1997)

  102. 102.

    Nikova, S., Rijmen, V., Schlaffer, M.: Secure hardware implementation of nonlinear functions in the presence of glitches. J. Cryptol. 24(2), 292321 (2011)

    MathSciNet  Article  MATH  Google Scholar 

  103. 103.

    Ojha, S.K., Kumar, N., Jain, K.: Sangeeta. TWIS—a lightweight block cipher. In: Information Systems Security, Springer, LNCS, 5905, pp. 280–291 (2009)

  104. 104.

    Ozen, O., Varici, K., Tezcan, C., Kocair, C.: Lightweight block ciphers revisited: cryptanalysis of reduced round PRESENT and HIGHT. Information Security and Privacy, Springer, LNCS 5594, 90–107 (2009)

    Article  MATH  Google Scholar 

  105. 105.

    Paar, C., Poschmann, A., Robshaw, M.J.B.: New designs in lightweight symmetric encryption. RFID Secur. 3, 349371 (2009)

    Google Scholar 

  106. 106.

    Park, J.H.: Security analysis of mCrypton proper to low-cost ubiquitous computing devices and applications. Int. J. Commun. Syst. 22(8), 959969 (2009)

    Google Scholar 

  107. 107.

    Piret, G., Roche, T., Carlet, C.: PICARO–a block cipher allowing efficient higher-order side-channel resistance. Applied Cryptography and Network Security, Springer, LNCS 7341, 311–328 (2012)

    Article  Google Scholar 

  108. 108.

    Plos, T., Dobraunig, C., Hofinger, M., Oprisnik, A., Wiesmeier, C., Wiesmeier, J.: Compact hardware implementation of the block ciphers mCrypton, NOEKEON, and SEA. In: Progress in Cryptology INDOCRYPT 2012, Springer, LNCS, 7668, pp. 358–377 (2012)

  109. 109.

    Plos, T., Grob, H., Feldhofer, M.: Implementation of symmetric algorithms on a synthesizable 8-bit microcontroller targeting passive RFID tags. In: Selected Areas in Cryptography (SAC’11), Springer, LNCS, 6544, pp. 114–129 (2011)

  110. 110.

    Poschmann, A.: Lightweight Cryptography: Cryptographic Engineering for a Pervasive World. Ruhr-University, Bochum (2009)

    Google Scholar 

  111. 111.

    Poschmann, A., Ling, S., Wang, H.: 256 bit standardized crypto for 650 GE GOST revisited. In: Cryptographic Hardware and Embedded Systems, CHES 2010, Springer, LNCS, 6225, pp. 219–233 (2010)

  112. 112.

    Rabbaninejad, R., Ahmadian, Z., Salmasizadeh, M., Aref, M.R.: Cube and dynamic cube attacks on SIMON32/64. In: International ISC Conference on Information Security and Cryptology (ISCISC), Tehran, pp. 98–103 (2014)

  113. 113.

    Reddy, V.A.: A Cryptanalysis of the Tiny Encryption Algorithm. University of Alabama, Tuscaloosa (2003)

    Google Scholar 

  114. 114.

    Renauld, M., Standaert, F.-X.: Algebraic side-channel attacks. In: Bao, F., Yung, M., Lin, D., Jing, J. (eds.) Information Security and Cryptology, Inscrypt 2009, LNCS, vol 6151, pp. 393–410. Springer (2009)

  115. 115.

    Rinne, S., Eisenbarth, T., Paar, C.: Performance Analysis of Contemporary Light-Weight Block Ciphers on 8-bit Microcontrollers, Software Performance Enhancement for Encryption and Decryption (SPEED 2007), Amsterdam, NL, (2007)

  116. 116.

    Robshaw, M.J.B.: Searching for Compact Algorithms: CGEN. In: Progress in Cryptology—VIETCRYPT 2006, Springer, LNCS, 4341, pp. 37–49 (2006)

  117. 117.

    Rolfes, C., Poschmann, A., Leander, G., Paar, C.: Ultra-lightweight implementations for smart devicessecurity for 1000 gate equivalents. Smart Card Research and Advanced Applications, Springer, LNCS 5189, 89–103 (2008)

    Article  MATH  Google Scholar 

  118. 118.

    Roman, R., Alcaraz, C., Lopez, J.: A survey of cryptographic primitives and implementations for hardware-constrained sensor network nodes. Mob. Netw. Appl. 12(4), 231244 (2007)

    Article  Google Scholar 

  119. 119.

    Saarinen, M-J.O.: Cryptanalysis of hummingbird-1. In: Fast Software Encryption (FSE 2011), Springer, LNCS, 6733, pp. 328–341 (2011)

  120. 120.

    Saarinen, M.-J.O.: Related-key attacks against full hummingbird-2. In: Fast Software Encryption (FSE 2014), Springer, LNCS, 8424, pp. 467–482 (2014)

  121. 121.

    Sarma, S.E.: Towards the five-cent tag—MIT-AUTOID-WH-006 (2001)

  122. 122.

    Satoh, A., Morioka, S.: Small and High-Speed Hardware Architectures for the 3GPP Standard Cipher KASUMI. In: International Conference on Information Security (ISC 2002), Springer, LNCS, 2433, pp. 48–62 (2002)

  123. 123.

    Satoh, A., Morioka, S.: Hardware-focused performance comparison for the standard block ciphers AES. Camellia, and Triple-DES, Information Security, Springer, LNCS 2851, 252–266 (2003)

    Google Scholar 

  124. 124.

    Shibutani, K., Isobe, T., Hiwatari, H., Mitsuda, A., Akishita, T., Shirai, T.: Piccolo: an ultra-lightweight blockcipher. In: Cryptographic Hardware and Embedded Systems (CHES 2011), Springer, LNCS, 6917, pp. 342–357 (2011)

  125. 125.

    Shirai, T., Shibutani, K., Akishita, T., Moriai, S., Iwata, T.: The 128-bit blockcipher CLEFIA (extended abstract). In: Fast Software Encryption (FSE 2007), Springer, LNCS, 4593, pp. 181–195 (2007)

  126. 126.

    Soleimany, H.: Self-similarity cryptanalysis of the block cipher ITUbee. IET Inf. Secur. 9(3), 179–184 (2014)

    Article  Google Scholar 

  127. 127.

    Soleimany, H., et al.: Reflection cryptanalysis of PRINCE-like ciphers. J. Cryptol. 28(3), 718–744 (2013)

    MathSciNet  Article  MATH  Google Scholar 

  128. 128.

    Song, J., Lee, K., Lee, H.: Biclique cryptanalysis on lightweight block cipher: HIGHT and Piccolo. Int. J. Comput. Math. 90(12), 25642580 (2013)

    Article  MATH  Google Scholar 

  129. 129.

    Standaert, F.-X., Piret, G., Gershenfeld, N., Quisquater, J.: SEA: a scalable encryption algorithm for small embedded applications. IN: Smart Card Research and Advanced Applications, Springer, LNCS, 3928, pp. 222–236 (2006)

  130. 130.

    Standaert, F.-X., Piret, G., Rouvroy, G., Quisquater, J., Legat, J.-D.: ICEBERG: an involutional cipher efficient for block encryption in reconfigurable hardware. In: Fast Software Encryption (FSE 2004), Springer, LNCS, 3017, pp. 279–298 (2004)

  131. 131.

    Standard, NIST FIPS: Data Encryption Standard (DES). Federal Information Processing Standards Publication, 46-3 (1999)

  132. 132.

    Standard, NIST FIPS: Advanced Encryption Standard (AES). Federal Information Processing Standards Publication, 197 (2001)

  133. 133.

    Su, B., Wu, W., Zhang, L., Li, Y.: Full-round differential attack on TWIS block cipher. Information Security Applications, Springer, LNCS 6513, 234–242 (2010)

    Article  Google Scholar 

  134. 134.

    Sun, Y., Wang, M., Jiang, S., Sun, Q.: Differential cryptanalysis of reduced-round ICEBERG. AFRICACRYPT 2012, Springer, LNCS, 7374, pp. 155–171 (2012)

  135. 135.

    Suzaki, T., Minematsu, K., Morioka, S., Kobayashi, E.: Twine: a lightweight, versatile block cipher. In: ECRYPT Workshop on Lightweight Cryptography (LC11), pp. 146–169 (2011)

  136. 136.

    Texcan, C.: The improbable differential attack: cryptanalysis of reduced round CLEFIA. INDOCRYPT 2010, Springer, LNCS, 6498, pp. 197–209 (2010)

  137. 137.

    Tigli, O.: Area efficient ASIC implementation of IDEA (International Data Encryption Standard). Best design for ASIC implementation of IDEA, GMU (2003)

    Google Scholar 

  138. 138.

    TOSHIBA: Toshiba CMOS Technology Roadmap for ASIC (2015). http://www.toshiba-components.com/ASIC/Technology.html

  139. 139.

    Tupsamudre, H., Bisht, S., Mukhopadhyay, D.: Differential fault analysis on the families of SIMON and SPECK ciphers. In: Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC), IEEE, 23 September, 2014, pp. 40–48. Busan, Korea (2014)

  140. 140.

    Ullrich, M., Canniere, C.D., Indesteege, S., Kucuk, O., Mouha, N., Preneel, B.: Finding optimal bitsliced implementations of 4 \(\times \) 4-bit S-boxes. Copenhagen, DK, Symmetric Key Encryption Workshop (SKEW) (2011)

    Google Scholar 

  141. 141.

    Walter, M., Bulygin, S., Buchmann, J.: Optimizing guessing strategies for algebraic cryptanalysis with applications to EPCBC. Information Security and Cryptology, Springer, LNCS 7763, 175–197 (2013)

    Article  MATH  Google Scholar 

  142. 142.

    Wang, C., Heys, H.M.: An ultra compact block cipher for serialized architecture implementations. In: Canadian Conference on Electrical and Computer Engineering (CCECE ’09), St. John’s, Newfoundland, IEEE, pp. 1085–1090 (2009)

  143. 143.

    Wang, Y., Wu, W., Yu, X., Zhang, L.: Security on lblock against biclique cryptanalysis. In: Information Security Applications (WISA 2012), Springer, LNCS, 7690, pp. 1–14 (2012)

  144. 144.

    Wen, L., Wang, M., Bogdanov, A., Chen, H.: Multidimensional zero-correlation attacks on lightweight block cipher HIGHT: improved cryptanalysis of an ISO standard. Inf. Process. Lett. 114, 322330 (2014)

    Article  MATH  Google Scholar 

  145. 145.

    Weis, S.: Security and privacy in radio-frequency identification devices. Faculty of the Massachusetts Institute of Technology (M.I.T.) (2003)

  146. 146.

    Wheeler, D., Needham, R.: TEA, a tiny encryption algorithm. In: Fast Software Encryption (FSE 1994), Springer, LNCS, 1008, pp. 363–366 (1994)

  147. 147.

    Wheeler, D., Needham, R.: Correction to XTEA. Technical report, Computer Laboratory, University of Cambridge, October (1998)

  148. 148.

    Wu, W., Zhang, L.: LBlock: a lightweight block cipher. Applied Cryptography and Network Security, Springer, LNCS 6715, 327–344 (2011)

    Article  MATH  Google Scholar 

  149. 149.

    Yang, L., Wang, M., Qiao, S.: Side channel cube attack on PRESENT. In: Cryptology and Network Security (CANS), Springer, LNCS, 5888, pp. 379–391 (2009)

  150. 150.

    Yap, H., Khoo, K., Poschmann, A., Henricksen, M.: EPCBC—a block cipher suitable for electronic product code encryption. In: Cryptology and Network Security (CANS), Springer, LNCS, 7092, pp. 76–97 (2011)

  151. 151.

    Yarrkov, E.: Cryptanalysis of XXTEA. IACR Cryptology ePrint Archive: Report, 254 (2010)

  152. 152.

    Yoshikawa, H., Kaminaga, M., Shikoda, A., Suzuki, T.: Secret key reconstruction method using round addition DFA on lightweight block cipher LBlock. In: International Symposium on Information Theory and its Applications (ISITA), Melbourne, VIC, pp. 493–496 (2014)

  153. 153.

    Yu, Y., Yang, Y., Fan, Y., Min, H.: Security scheme for RFID tags. Fudan University, White paper, Auto-ID Labs (2006)

    Google Scholar 

  154. 154.

    Z’aba, M.R., Jamil, N., Rusli, M.E., Jamaludinm, M.Z., Yasir, A.A.M.: \(\text{I-PRESENT}^{TM}\): an involutive lightweight block cipher. J. Inf. Secur. Sci. Res. 5, 114–122 (2014)

  155. 155.

    Zhang, W., Bao, Z., Lin, D., Rijmen, V., Yang, B., Verbauwhede, I.: RECTANGLE: a bit-slice ultra-lightweight block cipher suitable for multiple platforms. Sci. China Inf. Sci. 58(12), 1–15 (2014)

    Google Scholar 

  156. 156.

    Zhao, G., Li, R., Cheng, L., Li, C., Sun, B.: Differential fault analysis on LED using Super-Sbox. IET Inf. Secur. 9(4), 209–218 (2014)

    Article  Google Scholar 

  157. 157.

    Zhao, G., Sun, B., Li, C., Su, J.: Truncated differential cryptanalysis of PRINCE. Secur. Commun. 8(16), 2875–2887 (2015)

  158. 158.

    Zhao, X., Wang, T., Zheng, Y.: Cache timing attacks on camellia block cipher. IACR Cryptology ePrint Archive: Report 354 (2009)

  159. 159.

    Zhu, B., Gong, G.: Multidimensional meet-in-the-middle attack and its applications to KATAN32/48/64. Cryptogr. Commun. 6(4), 313–333 (2014)

    MathSciNet  Article  MATH  Google Scholar 

Download references

Acknowledgements

This work was funded by the General Secretarial Research and Technology (GSRT), Hellas under the Artemis JU research program nSHIELD (new embedded Systems arcHItecturE for multi-Layer Dependable solutions) project. Call: ARTEMIS-2010-1, Grand Agreement No.: 269317.

Author information

Affiliations

Authors

Corresponding author

Correspondence to George Hatzivasilis.

Appendix

Appendix

In this appendix, we evaluate block cipher implementations as they are reported in the literature. Table 3 indicates the features of the examined block cipher and the best publicly known cryptanalysis results. Tables 4, 5, 6, 7, 8, 9 and 10 summarize hardware and software implementations, respectively.

Table 3 The general characteristics of each examined cipher
Table 4 Hardware implementations of block ciphers on \(0.18\,\upmu \)m technology
Table 5 Hardware implementations of block ciphers on \(0.13\,\upmu \)m technology
Table 6 Hardware implementations of block ciphers on \(0.09\,\upmu \)m technology
Table 7 Hardware implementations of block ciphers on 0.25 and \(0.35\,\upmu \)m technology
Table 8 Software implementations of block ciphers on 8-bit microcontrollers
Table 9 Software implementations of block ciphers on 16-bit microcontrollers
Table 10 Software implementations of block ciphers on 32-bit microcontrollers

Rights and permissions

Reprints and Permissions

About this article

Verify currency and authenticity via CrossMark

Cite this article

Hatzivasilis, G., Fysarakis, K., Papaefstathiou, I. et al. A review of lightweight block ciphers. J Cryptogr Eng 8, 141–184 (2018). https://doi.org/10.1007/s13389-017-0160-y

Download citation

Keywords

  • Symmetric cryptography
  • Lightweight cryptography
  • Block ciphers
  • Embedded systems security