Abstract
In March 2017, NIST (National Institute of Standards and Technology) has announced to create a portfolio of lightweight algorithms through an open process. The report emphasizes that with emerging applications like automotive systems, sensor networks, healthcare, distributed control systems, the Internet of Things (IoT), cyber-physical systems, and the smart grid, a detailed evaluation of the so called light-weight ciphers helps to recommend algorithms in the context of profiles, which describe physical, performance, and security characteristics. In recent years, a number of lightweight block ciphers have been proposed for encryption/decryption of data which makes such choices complex. Each such cipher offers a unique combination of resistance to classical cryptanalysis and resource-efficient implementations. At the same time, these implementations must be protected against implementation-based attacks such as side-channel analysis. In this paper, we present a holistic comparison study of four lightweight block ciphers, PRESENT, SIMON, SPECK, and KHUDRA, along with the more traditional Advanced Encryption Standard (AES). We present a uniform comparison of the performance and efficiency of these block ciphers in terms of area and power consumption, on ASIC and FPGA-based platforms. Additionally, we also compare the amenability to side-channel secure implementations for these ciphers on ASIC-based platforms. Our study is expected to help designers make suitable choices when securing a given application, across a wide range of implementation platforms.
Similar content being viewed by others
References
McKay KA, Bassham L, Turan MS, Mouha N (2016) Report on lightweight cryptography. NIST DRAFT NISTIR 8114
Hatzivasilis G, Fysarakis K, Papaefstathiou I, Manifavas C (2017) A review of lightweight block ciphers. J Cryptogr Eng. https://doi.org/10.1007/s13389-017-0160-y
Dinu D, Le Corre Y, Khovratovich D, Perrin L, Großschädl J, Biryukov A (2015) Triathlon of lightweight block ciphers for the internet of things. IACR Cryptology ePrint Archive 2015:209
Cazorla M, Marquet K, Minier M (2013) Survey and benchmark of lightweight block ciphers for wireless sensor networks. In: SECRYPT. SciTePress, pp 543–548
Roman R, Alcaraz C, Lopez J (2007) A survey of cryptographic primitives and implementations for hardware-constrained sensor network nodes. MONET 12(4):231–244
Ghosh S, Misoczki R, Zhao L, Sastry MR (2017) Lightweight block cipher circuits for automotive and iot sensor devices. In: Proceedings of the hardware and architectural support for security and privacy, HASP ’17. ACM, New York, NY, USA, pp 5:1–5:7
Kerckhof S, Durvaux F, Hocquet C, Bol D, Standaert F-X (2012) Towards green cryptography: a comparison of lightweight ciphers from the energy viewpoint. In: CHES, vol 7428 of LNCS. Springer, pp 390–407
Balasch J, Ege B, Eisenbarth T, Gérard B, Gong Z, Güneysu T, Heyse S, Kerckhof S, Koeune F, Plos T, Pöppelmann T, Regazzoni F, Standaert F-X, Van Assche G, Van Keer R, van Oldeneel tot Oldenzeel L, von Maurich I (2012) Compact implementation and performance evaluation of hash functions in attiny devices. In: CARDIS, vol 7771 of LNCS. Springer, pp 158–172
Heuser A, Picek S, Guilley S, Mentens N (2017) Side-channel analysis of lightweight ciphers: does lightweight equal easy? IACR Cryptology ePrint Archive 2017:261
Chhotaray A, Nahiyan A, Shrimpton T, Forte DJ, Tehranipoor M (2017) Standardizing bad cryptographic practice—a teardown of the ieee standard for protecting electronic-design intellectual property. Cryptology ePrint Archive Report 2017:828
Bogdanov A, Knudsen LR, Leander G, Paar C, Poschmann A, Robshaw MJB, Seurin Y, Vikkelsoe C (2007) PRESENT: An ultra-lightweight block cipher. In: CHES, vol 4727 of LNCS. Springer, pp 450–466
Beaulieu R, Shors D, Smith J, Treatman-Clark S, Weeks B, Wingers L (2015) SIMON And SPECK: block ciphers for the internet of things. IACR Cryptology ePrint Archive 2015:585
Kolay S, Mukhopadhyay D (2014) Khudra: a new lightweight block cipher for fpgas. In: SPACE, vol 8804 of LNCS. Springer, pp 126–145
Benini L, Macii A, Macii E, Omerbegovic E, Pro F, Poncino M (2003) Energy-aware design techniques for differential power analysis protection. In: Proceedings of the 40th design automation conference, DAC 2003, Anaheim, CA, USA, June 2-6, 2003, pp 36–41
Yang S, Wolf W, Vijaykrishnan N, Serpanos DN, Xie Y (2005) Power attack resistant cryptosystem design: a dynamic voltage and frequency switching approach. In: 2005 design, automation and test in europe conference and exposition (DATE 2005), 7–11 March 2005, Munich, Germany, pp 64–69
Akkar M -L, Giraud C (2001) An implementation of des and aes, secure against some attacks. In: Cryptographic hardware and embedded systemsCHES 2001. Springer, pp 309–318
Standaert F-X, Peeters E, Quisquater J-J (2005) On the masking countermeasure and higher-order power analysis attacks. In: International conference on information technology: coding and computing, 2005. ITCC 2005, vol 1. IEEE, pp 562–567
Maghrebi H, Danger J-L, Flament F, Guilley S, Sauvage L (2009) Evaluation of countermeasure implementations based on boolean masking to thwart side-channel attacks. In: 3rd international conference on signals, circuits and systems (SCS), 2009. IEEE, pp 1–6
Nikova S, Rechberger C, Rijmen V (2006) Threshold implementations against side-channel attacks and glitches. In: ICICS, vol 4307 of LNCS. Springer, pp 529–545
Gupta KC, Ray IG (2013) On constructions of MDS matrices from companion matrices for lightweight cryptography. In: CD-ARES workshops, vol 8128 of LNCS. Springer, pp 29–43
Feistel H (1973) Cryptography and computer privacy. Sci Am 228(5):15–23
Katz J, Lindell Y (2007) Introduction to modern cryptography. Chapman and Hall/CRC Press
National Institute of Standards and Technology (2001) Advanced encryption standard (AES). Federal Information Processing Standards Publication 197(441):1–47
Biham E, Anderson RJ, Knudsen LR (1998) Serpent: a new block cipher proposal. In: FSE, vol 1372 of LNCS. Springer, pp 222–238
Hoang VT, Rogaway P (2010) On generalized feistel networks. In: CRYPTO, vol 6223 of LNCS. Springer, pp 613–630
Yang G, Zhu B, Suder V, Aagaard MD, Gong G (2015) The simeck family of lightweight block ciphers. In: CHES, vol 9293 of LNCS. Springer, pp 307–329
Kerckhoffs A (1883) La cryptographie militaire. Journal Des Sciences Militaires IX:5–83
Mala H, Dakhilalian M, Rijmen V, Modarres-Hashemi M (2010) Improved impossible differential cryptanalysis of 7-round AES-128. In: INDOCRYPT, vol 6498 of LNCS. Springer, pp 282–291
Cheon JH, Kim M, Kim K, Lee J-Y, Kang S (2001) Improved impossible differential cryptanalysis of Rijndael and Crypton. In: ICISC, vol 2288 of LNCS. Springer, pp 39–49
Bahrak B, Aref MR (2008) Impossible differential attack on seven-round AES-128. IET Inf Secur 2 (2):28–32
Liu Y, Gu D, Liu Z, Li W (2012) Improved results on impossible differential cryptanalysis of reduced-round camellia-192/256. J Syst Softw 85(11):2451–2458
Yuan Z (2010) New impossible differential attacks on AES. IACR Cryptology ePrint Archive 2010:93
Ferguson N, Kelsey J, Lucks S, Schneier B, Stay M, Wagner DA, Whiting D (2000) Improved cryptanalysis of Rijndael. In: FSE, vol 1978 of LNCS. Springer, pp 213–230
Gilbert H, Minier M (2000) A collision attack on 7 rounds of Rijndael. In: AES candidate conference, pp 230–241
Demirci H, Selçuk AA (2008) A meet-in-the-middle attack on 8-round AES. In: FSE, vol 5086 of LNCS. Springer, pp 116–126
Demirci H, Taskin I, Çoban M, Baysal A (2009) Improved meet-in-the-middle attacks on AES. In: INDOCRYPT, vol 5922 of LNCS. Springer, pp 144–156
Biryukov A (2004) The boomerang attack on 5 and 6-round reduced AES. In: AES conference, vol 3373 of LNCS. Springer, pp 11–15
Bogdanov A, Khovratovich D, Rechberger C (2011) Biclique cryptanalysis of the full AES. In: ASIACRYPT, vol 7073 of LNCS. Springer, pp 344–371
Khovratovich D, Rechberger C, Savelieva A (2012) Bicliques for preimages: attacks on skein-512 and the SHA-2 family. In: FSE, vol 7549 of LNCS. Springer, pp 244–263
Guo J, Ling S, Rechberger C, Wang H (2010) Advanced meet-in-the-middle preimage attacks: first results on full tiger, and improved results on MD4 and SHA-2. In: ASIACRYPT, vol 6477 of LNCS. Springer, pp 56–75
Aoki K, Sasaki Y (2009) Meet-in-the-middle preimage attacks against reduced SHA-0 and SHA-1. In: CRYPTO, vol 5677 of LNCS. Springer, pp 70–89
Hermelin M, Cho JY, Nyberg K (2008) Multidimensional linear cryptanalysis of reduced round serpent. In: ACISP, vol 5107 of LNCS. Springer, pp 203–215
Cho JY (2010) Linear cryptanalysis of reduced-round PRESENT. In: CT-RSA, vol 5985 of LNCS. Springer, pp 302–317
Collard B, Standaert F-X (2009) A statistical saturation attack against the block cipher PRESENT. In: CT-RSA, vol 5473 of LNCS. Springer, pp 195–210
Baignères T, Junod P, Vaudenay S (2004) How far can we go beyond linear cryptanalysis? In: ASIACRYPT, vol 3329 of LNCS. Springer, pp 432–450
Harpes C, Kramer GG, Massey JL (1995) A generalization of linear cryptanalysis and the applicability of matsui’s piling-up lemma. In: EUROCRYPT, vol 921 of LNCS. Springer, pp 24– 38
Harpes C, Massey JL (1997) Partitioning cryptanalysis. In: FSE, vol 1267 of LNCS. Springer, pp 13–27
Knudsen LR, Wagner DA (2002) Integral cryptanalysis. In: FSE, vol 2365 of LNCS. Springer, pp 112–127
Hwang K, Lee W, Lee S, Lee S, Lim J (2002) Saturation attacks on reduced round skipjack. In: FSE, vol 2365 of LNCS. Springer, pp 100–111
Miyaji A, Nonaka M (2002) Cryptanalysis of the reduced-round RC6. In: ICICS, vol 2513 of LNCS. Springer, pp 480–494
Ohkuma K (2009) Weak keys of reduced-round PRESENT for linear cryptanalysis. In: Selected areas in cryptography, vol 5867 of LNCS. Springer, pp 249–265
Biham E, Shamir A (1991) Differential cryptanalysis of des-like cryptosystems. J Cryptol 4(1):3–72
Wang M (2008) Differential cryptanalysis of reduced-round PRESENT. In: AFRICACRYPT, vol 5023 of LNCS. Springer, pp 40–49
Wang M, Sun Y, Tischhauser E, Preneel B (2012) A model for structure attacks, with applications to PRESENT and Serpent. In: FSE, vol 7549 of LNCS. Springer, pp 49–68
Jeong K, Kang H, Lee C, Sung J, Hong S (2012) Biclique cryptanalysis of lightweight block ciphers PRESENT, Piccolo and LED. IACR Cryptology ePrint Archive 2012:621
Abed F, Forler C, List E, Lucks S, Wenzel J (2012) Biclique cryptanalysis of the PRESENT and LED lightweight ciphers. IACR Cryptology ePrint Archive 2012:591
Tolba M, Abdelkhalek A, Youssef AM (2015) Meet-in-the-middle attacks on round-reduced khudra. In: SPACE, vol 9354 of LNCS. Springer, pp 127–138
Özen M, Çoban M, Karakoç F (2015) A guess-and-determine attack on reduced-round khudra and weak keys of full cipher. IACR Cryptology ePrint Archive 2015:1163
Dinur I (2014) Improved differential cryptanalysis of round-reduced speck. In: Selected areas in cryptography, vol 8781 of LNCS. Springer, pp 147–164
Abed F, List E, Lucks S, Wenzel J (2013) Cryptanalysis of the speck family of block ciphers. IACR Cryptology ePrint Archive 2013:568
AlKhzaimi H, Lauridsen MM (2013) Cryptanalysis of the SIMON family of block ciphers. IACR Cryptology ePrint Archive 2013:543
Kocher PC (1996) Timing attacks on implementations of diffie-hellman, rsa, dss, and other systems. In: CRYPTO, vol 1109 of LNCS. Springer, pp 104–113
Kocher PC, Jaffe J, Jun B, Rohatgi P (2011) Introduction to differential power analysis. J Cryptogr Eng 1(1):5–27
Shamir A (1979) How to share a secret. Commun ACM 22(11):612–613
Goodwill G, Jun B, Jaffe J, Rohatgi P (2011) A testing methodology for side-channel resistance validation. In: NIST non-invasive attack testing workshop
Guntur H, Ishii J, Satoh A (2014) Side-channel attack user reference architecture board SAKURA-g. In: 3rd IEEE global conference on consumer electronics (GCCE). IEEE, pp 271– 274
Roy DB, Bhasin S, Patranabis S, Mukhopadhyay D (2017) Testing of side-channel leakage of cryptographic intellectual properties: metrics and evaluations. In: Hardware IP security and trust. Springer, pp 99–131
Shahverdi A, Taha M, Eisenbarth T (2015) Silent simon: a threshold implementation under 100 slices. In: HOST
Shahverdi A, Taha M, Eisenbarth T (2017) Lightweight side channel resistance: threshold implementations of simon. IEEE Trans Comput 66(4):661–671
Chen C, Inci MS, Taha M, Eisenbarth T (2016) Spectre: a tiny side-channel resistant speck core for FPGAs. In: CARDIS
Poschmann A, Moradi A, Khoo K, Lim C-W, Wang H, Ling S (2011) Side-channel resistant crypto for less than 2, 300 GE. J Cryptol 24(2):322–345
Canright D (2005) A very compact s-box for AES. In: CHES, vol 3659 of LNCS. Springer, pp 441–455
Mukhopadhyay D, Chakraborty RS (2014) Hardware security: design, threats, and safeguards. CRC Press
De Cnudde T, Reparaz O, Bilgin B, Nikova S, Nikov V, Rijmen V (2016) Masking AES with d + 1 shares in hardware. IACR Cryptology ePrint Archive 2016:631
Moradi A, Poschmann A, Ling S, Paar C, Wang H (2011) Pushing the limits: a very compact and a threshold implementation of AES. In: EUROCRYPT, vol 6632 of LNCS. Springer, pp 69–88
De Cnudde T, Nikova S (2017) Securing the present block cipher against combined side-channel analysis and fault attacks. IEEE Trans Very Large Scale Integr VLSI Syst PP(99):1–11
Acknowledgements
The authors would like to thank Intel Corporation, USA, for the partial funding of the work under the project “LightCrypto: Ultra-Light-weight Robust Crypto-Architectures for Performance and Energy.”
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Sadhukhan, R., Patranabis, S., Ghoshal, A. et al. An Evaluation of Lightweight Block Ciphers for Resource-Constrained Applications: Area, Performance, and Security. J Hardw Syst Secur 1, 203–218 (2017). https://doi.org/10.1007/s41635-017-0021-2
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s41635-017-0021-2