Ultralightweight Cryptography

Some Thoughts on Ten Years of Efforts
  • Paolo D’ArcoEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11359)


The term ultralightweight refers to a special approach to cryptographic design, which uses just basic operations as and, or, xor, \(+_{\bmod \,\, n}\) and cyclic shift. It has been developed in the last years, in the context of authentication protocols, to provide very efficient and secure solutions. In this short note, we discuss the motivations behind its introduction, and outline its key ideas and features. By overviewing some previous works, and picking up from them some examples, we describe typical weaknesses which have been found in almost all the proposed protocols. We point out that, at the state of current knowledge, serious doubts about the soundness of the approach and, in general, about what can be obtained with it, are present. Neverthless, since many questions are on the ground without answers, we argue that further investigations in the field are needed. To this aim, we throw a quick look at the close area of lightweight cryptography, briefly describing some successful design strategies and modeling techniques. We suggest that, instead of keeping pursuing ad-hoc solutions employing heuristic trials, working along these research directions could be beneficial also to the ultralightweight field.



I would like to thank Xavier Carpenter, Roberto De Prisco and Alfredo De Santis for helpful comments and suggestions.


  1. 1.
    Armknecht, F., Hamann, M., Mikhalev, V.: Lightweight authentication protocols on ultra-constrained RFIDs - myths and facts. In: Saxena, N., Sadeghi, A.-R. (eds.) RFIDSec 2014. LNCS, vol. 8651, pp. 1–18. Springer, Cham (2014). Scholar
  2. 2.
    Avoine, G., Carpent, X., Martin, B.: Strong authentication and strong integrity (SASI) is not that strong. In: Ors Yalcin, S.B. (ed.) RFIDSec 2010. LNCS, vol. 6370, pp. 50–64. Springer, Heidelberg (2010). Scholar
  3. 3.
    Avoine, G., Carpent, X., Hernandez-Castro, J.: Pitfalls in ultra-lightweight authentication protocol designs. IEEE Trans. Mob. Comput. 15(9), 2317–2332 (2016)CrossRefGoogle Scholar
  4. 4.
    Carpenter, X., D’Arco, P., De Prisco, R.: Ultralightweight authentication protocols. In: Hernandez-Castro, J., Avoine, G. (eds.) Selected Topics in Security of Ubiquitous Computing Systems (2019). ISBN 978-3-030-10591-4Google Scholar
  5. 5.
    Chien, H.: SASI: a new ultra-lightweight RFID authentication protocol providing strong authentication and strong integrity. IEEE Trans. Dependable Secure Comput. 4(4), 337–340 (2007)CrossRefGoogle Scholar
  6. 6.
    D’Arco, P., De Santis, A.: Weaknesses in a recent ultra-lightweight RFID authentication protocol. In: Vaudenay, S. (ed.) AFRICACRYPT 2008. LNCS, vol. 5023, pp. 27–39. Springer, Heidelberg (2008). Scholar
  7. 7.
    D’Arco, P., De Santis, A.: On ultra-lightweight RFID authentication protocols. IEEE Trans. Dependable Secure Comput. 8(4), 548–563 (2011)CrossRefGoogle Scholar
  8. 8.
    D’Arco, P., De Prisco, R.: Design weaknesses in recent ultra-lightweight RFID authentication protocols. In: Proceedings of the 33rd International Conference on Information Security and Privacy Protection (IFIP TC-11 SEC 2018), Pozna, Poland, pp. 18–20 (2018)Google Scholar
  9. 9.
    Hopper, N.J., Blum, M.: Secure human identification protocols. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 52–66. Springer, Heidelberg (2001). Scholar
  10. 10.
    Gilbert, H., Robshaw, M.J.B., Seurin, Y.: HB\(^{\#}\): increasing the security and efficiency of HB\(^{+}\). In: Smart, N. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 361–378. Springer, Heidelberg (2008). Scholar
  11. 11.
    Gilbert, H., Robshaw, M.J.B., Seurin, Y.: Good variants of HB\(^{+}\) are hard to find. In: Tsudik, G. (ed.) FC 2008. LNCS, vol. 5143, pp. 156–170. Springer, Heidelberg (2008). Scholar
  12. 12.
    Gilbert, H., Robshaw, M.J.B., Sibert, H.: An active attack against HB\(^{+}\) a provably secure lightweight authentication protocol. Electron. Lett. 41(21), 1169–1170 (2005)CrossRefGoogle Scholar
  13. 13.
    Hernandez-Castro, J.C., Estevez-Tapiador, J.M., Peris-Lopez, P., Quisquater, J.-J.: Cryptanalysis of the SASI ultra-lightweight RFID authentication protocol with modular rotations. In: International Workshop on Coding and Cryptography - WCC 2009, Ullensvang, Norway, May 2009Google Scholar
  14. 14.
    Juels, A., Weis, S.A.: Authenticating pervasive devices with human protocols. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 293–308. Springer, Heidelberg (2005). Scholar
  15. 15.
    Katz, J., Shin, J.S., Smith, A.: Parallel and concurrent security of the HB and HB\(^{+}\) protocols. J. Cryptology 23(3), 402–421 (2010)MathSciNetCrossRefGoogle Scholar
  16. 16.
    Kiltz, E., Pietrzak, K., Venturi, D., Cash, D., Jain, A.: Efficient authentication from hard learning problems. J. Cryptology 30(4), 1238–1275 (2017)MathSciNetCrossRefGoogle Scholar
  17. 17.
    Ouafi, K., Overbeck, R., Vaudenay, S.: On the security of HB\(^{\#}\) against a man-in-the-middle attack. In: Pieprzyk, J. (ed.) ASIACRYPT 2008. LNCS, vol. 5350, pp. 108–124. Springer, Heidelberg (2008). Scholar
  18. 18.
    Ouafi, K., Vaudenay, S.: Smashing SQUASH-0. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 300–312. Springer, Heidelberg (2009). Scholar
  19. 19.
    Peris-Lopez, P., Hernandez-Castro, J.C., Estevez-Tapiador, J.M., Ribagorda, A.: M\(^{2}\)AP: a minimalist mutual-authentication protocol for low-cost RFID tags. In: Ma, J., Jin, H., Yang, L.T., Tsai, J.J.-P. (eds.) UIC 2006. LNCS, vol. 4159, pp. 912–923. Springer, Heidelberg (2006). Scholar
  20. 20.
    Peris-Lopez, P., Hernandez-Castro, J.C., Estevez-Tapiador, J.M., Ribagorda, A.: LMAP: a real lightweight mutual authentication protocol for low-cost RFID tags. In: Proceedings of the RFID Security Workshop, pp. 12–24 (2006)Google Scholar
  21. 21.
    Peris-Lopez, P., Hernandez-Castro, J.C., Estevez-Tapiador, J.M., Ribagorda, A.: EMAP: an efficient mutual-authentication protocol for low-cost RFID tags. In: Meersman, R., Tari, Z., Herrero, P. (eds.) OTM 2006. LNCS, vol. 4277, pp. 352–361. Springer, Heidelberg (2006). Scholar
  22. 22.
    Phan, R.C.W.: Cryptanalysis of a new ultra-lightweight RFID authentication protocol - SASI. IEEE Trans. Dependable Secure Comput. 6(4), 316–320 (2009)CrossRefGoogle Scholar
  23. 23.
    Sun, H.-M., Ting, W.-C., Wang, K.-H.: On the Security of Chien’s Ultralightweight RFID Authentication Protocol, eprint archive, no. 83, February 2008Google Scholar
  24. 24.
    Shamir, A.: SQUASH – a new MAC with provable security properties for highly constrained devices such as RFID tags. In: Nyberg, K. (ed.) FSE 2008. LNCS, vol. 5086, pp. 144–157. Springer, Heidelberg (2008). Scholar
  25. 25.
    Vaudenay, S.: On privacy models for RFID. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 68–87. Springer, Heidelberg (2007). Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.Dipartimento di InformaticaUniversità degli Studi di SalernoFiscianoItaly

Personalised recommendations