FELICS-AEAD: Benchmarking of Lightweight Authenticated Encryption Algorithms

  • Luan Cardoso dos SantosEmail author
  • Johann Großschädl
  • Alex Biryukov
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11833)


Cryptographic algorithms that can simultaneously provide both encryption and authentication play an increasingly important role in modern security architectures and protocols (e.g. TLS v1.3). Dozens of authenticated encryption systems have been designed in the past five years, which has initiated a large body of research in cryptanalysis. The interest in authenticated encryption has further risen after the National Institute of Standards and Technology (NIST) announced an initiative to standardize “lightweight” authenticated ciphers and hash functions that are suitable for resource-constrained devices. However, while there already exist some cryptanalytic results on these recent designs, little is known about their performance, especially when they are executed on small 8, 16, and 32-bit microcontrollers. In this paper, we introduce an open-source benchmarking tool suite for a fair and consistent evaluation of Authenticated Encryption with Associated Data (AEAD) algorithms written in C or assembly language for 8-bit AVR, 16-bit MSP430, and 32-bit ARM Cortex-M3 platforms. The tool suite is an extension of the FELICS benchmarking framework and provides a new AEAD-specific low-level API that allows users to collect very fine-grained and detailed results for execution time, RAM consumption, and binary code size in a highly automated fashion. FELICS-AEAD comes with two pre-defined evaluation scenarios, which were developed to resemble security-critical operations commonly carried out by real IoT applications to ensure the benchmarks are meaningful in practice. We tested the AEAD tool suite using five authenticated encryption algorithms, namely AES-GCM and the CAESAR candidates ACORN, ASCON, Ketje-Jr, and NORX, and present some preliminary results.


Internet of Things Lightweight cryptography Authenticated Encryption Application Program Interface Evaluation scenario 



We would like to thank Daniel Dinu, Yann Le Corre, and Virat Shejwalkar for directly and indirectly helping with the development of this work. Luan Cardoso dos Santos is supported by the Luxembourg National Research Fund through grant PRIDE15/10621687/SPsquared.


  1. 1.
    Aumasson, J.-P., Jovanovic, P., Neves, S.: NORX: parallel and scalable AEAD. In: Kutyłowski, M., Vaidya, J. (eds.) ESORICS 2014. LNCS, vol. 8713, pp. 19–36. Springer, Cham (2014). Scholar
  2. 2.
    Beer, D.: MSPDebug: Debugging Tool for MSP430 MCUs (2015).
  3. 3.
    Bellare, M., Rogaway, P.: Encode-then-encipher encryption: how to exploit nonces or redundancy in plaintexts for efficient cryptography. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 317–330. Springer, Heidelberg (2000). Scholar
  4. 4.
    Bernstein, D.J., Lange, T.: eBACS: ECRYPT Benchmarking of Cryptographic Systems (2009).
  5. 5.
    Bertoni, G., Daemen, J., Peeters, M., Van Assche, G., Van Keer, R.: CAESAR submission: Ketje v2 (2016)Google Scholar
  6. 6.
    Carter, M.R., Velagala, R.R., Pham, J., Kaps, J.P.: eXtended eXternal Benchmarking eXtension (XXBX). In: IEEE International Symposium on Hardware Oriented Security and Trust (HOST 2018) (2018)Google Scholar
  7. 7.
    CryptoLUX Team: FELICS: Fair Evaluation of Lightweight Cryptographic Systems (2016).
  8. 8.
    Dinu, D., Biryukov, A., Großschädl, J., Khovratovich, D., Corre, Y., Perrin, L.: FELICS-fair evaluation of lightweight cryptographic systems. In: NIST Workshop on Lightweight Cryptography, vol. 128 (2015)Google Scholar
  9. 9.
    Dinu, D., Le Corre, Y., Khovratovich, D., Perrin, L., Großschädl, J., Biryukov, A.: Triathlon of lightweight block ciphers for the Internet of Things. Cryptology ePrint Archive, Report 2015/209 (2015).
  10. 10.
    Dobraunig, C., Eichlseder, M., Mendel, F., Schläffer, M.: Ascon v1, submission to the CAESAR competition. CAESAR First Round Submission, March 2014Google Scholar
  11. 11.
    Katz, J., Yung, M.: Unforgeable encryption and chosen ciphertext secure modes of operation. In: Goos, G., Hartmanis, J., van Leeuwen, J., Schneier, B. (eds.) FSE 2000. LNCS, vol. 1978, pp. 284–299. Springer, Heidelberg (2001). Scholar
  12. 12.
    McGrew, D., Viega, J.: The Galois/counter mode of operation (GCM). Submission to NIST Modes of Operation Process, vol. 20 (2004)Google Scholar
  13. 13.
    National Institute of Standards and Technology (NIST): Submission requirements and evaluation criteria for the lightweight cryptography standardization process. Technical report (2018).
  14. 14.
    Rogaway, P.: Authenticated-encryption with associated-data. In: Atluri, V. (ed.) Proceedings of the 9th ACM Conference on Computer and Communications Security (CCS 2002), pp. 98–107. ACM Press, New York (2002)Google Scholar
  15. 15.
    Titzer, B.L., Lee, D.K., Palsberg, J.: Avrora: scalable sensor network simulation with precise timing. In: 2005 Fourth International Symposium on Information Processing in Sensor Networks (IPSN 2005), pp. 477–482. IEEE (2005)Google Scholar
  16. 16.
    Wenzel-Benner, C., Gräf, J.: XBX: eXternal Benchmarking eXtension for the SUPERCOP crypto benchmarking framework. In: Mangard, S., Standaert, F.-X. (eds.) CHES 2010. LNCS, vol. 6225, pp. 294–305. Springer, Heidelberg (2010). Scholar
  17. 17.
    Wu, H.: ACORN: a lightweight authenticated cipher (v3). Candidate for the CAESAR Competition (2016).

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  • Luan Cardoso dos Santos
    • 1
    Email author
  • Johann Großschädl
    • 1
  • Alex Biryukov
    • 1
  1. 1.CSC and SnTUniversity of LuxembourgEsch-sur-AlzetteLuxembourg

Personalised recommendations