ARMADILLO: A Multi-purpose Cryptographic Primitive Dedicated to Hardware

  • Stéphane Badel
  • Nilay Dağtekin
  • Jorge NakaharaJr.
  • Khaled Ouafi
  • Nicolas Reffé
  • Pouyan Sepehrdad
  • Petr Sušil
  • Serge Vaudenay
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6225)

Abstract

This paper describes and analyzes the security of a general-purpose cryptographic function design, with application in RFID tags and sensor networks. Based on these analyzes, we suggest minimum parameter values for the main components of this cryptographic function, called ARMADILLO. With fully serial architecture we obtain that 2 923 GE could perform one compression function computation within 176 clock cycles, consuming 44 μW at 1 MHz clock frequency. This could either authenticate a peer or hash 48 bits, or encrypt 128 bits on RFID tags. A better tradeoff would use 4 030 GE, 77 μW of power and 44 cycles for the same, to hash (resp. encrypt) at a rate of 1.1 Mbps (resp. 2.9 Mbps). As other tradeoffs are proposed, we show that ARMADILLO offers competitive performances for hashing relative to a fair Figure Of Merit (FOM).

References

  1. 1.
    Bogdanov, A., Knudsen, L.R., Leander, G., Paar, C., Poschmann, A., Robshaw, M.J.B., Seurin, Y., Vikkelsoe, C.: Present: a Ultra-Lightweight Block Cipher. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 450–466. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  2. 2.
    Bogdanov, A., Leander, G., Paar, C., Poschmann, A., Robshaw, M.J.B., Seurin, Y.: Hash Functions and RFID Tags: Mind the Gap. In: Oswald, E., Rohatgi, P. (eds.) CHES 2008. LNCS, vol. 5154, pp. 283–299. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  3. 3.
    De Cannière, C., Dunkelman, O., Knežević, M.: KATAN & KTANTAN: a Family of Small and Efficient Hardware-Oriented Block Ciphers. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 272–288. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  4. 4.
    De Cannière, C., Preneel, B.: Trivium Specifications. eSTREAM technical report (2006), http://www.ecrypt.eu.org/stream/ciphers/trivium/trivium.pdf
  5. 5.
    Daemen, J., Govaerts, R., Vandewalle, J.: A Hardware Design Model for Cryptographic Algorithms. In: Deswarte, Y., Quisquater, J.-J., Eizenberg, G. (eds.) ESORICS 1992. LNCS, vol. 648, pp. 419–434. Springer, Heidelberg (1992)CrossRefGoogle Scholar
  6. 6.
    Daemen, J., Govaerts, R., Vandewalle, J.: A Framework for the Design of One-Way Hash Functions Including Cryptanalysis of Damgård One-way Function based on a Cellular Automaton. In: Matsumoto, T., Imai, H., Rivest, R.L. (eds.) ASIACRYPT 1991. LNCS, vol. 739, pp. 82–96. Springer, Heidelberg (1993)Google Scholar
  7. 7.
    Damgård, I.B.: A Design Principle for Hash Functions. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 416–427. Springer, Heidelberg (1990)Google Scholar
  8. 8.
    Feldhofer, M., Dominikus, S., Wolkerstorfer, J.: Strong Authentication for RFID Systems Using the AES Algorithm. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 357–370. Springer, Heidelberg (2004)Google Scholar
  9. 9.
    Feldhofer, M., Rechberger, C.: A Case Against Currently Used Hash Functions in RFID Protocols. In: Meersman, R., Tari, Z., Herrero, P. (eds.) OTM 2006 Workshops. LNCS, vol. 4277, pp. 372–381. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  10. 10.
    Garber, D.: Braid Group Cryptography. CoRR, vol. abs/0711.3941, pp. 1–75 (2007)Google Scholar
  11. 11.
    Good, T., Chelton, W., Benaissa, M.: Hardware Results for Selected Stream Cipher Candidates. Presented at the State of the Art of Stream Ciphers SASC’07, Bochum, Germany (2007)Google Scholar
  12. 12.
    Hell, M., Johansson, T., Meier, W.: Grain: a Stream Cipher for Constrained Environments. International Journal of Wireless and Mobile Computing 2, 86–93 (2007)CrossRefGoogle Scholar
  13. 13.
    Hong, D., Sung, J., Hong, S., Lim, J., Lee, S., Koo, B.S., Lee, C., Chang, D., Lee, J., Jeong, K., Kim, H., Kim, J., Chee, S.: HIGHT: a New Block Cipher suitable for Low-Resource Device. In: Goubin, L., Matsui, M. (eds.) CHES 2006. LNCS, vol. 4249, pp. 46–59. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  14. 14.
    Lim, C., Korkishko, T.: mCrypton: A Lightweight Block Cipher for Security of Lowcost RFID Tags and Sensors. In: Song, J.-S., Kwon, T., Yung, M. (eds.) WISA 2005. LNCS, vol. 3786, pp. 243–258. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  15. 15.
    Merkle, R.C.: One way Hash Functions and DES. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 416–427. Springer, Heidelberg (1990)Google Scholar
  16. 16.
    Moldovyan, A.A., Moldovyan, N.A.: A cipher based on data-dependent permutations. Journal of Cryptology 1(15), 61–72 (2002)CrossRefMathSciNetGoogle Scholar
  17. 17.
    Ouafi, K., Vaudenay, S.: Pathchecker: An RFID Application for Tracing Products in Supply-Chains. Presented at the International Conference on RFID Security 2009, Leuven, Belgium (2009)Google Scholar
  18. 18.
    Poschmann, A., Leander, G., Schramm, K., Paar, C.: New Lightweight DES Variants Suited for RFID Applications. In: Biryukov, A. (ed.) FSE 2007. LNCS, vol. 4593, pp. 196–210. Springer, Heidelberg (2007)Google Scholar
  19. 19.
    Rolfes, C., Poschmann, A., Leander, G., Paar, C.: Ultra-Lightweight Implementations for Smart Devices - Security for 1000 Gate Equivalents. In: Grimaud, G., Standaert, F.-X. (eds.) CARDIS 2008. LNCS, vol. 5189, pp. 89–103. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  20. 20.
    Secure Hash Standard. Federal Information Processing Standard publication #180-2. U.S. Department of Commerce, National Institute of Standards and Technology (2002)Google Scholar
  21. 21.
    Tillich, J.P., Zémor, G.: Hashing with SL 2. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 40–49. Springer, Heidelberg (1994)Google Scholar
  22. 22.
    Wheeler, D.J., Needham, R.M.: TEA: a Tiny Encryption Algorithm. In: Preneel, B. (ed.) FSE 1994. LNCS, vol. 1008, pp. 363–366. Springer, Heidelberg (1995)Google Scholar
  23. 23.
    Yu, Y., Yang, Y., Fan, Y., Min, H.: Security Scheme for RFID Tag. Technical report WP-HARDWARE-022, Auto-ID Labs white paper (2006), http://www.autoidlabs.org/single-view/dir/article/6/230/page.html
  24. 24.
    Yoshida, H., Watanabe, D., Okeya, K., Kitahara, J., Wu, J., Küçük, Ö., Preneel, B.: MAME: A Compression Function With Reduced Hardware Requirements. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 148–165. Springer, Heidelberg (2007)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Stéphane Badel
    • 1
  • Nilay Dağtekin
    • 1
  • Jorge NakaharaJr.
    • 1
  • Khaled Ouafi
    • 1
  • Nicolas Reffé
    • 2
  • Pouyan Sepehrdad
    • 1
  • Petr Sušil
    • 1
  • Serge Vaudenay
    • 1
  1. 1.EPFLLausanneSwitzerland
  2. 2.Oridao, MontpellierFrance

Personalised recommendations