Low-Latency Encryption – Is “Lightweight = Light + Wait”?

  • Miroslav Knežević
  • Ventzislav Nikov
  • Peter Rombouts
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7428)


The processing time required by a cryptographic primitive implemented in hardware is an important metric for its performance but it has not received much attention in recent publications on lightweight cryptography. Nevertheless, there are important applications for cost effective low-latency encryption. As the first step in the field, this paper explores the low-latency behavior of hardware implementations of a set of block ciphers. The latency of the implementations is investigated as well as the trade-offs with other metrics such as circuit area, time-area product, power, and energy consumption. The obtained results are related back to the properties of the underlying cipher algorithm and, as it turns out, the number of rounds, their complexity, and the similarity of encryption and decryption procedures have a strong impact on the results. We provide a qualitative description and conclude with a set of recommendations for aspiring low-latency block cipher designers.


Clock Cycle Block Cipher Stream Cipher Hardware Performance Gate Equivalence 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    FIPS Pub. 197: Specification for the AES (November 2001),
  2. 2.
    Biryukov, A. (ed.): FSE 2007. LNCS, vol. 4593. Springer, Heidelberg (2007)zbMATHGoogle Scholar
  3. 3.
    Robshaw, M., Billet, O. (eds.): New Stream Cipher Designs. LNCS, vol. 4986. Springer, Heidelberg (2008)Google Scholar
  4. 4.
    Mangard, S., Standaert, F.-X. (eds.): CHES 2010. LNCS, vol. 6225. Springer, Heidelberg (2010)zbMATHGoogle Scholar
  5. 5.
    Preneel, B., Takagi, T. (eds.): CHES 2011. LNCS, vol. 6917. Springer, Heidelberg (2011)zbMATHGoogle Scholar
  6. 6.
    Aumasson, J.-P., Henzenz, L., Meier, W., Naya-Plasencia, M.: Quark: a lightweight hash. In: Cryptographic Hardware and Embedded Systems — CHES 2010 [4], pp. 1–15Google Scholar
  7. 7.
    Bertoni, G., Daemen, J., Peeters, M., Assche, G.V.: Keccak sponge function family main document (version 2.1). Submission to NIST (2010),
  8. 8.
    Bogdanov, A., Knežević, M., Leander, G., Toz, D., Varici, K., Verbauwhede, I.: SPONGENT: A lightweight hash function. In: Cryptographic Hardware and Embedded Systems — CHES 2011 [5], pp. 312–325Google Scholar
  9. 9.
    Bogdanov, A., Knudsen, L.R., Leander, G., Paar, C., Poschmann, A., Robshaw, M.J.B., Seurin, Y., Vikkelsoe, C.: PRESENT: An Ultra-Lightweight Block Cipher. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 450–466. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  10. 10.
    De Cannière, C., Dunkelman, O., Knežević, M.: KATAN and KTANTAN — A Family of Small and Efficient Hardware-Oriented Block Ciphers. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 272–288. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  11. 11.
    Cannière, C.D., Preneel, B.: Trivium. In: The eSTREAM Finalists [3], pp. 244–266Google Scholar
  12. 12.
    Cid, C., Murphy, S., Robshaw, M.J.B.: Small Scale Variants of the AES. In: Gilbert, H., Handschuh, H. (eds.) FSE 2005. LNCS, vol. 3557, pp. 145–162. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  13. 13.
    Daemen, J., Peeters, M., Rijmen, V., Assehe, G.V.: Nessie Proposal: Noekeon (2000),
  14. 14.
    Daemen, J., Rijmen, V.: The Design of Rijndael: AES - The Advanced Encryption Standard. Springer (2002)Google Scholar
  15. 15.
    European Network of Excellence in Cryptology – ECRYPT. The eSTREAM Project (2004),
  16. 16.
    Feldhofer, M., Rechberger, C.: A Case Against Currently Used Hash Functions in RFID Protocols. In: Meersman, R., Tari, Z., Herrero, P. (eds.) OTM 2006 Workshops, Part I. LNCS, vol. 4277, pp. 372–381. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  17. 17.
    Feldhofer, M., Wolkerstorfer, J., Rijmen, V.: AES Implementation on a Grain of Sand. IEE Proceedings Information Security 152(1), 13–20 (2005)CrossRefGoogle Scholar
  18. 18.
    Gong, Z., Nikova, S., Law, Y.W.: KLEIN: A New Family of Lightweight Block Ciphers. In: Juels, A., Paar, C. (eds.) RFIDSec 2011. LNCS, vol. 7055, pp. 1–18. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  19. 19.
    Guo, J., Peyrin, T., Poschmann, A.: The PHOTON Family of Lightweight Hash Functions. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 222–239. Springer, Heidelberg (2011)Google Scholar
  20. 20.
    Guo, J., Peyrin, T., Poschmann, A., Robshaw, M.: The LED Block Cipher. In: Cryptographic Hardware and Embedded Systems — CHES 2011 [5], pp. 326–341Google Scholar
  21. 21.
    Hell, M., Johansson, T., Maximov, A., Meier, W.: The Grain Family of Stream Ciphers. In: The eSTREAM Finalists [3], pp. 179–190Google Scholar
  22. 22.
    Hodjat, A., Verbauwhede, I.: Area-Throughput Trade-offs for Fully Pipelined 30 to 70 Gbits/s AES Processors. IEEE Transactions on Computers 55(4), 366–372 (2006)CrossRefGoogle Scholar
  23. 23.
    Hong, D., Sung, J., Hong, S., Lim, J., Lee, S., Koo, B., Lee, C., Chang, D., Lee, J., Jeong, K., Kim, H., Kim, J., Chee, S.: HIGHT: A New Block Cipher Suitable for Low-Resource Device. In: Goubin, L., Matsui, M. (eds.) CHES 2006. LNCS, vol. 4249, pp. 46–59. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  24. 24.
    Izadi, M., Sadeghiyan, B., Sadeghian, S., Khanooki, H.: MIBS: A New Lightweight Block Cipher. In: Garay, J.A., Miyaji, A., Otsuka, A. (eds.) CANS 2009. LNCS, vol. 5888, pp. 334–348. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  25. 25.
    Kavun, E., Yalcin, T.: A Lightweight Implementation of Keccak Hash Function for Radio-Frequency Identification Applications. In: Ors Yalcin, S.B. (ed.) RFIDSec 2010. LNCS, vol. 6370, pp. 258–269. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  26. 26.
    Knudsen, L., Leander, G., Poschmann, A., Robshaw, M.: PRINTcipher: A Block Cipher for IC-Printing. In: Cryptographic Hardware and Embedded Systems — CHES 2010 [4], pp. 16–32Google Scholar
  27. 27.
    Leander, G., Paar, C., Poschmann, A., Schramm, K.: New Lightweight DES Variants. In: 14th International Workshop on Fast Software Encryption — FSE 2007 [2], pp. 196–210Google Scholar
  28. 28.
    Leander, G., Poschmann, A.: On the Classification of 4 Bit S-Boxes. In: Carlet, C., Sunar, B. (eds.) WAIFI 2007. LNCS, vol. 4547, pp. 159–176. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  29. 29.
    Lim, C., Korkishko, T.: mCrypton – A Lightweight Block Cipher for Security of Low-Cost RFID Tags and Sensors. In: Song, J.-S., Kwon, T., Yung, M. (eds.) WISA 2005. LNCS, vol. 3786, pp. 243–258. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  30. 30.
    Mathew, S., Sheikh, F., Kounavis, M., Gueron, S., Agarwal, A., Hsu, S., Kaul, H., Anders, M., Krishnamurthy, R.: 53 Gbps Native GF(24)2 Composite-Field AES-Encrypt/Decrypt Accelerator for Content-Protection in 45 nm High-Performance Microprocessors. IEEE Journal of Solid-State Circuits 46(4), 767–776 (2011)CrossRefGoogle Scholar
  31. 31.
    National Institute of Standards and Technology (NIST). Cryptographic Hash Algorithm Competition,
  32. 32.
    National Institute of Standards and Technology (NIST). FIPS 197: Advanced Encryption Standard (November 2001)Google Scholar
  33. 33.
    Poschmann, A., Moradi, A., Khoo, K., Lim, C.-W., Wang, H., Ling, S.: Side-Channel Resistant Crypto for Less than 2,300 GE. Journal of Cryptology 24, 322–345 (2011)MathSciNetzbMATHCrossRefGoogle Scholar
  34. 34.
    Shibutani, K., Isobe, T., Hiwatari, H., Mitsuda, A., Akishita, T., Shirai, T.: Piccolo: An Ultra-Lightweight Blockcipher. In: Cryptographic Hardware and Embedded Systems — CHES 2011 [5], pp. 342–357Google Scholar
  35. 35.
    Shirai, T., Shibutani, K., Akishita, T., Moriai, S., Iwata, T.: The 128-bit blockcipher CLEFIA. In: 14th International Workshop on Fast Software Encryption — FSE 2007 [2], pp. 181–195Google Scholar
  36. 36.
    Standaert, F.-X., Piret, G., Gershenfeld, N., Quisquater, J.-J.: SEA: A Scalable Encryption Algorithm for Small Embedded Applications. In: Domingo-Ferrer, J., Posegga, J., Schreckling, D. (eds.) CARDIS 2006. LNCS, vol. 3928, pp. 222–236. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  37. 37.
    Wheeler, D., Needham, R.: TEA, a Tiny Encryption Algorithm. In: Preneel, B. (ed.) FSE 1994. LNCS, vol. 1008, pp. 363–366. Springer, Heidelberg (1995)CrossRefGoogle Scholar

Copyright information

© International Association for Cryptologic Research 2012

Authors and Affiliations

  • Miroslav Knežević
    • 1
  • Ventzislav Nikov
    • 1
  • Peter Rombouts
    • 1
  1. 1.NXP SemiconductorsLeuvenBelgium

Personalised recommendations