Skip to main content

Energy Analysis of Lightweight AEAD Circuits

Part of the Lecture Notes in Computer Science book series (LNSC,volume 12579)

Abstract

The selection criteria for NIST’s Lightweight Crypto Standardization (LWC) have been slowly shifting towards the lightweight efficiency of designs, given that a large number of candidates already establish their security claims on conservative, well-studied paradigms. The research community has accumulated a decent level of experience on authenticated encryption primitives, thanks mostly to the recently completed CAESAR competition, with the advent of the NIST LWC, the de facto focus is now on evaluating efficiency of the designs with respect to hardware metrics like area, throughput, power and energy.

In this paper, we focus on a less investigated metric under the umbrella term lightweight, i.e. energy consumption. Quantitatively speaking, energy is the sum total electrical work done by a voltage source and thus is a critical metric of lightweight efficiency. Among the thirty-two second round candidates, we give a detailed evaluation of the ten that only make use of a lightweight or semi-lightweight block cipher at their core. We use this pool of candidates to investigate a list of generic implementation choices that have considerable effect on both the size and the energy consumption of modes of operation circuit, which function as an authenticated encryption primitive.

In the second part of the paper, we shift our focus to threshold implementations that offer protection against first order power analysis attacks. There has been no study focusing on energy efficiency of such protected implementations and as such the optimizations involved in such circuits are not well established. We explore the simplest possible protected circuit: the one in which only the state path of the underlying block cipher is shared, and we explore how design choices like number of shares, implementation of the masked s-box and the circuit structure of the AEAD scheme affect the energy consumption.

Keywords

  • Energy
  • Power
  • Lightweight cryptography
  • AEAD
  • Block ciphers
  • Unrolling
  • Hardware
  • Logic synthesis

This is a preview of subscription content, access via your institution.

Buying options

Chapter
USD   29.95
Price excludes VAT (USA)
  • DOI: 10.1007/978-3-030-65411-5_2
  • Chapter length: 20 pages
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
eBook
USD   109.00
Price excludes VAT (USA)
  • ISBN: 978-3-030-65411-5
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
Softcover Book
USD   139.99
Price excludes VAT (USA)
Fig. 1.
Fig. 2.
Fig. 3.
Fig. 4.
Fig. 5.
Fig. 6.

Notes

  1. 1.

    The inverse-gating technique uses only the first phase of the clock cycle to compute the full block cipher call, therefore the clock period is doubled to ensure all glitches are stabilized during this clock phase.

  2. 2.

    To obtain these figures which illustrate the power consumption of individual circuit elements, we used a different compile directive to the circuit compiler, hence the figures are slightly different from the optimal energy figures tabulated in Table 4.

  3. 3.

    The Claim 1 is based on the fact that for 1-round unrolling of GIFT-COFB and SUNDAE-GIFT, more than half of the energy is consumed by the registers in Fig. 3, even though these two have relatively fewer flip-flops. On the other hand, percentage of energy consumption by registers are much higher for LOTUS-AEAD, because the mode of operation brings many intermediate variables into the circuit which need extra registers to store.

References

  1. NIST Lightweight Cryptography Project. https://csrc.nist.gov/projects/lightweight-cryptography

  2. Andreeva, E., Lallemand, V., Purnal, A., Reyhanitabar, R., Vizár, A.R.D.: Forkae vol 1. NIST Lightweight Cryptography Project (2019). https://csrc.nist.gov/Projects/lightweight-cryptography/round-2-candidates

  3. Banik, S., Balli, F., Regazzoni, F., Vaudenay, S.: Swap and rotate: lightweight linear layers for SPN-based blockciphers. Cryptology ePrint Archive, Report 2019/1212 (2019). https://eprint.iacr.org/2019/1212

  4. Banik, S., et al.: SUNDAE-GIFT v1.0. NIST Lightweight Cryptography Project (2019). https://csrc.nist.gov/Projects/lightweight-cryptography/round-2-candidates

  5. Banik, S., Bogdanov, A., Regazzoni, F.: Exploring energy efficiency of lightweight block ciphers. In: Dunkelman, O., Keliher, L. (eds.) SAC 2015. LNCS, vol. 9566, pp. 178–194. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-31301-6_10

    CrossRef  Google Scholar 

  6. Banik, S., Bogdanov, A., Regazzoni, F.: Atomic-AES: a compact implementation of the AES encryption/decryption core. In: Dunkelman, O., Sanadhya, S.K. (eds.) INDOCRYPT 2016. LNCS, vol. 10095, pp. 173–190. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-49890-4_10

    CrossRef  Google Scholar 

  7. Banik, S., Bogdanov, A., Regazzoni, F., Isobe, T., Hiwatari, H., Akishita, T.: Round gating for low energy block ciphers. In: 2016 IEEE International Symposium on Hardware Oriented Security and Trust, HOST 2016, McLean, VA, USA, 3–5 May 2016, pp. 55–60 (2016). https://doi.org/10.1109/HST.2016.7495556

  8. Banik, S., Bogdanov, A., Regazzoni, F., Isobe, T., Hiwatari, H., Akishita, T.: Inverse gating for low energy encryption. In: 2018 IEEE International Symposium on Hardware Oriented Security and Trust, HOST 2018, Washington, DC, USA, 30 April–4 May 2018, pp. 173–176 (2018). https://doi.org/10.1109/HST.2018.8383909

  9. Banik, S., et al.: GIFT-COFB v1.0. NIST Lightweight Cryptography Project (2019). https://csrc.nist.gov/Projects/lightweight-cryptography/round-2-candidates

  10. Banik, S., Pandey, S.K., Peyrin, T., Sasaki, Yu., Sim, S.M., Todo, Y.: GIFT: a small present. In: Fischer, W., Homma, N. (eds.) CHES 2017. LNCS, vol. 10529, pp. 321–345. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-66787-4_16

    CrossRef  Google Scholar 

  11. Beierle, C., et al.: The SKINNY family of block ciphers and its low-latency variant MANTIS. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9815, pp. 123–153. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53008-5_5

    CrossRef  Google Scholar 

  12. Beierle, C., et al.: SKINNY-AEAD and SKINNY-Hash. NIST Lightweight Cryptography Project (2019). https://csrc.nist.gov/Projects/lightweight-cryptography/round-2-candidates

  13. Bogdanov, A., et al.: PRESENT: an ultra-lightweight block cipher. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 450–466. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-74735-2_31

    CrossRef  Google Scholar 

  14. Canteaut, A., et al.: Saturnin: a suite of lightweight symmetric algorithms for post-quantum security. NIST Lightweight Cryptography Project (2019). https://csrc.nist.gov/Projects/lightweight-cryptography/round-2-candidates

  15. Chakraborti, A., Datta, N., Jha, A., Lopez, C.M., Nandi, M., Sasaki, Y.: Lotus-AEAD and Locus-AEAD. NIST Lightweight Cryptography Project (2019). https://csrc.nist.gov/Projects/lightweight-cryptography/round-2-candidates

  16. Chakraborti, A., Datta, N., Jha, A., Nandi, M.: Hyena. NIST Lightweight Cryptography Project (2019). https://csrc.nist.gov/Projects/lightweight-cryptography/round-2-candidates

  17. Goudarzi, D., et al.: Pyjamask v1.0. NIST Lightweight Cryptography Project (2019). https://csrc.nist.gov/Projects/lightweight-cryptography/round-2-candidates

  18. Homsirikamol, E., et al.: CAESAR Hardware API. Cryptology ePrint Archive, Report 2016/626 (2016). https://eprint.iacr.org/2016/626

  19. Iwata, T., Khairallah, M., Minematsu, K., Peyrin, T.: Romulus v1.2. NIST Lightweight Cryptography Project (2019). https://csrc.nist.gov/Projects/lightweight-cryptography/round-2-candidates

  20. Jati, A., Gupta, N., Chattopadhyay, A., Sanadhya, S.K., Chang, D.: Threshold implementations of GIFT: a trade-off analysis. IEEE Trans. Inf. Forensics Secur. 15, 2110–2120 (2020). https://doi.org/10.1109/TIFS.2019.2957974

    CrossRef  Google Scholar 

  21. Jean, J., Moradi, A., Peyrin, T., Sasdrich, P.: Bit-sliding: a generic technique for bit-serial implementations of SPN-based primitives. In: Fischer, W., Homma, N. (eds.) CHES 2017. LNCS, vol. 10529, pp. 687–707. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-66787-4_33

    CrossRef  MATH  Google Scholar 

  22. Kerckhof, S., Durvaux, F., Hocquet, C., Bol, D., Standaert, F.-X.: Towards green cryptography: a comparison of lightweight ciphers from the energy viewpoint. In: Prouff, E., Schaumont, P. (eds.) CHES 2012. LNCS, vol. 7428, pp. 390–407. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-33027-8_23

    CrossRef  Google Scholar 

  23. Moradi, A., Poschmann, A., Ling, S., Paar, C., Wang, H.: Pushing the limits: a very compact and a threshold implementation of AES. In: Paterson, K.G. (ed.) EUROCRYPT 2011. LNCS, vol. 6632, pp. 69–88. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-20465-4_6

    CrossRef  Google Scholar 

  24. Nikova, S., Rijmen, V., Schläffer, M.: Secure hardware implementation of nonlinear functions in the presence of glitches. J. Cryptol. 24(2), 292–321 (2010). https://doi.org/10.1007/s00145-010-9085-7

    MathSciNet  CrossRef  MATH  Google Scholar 

  25. Poschmann, A., Moradi, A., Khoo, K., Lim, C.-W., Wang, H., Ling, S.: Side-channel resistant crypto for less than 2,300 GE. J. Cryptol. 24(2), 322–345 (2010). https://doi.org/10.1007/s00145-010-9086-6

    MathSciNet  CrossRef  MATH  Google Scholar 

Download references

Acknowledgments

The 2nd and 3rd authors are supported by the Swiss National Science Foundation (SNSF) through the Ambizione Grant PZ00P2_179921.

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Subhadeep Banik .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and Permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Verify currency and authenticity via CrossMark

Cite this paper

Caforio, A., Balli, F., Banik, S. (2020). Energy Analysis of Lightweight AEAD Circuits. In: Krenn, S., Shulman, H., Vaudenay, S. (eds) Cryptology and Network Security. CANS 2020. Lecture Notes in Computer Science(), vol 12579. Springer, Cham. https://doi.org/10.1007/978-3-030-65411-5_2

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-65411-5_2

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-65410-8

  • Online ISBN: 978-3-030-65411-5

  • eBook Packages: Computer ScienceComputer Science (R0)