Abstract
The U.S. National Institute of Standards and Technology is currently undertaking a process to evaluate and eventually standardize one or more “lightweight” algorithms for authenticated encryption and hashing that are suitable for resource-restricted devices. In addition to security, this process takes into account the efficiency of the candidate algorithms in various hardware environments (e.g. FPGAs, ASICs) and software platforms (e.g. 8, 16, 32-bit microcontrollers). However, while there exist numerous detailed benchmarking results for 8-bit AVR and 32-bit ARM/RISC-V/ESP32 microcontrollers, relatively little is known about the candidates’ efficiency on 16-bit platforms. In order to fill this gap, we present a performance evaluation of the final-round candidates Ascon, Schwaemm, TinyJambu, and Xoodyak on the MSP430 series of ultra-low-power 16-bit microcontrollers from Texas Instruments. All four algorithms were explicitly designed to achieve high performance in software and have further in common that the underlying primitive is a permutation. We discuss how these permutations can be implemented efficiently in Assembly language and analyze how basic design decisions impact their execution time on the MSP430 architecture. Our results show that, overall, Schwaemm is the fastest algorithm across various lengths of data and associated data, respectively. Xoodyak has benefits when a large amount of associated data is to be authenticated, whereas TinyJambu is very efficient for the authentication of short messages.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
At the time of writing this paper, the third (i.e. final) round of evaluation was still going on and NIST had not yet released the round-3 benchmarking results.
- 2.
Out of the total of 16 general-purpose registers, only 12 can actually be used by the programmer, which means the usable register space of MSP430 microcontrollers is even smaller than that of the 8-bit AVR architecture (192 vs. 256 bits).
- 3.
As argued in [4], the ability to work locally (i.e. on a part of the state at a time) is an important design criterion to achieve good efficiency on microcontrollers whose register space is too small to store the full state (high locality reduces the need to move state-words between registers and RAM). However, efficiency desiderata like locality have to be carefully balanced with security desiderata like diffusion.
- 4.
http://www.iar.com/products/architectures/iar-embedded-workbench-for-msp430 (accessed on 2022-12-14).
References
Arm Limited. ARM Cortex-M3 Processor Technical Reference Manual, Revision r2p1 (2016). http://developer.arm.com/documentation/100165/latest
Beierle, C., et al.: Lightweight AEAD and hashing using the Sparkle permutation family. IACR Trans. Symmetric Cryptol. 2020(S1), 208–261 (2020)
Bernstein, D.J.: The Salsa20 family of stream ciphers. In: Robshaw, M., Billet, O. (eds.) New Stream Cipher Designs. LNCS, vol. 4986, pp. 84–97. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-68351-3_8
Bernstein, D.J., et al.: Gimli: a cross-platform permutation. In: Fischer, W., Homma, N. (eds.) CHES 2017. LNCS, vol. 10529, pp. 299–320. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-66787-4_15
Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: Cryptographic sponge functions (2011). http://keccak.team/files/CSF-0.1.pdf
Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: The Keccak reference, version 3.0 (2011). http://keccak.team/files/Keccak-reference-3.0.pdf
Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: Permutation-based encryption, authentication and authenticated encryption. In: Record of the 1st ECRYPT II Workshop on New Directions in Authenticated Encryption (DIAC 2012), pp. 159–170 (2012)
Blanc, S., Lahmadi, A., Le Gouguec, K., Minier, M., Sleem, L.: Benchmarking of lightweight cryptographic algorithms for wireless IoT networks. Wireless Netw. 28(8), 3453–3476 (2022)
Cardoso dos Santos, L., Großschädl, J.: An evaluation of the multi-platform efficiency of lightweight cryptographic permutations. In: Ryan, P.Y.A., Toma, C. (eds.) SecITC 2021. LNCS, vol. 13195, pp. 75–90. Springer, Cham (2022). https://doi.org/10.1007/978-3-031-17510-7_6
Cardoso dos Santos, L., Großschädl, J., Biryukov, A.: FELICS-AEAD: benchmarking of lightweight authenticated encryption algorithms. In: Belaïd, S., Güneysu, T. (eds.) CARDIS 2019. LNCS, vol. 11833, pp. 216–233. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-42068-0_13
Chakraborti, A., Datta, N., Nandi, M., Yasuda, K.: Beetle family of lightweight and secure authenticated encryption ciphers. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2018(2), 218–241 (2018)
Daemen, J., Hoffert, S., Peeters, M., Van Assche, G., Van Keer, R.: Xoodyak, a lightweight cryptographic scheme. IACR Trans. Symmetric Cryptol. 2020(S1), 60–87 (2020)
Daemen, J., Hoffert, S., Van Assche, G., Van Keer, R.: The design of Xoodoo and Xoofff. IACR Trans. Symmetric Cryptol. 2018(4), 1–38 (2018)
Dang, D., Plant, M., Poole, M.: Wireless connectivity for the Internet of Things (IoT) with MSP430 microcontrollers (MCUs) (2014). Texas Instruments white paper. http://www.ti.com/lit/wp/slay028/slay028.pdf
Dobraunig, C., Eichlseder, M., Mendel, F., Schläffer, M.: Ascon v1.2: lightweight authenticated encryption and hashing. J. Cryptol. 34(3), 33 (2021)
Gligor, V.D.: Light-weight cryptography - how light is light? Keynote presentation at the Information Security Summer School, Florida State University (2005). Slide deck. http://www.sait.fsu.edu/conferences/2005/is3/resources/slides/gligorv-cryptolite.ppt
Guo, J., Peyrin, T., Poschmann, A.: The PHOTON family of lightweight hash functions. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 222–239. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-22792-9_13
Hamburg, M.: The STROBE protocol framework. Cryptology ePrint Archive, Report 2017/003 (2017). http://eprint.iacr.org/2017/003
Microchip Technology Inc. 8-bit Atmel Microcontroller with 128KBytes In-System Programmable Flash: ATmega128, ATmega128L (2011). http://ww1.microchip.com/downloads/en/DeviceDoc/doc2467.pdf
National Institute of Standards and Technology (NIST). Submission Requirements and Evaluation Criteria for the Lightweight Cryptography Standardization Process (2018). http://csrc.nist.gov/CSRC/media/Projects/Lightweight-Cryptography/documents/final-lwc-submission-requirements-august2018.pdf
National Institute of Standards and Technology (NIST). Benchmarking of lightweight cryptographic algorithms on microcontrollers (2020). http://github.com/usnistgov/Lightweight-Cryptography-Benchmarking
National Institute of Standards and Technology (NIST). Status Report on the Second Round of the NIST Lightweight Cryptography Standardization Process. Internal Report 8369 (2021). http://nvlpubs.nist.gov/nistpubs/ir/2021/NIST.IR.8369.pdf
Perrin, T.: Stateful hash objects: API and constructions (2018). Specification. http://github.com/noiseprotocol/sho_spec
Renner, S., Pozzobon, E., Mottok, J.: NIST LWC software performance benchmarks on microcontrollers (2020). http://lwc.las3.de
Rzehak, V.: Low-power FRAM microcontrollers and their applications (2019). Texas Instruments white paper. http://www.ti.com/lit/wp/slaa502/slaa502.pdf
Saarinen, M.-J.O.: Beyond modes: building a secure record protocol from a cryptographic sponge permutation. In: Benaloh, J. (ed.) CT-RSA 2014. LNCS, vol. 8366, pp. 270–285. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-04852-9_14
Texas Instruments Inc. MSP430 Family Architecture Guide and Module Library. TI literature number SLAUE10B (1996). http://www.ti.com/sc/docs/products/micro/msp430/userguid/ag_01.pdf
Texas Instruments, Inc. MSP430x1xx Family User’s Guide (Rev. F) (2006). Manual. http://www.ti.com/lit/ug/slau049f/slau049f.pdf
Texas Instruments Inc. MSP430 Ultra-Low-Power Microcontrollers (2013). Product bulletin. http://www.ti.com/lit/sg/slab034w/slab034w.pdf
Weatherley, R.: Lightweight cryptography primitives documentation (2021). http://rweather.github.io/lwc-finalists/index.html
Wu, H., Huang, T.: TinyJAMBU: a family of lightweight authenticated encryption algorithms (Version 2) (2021). Specification. http://csrc.nist.gov/CSRC/media/Projects/lightweight-cryptography/documents/finalist-round/updated-spec-doc/tinyjambu-spec-final.pdf
Yan, L., Zhang, Y., Yang, L.T., Ning, H.: The Internet of Things: From RFID to the Next-Generation Pervasive Networked Systems. Auerbach Publications (2008)
Acknowledgements
The last author was supported by the Fonds National de la Recherche (FNR) Luxembourg under CORE grant C19/IS/13641232. The source code is available online at http://github.com/johgrolux/aead430.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Alsahli, M., Borgognoni, A., Cardoso dos Santos, L., Cheng, H., Franck, C., Großschädl, J. (2023). Lightweight Permutation-Based Cryptography for the Ultra-Low-Power Internet of Things. In: Bella, G., Doinea, M., Janicke, H. (eds) Innovative Security Solutions for Information Technology and Communications. SecITC 2022. Lecture Notes in Computer Science, vol 13809. Springer, Cham. https://doi.org/10.1007/978-3-031-32636-3_2
Download citation
DOI: https://doi.org/10.1007/978-3-031-32636-3_2
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-32635-6
Online ISBN: 978-3-031-32636-3
eBook Packages: Computer ScienceComputer Science (R0)