CHAM: A Family of Lightweight Block Ciphers for Resource-Constrained Devices

  • Bonwook Koo
  • Dongyoung Roh
  • Hyeonjin Kim
  • Younghoon Jung
  • Dong-Geon Lee
  • Daesung Kwon
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10779)


In this paper, we propose a family of lightweight block ciphers CHAM that has remarkable efficiency on resource-constrained devices. The family consists of three ciphers, CHAM-64/128, CHAM-128/128, and CHAM-128/256 which are of the generalized 4-branch Feistel structure based on ARX (Addition, Rotation, XOR) operations.

In hardware implementations, CHAM requires smaller areas (73% on average) than SIMON [8] through the use of a stateless-on-the-fly key schedule which does not require updating a key state. Regarding software performance, it achieves outstanding figures on typical IoT platforms in terms of the balanced performance metrics introduced in earlier works. It shows a level of performance competitive to SPECK [8] mainly due to small memory size required for round keys. According to our cryptanalysis results, CHAM is secure against known attacks.


Lightweight block cipher Stateless-on-the-fly ARX 

Supplementary material


  1. 1.
    Albrecht, M.R., Driessen, B., Kavun, E.B., Leander, G., Paar, C., Yalçın, T.: Block ciphers – focus on the linear layer (feat. PRIDE). In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014. LNCS, vol. 8616, pp. 57–76. Springer, Heidelberg (2014). CrossRefGoogle Scholar
  2. 2.
    Ashur, T., Liu, Y.: Rotational cryptanalysis in the presence of constants. IACR Trans. Symmetric Cryptol. 2016(1), 57–70 (2016)Google Scholar
  3. 3.
    Banik, S., Bogdanov, A., Isobe, T., Shibutani, K., Hiwatari, H., Akishita, T., Regazzoni, F.: Midori: a block cipher for low energy. In: Iwata, T., Cheon, J.H. (eds.) ASIACRYPT 2015. LNCS, vol. 9453, pp. 411–436. Springer, Heidelberg (2015). CrossRefGoogle Scholar
  4. 4.
    Banik, S., Pandey, S.K., Peyrin, T., Sasaki, Y., Sim, S.M., Todo, Y.: GIFT: a small present. In: Fischer, W., Homma, N. (eds.) CHES 2017. LNCS, vol. 10529, pp. 321–345. Springer, Cham (2017). CrossRefGoogle Scholar
  5. 5.
    Bogdanov, A., Khovratovich, D., Rechberger, C.: Biclique cryptanalysis of the full AES. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 344–371. Springer, Heidelberg (2011). CrossRefGoogle Scholar
  6. 6.
    Bogdanov, A., Knudsen, L.R., Leander, G., Paar, C., Poschmann, A., Robshaw, M.J.B., Seurin, Y., Vikkelsoe, C.: PRESENT: an ultra-lightweight block cipher. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 450–466. Springer, Heidelberg (2007). CrossRefGoogle Scholar
  7. 7.
    Bogdanov, A., Rijmen, V.: Linear hulls with correlation zero and linear cryptanalysis of block ciphers. Des. Codes Cryptogr. 70(3), 369–383 (2014). MathSciNetCrossRefzbMATHGoogle Scholar
  8. 8.
    Beaulieu, R., Shors, D., Smith, J., Treatman-Clark, S., Weeks, B., Wingers, L.: The simon and speck families of lightweight block ciphers. IACR Cryptology ePrint Archive 2013, p. 404 (2013)Google Scholar
  9. 9.
    Beaulieu, R., Shors, D., Smith, J., Treatman-Clark, S., Weeks, B., Wingers, L.: The Simon and Speck block ciphers on AVR 8-bit microcontrollers. In: Eisenbarth, T., Öztürk, E. (eds.) LightSec 2014. LNCS, vol. 8898, pp. 3–20. Springer, Cham (2015). Google Scholar
  10. 10.
    Beaulieu, R., Shors, D., Smith, J., Treatman-Clark, S., Weeks, B., Wingers, L.: Simon and speck: block ciphers for the internet of things. IACR Cryptology ePrint Archive 2015, p. 585 (2015)Google Scholar
  11. 11.
    Beierle, C., et al.: The SKINNY family of block ciphers and its low-latency variant MANTIS. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9815, pp. 123–153. Springer, Heidelberg (2016). CrossRefGoogle Scholar
  12. 12.
    Biham, E., Biryukov, A., Shamir, A.: Cryptanalysis of skipjack reduced to 31 rounds using impossible differentials. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 12–23. Springer, Heidelberg (1999). Google Scholar
  13. 13.
    Biham, E., Dunkelman, O., Keller, N.: The rectangle attack — rectangling the serpent. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 340–357. Springer, Heidelberg (2001). CrossRefGoogle Scholar
  14. 14.
    Biham, E., Dunkelman, O., Keller, N.: Enhancing differential-linear cryptanalysis. In: Zheng, Y. (ed.) ASIACRYPT 2002. LNCS, vol. 2501, pp. 254–266. Springer, Heidelberg (2002). CrossRefGoogle Scholar
  15. 15.
    Biham, E., Dunkelman, O., Keller, N.: Related-key boomerang and rectangle attacks. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 507–525. Springer, Heidelberg (2005). CrossRefGoogle Scholar
  16. 16.
    Biham, E., Shamir, A.: Differential Cryptanalysis of the Data Encryption Standard. Springer, New York (1993). ISBN: 978-1-4613-9316-0, 978-1-4613-9314-6CrossRefzbMATHGoogle Scholar
  17. 17.
    Biryukov, A., Velichkov, V.: Automatic search for differential trails in ARX ciphers. In: Benaloh, J. (ed.) CT-RSA 2014. LNCS, vol. 8366, pp. 227–250. Springer, Cham (2014). CrossRefGoogle Scholar
  18. 18.
    Biryukov, A., Wagner, D.: Slide attacks. In: Knudsen, L. (ed.) FSE 1999. LNCS, vol. 1636, pp. 245–259. Springer, Heidelberg (1999). CrossRefGoogle Scholar
  19. 19.
    Borghoff, J., et al.: PRINCE – a low-latency block cipher for pervasive computing applications. In: Wang, X., Sako, K. (eds.) ASIACRYPT 2012. LNCS, vol. 7658, pp. 208–225. Springer, Heidelberg (2012). CrossRefGoogle Scholar
  20. 20.
    Buhrow, B., Riemer, P., Shea, M., Gilbert, B., Daniel, E.: Block cipher speed and energy efficiency records on the MSP430: system design trade-offs for 16-bit embedded applications. In: Aranha, D.F., Menezes, A. (eds.) LATINCRYPT 2014. LNCS, vol. 8895, pp. 104–123. Springer, Cham (2015). Google Scholar
  21. 21.
    De Cannière, C., Dunkelman, O., Knežević, M.: KATAN and KTANTAN — a family of small and efficient hardware-oriented block ciphers. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 272–288. Springer, Heidelberg (2009). CrossRefGoogle Scholar
  22. 22.
    Canteaut, A., Lallemand, V., Naya-Plasencia, M.: Related-key attack on full-round PICARO. In: Dunkelman, O., Keliher, L. (eds.) SAC 2015. LNCS, vol. 9566, pp. 86–101. Springer, Cham (2016). CrossRefGoogle Scholar
  23. 23.
    Chen, J., Teh, J.S., Su, C., Samsudin, A., Fang, J.: Improved (related-key) attacks on round-reduced KATAN-32/48/64 based on the extended boomerang framework. In: Liu, J.K., Steinfeld, R. (eds.) ACISP 2016. LNCS, vol. 9723, pp. 333–346. Springer, Cham (2016). CrossRefGoogle Scholar
  24. 24.
    Courtois, N.T., Pieprzyk, J.: Cryptanalysis of block ciphers with overdefined systems of equations. In: Zheng, Y. (ed.) ASIACRYPT 2002. LNCS, vol. 2501, pp. 267–287. Springer, Heidelberg (2002). CrossRefGoogle Scholar
  25. 25.
    Dai, Y., Chen, S.: Cryptanalysis of full PRIDE block cipher. Sci. China Inf. Sci. 60, 052108 (2017). MathSciNetCrossRefGoogle Scholar
  26. 26.
    Dinu, D., Biryukov, A., Großschädl, J., Khovratovich, D., Le Corre, Y., Perrin, L.: FELICS - fair evaluation of lightweight cryptographic systems. In: NIST Workshop on Lightweight Cryptography 2015 National Institute of Standards and Technology (2015)Google Scholar
  27. 27.
    Dinu, D., Le Corre, Y., Khovratovich, D., Perrin, L., Großschädl, J., Biryukov, A.: Triathlon of lightweight block ciphers for the Internet of things. IACR Cryptology ePrint Archive, p. 209 (2015)Google Scholar
  28. 28.
    Dinu, D., Perrin, L., Udovenko, A., Velichkov, V., Großschädl, J., Biryukov, A.: Design strategies for ARX with provable bounds: Sparx and LAX. In: Cheon, J.H., Takagi, T. (eds.) ASIACRYPT 2016. LNCS, vol. 10031, pp. 484–513. Springer, Heidelberg (2016). CrossRefGoogle Scholar
  29. 29.
    Guo, J., Peyrin, T., Poschmann, A., Robshaw, M.: The LED block cipher. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 326–341. Springer, Heidelberg (2011). CrossRefGoogle Scholar
  30. 30.
    Hong, D., Lee, J.-K., Kim, D.-C., Kwon, D., Ryu, K.H., Lee, D.-G.: LEA: a 128-bit block cipher for fast encryption on common processors. In: Kim, Y., Lee, H., Perrig, A. (eds.) WISA 2013. LNCS, vol. 8267, pp. 3–27. Springer, Cham (2014). CrossRefGoogle Scholar
  31. 31.
    Hong, D., et al.: HIGHT: a new block cipher suitable for low-resource device. In: Goubin, L., Matsui, M. (eds.) CHES 2006. LNCS, vol. 4249, pp. 46–59. Springer, Heidelberg (2006). CrossRefGoogle Scholar
  32. 32.
    Jean, J., Nikolić, I., Peyrin, T., Wang, L., Wu, S.: Security analysis of PRINCE. In: Moriai, S. (ed.) FSE 2013. LNCS, vol. 8424, pp. 92–111. Springer, Heidelberg (2014). Google Scholar
  33. 33.
    Khovratovich, D., Nikolić, I.: Rotational cryptanalysis of ARX. In: Hong, S., Iwata, T. (eds.) FSE 2010. LNCS, vol. 6147, pp. 333–346. Springer, Heidelberg (2010). CrossRefGoogle Scholar
  34. 34.
    Knudsen, L., Leander, G., Poschmann, A., Robshaw, M.J.B.: PRINTcipher: a block cipher for IC-printing. In: Mangard, S., Standaert, F.-X. (eds.) CHES 2010. LNCS, vol. 6225, pp. 16–32. Springer, Heidelberg (2010). CrossRefGoogle Scholar
  35. 35.
    Knudsen, L., Wagner, D.: Integral cryptanalysis. In: Daemen, J., Rijmen, V. (eds.) FSE 2002. LNCS, vol. 2365, pp. 112–127. Springer, Heidelberg (2002). CrossRefGoogle Scholar
  36. 36.
    Kolay, S., Mukhopadhyay, D.: Khudra: a new lightweight block cipher for FPGAs. In: Chakraborty, R.S., Matyas, V., Schaumont, P. (eds.) SPACE 2014. LNCS, vol. 8804, pp. 126–145. Springer, Cham (2014). Google Scholar
  37. 37.
    Koo, B., Hong, D., Kwon, D.: Related-key attack on the full HIGHT. In: Rhee, K.-H., Nyang, D.H. (eds.) ICISC 2010. LNCS, vol. 6829, pp. 49–67. Springer, Heidelberg (2011). CrossRefGoogle Scholar
  38. 38.
    Matsui, M.: Linear cryptanalysis method for DES cipher. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 386–397. Springer, Heidelberg (1994). Google Scholar
  39. 39.
    Matsui, M.: On correlation between the order of S-boxes and the strength of DES. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 366–375. Springer, Heidelberg (1995). Google Scholar
  40. 40.
    Moradi, A., Poschmann, A., Ling, S., Paar, C., Wang, H.: Pushing the limits: a very compact and a threshold implementation of AES. In: Paterson, K.G. (ed.) EUROCRYPT 2011. LNCS, vol. 6632, pp. 69–88. Springer, Heidelberg (2011). CrossRefGoogle Scholar
  41. 41.
    Piret, G., Roche, T., Carlet, C.: PICARO – a block cipher allowing efficient higher-order side-channel resistance. In: Bao, F., Samarati, P., Zhou, J. (eds.) ACNS 2012. LNCS, vol. 7341, pp. 311–328. Springer, Heidelberg (2012). CrossRefGoogle Scholar
  42. 42.
    Poschmann, A.: Lightweight cryptography - cryptographic engineering for a pervasive world. Number 8 in IT Security. Europäischer Universitätsverlag, Published: Ph.D. thesis, Ruhr University Bochum (2009)Google Scholar
  43. 43.
    Shibutani, K., Isobe, T., Hiwatari, H., Mitsuda, A., Akishita, T., Shirai, T.: Piccolo: an ultra-lightweight blockcipher. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 342–357. Springer, Heidelberg (2011). CrossRefGoogle Scholar
  44. 44.
    Shirai, T., Shibutani, K., Akishita, T., Moriai, S., Iwata, T.: The 128-bit blockcipher CLEFIA (extended abstract). In: Biryukov, A. (ed.) FSE 2007. LNCS, vol. 4593, pp. 181–195. Springer, Heidelberg (2007). CrossRefGoogle Scholar
  45. 45.
    Song, L., Huang, Z., Yang, Q.: Automatic differential analysis of ARX block ciphers with application to SPECK and LEA. In: Liu, J.K., Steinfeld, R. (eds.) ACISP 2016. LNCS, vol. 9723, pp. 379–394. Springer, Cham (2016). CrossRefGoogle Scholar
  46. 46.
    Sun, L., Wang, W., Liu, R., Wang, M.: MILP-aided bit-based division property for ARX-based block cipher, Cryptology ePrint Archive, Report 2016, p. 1101 (2016)Google Scholar
  47. 47.
    Suzaki, T., Minematsu, K., Morioka, S., Kobayashi, E.: \(\mathit{TWINE}\): a lightweight block cipher for multiple platforms. In: Knudsen, L.R., Wu, H. (eds.) SAC 2012. LNCS, vol. 7707, pp. 339–354. Springer, Heidelberg (2013). CrossRefGoogle Scholar
  48. 48.
    Todo, Y.: Integral cryptanalysis on full MISTY1. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9215, pp. 413–432. Springer, Heidelberg (2015). CrossRefGoogle Scholar
  49. 49.
    Todo, Y., Morii, M.: Bit-based division property and application to Simon family. In: Peyrin, T. (ed.) FSE 2016. LNCS, vol. 9783, pp. 357–377. Springer, Heidelberg (2016). CrossRefGoogle Scholar
  50. 50.
    Wagner, D.: The boomerang attack. In: Knudsen, L. (ed.) FSE 1999. LNCS, vol. 1636, pp. 156–170. Springer, Heidelberg (1999). CrossRefGoogle Scholar
  51. 51.
    Wang, Y., Wu, W., Yu, X., Zhang, L.: Security on LBlock against biclique cryptanalysis. In: Lee, D.H., Yung, M. (eds.) WISA 2012. LNCS, vol. 7690, pp. 1–14. Springer, Heidelberg (2012). CrossRefGoogle Scholar
  52. 52.
    Wallén, J.: On the differential and linear properties of addition master’s thesis. Helsinki University of Technology, Laboratory for Theoretical Computer Science (2003)Google Scholar
  53. 53.
    Wenzel-Benner, C., Gräf, J.: XBX: eXternal benchmarking eXtension for the SUPERCOP crypto benchmarking framework. In: Mangard, S., Standaert, F.-X. (eds.) CHES 2010. LNCS, vol. 6225, pp. 294–305. Springer, Heidelberg (2010). CrossRefGoogle Scholar
  54. 54.
    Yang, Q., Hu, L., Sun, S., Song, L.: Related-key impossible differential analysis of full Khudra. In: Ogawa, K., Yoshioka, K. (eds.) IWSEC 2016. LNCS, vol. 9836, pp. 135–146. Springer, Cham (2016). CrossRefGoogle Scholar
  55. 55.
    Yang, G., Zhu, B., Suder, V., Aagaard, M.D., Gong, G.: The Simeck family of lightweight block ciphers. In: Güneysu, T., Handschuh, H. (eds.) CHES 2015. LNCS, vol. 9293, pp. 307–329. Springer, Heidelberg (2015). CrossRefGoogle Scholar

Copyright information

© Springer International Publishing AG, part of Springer Nature 2018

Authors and Affiliations

  • Bonwook Koo
    • 1
  • Dongyoung Roh
    • 1
  • Hyeonjin Kim
    • 1
  • Younghoon Jung
    • 1
  • Dong-Geon Lee
    • 1
  • Daesung Kwon
    • 1
  1. 1.National Security Research InstituteDaejeonRepublic of Korea

Personalised recommendations