PRESENT: An Ultra-Lightweight Block Cipher

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4727)


With the establishment of the AES the need for new block ciphers has been greatly diminished; for almost all block cipher applications the AES is an excellent and preferred choice. However, despite recent implementation advances, the AES is not suitable for extremely constrained environments such as RFID tags and sensor networks. In this paper we describe an ultra-lightweight block cipher, present. Both security and hardware efficiency have been equally important during the design of the cipher and at 1570 GE, the hardware requirements for present are competitive with today’s leading compact stream ciphers.


Block Cipher Advance Encryption Standard Stream Cipher Algebraic Attack Linear Cryptanalysis 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Aoki, K., Ichikawa, T., Kanda, M., Matsui, M., Moriai, S., Nakajima, J., Tokita, T.: Camellia: A 128-Bit Block Cipher Suitable for Multiple Platforms - Design and Analysis. In: Stinson, D.R., Tavares, S. (eds.) SAC 2000. LNCS, vol. 2012, pp. 39–56. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  2. 2.
    Biham, E.: New Types of Cryptanalytic Attacks Using Related Keys. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 398–409. Springer, Heidelberg (1994)Google Scholar
  3. 3.
    Biham, E., Shamir, A.: Differential Cryptanalysis of the Data Encryption Standard. Springer, Heidelberg (1993)zbMATHGoogle Scholar
  4. 4.
    Biham, E., Knudsen, L.R., Anderson, R.J.: Serpent: A New Block Cipher Proposal. In: Vaudenay, S. (ed.) FSE 1998. LNCS, vol. 1372, pp. 222–238. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  5. 5.
    Biryukov, A., Wagner, D.: Advanced Slide Attacks. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 589–606. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  6. 6.
    Biryukov, A., Mukhopadhyay, S., Sarkar, P.: Improved Time-memory Trade-offs with Multiple Data. In: Preneel, B., Tavares, S. (eds.) SAC 2005. LNCS, vol. 3897, pp. 110–127. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  7. 7.
    de Cannière, C., Preneel, B.: Trivium. Available via,
  8. 8.
    Cid, C., Leurent, G.: An Analysis of the XSL Algorithm. In: Roy, B. (ed.) ASIACRYPT 2005. LNCS, vol. 3788, pp. 333–352. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  9. 9.
    Cid, C., Murphy, S., Robshaw, M.J.B.: Small Scale Variants of the AES. In: Gilbert, H., Handschuh, H. (eds.) FSE 2005. LNCS, vol. 3557, pp. 145–162. Springer, Heidelberg (2005)Google Scholar
  10. 10.
    Courtois, N., Klimov, A., Patarin, J., Shamir, A.: Efficient Algorithms for Solving Overdefined Systems of Multivariate Polynomial Equations. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 392–407. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  11. 11.
    Courtois, N., Pieprzyk, J.: Cryptanalysis of Block Ciphers with Overdefined Systems of Equations. In: Zheng, Y. (ed.) ASIACRYPT 2002. LNCS, vol. 2501, pp. 267–287. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  12. 12.
    Daemen, J., Rijmen, V.: The Design of Rijndael. Springer, Heidelberg (2002)zbMATHGoogle Scholar
  13. 13.
    Daemen, J., Knudsen, L.R., Rijmen, V.: The Block Cipher Square. In: Biham, E. (ed.) FSE 1997. LNCS, vol. 1267, pp. 149–165. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  14. 14.
    Diem, C.: The XL-Algorithm and a Conjecture from Commutative Algebra. In: Lee, P.J. (ed.) ASIACRYPT 2004. LNCS, vol. 3329, pp. 323–337. Springer, Heidelberg (2004)Google Scholar
  15. 15.
    ECRYPT Network of Excellence: The Stream Cipher Project: eSTREAM. Available via,
  16. 16.
    Feldhofer, M., Dominikus, S., Wolkerstorfer, J.: Strong Authentication for RFID Systems Using the AES algorithm. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 357–370. Springer, Heidelberg (2004)Google Scholar
  17. 17.
    Gilbert, H., Minier, M., Collision, A.: Attack on 7 Rounds of Rijndael. In: Proceedings of Third Advanced Encryption Standard Conference, National Institute of Standards and Technology, pp. 230–241 (2000)Google Scholar
  18. 18.
    Good, T., Chelton, W., Benaissa, M.: Hardware Results for Selected Stream Cipher Candidates. In: Presented at SASC 2007 (February 2007), Available for download via,
  19. 19.
    Hell, M., Johansson, T., Meier, W.: Grain - A Stream Cipher for Constrained Environments. Available via,
  20. 20.
    Heys, H.: A Tutorial on Differential and Linear Cryptanalysis, Available via
  21. 21.
    Heys, H., Tavares, S.: Substitution-Permutation Networks Resistant to Differential and Linear Cryptanalysis. Journal of Cryptology 9(1), 1–21 (1996)zbMATHMathSciNetCrossRefGoogle Scholar
  22. 22.
    Hong, D., Sung, J., Hong, S., Lim, J., Lee, S., Koo, B.-S, Lee, C., Chang, D., Lee, J., Jeong, K., Kim, H., Kim, J., Chee, S.: HIGHT: A New Block Cipher Suitable for Low-Resource Device. In: Goubin, L., Matsui, M. (eds.) CHES 2006. LNCS, vol. 4249, pp. 46–59. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  23. 23.
    Knudsen, L.R., Berson, T.: Truncated Differentials of SAFER. In: Gollmann, D. (ed.) Fast Software Encryption. LNCS, vol. 1039, pp. 15–26. Springer, Heidelberg (1996)Google Scholar
  24. 24.
    Knudsen, L.R., Robshaw, M.J.B., Wagner, D.: Truncated Differentials and Skipjack. In: Wiener, M.J. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 165–180. Springer, Heidelberg (1999)Google Scholar
  25. 25.
    Knudsen, L.R., Wagner, D.: Integral Cryptanalysis. In: Daemen, J., Rijmen, V. (eds.) FSE 2002. LNCS, vol. 2365, pp. 112–127. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  26. 26.
    Lai, X., Massey, J., Murphy, S.: Markov Ciphers and Differential Cryptanalysis. In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol. 547, pp. 17–38. Springer, Heidelberg (1991)Google Scholar
  27. 27.
    Leander, G., Poschmann, A.: On the Classification of 4 Bit S-boxes. In: Carlet, C., Sunar, B. (eds.) Proceedings of Arithmetic of Finite Fields, First International Workshop, WAIFI 2007. LNCS, vol. 4547, Springer, Heidelberg (2007) (to appear)Google Scholar
  28. 28.
    Hellman, M.E., Langford, S.K.: Differential-Linear Cryptanalysis. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 17–25. Springer, Heidelberg (1994)Google Scholar
  29. 29.
    Lidl, R., Niederreiter, H.: Introduction to Finite Fields and their Applications. Cambridge University Press, Cambridge (1994) (Revised edition)zbMATHGoogle Scholar
  30. 30.
    Lim, C., Korkishko, T.: mCrypton - A Lightweight Block Cipher for Security of Low-cost RFID Tags and Sensors. In: Song, J., Kwon, T., Yung, M. (eds.) WISA 2005. LNCS, vol. 3786, pp. 243–258. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  31. 31.
    MAGMA v2.12. Computational Algebra Group, School of Mathematics and Statistics, University of Sydney (2005),
  32. 32.
    Matsui, M.: Linear Cryptanalysis Method for DES Cipher. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 386–397. Springer, Heidelberg (1994)Google Scholar
  33. 33.
    Menezes, A., van Oorschot, P.C., Vanstone, S.: The Handbook of Applied Cryptography. CRC Press, Boca Raton, USA (1996)Google Scholar
  34. 34.
    National Institute of Standards and Technology. FIPS 46-3: Data Encryption Standard (March 1993), Available via
  35. 35.
    National Institute of Standards and Technology. FIPS 197: Advanced Encryption Standard (November 2001), Available via
  36. 36.
    National Institute of Standards and Technology. SP800-38A: Recommendation for block cipher modes of operation (December 2001), Available via
  37. 37.
    Leander, G., Paar, C., Poschmann, A., Schramm, K.: A Family of Lightweight Block Ciphers Based on DES Suited for RFID Applications. In: Biryukov, A. (ed.) Proceedings of FSE 2007. LNCS, Springer, Heidelberg (2007) (to appear)Google Scholar
  38. 38.
    Rijmen, V., Daemen, J., Preneel, B., Bosselaers, A., De Win, E.: The cipher Shark. In: Gollmann, D. (ed.) Fast Software Encryption. LNCS, vol. 1039, pp. 99–112. Springer, Heidelberg (1996)Google Scholar
  39. 39.
    Rivest, R.: The RC5 Encryption Algorithm. In: Preneel, B. (ed.) Fast Software Encryption. LNCS, vol. 1008, pp. 363–366. Springer, Heidelberg (1995)Google Scholar
  40. 40.
    Robshaw, M.J.B.: Searching for compact algorithms: \(\sc{cgen}\). In: Nguyen, P.Q. (ed.) VIETCRYPT 2006. LNCS, vol. 4341, pp. 37–49. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  41. 41.
    Standaert, F.-X., Piret, G., Gershenfeld, N., Quisquater, J.-J.: SEA: A Scalable Encryption Algorithm for Small Embedded Applications. In: Domingo-Ferrer, J., Posegga, J., Schreckling, D. (eds.) CARDIS 2006. LNCS, vol. 3928, pp. 222–236. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  42. 42.
    Verbauwhede, I., Hoornaert, F., Vandewalle, J., De Man, H.: Security and Performance Optimization of a New DES Data Encryption Chip. IEEE Journal of Solid-State Circuits 23(3), 647–656 (1988)CrossRefGoogle Scholar
  43. 43.
    Wheeler, D., Needham, R.: TEA, a Tiny Encryption Algorithm. In: Preneel, B. (ed.) Fast Software Encryption. LNCS, vol. 1008, pp. 363–366. Springer, Heidelberg (1995)Google Scholar
  44. 44.
    Wheeler, D., Needham, R.: TEA extensions. October 1997. (Also Correction to XTEA. October 1998) Available via,

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  1. 1.Horst-Görtz-Institute for IT-Security, Ruhr-University BochumGermany
  2. 2.Technical University Denmark, DK-2800 Kgs. LyngbyDenmark
  3. 3.France Telecom R&D, Issy les MoulineauxFrance

Personalised recommendations