Abstract
Algorithms for Authenticated Encryption with Associated Data (AEAD) extend the normal functionality of authenticated encryption schemes by the ability to process data that is only authenticated but not encrypted. Such algorithms have attracted much interest in the past few years, especially the question of how they can be designed and implemented efficiently to perform well in resource-constrained devices like miniature sensor nodes or RFID tags. In this paper, we analyze the performance of the lightweight AEAD schemes Elephant v2, Grain-128AEADv2, ISAP v2.0, PHOTON-Beetle, and Romulus v1.3 on the MSP430 family of 16-bit ultra-low-power microcontrollers. All five have in common that they offer large security margins and made it into the last round of the Lightweight Cryptography (LWC) standardization project of the U.S. National Institute of Standards and Technology. We describe how these AEAD algorithms can be implemented efficiently in software and introduce Assembly-level optimization techniques for the underlying primitives, which include three permutations, one tweakable block cipher, and one stream cipher. Furthermore, we present numerous detailed benchmarking results (i.e., execution time and code size) for the primitives as well as for the full AEAD algorithms for different lengths of plaintext and associated data. Our benchmarks clearly show that all five AEAD algorithms are much more efficient (up to almost two orders of magnitude) on MSP430 than indicated by results in the literature.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
The eStream project was run by the ECRYPT Network of Excellence from 2004 to 2008 with the goal to identify new stream ciphers suitable for widespread adoption.
References
Ågren, M., Hell, M., Johansson, T., Meier, W.: A new version of Grain-128 with authentication. In: Leander, G., Thomsen, S.S. (eds.) Proceedings of the 6th ECRYPT Workshop on Symmetric Encryption (SKEW 2011) (2011). http://skew2011.mat.dtu.dk/proceedings/A%20New%20Version%20of%20Grain-128%20with%20Authentication.pdf
Alsahli, M., Borgognoni, A., Cardoso dos Santos, L., Cheng, H., Franck, C., Großschädl, J.: Lightweight permutation-based cryptography for the ultra-low-power internet of things. In: Bella, G., Doinea, M., Janicke, H. (eds.) SecITC 2022. LNCS, vol. 13809, pp. 17–36. Springer, Cham (2022). https://doi.org/10.1007/978-3-031-32636-3_2
Bao, Z., et al.: PHOTON-Beetle authenticated encryption and hash family. Specification (2021). http://csrc.nist.gov/CSRC/media/Projects/lightweight-cryptography/documents/finalist-round/updated-spec-doc/photon-beetle-spec-final.pdf
Beierle, C., et al.: The SKINNY family of block ciphers and its low-latency variant MANTIS. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9815, pp. 123–153. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53008-5_5
Beyne, T., Chen, Y.L., Dobraunig, C., Mennink, B.: Dumbo, Jumbo, and Delirium: parallel authenticated encryption for the lightweight circus. IACR Trans. Symmetr. Cryptol. 2020(S1), 5–30 (2020)
Blanc, S., Lahmadi, A., Le Gouguec, K., Minier, M., Sleem, L.: Benchmarking of lightweight cryptographic algorithms for wireless IoT networks. Wirel. Netw. 28(8), 3453–3476 (2022)
Bogdanov, A., Knežević, M., Leander, G., Toz, D., Varıcı, K., Verbauwhede, I.: spongent: A lightweight hash function. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 312–325. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-23951-9_21
Cardoso dos Santos, L., Großschädl, J.: An Evaluation of the multi-platform efficiency of lightweight cryptographic permutations. In: Ryan, P.Y., Toma, C. (eds.) SecITC 2021. LNCS, vol. 13195, pp. 75–90. Springer, Cham (2022). https://doi.org/10.1007/978-3-031-17510-7_6
Dobraunig, C., et al.: ISAP v2.0. IACR Trans. Symmetr. Cryptol. (S1), 390–416 (2020)
Dobraunig, C., Eichlseder, M., Mendel, F., Schläffer, M.: Ascon v1.2: lightweight authenticated encryption and hashing. J. Cryptol. 34(3), 33 (2021)
Granger, R., Jovanovic, P., Mennink, B., Neves, S.: Improved masking for tweakable blockciphers with applications to authenticated encryption. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016. LNCS, vol. 9665, pp. 263–293. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-49890-3_11
Guo, C., Iwata, T., Khairallah, M., Minematsu, K., Peyrin, T.: Romulus v1.3. Specification (2021). http://csrc.nist.gov/CSRC/media/Projects/lightweight-cryptography/documents/finalist-round/updated-spec-doc/romulus-spec-final.pdf
Guo, J., Peyrin, T., Poschmann, A.: The PHOTON family of lightweight hash functions. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 222–239. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-22792-9_13
Hell, M., Johansson, T., Maximov, A., Meier, W.: The grain family of stream ciphers. In: Robshaw, M., Billet, O. (eds.) New Stream Cipher Designs. LNCS, vol. 4986, pp. 179–190. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-68351-3_14
Hell, M., Johansson, T., Maximov, A., Meier, W., Sönnerup, J., Yoshida, H.: Grain-128AEADv2 – a lightweight AEAD stream cipher. Specification (2021). http://csrc.nist.gov/CSRC/media/Projects/lightweight-cryptography/documents/finalist-round/updated-spec-doc/grain-128aead-spec-final.pdf, 2021
IAR Systems AB. IAR Embedded Workbench for MSP430. Product description (2023). http://www.iar.com/iar-embedded-workbench/msp430
International Organization for Standardization (ISO). ISO/IEC 29167-13:2015 Information technology—automatic identification and data capture techniques—Part 13: Crypto suite Grain-128A security services for air interface communications (2015)
International Organization for Standardization (ISO). ISO/IEC 29192-5:2016 Information technology—Security techniques Lightweight cryptography—Part 5: Hash-functions (2016)
International Organization for Standardization (ISO). ISO/IEC 18033-7:2022 Information technology—Encryption algorithms—Part 7: Tweakable block ciphers (2022)
Maximov, A., Hell, M.: Software evaluation of Grain-128AEAD for embedded platforms. Cryptology ePrint Archive, Report 2020/659 (2020). http://eprint.iacr.org
McKay, K.A., Bassham, L., Turan, M.S., Mouha, N.: Report on lightweight cryptography. Technical report IR 8114, National Institute of Standards and Technology (NIST), Gaithersburg, MD, USA (2017). http://nvlpubs.nist.gov/nistpubs/ir/2017/NIST.IR.8114.pdf
Medwed, M., Standaert, F.-X., Großschädl, J., Regazzoni, F.: Fresh re-keying: security against side-channel and fault attacks for low-cost devices. In: Bernstein, D.J., Lange, T. (eds.) AFRICACRYPT 2010. LNCS, vol. 6055, pp. 279–296. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-12678-9_17
National Institute of Standards and Technology (NIST). Announcing request for nominations for lightweight cryptographic algorithms. Federal register notice (2018). http://csrc.nist.gov/news/2018/requesting-nominations-for-lightweight-crypto-algs
National Institute of Standards and Technology (NIST). Submission Requirements and Evaluation Criteria for the Lightweight Cryptography Standardization Process (2018). http://csrc.nist.gov/CSRC/media/Projects/Lightweight-Cryptography/documents/final-lwc-submission-requirements-august2018.pdf
National Institute of Standards and Technology (NIST). Benchmarking of lightweight cryptographic algorithms on microcontrollers (2023). http://github.com/usnistgov/Lightweight-Cryptography-Benchmarking
Renner, S., Pozzobon, E., Mottok, J.: The final round: benchmarking NIST LWC ciphers on microcontrollers. In: Li, W., Furnell, S., Meng, W. (eds.) ADIoT 2022. LNCS, vol. 13745, pp. 1–20. Springer, Cham (2022). https://doi.org/10.1007/978-3-031-21311-3_1
Renner, S., Pozzobon, E., Mottok, J.: NIST LWC software performance benchmarks on microcontrollers (2022). http://lwc.las3.de
Rogaway, P.: Authenticated-encryption with associated-data. In: Atluri, V. (ed.) Proceedings of the 9th ACM Conference on Computer and Communications Security (CCS 2002), pp. 98–107. ACM Press (2002)
Turan, M.S., et al.: Status report on the final round of the NIST lightweight cryptography standardization process. In: Internal Report IR 8454, National Institute of Standards and Technology (NIST), Gaithersburg, MD, USA (2023). http://nvlpubs.nist.gov/nistpubs/ir/2023/NIST.IR.8454.pdf
Texas Instruments Inc. MSP430 Family Architecture Guide and Module Library. TI literature number SLAUE10B (1996). http://www.ti.com/sc/docs/products/micro/msp430/userguid/ag_01.pdf
Texas Instruments, Inc. MSP430x1xx Family User’s Guide (Rev. F). Manual (2006). http://www.ti.com/lit/ug/slau049f/slau049f.pdf
Weatherley, R.: Lightweight cryptography primitives documentation (2021). http://rweather.github.io/lwc-finalists/index.html
Acknowledgments
The second author was supported, in part, by the Luxembourg National Research Fund (FNR) under CORE grant C19/IS/13641232 (APLICA).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2025 IFIP International Federation for Information Processing
About this paper
Cite this paper
Franck, C., Großschädl, J. (2025). Efficient Implementation of Authenticated Encryption on 16-bit MSP430 Microcontrollers. In: Rey, G., Tigli, JY., Franquet, E. (eds) Internet of Things. IFIPIoT 2024. IFIP Advances in Information and Communication Technology, vol 737. Springer, Cham. https://doi.org/10.1007/978-3-031-81900-1_4
Download citation
DOI: https://doi.org/10.1007/978-3-031-81900-1_4
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-81899-8
Online ISBN: 978-3-031-81900-1
eBook Packages: Computer ScienceComputer Science (R0)
