Skip to main content
SpringerLink
Log in

An Evaluation of Lightweight Block Ciphers for Resource-Constrained Applications: Area, Performance, and Security

  • Published:
Journal of Hardware and Systems Security Aims and scope Submit manuscript

Abstract

In March 2017, NIST (National Institute of Standards and Technology) has announced to create a portfolio of lightweight algorithms through an open process. The report emphasizes that with emerging applications like automotive systems, sensor networks, healthcare, distributed control systems, the Internet of Things (IoT), cyber-physical systems, and the smart grid, a detailed evaluation of the so called light-weight ciphers helps to recommend algorithms in the context of profiles, which describe physical, performance, and security characteristics. In recent years, a number of lightweight block ciphers have been proposed for encryption/decryption of data which makes such choices complex. Each such cipher offers a unique combination of resistance to classical cryptanalysis and resource-efficient implementations. At the same time, these implementations must be protected against implementation-based attacks such as side-channel analysis. In this paper, we present a holistic comparison study of four lightweight block ciphers, PRESENT, SIMON, SPECK, and KHUDRA, along with the more traditional Advanced Encryption Standard (AES). We present a uniform comparison of the performance and efficiency of these block ciphers in terms of area and power consumption, on ASIC and FPGA-based platforms. Additionally, we also compare the amenability to side-channel secure implementations for these ciphers on ASIC-based platforms. Our study is expected to help designers make suitable choices when securing a given application, across a wide range of implementation platforms.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13

Similar content being viewed by others

Notes

  1. https://bench.cr.yp.to/ebasc.html

References

  1. McKay KA, Bassham L, Turan MS, Mouha N (2016) Report on lightweight cryptography. NIST DRAFT NISTIR 8114

  2. Hatzivasilis G, Fysarakis K, Papaefstathiou I, Manifavas C (2017) A review of lightweight block ciphers. J Cryptogr Eng. https://doi.org/10.1007/s13389-017-0160-y

  3. Dinu D, Le Corre Y, Khovratovich D, Perrin L, Großschädl J, Biryukov A (2015) Triathlon of lightweight block ciphers for the internet of things. IACR Cryptology ePrint Archive 2015:209

    Google Scholar 

  4. Cazorla M, Marquet K, Minier M (2013) Survey and benchmark of lightweight block ciphers for wireless sensor networks. In: SECRYPT. SciTePress, pp 543–548

  5. Roman R, Alcaraz C, Lopez J (2007) A survey of cryptographic primitives and implementations for hardware-constrained sensor network nodes. MONET 12(4):231–244

    Google Scholar 

  6. Ghosh S, Misoczki R, Zhao L, Sastry MR (2017) Lightweight block cipher circuits for automotive and iot sensor devices. In: Proceedings of the hardware and architectural support for security and privacy, HASP ’17. ACM, New York, NY, USA, pp 5:1–5:7

  7. Kerckhof S, Durvaux F, Hocquet C, Bol D, Standaert F-X (2012) Towards green cryptography: a comparison of lightweight ciphers from the energy viewpoint. In: CHES, vol 7428 of LNCS. Springer, pp 390–407

  8. Balasch J, Ege B, Eisenbarth T, Gérard B, Gong Z, Güneysu T, Heyse S, Kerckhof S, Koeune F, Plos T, Pöppelmann T, Regazzoni F, Standaert F-X, Van Assche G, Van Keer R, van Oldeneel tot Oldenzeel L, von Maurich I (2012) Compact implementation and performance evaluation of hash functions in attiny devices. In: CARDIS, vol 7771 of LNCS. Springer, pp 158–172

  9. Heuser A, Picek S, Guilley S, Mentens N (2017) Side-channel analysis of lightweight ciphers: does lightweight equal easy? IACR Cryptology ePrint Archive 2017:261

    Google Scholar 

  10. Chhotaray A, Nahiyan A, Shrimpton T, Forte DJ, Tehranipoor M (2017) Standardizing bad cryptographic practice—a teardown of the ieee standard for protecting electronic-design intellectual property. Cryptology ePrint Archive Report 2017:828

    Google Scholar 

  11. Bogdanov A, Knudsen LR, Leander G, Paar C, Poschmann A, Robshaw MJB, Seurin Y, Vikkelsoe C (2007) PRESENT: An ultra-lightweight block cipher. In: CHES, vol 4727 of LNCS. Springer, pp 450–466

  12. Beaulieu R, Shors D, Smith J, Treatman-Clark S, Weeks B, Wingers L (2015) SIMON And SPECK: block ciphers for the internet of things. IACR Cryptology ePrint Archive 2015:585

    Google Scholar 

  13. Kolay S, Mukhopadhyay D (2014) Khudra: a new lightweight block cipher for fpgas. In: SPACE, vol 8804 of LNCS. Springer, pp 126–145

  14. Benini L, Macii A, Macii E, Omerbegovic E, Pro F, Poncino M (2003) Energy-aware design techniques for differential power analysis protection. In: Proceedings of the 40th design automation conference, DAC 2003, Anaheim, CA, USA, June 2-6, 2003, pp 36–41

  15. Yang S, Wolf W, Vijaykrishnan N, Serpanos DN, Xie Y (2005) Power attack resistant cryptosystem design: a dynamic voltage and frequency switching approach. In: 2005 design, automation and test in europe conference and exposition (DATE 2005), 7–11 March 2005, Munich, Germany, pp 64–69

  16. Akkar M -L, Giraud C (2001) An implementation of des and aes, secure against some attacks. In: Cryptographic hardware and embedded systemsCHES 2001. Springer, pp 309–318

  17. Standaert F-X, Peeters E, Quisquater J-J (2005) On the masking countermeasure and higher-order power analysis attacks. In: International conference on information technology: coding and computing, 2005. ITCC 2005, vol 1. IEEE, pp 562–567

  18. Maghrebi H, Danger J-L, Flament F, Guilley S, Sauvage L (2009) Evaluation of countermeasure implementations based on boolean masking to thwart side-channel attacks. In: 3rd international conference on signals, circuits and systems (SCS), 2009. IEEE, pp 1–6

  19. Nikova S, Rechberger C, Rijmen V (2006) Threshold implementations against side-channel attacks and glitches. In: ICICS, vol 4307 of LNCS. Springer, pp 529–545

  20. Gupta KC, Ray IG (2013) On constructions of MDS matrices from companion matrices for lightweight cryptography. In: CD-ARES workshops, vol 8128 of LNCS. Springer, pp 29–43

  21. Feistel H (1973) Cryptography and computer privacy. Sci Am 228(5):15–23

    Article  Google Scholar 

  22. Katz J, Lindell Y (2007) Introduction to modern cryptography. Chapman and Hall/CRC Press

  23. National Institute of Standards and Technology (2001) Advanced encryption standard (AES). Federal Information Processing Standards Publication 197(441):1–47

    Google Scholar 

  24. Biham E, Anderson RJ, Knudsen LR (1998) Serpent: a new block cipher proposal. In: FSE, vol 1372 of LNCS. Springer, pp 222–238

  25. Hoang VT, Rogaway P (2010) On generalized feistel networks. In: CRYPTO, vol 6223 of LNCS. Springer, pp 613–630

  26. Yang G, Zhu B, Suder V, Aagaard MD, Gong G (2015) The simeck family of lightweight block ciphers. In: CHES, vol 9293 of LNCS. Springer, pp 307–329

  27. Kerckhoffs A (1883) La cryptographie militaire. Journal Des Sciences Militaires IX:5–83

    Google Scholar 

  28. Mala H, Dakhilalian M, Rijmen V, Modarres-Hashemi M (2010) Improved impossible differential cryptanalysis of 7-round AES-128. In: INDOCRYPT, vol 6498 of LNCS. Springer, pp 282–291

  29. Cheon JH, Kim M, Kim K, Lee J-Y, Kang S (2001) Improved impossible differential cryptanalysis of Rijndael and Crypton. In: ICISC, vol 2288 of LNCS. Springer, pp 39–49

  30. Bahrak B, Aref MR (2008) Impossible differential attack on seven-round AES-128. IET Inf Secur 2 (2):28–32

    Article  Google Scholar 

  31. Liu Y, Gu D, Liu Z, Li W (2012) Improved results on impossible differential cryptanalysis of reduced-round camellia-192/256. J Syst Softw 85(11):2451–2458

    Article  Google Scholar 

  32. Yuan Z (2010) New impossible differential attacks on AES. IACR Cryptology ePrint Archive 2010:93

    Google Scholar 

  33. Ferguson N, Kelsey J, Lucks S, Schneier B, Stay M, Wagner DA, Whiting D (2000) Improved cryptanalysis of Rijndael. In: FSE, vol 1978 of LNCS. Springer, pp 213–230

  34. Gilbert H, Minier M (2000) A collision attack on 7 rounds of Rijndael. In: AES candidate conference, pp 230–241

  35. Demirci H, Selçuk AA (2008) A meet-in-the-middle attack on 8-round AES. In: FSE, vol 5086 of LNCS. Springer, pp 116–126

  36. Demirci H, Taskin I, Çoban M, Baysal A (2009) Improved meet-in-the-middle attacks on AES. In: INDOCRYPT, vol 5922 of LNCS. Springer, pp 144–156

  37. Biryukov A (2004) The boomerang attack on 5 and 6-round reduced AES. In: AES conference, vol 3373 of LNCS. Springer, pp 11–15

  38. Bogdanov A, Khovratovich D, Rechberger C (2011) Biclique cryptanalysis of the full AES. In: ASIACRYPT, vol 7073 of LNCS. Springer, pp 344–371

  39. Khovratovich D, Rechberger C, Savelieva A (2012) Bicliques for preimages: attacks on skein-512 and the SHA-2 family. In: FSE, vol 7549 of LNCS. Springer, pp 244–263

  40. Guo J, Ling S, Rechberger C, Wang H (2010) Advanced meet-in-the-middle preimage attacks: first results on full tiger, and improved results on MD4 and SHA-2. In: ASIACRYPT, vol 6477 of LNCS. Springer, pp 56–75

  41. Aoki K, Sasaki Y (2009) Meet-in-the-middle preimage attacks against reduced SHA-0 and SHA-1. In: CRYPTO, vol 5677 of LNCS. Springer, pp 70–89

  42. Hermelin M, Cho JY, Nyberg K (2008) Multidimensional linear cryptanalysis of reduced round serpent. In: ACISP, vol 5107 of LNCS. Springer, pp 203–215

  43. Cho JY (2010) Linear cryptanalysis of reduced-round PRESENT. In: CT-RSA, vol 5985 of LNCS. Springer, pp 302–317

  44. Collard B, Standaert F-X (2009) A statistical saturation attack against the block cipher PRESENT. In: CT-RSA, vol 5473 of LNCS. Springer, pp 195–210

  45. Baignères T, Junod P, Vaudenay S (2004) How far can we go beyond linear cryptanalysis? In: ASIACRYPT, vol 3329 of LNCS. Springer, pp 432–450

  46. Harpes C, Kramer GG, Massey JL (1995) A generalization of linear cryptanalysis and the applicability of matsui’s piling-up lemma. In: EUROCRYPT, vol 921 of LNCS. Springer, pp 24– 38

  47. Harpes C, Massey JL (1997) Partitioning cryptanalysis. In: FSE, vol 1267 of LNCS. Springer, pp 13–27

  48. Knudsen LR, Wagner DA (2002) Integral cryptanalysis. In: FSE, vol 2365 of LNCS. Springer, pp 112–127

  49. Hwang K, Lee W, Lee S, Lee S, Lim J (2002) Saturation attacks on reduced round skipjack. In: FSE, vol 2365 of LNCS. Springer, pp 100–111

  50. Miyaji A, Nonaka M (2002) Cryptanalysis of the reduced-round RC6. In: ICICS, vol 2513 of LNCS. Springer, pp 480–494

  51. Ohkuma K (2009) Weak keys of reduced-round PRESENT for linear cryptanalysis. In: Selected areas in cryptography, vol 5867 of LNCS. Springer, pp 249–265

  52. Biham E, Shamir A (1991) Differential cryptanalysis of des-like cryptosystems. J Cryptol 4(1):3–72

    Article  MathSciNet  MATH  Google Scholar 

  53. Wang M (2008) Differential cryptanalysis of reduced-round PRESENT. In: AFRICACRYPT, vol 5023 of LNCS. Springer, pp 40–49

  54. Wang M, Sun Y, Tischhauser E, Preneel B (2012) A model for structure attacks, with applications to PRESENT and Serpent. In: FSE, vol 7549 of LNCS. Springer, pp 49–68

  55. Jeong K, Kang H, Lee C, Sung J, Hong S (2012) Biclique cryptanalysis of lightweight block ciphers PRESENT, Piccolo and LED. IACR Cryptology ePrint Archive 2012:621

    Google Scholar 

  56. Abed F, Forler C, List E, Lucks S, Wenzel J (2012) Biclique cryptanalysis of the PRESENT and LED lightweight ciphers. IACR Cryptology ePrint Archive 2012:591

    Google Scholar 

  57. Tolba M, Abdelkhalek A, Youssef AM (2015) Meet-in-the-middle attacks on round-reduced khudra. In: SPACE, vol 9354 of LNCS. Springer, pp 127–138

  58. Özen M, Çoban M, Karakoç F (2015) A guess-and-determine attack on reduced-round khudra and weak keys of full cipher. IACR Cryptology ePrint Archive 2015:1163

    Google Scholar 

  59. Dinur I (2014) Improved differential cryptanalysis of round-reduced speck. In: Selected areas in cryptography, vol 8781 of LNCS. Springer, pp 147–164

  60. Abed F, List E, Lucks S, Wenzel J (2013) Cryptanalysis of the speck family of block ciphers. IACR Cryptology ePrint Archive 2013:568

    Google Scholar 

  61. AlKhzaimi H, Lauridsen MM (2013) Cryptanalysis of the SIMON family of block ciphers. IACR Cryptology ePrint Archive 2013:543

    Google Scholar 

  62. Kocher PC (1996) Timing attacks on implementations of diffie-hellman, rsa, dss, and other systems. In: CRYPTO, vol 1109 of LNCS. Springer, pp 104–113

  63. Kocher PC, Jaffe J, Jun B, Rohatgi P (2011) Introduction to differential power analysis. J Cryptogr Eng 1(1):5–27

    Article  Google Scholar 

  64. Shamir A (1979) How to share a secret. Commun ACM 22(11):612–613

    Article  MathSciNet  MATH  Google Scholar 

  65. Goodwill G, Jun B, Jaffe J, Rohatgi P (2011) A testing methodology for side-channel resistance validation. In: NIST non-invasive attack testing workshop

  66. Guntur H, Ishii J, Satoh A (2014) Side-channel attack user reference architecture board SAKURA-g. In: 3rd IEEE global conference on consumer electronics (GCCE). IEEE, pp 271– 274

  67. Roy DB, Bhasin S, Patranabis S, Mukhopadhyay D (2017) Testing of side-channel leakage of cryptographic intellectual properties: metrics and evaluations. In: Hardware IP security and trust. Springer, pp 99–131

  68. Shahverdi A, Taha M, Eisenbarth T (2015) Silent simon: a threshold implementation under 100 slices. In: HOST

  69. Shahverdi A, Taha M, Eisenbarth T (2017) Lightweight side channel resistance: threshold implementations of simon. IEEE Trans Comput 66(4):661–671

    Article  MathSciNet  MATH  Google Scholar 

  70. Chen C, Inci MS, Taha M, Eisenbarth T (2016) Spectre: a tiny side-channel resistant speck core for FPGAs. In: CARDIS

  71. Poschmann A, Moradi A, Khoo K, Lim C-W, Wang H, Ling S (2011) Side-channel resistant crypto for less than 2, 300 GE. J Cryptol 24(2):322–345

    Article  MathSciNet  MATH  Google Scholar 

  72. Canright D (2005) A very compact s-box for AES. In: CHES, vol 3659 of LNCS. Springer, pp 441–455

  73. Mukhopadhyay D, Chakraborty RS (2014) Hardware security: design, threats, and safeguards. CRC Press

  74. De Cnudde T, Reparaz O, Bilgin B, Nikova S, Nikov V, Rijmen V (2016) Masking AES with d + 1 shares in hardware. IACR Cryptology ePrint Archive 2016:631

    Google Scholar 

  75. Moradi A, Poschmann A, Ling S, Paar C, Wang H (2011) Pushing the limits: a very compact and a threshold implementation of AES. In: EUROCRYPT, vol 6632 of LNCS. Springer, pp 69–88

  76. De Cnudde T, Nikova S (2017) Securing the present block cipher against combined side-channel analysis and fault attacks. IEEE Trans Very Large Scale Integr VLSI Syst PP(99):1–11

    Google Scholar 

Download references

Acknowledgements

The authors would like to thank Intel Corporation, USA, for the partial funding of the work under the project “LightCrypto: Ultra-Light-weight Robust Crypto-Architectures for Performance and Energy.”

Author information

Authors and Affiliations

  1. Department of Computer Science and Engineering, Indian Institute of Technology Kharagpur, Kharagpur, India

    Rajat Sadhukhan, Sikhar Patranabis, Ashrujit Ghoshal & Debdeep Mukhopadhyay

  2. R. C. Bose Centre for Cryptology and Security, Indian Statistical Institute, Kolkata, India

    Vishal Saraswat

  3. Intel Labs, Intel Corporation, Hillsboro, OR, 97124, USA

    Santosh Ghosh

Authors
  1. Rajat Sadhukhan
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sikhar Patranabis
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ashrujit Ghoshal
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Debdeep Mukhopadhyay
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Vishal Saraswat
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Santosh Ghosh
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Rajat Sadhukhan.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Sadhukhan, R., Patranabis, S., Ghoshal, A. et al. An Evaluation of Lightweight Block Ciphers for Resource-Constrained Applications: Area, Performance, and Security. J Hardw Syst Secur 1, 203–218 (2017). https://doi.org/10.1007/s41635-017-0021-2

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s41635-017-0021-2

Keywords

Search

Navigation