Visible to the public Lightweight Cryptography

SoS Newsletter- Advanced Book Block

Lightweight Cryptography

Lightweight cryptography is a major research direction. The release of SIMON in June 2013 has generated significant interest and a number of studies evaluating and comparing it to other cipher algorithms. The articles cited here are the first results of these studies and were presented in the first half of 2014. In addition, articles on other lightweight ciphers are included from the same period.

  • Min Chen; Shigang Chen; Qingjun Xiao, "Pandaka: A Lightweight Cipher For RFID Systems," INFOCOM, 2014 Proceedings IEEE , vol., no., pp.172,180, April 27 2014-May 2 2014. doi: 10.1109/INFOCOM.2014.6847937 The ubiquitous use of RFID tags raises concern about potential security risks in RFID systems. Because low-cost tags are extremely resource-constrained devices, common security mechanisms adopted in resource-rich equipment such as computers are no longer applicable to them. Hence, one challenging research topic is to design a lightweight cipher that is suitable for low-cost RFID tags. Traditional cryptography generally assumes that the two communicating parties are equipotent entities. In contrast, there is a large capability gap between readers and tags in RFID systems. We observe that the readers, which are much more powerful, should take more responsibility in RFID cryptographic protocols. In this paper, we make a radical shift from traditional cryptography, and design a novel cipher called Pandaka1, in which most workload is pushed to the readers. As a result, Pandaka is particularly hardware-efficient for tags. We perform extensive simulations to evaluate the effectiveness of Pandaka. In addition, we present security analysis of Pandaka facing different attacks. Keywords: cryptographic protocols; radiofrequency identification; telecommunication security; Pandaka security analysis; RFID cryptographic protocols; RFID systems; lightweight cipher; low-cost RFID tags; resource-constrained devices; resource-rich equipment; security mechanisms; security risks; Ciphers; Computers; Indexes; Radiofrequency identification; Servers (ID#:14-2362) URL:
  • Lin Ding; Chenhui Jin; Jie Guan; Qiuyan Wang, "Cryptanalysis of Lightweight WG-8 Stream Cipher," Information Forensics and Security, IEEE Transactions on , vol.9, no.4, pp.645,652, April 2014. doi: 10.1109/TIFS.2014.2307202 WG-8 is a new lightweight variant of the well-known Welch-Gong (WG) stream cipher family, and takes an 80-bit secret key and an 80-bit initial vector (IV) as inputs. So far no attack on the WG-8 stream cipher has been published except the attacks by the designers. This paper shows that there exist Key-IV pairs for WG-8 that can generate keystreams, which are exact shifts of each other throughout the keystream generation. By exploiting this slide property, an effective key recovery attack on WG-8 in the related key setting is proposed, which has a time complexity of 253.32 and requires 252 chosen IVs. The attack is minimal in the sense that it only requires one related key. Furthermore, we present an efficient key recovery attack on WG-8 in the multiple related key setting. As confirmed by the experimental results, our attack recovers all 80 bits of WG-8 in on a PC with 2.5-GHz Intel Pentium 4 processor. This is the first time that a weakness is presented for WG-8, assuming that the attacker can obtain only a few dozen consecutive keystream bits for each IV. Finally, we give a new Key/IV loading proposal for WG-8, which takes an 80-bit secret key and a 64-bit IV as inputs. The new proposal keeps the basic structure of WG-8 and provides enough resistance against our related key attacks. Keywords: computational complexity; cryptography; microprocessor chips;80-bit initial vector;80-bit secret key; Intel Pentium 4 processor; Welch-Gong stream cipher; frequency 2.5 GHz; key recovery attack; keystream generation; lightweight WG-8 stream cipher cryptanalysis; related key attack; slide property; time complexity; Ciphers; Clocks;Equations;Proposals; Time complexity; Cryptanalysis; WG-8; lightweight stream cipher; related key attack (ID#:14-2363) URL:
  • Xuanxia Yao; Xiaoguang Han; Xiaojiang Du, "A lightweight access control mechanism for mobile cloud computing," Computer Communications Workshops (INFOCOM WKSHPS), 2014 IEEE Conference on , vol., no., pp.380,385, April 27 2014-May 2 2014. doi: 10.1109/INFCOMW.2014.6849262 In order to meet the security requirement, most data are stored in cloud as cipher-texts. Hence, a cipher-text based access control mechanism is needed for data sharing in cloud. A popular solution is to use the attribute-based encryption. However, it is not suitable for mobile cloud due to the heavy computation overhead caused by bilinear pairing, which also makes it difficult to change the access control policy. In addition, attribute-based encryption can't achieve fine-grained access control yet. In this paper, we present a lightweight cipher-text access control mechanism for mobile cloud computing, which is based on authorization certificates and secret sharing. Only the certificate owner can reconstruct decryption keys for his/her files. Our analyses show that the mechanism can achieve efficient and fine-grained access control on cipher-text at a much lower cost than the attribute-based encryption solution. Keywords: authorisation; cloud computing; cryptography; mobile computing; access control policy; attribute-based encryption; authorization certificates; bilinear pairing; certificate owner; cipher-text based access control mechanism; data sharing; decryption key reconstruction; fine-grained access control ;lightweight cipher-text access control mechanism; mobile cloud computing; secret sharing; security requirement; Authorization; Cloud computing; Encryption; Mobile communication; Servers; Authorization; access control; certificate; mobile cloud storage (ID#:14-2364) URL:
  • Fujishiro, M.; Yanagisawa, M.; Togawa, N., "Scan-based attack on the LED block cipher using scan signatures," Circuits and Systems (ISCAS), 2014 IEEE International Symposium on , vol., no., pp.1460,1463, 1-5 June 2014. doi: 10.1109/ISCAS.2014.6865421 LED (Light Encryption Device) block cipher, one of lightweight block ciphers, is very compact in hardware. Its encryption process is composed of AES-like rounds. Recently, a scan-based side-channel attack is reported which retrieves the secret information inside the cryptosystem utilizing scan chains, one of design-for-test techniques. In this paper, a scan-based attack method on the LED block cipher using scan signatures is proposed. In our proposed method, we focus on a particular 16-bit position in scanned data obtained from an LED LSI chip and retrieve its secret key using scan signatures. Experimental results show that our proposed method successfully retrieves its 64-bit secret key using 73 plaintexts on average if the scan chain is only connected to the LED block cipher. These experimental results also show the key is successfully retrieved even if the scan chain includes additional some 4000 1-bit registers. Keywords: design for testability; digital signatures; large scale integration; private key cryptography; AES-like rounds; LED LSI chip; LED block cipher; cryptosystem; design-for-test techniques; encryption process; light encryption device; lightweight block ciphers; plaintexts; scan chain; scan signatures; scan-based attack method; scan-based side-channel attack; secret information; secret key; word length 16 bit; word length 64 bit; Ciphers; Encryption; Hardware; Large scale integration; Light emitting diodes; Registers (ID#:14-2365) URL:
  • Bhasin, S.; Graba, T.; Danger, J.-L.; Najm, Z., "A Look Into SIMON From A Side-Channel Perspective," Hardware-Oriented Security and Trust (HOST), 2014 IEEE International Symposium on , vol., no., pp.56,59, 6-7 May 2014. doi: 10.1109/HST.2014.6855568 SIMON is a lightweight block cipher, specially designed for resource constrained devices that was recently presented by the National Security Agency (NSA). This paper deals with a hardware implementation of this algorithm from a side-channel point of view as it is a prime concern for embedded systems. We present the implementation of SIMON on a Xilinx Virtex-5 FPGA and propose a low-overhead countermeasure using first-order Boolean masking exploiting the simplistic construction of SIMON. Finally we evaluate the side-channel resistance of both implementations. Keywords: Boolean algebra; cryptography; field programmable gate arrays; SIMON; Xilinx Virtex-5 FPGA; embedded system; first-order Boolean masking; lightweight block cipher; resource constrained device; side-channel perspective; side-channel resistance; Ciphers; Field programmable gate arrays; Hardware; Magnetohydrodynamics; Registers; Table lookup; Countermeasures; Lightweight Cryptography; SIMON; Side-Channel Analysis (ID#:14-2366) URL:
  • Cioranesco, J.-M.; Danger, J.-L.; Graba, T.; Guilley, S.; Mathieu, Y.; Naccache, D.; Xuan Thuy Ngo, "Cryptographically Secure Shields," Hardware-Oriented Security and Trust (HOST), 2014 IEEE International Symposium on , vol., no., pp.25,31, 6-7 May 2014. doi: 10.1109/HST.2014.6855563 Abstract: Probing attacks are serious threats on integrated circuits. Security products often include a protective layer called shield that acts like a digital fence. In this article, we demonstrate a new shield structure that is cryptographically secure. This shield is based on the newly proposed SIMON lightweight block cipher and independent mesh lines to ensure the security against probing attacks of the hardware located behind the shield. Such structure can be proven secure against state-of-the-art invasive attacks. For the first time in the open literature, we describe a chip designed with a digital shield, and give an extensive report of its cost, in terms of power, metal layer(s) to sacrifice and of logic (including the logic to connect it to the CPU). Also, we explain how "Through Silicon Vias" (TSV) technology can be used for the protection against both frontside and backside probing. Keywords: cryptography integrated circuit design; three-dimensional integrated circuits; SIMON lightweight block cipher; TSV technology; chip design; cryptographical secure shield; digital fence; digital shield; integrated circuit invasive attacks; mesh lines; metal layer; probing attacks; protective layer; security product; shield structure; through silicon vias; Ciphers; Integrated circuits; Metals; Registers; Routing; Cryptographically secure shield ;Focused Ion Beam (FIB);SIMON block cipher; Through Silicon Vias (TSV) (ID#:14-2367) URL:
  • Hwajeong Seo; Jongseok Choi; Hyunjin Kim; Taehwan Park; Howon Kim, "Pseudo Random Number Generator And Hash Function For Embedded Microprocessors," Internet of Things (WF-IoT), 2014 IEEE World Forum on , vol., no., pp.37,40, 6-8 March 2014. doi: 10.1109/WF-IoT.2014.6803113 Embedded microprocessors are commonly used for future technologies such as Internet of Things(IoT), RFID and Wireless Sensor Networks(WSN). However, the microprocessors have limited computing power and storages so straight-forward implementation of traditional services on resource constrained devices is not recommenced. To overcome this problem, lightweight implementation techniques should be concerned for practical implementations. Among various requirements, security applications should be conducted on microprocessors for secure and robust service environments. In this paper, we presented a light weight implementation techniques for efficient Pseudo Random Number Generator(PRNG) and Hash function. To reduce memory consumption and accelerate performance, we adopted AES accelerator based implementation. This technique is firstly introduced in INDOCRYPT'12, whose idea exploits peripheral devices for efficient hash computations. With this technique, we presented block cipher based light-weight pseudo random number generator and simple hash function on embedded microprocessors. Keywords: cryptography; embedded systems; microprocessor chips; random number generation; AES accelerator; INDOCRYPT'12;PRNG;block cipher based lightweight pseudo random number generator; embedded microprocessors; future technologies; hash computations; hash function; lightweight implementation techniques; peripheral devices; resource constrained devices; robust service environments; secure service environments; security applications; straight-forward implementation; Ciphers; Clocks; Encryption; Generators; Microprocessors (ID#:14-2368) URL:
  • At, N.; Beuchat, J.-L.; Okamoto, E.; San, I; Yamazaki, T., "Compact Hardware Implementations of ChaCha, BLAKE, Threefish, and Skein on FPGA," Circuits and Systems I: Regular Papers, IEEE Transactions on , vol.61, no.2, pp.485,498, Feb. 2014. doi: 10.1109/TCSI.2013.2278385 The cryptographic hash functions BLAKE and Skein are built from the ChaCha stream cipher and the tweakable Threefish block cipher, respectively. Interestingly enough, they are based on the same arithmetic operations, and the same design philosophy allows one to design lightweight coprocessors for hashing and encryption. The key element of our approach is to take advantage of the parallelism of the algorithms considered in this work to deeply pipeline our Arithmetic and Logic Units, and to avoid data dependencies by interleaving independent tasks. We show for instance that a fully autonomous implementation of BLAKE and ChaCha on a Xilinx Virtex-6 device occupies 144 slices and three memory blocks, and achieves competitive throughputs. In order to offer the same features, a coprocessor implementing Skein and Threefish requires a substantial higher slice count. Keywords: coprocessors; cryptography; field programmable gate arrays ;BLAKE function; ChaCha stream cipher; FPGA; Skein function; Threefish block cipher; Xilinx Virtex-6 device; algorithm parallelism; arithmetic operations; arithmetic-and-logic units; competitive throughput; cryptographic hash functions; data dependencies; encryption;field programmable gate array; lightweight coprocessors; memory blocks; slice count; Ciphers; Coprocessors; Encryption; Field programmable gate arrays; Hardware; Pipelines; Ciphers; cryptography, coprocessors ;field programmable gate arrays (ID#:14-2369) URL:
  • Verma, S.; Pal, S.K.; Muttoo, S.K., "A new Tool For Lightweight Encryption On Android," Advance Computing Conference (IACC), 2014 IEEE International , vol., no., pp.306,311, 21-22 Feb. 2014. doi: 10.1109/IAdCC.2014.6779339 Theft or loss of a mobile device could be an information security risk as it can result in loss of confidential personal data. Traditional cryptographic algorithms are not suitable for resource constrained and handheld devices. In this paper, we have developed an efficient and user friendly tool called "NCRYPT" on Android platform. "NCRYPT" application is used to secure the data at rest on Android thus making it inaccessible to unauthorized users. It is based on lightweight encryption scheme i.e. Hummingbird-2. The application provides secure storage by making use of password based authentication so that an adversary cannot access the confidential data stored on the mobile device. The cryptographic key is derived through the password based key generation method PBKDF2 from the standard SUN JCE cryptographic provider. Various tools for encryption are available in the market which are based on AES or DES encryption schemes. Ihe reported tool is based on Hummingbird-2 and is faster than most of the other existing schemes. It is also resistant to most of attacks applicable to Block and Stream Ciphers. Hummingbird-2 has been coded in C language and embedded in Android platform with the help of JNI (Java Native Interface) for faster execution. This application provides choice for encrypting the entire data on SD card or selective files on the smart phone and protect personal or confidential information available in such devices. Keywords: C language; cryptography; smart phones; AES encryption scheme; Android platform; C language; DES encryption scheme;Hummingbird-2 scheme; JNI; Java native interface; NCRYPT application;PBKDF2 password based key generation method; SUN JCE cryptographic provider; block ciphers; confidential data; cryptographic algorithms; cryptographic key; information security risk; lightweight encryption scheme; mobile device; password based authentication; stream ciphers; Ciphers; Encryption; Smart phones; Standards; Throughput; Android; HummingBird2; Information Security ;Lightweight Encryption;PBKDF2 (ID#:14-2370) URL:
  • Ahmadi, S.; Ahmadian, Z.; Mohajeri, J.; Aref, M.R., "Low Data Complexity Biclique Cryptanalysis of Block Ciphers with Application to Piccolo and HIGHT," Information Forensics and Security, IEEE Transactions on, vol.PP, no.99, pp.1, 1, July 2014. doi: 10.1109/TIFS.2014.2344445 In this paper, we present a framework for biclique cryptanalysis of block ciphers which extremely requires a low amount of data. To that end, we enjoy a new representation of biclique attack based on a new concept of cutset that describes our attack more clearly. Then, an algorithm for choosing two differential characteristics is presented to simultaneously minimize the data complexity and control the computational complexity. Then, we characterize those block ciphers that are vulnerable to this technique and among them, we apply this attack on lightweight block ciphers Piccolo-80, Piccolo-128 and HIGHT. The data complexity of these attacks is only 16 plaintextciphertext pairs which is considerably less than the existing cryptanalytic results. In all the attacks the computational complexity remains the same as the previous ones or even it is slightly improved. Keywords: (not provided) (ID#:14-2371) URL:
  • Aysu, A; Gulcan, E.; Schaumont, P., "SIMON Says: Break Area Records of Block Ciphers on FPGAs," Embedded Systems Letters, IEEE , vol.6, no.2, pp.37,40, June 2014. doi: 10.1109/LES.2014.2314961 While advanced encryption standard (AES) is extensively in use in a number of applications, its area cost limits its deployment in resource constrained platforms. In this letter, we have implemented SIMON, a recent promising low-cost alternative of AES on reconfigurable platforms. The Feistel network, the construction of the round function and the key generation of SIMON, enables bit-serial hardware architectures which can significantly reduce the cost. Moreover, encryption and decryption can be done using the same hardware. The results show that with an equivalent security level, SIMON is 86% smaller than AES, 70% smaller than PRESENT (a standardized low-cost AES alternative), and its smallest hardware architecture only costs 36 slices (72 LUTs, 30 registers). To our best knowledge, this work sets the new area records as we propose the hardware architecture of the smallest block cipher ever published on field-programmable gate arrays (FPGAs) at 128-bit level of security. Therefore, SIMON is a strong alternative to AES for low-cost FPGA-based applications. Keywords: cryptography; field programmable gate arrays; Feistel network; SIMON; advanced encryption standard; bit-serial hardware architectures; block ciphers; break area records; cost reduction; decryption; equivalent security level; field-programmable gate arrays; hardware architecture; low-cost FPGA-based applications; reconfigurable platforms; resource constrained platforms; round function; standardized low-cost AES alternative; Ciphers; Encryption; Field programmable gate arrays; Hardware; Parallel processing; Table lookup; Block ciphers; SIMON; field-programmable gate arrays (FPGAs) implementation; lightweight cryptography (ID#:14-2372) URL:
  • Mathew, S.; Satpathy, S.; Suresh, V.; Kaul, H.; Anders, M.; Chen, G.; Agarwal, A; Hsu, S.; Krishnamurthy, R., "340mV-1.1V, 289Gbps/W, 2090-gate NanoAES Hardware Accelerator With Area-Optimized Encrypt/Decrypt GF(24)2 Polynomials In 22nm Tri-Gate CMOS," VLSI Circuits Digest of Technical Papers, 2014 Symposium on , vol., no., pp.1,2, 10-13 June 2014. doi: 10.1109/VLSIC.2014.6858420 An on-die, lightweight nanoAES hardware accelerator is fabricated in 22nm tri-gate CMOS, targeted for ultra-low power mobile SOCs. Compared to conventional 128-bit AES implementations, this design uses an 8-bit Sbox datapath along with ShiftRow byte-order processing to compute all AES rounds in native GF(24)2 composite-field. This approach along with a serial-accumulating MixColumns circuit, area-optimized encrypt and decrypt Galois-field polynomials and integrated on-the-fly key generation circuit results in a compact 2090-gate design, enabling peak energy-efficiency of 289Gbps/W and AES-128 encrypt/decrypt throughput of 432/671Mbps with total energy consumption of 4.7/3nJ measured at 0.9V, 25degC. Keywords: CMOS digital integrated circuits; Galois fields; cryptography ;low-power electronics; system-on-chip; AES rounds; Sbox datapath; ShiftRow byte-order processing; area-optimized encrypt polynomials ;compact 2090-gate design; decrypt Galois-field polynomials; integrated on-the-fly key generation circuit; lightweight nanoAES hardware accelerator; native composite-field; serial-accumulating MixColumns circuit; size 22 nm; temperature 25 degC; trigate CMOS; ultra-low power mobile SOC; voltage 340 mV to 1.1 V; word length 8 bit; Abstracts; Area measurement; Ciphers; Energy measurement ;IP networks; Logic gates (ID#:14-2373) URL:


Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to SoS.Project (at) for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.