nach oben

Journal of Cryptographic Engineering

Erschienen in:

14.07.2018 | Regular Paper

Triathlon of lightweight block ciphers for the Internet of things

verfasst von: Daniel Dinu, Yann Le Corre, Dmitry Khovratovich, Léo Perrin, Johann Großschädl, Alex Biryukov

Erschienen in: Journal of Cryptographic Engineering | Ausgabe 3/2019

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

In this paper, we introduce a framework for the benchmarking of lightweight block ciphers on a multitude of embedded platforms. Our framework is able to evaluate the execution time, RAM footprint, as well as binary code size, and allows one to define a custom “figure of merit” according to which all evaluated candidates can be ranked. We used the framework to benchmark implementations of 19 lightweight ciphers, namely AES, Chaskey, Fantomas, HIGHT, LBlock, LEA, LED, Piccolo, PRESENT, PRIDE, PRINCE, RC5, RECTANGLE, RoadRunneR, Robin, Simon, SPARX, Speck, and TWINE, on three microcontroller platforms: 8-bit AVR, 16-bit MSP430, and 32-bit ARM. Our results bring some new insights into the question of how well these lightweight ciphers are suited to secure the Internet of things. The benchmarking framework provides cipher designers with an easy-to-use tool to compare new algorithms with the state of the art and allows standardization organizations to conduct a fair and consistent evaluation of a large number of candidates.

Vorheriger Artikel Mixed-radix Naccache–Stern encryption

Nächster Artikel Polynomial direct sum masking to protect against both SCA and FIA

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Nur mit Berechtigung zugänglich

The main reason for evaluating the execution time for ARM on a development board is that we could not find a cycle-accurate Cortex-M instruction set simulator of good quality that is freely available.

The maintainers of the BLOC project merged our pull request on GitHub that fixed the mentioned issues, see http://github.com/kmarquet/bloc/pull/2.

All results reported in this paper are based on version 1.1.20 of the FELICS framework, which can be downloaded from http://www.cryptolux.org/index.php/File:FELICS.zip.

One can get a rough estimate of the energy consumption by simply forming the product of execution time, average power consumption of the target processor, and supply voltage. More accurate energy figures could be obtained by extending the framework to support power measurements on microprocessor development boards.

Albrecht, M.R., Driessen, B., Kavun, E.B., Leander, G., Paar, C., Yalçin, T.: Block ciphers–focus on the linear layer (feat. PRIDE). In: Garay, J.A., Gennaro, R. (eds.) Advances in Cryptology–CRYPTO 2014, Volume 8616 of Lecture Notes in Computer Science, pp. 57–76. Springer, Berlin (2014)

Arduino Due, Arduino.: Specification. http://store.arduino.cc/arduino-due (2015). Accessed 4 Apr 2017

ARM Limited. An Introduction to the ARM Cortex-M3 Processor. White paper, http://www.arm.com/ja/files/pdf/IntroToCortex-M3.pdf (2006). Accessed 4 Apr 2017

Atmel Corporation. 8-bit AVR Microcontroller with 128K Bytes In-System Programmable Flash: ATmega128, ATmega128L. Datasheet, http://www.atmel.com/images/doc2467.pdf (2008). Accessed 4 Apr 2017

Atzori, L., Iera, A., Morabito, G.: The internet of things: a survey. Comput. Netw. 54(15), 2787–2805 (2010)CrossRefMATH

Baysal, A., Sahin, S.: RoadRunneR: a small and fast bitslice block cipher for low cost 8-bit processors. In: Güneysu, T., Leander, G., Moradi, A. (eds.) Lightweight Cryptography for Security and Privacy—LightSec 2015, Volume 9542 of Lecture Notes in Computer Science, pp. 58–76. Springer, Berlin (2016)

Beaulieu, R., Shors, D., Smith, J., Treatman-Clark, S., Weeks, B., Wingers, L.: The SIMON and SPECK families of lightweight block ciphers. Cryptology ePrint Archive, Report 2013/404 (2013)

Beer, D.: MSPDebug: Debugging Tool for MSP430 MCUs. http://dlbeer.co.nz/mspdebug (2015). Accessed 4 Apr 2017

Bernstein, D.J., Lange, T.: eBACS: ECRYPT Benchmarking of Cryptographic Systems. http://bench.cr.yp.to (2015). Accessed 4 Apr 2017

10.

Biryukov, A., Kushilevitz, E.: Improved cryptanalysis of RC5. In: Nyberg, K. (ed.) Advances in Cryptology—EUROCRYPT ’98, Volume 1403 of Lecture Notes in Computer Science, pp. 85–99. Springer, Berlin (1998)

11.

Blondeau, C., Nyberg, K.: Links between truncated differential and multidimensional linear properties of block ciphers and underlying attack complexities. In: Nguyen, P.Q., Oswald, E. (eds.) Advances in Cryptologypages—EUROCRYPT 2014, Volume 8441 of Lecture Notes in Computer Science, pp. 165–182. Springer, Berlin (2014)

12.

Bogdanov, A., Knudsen, L.R., Leander, G., Paar, C., Poschmann, A., Robshaw, M.J., Seurin, Y., Vikkelsoe, C.H.: PRESENT: an ultra-lightweight block cipher. In: Paillier, P., Verbauwhede, I. (eds.) Cryptographic Hardware and Embedded Systems—CHES 2007, Volume 4727 of Lecture Notes in Computer Science, pp. 450–466. Springer, Berlin (2007)

13.

Borghoff, J., Canteaut, A., Güneysu, T., Kavun, E.B., Knezevic, M., Knudsen, L.R., Leander, G., Nikov, V., Paar, C., Rechberger, C., Rombouts, P., Thomsen, S.S., Yalçin, T.: PRINCE—A low-latency block cipher for pervasive computing applications. In: Wang, X., Sako, K. (eds.) Advances in Cryptology—ASIACRYPT 2012, Volume 7658 of Lecture Notes in Computer Science, pp. 208–225. Springer, Berlin (2012)

14.

Boura, C., Naya-Plasencia, M., Suder, V.: Scrutinizing and improving impossible differential attacks: applications to CLEFIA, Camellia, LBlock and Simon. In: Sarkar, P., Iwata, T. (eds.) Advances in Cryptology—ASIACRYPT 2014, Volume 8873 of Lecture Notes in Computer Science, pp. 179–199. Springer, Berlin (2014)

15.

Canteaut, A., Fuhr, T., Gilbert, H., Naya-Plasencia, M., Reinhard, J.-R.: Multiple differential cryptanalysis of round-reduced PRINCE. In: Cid, C., Rechberger, C. (eds.) Fast Software Encryption—FSE 2014, Volume 8540 of Lecture Notes in Computer Science, pp. 591–610. Springer, Berlin (2015)

16.

Cazorla, M., Gourgeon, S., Marquet, K., Minier, M.: Implementations of lightweight block ciphers on a WSN430 sensor. http://bloc.project.citi-lab.fr/library.html (2015). Accessed 4 Apr 2017

17.

Cazorla, M., Marquet, K., Minier, M.: Survey and benchmark of lightweight block ciphers for wireless sensor networks. In: Samarati, P. (ed.) Proceedings of the 10th International Conference on Security and Cryptography (SECRYPT 2013), pp. 543–548. SciTePress, Setúbal (2013)

18.

Chen, H., Wang, X.: Improved linear hull attack on round-reduced Simon with dynamic key-guessing techniques. Cryptology ePrint Archive, Report 2015/666 (2015)

19.

CryptoLUX Team. FELICS: Fair Evaluation of Lightweight Cryptographic Systems. http://www.cryptolux.org/index.php/FELICS (2016). Accessed 4 Apr 2017

20.

Daemen, J., Peeters, M., Van Assche, G., Rijmen, V.: Nessie proposal: NOEKEON. Specification, http://gro.noekeon.org/Noekeon-spec.pdf (2000). Accessed 4 Apr 2017

21.

Daemen, J., Rijmen, V.: The Design of Rijndael: AES—the Advanced Encryption Standard. Springer, Berlin (2002)CrossRefMATH

22.

Derbez, P., Fouque, P.-A.: Exhausting Demirci–Selçuk meet-in-the-middle attacks against reduced-round AES. In: Moriai, S. (ed.) Fast Software Encryption—FSE 2013, Volume 8424 of Lecture Notes in Computer Science, pp. 541–560. Springer, Berlin (2013)

23.

Dinu, D., Perrin, L., Udovenko, A., Velichkov, V., Großschädl, J., Biryukov, A.: Design strategies for ARX with provable bounds: Sparx and LAX. In: Cheon, J.H., Takagi, T. (eds.) Advances in Cryptology—ASIACRYPT 2016, Volume 10031 of Lecture Notes in Computer Science, pp. 484–513. Springer, Berlin (2016)

24.

Dinur, I., Dunkelman, O., Keller, N., Shamir, A.: Key recovery attacks on 3-round Even-Mansour, 8-step LED-128, and full AES2. In: Sako, K., Sarkar, P. (eds.) Advances in Cryptology—ASIACRYPT 2013, Volume 8269 of Lecture Notes in Computer Science, pp. 337–356. Springer, Berlin (2013)

25.

Eisenbarth, T., Gong, Z., Güneysu, T., Heyse, S., Indesteege, S., Kerckhof, S., Koeune, F., Nad, T., Plos, T., Regazzoni, F., Standaert, F.-X., van Oldeneel tot Oldenzeel, L.: Compact implementation and performance evaluation of block ciphers in ATtiny devices. In: Mitrokotsa, A., Vaudenay, S. (eds.) Progress in Cryptology—AFRICACRYPT 2012, Volume 7374 of Lecture Notes in Computer Science, pp. 172–187. Springer, Berlin (2012)

26.

Eisenbarth, T., Kumar, S.S., Paar, C., Poschmann, A., Uhsadel, L.: A survey of lightweight-cryptography implementations. IEEE Des. Test Comput. 24(6), 522–533 (2007)CrossRef

27.

European Network of Excellence in Cryptology (ECRYPT II). Implementations of Low Cost Block Ciphers in Atmel AVR Devices. http://perso.uclouvain.be/fstandae/source_codes/lightweight_ciphers (2015). Accessed 4 Apr 2017

28.

Evans, D.: The Internet of Things: How the Next Evolution of the Internet is Changing Everything. Cisco IBSG white paper, http://www.cisco.com/web/about/ac79/docs/innov/IoT_IBSG_0411FINAL.pdf (2011). Accessed 4 Apr 2017

29.

Feldhofer, M., Dominikus, S., Wolkerstorfer, J.: Strong authentication for RFID systems using the AES algorithm. In: Joye, M., Quisquater, J.-J. (eds.) Cryptographic Hardware and Embedded Systems—CHES 2004, Volume 3156 of Lecture Notes in Computer Science, pp. 357–370. Springer, Berlin (2004)

30.

Gligor, V.D.: Light-weight cryptography—How light is light? Keynote presentation at the Information Security Summer School, Florida State University. Slide deck, http://www.sait.fsu.edu/conferences/2005/is3/resources/slides/gligorv-cryptolite.ppt (2005). Accessed 4 Apr 2017

31.

Grosso, V., Leurent, G., Standaert, F.-X., Varici, K.: LS-designs: Bitslice encryption for efficient masked software implementations. In: Cid, C., Rechberger, C. (eds.) Fast Software Encryption—FSE 2014, Volume 8540 of Lecture Notes in Computer Science, pp. 18–37. Springer, Berlin (2015)

32.

Guo, J., Peyrin, T., Poschmann, A., Robshaw, M.J.: The LED block cipher. In: Preneel, B., Takagi, T. (eds.) Cryptographic Hardware and Embedded Systems–CHES 2011. Lecture Notes in Computer Science, vol. 6917, pp. 326–341. Springer, Berlin (2011)CrossRef

33.

Han, B., Lee, H., Jeong, H., Won, Y.: The HIGHT Encryption Algorithm. Internet Engineering Task Force, Network Working Group, Internet draft draft-kisa-hight-00 (work in progress) (2011)

34.

Hong, D., Lee, J.-K., Kim, D.-C., Kwon, D., Ryu, K.H., Lee, D.: LEA: a 128-bit block cipher for fast encryption on common processors. In: Kim, Y., Lee, H., Perrig, A. (eds.) Information Security Applications—WISA 2013, Volume 8267 of Lecture Notes in Computer Science, pp. 3–27. Springer, Berlin (2013)

35.

Hong, D., Sung, J., Hong, S., Lim, J., Lee, S., Koo, B., Lee, C., Chang, D., Lee, J., Jeong, K., Kim, H., Kim, J., Chee, S.: HIGHT: a new block cipher suitable for low-resource device. In: Goubin, L., Matsui, M. (eds.) Cryptographic Hardware and Embedded Systems—CHES 2006, Volume 4249 of Lecture Notes in Computer Science, pp. 46–59. Springer, Berlin (2006)

36.

IEEE Standards Association. IEEE 802.15.4-2015–IEEE Standard for Low-Rate Wireless Networks. http://standards.ieee.org/findstds/standard/802.15.4-2015.html (2015). Accessed 4 Apr 2017

37.

Journault, A., Standaert, F.-X., Varici, K.: Improving the security and efficiency of block ciphers based on LS-designs. Des. Codes Cryptogr. 82(1–2), 495–509 (2017)MathSciNetCrossRefMATH

38.

Khoo, K., Peyrin, T., Poschmann, A.Y., Yap, H.: FOAM: Searching for hardware-optimal SPN structures and components with a fair comparison. In: Batina, L., Robshaw, M.J. (eds.) Cryptographic Hardware and Embedded Systems—CHES 2014, Volume 8731 of Lecture Notes in Computer Science, pp. 433–450. Springer, Berlin (2014)

39.

Leander, G., Minaud, B., Rønjom, S.: A generic approach to invariant subspace attacks: Cryptanalysis of Robin, iSCREAM and Zorro. In: Oswald, E., Fischlin, M. (eds.) Advances in Cryptology—EUROCRYPT 2015, Volume 9056 of Lecture Notes in Computer Science, pp. 254–283. Springer, Berlin (2015)

40.

Leurent, G.: Improved differential-linear cryptanalysis of 7-round Chaskey with partitioning. In: Fischlin, M., Coron, J.-S. (eds.) Advances in Cryptology—EUROCRYPT 2016, Volume 9665 of Lecture Notes in Computer Science, pp. 344–371. Springer, Berlin (2016)

41.

Mendel, F., Rijmen, V., Toz, D., Varici, K.: Differential analysis of the LED block cipher. In: Wang, X., Sako, K. (eds.) Advances in Cryptology—ASIACRYPT 2012, Volume 7658 of Lecture Notes in Computer Science, pp. 190–207. Springer, Berlin (2012)

42.

Mouha, N., Mennink, B., Van Herrewege, A., Watanabe, D., Preneel, B., Verbauwhede, I.: Chaskey: an efficient MAC algorithm for 32-bit microcontrollers. In: Joux, A., Youssef, A.M. (eds.) Selected Areas in Cryptography—SAC 2014, Volume 8781 of Lecture Notes in Computer Science, pp. 306–323. Springer, Berlin (2014)

43.

National Institute of Standards and Technology (NIST). Advanced Encryption Standard (AES). FIPS Publication 197, http://nvlpubs.nist.gov/nistpubs/fips/nist.fips.197.pdf (2001). Accessed 4 Apr 2017

44.

National Institute of Standards and Technology (NIST). Lightweight Cryptography Project. http://csrc.nist.gov/projects/lightweight-cryptography (2016). Accessed 4 Apr 2017

45.

National Institute of Standards and Technology (NIST). SHA-3 Project. http://csrc.nist.gov/projects/hash-functions/sha-3-project (2016). Accessed 4 Apr 2017

46.

Özen, O., Varici, K., Tezcan, C., Kocair, Ç.: Lightweight block ciphers revisited: cryptanalysis of reduced round PRESENT and HIGHT. In: Boyd, C., Nieto, J.G. (eds.) Information Security and Privacy—ACISP 2009, Volume 5594 of Lecture Notes in Computer Science, pp. 90–107. Springer, Berlin (2009)

47.

Perrig, A., Szewczyk, R., Tygar, J.D., Wen, V., Culler, D.E.: SPINS: security protocols for sensor networks. Wirel. Netw. 8(5), 521–534 (2002)CrossRefMATH

48.

Rivest, R.L.: The RC5 encryption algorithm. In: Preneel, B. (ed.) Fast Software Encryption—FSE ’94, Volume 1008 of Lecture Notes in Computer Science, pp. 86–96. Springer, Berlin (1995)

49.

Schwabe, P., Stoffelen, K.: All the AES you need on Cortex-M3 and M4. In: Avanzi, R.M., Heys, H.M. (eds.) Selected Areas in Cryptography—SAC 2016, Volume 10532 of Lecture Notes in Computer Science, pp. 180–194. Springer, Berlin (2017)CrossRef

50.

Shibutani, K., Isobe, T., Hiwatari, H., Mitsuda, A., Akishita, T., Shirai, T.: Piccolo: an ultra-lightweight blockcipher. In: Preneel, B., Takagi, T. (eds.) Cryptographic Hardware and Embedded Systems—CHES 2011, Volume 6917 of Lecture Notes in Computer Science, pp. 342–357. Springer, Berlin (2011)

51.

Song, L., Huang, Z., Yang, Q.: Automatic differential analysis of ARX block ciphers with application to SPECK and LEA. Cryptology ePrint Archive, Report 2016/209 (2016)

52.

Suzaki, T., Minematsu, K., Morioka, S., Kobayashi, E.: TWINE: A lightweight, versatile block cipher. In Leander, G., Standaert, F.-X. (eds.) Proceedings of the 1st ECRYPT Workshop on Lightweight Cryptography, pp. 146–169 (2011)

53.

Texas Instruments. MSP430x1xxx Family User’s Guide. http://www.ti.com/lit/ug/slau049f/slau049f.pdf (2006). Accessed 4 Apr 2017

54.

Titzer, B.L., Lee, D.K., Palsberg, J.: Avrora: scalable sensor network simulation with precise timing. In: Vetterli, M., Yao, K. (eds.) Proceedings of the 4th International Symposium on Information Processing in Sensor Networks (IPSN 2005), pp. 477–482. IEEE (2005)

55.

Titzer, B.L., Lee, D.K., Palsberg, J.: Avrora: the AVR simulation and analysis framework. http://compilers.cs.ucla.edu/avrora (2005). Accessed 4 Apr 2017

56.

Wang, Y., Wu, W.: Improved multidimensional zero-correlation linear cryptanalysis and applications to LBlock and TWINE. In: Susilo, W., Mu, Y. (eds.) Information Security and Privacy—ACISP 2014, Volume 8544 of Lecture Notes in Computer Science. Springer, Berlin (2014)

57.

Wenzel-Benner, C., Gräf, J.: XBX: eXternal Benchmarking eXtension for the SUPERCOP crypto benchmarking framework. In: Mangard, S., Standaert, F.-X. (eds.) Cryptographic Hardware and Embedded Systems—CHES 2010, Volume 6225 of Lecture Notes in Computer Science, pp. 294–305. Springer, Berlin (2010)

58.

Wu, W., Zhang, L.: LBlock: a lightweight block cipher. In: López, J., Tsudik, G. (eds.) Applied Cryptography and Network Security—ACNS 2011, Volume 6715 of Lecture Notes in Computer Science, pp. 327–344. Springer, Berlin (2011)

59.

Yang, Q., Hu, L., Sun, S., Qiao, K., Song, L., Shan, J., Ma, X.: Improved differential analysis of block cipher PRIDE. In: López, J., Wu, Y. (eds.) Information Security Practice and Experience—ISPEC 2015, Volume 9065 of Lecture Notes in Computer Science, pp. 209–219. Springer, Berlin (2015)

60.

Yang, Q., Hu, L., Sun, S., Song, L.: Extension of meet-in-the-middle technique for truncated differential and its application to RoadRunneR. In: Chen, J., Piuri, V., Su, C., Yung, M. (eds.) Network and System Security—NSS 2016, Volume 9955 of Lecture Notes in Computer Science, pp. 398–411. Springer, Berlin (2016)

61.

Zhang, W., Bao, Z., Lin, D., Rijmen, V., Yang, B., Verbauwhede, I.: RECTANGLE: a bit-slice lightweight block cipher suitable for multiple platforms. Sci. China Inf. Sci. 58(12), 1–15 (2015)

62.

ZigBee Alliance. ZigBee Wireless Standard. http://www.zigbee.org (2015). Accessed 4 Apr 2017

Titel: Triathlon of lightweight block ciphers for the Internet of things
verfasst von: Daniel Dinu
Yann Le Corre
Dmitry Khovratovich
Léo Perrin
Johann Großschädl
Alex Biryukov
Publikationsdatum: 14.07.2018
Verlag: Springer Berlin Heidelberg
Erschienen in: Journal of Cryptographic Engineering / Ausgabe 3/2019
Print ISSN: 2190-8508
Elektronische ISSN: 2190-8516
DOI: https://doi.org/10.1007/s13389-018-0193-x

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Weitere Artikel der Ausgabe 3/2019

Why attackers lose: design and security analysis of arbitrarily large XOR arbiter PUFs

Automatic generation of HCCA-resistant scalar multiplication algorithm by proper sequencing of field multiplier operands

Side-channel robustness analysis of masked assembly codes using a symbolic approach

Mixed-radix Naccache–Stern encryption

On the verification of system-level information flow properties for virtualized execution platforms

An automated framework for exploitable fault identification in block ciphers

Premium Partner