Catalog and Illustrative Examples of Lightweight Cryptographic Primitives

The main objective of this chapter is to offer to practitioners, researchers and all interested parties a brief categorized catalog of existing lightweight symmetric primitives with their main cryptographic features, ultimate hardware performance, and existing security analysis, so they can easily compare the ciphers or choose some of them according to their needs. Certain security evaluation issues have been addressed as well. In particular, the reason behind why modern lightweight block cipher designs have in the last decade overwhelmingly dominated stream cipher design is analyzed in terms of security against tradeoff attacks. It turns out that it is possible to design stream ciphers having much smaller internal states.

[1]  Martin Feldhofer,et al.  A Case Against Currently Used Hash Functions in RFID Protocols , 2006, OTM Workshops.

[2]  Jean-Philippe Aumasson,et al.  SipHash: A Fast Short-Input PRF , 2012, INDOCRYPT.

[3]  Shaozhen Chen,et al.  Cryptanalysis of full PRIDE block cipher , 2015, Science China Information Sciences.

[4]  Eyal Kushilevitz,et al.  Improved Cryptanalysis of RC5 , 1998, EUROCRYPT.

[5]  Vincent Rijmen,et al.  ALE: AES-Based Lightweight Authenticated Encryption , 2013, FSE.

[6]  Eik List,et al.  Differential Cryptanalysis of Round-Reduced Sparx-64/128 , 2018, IACR Cryptol. ePrint Arch..

[7]  Bo Zhu,et al.  The Simeck Family of Lightweight Block Ciphers , 2015, CHES.

[8]  Andrey Bogdanov,et al.  A 3-Subset Meet-in-the-Middle Attack: Cryptanalysis of the Lightweight Block Cipher KTANTAN , 2010, IACR Cryptol. ePrint Arch..

[9]  Samuel Neves,et al.  Analysis of NORX , 2014, IACR Cryptol. ePrint Arch..

[10]  Jérémy Jean,et al.  Cryptanalysis of FIDES , 2014, FSE.

[11]  Joos Vandewalle,et al.  A New Approach to Block Cipher Design , 1993, FSE.

[12]  Lin Ding,et al.  Cryptanalysis of MICKEY family of stream ciphers , 2013, Secur. Commun. Networks.

[13]  Nicky Mouha,et al.  Report on Lightweight Cryptography , 2017 .

[14]  Frederik Armknecht,et al.  On Ciphers that Continuously Access the Non-Volatile Key , 2017, IACR Trans. Symmetric Cryptol..

[15]  Damith C. Ranasinghe,et al.  A2U2: A stream cipher for printed electronics RFID tags , 2011, 2011 IEEE International Conference on RFID.

[16]  S. Babbage Improved “exhaustive search” attacks on stream ciphers , 1995 .

[17]  Ronald L. Rivest,et al.  The RC5 Encryption Algorithm , 1994, FSE.

[18]  Christof Paar,et al.  New Lightweight DES Variants , 2007, FSE.

[19]  Avik Chakraborti,et al.  TriviA: A Fast and Secure Authenticated Encryption Scheme , 2015, CHES.

[20]  Andrey Bogdanov,et al.  spongent: A Lightweight Hash Function , 2011, CHES.

[21]  Hongjun Wu,et al.  Improving the Biclique Cryptanalysis of AES , 2015, ACISP.

[22]  Dipanwita Roy Chowdhury,et al.  CAR30: A new scalable stream cipher with rule 30 , 2012, Cryptography and Communications.

[23]  Subhadeep Banik,et al.  Some Results on Sprout , 2015, INDOCRYPT.

[24]  H. Feistel Cryptography and Computer Privacy , 1973 .

[25]  Wen-Feng Qi,et al.  Internal state recovery of Grain v1 employing guess-and-determine attack , 2017, IET Inf. Secur..

[26]  Matthew J. B. Robshaw,et al.  PRINTcipher: A Block Cipher for IC-Printing , 2010, CHES.

[27]  Daniel J. Bernstein,et al.  The Salsa20 Family of Stream Ciphers , 2008, The eSTREAM Finalists.

[28]  Honggang Hu,et al.  Fruit-80: A Secure Ultra-Lightweight Stream Cipher for Constrained Environments , 2018, Entropy.

[29]  Dmitry Khovratovich,et al.  The LOCAL attack: Cryptanalysis of the authenticated encryption scheme ALE , 2013, IACR Cryptol. ePrint Arch..

[30]  Michael Hutter,et al.  Pushing the Limits of SHA-3 Hardware Implementations to Fit on RFID , 2013, CHES.

[31]  Hideki Imai,et al.  Internal state recovery of grain-v1 employing normality order of the filter function , 2012, IET Inf. Secur..

[32]  Vincent Rijmen,et al.  The Design of Rijndael , 2002, Information Security and Cryptography.

[33]  Thomas Peyrin,et al.  Practical Cryptanalysis of ARMADILLO2 , 2012, FSE.

[34]  Bin Zhang,et al.  Multiset Collision Attacks on Reduced-Round SNOW 3G and SNOW 3G (+) , 2010, ACNS.

[35]  Ioannis Papaefstathiou,et al.  A review of lightweight block ciphers , 2018, Journal of Cryptographic Engineering.

[36]  Kritika Jain,et al.  BEAN: a lightweight stream cipher , 2009, SIN '09.

[37]  Minm Xie,et al.  Related-Key Impossible Differential Cryptanalysis of LBlock , 2017 .

[38]  Guang Gong,et al.  sLiSCP: Simeck-Based Permutations for Lightweight Sponge Cryptographic Primitives , 2017, SAC.

[39]  Gaëtan Leurent,et al.  Improved Differential-Linear Cryptanalysis of 7-Round Chaskey with Partitioning , 2016, EUROCRYPT.

[40]  Andrey Bogdanov,et al.  Hash Functions and RFID Tags: Mind the Gap , 2008, CHES.

[41]  Adi Shamir,et al.  A Practical-Time Related-Key Attack on the KASUMI Cryptosystem Used in GSM and 3G Telephony , 2010, CRYPTO.

[42]  Subhamoy Maitra,et al.  Significantly Improved Multi-bit Differentials for Reduced Round Salsa and ChaCha , 2017, IACR Cryptol. ePrint Arch..

[43]  Martin Hell,et al.  A Stream Cipher Proposal: Grain-128 , 2006, 2006 IEEE International Symposium on Information Theory.

[44]  Gregor Leander,et al.  A Cryptanalysis of PRINTcipher: The Invariant Subspace Attack , 2011, CRYPTO.

[45]  Jongsung Kim,et al.  HIGHT: A New Block Cipher Suitable for Low-Resource Device , 2006, CHES.

[46]  Bart Preneel,et al.  A MAC Mode for Lightweight Block Ciphers , 2016, FSE.

[47]  Roberto Maria Avanzi,et al.  The QARMA Block Cipher Family. Almost MDS Matrices Over Rings With Zero Divisors, Nearly Symmetric Even-Mansour Constructions With Non-Involutory Central Rounds, and Search Heuristics for Low-Latency S-Boxes , 2017, IACR Trans. Symmetric Cryptol..

[48]  Abhijit Patil,et al.  GRANULE: An Ultra lightweight cipher design for embedded security , 2018, IACR Cryptol. ePrint Arch..

[49]  Jovan Dj. Golic,et al.  Cryptanalysis of Alleged A5 Stream Cipher , 1997, EUROCRYPT.

[50]  Debdeep Mukhopadhyay,et al.  CAvium - Strengthening Trivium Stream Cipher Using Cellular Automata , 2012, J. Cell. Autom..

[51]  Meiqin Wang,et al.  Differential Cryptanalysis of Reduced-Round ICEBERG , 2008, AFRICACRYPT.

[52]  Samuel Neves,et al.  NORX8 and NORX16: Authenticated Encryption for Low-End Systems , 2015, IACR Cryptol. ePrint Arch..

[53]  Erich Wenger,et al.  Ascon hardware implementations and side-channel evaluation , 2017, Microprocess. Microsystems.

[54]  Jiqiang Lu Related-key rectangle attack on 36 rounds of the XTEA block cipher , 2008, International Journal of Information Security.

[55]  Christof Paar,et al.  Pushing the Limits: A Very Compact and a Threshold Implementation of AES , 2011, EUROCRYPT.

[56]  Lin Ding,et al.  Cryptanalysis of Lightweight WG-8 Stream Cipher , 2014, IEEE Transactions on Information Forensics and Security.

[57]  Dongdai Lin,et al.  RECTANGLE: a bit-slice lightweight block cipher suitable for multiple platforms , 2015, Science China Information Sciences.

[58]  Amr M. Youssef,et al.  Differential Fault Analysis of Rabbit , 2009, Selected Areas in Cryptography.

[59]  Martin Hell,et al.  Cryptanalysis of the stream cipher BEAN , 2011, SIN '11.

[60]  Nicolas Courtois,et al.  An Improved Differential Attack on Full GOST , 2015, The New Codebreakers.

[61]  Thomas Peyrin,et al.  The LED Block Cipher , 2011, IACR Cryptol. ePrint Arch..

[62]  David A. Wagner,et al.  TinySec: a link layer security architecture for wireless sensor networks , 2004, SenSys '04.

[63]  Frederik Armknecht,et al.  On Lightweight Stream Ciphers with Shorter Internal States , 2015, FSE.

[64]  Toru Akishita,et al.  Very Compact Hardware Implementations of the Blockcipher CLEFIA , 2011, Selected Areas in Cryptography.

[65]  Mohammad Dakhilalian,et al.  Biclique cryptanalysis of MIBS-80 and PRESENT-80 block ciphers , 2016, Secur. Commun. Networks.

[66]  Ari Juels,et al.  Authenticating Pervasive Devices with Human Protocols , 2005, CRYPTO.

[67]  Kyoji Shibutani,et al.  Piccolo: An Ultra-Lightweight Blockcipher , 2011, CHES.

[68]  Dmitry Khovratovich,et al.  Collision Spectrum, Entropy Loss, T-Sponges, and Cryptanalysis of GLUON-64 , 2014, FSE.

[69]  Adi Shamir,et al.  Improved Related-key Attacks on DESX and DESX+ , 2008, Cryptologia.

[70]  Vincent Rijmen,et al.  The Design of Rijndael: AES - The Advanced Encryption Standard , 2002 .

[71]  Daniel W. Engels,et al.  The Hummingbird-2 Lightweight Authenticated Encryption Algorithm , 2011, RFIDSec.

[72]  Anne Canteaut,et al.  PRINCE - A Low-Latency Block Cipher for Pervasive Computing Applications - Extended Abstract , 2012, ASIACRYPT.

[73]  Xin Liu,et al.  An area-efficient implementation of a Message Authentication Code (MAC) algorithm for cryptographic systems , 2016, 2016 IEEE Region 10 Conference (TENCON).

[74]  Guang Gong,et al.  Design space exploration of the lightweight stream cipher WG-8 for FPGAs and ASICs , 2013, WESS '13.

[75]  Toshinobu Kaneko,et al.  Enocoro-80: A Hardware Oriented Stream Cipher , 2008, 2008 Third International Conference on Availability, Reliability and Security.

[76]  Mohammad Reza Aref,et al.  An Improved Truncated Differential Cryptanalysis of Klein , 2016 .

[77]  Jean-Jacques Quisquater,et al.  SEA: A Scalable Encryption Algorithm for Small Embedded Applications , 2006, CARDIS.

[78]  Mohamed Ahmed Abdelraheem,et al.  Estimating the Probabilities of Low-Weight Differential and Linear Approximations on PRESENT-Like Ciphers , 2012, ICISC.

[79]  Kyoji Shibutani,et al.  Midori: A Block Cipher for Low Energy , 2015, ASIACRYPT.

[80]  Achiya Bar-On,et al.  A 2^70 Attack on the Full MISTY1 , 2016, CRYPTO.

[81]  Martin E. Hellman,et al.  A cryptanalytic time-memory trade-off , 1980, IEEE Trans. Inf. Theory.

[82]  Martin Boesgaard,et al.  Rabbit: A New High-Performance Stream Cipher , 2003, FSE.

[83]  Daniel Kales,et al.  Practical Key-Recovery Attack on MANTIS5 , 2016, IACR Trans. Symmetric Cryptol..

[84]  Chae Hoon Lim,et al.  mCrypton - A Lightweight Block Cipher for Security of Low-Cost RFID Tags and Sensors , 2005, WISA.

[85]  Alex Biryukov,et al.  Real Time Cryptanalysis of A5/1 on a PC , 2000, FSE.

[86]  Alex Biryukov,et al.  State of the Art in Lightweight Symmetric Cryptography , 2017, IACR Cryptol. ePrint Arch..

[87]  Fan Zhang,et al.  A practical state recovery attack on the stream cipher Sablier v1 , 2014, IACR Cryptol. ePrint Arch..

[88]  Anne Canteaut,et al.  Related-Key Attack on Full-Round PICARO , 2015, SAC.

[89]  Zongbin Liu,et al.  HPAZ: A high-throughput pipeline architecture of ZUC in hardware , 2016, 2016 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[90]  Charalampos Manifavas,et al.  A survey of lightweight stream ciphers for embedded systems , 2016, Secur. Commun. Networks.

[91]  K. M. M. Prabhu,et al.  Implementation of MTD-WVD on a TMS320C30 DSP processor , 1998, Microprocess. Microsystems.

[92]  Ingrid Verbauwhede,et al.  A low-cost implementation of Trivium , 2008 .

[93]  A. E. Harmanci,et al.  ITUbee: A Software Oriented Lightweight Block Cipher , 2013, LightSec.

[94]  Yun Tian,et al.  Quavium - A New Stream Cipher Inspired by Trivium , 2012, J. Comput..

[95]  Willi Meier,et al.  A Key-recovery Attack on 855-round Trivium , 2018, IACR Cryptol. ePrint Arch..

[96]  Thomas Peyrin,et al.  The SKINNY Family of Block Ciphers and its Low-Latency Variant MANTIS , 2016, IACR Cryptol. ePrint Arch..

[97]  Bruce Schneier,et al.  Related-key cryptanalysis of 3-WAY, Biham-DES, CAST, DES-X, NewDES, RC2, and TEA , 1997, ICICS.

[98]  Kevin Marquet,et al.  The GLUON Family: A Lightweight Hash Function Family Based on FCSRs , 2012, AFRICACRYPT.

[99]  Masakatu Morii,et al.  Slide Cryptanalysis of Lightweight Stream Cipher RAKAPOSHI , 2012, IWSEC.

[100]  Pieter H. Hartel,et al.  TuLP: A Family of Lightweight Message Authentication Codes for Body Sensor Networks , 2013, Journal of Computer Science and Technology.

[101]  Florian Mendel,et al.  Related-Key Impossible-Differential Attack on Reduced-Round Skinny , 2017, ACNS.

[102]  Shinsaku Kiyomoto,et al.  The rakaposhi Stream Cipher , 2009, ICICS.

[103]  Bin Zhang,et al.  Fast Near Collision Attack on the Grain v1 Stream Cipher , 2018, IACR Cryptol. ePrint Arch..

[104]  Hideki Imai,et al.  Internal state recovery of keystream generator LILI-128 based on a novel weakness of the employed Boolean function , 2012, Inf. Process. Lett..

[105]  Yee Wei Law,et al.  KLEIN: A New Family of Lightweight Block Ciphers , 2010, RFIDSec.

[106]  Kouichi Itoh,et al.  A Very Compact Hardware Implementation of the KASUMI Block Cipher , 2010, WISTP.

[107]  Yu Sasaki,et al.  New Differential Bounds and Division Property of Lilliput: Block Cipher with Extended Generalized Feistel Network , 2016, SAC.

[108]  François-Xavier Standaert,et al.  Improving the security and efficiency of block ciphers based on LS-designs , 2016, Designs, Codes and Cryptography.

[109]  Christophe De Cannière,et al.  KATAN and KTANTAN - A Family of Small and Efficient Hardware-Oriented Block Ciphers , 2009, CHES.

[110]  Xiaoyun Wang,et al.  Linear Hull Attack on Round-Reduced Simeck with Dynamic Key-Guessing Techniques , 2016, ACISP.

[111]  Anne Canteaut,et al.  Multiple Differential Cryptanalysis of Round-Reduced PRINCE , 2014, FSE.

[112]  Steve Babbage,et al.  The MICKEY Stream Ciphers , 2008, The eSTREAM Finalists.

[113]  Bin Zhang,et al.  Practical-time related-key attack on Hummingbird-2 , 2015, IET Inf. Secur..

[114]  Bruce Schneier,et al.  Helix: Fast Encryption and Authentication in a Single Cryptographic Primitive , 2003, FSE.

[115]  Martin Hell,et al.  Grain: a stream cipher for constrained environments , 2007, Int. J. Wirel. Mob. Comput..

[116]  Takanori Isobe,et al.  Some cryptanalytic results on Lizard , 2017, IACR Cryptol. ePrint Arch..

[117]  Shuang Wu,et al.  LHash: A Lightweight Hash Function , 2013, Inscrypt.

[118]  Dongdai Lin,et al.  Survey on cyberspace security , 2015, Science China Information Sciences.

[119]  Andrey Bogdanov,et al.  Fides: Lightweight Authenticated Cipher with Side-Channel Resistance for Constrained Hardware , 2013, CHES.

[120]  Florian Mendel,et al.  Ascon v1.2: Lightweight Authenticated Encryption and Hashing , 2021, Journal of Cryptology.

[121]  Guang Gong,et al.  WG-8: A Lightweight Stream Cipher for Resource-Constrained Smart Devices , 2015, EAI Endorsed Trans. Security Safety.

[122]  Alex Biryukov,et al.  Design Strategies for ARX with Provable Bounds: Sparx and LAX , 2016, ASIACRYPT.

[123]  Andrey Bogdanov,et al.  PRESENT: An Ultra-Lightweight Block Cipher , 2007, CHES.

[124]  Wenling Wu,et al.  LBlock: A Lightweight Block Cipher , 2011, ACNS.

[125]  François-Xavier Standaert,et al.  LS-Designs: Bitslice Encryption for Efficient Masked Software Implementations , 2014, FSE.

[126]  Masakatu Morii,et al.  On Design of Robust Lightweight Stream Cipher with Short Internal State , 2018, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[127]  Qianqian Yang,et al.  Automatic Differential Analysis of ARX Block Ciphers with Application to SPECK and LEA , 2016, IACR Cryptol. ePrint Arch..

[128]  Dengguo Feng,et al.  A Real-Time Key Recovery Attack on the Lightweight Stream Cipher A2U2 , 2012, CANS.

[129]  Xiaoyun Wang,et al.  Conditional Cube Attack on Round-Reduced ASCON , 2017, IACR Trans. Symmetric Cryptol..

[130]  Claude Carlet,et al.  PICARO - A Block Cipher Allowing Efficient Higher-Order Side-Channel Resistance , 2012, ACNS.

[131]  Li Lin,et al.  Automatic Search for Key-Bridging Technique: Applications to LBlock and TWINE , 2016, FSE.

[132]  Pascal Junod On the Complexity of Matsui's Attack , 2001, Selected Areas in Cryptography.

[133]  Christof Paar,et al.  Block Ciphers - Focus on the Linear Layer (feat. PRIDE) , 2014, CRYPTO.

[134]  Brice Minaud,et al.  A Generic Approach to Invariant Subspace Attacks: Cryptanalysis of Robin, iSCREAM and Zorro , 2015, EUROCRYPT.

[135]  M. Luk,et al.  MiniSec: A Secure Sensor Network Communication Architecture , 2007, 2007 6th International Symposium on Information Processing in Sensor Networks.

[136]  Mitsuru Matsui,et al.  New Block Encryption Algorithm MISTY , 1997, FSE.

[137]  Jean-Didier Legat,et al.  ICEBERG : An Involutional Cipher Efficient for Block Encryption in Reconfigurable Hardware , 2004, FSE.

[138]  Willi Meier,et al.  Quark: A Lightweight Hash , 2010, Journal of Cryptology.

[139]  Thomas Peyrin,et al.  The PHOTON Family of Lightweight Hash Functions , 2011, IACR Cryptol. ePrint Arch..

[140]  María Naya-Plasencia,et al.  Scrutinizing and Improving Impossible Differential Attacks: Applications to CLEFIA, Camellia, LBlock and Simon (Full Version) , 2014, IACR Cryptol. ePrint Arch..

[141]  Kyoji Shibutani,et al.  The 128-Bit Blockcipher CLEFIA (Extended Abstract) , 2007, FSE.

[142]  Thierry P. Berger,et al.  Extended Generalized Feistel Networks Using Matrix Representation to Propose a New Lightweight Block Cipher: Lilliput , 2016, IEEE Transactions on Computers.

[143]  N. Felber,et al.  VLSI hardware evaluation of the stream ciphers Salsa20 and ChaCha, and the compression function Rumba , 2008, 2008 2nd International Conference on Signals, Circuits and Systems.

[144]  Stéphane Badel,et al.  ARMADILLO: A Multi-purpose Cryptographic Primitive Dedicated to Hardware , 2010, CHES.

[145]  Willi Meier,et al.  Heavy Quark for secure AEAD , 2012 .

[146]  Huaxiong Wang,et al.  256 Bit Standardized Crypto for 650 GE - GOST Revisited , 2010, CHES.

[147]  Cheng Wang,et al.  An ultra compact block cipher for serialized architecture implementations , 2009, 2009 Canadian Conference on Electrical and Computer Engineering.

[148]  Willi Meier,et al.  The Conditional Correlation Attack: A Practical Attack on Bluetooth Encryption , 2005, CRYPTO.

[149]  Alex Biryukov,et al.  Cryptanalytic Time/Memory/Data Tradeoffs for Stream Ciphers , 2000, ASIACRYPT.

[150]  Andrey Bogdanov,et al.  APE: Authenticated Permutation-Based Encryption for Lightweight Cryptography , 2014, FSE.

[151]  Claude E. Shannon,et al.  Communication theory of secrecy systems , 1949, Bell Syst. Tech. J..

[152]  Hideki Imai,et al.  Generic cryptographic weakness of k-normal Boolean functions in certain stream ciphers and cryptanalysis of grain-128 , 2012, Period. Math. Hung..

[153]  María Naya-Plasencia,et al.  Block Ciphers That Are Easier to Mask: How Far Can We Go? , 2013, CHES.

[154]  Kazuhiko Minematsu,et al.  $\textnormal{\textsc{TWINE}}$ : A Lightweight Block Cipher for Multiple Platforms , 2012, Selected Areas in Cryptography.

[155]  Gaëtan Leurent,et al.  Differential Forgery Attack Against LAC , 2014, SAC.

[156]  Suhap Sahin,et al.  RoadRunneR: A Small and Fast Bitslice Block Cipher for Low Cost 8-Bit Processors , 2015, LightSec.

[157]  Mohammad Reza Aref,et al.  Low-Data Complexity Biclique Cryptanalysis of Block Ciphers With Application to Piccolo and HIGHT , 2014, IEEE Transactions on Information Forensics and Security.

[158]  Jason Smith,et al.  The SIMON and SPECK lightweight block ciphers , 2015, 2015 52nd ACM/EDAC/IEEE Design Automation Conference (DAC).

[159]  Mohammad Dakhilalian,et al.  Cryptanalysis of mCrypton - A lightweight block cipher for security of RFID tags and sensors , 2012, Int. J. Commun. Syst..

[160]  Yu Sasaki,et al.  Multi-differential Cryptanalysis on Reduced DM-PRESENT-80: Collisions and Other Differential Properties , 2012, ICISC.

[161]  Boaz Tsaban,et al.  Cryptanalysis of SP Networks with Partial Non-Linear Layers , 2015, EUROCRYPT.

[162]  Frédéric Muller Differential Attacks against the Helix Stream Cipher , 2004, FSE.