Survey and benchmark of lightweight block ciphers for MSP430 16-bit microcontroller

For security applications in wireless sensor networks WSNs, choosing best algorithms in terms of energy-efficiency and of small memory requirements is a real challenge because the sensor networks are composed of low-power entities. In some previous works, 12 block-ciphers have been benchmarked on an ATMEL AVR ATtiny45 8-bit microcontroller and the best candidates to use in the context of small embedded platforms have been deduced. This article proposes to study on the TI 16-bit microcontroller MSP430 most of the recent lightweight block cipher proposals as well as some conventional block ciphers. First, we describe the design of the chosen block ciphers with a security and an implementation summary and we then present some implementation tests performed on our dedicated platform. Copyright © 2015 John Wiley & Sons, Ltd.

[1]  Kevin Marquet,et al.  Survey and benchmark of lightweight block ciphers for wireless sensor networks , 2013, 2013 International Conference on Security and Cryptography (SECRYPT).

[2]  Anne Canteaut,et al.  Multiple Differential Cryptanalysis of Round-Reduced PRINCE , 2014, FSE.

[3]  Ferhat Karakoç,et al.  Biclique Cryptanalysis of TWINE , 2012, CANS.

[4]  Tim Güneysu,et al.  Compact Implementation and Performance Evaluation of Block Ciphers in ATtiny Devices , 2012, AFRICACRYPT.

[5]  Anne Canteaut,et al.  PRINCE - A Low-Latency Block Cipher for Pervasive Computing Applications - Extended Abstract , 2012, ASIACRYPT.

[6]  Bruce Schneier,et al.  Related-key cryptanalysis of 3-WAY, Biham-DES, CAST, DES-X, NewDES, RC2, and TEA , 1997, ICICS.

[7]  Jongsung Kim,et al.  A Cryptanalytic View of the NSA's Skipjack Block Cipher Design , 2009, ISA.

[8]  Gaëtan Leurent,et al.  Narrow-Bicliques: Cryptanalysis of Full IDEA , 2012, EUROCRYPT.

[9]  Thomas Noël,et al.  Using SensLAB as a First Class Scientific Tool for Large Scale Wireless Sensor Network Experiments , 2011, Networking.

[10]  Jérémy Jean,et al.  Improved Key Recovery Attacks on Reduced-Round AES in the Single-Key Setting , 2013, IACR Cryptol. ePrint Arch..

[11]  S. Kyoji,et al.  Piccolo: An Ultra-Lightweight Blockcipher , 2011 .

[12]  Vincent Rijmen,et al.  Cryptanalysis of Reduced-Round SIMON32 and SIMON48 , 2014, INDOCRYPT.

[13]  François-Xavier Standaert,et al.  Multi-trail Statistical Saturation Attacks , 2010, ACNS.

[14]  Chae Hoon Lim,et al.  A Revised Version of Crypton - Crypton V1.0 , 1999, FSE.

[15]  Chae Hoon Lim,et al.  mCrypton - A Lightweight Block Cipher for Security of Low-Cost RFID Tags and Sensors , 2005, WISA.

[16]  Andrey Bogdanov,et al.  Biclique Cryptanalysis of the Full AES , 2011, ASIACRYPT.

[17]  Wenling Wu,et al.  Improved Multidimensional Zero-Correlation Linear Cryptanalysis and Applications to LBlock and TWINE , 2014, ACISP.

[18]  María Naya-Plasencia,et al.  Cryptanalysis of KLEIN , 2014, FSE.

[19]  Adi Shamir,et al.  Key Recovery Attacks on 3-round Even-Mansour, 8-step LED-128, and Full AES2 , 2013, IACR Cryptol. ePrint Arch..

[20]  Yu Sasaki,et al.  Three-Subset Meet-in-the-Middle Attack on Reduced XTEA , 2012, AFRICACRYPT.

[21]  Jong Hyuk Park Security analysis of mCrypton proper to low-cost ubiquitous computing devices and applications , 2009 .

[22]  François-Xavier Standaert,et al.  A Statistical Saturation Attack against the Block Cipher PRESENT , 2009, CT-RSA.

[23]  Kyoji Shibutani,et al.  The 128-Bit Blockcipher CLEFIA (Extended Abstract) , 2007, FSE.

[24]  Jongsung Kim,et al.  HIGHT: A New Block Cipher Suitable for Low-Resource Device , 2006, CHES.

[25]  Yee Wei Law,et al.  Survey and benchmark of block ciphers for wireless sensor networks , 2006, TOSN.

[26]  María Naya-Plasencia,et al.  Cryptanalysis of KLEIN (Full version) , 2014, IACR Cryptol. ePrint Arch..

[27]  Babak Sadeghiyan,et al.  MIBS: A New Lightweight Block Cipher , 2009, CANS.

[28]  Philip Hawkes,et al.  Differential-Linear Weak Key Classes of IDEA , 1998, EUROCRYPT.

[29]  María Naya-Plasencia,et al.  Practical Attack on 8 Rounds of the Lightweight Block Cipher KLEIN , 2011, INDOCRYPT.

[30]  Vincent Rijmen,et al.  Differential Analysis of the LED Block Cipher , 2012, IACR Cryptol. ePrint Arch..

[31]  Meiqin Wang,et al.  Linear (Hull) and Algebraic Cryptanalysis of the Block Cipher PRESENT , 2009, CANS.

[32]  Hongjun Wu,et al.  Improved Meet-in-the-Middle Cryptanalysis of KTANTAN (Poster) , 2011, ACISP.

[33]  Kazuhiko Minematsu,et al.  $\textnormal{\textsc{TWINE}}$ : A Lightweight Block Cipher for Multiple Platforms , 2012, Selected Areas in Cryptography.

[34]  Gregor Leander,et al.  On Linear Hulls, Statistical Saturation Attacks, PRESENT and a Cryptanalysis of PUFFIN , 2011, EUROCRYPT.

[35]  Mohammad Dakhilalian,et al.  Non-isomorphic Biclique Cryptanalysis and Its Application to Full-Round mCrypton , 2013, IACR Cryptol. ePrint Arch..

[36]  Stefan Lucks,et al.  Differential Cryptanalysis of Round-Reduced Simon and Speck , 2014, FSE.

[37]  Xuejia Lai,et al.  A Proposal for a New Block Encryption Standard , 1991, EUROCRYPT.

[38]  Mitsuru Matsui,et al.  Camellia: A 128-Bit Block Cipher Suitable for Multiple Platforms - Design and Analysis , 2000, Selected Areas in Cryptography.

[39]  María Naya-Plasencia,et al.  Conditional Differential Cryptanalysis of NLFSR-Based Cryptosystems , 2010, ASIACRYPT.

[40]  Xiaoli Yu,et al.  Security on LBlock against Biclique Cryptanalysis , 2012, WISA.

[41]  Eli Biham,et al.  A New Attack on 6-Round IDEA , 2007, FSE.

[42]  Yee Wei Law,et al.  KLEIN: A New Family of Lightweight Block Ciphers , 2010, RFIDSec.

[43]  Joos Vandewalle,et al.  New Weak-Key Classes of IDEA , 2002, ICICS.

[44]  Jean-Jacques Quisquater,et al.  SEA: A Scalable Encryption Algorithm for Small Embedded Applications , 2006, CARDIS.

[45]  Masanobu Katagi,et al.  The 128-Bit Blockcipher CLEFIA , 2007, RFC.

[46]  Vincent Rijmen,et al.  Key Difference Invariant Bias in Block Ciphers , 2013, ASIACRYPT.

[47]  Serge Vaudenay,et al.  Cryptanalysis of Reduced-Round MIBS Block Cipher , 2010, CANS.

[48]  Willi Meier,et al.  Conditional Differential Cryptanalysis of Trivium and KATAN , 2011, Selected Areas in Cryptography.

[49]  Seokhie Hong,et al.  Collision Attacks on AES-192/256, Crypton-192/256, mCrypton-96/128, and Anubis , 2013, J. Appl. Math..

[50]  Stefan Lucks,et al.  Differential and Linear Cryptanalysis of Reduced-Round Simon Revision From October 9 , 2013 , 2013 .

[51]  Daesung Kwon,et al.  Related-Key Attack on the Full HIGHT , 2010, ICISC.

[52]  Kyoji Shibutani,et al.  Security Analysis of the Lightweight Block Ciphers XTEA, LED and Piccolo , 2012, ACISP.

[53]  Jason Smith,et al.  The SIMON and SPECK Families of Lightweight Block Ciphers , 2013, IACR Cryptol. ePrint Arch..

[54]  Wenling Wu,et al.  LBlock: A Lightweight Block Cipher , 2011, ACNS.

[55]  María Naya-Plasencia,et al.  Scrutinizing and Improving Impossible Differential Attacks: Applications to CLEFIA, Camellia, LBlock and Simon (Full Version) , 2014, IACR Cryptol. ePrint Arch..

[56]  Jung Hwan Song,et al.  Biclique cryptanalysis on lightweight block cipher: HIGHT and Piccolo , 2013, Int. J. Comput. Math..

[57]  Marine Minier,et al.  On the Security of Piccolo Lightweight Block Cipher against Related-Key Impossible Differentials , 2013, INDOCRYPT.

[58]  Seokhie Hong,et al.  Biclique Cryptanalysis of Lightweight Block Ciphers PRESENT, Piccolo and LED , 2012, IACR Cryptol. ePrint Arch..

[59]  Andrey Bogdanov,et al.  PRESENT: An Ultra-Lightweight Block Cipher , 2007, CHES.

[60]  Jiazhe Chen,et al.  Impossible Differential Cryptanalysis of the Lightweight Block Ciphers TEA, XTEA and HIGHT , 2012, AFRICACRYPT.

[61]  Mohammad Dakhilalian,et al.  Cryptanalysis of mCrypton - A lightweight block cipher for security of RFID tags and sensors , 2012, Int. J. Commun. Syst..

[62]  Roger M. Needham,et al.  TEA, a Tiny Encryption Algorithm , 1994, FSE.

[63]  Serge Vaudenay,et al.  Improved Linear Cryptanalysis of Reduced-Round MIBS , 2014, IWSEC.

[64]  Thomas Peyrin,et al.  The LED Block Cipher , 2011, IACR Cryptol. ePrint Arch..

[65]  Christophe De Cannière,et al.  KATAN and KTANTAN - A Family of Small and Efficient Hardware-Oriented Block Ciphers , 2009, CHES.

[66]  Jung Hwan Song,et al.  Biclique Cryptanalysis on the Full Crypton-256 and mCrypton-128 , 2014, J. Appl. Math..

[67]  Stefan Lucks,et al.  Differential Cryptanalysis of Reduced-Round Simon , 2013, IACR Cryptol. ePrint Arch..

[68]  Kaisa Nyberg,et al.  Zero-correlation linear cryptanalysis of reduced-round LBlock , 2012, Des. Codes Cryptogr..

[69]  Christof Paar,et al.  New Lightweight DES Variants , 2007, FSE.

[70]  Eli Biham,et al.  Cryptanalysis of Skipjack reduced to 31 rounds using impossible differentials , 1999 .

[71]  Daesung Kwon,et al.  Biclique Attack on the Full HIGHT , 2011, ICISC.