On Using Instruction-Set Extensions for Minimizing the Hardware-Implementation Costs of Symmetric-Key Algorithms on a Low-Resource Microcontroller

Due to the continuously increasing design complexity of passive radio-frequency identification (RFID) tags, relying on microcontroller-based architectures will become vital in the future. Re-using the microcontroller for multiple tasks, e.g., protocol handling and computing cryptographic algorithms is advantageous from a system point-of-view. In this work we present instruction-set extensions (ISEs) for minimizing the hardware-implementation costs of symmetric-key algorithms on a synthesizable 8-bit microcontroller. We have analyzed the block ciphers: Present-80, SEA96,8, and XTEA. Integrating ISEs has reduced the hardware-implementation costs by 4 to 48%. When considering the re-use of the microcontroller for protocol handling, overhead costs for implementing encryption and decryption functionality of the block ciphers are between 519 and 1 021 GEs for a 130 nm CMOS technology. Implementation costs for encryption-only versions are between 333 and 520 GEs. Our results emphasize that integrating ISEs for lowering the hardware-implementation costs of symmetric-key algorithms on low-resource microcontrollers is beneficial.

[1]  Axel Poschmann,et al.  Lightweight cryptography: cryptographic engineering for a pervasive world , 2009, IACR Cryptol. ePrint Arch..

[2]  Josef Pieprzyk Topics in Cryptology - CT-RSA 2010, The Cryptographers' Track at the RSA Conference 2010, San Francisco, CA, USA, March 1-5, 2010. Proceedings , 2010, CT-RSA.

[3]  Sean O'Melia,et al.  Instruction Set Extensions for Enhancing the Performance of Symmetric-Key Cryptography , 2008, 2008 Annual Computer Security Applications Conference (ACSAC).

[4]  Andreas Peter Burg,et al.  Investigating the Potential of Custom Instruction Set Extensions for SHA-3 Candidates on a 16-bit Microcontroller Architecture , 2012, IACR Cryptol. ePrint Arch..

[5]  Elisabeth Oswald,et al.  Cryptographic Hardware and Embedded Systems - CHES 2008, 10th International Workshop, Washington, D.C., USA, August 10-13, 2008. Proceedings , 2008, CHES.

[6]  Stefan Tillich,et al.  Boosting AES Performance on a Tiny Processor Core , 2008, CT-RSA.

[7]  Christof Paar,et al.  A Survey of Lightweight-Cryptography Implementations , 2007, IEEE Design & Test of Computers.

[8]  I. Verbauwhede,et al.  Interfacing a high speed crypto accelerator to an embedded CPU , 2004, Conference Record of the Thirty-Eighth Asilomar Conference on Signals, Systems and Computers, 2004..

[9]  Johann Großschädl,et al.  Instruction Set Extensions for Efficient AES Implementation on 32-bit Processors , 2006, CHES.

[10]  Roger Frost,et al.  International Organization for Standardization (ISO) , 2004 .

[11]  I. Kuroda,et al.  Extended instructions for the AES cryptography and their efficient implementation , 2004, IEEE Workshop onSignal Processing Systems, 2004. SIPS 2004..

[12]  Tal Malkin Topics in Cryptology - CT-RSA 2008, The Cryptographers' Track at the RSA Conference 2008, San Francisco, CA, USA, April 8-11, 2008. Proceedings , 2008, CT-RSA.

[13]  Christof Paar,et al.  A survey of lighweight- cryptography implementations , 2007 .

[14]  Andreas Peter Burg,et al.  Instruction Set Extensions for Cryptographic Hash Functions on a Microcontroller Architecture , 2012, 2012 IEEE 23rd International Conference on Application-Specific Systems, Architectures and Processors.

[15]  Johannes Wolkerstorfer,et al.  Hardware Implementation of Symmetric Algorithms for RFID Security , 2008 .

[16]  Ingrid Verbauwhede,et al.  Cryptographic Hardware and Embedded Systems - CHES 2007, 9th International Workshop, Vienna, Austria, September 10-13, 2007, Proceedings , 2007, CHES.

[17]  Martin Feldhofer,et al.  Implementation of Symmetric Algorithms on a Synthesizable 8-Bit Microcontroller Targeting Passive RFID Tags , 2010, Selected Areas in Cryptography.

[18]  Joo Yeon Cho,et al.  Linear Cryptanalysis of Reduced-Round PRESENT , 2010, CT-RSA.

[19]  Adam J. Elbirt Fast and Efficient Implementation of AES via Instruction Set Extensions , 2007, 21st International Conference on Advanced Information Networking and Applications Workshops (AINAW'07).

[20]  Andrey Bogdanov,et al.  PRESENT: An Ultra-Lightweight Block Cipher , 2007, CHES.

[21]  Jean-Jacques Quisquater,et al.  ASIC Implementations of the Block Cipher SEA for Constrained Applications , 2007 .

[22]  Martin Feldhofer,et al.  Hardware Implementation of a Flexible Tag Platform for Passive RFID Devices , 2011, 2011 14th Euromicro Conference on Digital System Design.

[23]  Johann Großschädl,et al.  Light-Weight Instruction Set Extensions for Bit-Sliced Cryptography , 2008, CHES.

[24]  Todd M. Austin,et al.  Architectural support for fast symmetric-key cryptography , 2000, SIGP.

[25]  Christof Paar,et al.  Ultra-Lightweight Implementations for Smart Devices - Security for 1000 Gate Equivalents , 2008, CARDIS.

[26]  Alexander Ilic,et al.  RFID Tag Security , 2009 .

[27]  Serge Vaudenay,et al.  Progress in Cryptology - AFRICACRYPT 2012 , 2012, Lecture Notes in Computer Science.

[28]  Mitsuru Matsui,et al.  Cryptographic Hardware and Embedded Systems - CHES 2006, 8th International Workshop, Yokohama, Japan, October 10-13, 2006, Proceedings , 2006, CHES.

[29]  Gerhard Goos,et al.  Fast Software Encryption , 2001, Lecture Notes in Computer Science.

[30]  Mark Manulis,et al.  Cryptology and Network Security , 2012, Lecture Notes in Computer Science.

[31]  Jean-Jacques Quisquater,et al.  SEA: A Scalable Encryption Algorithm for Small Embedded Applications , 2006, CARDIS.

[32]  Tim Güneysu,et al.  Compact Implementation and Performance Evaluation of Block Ciphers in ATtiny Devices , 2012, AFRICACRYPT.

[33]  Roger M. Needham,et al.  TEA, a Tiny Encryption Algorithm , 1994, FSE.

[34]  Matt Henricksen,et al.  EPCBC - A Block Cipher Suitable for Electronic Product Code Encryption , 2011, CANS.

[35]  Aggelos Kiayias,et al.  Polynomial Reconstruction Based Cryptography , 2001, Selected Areas in Cryptography.

[36]  He Yan,et al.  Design of low-power baseband-processor for RFID tag , 2006, International Symposium on Applications and the Internet Workshops (SAINTW'06).

[37]  Jiqiang Lu Related-key rectangle attack on 36 rounds of the XTEA block cipher , 2008, International Journal of Information Security.

[38]  Jean-Louis Lanet,et al.  Smart Card Research and Advanced Application, 9th IFIP WG 8.8/11.2 International Conference, CARDIS 2010, Passau, Germany, April 14-16, 2010. Proceedings , 2010, CARDIS.