Implementing Lightweight Block Ciphers on x86 Architectures

Lightweight block ciphers are designed so as to fit into very constrained environments, but usually not really with software performance in mind. For classical lightweight applications where many constrained devices communicate with a server, it is also crucial that the cipher has good software performance on the server side. Recent work has shown that bitslice implementations applied to Piccolo and PRESENT led to very good software speeds, thus making lightweight ciphers interesting for cloud applications. However, we remark that bitslice implementations might not be interesting for some situations, where the amount of data to be enciphered at a time is usually small, and very little work has been done on non-bitslice implementations. In this article, we explore general software implementations of lightweight ciphers on x86 architectures, with a special focus on LED , Piccolo and PRESENT . First, we analyze table-based implementations, and we provide a theoretical model to predict the behavior of various possible trade-offs depending on the processor cache latency profile. We obtain the fastest table-based implementations for our lightweight ciphers, which is of interest for legacy processors. Secondly, we apply to our portfolio of primitives the vperm implementation trick for $$4$$ -bit Sboxes, which gives good performance, extra side-channels protection, and is quite fit for many lightweight primitives. Finally, we investigate bitslice implementations, analyzing various costs which are usually neglected bitsliced form unpacking, key schedule, etc., but that must be taken in account for many lightweight applications. We finally discuss which type of implementation seems to be the best suited depending on the applications profile.

[1]  Vincent Rijmen,et al.  The Design of Rijndael , 2002, Information Security and Cryptography.

[2]  Vincent Rijmen,et al.  The Design of Rijndael: AES - The Advanced Encryption Standard , 2002 .

[3]  Andrey Bogdanov,et al.  PRESENT: An Ultra-Lightweight Block Cipher , 2007, CHES.

[4]  Axel Poschmann,et al.  Lightweight cryptography: cryptographic engineering for a pervasive world , 2009, IACR Cryptol. ePrint Arch..

[5]  Christophe Clavier,et al.  Cryptographic Hardware and Embedded Systems - CHES 2009, 11th International Workshop, Lausanne, Switzerland, September 6-9, 2009, Proceedings , 2009, CHES.

[6]  Chen-Mou Cheng,et al.  SSE Implementation of Multivariate PKCs on Modern x86 CPUs , 2009, CHES.

[7]  Michael Hamburg,et al.  Accelerating AES with Vector Permute Instructions , 2009, CHES.

[8]  Peter Schwabe,et al.  Faster and Timing-Attack Resistant AES-GCM , 2009, CHES.

[9]  Christophe De Cannière,et al.  KATAN and KTANTAN - A Family of Small and Efficient Hardware-Oriented Block Ciphers , 2009, CHES.

[10]  María Naya-Plasencia,et al.  Quark: A Lightweight Hash , 2010, CHES.

[11]  Tsuyoshi Takagi,et al.  Cryptographic Hardware and Embedded Systems - CHES 2011 - 13th International Workshop, Nara, Japan, September 28 - October 1, 2011. Proceedings , 2011, CHES.

[12]  Kyoji Shibutani,et al.  Piccolo: An Ultra-Lightweight Blockcipher , 2011, CHES.

[13]  Andrey Bogdanov,et al.  spongent: A Lightweight Hash Function , 2011, CHES.

[14]  Thomas Peyrin,et al.  The PHOTON Family of Lightweight Hash Functions , 2011, IACR Cryptol. ePrint Arch..

[15]  Shiho Moriai,et al.  Lightweight Cryptography for the Cloud: Exploit the Power of Bitslice Implementation , 2012, CHES.

[16]  Kazuhiko Minematsu,et al.  $\textnormal{\textsc{TWINE}}$ : A Lightweight Block Cipher for Multiple Platforms , 2012, Selected Areas in Cryptography.

[17]  Anne Canteaut,et al.  PRINCE - A Low-Latency Block Cipher for Pervasive Computing Applications - Extended Abstract , 2012, ASIACRYPT.

[18]  Thomas Peyrin,et al.  The LED Block Cipher , 2011, IACR Cryptol. ePrint Arch..

[19]  María Naya-Plasencia,et al.  Block Ciphers That Are Easier to Mask: How Far Can We Go? , 2013, CHES.

[20]  Peter Schwabe,et al.  Efficient Vector Implementations of AES-Based Designs: A Case Study and New Implemenations for Grøstl , 2013, CT-RSA.

[21]  G. V. Assche,et al.  The Making of KECCAK , 2014, Cryptologia.