A review of lightweight block ciphers

Embedded systems are deployed in various domains, including industrial installations, critical and nomadic environments, private spaces and public infrastructures. Their operation typically involves access, storage and communication of sensitive and/or critical information that requires protection, making the security of their resources and services an imperative design concern. The demand for applicable cryptographic components is therefore strong and growing. However, the limited resources of these devices, in conjunction with the ever-present need for smaller size and lower production costs, hinder the deployment of secure algorithms typically found in other environments and necessitate the adoption of lightweight alternatives. This paper provides a survey of lightweight cryptographic algorithms, presenting recent advances in the field and identifying opportunities for future research. More specifically, we examine lightweight implementations of symmetric-key block ciphers in hardware and software architectures. We evaluate 52 block ciphers and 360 implementations based on their security, performance and cost, classifying them with regard to their applicability to different types of embedded devices and referring to the most important cryptanalysis pertaining to these ciphers.

[1]  Christof Paar,et al.  Ultra-Lightweight Implementations for Smart Devices - Security for 1000 Gate Equivalents , 2008, CARDIS.

[2]  Kaisa Nyberg,et al.  Links Between Truncated Differential and Multidimensional Linear Properties of Block Ciphers and Underlying Attack Complexities , 2014, IACR Cryptol. ePrint Arch..

[3]  Yanjun Li,et al.  Full-Round Differential Attack on TWIS Block Cipher , 2010, WISA.

[4]  Matt Henricksen,et al.  EPCBC - A Block Cipher Suitable for Electronic Product Code Encryption , 2011, CANS.

[5]  Christof Paar,et al.  New Lightweight DES Variants , 2007, FSE.

[6]  Bibhudatta Sahoo,et al.  A Survey on Hardware Implementation of IDEA Cryptosystem , 2011, Inf. Secur. J. A Glob. Perspect..

[7]  Jongsung Kim,et al.  HIGHT: A New Block Cipher Suitable for Low-Resource Device , 2006, CHES.

[8]  Toru Akishita,et al.  Very Compact Hardware Implementations of the Blockcipher CLEFIA , 2011, Selected Areas in Cryptography.

[9]  Eli Biham,et al.  A Practical Attack on KeeLoq , 2008, Journal of Cryptology.

[10]  Anjali Arora A Survey of Cryptanalytic Attacks on Lightweight Block Ciphers , 2012 .

[11]  Hoda AlKhzaimi,et al.  Cryptanalysis of the SIMON Family of Block Ciphers , 2013, IACR Cryptol. ePrint Arch..

[12]  Cheng Wang,et al.  An ultra compact block cipher for serialized architecture implementations , 2009, 2009 Canadian Conference on Electrical and Computer Engineering.

[13]  Pascal Junod On the Complexity of Matsui's Attack , 2001, Selected Areas in Cryptography.

[14]  Mohammad Reza Aref,et al.  Cube and dynamic cube attacks on SIMON32/64 , 2014, 2014 11th International ISC Conference on Information Security and Cryptology.

[15]  Jean-Didier Legat,et al.  ICEBERG : An Involutional Cipher Efficient for Block Encryption in Reconfigurable Hardware , 2004, FSE.

[16]  Kritika Jain,et al.  TWIS - A Lightweight Block Cipher , 2009, ICISS.

[17]  Huaxiong Wang,et al.  256 Bit Standardized Crypto for 650 GE - GOST Revisited , 2010, CHES.

[18]  Babak Sadeghiyan,et al.  MIBS: A New Lightweight Block Cipher , 2009, CANS.

[19]  Changhoon Lee,et al.  Improved differential fault analysis on lightweight block cipher LBlock for wireless sensor networks , 2013, EURASIP J. Wirel. Commun. Netw..

[20]  Ioannis Papaefstathiou,et al.  ModConTR: A modular and configurable trust and reputation-based system for secure routing in ad-hoc networks , 2014, 2014 IEEE/ACS 11th International Conference on Computer Systems and Applications (AICCSA).

[21]  A. E. Harmanci,et al.  ITUbee: A Software Oriented Lightweight Block Cipher , 2013, LightSec.

[22]  Markku-Juhani O. Saarinen Related-Key Attacks Against Full Hummingbird-2 , 2013, FSE.

[23]  Dirk Fox,et al.  Advanced Encryption Standard (AES) , 1999, Datenschutz und Datensicherheit.

[24]  Hideki Yoshikawa,et al.  Secret key reconstruction method using round addition DFA on lightweight block cipher LBlock , 2014, 2014 International Symposium on Information Theory and its Applications.

[25]  Vincent Rijmen,et al.  Secure Hardware Implementation of Nonlinear Functions in the Presence of Glitches , 2011, Journal of Cryptology.

[26]  Daniel W. Engels,et al.  The Hummingbird-2 Lightweight Authenticated Encryption Algorithm , 2011, RFIDSec.

[27]  Mohammad A. AlAhmad,et al.  HISEC: A New Lightweight Block Cipher Algorithm , 2014, SIN.

[28]  Charalampos Manifavas,et al.  ULCL - An Ultra-lightweight Cryptographic Library for Embedded Systems , 2018, PECCS.

[29]  Christof Paar,et al.  A Non-Linear/Linear Instruction Set Extension for Lightweight Ciphers , 2013, 2013 IEEE 21st Symposium on Computer Arithmetic.

[30]  Deian Stefan,et al.  Fast Implementations of AES on Various Platforms , 2009, IACR Cryptol. ePrint Arch..

[31]  Hyunsoo Yoon,et al.  First Experimental Result of Power Analysis Attacks on a FPGA Implementation of LEA , 2014, IACR Cryptol. ePrint Arch..

[32]  Thomas Peyrin,et al.  The PHOTON Family of Lightweight Hash Functions , 2011, IACR Cryptol. ePrint Arch..

[33]  Xuejia Lai,et al.  A Proposal for a New Block Encryption Standard , 1991, EUROCRYPT.

[34]  Mitsuru Matsui,et al.  Camellia: A 128-Bit Block Cipher Suitable for Multiple Platforms - Design and Analysis , 2000, Selected Areas in Cryptography.

[35]  Chao Li,et al.  Differential fault analysis on LED using Super-Sbox , 2015, IET Inf. Secur..

[36]  François-Xavier Standaert,et al.  LS-Designs: Bitslice Encryption for Efficient Masked Software Implementations , 2014, FSE.

[37]  Athanassios N. Skodras,et al.  A comparative study of hardware architectures for lightweight block ciphers , 2012, Comput. Electr. Eng..

[38]  Panu Hämäläinen,et al.  Design and Implementation of Low-Area and Low-Power AES Encryption Hardware Core , 2006, 9th EUROMICRO Conference on Digital System Design (DSD'06).

[39]  Stefan Lucks,et al.  Cryptanalysis of the Speck Family of Block Ciphers , 2013, IACR Cryptol. ePrint Arch..

[40]  Seokhie Hong,et al.  Related-Key Cryptanalysis on the Full PRINTcipher Suitable for IC-Printing , 2014, Int. J. Distributed Sens. Networks.

[41]  Christof Paar,et al.  A Survey of Lightweight-Cryptography Implementations , 2007, IEEE Design & Test of Computers.

[42]  Alex Biryukov,et al.  Triathlon of lightweight block ciphers for the Internet of things , 2018, Journal of Cryptographic Engineering.

[43]  Bo Zhu,et al.  Multidimensional meet-in-the-middle attack and its applications to KATAN32/48/64 , 2014, Cryptography and Communications.

[44]  Dongdai Lin,et al.  RECTANGLE: a bit-slice lightweight block cipher suitable for multiple platforms , 2015, Science China Information Sciences.

[45]  Daesung Kwon,et al.  Related-Key Attack on the Full HIGHT , 2010, ICISC.

[46]  T. Suzaki,et al.  TWINE : A Lightweight , Versatile Block Cipher , 2011 .

[47]  Kevin Marquet,et al.  Survey and benchmark of lightweight block ciphers for wireless sensor networks , 2013, 2013 International Conference on Security and Cryptography (SECRYPT).

[48]  Vikram Reddy Andem A CRYPTANALYSIS OF THE TINY ENCRYPTION ALGORITHM , 2003 .

[49]  Daesung Kwon,et al.  LEA: A 128-Bit Block Cipher for Fast Encryption on Common Processors , 2013, WISA.

[50]  Takanori Isobe A Single-Key Attack on the Full GOST Block Cipher , 2011, FSE.

[51]  Matthew J. B. Robshaw,et al.  Searching for Compact Algorithms: cgen , 2006, VIETCRYPT.

[52]  Christof Paar,et al.  Pushing the Limits: A Very Compact and a Threshold Implementation of AES , 2011, EUROCRYPT.

[53]  Serge Vaudenay,et al.  On the Key Schedule of Lightweight Block Ciphers , 2014, INDOCRYPT.

[54]  Ioannis G. Askoxylakis,et al.  RT-SPDM: Real-Time Security, Privacy and Dependability Management of Heterogeneous Systems , 2015, HCI.

[55]  Gregor Leander,et al.  On Linear Hulls, Statistical Saturation Attacks, PRESENT and a Cryptanalysis of PUFFIN , 2011, EUROCRYPT.

[56]  Etsi Sage Security Algorithms Group of Experts (SAGE) Report on the Evaluation of 3GPP Standard Confidentiality and Integrity Algorithms , 2000 .

[57]  Gaurav Bansod,et al.  Implementation of a New Lightweight Encryption Design for Embedded Security , 2015, IEEE Transactions on Information Forensics and Security.

[58]  Hadi Soleimany Self-similarity cryptanalysis of the block cipher ITUbee , 2015, IET Inf. Secur..

[59]  Xu Guo,et al.  Secure and Efficient Implementations of Cryptographic Primitives , 2012 .

[60]  Xiaoli Yu,et al.  Security on LBlock against Biclique Cryptanalysis , 2012, WISA.

[61]  Christoph Dobraunig,et al.  Compact Hardware Implementations of the Block Ciphers mCrypton, NOEKEON, and SEA , 2012, INDOCRYPT.

[62]  Meiqin Wang,et al.  Differential Cryptanalysis of Reduced-Round ICEBERG , 2008, AFRICACRYPT.

[63]  Céline Blondeau,et al.  Differential Cryptanalysis of PUFFIN and PUFFIN2 , 2011 .

[64]  Paul C. Kocher,et al.  Differential Power Analysis , 1999, CRYPTO.

[65]  Charalampos Manifavas,et al.  Building Trust in Ad Hoc Distributed Resource-Sharing Networks Using Reputation-Based Systems , 2012, 2012 16th Panhellenic Conference on Informatics.

[66]  David Canright,et al.  A Very Compact S-Box for AES , 2005, CHES.

[67]  Jason Smith,et al.  The SIMON and SPECK Families of Lightweight Block Ciphers , 2013, IACR Cryptol. ePrint Arch..

[68]  Cihangir Tezcan The Improbable Differential Attack: Cryptanalysis of Reduced Round CLEFIA , 2010, INDOCRYPT.

[69]  Akashi Satoh,et al.  Small and High-Speed Hardware Architectures for the 3GPP Standard Cipher KASUMI , 2002, ISC.

[70]  Christof Paar,et al.  Dietary Recommendations for Lightweight Block Ciphers: Power, Energy and Area Analysis of Recently Developed Architectures , 2013, RFIDSec.

[71]  Christof Paar,et al.  Block Ciphers - Focus on the Linear Layer (feat. PRIDE) , 2014, CRYPTO.

[72]  Daesung Kwon,et al.  Efficient Hardware Implementation of the Lightweight Block Encryption Algorithm LEA , 2014, Sensors.

[73]  Christof Paar,et al.  New Designs in Lightweight Symmetric Encryption , 2008 .

[74]  Cristina Alcaraz,et al.  A Survey of Cryptographic Primitives and Implementations for Hardware-Constrained Sensor Network Nodes , 2007, Mob. Networks Appl..

[75]  Seokhie Hong,et al.  Biclique Cryptanalysis of Lightweight Block Ciphers PRESENT, Piccolo and LED , 2012, IACR Cryptol. ePrint Arch..

[76]  Andrey Bogdanov,et al.  PRESENT: An Ultra-Lightweight Block Cipher , 2007, CHES.

[77]  Jean-Jacques Quisquater,et al.  ASIC Implementations of the Block Cipher SEA for Constrained Applications , 2007 .

[78]  Axel Poschmann,et al.  Lightweight cryptography: cryptographic engineering for a pervasive world , 2009, IACR Cryptol. ePrint Arch..

[79]  Elias Yarrkov Cryptanalysis of XXTEA , 2010, IACR Cryptol. ePrint Arch..

[80]  Bruce Schneier,et al.  Related-key cryptanalysis of 3-WAY, Biham-DES, CAST, DES-X, NewDES, RC2, and TEA , 1997, ICICS.

[81]  Gaëtan Leurent,et al.  Narrow-Bicliques: Cryptanalysis of Full IDEA , 2012, EUROCRYPT.

[82]  Nicolas Courtois,et al.  An Improved Differential Attack on Full GOST , 2015, The New Codebreakers.

[83]  Ingrid Verbauwhede,et al.  A low-cost implementation of Trivium , 2008 .

[84]  Mohd Ezanee Rusli,et al.  I-PRESENTTM: An Involutive Lightweight Block Cipher , 2014 .

[85]  María Naya-Plasencia,et al.  Practical Attack on 8 Rounds of the Lightweight Block Cipher KLEIN , 2011, INDOCRYPT.

[86]  Stanislav Bulygin,et al.  Optimizing Guessing Strategies for Algebraic Cryptanalysis with Applications to EPCBC , 2012, Inscrypt.

[87]  Dongdai Lin,et al.  RECTANGLE: A Bit-slice Ultra-Lightweight Block Cipher Suitable for Multiple Platforms , 2014, IACR Cryptol. ePrint Arch..

[88]  Shuang Wu,et al.  Security Analysis of PRINCE , 2013, FSE.

[89]  Kyoung-Rok Cho,et al.  Implementation of HIGHT cryptic circuit for RFID tag , 2009, IEICE Electron. Express.

[90]  Brice Minaud,et al.  A Generic Approach to Invariant Subspace Attacks: Cryptanalysis of Robin, iSCREAM and Zorro , 2015, EUROCRYPT.

[91]  Jean-Jacques Quisquater,et al.  SEA: A Scalable Encryption Algorithm for Small Embedded Applications , 2006, CARDIS.

[92]  C. Paar,et al.  Performance Analysis of Contemporary Light-Weight Block Ciphers on 8-bit Microcontrollers , 2007 .

[93]  Eli Biham,et al.  A Related-Key Rectangle Attack on the Full KASUMI , 2005, ASIACRYPT.

[94]  Serge Vaudenay,et al.  Cryptanalysis of Reduced-Round MIBS Block Cipher , 2010, CANS.

[95]  Jacob John BEST-1: A Light Weight Block Cipher , 2014 .

[96]  Matthew J. B. Robshaw,et al.  PRINTcipher: A Block Cipher for IC-Printing , 2010, CHES.

[97]  Tao Wang,et al.  Cache Timing Attacks on Camellia Block Cipher , 2009, IACR Cryptol. ePrint Arch..

[98]  Christophe De Cannière,et al.  KATAN and KTANTAN - A Family of Small and Efficient Hardware-Oriented Block Ciphers , 2009, CHES.

[99]  Onur Tigli Area efficient ASIC implementation of IDEA ( International Data Encryption Standard ) , 2005 .

[100]  Jiqiang Lu Related-key rectangle attack on 36 rounds of the XTEA block cipher , 2008, International Journal of Information Security.

[101]  Sourav Das,et al.  Halka: A Lightweight, Software Friendly Block Cipher Using Ultra-lightweight 8-bit S-box , 2014, IACR Cryptol. ePrint Arch..

[102]  Yee Wei Law,et al.  KLEIN: A New Family of Lightweight Block Ciphers , 2010, RFIDSec.

[103]  Jens-Peter Kaps,et al.  Chai-Tea, Cryptographic Hardware Implementations of xTEA , 2008, INDOCRYPT.

[104]  Manoj Kumar,et al.  FeW: A Lightweight Block Cipher , 2019, IACR Cryptol. ePrint Arch..

[105]  Martin Ågren Some Instant- and Practical-Time Related-Key Attacks on KTANTAN32/48/64 , 2011, Selected Areas in Cryptography.

[106]  Anne Canteaut,et al.  PRINCE - A Low-latency Block Cipher for Pervasive Computing Applications (Full version) , 2012, IACR Cryptol. ePrint Arch..

[107]  Wenling Wu,et al.  LBlock: A Lightweight Block Cipher , 2011, ACNS.

[108]  François-Xavier Standaert,et al.  Algebraic Side-Channel Attacks , 2009, Inscrypt.

[109]  Markku-Juhani O. Saarinen Cryptanalysis of Hummingbird-1 , 2010, FSE.

[110]  Andrey Bogdanov,et al.  Biclique Cryptanalysis of the Full AES , 2011, ASIACRYPT.

[111]  Eli Biham,et al.  New types of cryptanalytic attacks using related keys , 1994, Journal of Cryptology.

[112]  Akashi Satoh,et al.  Hardware-Focused Performance Comparison for the Standard Block Ciphers AES, Camellia, and Triple-DES , 2003, ISC.

[113]  Alex Biryukov,et al.  Data Encryption Standard (DES) , 2005, Encyclopedia of Cryptography and Security.

[114]  Meiqin Wang,et al.  Side Channel Cube Attack on PRESENT , 2009, CANS.

[115]  Chae Hoon Lim,et al.  A Revised Version of Crypton - Crypton V1.0 , 1999, FSE.

[116]  Chae Hoon Lim,et al.  mCrypton - A Lightweight Block Cipher for Security of Low-Cost RFID Tags and Sensors , 2005, WISA.

[117]  Cihangir Tezcan,et al.  Lightweight Block Ciphers Revisited: Cryptanalysis of Reduced Round PRESENT and HIGHT , 2009, ACISP.

[118]  María Naya-Plasencia,et al.  Block Ciphers That Are Easier to Mask: How Far Can We Go? , 2013, CHES.

[119]  Charalampos Manifavas,et al.  A survey of lightweight stream ciphers for embedded systems , 2016, Secur. Commun. Networks.

[120]  Cheng Wang,et al.  PUFFIN: A Novel Compact Block Cipher Targeted to Embedded Digital Systems , 2008, 2008 11th EUROMICRO Conference on Digital System Design Architectures, Methods and Tools.

[121]  Charalampos Manifavas,et al.  Lightweight Cryptography for Embedded Systems - A Comparative Analysis , 2013, DPM/SETOP.

[122]  Thomas Peyrin,et al.  The LED Block Cipher , 2011, IACR Cryptol. ePrint Arch..

[123]  Ioannis G. Askoxylakis,et al.  Lightweight Password Hashing Scheme for Embedded Systems , 2015, WISTP.

[124]  Jung Hwan Song,et al.  Biclique cryptanalysis on lightweight block cipher: HIGHT and Piccolo , 2013, Int. J. Comput. Math..

[125]  Howard M. Heys,et al.  Compact ASIC implementation of the ICEBERG block cipher with concurrent error detection , 2008, 2008 IEEE International Symposium on Circuits and Systems.

[126]  Mohammad Reza Aref,et al.  Biclique cryptanalysis of the full-round KLEIN block cipher , 2013, IET Inf. Secur..

[127]  P. Israsena,et al.  Hardware Implementation of a TEA-Based Lightweight Encryption for RFID Security , 2008 .

[128]  Guang Gong,et al.  Hummingbird: Ultra-Lightweight Cryptography for Resource-Constrained Devices , 2010, Financial Cryptography Workshops.

[129]  Xiaoli Yu,et al.  Reflection Cryptanalysis of PRINCE-Like Ciphers , 2013, Journal of Cryptology.

[130]  Jong Hyuk Park Security analysis of mCrypton proper to low-cost ubiquitous computing devices and applications , 2009 .

[131]  Christof Paar,et al.  A survey of lighweight- cryptography implementations , 2007 .

[132]  Seokhie Hong,et al.  Improved differential fault analysis on PRESENT-80/128 , 2013, Int. J. Comput. Math..

[133]  Charalampos Manifavas,et al.  Embedded Systems Security Challenges , 2014, PECCS.

[134]  Roger M. Needham,et al.  TEA, a Tiny Encryption Algorithm , 1994, FSE.

[135]  D. Gligoroski Edon-library of reconfigurable cryptographic primitives suitable for embedded systems , 2003 .

[136]  Debdeep Mukhopadhyay,et al.  Differential Fault Analysis on the Families of SIMON and SPECK Ciphers , 2014, 2014 Workshop on Fault Diagnosis and Tolerance in Cryptography.

[137]  HatzivasilisGeorge,et al.  Lightweight authenticated encryption for embedded on-chip systems , 2016 .

[138]  Peng Liu,et al.  Using full duplex relaying in device-to-device (D2D) based wireless multicast services: a two-user case , 2014, Science China Information Sciences.

[139]  Andrey Bogdanov,et al.  Multidimensional zero-correlation attacks on lightweight block cipher HIGHT: Improved cryptanalysis of an ISO standard , 2014, Inf. Process. Lett..

[140]  Patrick Schaumont,et al.  The Technology Dependence of Lightweight Hash Implementation Cost , 2011 .

[141]  Vincent Rijmen,et al.  The Block Cipher BKSQ , 1998, CARDIS.

[142]  Tim Güneysu,et al.  Compact Implementation and Performance Evaluation of Block Ciphers in ATtiny Devices , 2012, AFRICACRYPT.

[143]  Ioannis Papaefstathiou,et al.  RtVMF: A Secure Real-Time Vehicle Management Framework , 2016, IEEE Pervasive Computing.

[144]  Kyoji Shibutani,et al.  Piccolo: An Ultra-Lightweight Blockcipher , 2011, CHES.

[145]  Claude Carlet,et al.  PICARO - A Block Cipher Allowing Efficient Higher-Order Side-Channel Resistance , 2012, ACNS.

[146]  Mohammad Reza Aref,et al.  Impossible differential cryptanalysis of Piccolo lightweight block cipher , 2014, 2014 11th International ISC Conference on Information Security and Cryptology.

[147]  Mitsuru Matsui,et al.  New Block Encryption Algorithm MISTY , 1997, FSE.

[148]  Chao Li,et al.  Truncated differential cryptanalysis of PRINCE , 2015, Secur. Commun. Networks.

[149]  Martin Feldhofer,et al.  Implementation of Symmetric Algorithms on a Synthesizable 8-Bit Microcontroller Targeting Passive RFID Tags , 2010, Selected Areas in Cryptography.

[150]  Murat Ccedil,et al.  Software implementation and performance comparison of popular block ciphers on 8-bit low-cost microcontroller , 2010 .

[151]  Stephen A. Weis Security and Privacy in Radio-Frequency Identification Devices , 2003 .

[152]  Kyoji Shibutani,et al.  The 128-Bit Blockcipher CLEFIA (Extended Abstract) , 2007, FSE.