Hardware Benchmarking of Round 2 Candidates in the NIST Lightweight Cryptography Standardization Process

Mohajerani, Kamyar; Haeussler, Richard; Nagpal, Rishub; Farahmand, Farnoud; Abdulgadir, Abubakr; Kaps, Jens-Peter; Gaj, Kris

doi:10.23919/date51398.2021.9473930

Cited by 22 publications

(15 citation statements)

References 4 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…NIST encourages public evaluation and publication of schemes security, implementation, and performance. According to [39], TinyJAMBU employs minimum resources compared to ASCON, Romulus, GIFT-COFB, and Xoodyak, but supports a low throughput. Xoodyak, in contrast, achieves the highest throughput to facilitate lowlatency application requirement but resources are expensive.…”

Section: Introductionmentioning

confidence: 99%

A Comprehensive Review of Lightweight Authenticated Encryption for IoT Devices

AlJabri

Abawajy

Huda

2023

Wireless Communications and Mobile Computing

View full text Add to dashboard Cite

Internet of Things (IoT) is a promising technology for creating smart environments, smart systems, and smart services. Since security is a fundamental requirement of IoT platforms, solutions that can provide both encryption and authenticity simultaneously have recently attracted much attention from academia and industry. This article analyses in detail state-of-the-art lightweight authenticated encryption (LAE) targeted to IoT systems. This work provides a thorough description of the algorithms, and the study systematically classifies them to facilitate understanding of relevant intricacies of the schemes. Among reviewed algorithms, there is a trade-off to retain design security, resources cost, and efficient performance. ACORN is the effective scheme on various platforms in terms of utilization of resources and power consumption, while MORUS and AES-CLOC are the fastest in hardware platforms. However, they are susceptible to misuse despite their resistance to side channel attacks. In contrast, JOLTICK, PRIMATESs, COLM, DeoxysII, OCB, and AES-JAMBU are provably resistant to nonce misuse. The challenges for possible future research are summarized. Overall, the article provides researchers and developers with practical guidance on various design aspects and limitations as well as open research challenges in the current lightweight authenticated encryption for IoT.

show abstract

Section: Introductionmentioning

confidence: 99%

A Comprehensive Review of Lightweight Authenticated Encryption for IoT Devices

AlJabri

Abawajy

Huda

2023

Wireless Communications and Mobile Computing

View full text Add to dashboard Cite

show abstract

“…Ten candidates are produced in the latter half of the competition. At the end of this section, the proposed SIMON‐GCM is also compared with the new algorithms proposed by these finalists 26 …”

Section: Measurement Results and Analysismentioning

confidence: 99%

Lightweight and flexible hardware implementation of authenticated encryption algorithm SIMON‐Galois/Counter Mode

Cheng

Wang

et al. 2023

Circuit Theory & Apps

View full text Add to dashboard Cite

SummaryThis brief proposes a new lightweight authenticated encryption algorithm SIMON‐GCM for Internet of Things (IoT) security, which realizes the combination of SIMON block cipher and Galois/Counter Mode (GCM). The designed SIMON circuit supports 128/192/256‐bit key size, which improves the flexibility and enlarges the range of applications. Moreover, the scheme of 32‐cycle Galois field (GF) multiplier in GF(2128) is adopted to effectively reduce the hardware cost of the Galois Hash (GHASH) function in GCM. At the same time, a finite state machine (FSM) is used to run the SIMON and GHASH modules in parallel, thus shortening the authenticated encryption time. The whole circuit is designed and implemented in field programmable gate array (FPGA) platforms. It is measured to yield a throughput of 32.4 Gbps when consuming 331 slices in Artix‐7. Compared with the existing authenticated encryption algorithms, the proposed algorithm achieves lower resource consumption and better flexibility.

show abstract

“…The authenticated encryption scheme of Subterranean invokes this round function multiple times after absorbing the encryption key, the associated data, the nonce, and the message. Although the limited spatial footprint of the whole algorithm demonstrated by Mohajerani et al [35] (891 LUTs), we chose to apply only a couple of rounds on a predefined state in order to keep a very low area and latency overhead. A trade-off has been made between the number of rounds to use to meet the architectural requirements and the achievable security and we came up to two rounds.…”

Section: Subterranean Round Function As Starting Blockmentioning

confidence: 99%

“…To do this, we build our generator on top of the round function of a lightweight cryptographic primitive, Subterranean 2.0. Subterranean ranked first in hardware benchmarking either on FPGA [35] or ASIC [36] in terms of spatial footprint and speed compared to other lightweight ciphers submitted to NIST LWC competition [37]. Those results motivate the architectural choice we made for the underlying primitive of the generator.…”

mentioning

confidence: 99%

A Memory Hierarchy Protected against Side-Channel Attacks

et al. 2022

View full text Add to dashboard Cite

In the vulnerability analysis of System on Chips, memory hierarchy is considered among the most valuable element to protect against information theft. Many first-order side-channel attacks have been reported on all its components from the main memory to the CPU registers. In this context, memory hierarchy encryption is widely used to ensure data confidentiality. Yet, this solution suffers from both memory and area overhead along with performance losses (timing delays), which is especially critical for cache memories that already occupy a large part of the spatial footprint of a processor. In this paper, we propose a secure and lightweight scheme to ensure the data confidentiality through the whole memory hierarchy. This is done by masking the data in cache memories with a lightweight mask generator that provides masks at each clock cycle without having to store them. Only 8-bit Initialization Vectors are stored for each mask value to enable further recomputation of the masks. The overall security of the masking scheme is assessed through a mutual information estimation that helped evaluate the minimum number of attack traces needed to succeed a profiling side-channel attack to 592 K traces in the attacking phase, which provides an acceptable security level in an analysis where an example of Signal to Noise Ratio of 0.02 is taken. The lightweight aspect of the generator has been confirmed by a hardware implementation that led to resource utilization of 400 LUTs.

show abstract

Hardware Benchmarking of Round 2 Candidates in the NIST Lightweight Cryptography Standardization Process

Cited by 22 publications

References 4 publications

A Comprehensive Review of Lightweight Authenticated Encryption for IoT Devices

A Comprehensive Review of Lightweight Authenticated Encryption for IoT Devices

Lightweight and flexible hardware implementation of authenticated encryption algorithm SIMON‐Galois/Counter Mode

A Memory Hierarchy Protected against Side-Channel Attacks

Contact Info

Product

Resources

About