PRESENT: An Ultra-Lightweight Block Cipher
10 Sep 2007-pp 450-466
TL;DR: An ultra-lightweight block cipher, present, which is competitive with today's leading compact stream ciphers and suitable for extremely constrained environments such as RFID tags and sensor networks.
Abstract: With the establishment of the AES the need for new block ciphers has been greatly diminished; for almost all block cipher applications the AES is an excellent and preferred choice. However, despite recent implementation advances, the AES is not suitable for extremely constrained environments such as RFID tags and sensor networks. In this paper we describe an ultra-lightweight block cipher, present . Both security and hardware efficiency have been equally important during the design of the cipher and at 1570 GE, the hardware requirements for present are competitive with today's leading compact stream ciphers.
Citations
More filters
TL;DR: This paper presents the key features and the driver technologies of IoT, and identifies the application scenarios and the correspondent potential applications, and focuses on research challenges and open issues to be faced for the IoT realization in the real world.
1,178 citations
Cites background from "PRESENT: An Ultra-Lightweight Block..."
...Examples are Scalable Encryption Algorithm (SEA) [239], and PRESENT [240] for symmetric cypher, and the Elliptic Curve Cryptography (ECC) [241] family for asymmetric cypher....
[...]
[...]
TL;DR: This work considers the resistance of ciphers, and LED in particular, to related-key attacks, and is able to derive simple yet interesting AES-like security proofs for LED regarding related- or single- key attacks.
Abstract: We present a new block cipher LED. While dedicated to compact hardware implementation, and offering the smallest silicon footprint among comparable block ciphers, the cipher has been designed to simultaneously tackle three additional goals. First, we explore the role of an ultra-light (in fact non-existent) key schedule. Second, we consider the resistance of ciphers, and LED in particular, to related-key attacks: we are able to derive simple yet interesting AES-like security proofs for LED regarding related- or single-key attacks. And third, while we provide a block cipher that is very compact in hardware, we aim to maintain a reasonable performance profile for software implementation.
848 citations
Additional excerpts
...PRESENT-128 [11] 128 64 32 200....
[...]
...PRESENT-80 [11] 80 64 32 200....
[...]
30 Aug 2009
TL;DR: A new family of very efficient hardware oriented block ciphers divided into two flavors, which is more compact in hardware, as the key is burnt into the device (and cannot be changed), and achieves encryption speed of 12.5 KBit/sec.
Abstract: In this paper we propose a new family of very efficient hardware oriented block ciphers. The family contains six block ciphers divided into two flavors. All block ciphers share the 80-bit key size and security level. The first flavor, KATAN, is composed of three block ciphers, with 32, 48, or 64-bit block size. The second flavor, KTANTAN, contains the other three ciphers with the same block sizes, and is more compact in hardware, as the key is burnt into the device (and cannot be changed).
The smallest cipher of the entire family, KTANTAN32, can be implemented in 462 GE while achieving encryption speed of 12.5 KBit/sec (at 100 KHz). KTANTAN48, which is the version we recommend for RFID tags uses 588 GE, whereas KATAN64, the largest and most flexible candidate of the family, uses 1054 GE and has a throughput of 25.1 Kbit/sec (at 100 KHz).
733 citations
Cites background from "PRESENT: An Ultra-Lightweight Block..."
...Here, we can notice that in PRESENT [4], the 80-bit key is stored in an area of about 480 GE, i.e., about 6 GE for one bit of memory, while in DESL, the 64-bit state is stored in 780 GE (about 12 GE for a single bit)....
[...]
...Here, we can notice that in PRESENT [4], the 80-bit key is stored in an area of about 480 GE, i....
[...]
...This phenomena also exist in DESL [19] and PRESENT [4], but to a lesser degree....
[...]
...PRESENT has an SP-Network structure, and it can be implemented using the equivalent of 1570 GE....
[...]
...A more dedicated implementation of PRESENT in 0.35μm CMOS technology reaches 1000 GE [20].1 The same design in 0.25μm and 0.18μm CMOS technology consumes 1169 and 1075 GE, respectively....
[...]
TL;DR: This survey attempts to provide a comprehensive list of vulnerabilities and countermeasures against them on the edge-side layer of IoT, which consists of three levels: (i) edge nodes, (ii) communication, and (iii) edge computing.
Abstract: Internet of Things (IoT), also referred to as the Internet of Objects, is envisioned as a transformative approach for providing numerous services. Compact smart devices constitute an essential part of IoT. They range widely in use, size, energy capacity, and computation power. However, the integration of these smart things into the standard Internet introduces several security challenges because the majority of Internet technologies and communication protocols were not designed to support IoT. Moreover, commercialization of IoT has led to public security concerns, including personal privacy issues, threat of cyber attacks, and organized crime. In order to provide a guideline for those who want to investigate IoT security and contribute to its improvement, this survey attempts to provide a comprehensive list of vulnerabilities and countermeasures against them on the edge-side layer of IoT, which consists of three levels: (i) edge nodes, (ii) communication, and (iii) edge computing. To achieve this goal, we first briefly describe three widely-known IoT reference models and define security in the context of IoT. Second, we discuss the possible applications of IoT and potential motivations of the attackers who target this new paradigm. Third, we discuss different attacks and threats. Fourth, we describe possible countermeasures against these attacks. Finally, we introduce two emerging security challenges not yet explained in detail in previous literature.
547 citations
02 Dec 2012
TL;DR: In this paper, a block cipher called PRINCE is proposed that allows encryption of data within one clock cycle with a very competitive chip area compared to known solutions. But it does not have the α-reflection property, which holds that decryption for one key corresponds to encryption with another key.
Abstract: This paper presents a block cipher that is optimized with respect to latency when implemented in hardware. Such ciphers are desirable for many future pervasive applications with real-time security needs. Our cipher, named PRINCE, allows encryption of data within one clock cycle with a very competitive chip area compared to known solutions. The fully unrolled fashion in which such algorithms need to be implemented calls for innovative design choices. The number of rounds must be moderate and rounds must have short delays in hardware. At the same time, the traditional need that a cipher has to be iterative with very similar round functions disappears, an observation that increases the design space for the algorithm. An important further requirement is that realizing decryption and encryption results in minimum additional costs. PRINCE is designed in such a way that the overhead for decryption on top of encryption is negligible. More precisely for our cipher it holds that decryption for one key corresponds to encryption with a related key. This property we refer to as α-reflection is of independent interest and we prove its soundness against generic attacks.
507 citations
References
More filters
Book•
01 Jan 1996TL;DR: A valuable reference for the novice as well as for the expert who needs a wider scope of coverage within the area of cryptography, this book provides easy and rapid access of information and includes more than 200 algorithms and protocols.
Abstract: From the Publisher:
A valuable reference for the novice as well as for the expert who needs a wider scope of coverage within the area of cryptography, this book provides easy and rapid access of information and includes more than 200 algorithms and protocols; more than 200 tables and figures; more than 1,000 numbered definitions, facts, examples, notes, and remarks; and over 1,250 significant references, including brief comments on each paper.
13,597 citations
"PRESENT: An Ultra-Lightweight Block..." refers background in this paper
...present is an example of an SP-network [ 33 ] and consists of 31 rounds....
[...]
02 Jan 1994
TL;DR: A new method is introduced for cryptanalysis of DES cipher, which is essentially a known-plaintext attack, that is applicable to an only-ciphertext attack in certain situations.
Abstract: We introduce a new method for cryptanalysis of DES cipher, which is essentially a known-plaintext attack. As a result, it is possible to break 8-round DES cipher with 221 known-plaintexts and 16-round DES cipher with 247 known-plaintexts, respectively. Moreover, this method is applicable to an only-ciphertext attack in certain situations. For example, if plaintexts consist of natural English sentences represented by ASCII codes, 8-round DES cipher is breakable with 229 ciphertexts only.
2,753 citations
"PRESENT: An Ultra-Lightweight Block..." refers background in this paper
...Differential [3] and linear [32] cryptanalysis are among the most powerful techniques available to the cryptanalyst....
[...]
01 Jan 2002
TL;DR: This volume is the authoritative guide to the Rijndael algorithm and AES and professionals, researchers, and students active or interested in data encryption will find it a valuable source of information and reference.
Abstract: From the Publisher:
In October 2000, the US National Institute of Standards and Technology selected the block cipher Rijndael as the Advanced Encryption Standard (AES). AES is expected to gradually replace the present Data Encryption Standard (DES) as the most widely applied data encryption technology.|This book by the designers of the block cipher presents Rijndael from scratch. The underlying mathematics and the wide trail strategy as the basic design idea are explained in detail and the basics of differential and linear cryptanalysis are reworked. Subsequent chapters review all known attacks against the Rijndael structure and deal with implementation and optimization issues. Finally, other ciphers related to Rijndael are presented.|This volume is THE authoritative guide to the Rijndael algorithm and AES. Professionals, researchers, and students active or interested in data encryption will find it a valuable source of information and reference.
2,140 citations
"PRESENT: An Ultra-Lightweight Block..." refers background or methods in this paper
...Structural attacks such as integral attacks [25] and bottleneck attacks [17] are wellsuited to the analysis of AES-like ciphers [12, 13, 38]....
[...]
...Since we use a bit permutation for the linear diffusion layer, AES-like diffusion techniques [12] are not an option for present....
[...]
01 Jun 1986
TL;DR: An introduction to the theory of finite fields, with emphasis on those aspects that are relevant for applications, especially information theory, algebraic coding theory and cryptology and a chapter on applications within mathematics, such as finite geometries.
Abstract: The first part of this book presents an introduction to the theory of finite fields, with emphasis on those aspects that are relevant for applications. The second part is devoted to a discussion of the most important applications of finite fields especially information theory, algebraic coding theory and cryptology (including some very recent material that has never before appeared in book form). There is also a chapter on applications within mathematics, such as finite geometries. combinatorics. and pseudorandom sequences. Worked-out examples and list of exercises found throughout the book make it useful as a textbook.
1,819 citations
Book•
01 Jan 1993TL;DR: This book introduces a new cryptographic method, called differential cryptanalysis, which can be applied to analyze cryptosystems, and describes the cryptanalysis of DES, deals with the influence of its building blocks on security, and analyzes modified variants.
Abstract: DES, the Data Encryption Standard, is one of several cryptographic standards. The authors of this text detail their cryptanalytic "attack" upon DES and several other systems, using creative and novel tactics to demonstrate how they broke DES up into 16 rounds of coding. The methodology used offers valuable insights to cryptographers and cryptanalysts alike in creating new encryption standards, strengthening current ones, and exploring new ways to test important data protection schemes. This book introduces a new cryptographic method, called differential cryptanalysis, which can be applied to analyze cryptosystems. It describes the cryptanalysis of DES, deals with the influence of its building blocks on security, and analyzes modified variants. The differential cryptanalysis of "Feal" and several other cryptosystems is also described. This method can also be used to cryptanalyze hash functions, as is exemplified by the cryptanalysis of "Snefru".
1,009 citations
"PRESENT: An Ultra-Lightweight Block..." refers background in this paper
...Differential [3] and linear [32] cryptanalysis are among the most powerful techniques available to the cryptanalyst....
[...]