Triathlon of Lightweight Block Ciphers for the Internet of Things
read more
Citations
The SIMON and SPECK lightweight block ciphers
SIMON and SPECK: Block Ciphers for the Internet of Things.
A review of lightweight block ciphers
Lightweight Cryptography Algorithms for Resource-Constrained IoT Devices: A Review, Comparison and Research Opportunities
Enhancing speed of SIMON: A light-weight-cryptographic algorithm for IoT applications
References
The Internet of Things: A survey
The Design of Rijndael: AES - The Advanced Encryption Standard
SPINS: security protocols for sensor networks
PRESENT: An Ultra-Lightweight Block Cipher
The Design of Rijndael
Related Papers (5)
Frequently Asked Questions (17)
Q2. What are the contributions in "Triathlon of lightweight block ciphers for the internet of things" ?
In this paper the authors introduce a framework for the benchmarking of lightweight block ciphers on a multitude of embedded platforms. The authors used the framework to benchmark implementations of 19 lightweight ciphers, namely AES, Chaskey, Fantomas, HIGHT, LBlock, LEA, LED, Piccolo, PRESENT, PRIDE, PRINCE, RC5, RECTANGLE, RoadRunneR, Robin, Simon, SPARX, Speck, and TWINE, on three microcontroller platforms: 8-bit AVR, 16-bit MSP430, and 32-bit ARM. The benchmarking framework provides cipher designers with an easy-to-use tool to compare new algorithms with the state-of-the-art and allows standardization organizations to conduct a fair and consistent evaluation of a large number of candidates.
Q3. How many bits of plaintext are used in this scenario?
Since standard communication protocols for the IoT, such as IEEE 802.15.4 [36] and ZigBee [62], are characterized by low transmission rates and small packet sizes, the authors assume the plaintext to have a length of 128 bytes (i.e. 1024 bits) in this scenario.
Q4. How can the S-box be implemented in software?
The S-box requires only bitwise operations, and also the linear layer consisting of four transformations (one for every 16 bits of the state) can be implemented efficiently in software.
Q5. What are the three optimization strategies used in the benchmarked assembler implementations?
The benchmarked assembler implementations are based on three different optimization strategies: fast execution time, small code size, and a trade-off between speed and size.
Q6. What are the main criteria for evaluating lightweight ciphers?
Many IoT devices are so constrained that they feature only a few hundred bytes of RAM and a few kB of flash memory, which means RAM footprint and code size are crucial criterions for cryptographic engineers when selecting a lightweight cipher.
Q7. What is the definition of lightweight cryptography?
Gligor defined in [30] lightweight cryptography as cryptographic primitives, schemes and protocols tailored to extremely constrained environments such as sensor nodes or RFID tags.
Q8. How is the framework able to extract three metrics of interest?
The framework is able to extract three metrics of interest (execution time, RAM footprint, and binary code size) in a highly automated fashion and supports both cycle-accurate instruction set simulators and development boards.
Q9. What is the importance of a large number of platforms with optimized Assembly code?
Supporting a large number of platforms with optimized Assembly code is tedious and error-prone since, for each processor architecture, a separate code base needs to be written, tested, debugged, and then maintained.
Q10. How many different implementations of one and the same cipher exist?
it should be noted that up to 24 different implementations of one and the same cipher exist, which are based on different optimization strategies.
Q11. What are the two common simulators used to evaluate the execution times for the AVR and?
the cycle-accurate simulators Avrora [55,54] and MSPDebug [8] are used to evaluate the execution times for the 8-bit AVR and 16-bit MSP430 platform, respectively.
Q12. How many implementations were there at the time of writing this paper?
At the time of writing this paper, their repository contained between two and 24 different implementations of 19 lightweight ciphers, and more than 250 altogether.
Q13. What are the FOM scores used to rank the lightweight block ciphers?
The FOM scores the authors used to rank the 19 lightweight block ciphers are solely based on efficiency metrics and do not take any (cryptanalytic) security aspects into account.
Q14. What is the main priority of a lightweight cipher?
In such a setting, one could argue that the execution time of a lightweight cipher is not the main priority (especially since the amount of data to be encrypted is small), but rather the RAM consumption and code size.
Q15. What motivated us to develop a benchmarking toolsuite?
This motivated us to develop a benchmarking toolsuite that allows for a unified evaluation of a large number of candidates by collecting accurate and comprehensive results for execution time, RAM footprint, and code size.
Q16. what should be avoided as they increase the code size and/or RAM footprint?
lookup tables of any size should be avoided as they increase the code size and/or RAM footprint and also require costly load instructions.
Q17. How many lightweight block ciphers are available?
the authors survey 19 lightweight block ciphers and analyze, in particular, their suitability for software implementation on resource-restricted devices.