Shivam Singh, profile picture
Uploaded byShivam Singh
PPTX, PDF4,975 views

Lightweight cryptography

This document discusses lightweight cryptography. It begins by defining lightweight cryptography as cryptographic primitives designed for devices with limited resources like memory, speed and power consumption. It then outlines various lightweight cryptographic mechanisms like block ciphers, hash functions, stream ciphers and authenticated ciphers. For each mechanism, it discusses their desirable properties and design principles. It also discusses implementation issues like decryption costs and resistance to related key attacks. Finally, it mentions the Fair Evaluation of Lightweight Cryptographic Systems (FELICS) benchmarking tool for evaluating and comparing the performance of lightweight cryptographic algorithms on different platforms.

Embed presentation

Downloaded 241 times
LIGHTWEIGHT CRYPTOGRAPHY Shivam Singh M.Tech. Cyber Security
Contents.. 1. What is lightweight cryptography? 2. Lightweight cryptographic mechanisms 3. Lightweight cryptography lounge a) Lightweight block ciphers b) Lightweight hash functions c) Lightweight stream ciphers d) Lightweight one-pass authenticated ciphers 4. Software implementation
WHAT IS LIGHTWEIGHT CRYPTOGRAPHY?  Lightweight cryptography has been a very important for the last few years, driven by the lack of primitives capable to run on devices with very low computing power.  We can think for instance of RFID tags, sensors in wireless sensor network or, more generally, small internet-enabled appliances expected to flood the markets as the Internet of Things (IoT) arises.  At the core of lightweight cryptography is a trade-off between Lightweightness and security.  Many cryptographers have addressed these issues by suggesting lightweight stream ciphers, block ciphers, hash function and recently one-pass authenticated encryption.
Lightweight Cryptographic Mechanisms Embedded devices often have inherent limitations in terms of processing power, memory, storage and energy. The cryptographic functionality that ESs utilize to provide tamper resistant hardware and software security functions has direct impact on the system’s: • Size: Memory elements constitute a significant part of the module’s surface. • Cost: Directly linked to the surface of the component. • Speed: Optimized code provides results faster. • Power Consumption: The quicker a set of instructions is executed, the quicker the module can return to an idle state or be put in sleep mode where power consumption is minimal.
LIGHTWEIGHT CRYPTOGRAPHY LOUNGE  Lightweight Block Ciphers  Lightweight Hash Functions  Lightweight Stream Ciphers  Lightweight One-pass Authenticated Ciphers
Lightweight Block Ciphers  Desirable Properties: The aim of a block cipher is to provide a keyed pseudo-random permutation which is then used as the building block of more complex protocols. For instance, coupled with a proper Mode of operation, they can be used to encrypt data. A "good" block cipher must be fast and secure, i.e. it must be impossible for an adversary with realistic computing power to retrieve the key used even if she has access to a black-box capable of encrypting and decrypting the plaintext of her choice (security against chosen-ciphertext attack).  Design Principles: There are two families of designs for block ciphers: Substitution-Permutation Networks and Feistel Networks. There are also specific constraints when designing lightweight block ciphers. First of all, memory is very expensive so that implementing S-boxes as look-up table can lead to a large hardware footprint. That is why these ciphers usually have no S-box at all (SIMON) or very small ones, only 4x4 (PRESENT).
 Cost of Implementing Decryption: Implementing decryption alongside encryption should lead to an increase of the area necessary as it requires its own logic. However, depending on the mode of operation of the cipher, it may be possible to ignore the decryption algorithm: for instance, in the case of OFB, decryption is useless. Another way of reducing the additional cost is to build algorithms such that encryption and decryption are very similar. A first approach is to use involutions as components, for instance in KLEIN. The whole structure can be exploited to have involution related properties, for instance α-reflexivity in the case of PRINCE or differentiate encryption from decryption simply by a variation in the key- schedule (Feistel networks, mCrypton).
 Fixed key? • The designers of symmetric block ciphers have different approaches regarding related key attacks. The use-case of lightweight cryptography can lead to opposite views concerning the necessity of counter-measure to prevent such attacks. • Because the key is likely to be "burnt" in the device, i.e. that it will not be possible to change it, there is no point in worrying about related key attacks: the probability for an attacker to obtain several devices keyed with appropriately related keys is too small to be of any importance. • However, such block ciphers are very likely to be used to build compression functions for hash function with a Merkle-Damgård structure. In this context, resilience against related key attacks is much more important.
Lightweight Hash Functions  Desirable Properties: Here, "impossible" means "impossible for an adversary having some reasonable computing power" where "reasonable" is actually a complex concept. Consider a hash function H; we want it to be (at least): 1. Collision resistant: it is "impossible" to find x and y such that H(x)=H(y). 2. Preimage resistant: given a digest d, it is "impossible" to find x such that H(x)=d. 3. Second preimage resistant: given y, it is "impossible" to find x≠y such that H(x)=H(y).  Sponge The sponge construction is a method to build a hash function from a publicly known unkeyed permutation (P-Sponge) or random function (T-Sponge). It was introduced by Bertoni et al., the Keccak team, in 2007. Sponges can also be used to provided stream ciphers or even authenticated encryption, see the duplex construction
 P-Sponge and T-Sponge: P(ermutation)-Sponge and T(ransformative)-Sponge are sponge models using respectively a random permutation and a random function to update their internal state. In the paper in which the sponge functions were introduced, it was shown that sponges with capacity c, rate r and digest size n absorbing messages of length m<2c/2 are such that different attacks require the following number of calls to the update function. Case Preimage Second Pre-image Collision Cycle finding T-Sponge min(n, c+r) min(n, c-log2(m)) min(n, c)/2 (c+r)/2 P-Sponge c-1 min(n, c/2) min(n, c)/2 c+r
Lightweight Stream Ciphers  Description and Desirable Properties: • Given a key K and an initialization vector IV, a stream cipher generates a keystream, i.e. a stream of bits which are simply xored with the plaintext to generate the ciphertext. Such ciphers are called synchronous if the keystream is independent of the ciphertext or asynchronous if it does. Asynchronous ciphers can be used for authenticated encryption. • The IV is known by the attacker and may also be controlled by her. It must "impossible" to retrieve the key even if large parts of the keystream are available. Furthermore, if the cipher is based on an internal state updated every time a part of the keystrem is generated (most stream ciphers correspond to this description), then the internal state must be large enough to prevent so-called Time-Memory-Data Trade-off based attacks. For instance, A5/1 is vulnerable to such an attack.
 Possible Components: A simple way to build a stream cipher is to use a regular block cipher in counter-mode. However, the most common method to initialize an internal state of n bits using the key and initialization vector and then repeat the following: 1. Generates b bits of keystream using the content of the internal state. 2. Apply a function to update the internal state. A possible method to build an internal state easy to update is to use so-called Feedback Shift Registers (FSR). These are arrays of words which, at each round, are updated as follows: 1. The content of some fixed cells (the taps) is used to compute a new word w. 2. The content of the array is shifted to the left so its last element is discarded. 3. w is inserted in the first cell. If the function used to compute w is linear, we have a Linear FSR or LFSR. Otherwise, we have a Non-linear FSR or NFSR. The Feedback with Carry Shift Register used by the FCSR- based stream-ciphers is another such construction. The words can be bits (most of the cases) but it is not necessary.
Lightweight Authenticated Encryption  Description: The aim is to provide simultaneously encryption and authentication in one primitive and in one pass. Authentication allows communicating entities to ensure that their communication has not been modified or tampered with. This verification is based on the computation of a so-called tag associated to the transmitted data which cannot be generated in reasonable time unless a secret is known. The generation of the tag can be done separately from the encryption but the primitives listed on this page perform both operations at the same time.  Stream-Cipher Based One possible way to achieve this is to use a special stream-cipher like PHELIX which uses the plaintext to update its internal state. The MAC can then be derived from the internal state of the stream-cipher once encryption is finished.
 Duplexed Sponge: The duplexed sponge is based on the use of a sponge as a stream-cipher in the way described above, i.e. by incorporating blocks of plain text in the computation of the internal state. This structure is best described by a figure (on the right, taken from the original paper): σi corresponds to the ith block of plain text, Zi to the ith block of cipher text, r to the rate of the sponge, c to its capacity and f to its update function. The duplexed sponge is actually a construction with broader applications than just authenticated encryption. When used for this purpose, the construction is called Sponge Wrap. This construction can also be further specialized as has been suggested by Andreeva et al. (APE construction) and can be lightweight as long, of course, as the permutation used is.
SOFTWARE IMPLEMENTATION  Fair Evaluation of Lightweight Cryptographic Systems (FELICS)  Block ciphers brief results  Block ciphers detailed results  Stream ciphers brief results  Stream ciphers detailed results
FELICS  Cipher performance evaluation on different platforms and usually in different conditions. The results obtained on different devices and in different measurement conditions are then used to compare the new cipher with previous ones. The conclusions are not accurate and do not inspire confidence because it is hard to correctly evaluate different ciphers if comparative implementations are not available.  Benchmarking tool is open and flexible in various aspects: 1. It is possible to upload new ciphers so that the designers get consistent and detailed feedback on how their cipher compares with the state-of-the-art. 2. The tool is developed from the ground up with the goal of supporting a wide range of embedded platforms through both cycle-accurate instruction set simulation and actual measurements on prototyping boards. 3. The tool is also open with respect to the evaluation metrics. Currently, it can evaluate execution time, RAM footprint, and binary code size. 4. It can easily accommodate new usage/evaluation scenarios.
Some Other Results..  Block ciphers brief results  Block ciphers detailed results  Stream ciphers brief results  Stream ciphers detailed results Note: These are the Hyperlinks to see the results..
spu15cs21@policeuniversity.ac.in

More Related Content

PPTX
Confusion and Diffusion.pptx
bybcanawakadalcollege
 
PPTX
Light Weight Cryptography for IOT.pptx
byDineshBoobalan
 
PPTX
Information and data security pseudorandom number generation and stream cipher
byMazin Alwaaly
 
PPTX
Trusted systems
byahmad abdelhafeez
 
PPTX
Classical Encryption Techniques
bySou Jana
 
PPT
Classical Encryption Techniques
byuniversity of education,Lahore
 
PPTX
AES.pptx
byRizwanBasha12
 
PPT
4_5949547032388570388.ppt
byMohammedMohammed578197
 
Confusion and Diffusion.pptx
bybcanawakadalcollege
 
Light Weight Cryptography for IOT.pptx
byDineshBoobalan
 
Information and data security pseudorandom number generation and stream cipher
byMazin Alwaaly
 
Trusted systems
byahmad abdelhafeez
 
Classical Encryption Techniques
bySou Jana
 
Classical Encryption Techniques
byuniversity of education,Lahore
 
AES.pptx
byRizwanBasha12
 
4_5949547032388570388.ppt
byMohammedMohammed578197
 

What's hot

PDF
Block Ciphers and the Data Encryption Standard
byDr.Florence Dayana
 
PPT
RC4&RC5
byMohamed El-Serngawy
 
PDF
2. public key cryptography and RSA
byDr.Florence Dayana
 
PDF
Unit 1
byTrupti Kodinariya
 
PPTX
Cryptography
byRutuja Solkar
 
PPTX
Transport layer security (tls)
byKalpesh Kalekar
 
PPTX
Cryptography.ppt
byUday Meena
 
PPTX
Advanced encryption standard (aes)
byfarazvirk554
 
PPTX
Types of attacks
byVivek Gandhi
 
PDF
CRYPTOGRAPHY AND NETWORK SECURITY
byKathirvel Ayyaswamy
 
PPTX
Public Key Cryptography
byGopal Sakarkar
 
PPTX
Data Encryption Standard (DES)
byHaris Ahmed
 
PPTX
Trible data encryption standard (3DES)
byAhmed Mohamed Mahmoud
 
PPT
Intruders
bytechn
 
PPT
Email Security : PGP & SMIME
byRohit Soni
 
PPTX
IPSec and VPN
byAbdullaziz Tagawy
 
PPTX
Double DES & Triple DES
byHemant Sharma
 
PPTX
Public Key Cryptosystem
byDevakumar Kp
 
PPT
Diffiehellman
bychenlahero
 
PDF
Email security presentation
bySubhradeepMaji
 
Block Ciphers and the Data Encryption Standard
byDr.Florence Dayana
 
RC4&RC5
byMohamed El-Serngawy
 
2. public key cryptography and RSA
byDr.Florence Dayana
 
Unit 1
byTrupti Kodinariya
 
Cryptography
byRutuja Solkar
 
Transport layer security (tls)
byKalpesh Kalekar
 
Cryptography.ppt
byUday Meena
 
Advanced encryption standard (aes)
byfarazvirk554
 
Types of attacks
byVivek Gandhi
 
CRYPTOGRAPHY AND NETWORK SECURITY
byKathirvel Ayyaswamy
 
Public Key Cryptography
byGopal Sakarkar
 
Data Encryption Standard (DES)
byHaris Ahmed
 
Trible data encryption standard (3DES)
byAhmed Mohamed Mahmoud
 
Intruders
bytechn
 
Email Security : PGP & SMIME
byRohit Soni
 
IPSec and VPN
byAbdullaziz Tagawy
 
Double DES & Triple DES
byHemant Sharma
 
Public Key Cryptosystem
byDevakumar Kp
 
Diffiehellman
bychenlahero
 
Email security presentation
bySubhradeepMaji
 

Viewers also liked

PDF
Internet of Things - Privacy and Security issues
byPierluigi Paganini
 
PDF
Elliptic Curve Cryptography
byKelly Bresnahan
 
PDF
The 5 elements of IoT security
byJulien Vermillard
 
PPT
Internet of Things and its applications
byPasquale Puzio
 
PDF
Security in the Internet of Things
byForgeRock
 
PPTX
Internet-of-things- (IOT) - a-seminar - ppt - by- mohan-kumar-g
byMohan Kumar G
 
PPT
IoT security (Internet of Things)
bySanjay Kumar (Seeking options outside India)
 
PPTX
Enhancing security in cloud storage
byShivam Singh
 
PDF
5 questions about the IoT (Internet of Things)
byDeloitte United States
 
PDF
What is the Internet of Things?
byFelix Grovit
 
PDF
Data security in cloud environment
byShivam Singh
 
PDF
Final report
byJagbir Kalirai
 
PDF
Легковесная криптография
byPositive Hack Days
 
PDF
What Exactly Is The "Internet of Things"?
byPostscapes
 
Internet of Things - Privacy and Security issues
byPierluigi Paganini
 
Elliptic Curve Cryptography
byKelly Bresnahan
 
The 5 elements of IoT security
byJulien Vermillard
 
Internet of Things and its applications
byPasquale Puzio
 
Security in the Internet of Things
byForgeRock
 
Internet-of-things- (IOT) - a-seminar - ppt - by- mohan-kumar-g
byMohan Kumar G
 
IoT security (Internet of Things)
bySanjay Kumar (Seeking options outside India)
 
Enhancing security in cloud storage
byShivam Singh
 
5 questions about the IoT (Internet of Things)
byDeloitte United States
 
What is the Internet of Things?
byFelix Grovit
 
Data security in cloud environment
byShivam Singh
 
Final report
byJagbir Kalirai
 
Легковесная криптография
byPositive Hack Days
 
What Exactly Is The "Internet of Things"?
byPostscapes
 

Similar to Lightweight cryptography

PPTX
Different types of Symmetric key Cryptography
bysubhradeep mitra
 
PPTX
Unit 2
bytamil arasan
 
PPTX
Fundamentals of Information Encryption
byAmna Magzoub
 
PPT
Introduction to Block cipher Technology -unit 1
byramamoorthi24
 
PPTX
my.Light weight cryptography.2023.pptx
byhalosidiq1
 
PPTX
Cryptography_additive_cipher.pptx
byShivaprasad787526
 
PPT
introduction to cryptography (basics of it)
byneonaveen
 
PPT
needed.ppt
byfaizalkhan673954
 
PPT
crypto.ppt
byGanesh Chavan
 
PPT
crypto1.ppt
bytommychauhan
 
PDF
Design of A New Lightweight Encryption for Embedded Security
byIRJET Journal
 
PDF
An exhaustive review of the stream ciphers and their performance analysis
byInternational Journal of Reconfigurable and Embedded Systems
 
PPTX
Ppt fnr arbitrary length small domain block cipher proposal
byKarunakar Saroj
 
PDF
A novel authenticated cipher for rfid systems
byijcisjournal
 
PDF
A novel architecture for lightweight block cipher, piccolo
byeSAT Journals
 
PDF
A Robust Cryptographic System using Neighborhood-Generated Keys
byIJORCS
 
PDF
A Robust Cryptographic System using Neighborhood-Generated Keys
byIJORCS
 
PDF
Lightweight Cryptography for Distributed PKI Based MANETS
byIJCNCJournal
 
PDF
Computer network (3)
byNYversity
 
PDF
A Survey on Various Lightweight Cryptographic Algorithms on FPGA
byIOSRJECE
 
Different types of Symmetric key Cryptography
bysubhradeep mitra
 
Unit 2
bytamil arasan
 
Fundamentals of Information Encryption
byAmna Magzoub
 
Introduction to Block cipher Technology -unit 1
byramamoorthi24
 
my.Light weight cryptography.2023.pptx
byhalosidiq1
 
Cryptography_additive_cipher.pptx
byShivaprasad787526
 
introduction to cryptography (basics of it)
byneonaveen
 
needed.ppt
byfaizalkhan673954
 
crypto.ppt
byGanesh Chavan
 
crypto1.ppt
bytommychauhan
 
Design of A New Lightweight Encryption for Embedded Security
byIRJET Journal
 
An exhaustive review of the stream ciphers and their performance analysis
byInternational Journal of Reconfigurable and Embedded Systems
 
Ppt fnr arbitrary length small domain block cipher proposal
byKarunakar Saroj
 
A novel authenticated cipher for rfid systems
byijcisjournal
 
A novel architecture for lightweight block cipher, piccolo
byeSAT Journals
 
A Robust Cryptographic System using Neighborhood-Generated Keys
byIJORCS
 
A Robust Cryptographic System using Neighborhood-Generated Keys
byIJORCS
 
Lightweight Cryptography for Distributed PKI Based MANETS
byIJCNCJournal
 
Computer network (3)
byNYversity
 
A Survey on Various Lightweight Cryptographic Algorithms on FPGA
byIOSRJECE
 

More from Shivam Singh

PPTX
Wpa2 psk security measure
byShivam Singh
 
PPTX
Url manipulation
byShivam Singh
 
PPTX
Threads
byShivam Singh
 
PDF
Homomorphic encryption in_cloud
byShivam Singh
 
PPTX
I pv6 mechanism
byShivam Singh
 
PPTX
Virtualization
byShivam Singh
 
PPTX
The problems of syrian refugees and european union
byShivam Singh
 
PPTX
Cloud computing
byShivam Singh
 
PPTX
Democracy is mobocracy in india
byShivam Singh
 
Wpa2 psk security measure
byShivam Singh
 
Url manipulation
byShivam Singh
 
Threads
byShivam Singh
 
Homomorphic encryption in_cloud
byShivam Singh
 
I pv6 mechanism
byShivam Singh
 
Virtualization
byShivam Singh
 
The problems of syrian refugees and european union
byShivam Singh
 
Cloud computing
byShivam Singh
 
Democracy is mobocracy in india
byShivam Singh
 

Recently uploaded

PPTX
Op-Amp Based Sine-Wave Oscillators: Theory, Design and Applications
byGS Virdi
 
PDF
Masking and Lithography Techniques in Microelectronics
byGS Virdi
 
PPTX
What is Scheduled Actions in Odoo 18
byCeline George
 
PPTX
(2) Physiology (Cell Structure). pptx
byaryanhaniarshi
 
PPTX
An inclusive AI - Supporting students with special education needs by Andreas...
byEduSkills OECD
 
PPTX
Pharmaceutical Engineering (sem-3) unit 3-2
bypayalpilaji
 
PPTX
How to Create Certifications in Odoo 18 Employees
byCeline George
 
PPTX
Correlation Analysis (Biostatistics)ppt.
byKajal Kashyap
 
PPTX
What is Lost Opportunities In Odoo 18 CRM
byCeline George
 
PDF
Determining the Sample Population updated version.pdf
byThelma Villaflores
 
DOCX
ANATOMY NOTES- Dr. Sudhadevi Sadanandan
byDr. Sudhadevi Sadanandan
 
PDF
Achaemenian Invasions in India Cyrus II Darius I and Xeraxes
byPrachiSontakke5
 
PDF
ENVIRONMENTAL SERVICES PROVIDERS ASSOCIATION.pdf
bynservice241
 
PDF
BP605 T PHARMACEUTICAL BIOTECHNOLOGY UNIT 3 PART 1
byRushiMandali
 
PDF
Statement-by-UK-PhD-cohort-to-the-Ghana-High-Commission-and-the-media.docx1_.pdf
bynservice241
 
PPTX
Historical Background of Pharmacy .pptx
bySneha Gaurkar
 
PDF
Optomery MCQ pdf/exam/pyq/joinquiz/..pdf
byAnmol Singh
 
PPTX
West Hatch Ski Trip - Wagrain 2026 - Induction Meeting 2
byWestHatch
 
PPTX
SEMESTER- 6 UNIT-3 Child guidance clinic.pptx
bysachin7989
 
PPTX
Health Care Agencies & Hospital .pptx.Slideshare
byPompi Begum
 
Op-Amp Based Sine-Wave Oscillators: Theory, Design and Applications
byGS Virdi
 
Masking and Lithography Techniques in Microelectronics
byGS Virdi
 
What is Scheduled Actions in Odoo 18
byCeline George
 
(2) Physiology (Cell Structure). pptx
byaryanhaniarshi
 
An inclusive AI - Supporting students with special education needs by Andreas...
byEduSkills OECD
 
Pharmaceutical Engineering (sem-3) unit 3-2
bypayalpilaji
 
How to Create Certifications in Odoo 18 Employees
byCeline George
 
Correlation Analysis (Biostatistics)ppt.
byKajal Kashyap
 
What is Lost Opportunities In Odoo 18 CRM
byCeline George
 
Determining the Sample Population updated version.pdf
byThelma Villaflores
 
ANATOMY NOTES- Dr. Sudhadevi Sadanandan
byDr. Sudhadevi Sadanandan
 
Achaemenian Invasions in India Cyrus II Darius I and Xeraxes
byPrachiSontakke5
 
ENVIRONMENTAL SERVICES PROVIDERS ASSOCIATION.pdf
bynservice241
 
BP605 T PHARMACEUTICAL BIOTECHNOLOGY UNIT 3 PART 1
byRushiMandali
 
Statement-by-UK-PhD-cohort-to-the-Ghana-High-Commission-and-the-media.docx1_.pdf
bynservice241
 
Historical Background of Pharmacy .pptx
bySneha Gaurkar
 
Optomery MCQ pdf/exam/pyq/joinquiz/..pdf
byAnmol Singh
 
West Hatch Ski Trip - Wagrain 2026 - Induction Meeting 2
byWestHatch
 
SEMESTER- 6 UNIT-3 Child guidance clinic.pptx
bysachin7989
 
Health Care Agencies & Hospital .pptx.Slideshare
byPompi Begum
 
In this document
Powered by AI

Introduces lightweight cryptography, its importance, and contents of the presentation.

Defines lightweight cryptography as essential for devices with low computing power, emphasizing security trade-offs.

Describes lightweight cryptographic mechanisms addressing limitations like processing power, energy, and speed.

Overview of categories in lightweight cryptography: Block Ciphers, Hash Functions, Stream Ciphers, and Authenticated Ciphers.

Details on block ciphers: properties, design principles, decryption costs, and key usage for enhanced security.

Defines desirable properties of hash functions including collision resistance and introduces the sponge construction model.

Explains stream ciphers, their properties, and construction mechanisms like Feedback Shift Registers for keystream generation.

Discusses simultaneous encryption and authentication techniques using duplexed sponge and special stream ciphers.

Presents the Fair Evaluation of Lightweight Cryptographic Systems (FELICS) and benchmarking tools for performance assessment.

Provides contact information for further inquiries regarding the presentation.

Lightweight cryptography

  • 1.
  • 2.
    Contents.. 1. What islightweight cryptography? 2. Lightweight cryptographic mechanisms 3. Lightweight cryptography lounge a) Lightweight block ciphers b) Lightweight hash functions c) Lightweight stream ciphers d) Lightweight one-pass authenticated ciphers 4. Software implementation
  • 3.
    WHAT IS LIGHTWEIGHTCRYPTOGRAPHY?  Lightweight cryptography has been a very important for the last few years, driven by the lack of primitives capable to run on devices with very low computing power.  We can think for instance of RFID tags, sensors in wireless sensor network or, more generally, small internet-enabled appliances expected to flood the markets as the Internet of Things (IoT) arises.  At the core of lightweight cryptography is a trade-off between Lightweightness and security.  Many cryptographers have addressed these issues by suggesting lightweight stream ciphers, block ciphers, hash function and recently one-pass authenticated encryption.
  • 4.
    Lightweight Cryptographic Mechanisms Embeddeddevices often have inherent limitations in terms of processing power, memory, storage and energy. The cryptographic functionality that ESs utilize to provide tamper resistant hardware and software security functions has direct impact on the system’s: • Size: Memory elements constitute a significant part of the module’s surface. • Cost: Directly linked to the surface of the component. • Speed: Optimized code provides results faster. • Power Consumption: The quicker a set of instructions is executed, the quicker the module can return to an idle state or be put in sleep mode where power consumption is minimal.
  • 5.
    LIGHTWEIGHT CRYPTOGRAPHY LOUNGE Lightweight Block Ciphers  Lightweight Hash Functions  Lightweight Stream Ciphers  Lightweight One-pass Authenticated Ciphers
  • 6.
    Lightweight Block Ciphers Desirable Properties: The aim of a block cipher is to provide a keyed pseudo-random permutation which is then used as the building block of more complex protocols. For instance, coupled with a proper Mode of operation, they can be used to encrypt data. A "good" block cipher must be fast and secure, i.e. it must be impossible for an adversary with realistic computing power to retrieve the key used even if she has access to a black-box capable of encrypting and decrypting the plaintext of her choice (security against chosen-ciphertext attack).  Design Principles: There are two families of designs for block ciphers: Substitution-Permutation Networks and Feistel Networks. There are also specific constraints when designing lightweight block ciphers. First of all, memory is very expensive so that implementing S-boxes as look-up table can lead to a large hardware footprint. That is why these ciphers usually have no S-box at all (SIMON) or very small ones, only 4x4 (PRESENT).
  • 7.
     Cost ofImplementing Decryption: Implementing decryption alongside encryption should lead to an increase of the area necessary as it requires its own logic. However, depending on the mode of operation of the cipher, it may be possible to ignore the decryption algorithm: for instance, in the case of OFB, decryption is useless. Another way of reducing the additional cost is to build algorithms such that encryption and decryption are very similar. A first approach is to use involutions as components, for instance in KLEIN. The whole structure can be exploited to have involution related properties, for instance α-reflexivity in the case of PRINCE or differentiate encryption from decryption simply by a variation in the key- schedule (Feistel networks, mCrypton).
  • 8.
     Fixed key? •The designers of symmetric block ciphers have different approaches regarding related key attacks. The use-case of lightweight cryptography can lead to opposite views concerning the necessity of counter-measure to prevent such attacks. • Because the key is likely to be "burnt" in the device, i.e. that it will not be possible to change it, there is no point in worrying about related key attacks: the probability for an attacker to obtain several devices keyed with appropriately related keys is too small to be of any importance. • However, such block ciphers are very likely to be used to build compression functions for hash function with a Merkle-Damgård structure. In this context, resilience against related key attacks is much more important.
  • 9.
    Lightweight Hash Functions Desirable Properties: Here, "impossible" means "impossible for an adversary having some reasonable computing power" where "reasonable" is actually a complex concept. Consider a hash function H; we want it to be (at least): 1. Collision resistant: it is "impossible" to find x and y such that H(x)=H(y). 2. Preimage resistant: given a digest d, it is "impossible" to find x such that H(x)=d. 3. Second preimage resistant: given y, it is "impossible" to find x≠y such that H(x)=H(y).  Sponge The sponge construction is a method to build a hash function from a publicly known unkeyed permutation (P-Sponge) or random function (T-Sponge). It was introduced by Bertoni et al., the Keccak team, in 2007. Sponges can also be used to provided stream ciphers or even authenticated encryption, see the duplex construction
  • 10.
     P-Sponge andT-Sponge: P(ermutation)-Sponge and T(ransformative)-Sponge are sponge models using respectively a random permutation and a random function to update their internal state. In the paper in which the sponge functions were introduced, it was shown that sponges with capacity c, rate r and digest size n absorbing messages of length m<2c/2 are such that different attacks require the following number of calls to the update function. Case Preimage Second Pre-image Collision Cycle finding T-Sponge min(n, c+r) min(n, c-log2(m)) min(n, c)/2 (c+r)/2 P-Sponge c-1 min(n, c/2) min(n, c)/2 c+r
  • 11.
    Lightweight Stream Ciphers Description and Desirable Properties: • Given a key K and an initialization vector IV, a stream cipher generates a keystream, i.e. a stream of bits which are simply xored with the plaintext to generate the ciphertext. Such ciphers are called synchronous if the keystream is independent of the ciphertext or asynchronous if it does. Asynchronous ciphers can be used for authenticated encryption. • The IV is known by the attacker and may also be controlled by her. It must "impossible" to retrieve the key even if large parts of the keystream are available. Furthermore, if the cipher is based on an internal state updated every time a part of the keystrem is generated (most stream ciphers correspond to this description), then the internal state must be large enough to prevent so-called Time-Memory-Data Trade-off based attacks. For instance, A5/1 is vulnerable to such an attack.
  • 12.
     Possible Components: Asimple way to build a stream cipher is to use a regular block cipher in counter-mode. However, the most common method to initialize an internal state of n bits using the key and initialization vector and then repeat the following: 1. Generates b bits of keystream using the content of the internal state. 2. Apply a function to update the internal state. A possible method to build an internal state easy to update is to use so-called Feedback Shift Registers (FSR). These are arrays of words which, at each round, are updated as follows: 1. The content of some fixed cells (the taps) is used to compute a new word w. 2. The content of the array is shifted to the left so its last element is discarded. 3. w is inserted in the first cell. If the function used to compute w is linear, we have a Linear FSR or LFSR. Otherwise, we have a Non-linear FSR or NFSR. The Feedback with Carry Shift Register used by the FCSR- based stream-ciphers is another such construction. The words can be bits (most of the cases) but it is not necessary.
  • 13.
    Lightweight Authenticated Encryption Description: The aim is to provide simultaneously encryption and authentication in one primitive and in one pass. Authentication allows communicating entities to ensure that their communication has not been modified or tampered with. This verification is based on the computation of a so-called tag associated to the transmitted data which cannot be generated in reasonable time unless a secret is known. The generation of the tag can be done separately from the encryption but the primitives listed on this page perform both operations at the same time.  Stream-Cipher Based One possible way to achieve this is to use a special stream-cipher like PHELIX which uses the plaintext to update its internal state. The MAC can then be derived from the internal state of the stream-cipher once encryption is finished.
  • 14.
     Duplexed Sponge: Theduplexed sponge is based on the use of a sponge as a stream-cipher in the way described above, i.e. by incorporating blocks of plain text in the computation of the internal state. This structure is best described by a figure (on the right, taken from the original paper): σi corresponds to the ith block of plain text, Zi to the ith block of cipher text, r to the rate of the sponge, c to its capacity and f to its update function. The duplexed sponge is actually a construction with broader applications than just authenticated encryption. When used for this purpose, the construction is called Sponge Wrap. This construction can also be further specialized as has been suggested by Andreeva et al. (APE construction) and can be lightweight as long, of course, as the permutation used is.
  • 15.
    SOFTWARE IMPLEMENTATION  FairEvaluation of Lightweight Cryptographic Systems (FELICS)  Block ciphers brief results  Block ciphers detailed results  Stream ciphers brief results  Stream ciphers detailed results
  • 16.
    FELICS  Cipher performanceevaluation on different platforms and usually in different conditions. The results obtained on different devices and in different measurement conditions are then used to compare the new cipher with previous ones. The conclusions are not accurate and do not inspire confidence because it is hard to correctly evaluate different ciphers if comparative implementations are not available.  Benchmarking tool is open and flexible in various aspects: 1. It is possible to upload new ciphers so that the designers get consistent and detailed feedback on how their cipher compares with the state-of-the-art. 2. The tool is developed from the ground up with the goal of supporting a wide range of embedded platforms through both cycle-accurate instruction set simulation and actual measurements on prototyping boards. 3. The tool is also open with respect to the evaluation metrics. Currently, it can evaluate execution time, RAM footprint, and binary code size. 4. It can easily accommodate new usage/evaluation scenarios.
  • 17.
    Some Other Results.. Block ciphers brief results  Block ciphers detailed results  Stream ciphers brief results  Stream ciphers detailed results Note: These are the Hyperlinks to see the results..
  • 18.