RFID Security pp 349-371 | Cite as

New Designs in Lightweight Symmetric Encryption

  • C. Paar
  • A. Poschmann
  • M. J. B. Robshaw


In this article, we consider new trends in the design of ultra-lightweight symmetric encryption algorithms. New lightweight designs for both block and stream ciphers as well as the underlying hardware design rationale are discussed. It is shown that secure block ciphers can be built with about 1,500 gate equivalences and, interestingly, it seems that modern lightweight block ciphers can have similar hardware requirements to lightweight stream ciphers.


Block Cipher Advance Encryption Standard Stream Cipher Linear Feedback Shift Register Symmetric Encryption 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    S. Babbage. A Space/Time Trade-off in Exhaustive Search Attacks on Stream Ciphers. IEE European Convention on Security and Dectection, 408, 1995Google Scholar
  2. 2.
    S. Babbage and M. Dodd. MICKEY 2.0, 2006 Available via www.ecrypt.eu.org/stream
  3. 3.
    L. Batina, J. Lano, N. Mentens, S. BernaÖrs, B. Preneel, and I. Verbauwhede. Energy, Performance, Area Versus Security Trade-offs for Stream Ciphers. State of the Art of Stream Ciphers 2004(SASC 2004), Workshop Record, pp. 302–310, 2004. Available via www.ecrypt.eu.org/stream
  4. 4.
    C. Berbain, O. Billet, A. Canteaut, N. Courtois, B. Debraize, H. Gilbert, L. Goubin, A. Gouget, L. Granboulan, C. Lauradoux, M. Minier, T. Pornin, and H. Sibert. DECIM v2.0, 2006. Available via www.ecrypt.eu.org/stream
  5. 5.
    C. Berbain, H. Gilbert, and A. Maximov. Cryptanalysis of Grain. In M. Robshaw, editors, Proceedings of FSE 2006, volume 4047 of LNCS, pp. 15–29, Springer, Berlin, 2006Google Scholar
  6. 6.
    T. Berger, F. Arnault, and C. Lauradoux. F-FCSR-H v2.0. Available via www.ecrypt.eu.org/stream
  7. 7.
    E. Biham. New Types of Cryptanalytic Attacks Using Related Keys. In T. Helleseth, editor, Proceedings of Eurocrypt'93, volume 765 of LNCS, pp. 398–409, Springer, Berlin, 1994Google Scholar
  8. 8.
    E. Biham and A. Shamir. Differential Cryptanalysis of the Full 16-Round DES. In Proceedings of CRYPTO, pp. 487–496, 1992. Also available via citeseer.ist.psu.edu/ biham93differential.htmlGoogle Scholar
  9. 9.
    A. Biryukov and A. Shamir. Cryptanalytic Time/Memory Trade-offs for Stream Ciphers. In T. Okamoto, editors, Proceedings of Asiacrypt 2000, volume 1976 of LNCS, pp. 1–13, Springer, Berlin, 2000CrossRefGoogle Scholar
  10. 10.
    A. Biryukov, A. Shamir, and D. Wagner. Real-Time Cryptanalysis of A5/1 on a PC. In B. Schneier, editors, Proceedings of FSE 2000, volume 1978 of LNCS, pp. 37–44, Springer, Berlin, 2000Google Scholar
  11. 11.
    A. Biryukov, S. Mukhopadhyay, and P. Sarkar. Improved Time-memory Trade-offs with Multiple Data. In B. Preneel and S. Tavares, editors, Proceedings of SAC 2005, volume 3897 of LNCS, pp. 110–127, Springer, Berlin, 2005Google Scholar
  12. 12.
    S.I.G. Bluetooth Specification of the Bluetooth System, 2003. Available via www.bluetooth.org/specversion 1.2
  13. 13.
    A. Bogdanov, G. Leander, L.R. Knudsen, C. Paar, A. Poschmann, M.J.B. Robshaw, Y. Seurin, and C. Vikkelsoe. PRESENT - An Ultra-Lightweight Block Cipher. In Proceedings of CHES 2007, volume 4727 of LNCS, pp. 450 - 466, Springer, Berlin, 2007Google Scholar
  14. 14.
    C. de Canni ère and B. Preneel. Trivium. Available via www.ecrypt.eu.org/stream
  15. 15.
    J. Daemen and V. Rijmen. The Design of Rijndael, Springer, Berlin, 2002MATHGoogle Scholar
  16. 16.
    T. Dierks and C. Allen. The TLS Protocol. Available via www.ietf.org/rfc/rfc2246.txt
  17. 17.
    ECRYPT Network of Excellence. The Stream Cipher Project: eSTREAM. Available via www.ecrypt.eu.org/stream
  18. 18.
    P. Ekdahl and T. Johansson. A New Version of the Stream Cipher SNOW. In K. Nyberg and H. Heys, editors, Proceedings of SAC 2002, volume 2595 of LNCS, pp. 47–61, Springer, Berlin, 2002Google Scholar
  19. 19.
    H. Englund, M. Hell, and T. Johansson. A Note on Distinguishing Attacks. In T. Helleseth, P. Kumar, and O. Ytrehus, editors, Proceedings of 2007 IEEE Information Theory Workshop on Information Theory for Wirless Networks, pp. 87–90, 2007Google Scholar
  20. 20.
  21. 21.
    M. Feldhofer. Comparison of Low-Power Implementations of Trivium and Grain. State of the Art of Stream Ciphers 2007 (SASC 2007), Workshop Record, February 2007. Available for download via http://www.ecrypt.eu.org/stream/
  22. 22.
    M. Feldhofer, S. Dominikus, and J. Wolkerstorfer. Strong Authentication for RFID Systems Using the AES algorithm. In M. Joye and J.-J. Quisquater, editor, Proceedings of CHES 2004, volume 3156 of LNCS, pp. 357–370, Springer, Berlin, 2004Google Scholar
  23. 23.
    M. Feldhofer, J. Wolkerstorfer, and V. Rijmen. AES Implementation on a Grain of Sand. Information Security, IEE Proceedings, 152(1): 13–20, 2005.CrossRefGoogle Scholar
  24. 24.
    D. Gligoroski, S. Markovski, L. Kocarev, and M. Gusev. Edon80. Available via www.ecrypt.eu.org/stream
  25. 25.
    T. Good and M. Benaissa. Hardware Results for Selected Stream Cipher Candidates. State of the Art of Stream Ciphers 2007 (SASC 2007), Workshop Record, February 2007. Available via www.ecrypt.eu.org/stream
  26. 26.
    M. Hell. On the Design and Analysis of Stream Ciphers. PhD Thesis, Lund University, 2007Google Scholar
  27. 27.
    M. Hell, T. Johansson, A. Maximov, and W. Meier. A Stream Cipher Proposal: Grain-128. In IEEE International Symposium on Information Theory - ISIT 2006, 2006. Also available via www.ecrypt.eu.org/stream
  28. 28.
    M. Hell, T. Johansson, and W. Meier. Grain - A Stream Cipher for Constrained Environments, International Journal of Wirelerss and Mobile Computing, 2(1): 86–93, 2007. Available via www.ecrypt.eu.org/stream
  29. 29.
    D. Hong, J. Sung, S. Hong, J. Lim, S. Lee, B. S. Koo, C. Lee, D. Chang, J. Lee, K. Jeong, H. Kim, J. Kim, and S. Chee. HIGHT: A New Block Cipher Suitable for Low-Resource Device. In L. Goubin and M. Matsui, editors, Proceedings of CHES 2006, volume 4249 of LNCS, pp. 46–59, Springer, Berlin, 2006Google Scholar
  30. 30.
    IEEE.802.11LAN/MAN Wireless LANS,2007. Available via standards.ieee.org/getieee802/
  31. 31.
    C. Jansen, T. Helleseth, and A. Kholosha. Pomaranch v3.0. Available via www.ecrypt.eu.org/stream
  32. 32.
    J. Kilian and P. Rogaway. How to Protect DES Against Exhaustive Key Search (an Analysis of DESX). Journal of Cryptology: The Journal of the International Association for Cryptologic Research, 14(1): 17–35, 1996. Available for download at citeseer.ist.psu.edu/article/ kilian96how.html
  33. 33.
    S. Kumar, C. Paar, J. Pelzl, G. Pfeiffer, and M. Schimmler. Breaking Ciphers with COPA-COBANA - A Cost-Optimized Parallel Code Breaker. In Workshop on Cryptographic Hard-ware and Embedded Systems - CHES 2006, Yokohama, Japan, Springer, Berlin, 2006Google Scholar
  34. 34.
    G. Leander and A. Poschmann. On the Classification of 4-Bit S-boxes. In C. Carlet and B. Sunar, editors, Proceedings of WAIFI 2007, volume 4547 of LNCS, Springer, Berlin, 2007Google Scholar
  35. 35.
    G. Leander, C. Paar, A. Poschmann, and K. Schramm. New Lighweight DES Variants. In Proceedings of Fast Software Encryption 2007 - FSE 2007, volume 4593 of LNCS, pp. 196–210, Springer, Berlin, 2007Google Scholar
  36. 36.
    R. Lidl and H. Niederreiter. Introduction to Finite Fields and their Applications. Cambridge University Press, Cambridge, MA Revised edition, 1994MATHGoogle Scholar
  37. 37.
    C. Lim and T. KorkishkomCrypton - A Lightweight Block Cipher for Security of Low-cost RFID Tags and Sensors. In M. Yung, J. Song, and T. Kwon, editor, Workshop on Information Security Applications - WISA'05, volume 3786 of LNCS, pp. 243–258, Springer, Berlin, 2005CrossRefGoogle Scholar
  38. 38.
    M. Matsui. Linear Cryptanalysis of DES Cipher. In T. Hellenseth, editors, Advances in Cryptology - EUROCRYPT'93, volume of 0765 LNCS, pp. 286 - 397, Springer, Berlin, 1994Google Scholar
  39. 39.
    A.J. Menezes, P.C. van Oorschot, and S.A. Vanstone. Handbook of Applied Cryptography. CRC Press, Boca Raton, FL, First edition, 1996Google Scholar
  40. 40.
    National Institute of Standards and Technology. Data Encryption Standard (DES). Federal Information Processing Standards (FIPS) Publication 46–3, October 1999Google Scholar
  41. 41.
    National Institute of Standards and Technology. Advanced Encryption Standard (AES). Federal Information Processing Standards (FIPS) Publication 197, November 2001. Available via csrc.nist.gov
  42. 42.
    National Institute of Standards and Technology. SP800–38A: Recommendation for Block Cipher Modes of Operation. Available via csrc.nist.gov, December 2001Google Scholar
  43. 43.
    A. Poschmann, G. Leander, K. Schramm, and C. Paar. New Lighweight Crypto Algorithms for RFID. In Proceedings of The IEEE International Symposium on Circuits and Systems 2007 -ISCAS 2007, pp. 1843–1846, 2007Google Scholar
  44. 44.
    M.J.B Robshaw. 2006Searching for Compact Algorithms: CGEN. In P.Q. Nguyen, editors, Proceedings of Vietcrypt 2006, volume 4341 of LNCS, pp. 37–49, Springer, Berlin, CrossRefGoogle Scholar
  45. 45.
    C.E. Shannon. Communication Theory of Secrecy Systems. Bell System Technical Journal, 28 (4): 656–715, 1949MATHMathSciNetGoogle Scholar
  46. 46.
    F.X. Standaert, G. Piret, N. Gershenfeld, and J.-J. Quisquater. SEA: A Scalable Encryption Algorithm for Small Embedded Applications. In J. Domingo-Ferrer, J. Posegga, and D. Schreckling, editors, Smart Card Research and Applications, Proceedings of CARDIS 2006, volume 3928 of LNCS, pp. 222–236, Springer, Berlin, 2006CrossRefGoogle Scholar
  47. 47.
    S. Tillich, M. Feldhofer, and J. Großschädl. Area, Delay, and Power Characteristics of Standard-Cell Implementations of the AES S-Box. In Proceedings of Embedded Computer Systems: Architectures, Modeling, and Simulation - SAMOS 2006, volume 4917 of LNCS, pp. 457 - 466, Springer, Berlin, 2006CrossRefGoogle Scholar
  48. 48.
    I. Verbauwhede, F. Hoornaert, J. Vandewalle, and H. De Man. Security and Performance Optimization of a New DES Data Encryption Chip. IEEE Journal of Solid-State Circuits, 23 (3): 647–656, 1988CrossRefGoogle Scholar
  49. 49.
    D. Wheeler and R. Needham. TEA, a Tiny Encryption Algorithm. In B. Preneel, editors, Proceedings of FSE 1994, volume 1008 of LNCS, pp. 363–366, Springer, Berlin, 1994Google Scholar
  50. 50.
    D. Wheeler and R. Needham. TEA Extensions. October 1997. Available via www.ftp.cl. cam.ac.uk/ftp/users/djw3/(Also Correction to XTEA. October, 1998)

Copyright information

© Springer Science+Business Media, LLC 2008

Authors and Affiliations

  • C. Paar
  • A. Poschmann
    • 1
  • M. J. B. Robshaw
  1. 1.Horst Görtz Institute for IT Security, Embedded Security Group (COSY)Ruhr-Universität BochumGermany

Personalised recommendations