On Area, Time, and the Right Trade-Off

  • A. Poschmann
  • M. J. B. Robshaw
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7372)


Recently one of the most active fields of cryptography has been the design of lightweight algorithms. Often the explicit goal is to minimise the physical area for an implementation. While reducing area is an important consideration, beyond a certain threshold there is little point minimising area further. Indeed, it can be counter-productive and does not necessarily lead to the most appropriate solution. To provide a clear demonstration of this, we consider two lightweight algorithms that have been proposed for deployment on UHF RFID tags and which appear in a forthcoming ISO standard. Our results show that by choosing an implementation strategy that reduces but not necessarily minimises the area, very significant savings in time and substantial reductions to other physical demands on tag performance can be delivered. In particular, given the crucial importance of transaction time in the deployment of most contactless applications, our work illustrates that the most suitable practical implementation does not always conform to expectations.


Clock Cycle Block Cipher Near Field Communication Transaction Time VHDL Code 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Aigner, M., Burbridge, T., Ilic, A., Lyon, D., Soppera, A., Lehtonen, M.: RFID Tag Security, BRIDGE white paper,
  2. 2.
    Akishita, T., Hiwatari, H.: Very Compact Hardware Implementations of the Blockcipher CLEFIA. In: Proceedings of SAC 2010, pp. 2925–2928. IEEE (2008)Google Scholar
  3. 3.
    Bogdanov, A.A., Knudsen, L.R., Leander, G., Paar, C., Poschmann, A., Robshaw, M., Seurin, Y., Vikkelsoe, C.: PRESENT: An Ultra-Lightweight Block Cipher. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 450–466. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  4. 4.
    EPCglobal. EPC Radio-Frequency Identity Protocols, Class-1 Generation-2 UHF RFID, Protocol for Communications at 860-960 MHz, version 1.2.0 (October 23, 2008),
  5. 5.
    Gilbert, H., Robshaw, M., Seurin, Y.: HB#, Increasing the Security and Efficiency of HB. In: Smart, N.P. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 361–378. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  6. 6.
    Girault, M.: Self-certified Public Keys. In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol. 547, pp. 490–497. Springer, Heidelberg (1991)Google Scholar
  7. 7.
    Girault, M.: Low-Size Coupons for Low-Cost IC Cards. In: Domingo-Ferrer, J., Chan, D., Watson, A. (eds.) Proceedings of Smart Card Research and Advanced Applications, pp. 39–50. Kluwer Academic Press (2001)Google Scholar
  8. 8.
    Girault, M., Juniot, L., Robshaw, M.: The Feasibility of On-the-Tag Public Key Cryptography. In: RFIDsec 2007, Workshop Record (2007),
  9. 9.
    Girault, M., Lefranc, D.: Public Key Authentication with One (Online) Single Addition. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 413–427. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  10. 10.
    Girault, M., Poupard, G., Stern, J.: On the Fly Authentication and Signature Schemes Based on Groups of Unknown Order. Journal of Cryptology 19, 463–487 (2006)MathSciNetzbMATHCrossRefGoogle Scholar
  11. 11.
    Girault, M., Stern, J.: On the Length of Cryptographic Hash-Values Used in Identification Schemes. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 202–215. Springer, Heidelberg (1994)Google Scholar
  12. 12.
    Hämäläinen, P., Alho, T., Hännikäinen, M., Hämäläinen, T.D.: Design and Implementation of Low-Area and Low-Power AES Encryption Hardware Core. In: DSD, pp. 577–583 (2006)Google Scholar
  13. 13.
    ISO/IEC 9798: Information Technology – Security Techniques – Entity Authentication – Part 5: Mechanisms using Zero-Knowledge Techniques,
  14. 14.
    ISO/IEC 29192-4: Information Technology – Security Techniques – Lightweight Cryptography – Part 4: Public key techniques. Committee DraftGoogle Scholar
  15. 15.
    Jenkins, J., Mills, P., Maidment, R., Profit, M.: Pharma Traceability Business Case Report. BRIDGE white paper (May 2007),
  16. 16.
    Juels, A., Weis, S.A.: Authenticating Pervasive Devices with Human Protocols. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 293–308. Springer, Heidelberg (2005)Google Scholar
  17. 17.
    Lehtonen, M., Al-Kassab, J., Michahelles, F., Kasten, O.: Anti-counterfeiting Business Case Report. BRIDGE white paper (December 2007),
  18. 18.
    McLoone, M., Robshaw, M.J.B.: Public Key Cryptography and RFID Tags. In: Abe, M. (ed.) CT-RSA 2007. LNCS, vol. 4377, pp. 372–384. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  19. 19.
    McLoone, M., Robshaw, M.J.B.: New Architectures for Low-Cost Public Key Cryptography on RFID Tags. In: Proceedings of SecureComm 2005, pp. 1827–1830. IEEE Computer Society Press (2007)Google Scholar
  20. 20.
    Moradi, A., Poschmann, A., Ling, S., Paar, C., Wang, H.: Pushing the Limits: A Very Compact and a Threshold Implementation of AES. In: Paterson, K.G. (ed.) EUROCRYPT 2011. LNCS, vol. 6632, pp. 69–88. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  21. 21.
    National Institute of Standards and Technology. SP-800-67: Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher, Revision 1 (January 2012),
  22. 22.
    National Institute of Standards and Technology. FIPS 197: Advanced Encryption Standard (November 2001),
  23. 23.
    National Institute of Standards and Technology. FIPS 180-4: Secure Hash Standard (February 2011),
  24. 24.
    NXP Semiconductors. UCODE EPC G2 Data Sheet,
  25. 25.
    Poschmann, A.: Lightweight Cryptography - Cryptographic Engineering for a Pervasive World. Number 8 in IT Security. Europäischer Universitätsverlag, Published: Ph.D. Thesis, Ruhr University Bochum (2009)Google Scholar
  26. 26.
    Poschmann, A., Robshaw, M., Vater, F., Paar, C.: Lightweight Cryptography and RFID: Tackling the Hidden Overheads. In: Lee, D., Hong, S. (eds.) ICISC 2009. LNCS, vol. 5984, pp. 129–145. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  27. 27.
    Poupard, G., Stern, J.: Security Analysis of a Practical “On the Fly” Authentication and Signature Generation. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 422–436. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  28. 28.
    Sugawara, T., Homma, N., Aoki, T., Satoh, A.: High-performance ASIC implementations of the 128-bit block cipher CLEFIA. In: Proceedings of ISCAS 2008, pp. 2925–2928. IEEE (2008)Google Scholar
  29. 29.
    Virtual Silicon Inc. 0.18 μm VIP Standard Cell Library Tape Out Ready, Part Number: UMCL18G212T3, Process: UMC Logic 0.18 μm Generic II Technology: 0.18μm (July 2004)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • A. Poschmann
    • 1
  • M. J. B. Robshaw
    • 2
  1. 1.Nanyang Technological UniversitySingapore
  2. 2.Applied Cryptography Group, Orange LabsFrance

Personalised recommendations