Efficient implementation of eSTREAM ciphers on 8-bit AVR microcontrollers

Abstract — This work is motivated by the question of how effi-cient modern stream ciphers in the eSTREAM project (Profile I) can be implemented on small embedded microcontrollers that are also constrained in memory resources. In response to this question, we present the first implementation results for Dragon, HC-128, LEX, Salsa20, Salsa20/12, and Sosemanuk on 8-bit microcontrollers. These ciphers are definitively free for any use, i.e., their use is not covered by intellectual property rights. For the evaluation process, we follow a two-stage approach and compare with efficient implementations of the AES block cipher. First, the C code implementation provided by the ciphers ’ designers was ported to an 8-bit AVR microcontroller and the suitability of these stream ciphers for the use in embedded systems was assessed. In the second stage we implemented Dragon, LEX, Salsa20, Salsa20/12, and Sosemanuk in assembler to tap the full potential of an embedded implementation. Our efficiency metrics are memory usage in flash and SRAM and performance of keystream generation, key setup, and IV setup. Regarding encryption speed, all stream ciphers except for Salsa20 turned out to outperform AES. In terms of memory needs, Salsa20, Salsa20/12, and LEX are almost as compact as AES. In view of the final eSTREAM portfolio (Profile I), Salsa20/12 is the only promising alternative for the AES cipher on memory constrained 8-bit embedded microcontrollers. For embedded applications with high throughput requirements, Sosemanuk is the most suitable cipher if its considerable higher memory needs can be tolerated