90 research outputs found
Review of the NIST Light-weight Cryptography Finalists
Since 2016, NIST has been assessing lightweight encryption methods, and, in
2022, NIST published the final 10: ASCON, Elephant, GIFT-COFB, Grain128-AEAD,
ISAP, Photon-Beetle, Romulus, Sparkle, TinyJambu, and Xoodyak. At the time that
the article was written, NISC announced ASCOn as the chosen method that will be
published as NIST'S lightweight cryptography standard later in 2023. In this
article, we provide a comparison between these methods in terms of energy
efficiency, time for encryption, and time for hashing.Comment: 6 page
A Comprehensive Survey on the Implementations, Attacks, and Countermeasures of the Current NIST Lightweight Cryptography Standard
This survey is the first work on the current standard for lightweight
cryptography, standardized in 2023. Lightweight cryptography plays a vital role
in securing resource-constrained embedded systems such as deeply-embedded
systems (implantable and wearable medical devices, smart fabrics, smart homes,
and the like), radio frequency identification (RFID) tags, sensor networks, and
privacy-constrained usage models. National Institute of Standards and
Technology (NIST) initiated a standardization process for lightweight
cryptography and after a relatively-long multi-year effort, eventually, in Feb.
2023, the competition ended with ASCON as the winner. This lightweight
cryptographic standard will be used in deeply-embedded architectures to provide
security through confidentiality and integrity/authentication (the dual of the
legacy AES-GCM block cipher which is the NIST standard for symmetric key
cryptography). ASCON's lightweight design utilizes a 320-bit permutation which
is bit-sliced into five 64-bit register words, providing 128-bit level
security. This work summarizes the different implementations of ASCON on
field-programmable gate array (FPGA) and ASIC hardware platforms on the basis
of area, power, throughput, energy, and efficiency overheads. The presented
work also reviews various differential and side-channel analysis attacks (SCAs)
performed across variants of ASCON cipher suite in terms of algebraic,
cube/cube-like, forgery, fault injection, and power analysis attacks as well as
the countermeasures for these attacks. We also provide our insights and visions
throughout this survey to provide new future directions in different domains.
This survey is the first one in its kind and a step forward towards
scrutinizing the advantages and future directions of the NIST lightweight
cryptography standard introduced in 2023
Residual Vulnerabilities to Power side channel attacks of lightweight ciphers cryptography competition Finalists
The protection of communications between Internet of Things (IoT) devices is of great concern because the information exchanged contains vital sensitive data. Malicious agents seek to exploit those data to extract secret information about the owners or the system. Power side channel attacks are of great concern on these devices because their power consumption unintentionally leaks information correlatable to the device\u27s secret data. Several studies have demonstrated the effectiveness of authenticated encryption with advanced data, in protecting communications with these devices. A comprehensive evaluation of the seven (out of 10) algorithm finalists of the National Institute of Standards and Technology (NIST) IoT lightweight cipher competition that do not integrate built‐in countermeasures is proposed. The study shows that, nonetheless, they still present some residual vulnerabilities to power side channel attacks (SCA). For five ciphers, an attack methodology as well as the leakage function needed to perform correlation power analysis (CPA) is proposed. The authors assert that Ascon, Sparkle, and PHOTON‐Beetle security vulnerability can generally be assessed with the security assumptions “Chosen ciphertext attack and leakage in encryption only, with nonce‐misuse resilience adversary (CCAmL1)” and “Chosen ciphertext attack and leakage in encryption only with nonce‐respecting adversary (CCAL1)”, respectively. However, the security vulnerability of GIFT‐COFB, Grain, Romulus, and TinyJambu can be evaluated more straightforwardly with publicly available leakage models and solvers. They can also be assessed simply by increasing the number of traces collected to launch the attack
A Comprehensive Performance Analysis of Hardware Implementations of CAESAR Candidates
Authenticated encryption with Associated Data (AEAD) plays a significant role in cryptography because of its ability to provide integrity, confidentiality and authenticity at the same time. Due to the emergence of security at the edge of computing fabric, such as, sensors and smartphone devices, there is a growing need of lightweight AEAD ciphers. Currently, a worldwide contest, titled CAESAR, is being held to decide on a set of AEAD ciphers, which are distinguished by their security, run-time performance, energy-efficiency and low area budget. For accurate evaluation of CAESAR candidates, it is of utmost importance to have independent and thorough optimization for each of the ciphers both for their corresponding hardware and software implementations.
In this paper, we have carried out an evaluation of the optimized hardware implementation of AEAD ciphers selected in CAESAR third round. We specifically focus on manual optimization of the micro-architecture, evaluations for ASIC technology libraries and the effect of CAESAR APIs on the performances. While these has been studied for FPGA platforms and standalone cipher implementation - to the best of our knowledge, this is the first detailed ASIC benchmarking of CAESAR candidates including manual optimization. In this regard, we benchmarked all prior reported designs, including the code generated by high-level synthesis flows.
Detailed optimization studies are reported for NORX, CLOC and Deoxys-I. Our pre-layout results using commercial ASIC technology library and synthesis tools show that optimized NORX is 40.81% faster and 18.02% smaller, optimized CLOC is 38.30% more energy efficient and 20.65% faster and optimized Deoxys-I is 35.16% faster, with respect to the best known results. Similar or better performance results are also achieved for FPGA platforms
Security analysis of NIST-LWC contest finalists
Dissertação de mestrado integrado em Informatics EngineeringTraditional cryptographic standards are designed with a desktop and server environment in mind, so, with the
relatively recent proliferation of small, resource constrained devices in the Internet of Things, sensor networks,
embedded systems, and more, there has been a call for lightweight cryptographic standards with security,
performance and resource requirements tailored for the highly-constrained environments these devices find
themselves in.
In 2015 the National Institute of Standards and Technology began a Standardization Process in order to select
one or more Lightweight Cryptographic algorithms. Out of the original 57 submissions ten finalists remain, with
ASCON and Romulus being among the most scrutinized out of them.
In this dissertation I will introduce some concepts required for easy understanding of the body of work, do
an up-to-date revision on the current situation on the standardization process from a security and performance
standpoint, a description of ASCON and Romulus, and new best known analysis, and a comparison of the two,
with their advantages, drawbacks, and unique traits.Os padrões criptográficos tradicionais foram elaborados com um ambiente de computador e servidor em mente.
Com a proliferação de dispositivos de pequenas dimensões tanto na Internet of Things, redes de sensores e
sistemas embutidos, apareceu uma necessidade para se definir padrões para algoritmos de criptografia leve, com
prioridades de segurança, performance e gasto de recursos equilibrados para os ambientes altamente limitados
em que estes dispositivos operam.
Em 2015 o National Institute of Standards and Technology lançou um processo de estandardização com o
objectivo de escolher um ou mais algoritmos de criptografia leve. Das cinquenta e sete candidaturas originais
sobram apenas dez finalistas, sendo ASCON e Romulus dois desses finalistas mais examinados.
Nesta dissertação irei introduzir alguns conceitos necessários para uma fácil compreensão do corpo deste
trabalho, assim como uma revisão atualizada da situação atual do processo de estandardização de um ponto
de vista tanto de segurança como de performance, uma descrição do ASCON e do Romulus assim como as
suas melhores análises recentes e uma comparação entre os dois, frisando as suas vantagens, desvantagens e
aspectos únicos
An overview of memristive cryptography
Smaller, smarter and faster edge devices in the Internet of things era
demands secure data analysis and transmission under resource constraints of
hardware architecture. Lightweight cryptography on edge hardware is an emerging
topic that is essential to ensure data security in near-sensor computing
systems such as mobiles, drones, smart cameras, and wearables. In this article,
the current state of memristive cryptography is placed in the context of
lightweight hardware cryptography. The paper provides a brief overview of the
traditional hardware lightweight cryptography and cryptanalysis approaches. The
contrast for memristive cryptography with respect to traditional approaches is
evident through this article, and need to develop a more concrete approach to
developing memristive cryptanalysis to test memristive cryptographic approaches
is highlighted.Comment: European Physical Journal: Special Topics, Special Issue on
"Memristor-based systems: Nonlinearity, dynamics and applicatio
GIFT-COFB
In this article, we propose GIFT-COFB, an Authenticated Encryption with
Associated Data (AEAD) scheme, based on the GIFT lightweight block cipher and
the COFB lightweight AEAD operating mode. We explain how these two primitives
can fit together and the various design adjustments possible for performance and
security improvements. We show that our design provides excellent performances in
all constrained scenarios, hardware or software, while being based on a provably-secure
mode and a well analysed block cipher
- …