Content uploaded by Ankit Shah
Author content
All content in this area was uploaded by Ankit Shah on Jan 28, 2019
Content may be subject to copyright.
A Survey of Lightweight Cryptographic
Algorithms for IoT-Based Applications
Ankit Shah and Margi Engineer
1 Introduction
Lightweight cryptography is a developing term which secures the information in
an improved way utilizing low assets and giving higher throughput, conservative-
ness and having low power utilization. Likewise, cryptographic algorithms, the
lightweight cryptographic algorithms are additionally isolated into two sections:
Symmetric figures and Asymmetric figures. Pervasive figuring prevalently utilizes
lightweight symmetric block ciphers. Symmetric ciphers contain Block and Stream
Ciphers. They are intentionally utilized with gadgets and furthermore there are no
strict limitations to get classified into lightweight. Security, Cost, and Performance
are three noteworthy parts to deal with for each lightweight cryptographic architect. It
is very difficult to the three major design goals: security and cost, security and perfor-
mance, or cost and performance at once, while it is easy to optimize any one of them
[1]. Elements of symmetric ciphers are message integrity checks, encryption, entity
authentication and, etc., while non-repudiation and key management are moreover
functions provided by asymmetric ciphers. A few creators reasoned that in and pro-
gramming both Asymmetric ciphers [1] are computationally all the more requesting.
It is required the design is made with 1000–2000 gate equivalents (GE) in ISO/IEC
standard on lightweight cryptography [2]. This paper indicates lightweight algo-
rithms compared are executed on various hardware or software tools. The improved
aftereffects of particular algorithm vary from the platform, or application fluctuates.
Lightweight algorithms are for the most part utilized as a part of IoT innovation for
more model security with least memory and power utilization. This paper highlights
A. Shah
Plot. no 1284/1, Sector 2 A, Gandhinagar 382002, Gujarat, India
e-mail: shah_ankit101@yahoo.co.in
M. Engineer (B)
Plot no 107/1, Sector 2-a, Greenland Avenue, Gandhinagar 382002, Gujarat, India
e-mail: margiengineer@outlook.com
© Springer Nature Singapore Pte Ltd. 2019
S. Tiwari et al. (eds.), Smart Innovations in Communication and Computational
Sciences, Advances in Intelligent Systems and Computing 851,
https://doi.org/10.1007/978-981-13-2414-7_27
283
284 A. Shah and M. Engineer
the ideal classification of lightweight block cipher, stream ciphers, or even hash
functions based on their behavior on a performed platform.
The paper involves a presentation of IoT in Sect. 2. This is trailed by the Introduc-
tion of lightweight algorithms including symmetric, asymmetric and hash functions
in Sect. 3. After that survey about the lightweight algorithms is introduced in Sect. 4.
Lastly, with the conclusion of work, the paper is enclosed.
2 Introduction of IoT
In 1998 by Kevin Ashton, the expression “IoT” was introduced for the first time is a
future of internet and ubiquitous computing [3]. IoT is a shortening of “Internet of
Things.” IoT is an installed innovation in which “Things” are associated physically
and are accessed through the web. “Things” here can be anything like home appli-
ances, vehicles, machines, etc., which can speak with each-other without manual
help. This procedure of association between smart gadgets is referred as “machine-
to-machine” (M2M) communication [4]. Choices taken are influenced by enhanced
computing innovation in a protest which aids them to interact with the outside condi-
tion or inward states. It can help to make smarter choices by enhancing productivity,
use of benefits and improved process effectiveness. Because of support in complex
fields like WSN, distributed computation, automatic identification, etc., in view of
powerful and quick speed of Internet, Ubiquitous computing [4,5] has now turned
into a fact. The intention of IoT purposed is to certify whenever, anyplace, everything
and everybody sorts of connection [6]. In spite of the fact that having a few issues
like security and protection of clients, maintenance, communication, optimization,
execution, and legal rights, etc., it is the quickest developing innovation ever. The
features and services provided exceed the disadvantages of IoT. In this embedded
technology there are few building blocks of architecture: Sensors/actuators, Internet
gateways, Cloud/server framework and Big Data, lastly End users. The design of IoT
appears in the figure underneath (Fig. 1).
Fig. 1 Architecture of internet of things (IoT)
A Survey of Lightweight Cryptographic Algorithms … 285
3 Lightweight Cryptogrpahic Algorithms and Researched
Work
The primary goal of cryptography is to secure the information such that lone the
sender and beneficiary can determine and work the information and no other pariah
or intruder can perceive or operate it. To determine more satisfactory security with
the negligible utilization of equipment and the better-improved outcome, another
procedure is developed called “Lightweight Cryptography (LWC)” [6] which are
easy to execute on constrained devices. Lightweight cryptographic algorithms are
most reasonable for platforms like RFID (Radio Frequency Identification), WSN,
FPGA (Field Programmable Gate Array), etc. There is no particular requirement
to get fit in the lightweight algorithms yet, by and large, they think about more
modest key size, smaller block size, littler code measure, fewer clock cycles, and
so forth. The lightweight cryptographic calculation is for the most part of three
kinds Block cipher, Stream cipher, or Hash function. For more complex architecture
lightweight block cipher involves a keyed pseudo-random permutation which is later
utilized as building blocks. The two fundamental design standards of block ciphers
are Substitution-Permutation networks and Feistel cipher. For the most part, block
cipher does not utilize S-box their structures or may use little S-Box (PRESENT [7]),
yet some block cipher utilizes a nonlinear layer comprising in the parallel use of a
few limited nonlinear capacities called “bit-sliced S-box”, which are implemented
by some fundamental operations like XOR, AND, and OR. While Stream ciphers
produce a key stream which is XORed and can be dependent or independent, they are
called synchronous or asynchronous stream ciphers separately. They essentially uti-
lize Feedback Shift Registers (FSR) to constitute internal state easy to update. There
are two kinds of FSR: Linear FSR (LFSR) (HUMMINGBIRD [8]) and Nonlinear
FSR (NFSR) (Fruit v2 [9]). The shift registers having input bits as a linear function of
previous states is LFSR. There are different LFSR in like manner Fibonacci, Galois,
and Non-paired Galois. Similarly, NFSR is those shift registers whose input bit is
a nonlinear function of its previous state. These are generally utilized for RFID or
smart card applications. They involve more extensive security than LFSR against
cryptanalytic attacks. Some known developments used to generate algorithms are
Merkle-Demgård, Sponge, and JH-like (SPN-Hash). The most usually utilized con-
struction is Sponge otherwise called unkeyed permutation/P-Sponge (PHOTON [10]
QUARK [11] SPONGENT [12]) or random function/T-Sponge (GLUON) which was
invented in 2007 [13].
4 About Lightweight Algorithm
ISO/IEC 29192, Lightweight Cryptography [14], planning to give answers for
quickly developing applications that extensively utilize exceptional restricted power
constrained devices, lightweight cryptography is a subcategory of cryptography as
286 A. Shah and M. Engineer
guaranteed by NIST. Devices, for example, embedded frameworks, RFID, and WSN
are on the lower end of the range. The specific proposition is to utilize improvement
that results in designs with better balance amidst security, execution and resource
requirements for particular resource constraint environments [14]. Distinctive corre-
lation of hardware and software implementation is troublesome as a result of contrast
in measurements, measures of adequacy, and executing platform, in spite of the way
that there have been a few touchtone investigations of both equipment and program-
ming usage [15].
5 Survey of Algorithms
The listed lightweight algorithms which are compared with other algorithms and
were evaluated on different platforms are described here. ECC [1] a block cipher
was performed on AT94 k family FPGA and 8-bit microcontroller, was compared
to lightweight symmetric cryptographic algorithms which are PRESENT, DESXL,
HIGHT, CLEFIA, etc. Next is AES [6] another block cipher was implemented on
different platforms like AVR and GPU, etc., while comparison was done internally
and with previous work. Next is PRESENT [7] an ultra-lightweight block cipher
was implemented on Mentor graphics FPGA advantage 8.1, three different architec-
tures: Round-based, Pipelining technique, and Serialized, was implemented which
output was compared with AES, SEA, and ICEBERG algorithms, and as a result
round-based architecture was preferable for RFID and new arriving technologies.
Hummingbird [8] is a hardware dependent ultra-lightweight block cipher was imple-
mented on the microcontroller ATAM893-D of Atmel MARC4 and was compared
to PRESENT, where it succeeds to prove better than PRESENT on target platform,
but need to work on side channel attack in future. From the list, the next is PHO-
TON [10], a hash function was compared to KECCAK-200, KECCAK-400, and
SPONGENT when implemented on Xilinx Spartan 6 FPGA, where SPONGENT
implementation produce the highest throughput/area ratio and PHOTON displayed
more adequate scalability in area but lowest throughput in field. DESL [16] another
block cipher, is the lightweight version of DES (Data Encryption Standard) which
stood out robust against many attacks of DES (types of linear cryptanalysis), was
implemented on Synopsis Design Vision. It was compared to DES, DESX, DESXL,
and AES which concludes that DESL is better for RFID tags by giving minimum gate
equivalence comparatively. HIGHT [17], block cipher was compared internally with
FPGA scalar and FPGA pipelined architecture on Verilog, Quartus, and Cyclone-
II. Comparing both, scalar design requires 18% less resources and 10% less power
while pipeline design has 18 times higher throughput and 60% less energy con-
sumption [17]. TEA [18] Tiny encryption algorithm is a block cipher based on ARX
(Addition/Rotation/XOR) design, a server selection algorithm having two models:
Multi-level power consumption with multiple CPU’s and Multi-Level Computation
with multiple CPU’s was compared to SEA, GEA, Round Robin, and EA. Where
it comes out to be second best to obtain energy efficient server. The next is LEA
A Survey of Lightweight Cryptographic Algorithms … 287
[19] Lightweight encryption algorithm, a block cipher was implemented on Verilog,
Xilinx Virtex 5 series and Altera Cyclone-III series. It was compared to PRESENT,
Hummingbird, Ktantan, DESL, AES, and LED (Lightweight Encryption Device).
Authors proposed two design for hardware implementations: area and speed-opt
design, which concludes that speed-opt version is very effective though not best
among throughput/area but it is best in throughput. After that Simon [20] block
cipher was implemented on ASIC application with the help of FPGA Xilinx Spartan
3, AVR ATmega 128 and MSP 430 microcontrollers, Intel Xeon E5640, and Samsung
Exynos 5 dual. When it was compared to AES, PRESENT, SPECK, TWINE, and
PRINCE, it was concluded that Simon and Speck are ideal for use with heterogeneous
networks, they are better in implementation than AES and also very efficient to work
with. Another block cipher SPECK [21] was executed by adopting the Matsuii’s algo-
rithm to find best differential and linear trails in ARX ciphers. It was implemented on
Phoenix Contact ILC 350-PN controller, and WorX automation software Operating
System. Different variants of speck were compared, i.e., Speck 32/48/64/96/128. In
the end two new primitives were proposed MARX and SPECKEY which fulfills
Markov’s assumption and contain certain bounds against single-trail differential and
linear cryptanalysis. The last algorithm of the table TWINE [22] variants 64/80/128-
bit block size was implemented on both hardware and software. It was compared to
AES, PRESENT, HIGHT, and Piccolo. It is designed to fit extremely small hardware,
still it manages to give effective results on software. It is robust to many attacks but,
Impossible differential cryptanalysis and Saturation cryptanalysis exploit the key
schedule in TWINE-80/128 (Table 1).
ECC Elliptic Curve Cryptography, GE Gate Equivalents, H/w Hardware, S/w
Software, AES Advance Encryption Standard, SPE Synergistic Processing Elements,
ENC Encryption, DEC Decryption, SEA Scalable Encryption Algorithm, TEA Tiny
Encryption Algorithm, LEA Link Encryption Algorithm, DESL Data Encryption
Standard Lightweight, GEA GPRS Encryption Algorithm, RR Round Robin.
288 A. Shah and M. Engineer
Tabl e 1 Lightweight cryptographic algorithms
Sr.
no.
Algorithm name Measurement Dependency Application Tools Compared with Comments
1. ECC [1]10,114 GE, 14.1 ms
in GF(2113)
H/w Pervasive computing AT94 K microchip
FPGA, GF(2 m)
(Galois fields)
Symmetric
cryptographic
algorithms
Hardware-Software
co-design proposed,
asymmetric requires
comparatively larger
chips. But performs
well
2. AES [6]SPE: 11.7
cycles/byte (ENC),
14.1 cycles/byte
(DEC), NVIDIA
8800 GTX: 0.94 C/b
(ENC)
S/w Not given 8-bit AVR
microcontrollers,
NVIDIA GPU, Cell
Broadband Engine
architecture
Hardware result
comparison with
already achieved
results
AES-128 is
successfully
implemented on 3
different platform,
implementation on
GPU with T-table is
different approach
3. PRESENT [7]Minimal data-path
1,000 GE, Round
data-path 1561 GE,
many other with
different architecture
H/w RFID Mentor Graphics
FPGA Advantage
8.1, Synopsys
Design Compiler
Z-2007.03-SP5, cell
libraries: 350 nm
MTC45000 AMIS,
250 nm
SESAME-LP2 IHP,
180 nm
UMCL18G212D3
UMC
AES, SEA,
ICEBERG
Different
architecture:
Round-based
data-path, Pipelined
and minimal
data-path, for RFID
and new technology
round-based is more
4. HUMMINGBIRD
[8]
2.89 ms (ENC) and
10.4 ms (DEC)
H/w RFID tags 4-bit ATAM893-D
microcontroller of
Atmel MARC4
PRESENT Security solution to
active and passive
RFID tags, Better
than PRESENT on
this platform
(continued)
A Survey of Lightweight Cryptographic Algorithms … 289
Tabl e 1 (continued)
Sr.
no.
Algorithm name Measurement Dependency Application Tools Compared with Comments
5. PHOTON [10]Frequency (MHz)
KECCAK-
200/160/40:
144 MHz,
KECCAK-
400/160/80:
153 MHz,
PHOTON-
256/32/32: 83 MHz,
SPONGENT-
256/512/256:
129 MHz
H/w RFID tags Xilinx Spartan 6
FPGA
SPONGENT,
KECCAK-200,
KECCAK-400
Round function have
major effect on
algorithms.
Throughput/area
wise PHOTON
comes last while
SPONGENT is best.
But PHOTON have
sustainable
scalability
6. DESL [16]1848 GE, 144
cycles/block
H/w RFID Synopsys Design
Vis io n
V-2004.06-SP2,
Synopsys NanoSim,
Sage-X Standard
Cell Library and
Cadence Silicon
Ensemble 5.4
AES-128, HIGHT Robust to many
vulnerable attacks of
DES, better for
RFID tags, having
minimal GE counts
7. HIGHT [17] Scalar: 18% less
resources and 10%
less power, Pipeline:
16% less energy and
18 times higher
throughput
H/w RFID using FPGA VerilogTM,Altera
FPGA Quartus-IITM,
FPGA cyclone-II
FPGA Scalar and
FPGA pipeline
architecture
TwodesignofHight:
Scalar and pipeline
design are
implemented and
compared
(continued)
290 A. Shah and M. Engineer
Tabl e 1 (continued)
Sr.
no.
Algorithm name Measurement Dependency Application Tools Compared with Comments
8. TEA [18]Total electric energy
consumption:
5100–5500 KWs,
Average execution
time of processes:
7.8–8.5 time unit
S/w Energy-aware server
selection algorithms
in a scalable cluster
Sybase and SQL
Database,
multi-level power
consumption
(MLPC) model and
the multi-level
computation
(MLC)model with
CPU’s
SEA, GEA, EA, RR Tot a l ene rgy
consumption of
GEA is minimum,
TEA is second best
to find energy
efficient sever
9. LEA [19]Xilinx Virtex 5:
LEA-256 0.22
throughput/area in
Area 2, Altera
Cyclone-III:
LEA-256 Area-1
0.15 throughput/area
S/w RFID using FPGA’s Register Transfer
Level (RTL) in
Verilog, Xilinx
Vir te x 5 se ri es and
Altera Cyclone-III
series, synthesized
using Quartus-II
11.1sp2, Synopsys’s
Design Compiler
B-2008-09.SP5,
UMC 0.13 µm tech
library
PRESENT,
Hummingbird,
Ktantan, DESL,
AES, LED
Speed-opt version is
very effective though
not best (but in
higher position)
among
throughput/area but
it is best in only
throughput output
(continued)
A Survey of Lightweight Cryptographic Algorithms … 291
Tabl e 1 (continued)
Sr.
no.
Algorithm name Measurement Dependency Application Tools Compared with Comments
10. Simon [20] Low-latency
encrypt-only
implementations:
Simon-5072 GE ans
Speck-6377 GE
H/w ASIC application FPGA Xilinx
Spartan-3, Assembly
implementations on
the 8-bit AVR
ATmega128 and
16-bit MSP430
microcontrollers,
Intel Xeon E5640,
32-bit Samsung
Exynos 5 dual
AES, PRESENT,
SPECK, TWINE,
PRINCE
Simon and Speck
ideal for use with
heterogeneous
networks, better in
implementation than
AES. Very efficient
to work with
11. SPECK [21] PLC data v.1:
Encryption time
(ms): Simon-34,
Speck-17; PLC data
v.2: Encryption time:
Simon-68, Speck-27
S/w Not given Phoenix Contact ILC
350-PN
controller,.NET 4.2
framework,
programmable
according to IEC
61131 using the PC
Wor X
Speck and Simon 32,
48, 64, 96, 128
Implemented on
PLC based on
SCADA system.
Two data types are
used BYTE 3 and
DWORD
12. TWINE [22]Hardware:
Encryption-1,503
GE, Software:
Encryption-1,011
GE
H/w Not given Software:
ATmega163, Intel
CPU with SSSE.
Hardware: Synopsys
DC Version
D-2010.03-SP1-1
AES, PRESENT,
HIGHT, Piccolo
Impossible
differential
cryptanalysis and
Saturation
cryptanalysis exploit
the key schedule in
TWINE-80/128
292 A. Shah and M. Engineer
6 Conclusion
In this paper, the data about algorithms gives enough content to decide the algo-
rithm appropriate for chose applications. The majority of the algorithms are having a
dependency on hardware, so with even ultra-constrained devices, they will perform
well. While few are software-dependent algorithms, however that does not mean
they will not perform well on hardware, results of all specified algorithms may differ
as indicated by the adjustments in hardware/software and furthermore the applica-
tion. There are no settled outcomes for any algorithm whether in speed, cycles or
throughput. A few algorithms are capable and secure for RFID and IoT applica-
tions. Numerous algorithms resist different attacks like: Man-in-the-center attack,
Differential attacks, and key-IV attack, etc. Conclusively this paper wraps up with
proficient data for choosing fitting algorithm and Hardware/Software for a particular
application. Future analysts can work on different lightweight algorithms by utilizing
heterogeneous platforms of hardware and software and can look at those algorithms
utilizing parameters like clock cycles, speed, memory, frequency, latency, etc., to
discover the proficiency and optimization of algorithms.
References
1. Eisenbarth, T., Kumar, S., Paar, C., Poschmann, A., Uhsadel, L.: A survey of Lightweight
Cryptography Implementation. IEEE Design and Test of Computers, New York (2007)
2. Bansod, G., Raval, N., Pisharoty, N: Implementation of a new lightweight encryption design
for embedded security. In: IEEE Transactions on Information Forensics and Security (2013)
3. Wu, M. et. al.: Research on the architecture of Internet of things. In: The Proceedings of
3rd International Conference on Advanced Computer Theory and Engineering, 20–22 Aug,
Beijing, China, (2012)
4. Gaitan, N.-C., Gaitan, V.G., Ungurean, I.: A survey on the internet of things software architec-
ture. Int. J. Adv. Comput. Sci. Appl. (IJACSA) 6(12) (2015)
5. Singh, D., Tripathi, G., Jara, A.J.: A survey of internet-of-things: future vision, architecture,
challenges and services. IEEE Word Forum on Internet of Things (WF-IoT) (2014)
6. Bos, J.W., Osvik, D.A., Stefan, D.: Fast implementations of AES on various platforms. IACR
(2009)
7. Rolfes, C., Poschmann, A., Leander, G., Paar, C.: Ultra-Lightweight Implementations for Smart
Devices—Security for 1000 Gate Equivalents. Springer, Germany (2008)
8. Fan, X., Hu, H., Gong, G., Smith, E.M., Engels, D.: Lightweight Implementation of Humming-
bird Cryptographic Algorithm on 4-Bit Microcontrollers. IEEE (2009)
9. Ghafari, V.A., Hu, H., Chen, Y.: Fruit-v2: ultra-lightweight stream cipher with shorter internal
state. Int. Assoc. Cryptol. Res (IACR) (2016)
10. Jungk, B., Lima, L.R., Hiller, M.: A Systematic Study of Lightweight Hash Functions on
FPGAs. IEEE (2014)
11. Aumasson, J.-P., Henzen, L., Meierm, W., Naya-Plasencia, M.: Quark: a lightweight hash.
CHES (2010)
12. Bertoni, G., Daemon, J., Peeters, M., Van Assche, G.: Sponge Functions, ECRYPT hash work-
shop (2007)
13. Panasenko, S., Smagin, S.: Lightweight cryptography: underlying principles and approaches.
Int. J. Comput. Theory Eng. 3(2011)
A Survey of Lightweight Cryptographic Algorithms … 293
14. McKay, K.A., Bassham, L., Turan, M.S., Mouha, N.: Report on lightweight Cryptogaphy.
National Institute of Standards and Technology Internal Report 8114 (2017)
15. Diehl, W., Farahmand, F., Yalla, P., Kaps, J.-P., Gaj, K.:Comparison of Hardware and Software
Implementations of Selected Lightweight Block Ciphers. IEEE (2017)
16. Leander, G., Paar, C., Poschmann, A., Schramm, K.: New lightweight DES variants. Int. Assoc.
Cryptol. Res. (2007)
17. Mohd1, B.J., Hayajneh, T., Khalaf, Z.A., Yousef, K.M.A.: Modeling and optimization of the
lightweight HIGHT block cipher design with FPGA implementation. Security and Communi-
cation Networks. Wiley (2016)
18. Kataoka, H., Sawada, A., Duolikun, D., Enokido, T.: Energy-aware server selection algorithms
in a scalable cluster. In: International Conference on Advanced Information Networking and
Applications. IEEE (2016)
19. Lee, D., Kim, D.-C., Kwon, D., Kim, H.: Efficient Hardware Implementation of the Lightweight
Block Encryption Algorithm LEA. Sensors (2014)
20. Beaulieu, R., Shors, D., Smith, J., Treatment-Clark, S., Weeks, B., Wingers, L.: Simon and
Speck: Block Ciphers for the Internet of Things. NIST Lightweight Cryptography (2015)
21. Duka, A.V., Genge, B.: Implementation of SIMON and SPECK Lightweight Block Ciphers
on Programmable Logic Controllers. IEEE (2017)
22. Suzaki, T., Minematsu, K., Morioka, S., Kobayashi, E.: TWINE: A Lightweight Block Cipher
for Multiple Platforms. Springer (2012)