Page 1
26 P. Nandhini, Dr. V.Vanitha
International Journal of Innovations & Advancement in Computer Science
IJIACS
ISSN 2347 – 8616
Volume 6, Issue 1
January 2017
A Study of Lightweight Cryptographic Algorithms for IoT
P. Nandhini1, Dr.V.Vanitha
2
PG Scholar1, Professor
2
Department of Computer Science and Engineering,
Kumaraguru College of Technology, Coimbatore,
Tamilnadu, India.
ABSTRACT: The life is changing tremendously,
especially in information technology, data innovation
and the needs of security system to protect data are
becoming crucial. The Smart objects like smart cards,
RFID tags and sensor nodes that are used for smart
electricity meters public transport and anti-
counterfeiting is become the main point for Internet of
things and embedded systems. Hence, the choice of
security algorithms of resource-limited devices by
consideration the implementation costs, amount of power
and Symmetric-key algorithms. Especially block ciphers
still play an important role for the security of the Smart
objects. For security and performance concerns,
typically sensors are equipped with hardware
implementation of AES-128. But for resource-
constrained devices, AES could be too expensive. So a
compact hardware and software efficient block cipher
could be the most promising candidate for security in
such those devices. Therefore a new branch of
cryptography called lightweight cryptography with major
idea in finding a compromise between low resource
requirements, performance and strength of
cryptographic primitives. Here branch of the modern
lightweight cryptography like HISEC, OLBCA, PRINCE,
PRINT, PRESENT , KLEIN, TWINE are discussed
through following factors algorithm specifications,
cryptanalysis.
Keywords: PRESENT, LBlock, TWINE, KLEIN,
MIBS, LED, PRINCE, Piccolo, ITUbee, EPCBC,
PRINT cipher, RFID, IOT
1. INTRODUCTION
IoT[1] is an emerging technology in this expanding
era of smart things. Smart things can be any
physical objects like phone, laptop, refrigerator,
AC, charger and many more. IoT can be defined as
a network of uniquely identifiable, accessible, and
manageable smart things that are capable of
communication, computation and ultimate decision
making. Things in IoT can be connected using
wireless connections. IoT is an integrated part of
Future Internet and could be defined as a dynamic
global network infrastructure with self configuring
capabilities based on standard and interoperable
communication protocols where physical and
virtual „things‟ have identities, physical attributes,
and virtual personalities and use intelligent
interfaces, and are seamlessly integrated into the
information network.
The IoT requires components to enable
communication between devices and objects.
Objects need to be augmented with an Auto-ID
technology, typically an RFID tag[2], so that the
object is uniquely identifiable. RFID tag allows the
object to wirelessly communicate certain types of
information, which leads us to another requirement
– the ability to monitor data.
RFID tags can be passive, active, or battery-assisted
passive tags .An active tag has an onboard battery
and periodically transmits its ID signal and stored
information. An active reader‟s working range can
be adjusted from 1m to tens of meters, allowing
flexibility in applications such as asset supervision
and management. Owing to its multi object
recognition, non line of sight, and high cost-
effectiveness, RFID has been widely used for
indoor localization to IoT real-time locating
applications.
The real-life risks and services provided by RFID
systems are best protected by cryptographically
secure Light weight algorithms. The main risks and
services addressed by the deployment of
cryptographically secure RFID tags include
1. Counterfeit goods. Cryptography is used to
make RFID tags difficult to clone or modify. The
entire counterfeit aircraft engines; the risks and
liability issues involved are difficult to even
measure.
Page 2
27 P. Nandhini, Dr. V.Vanitha
International Journal of Innovations & Advancement in Computer Science
IJIACS
ISSN 2347 – 8616
Volume 6, Issue 1
January 2017
2. Secure logging. Tamper resistant recording of
environmental information such the temperature is
vital in supply chain management of products such
as fresh goods and medical supplies.
3. Privacy protection. The Electronic Product
Code (EPC) used in Gen2 differs from product bar
codes in that it is indeed unique. It may be used to
track an individual tag. This cause raise in serious
privacy issues if such tags are attached to personal
items. Therefore the RFID tag should also identify
the reader as trusted before traceable information.
4. Antitheft. Data is written to the tag to indicate to
an exit portal whether or not that item has been
sold. Persistent memory write and locking
operations must be protected to prevent theft.
5. Returns. When a tag is returned to a store or
manufacturer an authenticated reset/write
mechanism allows it to be reused. The tags maintain
some amount of persistent memory; read, write and
lock operations to this memory must be
authenticated to prevent tamper and unauthorized
modification. Authenticated reads allow data to be
visible only for the tags owner.
1.1 Lightweight Cryptography
Lightweight cryptography[5] is a cryptographic
algorithm tailored for implementation in
constrained environments including RFID tags,
sensors, contactless smart cards, health-care devices
and so on. In hardware implementations, chip size
and energy consumption are the important measures
to evaluate the lightweight properties. In software
implementations, the smaller code and/or RAM size
are preferable for the lightweight applications.
The implementation properties, the lightweight
primitives are superior to conventional
cryptographic ones. Lightweight cryptography also
delivers adequate security. Lightweight
cryptography does not always exploit the security-
efficiency trade-offs. The report of recent
technologies of lightweight cryptographic
primitives. Nowadays, in the area of lightweight
block cipher some of the lightweight block ciphers
are proposed, such as PRESENT, LBlock, TWINE ,
KLEIN, MIBS, LED, PRINCE, Piccolo, ITUbee ,
EPCBC, PRINT cipher and RECT- ANGLE[3].
Structures of these lightweight ciphers as like
traditional block ciphers are generally developed
into two main classical structures: SPNs and
Feistel-type structures.
The SPN structure[6] is developed using round
function on the whole data block. The slow
diffusion of the traditional Feistel- type structures
has some security problems. Therefore, to solve
these problems the ciphers in traditional Feistel-type
structures a lot of rounds in contrast to the ciphers
based on SPNs is needed; thus, this increases
energy consumption. Nevertheless, compared to
SPNs, the traditional feistel-type structures have
more features.
It has a small and simple round function.
It has the same program for encryption and
decryption processes to reduce decryption
implementation cost.
Why is lightweight cryptography needed for
IoT?
“Lightweight Cryptography”, in the IoT needed for
two reasons:
1. Reliability of end-to-end communication:
In order to achieve end-to-end security, end nodes
have an implementation of a symmetric key
algorithm. For the low resource-devices, e.g.
battery-powered devices, the cryptographic
operation with a limited amount of energy
consumption is important..
2. Applicability to lower resource devices: The lightweight cryptographic primitives are
smaller than the conventional cryptographic ones.
The lightweight cryptographic primitives would
open possibilities of more network connections with
lower resource devices. However, lowest cost
devices can embed only application-specific ICs
due to limited cost and power consumption, where
hardware properties are crucially important.
2. ANALYSIS OF CRYPTOGRAPHIC
ALGORITHM
2.1 SIMON
The Simon[7] block cipher follows a
balanced Feistel cipher with an n-bit word, and
therefore the block length is 2n. The key length is a
multiple of n by 2, 3, or 4, which is the value m.
The implementation of Simon cipher is denoted as
Simon2n/nm. For example, Simon64/128 refers to
the cipher operating on a 64-bit plaintext block
(n=32) that uses a 128-bit key. Though the key
generation logic is dependent on the implementation
of 2, 3 or 4 keys, the block component of the cipher
is uniform between the Simon implementations.
Page 3
28 P. Nandhini, Dr. V.Vanitha
International Journal of Innovations & Advancement in Computer Science
IJIACS
ISSN 2347 – 8616
Volume 6, Issue 1
January 2017
The round functions for Simon 2n and Speck 2n
each take as input of n-bit round key k, together
with two n-bit intermediate cipher text words. For
Simon, the round function is the 2-stage Feistel map
Rk (x, y) = (y ⊕ f (x) ⊕ k, x),
where f (x) = (Sx &S8
x) ⊕ S2
x and k is the round
key.
For Speck, the round function is the (Feistel based)
map
Rk (x, y) = ((S−α
x + y) ⊕ k, Sβ
y ⊕ (S−α
x + y) ⊕ k),
with α = 7 and β = 2 as rotation amounts if n = 16
(block size = 32) and α = 8 and β = 3 otherwise.
Simon superior performance in software is due in
part to the fact that it‟s possible to implement it
entirely with in-place operations, and so moves are
unnecessary. This can be seen for a round of Simon:
x = RCS ( x , α ) x = x + y x = x ⊕ k y = LCS ( y , β ) y
= y ⊕ x
Simon requires some moves, because multiple
operations are done on a single word of
intermediate ciphertext, and copies need to be
made. This fact (combined with the fact that Simon
uses a weaker nonlinear function than Speck, and so
more rounds are required), makes Simon
outperform in software.
2.2 KLEIN:
KLEIN[8] is a family of block ciphers, with a fixed
64-bit block size and variable key length - 64, 80 or
96-bits. According to the different key length, will
denote the ciphers by KLEIN-64/80/96,
respectively. The key length and the block size are
two important factors for a block cipher in the
trade-offs between security and performance. As
considering the performances issues in key registers
low-resource implementations and intermediate
results have a significant effect on its footprint.
Moreover, in ubiquitous computing, data flows are
unlikely to be a high-speed throughput, for which of
large block size or key length might be
unnecessarily for data encryption and
authentication.
Fig 1 : grouping and subgrouping of S-Box
For security reason, key lengthof 64-bit might be
vulnerable if one considers attack models based on
pre-computation and large amounts of available
storage. The recommend KLEIN-64 to be used for
constructing hash functions of single (double) block
length or message authentication codes and KLEIN-
80 and KLEIN-96 to be used for data encryption in
any of the operation modes. The structure of
KLEIN is a typical Substitution-Permutation
Network (SPN), which is also used in many
advanced block ciphers, e.g. AES and PRESENT.
In our first estimation for obtaining a reasonable
security margin and asymmetric iteration, choose
the number of rounds NR as 12/16/20 for KLEIN-
64/80/96 respectively.
A high-level description of the KLEIN encryption
routine is as follows
sk1 Ã KEY;
STATE Ã PLAINTEXT;
for i = 1 to NR do
Add RoundKey(STATE; ski);
Sub Nibbles(STATE);
Rotate Nibbles(STATE);
Mix Nibbles(STATE);
ski+1 = Key Schedule(ski; i);
end for
CIPHERTEXT Ã
AddRoundKey(STA E; skNR+1)
Note that many lightweight block ciphers are
proposed to use only the filter counter mode and
hence, the implementation costs of decryptions can
be avoided. In the design of KLEIN, its lightweight
property should also take the decryption algorithm
into consideration without fixing on any cipher
mode.
2.3 PICOLO
Piccolo[9] is a 64-bit block cipher supporting 80
and 128-bit keys. The 80 and the 128-bit key mode
are referred as Piccolo-80 and Piccolo-128,
respectively. Both ciphers consist of a data
processing part and a key scheduling part. The
differences between two key modes lie in the
number of rounds for the data processing part and
the key scheduling part.
Page 4
29 P. Nandhini, Dr. V.Vanitha
International Journal of Innovations & Advancement in Computer Science
IJIACS
ISSN 2347 – 8616
Volume 6, Issue 1
January 2017
Fig 2: Sponge Construction for 4 block padded message
Algorithm
Gr(X(64),wk0, ...,wk3, rk0, ..., rk2r−1) :
X0(16)|X1(16)|X2(16) |X3(16) ← X(64)
X0 ← X0 wk0, X2 ← X2 wk1
for i ← 0 to r − 2 do
X1 ← X1 F(X0) r k2i, X3 ← X3 F(X2)
rk2i+1 X0|X1|X2|X3 ← RP(X0|X1|X2|X3)
X1 ← X1 F(X0) rk2r−2, X3 ← X3 F(X2) r
k2r−1
X0 ← X0 wk2
A permutation based key schedule which can
significantly reduce the required number of gates.
For instance, the registers for storing keys are not
required and it leads the almost same gate
requirement for each key size, in contrast to a key
schedule requiring key state. While the drawback is
security concern, by carefully choosing the
permutation, it has enough immunity against attacks
exploiting weakness of the key schedule such as
related-key differential and MITM attacks.
Note that, in our evaluation, key inputs are not
required to be hard-wired, but are assumed to hold
its values during the block operation. A permutation
based key schedule which can significantly reduce
the required number of gates. For instance, the
registers for storing keys are not required and it
leads the almost same gate requirement for each key
size, in contrast to a key schedule requiring key
state.
While the drawback is security concern, by
carefully choosing the permutation, it has enough
immunity against attacks exploiting weakness of the
key schedule such as related-key differential and
MITM attacks. Note that, in our evaluation, key
inputs are not required to be hard-wired, but are
assumed to hold its values during the block
operation.
Fig 3: Architecture of PICOLO and its components
Active F-function Each differentially/linearly
active F-function reduces differential/linear
probability ⇒ minimum number of active F-
function implies the security against differential
and linear type attacks Counted the number of
active F-functions by exhaustively searching all
possible differential/linear trails
2.4 BORON
BORON[10] is a substitution permutation network
which has a total of 25 rounds. The block length is
64 bits and supports 80 and 128-bit key lengths.
BORON consists of an S-box which acts as a
nonlinear layer followed by a block shuffle of 4
bits. The shuffle bits are fed to the round
permutation „XOR‟ operation are followed by a
Twenty-five different keys are generated from the
80/128 bit key register and these are applied in each
round of the BORON cipher. One extra key will be
generated which will be „XOR-ed‟ to produce the
final cipher text.
Pseudo code for the BORON cipher is given as:
A = a63 ...a0
RoundKeys()
for i = 0 to 24 do
Add_round_key (A , Ki)
S_Box_Layer (A)
Block_Shuffle (A)
Round_Permutation(A)
Xor_Operation(A)
End for
Add_round_key (A, K25)
Page 5
30 P. Nandhini, Dr. V.Vanitha
International Journal of Innovations & Advancement in Computer Science
IJIACS
ISSN 2347 – 8616
Volume 6, Issue 1
January 2017
Fig4: Permutation rounds in BORON
The Design criteria of the S-box, which have used
in designing of the BORON Cipher, is given below,
1. For any nonzero input difference A ∈ F and
output differences B ∈ F2 respectively have:
DC (A, B) = # {a + F24 |S (a) - S (a⊕A) =B}≤ 4
2. For any nonzero input differences �A∈ F2 and
output differences �B ∈ F2 such that
Hw(�A) =Hw(B) = 1, where Hw(x) denote
Hamming weight of x, have:
SetDC = DC (�A, �B) = # {a + F24 |S (a) S
(a+�A) =�B} = 0
Cardinality of SetDC can be given as CarDC, have:
CarDC = 0.
Z output mask such that B ∈ F2 4 so have:
LC (A, B) LC (A, B) = # {a ∈ F24|A • a = B • S(a)}
- 8| ≤ 4
4. For any nonzero input mask A∈ F24 and output
mask such that B ∈ F24, such that
Hw(A) = Hw(B) = 1, have: SetLC = LC (A, B) =
#{x ∈ F24|A • x = B • S(x)} - 8| ≠0Cardinality of
SetLC can be given as CarLC, have: CarLC = 4.
5. Bijective i.e. S (a) ≠ S(b) for all values of a ≠b.
6. No static point i.e. S (a) ≠ a for all values of a∈
F24.Strength of the S-box depends on cardinality,
for example in the case of PRESENT cipher S-box
2.5 KATAN
KATAN[11] is a family of lightweight block
ciphers consists of three ciphers denoted by
KATANn for n = 32, 48, 64 indicating the block
size. All instances accept a 80-bit key. KATANn
has a state of n bits consisting of two non-linear
feedback shift registers. For n = 32, the registers
have lengths 13 and 19, respectively. They are
initialized with the plaintext:
The key is expanded to 508 bits according to the
linear recursion
ki+80 = ki + ki+19 + ki+30 + ki+67, 0 _ i < 428,
where k0, . . . , k79 are the bits of k. At each round
of the encryption process two consecutive bits of
the expanded key are used. The round updates
further depend on a bit ci. The sequence of ci is
produced by an 8-bit linear feedback shift register
which is used as a counter. It is initialized by
(c0, . . . , c7) = (1, . . . , 1, 0) and expanded
according to
ci+8 = ci + ci+1 + ci+3 + ci+5.
Round i corresponds to the following
transformation of the state:
t1 s31 + s26 + s27s24 + s22ci + k2i
t2 s18 + s7 + s12s10 + s8s3 + k2i+1
(s0, . . . , s18) (t1, s0, . . . , s17)
(s19, . . . , s31) (t2, s19, . . . , s30)
After 254 rounds, the state is output as the cipher
text. All three members of the KATAN family use
the same key expansion and the same sequence of
ci. The algebraic structure of the non-linear update
functions is the same. They differ in the length of
the registers and the tap positions. All members
perform 254 rounds, but for KATAN48 the non-
linear registers are updated twice per round and for
KATAN64 even thrice (using the same ci and ki for
all updates at the
same round).
Attack Procedure
Given a plaintext / cipher text pair (p, c) an attacker
proceeds as follows:
1. Compute a list of 2d values qv obtained by
encrypting p through the rounds 0 to s − 1 under
key k _ v for v 2 V .
2. Compute a list of 2d values qu obtained by
decrypting c through the rounds N − 1 to N − s
under the key k _ u for u 2 U.
3. For each pair (qu, qv) check if qu decrypts to qv
through the rounds N −s+1 to s under key k _ u _ v.
If yes, save k _ u _ v as a candidate key. Check
candidate keys with one or two additional text pairs.
2.6 LBLOCK
LBlock[12] is a new lightweight block cipher uses
80-bit keys and 64-bit blocks and is based on a
modified 32- round Feistel structure. The modified
Feistel round of L Block (the numbering
Page 6
31 P. Nandhini, Dr. V.Vanitha
International Journal of Innovations & Advancement in Computer Science
IJIACS
ISSN 2347 – 8616
Volume 6, Issue 1
January 2017
corresponds with the nibble ordering notation). The
round function F first computes Xi _ki and then
applies a transformation S (composed of 8 parallel
applications of 8 different 4-bit bijective S-boxes)
and a permutation P (that exchanges the places of
the permutation P seen as nibble level. The key
schedule takes as input a master key K seen as a key
register and outputs 32 round sub keys ki. It repeats
the following steps for i = 1 to 31 knowing that k1
is initialized with the 32 leftmost bits of the key
register K:
K <<< 29
[K79K78K77K76]=S9[K79K78K77K76]
where S9 is the ninth S-box.
[K75K74K73K72]=S8[K75K74K73K72]
where S8 is the eighth S-box.
[K50K49K48K47]=[K50K49K48K47] _ [i]2
ki+1 is selected as the leftmost 32 bits of the
key register K.
2.7 TWINE
TWINE[14] is a 64-bit block cipher with two
supported key lengths, 80 and 128 bits. If the key
length is needed to be specified, write TWINE-80
or TWINE-128 to denote the corresponding version.
The global structure of TWINE is a variant of Type-
2 GFS with 16 4-bit sub-blocks. Given a 64-bit
plaintext, P(64), and a round key, RK(32×36), the
cipher produces the cipher text C(64). Round key
RK(32×36) is derived from the secret key, K(n)
with n ∈ {80, 128}, using the key schedule. A round
function of TWINE consists of a nonlinear layer
using 4-bit S-boxes and a diffusion layer, which
permutes the 16 blocks. Unlike Type-2 GFS, the
diffusion layer is not a circular shift and is designed
to provide a better diffusion that the circular shift.
This round function is iterated for 36 times for both
key lengths, where the diffusion layer of the last
round is omitted. The S-box, S, is a 4-bit
permutation. The permutation of block indexes, π :
{0, . . . , 15} → {0, . . . , 15}, where j-th sub-block
(for j = 0, . . . , 15) is mapped to π[j]-th sub-block.
Algorithm:
TWINE.Enc(P(64),RK(32_36),C(64))
X1(64)← PRK1(32)∥ . . . ∥ RK35
(32)← RK(32_36)
for i ← 1 to 35
do
Xi0(4)∥ Xi1(4)∥ .∥ Xi14(4)∥ Xi15(4)← Xi
(64)
RKi0(4)∥ RKi1(4)∥ . . . ∥ RKi6(4)∥ RKi 7(4)←
RKi(32)
for j ← 0 to 7
do Xi2
j+1← S(Xi2j RKij)Xi2j+1
for h ← 0 to 15
do Xi+1
[h]← Xih
Xi+1 ← Xi+1
0∥ Xi+11∥ . . . ∥ Xi+114∥ Xi+115
for j ← 0 to 7
do X36
2j+1← S(X362j + RK36j ) /X36
2.8 PRINT
PRINT[15] cipher is a block cipher with b-bit
blocks, b ∈ {48, 96}, and an effective key length of
53 × b bits. The essential structure of PRINT cipher
is that of an 3-bit S-boxes from one round to the
next. The first XOR uses first sub key in the round
counter which is denoted RCi, while key-dependent
permutations are used at the input to each S-box.
PRINT cipher: A Block Cipher for IC-Printing 19
SP-network with r = b rounds. It follows that
PRINT cipher-48 operates on 48-bit blocks, uses an
80-bit key and consists of 48 rounds while PRINT
cipher- 96 uses a 160-bit key and consists of 96
rounds and operates on 96-bit blocks.
Each round of encryption consists of the following
steps:
1. The cipher state is combined with a round key
using bitwise exclusive-or (XOR).
2. The cipher state is shuffled using a fixed linear
diffusion layer.
3. The cipher state is combined with a round
constant using bitwise XOR.
4. The three-bit entry to each S-box is permuted in a
key-dependent permutation layer.
5. The cipher state is mixed using a layer of non-
linear S-box substitutions.
The four S-boxes in PRINT cipher are closely
related. As an example, S-box 0 and S-box 1
produce the same output for each of four inputs and
similarly for S-boxes 2 and 3 and for S-boxes 4 and
5.
Page 7
32 P. Nandhini, Dr. V.Vanitha
International Journal of Innovations & Advancement in Computer Science
IJIACS
ISSN 2347 – 8616
Volume 6, Issue 1
January 2017
Fig 5: flow of PRINT cipher
Consider two keys different only in the selection of
one S-box, say, the leftmost one[18]. Assume
further that one key selects S-box V0 and the other
key selects S-box V1. It follows that for one round
of encryption, the encryption function induced by
the two keys will be equal for half the inputs.
Consequently, the encryption functions over s
rounds can be expected to produce identical cipher
texts for one in 2s texts.
There are other related keys. Consider two keys
different only in XOR halves and only in the input
to one S-box. For such two keys[30] it may be
possible to specify a keyed differential
characteristic where the differences in the texts are
canceled by the differences in the XOR key in every
second round.
The key schedule
The design criteria of 80-bit (resp. 128-bit) key
schedule are as follows: 1. The union of sub key
bits of any 2 (resp.4) consecutive rounds depends
on each of the 80 bits of the seed key.
2. The 1-round 5-subblock (resp. 4-subblock)
generalized Feistel transformation is used to provide
appropriate diffusion.
3. Use round constants to eliminate symmetries.
The 128-bit register used in the key schedule
algorithm contains the master key value both before
and after running the algorithm. So, only one 128-
bit register is required for both encryption and
decryption processes. The whitening keys are used
in the first and the last rounds of HIGHT. If the
whitening keys are not used, then the inputs to F0
and F1 in the first and the last rounds are directly
revealed from plaintexts and ciphertexts.
The sequence δ0, ・ ・ ・ , δ127 generated by the
linear feedback shift register h enhances
randomness of subkey bytes. It also provides the
resistance against slide attack. a block cipher
HIGHT[27] with 64-bit block length and 128-bit
key length. HIGHT was designed to be proper to the
implementation in the low resource environment
such as RFID tag or tiny ubiquitous devices. From
security analysis, sure that HIGHT has enough
security. Implementation circuit processes one
HIGHT encryption with 34 clock and requires 3048
gates. The data throughput of the circuit is about
150.6 Mbps under the operating frequency 80 MHz.
During our design[23], several key observations
were uppermost in our mind. Practically all modern
block cipher proposals have reasonable security
arguments; but few offer much beyond (potentially
thorough) ad hoc analysis. Here there is hope to
provide a more complete security treatment than is
usual.
In particular, related key attacks are often dismissed
from consideration for the application areas that
typically use such constrained devices, e.g. RFID
tags. In practice this is often perfectly reasonable.
However, researchers will continue to derive
cryptanalytic results in the related-key model and
there has been some research on how to modify or
strengthen key schedules. So having provable levels
of resistance to such attacks would be a bonus and
might help confusion developing in the
cryptographic literature.[19]While block ciphers are
an important primitive, and arguably the most
useful in a constrained environment, there has also
been much progress in the design of stream ciphers
very recently, in lightweight hash functions.
3. DISCUSSION
The below Table 1 illustrates the Comparison of Light weight Cryptographic Algorithms
Page 8
33 P. Nandhini, Dr. V.Vanitha
International Journal of Innovations & Advancement in Computer Science
IJIACS
ISSN 2347 – 8616
Volume 6, Issue 1
January 2017
Ciphers Function Architecture Structure Key size Block
size
Rounds Cycles
PRINT
Encryption &
Decryption
Serialized
SPN
80
48
48
768
SIMON
Encryption &
Decryption
Round-based
LFSR
80
32
254
1872
KATAN
Encryption
Serialized
Fiestel
56
32
254
255
PICOLO
Decryption
Serialized
Fiestel
64
80
144
2309
BORON
Encryption
Round-based
LFSR
64
36
36
178
TWINE
Encryption &
Decyption
Serialized
Fiestel
80
64
12
1304
KLEIN
Encryption
Round-based
LFER
64
254
255
1528
LBLOCK
Encryption &
Decryption
Serialized
Fiestel
32
254
255
335
4. CONCLUSION
In this paper, an analysis [22] has been made of the
majority of lightweight block cipher algorithms in
terms of their Algorithm specification and security.
An intensive analysis has been performed in this
paper which has provided a detailed picture
concerning the design of encryption algorithms. As
discussed in this paper, some of lightweight block
cipher algorithms use a Feistel network [26] while
the others used the SPN and each one has their own
properties. Moreover, in researching and analyzing
the existing lightweight block cipher algorithms it
was found that the algorithms with many S-boxes
meant that the security is good but the cost is high.
Furthermore, in the event the algorithm has enough
number of S-boxes and also has well designed
linear operations, then the security is high and the
cost is dependent upon the design.
5. REFERENCES
[1] Biplob R. Ray, Member, Morshed Chowdhury,
and Jemal Abawajy, “Secure Object Tracking
Protocol for the Internet of Things” in IEEE
Internet Of Things Journal, vol. pp, no. 99, 25
May 2016.
[2] Henry H. Bi and Dennis K. J. Lin, ” RFID-
Enabled Discovery of Supply Networks” in
IEEE Transactions On Engineering Management
, vol. 56, no. 1, February 2009 .
[3] Lang Li, Botao Liu , Hui Wang, ” QTL: A new
ultra-lightweight block cipher” in Elseiver, April
2016.
Page 9
34 P. Nandhini, Dr. V.Vanitha
International Journal of Innovations & Advancement in Computer Science
IJIACS
ISSN 2347 – 8616
Volume 6, Issue 1
January 2017
[4] Isha and Ashish Kr. Luhach, ”Analysis of
Lightweight Cryptographic Solutions for Internet
of Things”, Indian Journal of Science and
Technology, vol. 56, no. 1,July 2016.
[5] Stankovic, JA , “Research Directions for the
Internet of Things”, IEEE Internet of Things,
vol. 16, no.2, May 2015.
[6] Amendola, S, Lodato, R, Manzari, S, Occhiuzzi,
C & Marrocco, G, “RFID Technology for IoT-
Based Personal Healthcare in Smart Spaces”,
IEEE Internet of Things, Vol. 03, no.04, March 2014.
[7] Yang, P, “Radio Frequency Identification (RFID)
in Health Care: Privacy and Security Concerns
Limiting Adoption”, IEEE Internet of Things,
vol. 2, no. 1, January 2014.
[8] Sye Loong, K, Kumar, SS & Tschofenig, H,
”Securing the Internet of Things: A
Standardization Perspective”, IEEE Internet of
Things, vol. 8, no. 4, October 2014.
[9] Zheng Gong, Svetla Nikova and Yee-Wei Law,”
KLEIN: A New Family of Lightweight Block
Ciphers”, Cryptography and Communications,
Springer, vol. 02, no.1, April 2015.
[10] Sicari S, Cappiello C, Pellegrini F, Miorandi D,
Coen-Porisini A,”A security-and quality-aware
system architecture for Internet of Things”,
Information Systems Frontiers, vol.6, no.3,
March 2014.
[11] Lee J, Lim D,”A light weight block cipher -
picolo”, International Journal of Security and its
Application”, vol.5, no.5, January, 2014.
[12] Deukjo Hong, Jaechul Sung, Seokhie Hong,
Jongin Lim,”Present – an ultra lightweight Block
cipher”, Journal Networking and
Parallel/Distributed Computing, vol. 1, no.2, May
2015.
[14] M. Feldhofer, J. Wolkerstorfer, and V. Rijmen,
“AES Implementation on a Grain of Sand,” IEEE
Proceedings on Information Security, Vol 152, No 1,
pp. 13–20, April, 2005.
[15] A. Bogdanov et al., „„PRESENT: An Ultra-
Lightweight Block Cipher,‟‟ Proc. Workshop
Cryptographic Hardware and Embedded Systems
(CHES 07),Springer, vol pp. 450-466,sep 2012.
[16] N. Saxena and A. Sadeghi, editors. Radio Frequency
Identification: Security and Privacy Issues -RFIDSec
2014, volume 8651 of LNCS. Springer, 2014.
[17] S. Sun, L. Hu, P. Wang, K. Qiao, X. Ma, and
L. Song,” Automatic Security Evaluation and
(Related-key) Differential Characteristic Search:
Application to SIMON, PRESENT, LBlock,
DES(L) and Other Bit-oriented Block Ciphers”,
in Advances In Cryptology -ASIACRYPT, vol.
8874 of LNCS, pages 158–178. Springer, June
2014.
[18] C. D. Cannière, O. Dunkelman, and M.
Knezevic,” KATAN and KTANTAN -A Family
of Small and Efficient Hardware-Oriented Block
Ciphers”, In Cryptographic Hardware and
Embedded Systems -CHES, vol 5747 of LNCS,
pages 272–288, Springer, March 2009.
[19] Lim, C., Korkishko, T.: mCrypton,” A
Lightweight Block Cipher for Security of Low-
cost RFID Tags and Sensors”, in Proceedings of
the First International IEEE Security in Storage
Workshop”, LNCS, vol. 3786, pp. 243–258. ,
March 2006.
[20] Mace, F., Standaert, F.-X., Quisquater, J.-
J,”ASIC Implementations of the Block Cipher
SEA for Constrained Applications”, in RFID
Security Workshop Record, Malaga, Spain, pp.
103–114, Feb 2007.
[21] Matsui, M,”New Structure of Block Ciphers
with Provable Security against Differential and
Linear Cryptanalysis”, in Gollmann, D. (ed.)
Springer, Heidelberg, FSE 1996. LNCS, vol.
1039, pp. 205–218, Nov 2015.
[22] Shibutani, Takanori Isobe, Harunaga Hiwatari,
Atsushi Mitsuda, Toru Akishita, and Taizo
ShiraiB. Preneel and T. Takagi, “Piccolo: An
Ultra-Lightweight Blockcipher “,in International
Association for Cryptologic Research, LNCS
6917, pp. 342–357, Dec 2012.
[23] W. Wu and L. Zhang, "LBlock: A
Lightweight Block Cipher Applied Cryptography
and Network Security." In Springer Berlin /
Heidelberg, Vol. 6715, pp. 327-344, Aug 2012.
[24] T. Suzaki, et al., "TWINE: A Lightweight
Block Cipher for Multiple Platforms," in
Selected Areas in Cryptography, in Springer
Berlin Heidelberg ,vol. 7707, no 3, pp. 339-
354,Dec 2013.
[25] J. Guo, T. Peyrin, A. Poschmann, and M.
Robshaw, "The LED Block Cipher Cryptographic
Hardware and Embedded Systems – CHES
2011", in Springer Berlin Heidelberg, Vol. 6917,
2011, pp. 326-341, May 2011
[26] J. Borghoff, et al., "PRINCE – A Low-
Latency Block Cipher for Pervasive Computing
Applications," in Advances in Cryptology –
ASIACRYPT,in Springer Berlin Heidelber , vol.
7658, pp. 208-225, July 2013.
[27]. L. Knudsen, et al., "PRINTcipher: A Block
Cipher for IC-Printing," in Cryptographic
Hardware and Embedded Systems, CHES 2010.
vol. 6225, in Springer Berlin Heidelberg, pp. 16-
32, March 2010
Page 10
35 P. Nandhini, Dr. V.Vanitha
International Journal of Innovations & Advancement in Computer Science
IJIACS
ISSN 2347 – 8616
Volume 6, Issue 1
January 2017
[28]. A. Bogdanov, L. Knudsen, G. Leander, C.
Paar, A. Poschmann, M. Robshaw, Y. Seurin,
and C. Vikkelsoe, "PRESENT: An Ultra-
Lightweight Block Cipher Cryptographic
Hardware and Embedded Systems – CHES”, in
Springer Berlin / Heidelberg, Vol. 4727, pp.
450-466, March 2013.
[29]. Z. Gong, S. Nikova, and Y. Law, "KLEIN: A
New Family of Lightweight Block Ciphers
RFID. Security and Privacy." In Springer Berlin
/ Heidelberg,Vol. 7055, , pp. 1-18, June 2012.
[30] J.-S. Kang, et al., "Practical and Provable
Security against Differential and Linear
Cryptanalysis for Substitution-Permutation
Networks," in ETRI Journal, vol. 23, pp. 158-
167, June 2011.