Abstract
Due to the increased use of devices with restricted resources such as limited area size, power or energy, the community has developed various techniques for designing lightweight ciphers. One approach that is increasingly discussed is to use the cipher key that is stored on the device in non-volatile memory not only for the initialization of the registers but during the encryption/decryption process as well. Recent examples are the ciphers Midori (Asiacrypt’15) and Sprout (FSE’15). This may on the one hand help to save resources, but also may allow for a stronger key involvement and hence higher security. However, only little is publicly known so far if and to what extent this approach is indeed practical. Thus, cryptographers without strong engineering background face the problem that they cannot evaluate whether certain designs are reasonable (from a practical point of view) which hinders the development of new designs.In this work, we investigate this design principle from a practical point of view. After a discussion on reasonable approaches for storing a key in non-volatile memory, motivated by several commercial products we focus on the case that the key is stored in EEPROM. Here, we highlight existing constraints and derive that some designs, based on the impact on their throughput, are better suited for the approach of continuously reading the key from all types of non-volatile memory. Based on these findings, we improve the design of Sprout for proposing a new lightweight stream cipher that (i) has a significantly smaller area size than almost all other stream ciphers and (ii) can be efficiently realized using common non-volatile memory techniques. Hence, we see our work as an important step towards putting such designs on a more solid ground and to initiate further discussions on realistic designs.
Highlights
Owing to the increased proliferation of resource constrained devices, the design of lightweight encryption schemes is a continuous research topic
Proposal of a New Cipher: Our analysis shows that the methods of both the stream cipher Sprout and the block cipher LED for involving the non-volatile key bits are well aligned with the timing limitations of EEPROM compared to other ciphers
We focus on a scenario where the key is stored in EEPROM which is continuously accessed by the cipher during the encryption/decryption process and where the goal is to reduce the area size of the cipher without increasing the size of the EEPROM
Summary
Owing to the increased proliferation of resource constrained devices, the design of lightweight encryption schemes is a continuous research topic. One could argue that this topic has become superfluous, given that progress in hardware production often results in designs where resources do not represent a critical factor. In such cases it is reasonable to use established ciphers like AES [Nat01]. Various discussions with experts from industry and academia showed that there still remains interest in developing and implementing ciphers that consume as little resources as possible. Similar can be said about the scientific community that regularly develops new lightweight ciphers, e.g., the block ciphers PRESENT [BKL+07] and Midori [BBI+15].
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
