Paper 2014/386

Chaskey: An Efficient MAC Algorithm for 32-bit Microcontrollers

Nicky Mouha, Bart Mennink, Anthony Van Herrewege, Dai Watanabe, Bart Preneel, and Ingrid Verbauwhede


We propose Chaskey: a very efficient Message Authentication Code (MAC) algorithm for 32-bit microcontrollers. It is intended for applications that require 128-bit security, yet cannot implement standard MAC algorithms because of stringent requirements on speed, energy consumption, or code size. Chaskey is a permutation-based MAC algorithm that uses the Addition-Rotation-XOR (ARX) design methodology. We formally prove that Chaskey is secure in the standard model, based on the security of an underlying Even-Mansour block cipher. Chaskey is designed to perform well on a wide range of 32-bit microcontrollers. Our benchmarks show that on the ARM Cortex-M3/M4, our Chaskey implementation reaches a speed of 7.0 cycles/byte, compared to 89.4 cycles/byte for AES-128-CMAC. For the ARM Cortex-M0, our benchmark results give 16.9 cycles/byte and 136.5 cycles/byte for Chaskey and AES-128-CMAC respectively.

Available format(s)
Secret-key cryptography
Publication info
Published elsewhere. Major revision.SAC 2014
MicrocontrollerMessage Authentication CodeStandard Model SecurityPermutation-BasedARX
Contact author(s)
Nicky Mouha @ esat kuleuven be
2015-03-20: last of 3 revisions
2014-05-30: received
See all versions
Short URL
Creative Commons Attribution


      author = {Nicky Mouha and Bart Mennink and Anthony Van Herrewege and Dai Watanabe and Bart Preneel and Ingrid Verbauwhede},
      title = {Chaskey: An Efficient MAC Algorithm for 32-bit Microcontrollers},
      howpublished = {Cryptology ePrint Archive, Paper 2014/386},
      year = {2014},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.