Cryptology ePrint Archive: Report 2017/511

State of the Art in Lightweight Symmetric Cryptography

Alex Biryukov and Leo Perrin

Abstract: Lightweight cryptography has been one of the "hot topics" in symmetric cryptography in the recent years. A huge number of lightweight algorithms have been published, standardized and/or used in commercial products.

In this paper, we discuss the different implementation constraints that a "lightweight" algorithm is usually designed to satisfy in both the software and the hardware case. We also present an extensive survey of all lightweight symmetric primitives we are aware of. It covers designs from the academic community, from government agencies and proprietary algorithms which were reverse-engineered or leaked. Relevant national (NIST...) and international (ISO/IEC...) standards are listed.

We identified several trends in the design of lightweight algorithms, such as the designers' preference for ARX-based and bitsliced-S-Box-based designs or simpler key schedules. We also discuss more general trade-offs facing the authors of such algorithms and suggest a clearer distinction between two subsets of lightweight cryptography. The first, ultra-lightweight cryptography, deals with primitives fulfilling a unique purpose while satisfying specific and narrow constraints. The second is ubiquitous cryptography and it encompasses more versatile algorithms both in terms of functionality and in terms of implementation trade-offs.

Category / Keywords: secret-key cryptography / Lightweight cryptography, Ultra-Lightweight, IoT, Internet of Things, SoK, Survey, Standards, Industry

Date: received 2 Jun 2017, last revised 9 Jan 2018

Contact author: perrin leo at gmail com

Available format(s): PDF | BibTeX Citation

Version: 20180109:152627 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]