Paper 2017/511

State of the Art in Lightweight Symmetric Cryptography

Alex Biryukov and Leo Perrin


Lightweight cryptography has been one of the "hot topics" in symmetric cryptography in the recent years. A huge number of lightweight algorithms have been published, standardized and/or used in commercial products. In this paper, we discuss the different implementation constraints that a "lightweight" algorithm is usually designed to satisfy in both the software and the hardware case. We also present an extensive survey of all lightweight symmetric primitives we are aware of. It covers designs from the academic community, from government agencies and proprietary algorithms which were reverse-engineered or leaked. Relevant national (NIST...) and international (ISO/IEC...) standards are listed. We identified several trends in the design of lightweight algorithms, such as the designers' preference for ARX-based and bitsliced-S-Box-based designs or simpler key schedules. We also discuss more general trade-offs facing the authors of such algorithms and suggest a clearer distinction between two subsets of lightweight cryptography. The first, ultra-lightweight cryptography, deals with primitives fulfilling a unique purpose while satisfying specific and narrow constraints. The second is ubiquitous cryptography and it encompasses more versatile algorithms both in terms of functionality and in terms of implementation trade-offs.

Available format(s)
Secret-key cryptography
Publication info
Preprint. MINOR revision.
Lightweight cryptographyUltra-LightweightIoTInternet of ThingsSoKSurveyStandardsIndustry
Contact author(s)
perrin leo @ gmail com
2018-01-09: last of 2 revisions
2017-06-02: received
See all versions
Short URL
Creative Commons Attribution


      author = {Alex Biryukov and Leo Perrin},
      title = {State of the Art in Lightweight Symmetric Cryptography},
      howpublished = {Cryptology ePrint Archive, Paper 2017/511},
      year = {2017},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.