Paper 2018/805

Beetle Family of Lightweight and Secure Authenticated Encryption Ciphers

Avik Chakraborti, Nilanjan Datta, Mridul Nandi, and Kan Yasuda


This paper presents a lightweight, sponge-based authenticated encryption (AE) family called Beetle. When instantiated with the PHOTON permutation from CRYPTO 2011, Beetle achieves the smallest footprint - consuming only a few more than 600 LUTs on FPGA while maintaining 64-bit security. This figure is significantly smaller than all known lightweight AE candidates which consume more than 1,000 LUTs, including the latest COFB-AES from CHES~2017. In order to realize such small hardware implementation, we equip Beetle with an ``extremely tight'' bound of security. The trick is to use combined feedback to create a difference between the cipher text block and the rate part of the next feedback (in traditional sponge these two values are the same). Then we are able to show that Beetle is provably secure up to $\min \{c-\log r, {b/2}, r\}$ bits, where $b$ is the permutation size and $r$ and $c$ are parameters called rate and capacity, respectively. The tight security bound allows us to select the smallest security parameters, which in turn result in the smallest footprint.

Note: We have added a new subsection in the Introduction to demonstrate the significance of Beetle in the Light of NIST Lightweight Cryptography Project. We have also provided a detailed security proof for the mode.

Available format(s)
Publication info
A minor revision of an IACR publication in TCHES 2018
BeetlespongePHOTONauthenticated encryptionlightweightpermutation
Contact author(s)
nilanjan_isi_jrf @ yahoo com
2019-01-31: last of 3 revisions
2018-09-06: received
See all versions
Short URL
Creative Commons Attribution


      author = {Avik Chakraborti and Nilanjan Datta and Mridul Nandi and Kan Yasuda},
      title = {Beetle Family of  Lightweight and Secure Authenticated Encryption Ciphers},
      howpublished = {Cryptology ePrint Archive, Paper 2018/805},
      year = {2018},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.