Cryptology ePrint Archive: Report 2019/936

SNEIK on Microcontrollers: AVR, ARMv7-M, and RISC-V with Custom Instructions

Markku-Juhani O. Saarinen

Abstract: SNEIK is a family of lightweight cryptographic algorithms derived from a single 512-bit permutation. The SNEIGEN ``entropy distribution function'' was designed to speed up certain functions in post-quantum and lattice-based public key algorithms. We implement and evaluate SNEIK algorithms on popular 8-bit AVR and 32-bit ARMv7-M (Cortex M3/M4) microcontrollers, and also describe an implementation for the open-source RISC-V (RV32I) Instruction Set Architecture (ISA). Our results demonstrate that SNEIK algorithms usually outperform AES and SHA-2/3 on these lightweight targets while having a naturally constant-time design and significantly smaller implementation footprint. The RISC-V architecture is becoming increasingly popular for custom embedded designs that integrate a CPU core with application-specific hardware components. We show that inclusion of two simple custom instructions into the RV32I ISA yields a radical (more than five-fold) speedup of the SNEIK permutation and derived algorithms on that target, allowing us to reach 12.4 cycles/byte SNEIKEN-128 authenticated encryption performance on PQShield's ``Crimson Puppy'' RV32I-based SoC. Our performance measurements are for realistic message sizes and have been made using real hardware. We also offer implementation size metrics in terms of RAM, firmware size, and additional FPGA logic for the custom instruction set extensions.

Category / Keywords: implementation / SNEIK SNEIKEN SNEIKHA Lightweight Cryptography AVR Cortex-M4 ARMv7-M RISC-V ISA Extensions Crimson Puppy

Date: received 16 Aug 2019, last revised 20 Sep 2019

Contact author: mjos at iki fi

Available format(s): PDF | BibTeX Citation

Version: 20190920:113348 (All versions of this report)

Short URL: ia.cr/2019/936


[ Cryptology ePrint archive ]