Paper 2020/1320

WARP : Revisiting GFN for Lightweight 128-bit Block Cipher

Subhadeep Banik, Zhenzhen Bao, Takanori Isobe, Hiroyasu Kubo, Fukang Liu, Kazuhiko Minematsu, Kosei Sakamoto, Nao Shibata, and Maki Shigeri


In this article, we present WARP, a lightweight 128-bit block cipher with a 128-bit key. It aims at small-footprint circuit in the field of 128-bit block ciphers, possibly for a unified encryption and decryption functionality. The overall structure of WARP is a variant of 32-nibble Type-2 Generalized Feistel Network (GFN), with a permutation over nibbles designed to optimize the security and efficiency. We conduct a thorough security analysis and report comprehensive hardware and software implementation results. Our hardware results show that WARP is the smallest 128-bit block cipher for most of typical hardware implementation strategies. A serialized circuit of WARP achieves around 800 Gate Equivalents (GEs), which is much smaller than previous state-of-the-art implementations of lightweight 128-bit ciphers (they need more than $1,000$ GEs). While our primary metric is hardware size, WARP also enjoys several other features, most notably low energy consumption. This is somewhat surprising, since GFN generally needs more rounds than substitution permutation network (SPN), and thus GFN has been considered to be less advantageous in this regard. We show a multi-round implementation of WARP is quite low-energy. Moreover, WARP also performs well on software: our SIMD implementation is quite competitive to known hardware-oriented 128-bit lightweight ciphers for long input, and even much better for small inputs due to the small number of parallel blocks. On 8-bit microcontrollers, the results of our assembly implementations show that WARP is flexible to achieve various performance characteristics.

Available format(s)
Secret-key cryptography
Publication info
Published elsewhere. MINOR revision.Selected Areas in Cryptography 2020
Lightweight Block Cipher128-bit Block CipherGeneralized Feistel NetworkUnified Encryption and Decryption
Contact author(s)
subhadeep banik @ epfl ch
zzbao @ ntu edu sg
takanori isobe @ ai u-hyogo ac jp
liufukangs @ 163 com
k-minematsu @ nec com
k sakamoto0728 @ gmail com
2020-10-23: received
Short URL
Creative Commons Attribution


      author = {Subhadeep Banik and Zhenzhen Bao and Takanori Isobe and Hiroyasu Kubo and Fukang Liu and Kazuhiko Minematsu and Kosei Sakamoto and Nao Shibata and Maki Shigeri},
      title = {WARP : Revisiting GFN for Lightweight 128-bit Block Cipher},
      howpublished = {Cryptology ePrint Archive, Paper 2020/1320},
      year = {2020},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.