Paper 2022/1628

Analyzing the Leakage Resistance of the NIST's Lightweight Crypto Competition's Finalists

Corentin Verhamme, UCLouvain
Gaëtan Cassiers, UCLouvain, Graz University of Technology, Lamarr Security Research
François-Xavier Standaert, UCLouvain

We investigate the security of the NIST Lightweight Crypto Competition’s Finalists against side-channel attacks. We start with a mode-level analysis that allows us to put forward three candidates (As- con, ISAP and Romulus-T) that stand out for their leakage properties and do not require a uniform protection of all their computations thanks to (expensive) implementation-level countermeasures. We then implement these finalists and evaluate their respective performances. Our results confirm the interest of so-called leveled implementations (where only the key derivation and tag generation require security against differential power analysis). They also suggest that these algorithms differ more by their qualitative features (e.g., two-pass designs to improve confidentiality with decryption leakage vs. one-pass designs, flexible overheads thanks to masking vs. fully mode-level, easier to implement, schemes) than by their quantitative features, which all improve over the AES and are quite sensitive to security margins against cryptanalysis.

Available format(s)
Publication info
Published elsewhere. CARDIS 2022
leakage-resilient NIST LWC
Contact author(s)
corentin verhamme @ uclouvain be
gaetan cassiers @ uclouvain be
fstandae @ uclouvain be
2022-11-23: approved
2022-11-22: received
See all versions
Short URL
Creative Commons Attribution


      author = {Corentin Verhamme and Gaëtan Cassiers and François-Xavier Standaert},
      title = {Analyzing the Leakage Resistance of the NIST's Lightweight Crypto Competition's Finalists},
      howpublished = {Cryptology ePrint Archive, Paper 2022/1628},
      year = {2022},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.