Lightweight Cryptography Primitives
|
This repository contains implementations of many of the second round submissions to the NIST lightweight cryptography competition.
The implementations here are focused on efficient implementation for 32-bit and 8-bit embedded architectures, particularly ARM and AVR. The reference code from the NIST web site by contrast is focused on correctness and amenity to academic cryptanalysis.
The primary source for all algorithms is in the "src/combined" directory, which makes it easier to share common building blocks between algorithms and to test all of the algorithms as a set.
If you want to use a specific algorithm in your project, you should instead copy the source files under "src/individual/ALG" where "ALG" is the name of the algorithm you require.
The build rule "make individual" can be used to copy the relevant files under "src/combined" to subdirectories of "src/individual" after you make a change to the source in "src/combined".
The source code is mostly plain C99, tested with gcc and clang. There are some platform-specific and compiler-specific definitions in "src/combined/internal-util.h" that may need adjusting to get the code to work with other compilers. Patches welcome to improve portability.
Masked ciphers need a source of random numbers. This is provided by the "src/combined/aead-random.c" file in the source code. Modifications will be needed to this file to support the TRNG in new CPU's. Patches welcome.
The "src/combined" directory contains a "combined.ino" sketch file that can be used to test the performance of all algorithms on Arduino devices. The sketch needs significant amounts of flash memory to run the full set of performance tests (at least 512kB is recommended). Flash memory requirements can be reduced by commenting out some of the algorithms in "combined.ino" and testing them a group at a time.
Copy or symlink the entire contents of the "src/combined" directory to your sketchbook directory as "$HOME/sketchbook/combined". You should then be able to load the sketch into the Arduino IDE and download it into a device. The performance metrics are written to the serial port at 9600 bps.
This page contains a list of all implemented algorithms, their properties, and any interesting features that I noticed as I was implementing them.
All of the algorithms have been implemented in a manner that should execute in constant time with constant cache behaviour. If you find a side channel leakage in the code, then please let me know.
The 32-bit performance page contains comparisons of all implemented algorithms on ARM Cortex M3 and ESP32 Arduino devices. The 32-bit implementations are in plain C.
The AVR performance page contains comparisons of all implemented algorithms on 8-bit AVR platforms, with the assistance of assembly code speedups of the core block operations.
The masking performance page contains comparisons of masked versions of the algorithms with their baseline versions.
Eventually the plan is to integrate the competition finalists into my Arduino Cryptography Library. But it is too soon to pick a candidate for inclusion just yet.
For more information on these libraries, to report bugs, or to suggest improvements, please contact the author Rhys Weatherley via email.