What’s Small and Efficient: A Crypto Beetle

One of the great advantages of using a sponge method in cryptography is that you get the addition of hashing on top of encryption for very…
Photo by Paulo Ziemer on Unsplash

What’s Small and Efficient: A Crypto Beetle

One of the great advantages of using a sponge method in cryptography is that you get the addition of hashing on top of encryption for very little overhead in the code size and the memory requirements. If we are using something like an 8-bit microcontroller, we might only have a few hundred bytes of ROM, and a similar space for RAM. The device on the left-hand side is an MC6811, and only has 8 KB of ROM and 256 bytes of on-chip RAM. We thus need efficient code for our encryption, as there needs to be space for the main application software, too.

One method which focuses on creating an extremely small footprint is the PHOTON-Beetle method. Overall it is a lightweight block cipher and was written by Zhenzhen Bao, Avik Chakraborti, Nilanjan Datta, Jian Guo, Mridul Nandi, Thomas Peyrin, and Kan Yasuda. It uses the sponge-based mode Beetle with the P256 for the permutation and supports both authenticated encryption (AE) and hashing. PHOTON-Beetle AEAD and PHOTON-Beetle hashing are finalists for NIST’s competition on lightweight cryptography. We can see in this test that it produced the smallest amount of code for the assessed hashing methods:

The Beetle family of cryptography methods integrates a lightweight, sponge-based authenticated encryption. When this is linked with the PHOTON permutation (PHOTON_256), it achieves an extremely small footprint. In tests, a 64-bit security version of PHOTON-Beetle consumes less than 600 LUTs (LookUp Tables) on an FPGA, compared with 1,000 LUTs for COFB-AES (COmbined FeedBack-AES).

With PHOTON-Beetle can be optimized for either a low ROM environment (where the code needs to be compact) or is optimized speed. For PHOTON-Beetle AEAD, on 8-bit microcontrollers with low ROM sizes, the ROM code size is less than 2,200 bytes, and adding a hashing method on top of this, only adds another 300 bytes of ROM. The requirement for memory, too, is small and where it only requires 100 bytes of RAM. The average speed is around 8,200 cycles per byte for encryption. For the PHOTO-Beetle AEAD mode which focuses on speed, the ROM code size is less than 4,100 bytes, with hashing adding 300 bytes. The average speed is around 4,900 cycles per byte for encryption.

Here is a demo of the method:

PHOTON-Beetle - Light-weight cipher
One of the key areas of protection is in device security, and NIST's competition on light-weight cryptography aims to…asecuritysite.com