PHOTON-Beetle AEAD - Light-weight cipherPHOTON-Beetle is a light weight block cipher and was written by Zhenzhen Bao, Avik Chakraborti, Nilanjan Datta, Jian Guo, Mridul Nandi, Thomas Peyrin, and Kan Yasuda [1][2]. It uses the sponge-based mode Beetle with the PHOTON256 method for the permutation. |
Outline
One of the great advantages of using a sponge method in cryptography is that you get the addition of hashing on top of encryption for very little overhead in the code size and the memory requirements. If we are using something like an 8-bit microcontroller, we might only have a few hundred bytes of ROM, and a similar space for RAM. The device on the left-hand side is an MC6811, and only has 8 KB of ROM and 256 bytes of on-chip RAM. We thus need efficient code for our encryption, as there needs to be space for the main application software, too.
One method which focuses on creating an extremely small footprint is the PHOTON-Beetle method. Overall it is a light weight block cipher and was written by Zhenzhen Bao, Avik Chakraborti, Nilanjan Datta, Jian Guo, Mridul Nandi, Thomas Peyrin, and Kan Yasuda. It uses the sponge-based mode Beetle with the P256 for the permutation and supports both authenticated encryption (AE) and hashing. PHOTON-Beetle AEAD and PHOTON-Beetle hashing are finalists for NIST's competition on lightweight cryptography.
The Beetle family of cryptography methods integrates a lightweight, sponge-based authenticated encryption. When this is linked with the PHOTON permutation (PHOTON_256), it achieves an extremely small footprint. In tests, a 64-bit security version of PHOTON-Beetle consumes less than 600 LUTs (LookUp Tables) on an FPGA, compared with 1,000 LUTs for COFB-AES (COmbined FeedBack-AES).
With PHOTON-Beetle can be optimized for either low ROM environment (where the code needs to be compact) or for speed. For PHOTON-Beetle AEAD, on 8-bit microcontrollers with low ROM sizes, the ROM code size is less than 2,200 bytes, and adding a hashing method on top of this, only adds another 300 bytes of ROM. The requirement for memory, too, is small and where it only requires 100 bytes of RAM. The average speed is around 8,200 cycles per byte for encryption. For the PHOTO-Beetle AEAD mode which focuses on speed, the ROM code size is less than 4,100 bytes, with hashing adding 300 bytes. The average speed is around 4,900 cycles per byte for encryption.
Overall we have three C files and a few header files. To compile we can use the gcc compiler:
gcc main.c encrypt.c photon.c -o beetle2.exe
An outline of the C code is [1]. A sample run is:
PHOTON-Beetle AEAD light-weight cipher Plaintext: hello Key: 0123456789ABCDEF0123456789ABCDEF Nonce: 000000000000111111111111 Additional Information: Plaintext: hello Cipher: 7C56A6CE20FF83EB4A2224, Len: 21 Plaintext: hello, Len: 5 Success!
References
[1] PHOTON-Beetle GitHub [here].
[2] Chakraborti, A., Datta, N., Nandi, M., & Yasuda, K. (2018). Beetle family of lightweight and secure authenticated encryption ciphers. IACR Transactions on Cryptographic Hardware and Embedded Systems, 218-241. [paper]