skip to main content


Title: Post-Quantum Cipher Power Analysis in Lightweight Devices
Post-quantum ciphers (PQC) provide cryptographic algorithms for public-key ciphers which are computationally secure against the threats from quantum-computing adversaries. Because the devices in mobile computing are limited in hardware and power, we analyze the PQC power overheads. We implement the new NIST PQCs across a range of device platforms to simulate varying resource capabilities, including multiple Raspberry Pis with different memories, a laptop, and a desktop computer. We compare the power measurements with the idle cases as our baseline and show the PQCs consume considerable power. Our results show that PQC ciphers can be feasible in the resource-constrained devices (simulated with varying Raspberry Pis in our case); while PQCs consume greater power than the classical cipher of RSA for laptop and desktop, they consume comparable power for the Raspberry Pis.  more » « less
Award ID(s):
1922410
PAR ID:
10423194
Author(s) / Creator(s):
; ; ; ; ; ;
Date Published:
Journal Name:
ACM Conference on Security and Privacy in Wireless and Mobile Networks
Format(s):
Medium: X
Sponsoring Org:
National Science Foundation
More Like this
  1. null (Ed.)
    The 2019 ABET computer science criteria requires that all computing students learn parallel and distributed computing (PDC) as undergraduates, and CS2013 recommends at least fifteen hours of PDC in the undergraduate curriculum. Consequently, many educators look for easy ways to integrate PDC into courses at their institutions. This hands-on workshop introduces Message Passing Interface (MPI) basics in C/C++ and Python using clusters of Raspberry Pis. The Message Passing Interface (MPI) is a multi-language, platform independent, industry-standard library for parallel and distributed computing. Raspberry Pis are an inexpensive and engaging hardware platform for studying PDC as early as the first course. Participants will experience how to teach distributed computing essentials with MPI by means of reusable, effective "parallel patterns", including single program multiple data (SPMD) execution, send-receive message passing, the master-worker pattern, parallel loop patterns, and other common patterns, plus longer "exemplar" programs that use MPI to solve significant applied problems. The workshop includes: (i) personal experience with the Raspberry Pi (clusters provided for workshop use); (ii) assembly of Beowulf clusters of Raspberry Pis quickly in the classroom; (iii) self-paced hands-on experimentation with the working MPI programs; and (iv) a discussion of how these may be used to achieve the goals of CS2013 and ABET. No prior experience with MPI, PDC, or the Raspberry Pi is expected. All materials from this workshop will be freely available from CSinParallel.org; participants should bring a laptop to access these materials. 
    more » « less
  2. null (Ed.)
    Lightweight cryptography offers viable security solutions for resource constrained Internet of Things (IoT) devices. However, IoT devices have implementation vulnerabilities such as side channel attacks (SCA), where observation of physical phenomena associated with device operations can reveal sensitive internal contents. The U.S. National Institute of Standards and Technology has called for lightweight cryptographic solutions to process authenticated encryption with associated data (AEAD), and is evaluating candidates for suitability in a Lightweight Cryptography (LWC) Standardization Process. Two Round 2 candidate variants, COMET-CHAM and SCHWAEMM, use Addition-Rotation-XOR (ARX) primitives. However, ARX ciphers are known to be costly to protect against certain SCA. In this work we implement side channel protected versions of COMET-CHAM and SCHWAEMM using register transfer level design. Identical protection schemes consisting of a threshold implementation (TI)-protected Kogge-Stone adder are adopted. Resistance to power side channel analysis is verified on an Artix-7 FPGA target device. Implementations comply with the Hardware API for Lightweight Cryptography, and use a custom-designed extension of the Development Package for the Hardware API for Lightweight Cryptography which enables test and evaluation of side channel resistant designs. We compare side channel protection costs of the two candidates against each other, against their unprotected counterparts, and against previous side channel protected AEAD implementations. COMET-CHAM is shown to consume less area and power, while SCHWAEMM has higher throughput and throughput to area ratio, and is more energy efficient. On average, the costs of protecting these ciphers against SCA are 32% more in area and 38% more in power, compared to the average protection costs for a large selection of previously-evaluated ciphers of similar implementation. Our results highlight the costs involved in implementing side channel protected ARX-ciphers, and help to inform NIST LWC late round and final portfolio selections. 
    more » « less
  3. Authenticated ciphers potentially provide resource savings and security improvements over the joint use of secret-key ciphers and message authentication codes. The CAESAR competition aims to choose the most suitable authenticated ciphers for several categories of applications, including a lightweight use case, for which the primary criteria are performance in resource constrained devices, and ease of protection against side channel attacks (SCA). Recently, two of the candidates from this category, ACORN and Ascon, were selected as CAESAR contest finalists. In this research, we compare two SCA-resistant FPGA implementations of ACORN and Ascon, where one set of implementations has area consumption nearly equivalent to the defacto standard AES-GCM, and the other set has throughput (TP) close to that of AES-GCM. The results show that protected implementations of ACORN and Ascon, with area consumption less than but close to AES-GCM, have 23.3 and 2.5 times, respectively, the TP of AES-GCM. Likewise, implementations of ACORN and Ascon with TP greater than but close to AES-GCM, consume 18% and 74% of the area, respectively, of AES-GCM. 
    more » « less
  4. Domain Name System Security Extensions (DNSSEC) uses public-key digital signatures to provide integrity and authentication for DNS query responses. The current standardized DNS for reliable UDP delivery limits DNS response (including the message, signature, and public key) to a maximum of 1232 bytes. Incorporating NIST’s post-quantum digital signatures into the DNS protocol results in a response size that exceeds the limit set by the Ethernet standardization, making PQC incompatible with the current standardized DNS. To address the incompatibility and enable PQC to protect the authenticity against the quantum-equipped adversaries, previous research proposed fragmenting the DNSSEC messages. Fragmentation however exposes DNSSEC to Fragmentation Mis-Association threat, traditionally studied in the broader IP fragmentation contexts and not applicable in the current DNSSEC with classical/pre-quantum cipher (no fragmentation needed). We distinguish our work from the previous research incorporating PQC to DNSSEC to defend against the Fragmentation Mis- Association Threat by chaining the fragments and applying cryptographic commit-and-reveal. We also advance the previous research and further reduce the number of packet fragments, which can be particularly useful as the DNSSEC based on UDP is prone to packet transmission failure increasing the chance of the DNS response failure when sent in multiple fragments, by using blockchain to offload and enable the offline delivery of the public key. Our scheme thus even allows the Falcon-512 PQC cipher incorporation to forgo the fragmentation, in contrast to the previous research requiring fragmentation for Falcon-512; the other PQC ciphers, i.e., Dilithium ciphers and Falcon-1024, still require fragmentation in our scheme due to the standardized signature sizes. We implement our scheme and analyze the effectiveness and performances through experimentation. 
    more » « less
  5. Authenticated ciphers offer potential benefits to resource-constrained devices in the Internet of Things (IoT). The CAESAR competition seeks optimal authenticated ciphers based on several criteria, including performance in resource-constrained (i.e., low-area, low-power, and low-energy) hardware. Although the competition specified a "lightweight" use case for Round 3, most hardware submissions to Round 3 were not lightweight implementations, in that they employed architectures optimized for best throughput-to-area (TP/A) ratio, and used the Pre- and PostProcessor modules from the CAESAR Hardware (HW) Development Package designed for high-speed applications. In this research, we provide true lightweight implementations of selected ciphers (ACORN, NORX, CLOC- AES, SILC-AES, and SILC-LED). These implementations use an improved version of the CAESAR HW Development Package designed for lightweight applications, and are fully compliant with the CAESAR HW Application Programming Interface for Authenticated Ciphers. Our lightweight implementations achieve an average of 55% reduction in area and 40% reduction in power compared to their corresponding high-speed versions. Although the average energy per bit of lightweight ciphers increases by a factor of 3.6, the lightweight version of NORX actually uses 47% less energy per bit than its corresponding high-speed implementation. 
    more » « less