[Cryptography] Formal definition of lightweight crypto
Dmitry Belyavsky
beldmit at gmail.com
Sat Jan 2 00:38:28 EST 2016
Dear dj,
On Fri, Jan 1, 2016 at 11:20 PM, <dj at deadhat.com> wrote:
>
> I've designed circuits using algorithms claiming to be lightweight crypto
> and there seems to be two common properties of lightweight crypto
> algorithms (1) The smallest instantiations are less secure, using shorter
> keys and/or shorter block sizes. and (2) they are more scalable, since the
> inner round functions are very small, so there is a lot more unrolling
> flexibility, so you can build small slow ones and big fast ones and many
> points in between those extremes.
>
Thank you!
>
> The consensus at the NIST lightweight crypto conference last year was that
> we shouldn't compromise on security. So the real important feature of
> algorithms is efficiency and scalability and lightweight algorithms
> generally meet those criteria. Simon for instance turns out to be 3X more
> efficient than AES at the same strength and performance so it is a much
> better algorithm overall than AES.
>
I am not sure that the results from the paper [1] for Simon analysis show
the same strength for Simon and AES.
1. https://eprint.iacr.org/2013/543.pdf
--
SY, Dmitry Belyavsky
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160102/279cbd03/attachment.html>
More information about the cryptography
mailing list