Kong Wonbae^{1}
Choi Piljoo^{2}
Kim Dong Kyue^{1}

(Dept. of Electronic Engineering, Hanyang University, 222 Wangsimniro, Seongdonggu,
Seoul 04763, Korea )

(Dept. of IT Convergence and Application Engineering, Pukyong National University,
45, Yongsoro, Namgu, Busan 48513, Korea)
Copyright © The Institute of Electronics and Information Engineers(IEIE)
Index Terms
Applicationspecific integrated circuit (ASIC), lightweight ciphers, cryptographic, hardware implementation, digital circuit
I. INTRODUCTION
Devices protect their data and authenticate themselves on the network using cryptographic
services. These services require a large amount of computing power, which can lead
to the degradation of CPU performance. Although this can be avoided by using hardware
cryptoprocessors, some tiny devices, such as IoT sensors, have highly constrained
resources available for cryptoprocessors. For example, lowcost RFID requires an area
with a total of 1000–10,000 gates, of which only 200–2000 gates can be used for cryptographic
services ^{(2)}. In such a constrained environment, conventional cryptographic algorithms are unsuitable.
Even the lowarea design of the advanced encryption standard (AES) ^{(3)}, which is a widely used symmetric block cipher, requires at least approximately 2000
gates ^{(4)}. Therefore, lightweight cryptographic algorithms with a smaller size and lower power
consumption than conventional ones have been proposed in recent years.
Lightweight cryptographic algorithms are divided into the following classes: stream
ciphers, block ciphers, hash functions, and message authentication codes (MACs). Among
these, we focused on the hardware implementation of block ciphers and investigated
the suitability of hardware block ciphers for IoT sensors depending on the communication
method. The contributions of this study are as follows
We analyzed the performance requirements of block ciphers for IoT sensors.
We implemented lightweight block ciphers under the same conditions for a fair comparison
Based on our performance requirements and implementation results, we determined the
suitability of lightweight block ciphers for IoT sensors.
Table 1. Block sizes, key sizes, the number of rounds, network types and operations
of lightweight block ciphers
Algorithm

Block size

Key size

Rounds

Network type

Key storing

Operations

SIMON ^{(5)}

32, 48, 64,
96, 128

64, 72, 96, 128,
144, 192, 256

30–72

Feistel1:2$^a$

O

ARX (AND, Rotation, XOR)

SPECK ^{(5)}

22–34

Feistellike

O

ARX (Addition, Rotation, XOR)

SIMECK ^{(6)}

32, 48, 64

64, 96, 128

30, 36, 44

Feistel1:2$^a$

O

ARX (AND, Rotation, XOR)

CHAM ^{(7)}

64, 128

128, 256

80, 96

Feistel1:4$^a$

X

ARX (Addition, Rotation, XOR)

LED ^{(8)}

64

64, 80, 128

32, 48

SPN

X

ARK, AC, SC, SR, MCS$^b$

Piccolo ^{(9)}

64

80, 128

25, 31

Feistel2:4$^a$

X

Sbox, Diffusion, XOR, Permutation

TWINE ^{(10)}

64

80, 128

36

Feistel8:16$^a$

O

Sbox, XOR, Permutation

$^a$Feistel$x$:$y$ is a Feistel structure with $y$ branches and $x$ round functions
$^b$AddRoundKey, AddConstants, SubCells, ShiftRows, and MixColumnsSerial, respectively
Because the throughput and power consumption required by IoT sensors largely depend
on their communication methods, we investigated popular communication methods that
are used for IoT sensors, such as ultrahighfrequency (UHF) and high frequency (HF)
RFID, and their performance requirements. IoT sensors with RFID are widely used in
various fields; for example, logistics monitoring sensors in the emanufacturing system
^{(11)}, realtime biosensors reporting patients' status in healthcare ^{(12)}, and smartdust sensors ^{(13)} collecting various environmental data. Since most of these IoT sensors use limited
power generated by RFID, they have simple microcontrollers, small memory, sensing
modules, RFID modules, and security modules.
In addition, to allow for fair performance comparison, we implemented lightweight
block ciphers in hardware using the same applicationspecific integrated circuit (ASIC)
technology library instead of simply referencing other researchers’ results obtained
using different fieldprogrammable gate array (FPGA) families ^{(14,}^{15)} or using different ASIC technology libraries for performance comparison ^{(16}^{20)}. Our performance requirements and implementation results show which block ciphers
deliver the best performance and which block ciphers are suitable for IoT sensors.
Table 2. The common operations in the block ciphers
Operation

Description

⊕

Bitwise exclusiveor (XOR)

⊞

Modular addition

$ROL_i$

ibit left rotate shift

$ROR_j$

j bit right rotate shift

The organization of this paper is as follows. Section II describes the lightweight
block ciphers we discuss in this paper. Section III explains the hardware structure
of these cyphers. Section IV presents the performance required for IoT sensors using
RFID communication, the implementation results of block ciphers, and their suitability
for IoT sensors using RFID communication. Finally, Section V concludes this paper.
II. PRELIMINARIES
In this section, we describe lightweight block ciphers that are suitable for hardware
implementation, including SIMON ^{(5)}, SPECK ^{(5)}, SIMECK ^{(6)}, CHAM ^{(7)}, LED ^{(8)}, Piccolo ^{(9)}, and TWINE ^{(10)}, but excluding RC5 ^{(21)}, TEA ^{(22)} and XTEA ^{(23)}, which are designed for constrained software environments. The information of these
ciphers is summarized in Table 1. The common block and key sizes in Table 1 are 64 and 128 bits, respectively, and their structure for these sizes is represented
in Fig. 1. Compared to AES, which has 128bit block size and 128, 196, and 256bit key sizes,
the lightweight block ciphers have shorter blocks and key sizes and simpler operations
as shown in Table 2, and the security strength that may be weakened by shorter keys and simpler operations
is compensated by more rounds. For example, AES requires 10 rounds for the 128bit
key, whereas lightweight block ciphers require more than 20 rounds for the same key
size, where the key size typically represents the security strength.
Fig. 1. Encryption structure of (a) SIMON and SIMECK, (b) SPECK, (c) CHAM, (d) LED,
(e) Piccolo, (f) TWINE.
▪ SIMON and SPECK ^{(5)} support various lengths of block and key sizes: 32, 48, 64, 96, and 128 bits for
the block size and 64, 72, 96, 128, 144, 192, and 256 bits for the key size. Both
block ciphers have two branches, but the Feistellike structure of SPECK does not
rotate the branches at each round, as shown in Fig. 1(b), which differs from the classical Feistel structure of SIMON, as shown in Fig. 1(a). In addition, SIMON has 44 rounds and performs AND, rotation, and XOR operations,
whereas SPECK has 27 rounds and performs an addition instead of an AND operation.
Details of their operations are listed in Table 3.
▪ SIMECK ^{(6)} is similar to SIMON, except that it supports fewer block and key sizes than SIMON,
and the number of rounds is different, as shown in Table 1 and Fig. 1(a). The round function is slightly different, as detailed in Table 3.
▪ CHAM ^{(7)} is a 64 and 128bit block cipher, which uses 128 and 256bit key sizes. CHAM has
a fourbranch Feistel structure, which is shown in Fig. 1(c) and performs addition, rotation, and XOR operations, as listed in Table 4. CHAM has 80 and 96 rounds. CHAM has key scheduling; however, round keys can be calculated
immediately from the input key value. Consequently, CHAM does not need flipflops
(FFs) to store key values that are updated during key scheduling.
Fig. 2. Serialbased structure of (a) SIMON and SIMECK, (b) TWINE.
▪ LED ^{(8)} is a 64bit block cipher with a 64, 80, or 128bit key and has 48 rounds. Among
the lightweight block ciphers covered in this paper, only LED has a substitution permutation
network (SPN) structure. The encryption structure of LED is shown in Fig. 1(d). The structure and transformations of LED are similar to those of AES, which is one
of the most popular block ciphers and has an SPN structure. The most significant difference
from AES is that LED has no key scheduling. LED directly selects and uses some bits
from the key input at each round; thus, like CHAM, LED does not require key storing
FFs.
▪ Piccolo ^{(9)} is a 64bit block cipher with an 80 or 128bit key and has 25 or 31 rounds depending
on the key size. Piccolo has a Feistel structure with four branches and two round
functions. Each round function performs XOR and FFunction operations. An FFunction,
expressed as $F_{0}(x)$ in Table 5, has two Sbox layers and a diffusion function, and each Sbox layer consists of
four 4bit Sboxes. After the round function, 64bit data are divided into 8bit subblocks,
and the subblocks are permutated. The entire structure of encryption is shown in
Fig. 1(e). Similar to CHAM and for the same reason, Piccolo does not require keystoring FFs.
▪ TWINE ^{(10)} is a 64bit block cipher with an 80 or 128bit key and the structure is similar
to Piccolo, as shown in Fig. 1(f). Only the number of rounds, branches, and round functions are different, and TWINE
has simpler round functions, which consist of XOR and Sbox. Details of its round
operations are listed in Table 5.
Table 3. Round operations of SIMON, SPECK, and SIMECK
Algorithm

$L_{i+1}$

$R_{i+1}

SIMON$^1$

$f_0 (L_i )⊕R_i⊕k_i$

$L_i$

SPECK

$(ROR_α (L_i )+R_i )⊕k_i$

$L_(i+1)⊕ROL_β (R_i)$

SIMECK$^2$

f_1 (L_i )⊕R_i⊕k_i

$L_i$

$^{1}f_0 (X)=(ROL_1 (X)\text{&}ROL_8 (X))⊕ROL_2 (X)$
$^{2}f_1 (X)=(L_i\text{&}ROL_5 (L_i ))⊕ROL_1 (L_i )$
Table 4. Round operations of CHAM
Algorithm

$X_{i+1, 0}$

$X_{i+1,1}$

$X_{i+1,2}

$X_{i+1,3}$

CHAM$^1$

$X_{i,1}$

$X_{i,2}$

$X_{i,3}$

$f(X_{i,0},X_{i,1},k_{i})$

$^{1}f(X_{i,0},X_{i,1},k_i )=ROL_b ((X_{i,0}⊕C_i )+(k_i⊕ROL_a (X_{i,1} ))))$ where
$(a,b)=(1,8)$ for odd rounds and $(a,b)=(8,1)$ for even rounds
Table 5. Round operations of LED, Piccolo, and TWINE
Algorithm

Round operation

LED$^{1,2,4}$

\begin{array}{c}
X_{i, 0}^{\prime}=S\left(k_{i, 0} \oplus X_{i, 0} \oplus C_{0}\right) \\
\ldots \\
X_{i, 15}^{\prime}=S\left(k_{i, 15} \oplus X_{i, 15} \oplus C_{15}\right) \\
X_{i+1,0}\ldots X_{i+1,15}=M C\left(S R\left(X_{i, 0}^{\prime}\ldots X_{i, 15}^{\prime}\right)\right.
\end{array}

Piccolo$^{1,2}$

\begin{array}{c}
X_{i, 1}^{\prime}=X_{i, 1} \oplus F_{0}\left(X_{i, 0}\right) \oplus r k_{2 i} \\
X_{i, 3}^{\prime}=X_{i, 3} \oplus F_{0}\left(X_{i, 2}\right) \oplus r k_{2 i+1} \\
X_{i+1,0}\leftX_{i+1,1}\right \ldots\leftX_{i+1,3}=R P\left(X_{i, 0}\leftX_{i,
1}^{\prime}\right X_{i, 2} \mid X_{i, 3}^{\prime}\right)\right.
\end{array}

TWINE$^{1,3}$

\begin{aligned}
X_{i, 2 j+1}^{\prime}=& S\left(X_{i, 2 j} \oplus r k_{i}\right) \oplus X_{i, 2 j+1}
\\
& \text { for } 0 \leq j<8 \\
X_{i+1,0}\ldots X_{i+1,15}=& R P\left(X_{i, 0}\leftX_{i, 1}^{\prime}\right \ldots\leftX_{i,
14}\right X_{i, 15}^{\prime}\right)
\end{aligned}

$^1$$AB$: concatenation of $A$ and $B$
$^2$$MC(SR(X))$ where MC is MixColumns and SR is Shift Rows
$^3$$F_0 (X)=SL(DF(SL(X)))$ where SL is Sbox layer and DF is a diffusion function
$^4$$S(X)$ is 4bit Sbox
Table 6. Compared hardware requirement of frequency type
Band

Range (m)

Operating freq. (MHz)

Throughput (kbps)*

Power (μW)

Prioritized performance

UHF (866 to 960 MHz)

3 to 10

1.5 to 2.5

> 1641

< 20 @ 2 MHz

High speed

HF (13.56 MHz)

< 0.1

0.1

> 3.56

< 22.5 @ 100 kHz

Low cost

*1641 kbps = 64 bits × 2 MHz / 78 clock cycles ^{(24)}, and 3.56 kbps = 64 bits / 18 ms ^{(25)}.
Table 7. Implementation results of round and serialbased structure for 64bit block
size and 128bit key size
Algorithm

Our results (Roundbased)

Our results (Serialbased)

Area (GE) in other research

Area
(GE)

TP
(kbps)

Power
(μW)

Area
(GE)

TP
(kbps)

Power
(μW)

Reference

Tech.
(nm)

Round
based

Serial
based

@ 2 MHz

@ 100 kHz

@ 2 MHz

@ 100 kHz

@ 2 MHz

@ 100 kHz

@ 2 MHz

@ 100 kHz

SIMON

1728

2666

133.33

24.00

1.38

1203

83.33

4.17

18.10

1.04

DAC ’15 ^{(5)}

IBM 130

1415

958

SPECK

1968

4129

206.45

23.00

1.38

1263

68.97

3.45

17.70

1.02

DAC ’15 ^{(5)}

IBM 130

1658

996

SIMECK

1689

2666

133.33

22.60

1.35

1191

83.33

4.17

18.00

1.04

CHES ’15 ^{(6)}

IBM 130

1365

924

CHAM$^{NK}$

928

1600

80

12.04

0.60

742

100

5

8.22

0.41

ICISC ’17 ^{(7)}

IBM 130

826

665

LED$^{NK}$

1658

2666

133.33

17.67

0.88

1022

68.38

3.42

9.70

0.59

CHES ’11 ^{(8)}

UMC 180

3036

1265

Piccolo$^{NK}$

1539

3878

193.93

17.00

1.08

913

242.42

12.12

9.00

0.55

CHES ’11 ^{(9)} $^{NK}$

130

1197

758

TWINE

1783

3555

177.77

22.60

1.35

1552

396.3

19.81

20.89

1.04

SAC ’12 ^{(10)}

90

1866



$^{NK}$has no FF for storing key
III. HARDWARE STRUCTURE OF CIPHERS
This section presents two of the hardware structures of the lightweight block ciphers
shown in Table 1 with a 128bit key and 64bit block sizes: roundbase structure and serialbased
structure. The roundbased structure processes each round operation for each clock
cycle; however, the serialbased structure uses a minimal bit size operator to reduce
the required resources.
1. Roundbased Structure of Lightweight Block Ciphers
SIMON and SIMECK have a classical Feistel network, which has two branches, and one
diffusion function. Although the network type of SPECK is not exactly classical Feistel,
SPECK also has two branches, and its structure is very similar to that of both SIMON
and SIMECK. These three block ciphers perform rotating shifts $(ROL_x$ and $ROR_x)$,
$XOR (⊕)$, and addition (+) operations. Fig. 1 shows their structure, and Table 3 lists their round operations on the two branches, $L_i$ and $R_i$ for the ith round.
In LED, the intermediate result is expressed as a state consisting of 4 × 4 subblocks
as in AES, but the subblock size is 4bit instead of 8bit. Similar to AES, LED performs
AddRoundKey using XOR, SubCells using 4bit Sboxes, ShiftRows using rotated shifts,
and MixColumnsSerial using XOR. An additional operation, AddConstants adds constant
values generated by a linear feedback shift register.
CHAM, Piccolo, and TWINE also have the Feistel network but have more than two branches,
i.e., 4, 4, and 16, respectively. The round operations of CHAM are listed in Table 4, and those of Piccolo, TWINE are presented in Table 5, where $X_{i,j}$ is the jth branch of the ith round, and $k_x$ and $rk_x$ is
the scheduled key for each round. $F_0 (X)$ in Piccolo is diffusion functions, including
eight 4bit Sboxes and XORs. $RP(x) $ in Piccolo and TWINE denotes round permutation
functions, which are split $x$ by 16 and 4 bits, respectively, and mix.
2. Serialbased Structure of Lightweight Block Ciphers
In the serialbased structure of SIMON, SPECK, SIMECK, and CHAM, certain bits are
selected and operated to generate one new bit per clock, and the newly generated bit
is appended to the left of the block by shifting the existing bits to the right by
1 bit. This is allowed because the bitwise operation, addition, and rotation operations
can easily be performed on a bitbybit basis. Fig. 2(a) shows the serialbased structure of SIMON and SIMECK ^{(5,}^{6)}. CHAM and SPECK, which also have addrotateXOR(ARX) operations, can be implemented
in a similar structure ^{(5,}^{7)}.
TWINE, Piccolo, and LED use 4bit Sboxes, thus these ciphers process four bits instead
of one bit during each clock cycle. Fig. 2(b) shows our serialbased structure of TWINE with the 128bit key size we designed because
previously ^{(10)}, serialbased TWINE only used an 80bit key. Our serialbased structure of TWINE
only uses a single 4bit Sbox and two 4bit XOR operations. Block mixing is performed
in the Permutation layer. Piccolo and LED can be implemented in a similar structure
^{(8,}^{9)}.
IV. IMPLEMENTATION RESULTS
This section describes the performance requirements for IoT sensors that use RFID
communication and presents the results of our implementation. Based on these requirements
and results, we determined the suitability of lightweight block ciphers for IoT sensors
that use RFID communication.
1. Performance Required for Two Types of RFID
UHF RFID ranges from 3 m to 10 m when used without a battery. This long range allows
UHF RFID to communicate with distant sensors. On the contrary, HF RFID has a very
short range of up to 0.1 m; however, HF is not problematic with regard to tissue burning
or power absorption by tissue in human bodies ^{(26)}. Hence, HF RFID is suitable for biosensors.
Table 6 presents the throughput and power consumption of UHF and HF RFID. UHF RFID is commonly
used for highspeed applications, and its required maximum latency is 78 clock cycles
at 2 MHz ^{(24)}. Hence, ciphers require throughput higher than 1641 kbps without which IoT sensors
that use RFID communication may be ineffective. In addition, the average power consumption
should be less than 10 μW/MHz, that is, 20 μW at 2 MHz.
In contrast, in the case of HF RFID, area and power consumption are more important
than speed. According to the HF RFID standard ^{(27)}, the upper bound of the response time for the challenge is 320 μs. This means that
the block cipher must process one encryption in 32 clock cycles at 100 kHz, the operating
frequency of HF RFID. It is very difficult for lightweight block ciphers to encrypt
the challenge in such a short response time. However, Feldhofer et al. ^{(25)} proposed a new HF RFID protocol with a much longer response time of 18 ms. With the
use of this protocol ^{(25)}, the lower bound of throughput is 3.56 kbps when one 64bit block has to be processed
in the response time. If there is more than one block, the lower bound will increase.
In addition, the average power consumption should be less than 22.5 μW at 100 kHz
^{(25)}.
Table 8. Compared gate count of technology library
Used technology

GE

D Flipflop

XOR

MUX

Magna 180 nm (this work)

5.66

2.67

2.67

IBM 130 nm in ^{(5)}, ^{(6)}, ^{(7)}

4.25

2.00

2.25

UMC 180 nm in ^{(8)}

4.67

2.67

2.67

130 nm in ^{(9)}

4.50

2.25

2.00

90 nm in ^{(10)}

5.50





As for the area, the exact required values have rarely been specified. Although the
upper limit of the area of a block cipher was indicated to be 2000 gates ^{(24)}, this number is likely to decrease with time. Attempts have been made to reduce the
chip size of biosensors. For example, the glucose sensor chip designed by Buettner
et al. ^{(13)} has a sensing unit with a size of 0.01 mm$^{2}$, which is much smaller than the size
of 0.15 mm$^{2}$ that was previously used ^{(26)}. Although our research is not concerned with the area of block ciphers, these efforts
to reduce the area of biosensor chips are expected to also require the block cipher
to become increasingly smaller.
2. Implementation Results
We implemented the lightweight block ciphers listed in Table 1 using the same Magna 180nm CMOS process technology library. The round and serialbased
implementation results are presented in Table 7. All roundbased ciphers have an area of less than 2000 GE, and all serialbased
ciphers have an area of less than 1600 GE. According to our implementation results,
CHAM has the smallest area and lowest power consumption for both round and serialbased
structures.
The implementation results obtained in other studies are also included in Table 7. Compared with these results, most of our area results are 20–30 % larger. However,
this is not due to our inefficient implementation, but the difference in the technology
library. Table 8 lists the gate equivalents of selected gates such as D flipflop, 2input XOR, and
2input MUX from various technology libraries. As is clear from Table 8, the standard cells of the Magna 180nm library we used have GEs that are 19–33 %
larger than those of the technology libraries used in related studies ^{(5}^{7,}^{9)}. This could explain why we obtained a larger area for Piccolo, SIMON, SPECK, SIMECK,
and CHAM than that in other research. In contrast, the area we obtained for LED and
TWINE is smaller than that in other research. In fact, our roundbased LED is approximately
45 % smaller than the results of Guo et al. ^{(8)}. In addition to the differences among libraries, our results could be explained by
considering that we implemented our LED without FFs for storing the key in contrast
to Guo et al. ^{(8)}. Our implementation result of serialbased TWINE is the first result that uses a
128bit key because Suzaki et al. ^{(10)} only provides the result of serialbased TWINE for the 80bit key.
3. Suitability of Lightweight Block Ciphers Implemented on Hardware for IoT Sensors
Based on the above performance requirements and implementation results, only roundbased
Piccolo and LED are suitable for IoT sensors using the entire operating frequency
range of UHF RFID communication. CHAM is also available but is valid at clock frequencies
of 2.06 MHz and higher because of throughput. Piccolo, LED, and CHAM are similar in
that they do not need to update key values during key scheduling, thereby obviating
the need for key FF. Although other roundbased ciphers satisfy the throughput requirement,
they do not meet the requirements in terms of power consumption. None of the serialbased
ciphers are suitable owing to their low throughput.
For HF RFID communication, all roundbased block ciphers satisfy the performance requirements,
and their serialbased design would be preferable because of their lower cost and
power consumption. Although the throughput of certain serialbased block ciphers such
as LED and SPECK is insufficient, their throughput can be increased by splitting their
ARX operations into units larger than one bit, according to an existing approach ^{(5)}, or by using more than one Sbox. This means that serialbased LED and SPECK are
also suitable if they process more data per clock cycle by compromising the area increase.
V. CONCLUSIONS
We analyzed the performance requirements of RFID communications and implemented various
lightweight block ciphers in ASIC. Instead of referring to the results of the previous
study, we have reimplemented all the block ciphers including serialbased TWINE with
128bit key, which has not been not included in the previous study, and we used the
same Magna 180nm CMOS process technology. Our implementation results enabled us to
compare the performance of lightweight block ciphers under the same conditions. In
addition, we determined their suitability for IoT sensors that use RFID communication.
According to our performance requirements and implementation results, roundbased
Piccolo and LED are suitable for all operating frequencies of UHF RFID communication,
whereas roundbased CHAM is only suitable for UHF RFID communication at 2.06 MHz and
higher frequencies. Unlike other block ciphers, the advantage of these three block
ciphers is that they do not need keys to be stored. When HF RFID is used, all roundbased
lightweight block ciphers are suitable; in addition, the use of their serialbased
designs is also considered to minimize cost and power consumption.
ACKNOWLEDGMENT
This work was partially supported by Institute for Information & communications Technology
Planning & Evaluation (IITP) grant funded by the Korea government (MSIT) (No.2020000215,
The Development of H/W Vulnerability Assessment Technologies Against Supplychain
Attacks). The chip fabrication and EDA tool were supported by the IC Design Education
Center (IDEC), Korea. The corresponding author is Dong Kyue Kim.
REFERENCES
Kong W., Kim D. K., 2018, Hardware Implementation and Performance Comparison of Various
Lightweight Block Ciphers, The Institute of Electronics and Information Engineers,
Conference on, Vol. pp. 4748, pp. jun.
Juels A., Weis S. A., 2005, Authenticating Pervasive Devices with Human Protocols,
in Annual International Cryptology Conference, pp. 293308
2001, FIPS 197 Advanced encryption standard (AES), National Institute of Standards
and Technology
Mathew S., IEEE Journal of, 340 mV–1.1 V, 289 Gbps/W, 2090gate nanoAES hardware accelerator
with areaoptimized encrypt/decrypt GF (24)2 polynomials in 22 nm trigate CMOS, SolidState
Circuits
Beaulieu R., 2015, The SIMON and SPECK lightweight block ciphers, Design Automation
Conference, pp. 16
Yang G., 2015, The simeck family of lightweight block ciphers, Cryptographic Hardware
and Embedded Systems, Vol. international workshop on, pp. 307329
Koo B., 2017, CHAM: a family of lightweight block ciphers for resourceconstrained
devices., International Conference on. Springer, Cham, pp. 325
Guo J., Peyrin T., Poschmann A., Robshaw M., 2011, The LED Block Cipher, Cryptographic
Hardware and Embedded Systems, International Workshop on, pp. 326341
Shibutani K., 2011, Piccolo: an ultralightweight blockcipher, Cryptographic Hardware
and Embedded Systems, International Workshop on, pp. 342357
Suzaki T., Minematsu K., Morioka S., Kobayashi E., 2012, TWINE: A Lightweight Block
Cipher for Multiple Platforms, Selected Areas in Cryptography, International Conference
on, pp. 339354
Gamal Darwish, ElShafee Ahmed, Darwish Dina, 2011, Requirements and Design of RFID
based EManufacturing System., World Academy of Science, Engineering and Technology
Y. I. N. Yuehong, 2016, The internet of things in healthcare: An overview, Journal
of Industrial Information Integration, pp. 313
Buettner M., Greenstein B., Sample A., Smith J. R., Wetherall D., 2008, Revisiting
smart dust with RFID sensor networks, in Proceedings of the 7th ACM Workshop on Hot
Topics in Networks (HotNetsVII)
Diehl W., Abdulgadir A., Kaps J.P., Gaj K., 2018, Comparing the cost of protecting
selected lightweight block ciphers against differential power analysis in lowcost
FPGAs, Computers, Vol. 7, No. 2
William Diehl, 2017, Comparison of hardware and software implementations of selected
lightweight block ciphers., International Conference on, pp. 14
Bhardwaj I., Kumar A., Bansal M., 2017, A review on lightweight cryptography algorithms
for data security and authentication in IoTs, Signal Processing, Computing and Control,
International Conference on, pp. 504509
Hatzivasilis G., Fysarakis K., Papaefstathiou I., Manifavas C., 2017, A review of
lightweight block ciphers, Cryptographic Engineering, Journal of, pp. 141184
Philip M. A., 2017, A survey on lightweight ciphers for IoT devices, Technological
Advancements in Power and Energy, International Conference on, pp. 14
Biryukov A., Perrin L. P., 2017, State of the art in lightweight symmetric cryptography,
Cryptology ePrint Archive
Sadhukhan R., 2017, An Evaluation of Lightweight Block Ciphers for ResourceConstrained
Applications: Area, Performance, and Security, Hardware and Systems Security, Journal
of, Vol. 1, No. 3, pp. 203218
Rivest R. L., 1994, The RC5 encryption algorithm., Fast Software Encryption, International
Workshop on, Springer, pp. 8696
Wheeler D. J., Needham R. M., 1994, TEA, a tiny encryption algorithm., Fast Software
Encryption, International Workshop on, pp. 363366
Needham R. M., Wheeler D. J., 1997, Tea extensions., Report (Cambridge University,
Cambridge, UK, 1997) Google Scholar
Saarinen M.J. O., Engels D. W., 2012, A doitallcipher for rfid: Design requirements,
IACR Cryptology ePrint Archive
Feldhofer M., Dominikus S., Wolkerstorfer J., 2004, Strong authentication for RFID
systems using the AES algorithm, Cryptographic Hardware and Embedded Systems, International
Workshop on, pp. 357370
Xiao Z., 2015, An implantable RFID sensor tag toward continuous glucose monitoring,
biomedical and health informatics, IEEE Journal of, Vol. 19, No. 3, pp. 910919
2003, [27] International Organization for Standardization, ISO/IEC 180003, Information
Technology AIDC Techniques — RFID for Item Management
Author
Wonbae Kong received the B.S. degree in Electronic Engineering from Hanyang University
in 2015.
He is currently a Ph.D. student in the Department of Electronic Engineering at Hanyang
University, Korea.
Piljoo Choi received the B.S., M.S., and Ph.D. degrees in Electronic Engineering from
Hanyang University in 2010, 2012, and 2017, respectively.
He is currently an assistant professor in the Department of IT Convergence and Application
Engineering at Pukyong National University, Korea.
Dong Kyue Kim received the B.S., M.S., and Ph.D. degrees in Computer Engineering from
Seoul National University in 1992, 1994, and 1999, respectively.
From 1999 to 2005, he was an assistant professor in the Division of Computer Science
and Engineering at Pusan National University.
He is currently a full professor in the Department of Electronic Engineering at Hanyang
University, Korea.