Are there recommended modes of operation for lightweight ciphers?

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
3
down vote

favorite
1












There are many recommended modes of operation for block ciphers as described by NIST here, e.g. for DES and AES.



However, I am struggling to find any for lightweight ciphers. I am particularly interested in modes of operation for PRESENT, Clefia and other standardised lightweight ciphers, and why they are suggested.






modes-of-operation lightweight present







share|improve this question

















  • 3




    I'm not directly an expert on this, but common sense says to me that it mainly depends on the block size. The key size and internal structure of the block cipher has preciously little influence on the mode of operation: the block cipher just needs to be secure. PRESENT seems to have a block size of 64 bit, making the use of PRESENT in CTR mode and most authenticated modes of security a rather tricky endeavor (you could say that 64 bit block size is a rather big drawback in general, and you might want to consider lightweight stream ciphers as well).
    – Maarten Bodewes
    4 hours ago







  • 1




    There is only one I found A MAC Mode for Lightweight Block Ciphers
    – kelalaka
    3 hours ago






  • 1




    According to this slide NIST research idaed; New dedicated proposals,... new modes of operations
    – kelalaka
    2 hours ago














up vote
3
down vote

favorite
1












There are many recommended modes of operation for block ciphers as described by NIST here, e.g. for DES and AES.



However, I am struggling to find any for lightweight ciphers. I am particularly interested in modes of operation for PRESENT, Clefia and other standardised lightweight ciphers, and why they are suggested.






modes-of-operation lightweight present







share|improve this question

















  • 3




    I'm not directly an expert on this, but common sense says to me that it mainly depends on the block size. The key size and internal structure of the block cipher has preciously little influence on the mode of operation: the block cipher just needs to be secure. PRESENT seems to have a block size of 64 bit, making the use of PRESENT in CTR mode and most authenticated modes of security a rather tricky endeavor (you could say that 64 bit block size is a rather big drawback in general, and you might want to consider lightweight stream ciphers as well).
    – Maarten Bodewes
    4 hours ago







  • 1




    There is only one I found A MAC Mode for Lightweight Block Ciphers
    – kelalaka
    3 hours ago






  • 1




    According to this slide NIST research idaed; New dedicated proposals,... new modes of operations
    – kelalaka
    2 hours ago












up vote
3
down vote

favorite
1









up vote
3
down vote

favorite
1






1





There are many recommended modes of operation for block ciphers as described by NIST here, e.g. for DES and AES.



However, I am struggling to find any for lightweight ciphers. I am particularly interested in modes of operation for PRESENT, Clefia and other standardised lightweight ciphers, and why they are suggested.






modes-of-operation lightweight present







share|improve this question













There are many recommended modes of operation for block ciphers as described by NIST here, e.g. for DES and AES.



However, I am struggling to find any for lightweight ciphers. I am particularly interested in modes of operation for PRESENT, Clefia and other standardised lightweight ciphers, and why they are suggested.






modes-of-operation lightweight present




modes-of-operation lightweight present






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked 4 hours ago









Red Book 1

439414




439414







  • 3




    I'm not directly an expert on this, but common sense says to me that it mainly depends on the block size. The key size and internal structure of the block cipher has preciously little influence on the mode of operation: the block cipher just needs to be secure. PRESENT seems to have a block size of 64 bit, making the use of PRESENT in CTR mode and most authenticated modes of security a rather tricky endeavor (you could say that 64 bit block size is a rather big drawback in general, and you might want to consider lightweight stream ciphers as well).
    – Maarten Bodewes
    4 hours ago







  • 1




    There is only one I found A MAC Mode for Lightweight Block Ciphers
    – kelalaka
    3 hours ago






  • 1




    According to this slide NIST research idaed; New dedicated proposals,... new modes of operations
    – kelalaka
    2 hours ago












  • 3




    I'm not directly an expert on this, but common sense says to me that it mainly depends on the block size. The key size and internal structure of the block cipher has preciously little influence on the mode of operation: the block cipher just needs to be secure. PRESENT seems to have a block size of 64 bit, making the use of PRESENT in CTR mode and most authenticated modes of security a rather tricky endeavor (you could say that 64 bit block size is a rather big drawback in general, and you might want to consider lightweight stream ciphers as well).
    – Maarten Bodewes
    4 hours ago







  • 1




    There is only one I found A MAC Mode for Lightweight Block Ciphers
    – kelalaka
    3 hours ago






  • 1




    According to this slide NIST research idaed; New dedicated proposals,... new modes of operations
    – kelalaka
    2 hours ago







3




3




I'm not directly an expert on this, but common sense says to me that it mainly depends on the block size. The key size and internal structure of the block cipher has preciously little influence on the mode of operation: the block cipher just needs to be secure. PRESENT seems to have a block size of 64 bit, making the use of PRESENT in CTR mode and most authenticated modes of security a rather tricky endeavor (you could say that 64 bit block size is a rather big drawback in general, and you might want to consider lightweight stream ciphers as well).
– Maarten Bodewes
4 hours ago





I'm not directly an expert on this, but common sense says to me that it mainly depends on the block size. The key size and internal structure of the block cipher has preciously little influence on the mode of operation: the block cipher just needs to be secure. PRESENT seems to have a block size of 64 bit, making the use of PRESENT in CTR mode and most authenticated modes of security a rather tricky endeavor (you could say that 64 bit block size is a rather big drawback in general, and you might want to consider lightweight stream ciphers as well).
– Maarten Bodewes
4 hours ago





1




1




There is only one I found A MAC Mode for Lightweight Block Ciphers
– kelalaka
3 hours ago




There is only one I found A MAC Mode for Lightweight Block Ciphers
– kelalaka
3 hours ago




1




1




According to this slide NIST research idaed; New dedicated proposals,... new modes of operations
– kelalaka
2 hours ago




According to this slide NIST research idaed; New dedicated proposals,... new modes of operations
– kelalaka
2 hours ago










1 Answer
1






active

oldest

votes

















up vote
4
down vote













When using lightweight ciphers, the block size can make a huge difference to security. Fortunately, there has been a lot of work in recent years on tight bounds for modes of operations, and methods for going beyond the birthday bound. These modes are not stated as being especially for lightweight ciphers, so don't search for that. However, there is no doubt that when using lightweight ciphers with block sizes smaller than 128, then different modes of operation are needed (of course, depending on how much you want to encrypt). Here are three examples of work to look at (and the references therein):



  1. CENC is Optimally Secure

  2. New Blockcipher Modes of Operation with Beyond the Birthday Bound Security

  3. Better Bounds for Block Cipher Modes of Operation via Nonce-Based Key Derivation





share|improve this answer






















    Your Answer




    StackExchange.ifUsing("editor", function ()
    return StackExchange.using("mathjaxEditing", function ()
    StackExchange.MarkdownEditor.creationCallbacks.add(function (editor, postfix)
    StackExchange.mathjaxEditing.prepareWmdForMathJax(editor, postfix, [["$", "$"], ["\\(","\\)"]]);
    );
    );
    , "mathjax-editing");

    StackExchange.ready(function()
    var channelOptions =
    tags: "".split(" "),
    id: "281"
    ;
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function()
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled)
    StackExchange.using("snippets", function()
    createEditor();
    );

    else
    createEditor();

    );

    function createEditor()
    StackExchange.prepareEditor(
    heartbeatType: 'answer',
    convertImagesToLinks: false,
    noModals: false,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: null,
    bindNavPrevention: true,
    postfix: "",
    noCode: true, onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    );



    );













     

    draft saved


    draft discarded


















    StackExchange.ready(
    function ()
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcrypto.stackexchange.com%2fquestions%2f63410%2fare-there-recommended-modes-of-operation-for-lightweight-ciphers%23new-answer', 'question_page');

    );

    Post as a guest

















    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes








    up vote
    4
    down vote













    When using lightweight ciphers, the block size can make a huge difference to security. Fortunately, there has been a lot of work in recent years on tight bounds for modes of operations, and methods for going beyond the birthday bound. These modes are not stated as being especially for lightweight ciphers, so don't search for that. However, there is no doubt that when using lightweight ciphers with block sizes smaller than 128, then different modes of operation are needed (of course, depending on how much you want to encrypt). Here are three examples of work to look at (and the references therein):



    1. CENC is Optimally Secure

    2. New Blockcipher Modes of Operation with Beyond the Birthday Bound Security

    3. Better Bounds for Block Cipher Modes of Operation via Nonce-Based Key Derivation





    share|improve this answer


























      up vote
      4
      down vote













      When using lightweight ciphers, the block size can make a huge difference to security. Fortunately, there has been a lot of work in recent years on tight bounds for modes of operations, and methods for going beyond the birthday bound. These modes are not stated as being especially for lightweight ciphers, so don't search for that. However, there is no doubt that when using lightweight ciphers with block sizes smaller than 128, then different modes of operation are needed (of course, depending on how much you want to encrypt). Here are three examples of work to look at (and the references therein):



      1. CENC is Optimally Secure

      2. New Blockcipher Modes of Operation with Beyond the Birthday Bound Security

      3. Better Bounds for Block Cipher Modes of Operation via Nonce-Based Key Derivation





      share|improve this answer
























        up vote
        4
        down vote










        up vote
        4
        down vote









        When using lightweight ciphers, the block size can make a huge difference to security. Fortunately, there has been a lot of work in recent years on tight bounds for modes of operations, and methods for going beyond the birthday bound. These modes are not stated as being especially for lightweight ciphers, so don't search for that. However, there is no doubt that when using lightweight ciphers with block sizes smaller than 128, then different modes of operation are needed (of course, depending on how much you want to encrypt). Here are three examples of work to look at (and the references therein):



        1. CENC is Optimally Secure

        2. New Blockcipher Modes of Operation with Beyond the Birthday Bound Security

        3. Better Bounds for Block Cipher Modes of Operation via Nonce-Based Key Derivation





        share|improve this answer














        When using lightweight ciphers, the block size can make a huge difference to security. Fortunately, there has been a lot of work in recent years on tight bounds for modes of operations, and methods for going beyond the birthday bound. These modes are not stated as being especially for lightweight ciphers, so don't search for that. However, there is no doubt that when using lightweight ciphers with block sizes smaller than 128, then different modes of operation are needed (of course, depending on how much you want to encrypt). Here are three examples of work to look at (and the references therein):



        1. CENC is Optimally Secure

        2. New Blockcipher Modes of Operation with Beyond the Birthday Bound Security

        3. Better Bounds for Block Cipher Modes of Operation via Nonce-Based Key Derivation






        share|improve this answer














        share|improve this answer



        share|improve this answer








        edited 40 mins ago

























        answered 2 hours ago









        Yehuda Lindell

        17k2854




        17k2854



























             

            draft saved


            draft discarded















































             


            draft saved


            draft discarded














            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcrypto.stackexchange.com%2fquestions%2f63410%2fare-there-recommended-modes-of-operation-for-lightweight-ciphers%23new-answer', 'question_page');

            );

            Post as a guest
































































            Comments

            Post a Comment

            Popular posts from this blog

            Long meetings (6-7 hours a day): Being “babysat” by supervisor

            Image
            Clash Royale CLAN TAG #URR8PPP .everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty margin-bottom:0; up vote 31 down vote favorite 4 I hold a PhD in mechanical engineering with a 7 year background in self-guided, self-paced research including 2 years as a graduate level course instructor and a subject matter expert for various engineering projects in a university setting in the United States. For the last 10-11 months, I am working in a research industry in France where my task is to debug C++ spaghetti code written over a period of several years by my current supervisor. It is a team of 2: just I and my supervisor. Diurnally, I am posed with a "bug of the day" to get out of this C++ code. My supervisor generally gives me about 15-30 minutes to solve it and then accosts me about whether or not the task is completed and then rinses and repeats this until the end of the day. Off-late, my supervisor has been holding 6-7 hour long "meetin
            Read more

            Is the Concept of Multiple Fantasy Races Scientifically Flawed? [closed]

            Image
            Clash Royale CLAN TAG #URR8PPP up vote 2 down vote favorite Many fantasy worlds have multiple humanoid species (elves, orcs, humans, etc) living in the same world, in addition to that, they often have the ability to interbreed. And I can't help but question their believability... fantasy-races reproduction interspecies-relations share | improve this question edited Aug 9 at 14:46 Michael Kjörling ♦ 21.1k 10 85 161 asked Aug 9 at 13:13 Chlodio 118 6 closed as unclear what you're asking by MichaelK, Gryphon, John, Vincent, Frostfyre Aug 9 at 15:25 Please clarify your specific problem or add additional details to highlight exactly what you need. As it's currently written, it’s hard to tell exactly what you're asking. See the How to Ask page for help clarifying this question. If this question can be reworded to fit the rules in the help center, please edit the question. 3 Stack Exchange exist to
            Read more

            Confectionery

            Image
            Prepared foods made with a lot of sugar or other cabohydrates "Sweetmeat" redirects here. For the racehorse, see Sweetmeat (horse). Not to be confused with Sweetbread. This Kransekake is a traditional Scandinavian baker's confection. Confectionery is the art of making confections , which are food items that are rich in sugar and carbohydrates. Exact definitions are difficult. [1] In general, though, confectionery is divided into two broad and somewhat overlapping categories, bakers' confections and sugar confections. [2] Bakers' confectionery, also called flour confections , includes principally sweet pastries, cakes, and similar baked goods. Sugar confectionery includes candies ( sweets in British English), candied nuts, chocolates, chewing gum, bubble gum, pastillage, and other confections that are made primarily of sugar. In some cases, chocolate confections (confections made of chocolate) are treated as a separate category, as are sugar-free versions of
            Read more