Are there recommended modes of operation for lightweight ciphers?
Clash Royale CLAN TAG#URR8PPP
up vote
3
down vote
favorite
There are many recommended modes of operation for block ciphers as described by NIST here, e.g. for DES and AES.
However, I am struggling to find any for lightweight ciphers. I am particularly interested in modes of operation for PRESENT, Clefia and other standardised lightweight ciphers, and why they are suggested.
modes-of-operation lightweight present
add a comment |Â
up vote
3
down vote
favorite
There are many recommended modes of operation for block ciphers as described by NIST here, e.g. for DES and AES.
However, I am struggling to find any for lightweight ciphers. I am particularly interested in modes of operation for PRESENT, Clefia and other standardised lightweight ciphers, and why they are suggested.
modes-of-operation lightweight present
3
I'm not directly an expert on this, but common sense says to me that it mainly depends on the block size. The key size and internal structure of the block cipher has preciously little influence on the mode of operation: the block cipher just needs to be secure. PRESENT seems to have a block size of 64 bit, making the use of PRESENT in CTR mode and most authenticated modes of security a rather tricky endeavor (you could say that 64 bit block size is a rather big drawback in general, and you might want to consider lightweight stream ciphers as well).
â Maarten Bodewes
4 hours ago
1
There is only one I found A MAC Mode for Lightweight Block Ciphers
â kelalaka
3 hours ago
1
According to this slide NIST research idaed; New dedicated proposals,... new modes of operations
â kelalaka
2 hours ago
add a comment |Â
up vote
3
down vote
favorite
up vote
3
down vote
favorite
There are many recommended modes of operation for block ciphers as described by NIST here, e.g. for DES and AES.
However, I am struggling to find any for lightweight ciphers. I am particularly interested in modes of operation for PRESENT, Clefia and other standardised lightweight ciphers, and why they are suggested.
modes-of-operation lightweight present
There are many recommended modes of operation for block ciphers as described by NIST here, e.g. for DES and AES.
However, I am struggling to find any for lightweight ciphers. I am particularly interested in modes of operation for PRESENT, Clefia and other standardised lightweight ciphers, and why they are suggested.
modes-of-operation lightweight present
modes-of-operation lightweight present
asked 4 hours ago
Red Book 1
439414
439414
3
I'm not directly an expert on this, but common sense says to me that it mainly depends on the block size. The key size and internal structure of the block cipher has preciously little influence on the mode of operation: the block cipher just needs to be secure. PRESENT seems to have a block size of 64 bit, making the use of PRESENT in CTR mode and most authenticated modes of security a rather tricky endeavor (you could say that 64 bit block size is a rather big drawback in general, and you might want to consider lightweight stream ciphers as well).
â Maarten Bodewes
4 hours ago
1
There is only one I found A MAC Mode for Lightweight Block Ciphers
â kelalaka
3 hours ago
1
According to this slide NIST research idaed; New dedicated proposals,... new modes of operations
â kelalaka
2 hours ago
add a comment |Â
3
I'm not directly an expert on this, but common sense says to me that it mainly depends on the block size. The key size and internal structure of the block cipher has preciously little influence on the mode of operation: the block cipher just needs to be secure. PRESENT seems to have a block size of 64 bit, making the use of PRESENT in CTR mode and most authenticated modes of security a rather tricky endeavor (you could say that 64 bit block size is a rather big drawback in general, and you might want to consider lightweight stream ciphers as well).
â Maarten Bodewes
4 hours ago
1
There is only one I found A MAC Mode for Lightweight Block Ciphers
â kelalaka
3 hours ago
1
According to this slide NIST research idaed; New dedicated proposals,... new modes of operations
â kelalaka
2 hours ago
3
3
I'm not directly an expert on this, but common sense says to me that it mainly depends on the block size. The key size and internal structure of the block cipher has preciously little influence on the mode of operation: the block cipher just needs to be secure. PRESENT seems to have a block size of 64 bit, making the use of PRESENT in CTR mode and most authenticated modes of security a rather tricky endeavor (you could say that 64 bit block size is a rather big drawback in general, and you might want to consider lightweight stream ciphers as well).
â Maarten Bodewes
4 hours ago
I'm not directly an expert on this, but common sense says to me that it mainly depends on the block size. The key size and internal structure of the block cipher has preciously little influence on the mode of operation: the block cipher just needs to be secure. PRESENT seems to have a block size of 64 bit, making the use of PRESENT in CTR mode and most authenticated modes of security a rather tricky endeavor (you could say that 64 bit block size is a rather big drawback in general, and you might want to consider lightweight stream ciphers as well).
â Maarten Bodewes
4 hours ago
1
1
There is only one I found A MAC Mode for Lightweight Block Ciphers
â kelalaka
3 hours ago
There is only one I found A MAC Mode for Lightweight Block Ciphers
â kelalaka
3 hours ago
1
1
According to this slide NIST research idaed; New dedicated proposals,... new modes of operations
â kelalaka
2 hours ago
According to this slide NIST research idaed; New dedicated proposals,... new modes of operations
â kelalaka
2 hours ago
add a comment |Â
1 Answer
1
active
oldest
votes
up vote
4
down vote
When using lightweight ciphers, the block size can make a huge difference to security. Fortunately, there has been a lot of work in recent years on tight bounds for modes of operations, and methods for going beyond the birthday bound. These modes are not stated as being especially for lightweight ciphers, so don't search for that. However, there is no doubt that when using lightweight ciphers with block sizes smaller than 128, then different modes of operation are needed (of course, depending on how much you want to encrypt). Here are three examples of work to look at (and the references therein):
- CENC is Optimally Secure
- New Blockcipher Modes of Operation with Beyond the Birthday Bound Security
- Better Bounds for Block Cipher Modes of Operation via Nonce-Based Key Derivation
add a comment |Â
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
4
down vote
When using lightweight ciphers, the block size can make a huge difference to security. Fortunately, there has been a lot of work in recent years on tight bounds for modes of operations, and methods for going beyond the birthday bound. These modes are not stated as being especially for lightweight ciphers, so don't search for that. However, there is no doubt that when using lightweight ciphers with block sizes smaller than 128, then different modes of operation are needed (of course, depending on how much you want to encrypt). Here are three examples of work to look at (and the references therein):
- CENC is Optimally Secure
- New Blockcipher Modes of Operation with Beyond the Birthday Bound Security
- Better Bounds for Block Cipher Modes of Operation via Nonce-Based Key Derivation
add a comment |Â
up vote
4
down vote
When using lightweight ciphers, the block size can make a huge difference to security. Fortunately, there has been a lot of work in recent years on tight bounds for modes of operations, and methods for going beyond the birthday bound. These modes are not stated as being especially for lightweight ciphers, so don't search for that. However, there is no doubt that when using lightweight ciphers with block sizes smaller than 128, then different modes of operation are needed (of course, depending on how much you want to encrypt). Here are three examples of work to look at (and the references therein):
- CENC is Optimally Secure
- New Blockcipher Modes of Operation with Beyond the Birthday Bound Security
- Better Bounds for Block Cipher Modes of Operation via Nonce-Based Key Derivation
add a comment |Â
up vote
4
down vote
up vote
4
down vote
When using lightweight ciphers, the block size can make a huge difference to security. Fortunately, there has been a lot of work in recent years on tight bounds for modes of operations, and methods for going beyond the birthday bound. These modes are not stated as being especially for lightweight ciphers, so don't search for that. However, there is no doubt that when using lightweight ciphers with block sizes smaller than 128, then different modes of operation are needed (of course, depending on how much you want to encrypt). Here are three examples of work to look at (and the references therein):
- CENC is Optimally Secure
- New Blockcipher Modes of Operation with Beyond the Birthday Bound Security
- Better Bounds for Block Cipher Modes of Operation via Nonce-Based Key Derivation
When using lightweight ciphers, the block size can make a huge difference to security. Fortunately, there has been a lot of work in recent years on tight bounds for modes of operations, and methods for going beyond the birthday bound. These modes are not stated as being especially for lightweight ciphers, so don't search for that. However, there is no doubt that when using lightweight ciphers with block sizes smaller than 128, then different modes of operation are needed (of course, depending on how much you want to encrypt). Here are three examples of work to look at (and the references therein):
- CENC is Optimally Secure
- New Blockcipher Modes of Operation with Beyond the Birthday Bound Security
- Better Bounds for Block Cipher Modes of Operation via Nonce-Based Key Derivation
edited 40 mins ago
answered 2 hours ago
Yehuda Lindell
17k2854
17k2854
add a comment |Â
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcrypto.stackexchange.com%2fquestions%2f63410%2fare-there-recommended-modes-of-operation-for-lightweight-ciphers%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
3
I'm not directly an expert on this, but common sense says to me that it mainly depends on the block size. The key size and internal structure of the block cipher has preciously little influence on the mode of operation: the block cipher just needs to be secure. PRESENT seems to have a block size of 64 bit, making the use of PRESENT in CTR mode and most authenticated modes of security a rather tricky endeavor (you could say that 64 bit block size is a rather big drawback in general, and you might want to consider lightweight stream ciphers as well).
â Maarten Bodewes
4 hours ago
1
There is only one I found A MAC Mode for Lightweight Block Ciphers
â kelalaka
3 hours ago
1
According to this slide NIST research idaed; New dedicated proposals,... new modes of operations
â kelalaka
2 hours ago