May 9, 2022
Johann Großschädl - University of Luxembourg
The NIST LightWeight Cryptography (LWC) selection process aims to standardise cryptographic functionality which is suitable for resource-constrained devices. Since the outcome is likely to have significant, long-lived impact, careful evaluation of each submission with respect to metrics explicitly outlined in the call is imperative. Beyond the robustness of submissions against cryptanalytic attack, metrics related to their implementation (e.g., execution latency and memory footprint) form an important example. Aiming to provide evidence allowing richer evaluation with respect to such metrics, this paper presents the design, implementation, and evaluation of Instruction Set Extensions (ISEs) for nine of the ten LWC final round submissions, namely Ascon, Elephant, GIFT-COFB, Grain-128AEADv2, PHOTON-Beetle, Romulus, Sparkle, TinyJAMBU, and Xoodyak. We use RISC-V as the base instruction set architecture, but argue the analysis and designs offer more general insight. Our experimental results show that the more hardware-oriented candidates can achieve a higher speed-up through ISE than the more software-oriented ones, but nonetheless the latter still outperform the former in terms of throughput.
LWC Workshop 2022