Cryptography Reference
In-Depth Information
A Lightweight 256-Bit Hash Function for
Hardware and Low-End Devices: Lesamnta-LW
Shoichi Hirose
1
, Kota Ideguchi
2
, Hidenori Kuwakado
3
,ToruOwada
2
,
Bart Preneel
4
,andHirotakaYoshida
2
,
4
1
Graduate School of Engineering, University of Fukui
3-9-1, Bunkyo, Fukui 910-8507, Japan
2
Systems Development Laboratory, Hitachi, Ltd.
292 Yoshida-cho, Totsuka-ku, Yokohama, Kanagawa 244-0817, Japan
3
Graduate School of Engineering, Kobe University
1-1 Rokkodai, Nada, kobe 657-8501, Japan
4
Department of Electrical Engineering ESAT/SCD-COSIC,
Katholieke Universiteit Leuven
Kasteelpark Arenberg 10, B-3001 Heverlee, Belgium
Abstract.
This paper proposes a new lightweight 256-bit hash func-
tion Lesamnta-LW with claimed security levels of at least 2
120
with re-
spect to collision, preimage, and second preimage attacks. We adopt
the Merkle-Damg ard domain extension; the compression function is con-
structed from a dedicated AES-based block cipher using the LW1 mode,
for which a security reduction can be proven. In terms of lightweight im-
plementations, Lesamnta-LW offers a competitive advantage over other
256-bit hash functions. Our size-optimized hardware implementation of
Lesamnta-LW requires only 8.24 Kgates on 90 nm technology. Our soft-
ware implementation of Lesamnta-LW requires only 50 bytes of RAM
and runs fast on short messages on 8-bit CPUs.
Keywords:
Hash functions, lightweight cryptography, security reduc-
tion proofs.
1
Introduction
The next decade will witness an ever growing demand for applications using small
electronic devices such as sensor nodes, RFID tags and smart devices. These
devices have to cope with security problems such as confidentiality, and more
importantly, authentication and privacy. The key tools to develop these applica-
tions are lightweight cryptographic algorithms which can be implemented under
restricted resources, such as low-cost, low-energy, or low-power environments.
Lightweight cryptographic algorithms such as PRESENT [11], H-PRESENT [12],
KATAN [14], MAME [45], SQUASH [41] and QUARK [2] have been proposed to
target these environments. The lightweight symmetric-key encryption algorithms
attract users for providing very compact authentication using MACs.
Among these cryptographic techniques, we argue that cryptographic hash
functions are of particular importance because hash functions are needed in
Search WWH ::
Custom Search