Recent Advances and Trends in Lightweight Cryptography for IoT Security Nilupulee A. Gunathilake, Ahmed Al-Dubai, William J. Buchanan School of Computing, Edinburgh Napier University, United Kingdom nilupulee.gunathilake@napier.ac.uk, a.al-dubai@napier.ac.uk, b.buchanan@napier.ac.uk Abstract—Lightweight cryptography is a novel diversion from conventional cryptography to minimise its high level of resource requirements, thus it would impeccably fit in the internet-of- things (IoT) environment. The IoT platform is constrained in terms of physical size, internal capacity, other storage allocations like RAM/ROM and data rates. The devices are often battery powered, hence maintenance of the charged energy at least for a few years is essential. However, provision of sufficient security is challenging because the existing cryptographic methods are too heavy to adopt in the IoT. Consequently, an interest arose in the recent past to construct new cryptographic algorithms in a lightweight scale, but the attempts are still struggling to gain robustness against improved IoT threats and hazards. There exists a lack of literature studies to offer overall and up- to-date knowledge on lightweight cryptography. Therefore, this effort is to bridge the areas in the subject by summarising the content we explored during our complete survey recently. This work contains the development of lightweight cryptographic al- gorithms, its current advancements and futuristic enhancements. In contrast, this covers the history, parametric limitations of the invented methods, research progresses of cryptology as well as cryptanalysis. Index Terms—IoT, lightweight cryptography, side-channel at- tack I. I NTRODUCTION In modern cryptography, AES (Advanced Encryption Stan- dard), DES (Data Encryption Standard) and RSA (Rivest- Shamir-Adleman) are effective in general purpose comput- ing due to their compatibility with the resource require- ments, i.e., high-end processors, large internal capacities in Giga/TeraByte, etc. The nature of the internet-of-things (IoT) is quite distinct because of its constrained resource management, i.e., low-end processors, small data rates in kbps, etc. Therefore, execution of the conventional methods on IoT devices would cause degradation of device performance and/or malfunction over the overall application deliverables, i.e., fast battery drainage, high latency, etc. Thus, a whole new perspective of cryptographic vision towards lightweight inventions for IoT security is crucial. The interest in lightweight cryptography has been there in research for about ten years now. Nevertheless, the con- ventional cryptography also initially began on a lightweight scale a few decades back, compatible with the very first microprocessor which was 4b, i.e., A5/1, CMEA, DSC, etc [1]. Each of those method was either broken or reverse engineered eventually, due to simplicity of their operations. IoT threats and hazards are probably much more advanced and sophisticated, hence the aim must be increased security for decreased resource requirements. In contrast, safety as- surance over IoT transmission technologies/protocols is an unavoidable necessity for accurate encryption/decryption and encoding/decoding, i.e., ZigBee, BLE, LoRaWAN, etc. Lightweight cryptography is categorised as symmetric, asymmetric and hash. In the present, many symmetric and hash implementations are available to try in practical systems, i.e., PRESENT, KLEIN, PHOTON, etc., whereas a few asym- metric algorithms are accessible in comparison, i.e., elliptic light (ELLI) derived from elliptic curve cryptography (ECC). Because of the difficulties associated with traditional public key methods in such a constrained platform, it is extremely challenging to innovate ways to gain asymmetric adaptability. Even so, researchers continue to conduct asymmetric ap- proaches in order to provide a better quality-of-service (QoS) via post-quantum 1 as well as lattice-based 2 cryptography, i.e., cryptoGPS, ALIKE, etc. The predictions in 2000s were that it would be problematic to implement lightweight hash functions, but hybrid tech- niques via a combination of conventional hash methods and lightweight block ciphers would be a solution [2]. However, several lightweight hash inventions have been introduced the- oretically later, yet their performance to be verified practically. There has been an immense attention given to block ciphers from the beginning, and stream ciphers became trending after a while. Moreover, sponge-based (SP) hash/message authentication code (MAC), individual authenticated ciphers (authenticated encryption - AE), SP based AE and block cipher (BC) based AE are available in academic and industrial researches [3]. Fig.1 illustrates the scale of the lightweight algorithms published from 1994 – 2019. Lightweight cryptography is subdivided considering its ap- plications/limitations as follows [4]; • Ultra-lightweight: Tailored in specific areas of the al- gorithm, i.e., selected microcontrollers (μC)/cipher sec- tions/operations – PRESENT, Grain (low gate count in hardware), Quarma (low latency in hardware) and Chaskey (high speed on μCs) • Ubiquitous lightweight: Compatible with wide variety of platforms, i.e., 8b to 32b μCs – Ascon, GIMLI and 1 cryptographic primitives that involve quantum phenomena 2 cryptographic primitives that involve lattices 978-3-903176-31-7 © 2020 IFIP