Lightweight cryptography (LWC)

Lightweight cryptographic algorithms

The goal of lightweight cryptography (LWC) is to provide security and privacy in resource-constrained applications, embedded systems, Internet-of-Things (IoT), and cyber physical systems, including Radio Frequency Identification (RFID) systems, wireless sensor networks, vehicle ad-hoc networks, and healthcare. Recently, NIST has initiated a process towards standardizing lightweight cryptographic algorithms.

For instance, RFID is one of the most promising technologies, which has applications in supply chain management, e-passport, contactless cards, and identification system. In the RFID systems, there is a tension between security, flexibility, and rigidity. For instance, in a passive RFID system, the tags harvest power from the reader. Many of the algorithms (e.g., AES) in such system are resource heavy.

In many applications, one cryptographic primitive is not enough to secure the entire system. It is reasonable to assume that the available chip area dedicated for the security purpose should be used for encryption, authentication, hash computation, and possibly pseudorandom bit generation, which are the basic functionalities required by a security protocol.

Our goals:

  • Design lightweight cryptographic algorithms with the sole aim at providing a realistic minimal design.
  • Our main objective for a minimal design is to provide as many cryptographic primitives as possible.

NIST LWC standardization

We have designed four lightweight authenticated encryption with associated data (AEAD) algorithms, and one lightweight hash algorithms. Each algorithm is designed while keeping tragated applications in mind. The algorithms are round 1 candidates in the NIST LWC project. Currently, all four ciphers are in round 2 candidates, announced on August 30, 2019. 


  • AEAD: 128-bit key, 128-bit tag

  • Hash: 256-bit output


  • AEAD: 128-bit key, 128-bit tag


  • AEAD: 128-bit key, 128-bit tag


  • AEAD: 128-bit key, 128-bit tag