A Review on FPGA Implementation of Lightweight

Cryptography for Wireless Sensor Network

Sreehari B1, Vinayak Sankar2, Roshan Silvester Lopez3, Vaishnav K S4, Dr. Celine Mary Stuart5
Department of Electronics and Communication Engineering
Government Engineering College, Thrissur
Thrissur, Kerala
1krizcapsreehari18@gmail.com, 2vnksnkr@gmail.com, 3silvesterroshan1@gmail.com, 4vaishnavks12@gmail.com,
5celinestuart@gectcr.ac.in

Abstract— Wireless sensor networks (WSNs) have become monitoring, video surveillance, and industrial automation
increasingly popular in recent years due to their ability to systems. In this modern era, IoT is getting bigger and the
remotely monitor and gather data in a variety of applications. number of devices in the network is increasing. A large
The frequent exchange of confidential data over the network number of users will be connected to a common network
makes WSNs vulnerable to various attacks that can threaten
their security. To mitigate these attacks security services such
where a lot of private and sensitive information will be
as confidentiality, authentication, and integrity is required. transmitted, like patient data being sent and received in
The interacting devices in the network can be authenticated smart health monitoring systems, military information etc
and the transmitted data can be protected using encryption [3]. This draws attention to the security of WSNs. It is
methods. As WSNs are resource-limited, it is a challenge to necessary to enhance the security and privacy associated
develop and implement an encryption algorithm that is secure with such networks, and conventional security measures
and resource-efficient. The National Institute of Standards will not be sufficient.
and Technology (NIST) initiated the lightweight Some main limitations and challenges in securing
cryptography (LWC) project to standardize lightweight WSNs are limited resources, key management, and lack of
cryptography algorithms, useful for constrained
environments where current standards are not acceptable.
standardization. Security in WSNs depends heavily on the
Lightweight cryptographic algorithms are designed to hardware used, physical security, and measures taken to
provide adequate security and performance while not being protect the data transmitted over the network [4]. Software
computationally very expensive. The combination of techniques like authentication and action control are not
cryptographic algorithms with hardware can significantly sufficient to secure these networks and systems and
increase the security level, efficiency, and lifetime of the traditional hardware techniques are computationally
sensor node. This paper presents a comparative study of the demanding. Effective hardware implementations in WSNs
NIST LWC finalists, evaluating the top variants based on will result in lower area and power consumption [5].
design and FPGA benchmarking metrics such as block size,
performance parameters, and security. All of the ciphers were
implemented and tested on Xilinx Artix-7 FPGA. Finally, the A. Security requirements in Wireless Sensor Network
paper discusses some optimization measures and future
The lack of security and the wireless nature of WSNs
directions for the use of lightweight cryptographic
coprocessors in WSNs. leave them exposed to various security attacks. Security
attacks can be classified into two, passive and active
Keywords— Cryptography, Security, Wireless Sensor attacks. In a passive attack, the attacker monitors and
Network, Lightweight Cryptography, NIST LWC, FPGA listens to the network. A few examples of passive attacks
are eavesdropping, traffic analysis, and camouflage
I. INTRODUCTION adversaries where the attacker can infiltrate the network by
A Wireless Sensor Network (WSN) is a network of acting like a normal node [6].
wireless sensor nodes equipped with sensors to record and In an active attack, the data is modified by the intruder
monitor physical or environmental conditions. These during the data transmission. A few examples are Denial of
sensor nodes are small and inexpensive with limited Service (DoS) attacks, jamming, tampering attacks, and
resources. Security concerns regarding WSNs have arisen routing attacks. In routing attacks, the intruder targets and
and the need for effective countermeasures is more attacks the network layer. The secure routing protocols
important than ever. Security will be a significant issue due should provide security services like authentication and
to the system's openness and the objects' real and virtual integrity. Some popular routing attacks in WSNs are
accessibility from everywhere [1]. wormhole attacks, blackhole attacks, Sybil attacks, and
In recent years, there have been significant man-in-the-middle attacks [7]. These are some common yet
developments and advancements in the field of WSNs. threatening attacks in the field of wireless Ad Hoc
Developments in the application of WSNs in various networks.
sectors include health care, agriculture, the military, and Security services are a necessity for WSNs to safeguard
much more [2]. Developments in integrating WSNs with themselves from dangerous attacks. The security
other devices are very closely linked and related to Internet requirements in WSNs can be categorized into
of Things (IoT). Wireless sensor networks (WSNs) have confidentiality, authentication, and integrity [8].
become an integral part of the (IoT) ecosystem, enabling • Confidentiality: WSNs should ensure that
the development of smart cities, smart grids, health transmitted data is only accessible to authorized

979-8-3503-3446-3/23/$31.00 ©2023 IEEE

 parties. Confidentiality prevents unauthorized also shown that when compared to popular symmetric
access. algorithms like RC5 and Skipjack, AES performs better in
• Authentication: WSNs should ensure that only terms of energy efficiency and security, two very important
authorized users can access the network. The metrics in WSNs. AES performs very well in both software
authenticity of a message can be ensured by and hardware implementations. AES is a block cipher and
authenticating its origin. it repeatedly performs four functions in several rounds
• Integrity: WSNs should ensure that transmitted depending on the length of the key, the functions are
data has not been tampered with or altered in any SubBytes, ShiftRows, MixColumns, and Add Round Keys.
way. Integrity ensures that information has not Among the functions, MixColumns is the most complex
been modified by an unauthorized third party. and important function as it creates diffusion. MixColumns
requires computational operation and this can lead to
higher utilization of the resources [10]. Although AES
B. Cryptography in Wireless Sensor Network provides good security, this is not suitable for these devices
There are various methods and techniques to make as it requires large memory [11].
WSNs secure. Cryptography is a technique in which the A less resource-hungry, lightweight algorithm could
plaintext/data is encrypted to ciphertext for secure resolve the problem, and the NIST has recommended
transmission. Cryptography protects the data being lightweight cryptography which provides the same level of
transmitted in the network and it is the basic defence security and acceptable performance on WSNs [12]. It is
mechanism for any wireless Ad Hoc network and therefore, important to note that cryptography alone cannot be a
applies to WSN [9]. complete solution for security in wireless sensor networks.
In cryptography, there are two types of encryptions, It should be used in combination with other security
symmetric and asymmetric. In symmetric cryptography, measures, such as security protocols and physical security
the same key is used for both the encryption and decryption measures, to provide a comprehensive security solution.
of data. This method of encryption is extremely secure and The combination of cryptographic algorithms with
relatively fast. Asymmetric key encryption uses two keys, hardware has the potential to significantly increase the
private and public keys for communication between the security level in resource-limited systems [13].
sender and receiver. The public key is used to encode the This paper is organized as follows: Section II discusses
message and the private key is used to decode it. Public Lightweight Cryptography, its development, and its
keys can be shared freely, while private keys are kept secret advantages. Section Ⅲ provides a comparative analysis
and only known to the receiver. In both types of and classification of the NIST Lightweight Cryptography
encryptions, the encryption key is a string of bits that is Finalists. Section Ⅳ highlights the future scope and
used to encode and decode the message. The length of the research challenges. Finally, section Ⅴ draws the
key determines the strength of the encryption, with longer conclusions of this paper.
keys providing stronger protection against attacks.
Asymmetric cryptography (usually used in wireless
communication) is relatively expensive when it comes to II. LIGHTWEIGHT CRYPTOGRAPHY
WSNs as it requires more computation and overhead. Lightweight cryptography (LWC) is a developing field
Efficient symmetric cryptographic algorithms are preferred that aims to be efficient in terms of computational
instead as they are superior to asymmetric algorithms in resources and memory usage to provide protection and
terms of speed and low energy cost [4]. security for devices with limited resources. [14-15].
Rivest-Shamir-Adleman (RSA) algorithm, ECC When compared to conventional cryptography
(Elliptical Curve Cryptography), and Discrete Logarithms schemes these techniques and protocols have significantly
are some examples of public key algorithms. Generally, lower computational and communication overhead,
asymmetric or public key encryption performs better for making them ideal for WSNs. Lightweight cryptography
wireless communications in terms of security. As WSNs contributes to reducing the silicon area and energy
work with limited resources, the aim is to use an algorithm consumption overheads which can extend the lifetime of
with high computational speed that requires less storage the sensor node while still providing necessary security
and less power with reasonable security. Symmetric key services such as confidentiality, authenticity, and integrity
algorithms consume much lesser energy and are faster but [16]. Lightweight ciphers manage to achieve this as a
the challenge here is in handling/distributing the shared key result of their design having smaller block sizes, key sizes,
as it is necessary to ensure that the shared key is securely and less complex rounds [17].
transmitted to all of the nodes in the network. Lightweight cryptography algorithms are designed by
Advanced Encryption Standard (AES) is one of the keeping AES as standard, as it is the block cipher standard
most popular and standard symmetric cryptographic approved by NIST. Lightweight DES and lightweight AES
algorithms. AES is standardized by the National Institute are some symmetric approaches but they are
of Standards and Technology (NIST) therefore it is the computationally expensive and not effective against the
safest and preferred cipher for embedded devices and man-in-the-middle attack [18-19]. A few asymmetric
WSNs. AES is a widely adopted cipher that is very strong approaches are ECC and RSA but again computationally
and can resist most attacks. Among the ciphers like Data expensive [20-21]. These primitive algorithms are not
Encryption Standard (DES), 3DES, RSA, AES, and efficient enough to be used in WSNs.
Blowfish it has been shown that AES performs better in PRESENT is a lightweight block cipher that is
terms of avalanche effect, this validates that AES should be standardized by International Organization for
used where confidentiality and integrity are crucial. It is
Standardization/International Electrotechnical HIL (Hardware-in-the-Loop) setup with multiple MCU
Commission (ISO/IEC) and NIST. PRESENT is designed (Microcontroller Unit) platforms and architectures. This
to reduce the area and due to this PRESENT performs framework was able to evaluate the performance (speed)
flawlessly in resource-constrained devices while providing and memory requirements of the algorithms. In [31]
a high level of security [22]. Along with PRESENT, hardware implementations of these algorithms were
SPONGENT, AES-CCM (Counter with CBC-MAC), and, performed and for the benchmarking study Xilinx Artix-7,
Hummingbird are some of the popular lightweight block Intel Cyclone 10 LP, and ECP5 from Lattice
ciphers available now [22-23]. Semiconductor FPGAs were used. Such hardware
According to [16] lightweight algorithms require implementation can be later integrated into WSN in the
reduced area and energy overhead in systems resulting in a form of ASIC either as a separate coprocessor or as a part
3.4% increase in the lifespan of the sensor node. From of the main microcontroller.
studies in [24-28], it is evident that lightweight FPGA benchmarking of these algorithms has been
cryptographic algorithms provide security for WSNs done in [31]. The hardware design for the different LWC
through security services such as authentication, algorithms was done by different teams, this includes the
confidentiality, integrity, etc. Cryptographic Engineering Research Group (CERG),
NIST has taken many initiatives to standardize George Mason University, USA (GMU), TinyJAMBU
lightweight cryptography. One of NIST's major initiatives Team (TJT), Xoodyak Team (XT), and a few more.
in this area is the Competition for Authenticated Multiple teams benchmarked multiple algorithms like
Encryption: Security, Applicability, and Robustness Ascon, Xoodyak, etc. Ascon_GMU and Xoodyak_GMU
(CAESAR) competition, a multi-year effort to identify and refer to the variants of Ascon and Xoodyak designed by the
standardize new lightweight encryption algorithms that are GMU team [31]. Different hardware description languages
secure, efficient, and easy to implement. CAESAR was (HDL) such as Bluespec, Verilog, and VHDL were used by
launched in 2014 and ended in 2017. NIST is currently in these teams to design the algorithms. The data used to
the process of standardizing lightweight cryptography classify these algorithms in TABLE Ⅰ, TABLE Ⅱ, and Fig.
through its NIST Lightweight Cryptography project. The 1 are obtained from the results of [30-31].
LWC project aims to address the need for lightweight TABLE Ⅰ gives an overview of the design features of
cryptographic solutions that can be used in a variety of the variants of NIST LWC finalists with the highest
applications. The competition is run in several stages and throughput per area (LUTs) ratio. Different variants of
rounds, and after two rounds of evaluation and shortlisting, these algorithms correspond to different parameter sets
it is now in its final round of evaluation. (such as block size, key size, etc.), support Authenticated
Encryption with Associated Data (AEAD), AEAD + Hash,
and different hardware architectures. The different
III. NIST LIGHTWEIGHT CRYPTOGRAPHY FINALISTS hardware architectures include basic iterative, folded,
This section provides a comparative analysis of the top unrolled, and pipelined architectures, etc. The reference
ten NIST lightweight cryptography finalists. The ten software column represents the version of the algorithm.
finalist algorithms are Ascon, Elephant, GIFT-COFB, Hardware implementation of Grain-128AEAD was not
Grain-128AEAD, ISAP, PHOTON-Beetle, Romulus, available due to the lack of protected implementation and
SPARKLE, TinyJAMBU, and Xoodyak. Comparisons of SPARKLE was not available due to lack of testing by any
these ciphers have been made; this gives way to a variety lab. In [31] various performance metrics of these
of different research directions in which further work can algorithms were evaluated for different sizes of inputs,
be done with these lightweight cryptographic algorithms. Associated Data (AD), Plain Text (PT), Cipher Text (CT),
Ascon, Elephant, ISAP, PHOTON-Beetle, Sparkle, and AD + PT, AD + CT, and hash messages through hardware
Xoodyak are some of the permutation-based ciphers with implementation. In this paper, the NIST LWC finalists
Ascon and Sparkle having a variable key size of 128-160 have been ranked by their throughput per area (LUT) ratio.
bits and 128-256 bits respectively. Elephant, ISAP, The top-ranked variants of the NIST LWC finalists have
PHOTON-Beetle, and Xoodyak have a key size of 128 bits. been classified in TABLE Ⅱ based on their block size,
GIFT-COFB is a tweakable block cipher with a key size of performance parameters, and security for encrypting 128-
128 bits. TinyJAMBU is a keyed permutation cipher with bit plaintext. All algorithms in TABLE Ⅱ are implemented
variable key sizes of 128-256 bits. Grain-128aead is the and tested on Xilinx Artix-7 FPGA by different design
only stream cipher out of the 10 finalists with a key size of groups and the results are taken directly from [31]. The key
128 bits. None of the finalist algorithms are broken by sizes for all of the classified variants are 128 bits.
third-party analysis. All of the NIST LWC finalist TABLE Ⅱ reflects that the TinyJAMBU_TJT-v3
algorithms have shown a good security margin against variant of the TinyJAMBU algorithm can be considered the
traditional cryptanalysis techniques such as linear and most efficient lightweight cryptographic algorithm design
differential analysis [29]. out of the 10 finalists with a high throughput per area ratio,
Software and hardware benchmarking of these moderate security, randomness, low power, and low area
algorithms have been done by different research groups to which is suitable for resource-constrained devices like
assist NIST. The NIST team encourages third parties to wireless sensor network nodes. TinyJAMBU [32] is one of
contribute to its initiative to standardize lightweight the most prominent CAESAR competitors. It is an AEAD
cryptography. The authors of [30] have performed the encryption method based on JAMBU with a block size of
software implementations of the NIST LWC finalists. The 32 bits. TinyJAMBU-128 uses a key and state which has a
software implementations are benchmarked using a custom 128-bit key length.
 TABLE I. OVERVIEW OF VARIANT DESIGN FEATURES

Hardware Variant Design

Algorithm Variant Name Reference Software HDL
Design Group feature

ASCON-128a, Bluespec
Ascon Ascon_GMU-v2 ascon-128av12 CERG, GMU
Basic iterative SystemVerilog

Elephant Elephant-v3 elephant160v1 CERG, GMU 4x Unrolled VHDL

GIFT-COFB_GMU- Bluespec
GIFT-COFB giftcofb128v1 CERG, GMU 4x Unrolled
v3 SystemVerilog

Institute of Applied Information

ISAP ISAP-v2 Isapk128av20 Processing and Communications, Two-pass, Folded VHDL
TU Graz, Austria

photonbeetleaead128rat Supports
PHOTON-Beetle PHOTON-Beetle-v1 CERG, GMU VHDL
e128v1 AEAD + Hash

Romulus-Team,
Symmetric Key and Lightweight
Two-Round
Romulus Romulus-v2 romulusn1v12 Cryptography Lab (SyLLab), Verilog
architecture
Nanyang Technological
University, Singapore

128-step
TinyJAMBU TinyJAMBU_TJT-v3 tinyjambu128 TinyJAMBU Team VHDL
State update
Basic iterative
Bluespec
Xoodyak Xoodyak_GMU2-v1 xoodyakv1 CERG, GMU 384-bit datapath
SystemVerilog
AEAD + Hash

The keyed permutation’s major component is a GIFT-COFB [34] is a lightweight cryptography

nonlinear feedback register (NFSR). The NFSR is used to algorithm based on the GIFT block cipher and it supports
keep the current state up to date. The number of rounds can authenticated encryption. It is a 40-round substitution
be 640 or 1024 depending on the algorithm’s operation permutation network (SPN) cipher with a 128-bit key and
phase. One unique aspect of the NFSR's feedback primitive it does not require expensive inverse operations to decrypt,
is that it can process 32 updates in parallel on a 32-bit CPU. instead, it uses efficient bitwise operations such as XOR for
The encryption and decryption process in TinyJAMBU the permutation. The main round function of GIFT-128
involves four main steps: initialization, processing related consists of four phases initialization, cell substitution, bits
data, processing plaintext/ciphertext, and permutation, and round key addition. GIFT also requires a
finalization/verification. key scheduling mechanism and round constants parameter.
Ascon, GIFT-COFB, and Xoodyak are also highly XOODYAK [35] is a cryptographic primitive that can
efficient, having the highest throughput and security with a be used for AEAD encryption, hashing, pseudo-random bit
moderate area. Ascon [33] is a type of encryption generation, and other purposes. It uses the XOODO
algorithm that uses a 320-bit permutation structure and is permutation, which has a 384-bit internal state. The
optimized for use in both hardware and software. It has two algorithm itself is inspired by the Keccak-p permutation.
versions: Ascon-128 and Ascon-128a, which have data XOODYAK has a block size of 192 bits which is the
block sizes of 64 bits and 128 bits respectively, where these highest among the other competitors. The XOODYAK
parameters are fixed. The initial state of Ascon consists of specification does not provide much information about
the key and nonce, and the encryption and decryption practical cryptanalysis.
algorithms include a finalization phase to produce the It is being proved that the hardware implementations of
Message Authentication Code (MAC). Ascon-128 has cryptographic algorithms are more secure and faster than
better performance in terms of throughput since its software implementations. Low-complexity lightweight
operations are based on 64-bit words/block and only use block ciphers implemented on FPGAs have shown good
bit-wise operations. Ascon-128a shows better efficiency in performance [36-37]. Cryptographic coprocessors provide
the benchmarking as it takes less area (LUTs) compared to flexibility and security to modern embedded devices by
Ascon-128 [31]. The Ascon specification provides a accelerating cryptographic primitives [8]. The author of
detailed description of its design decisions and includes [38] designed a resource-shared crypto-coprocessor that
information on how to select the appropriate version of the achieved higher efficiency in terms of Throughput per Area
encryption for a given use case. It also includes a summary as well as a significant reduction in resource consumption.
of known attacks and the authors' analysis of the cipher’s To improve the security and lifespan of a wireless sensor
effectiveness. When the number of rounds is set to 12, the node, a coprocessor of the aforementioned NIST
complexity of these attacks is higher than 2128, which is lightweight cryptography variants can be implemented and
considered acceptable for resource-constrained situations. integrated with a sensor node.
 TABLE II. COMPARATIVE ANALYSIS OF NIST FINALISTS

Performance Throughput
Block Size Security
Algorithm Variant Name per
(bits) (bits)
Power Area (LUTs)
Area Throughput
At 75MHz
(LUTs) (Mbit/s)
(mW)
Ascon Ascon_GMU-v2 128 265 1790 644.2 0.359 128

Elephant Elephant-v3 160 427 1717 230.6 0.134 112

GIFT-COFB GIFT-COFB_GMU-v3 128 179 1641 601.4 0.366 128

ISAP ISAP-v2 64 287 2157 57.8 0.027 128

PHOTON-Beetle PHOTON-Beetle-v1 128 216 2065 284.8 0.138 121

Romulus Romulus-v2 128 131 1280 326.1 0.254 128

TinyJAMBU TinyJAMBU_TJT-v3 32 100 576 404.2 0.701 112

Xoodyak Xoodyak_GMU2-v1 192 160 1608 550.6 0.342 128

Fig. 1 shows the ranking of the NIST finalists variants direction should be to design a lightweight cipher in such a
based on the Throughput per Area (LUTs) ratio, which way that it provides fast confusion and diffusion in a
represents the cipher’s efficiency. These ciphers could be smaller number of rounds.
suitable for a variety of applications in the field of IoT.
V. CONCLUSION
In recent years, there has been significant progress in
the development of WSNs in the fields of health care,
military surveillance, industrial automation, banking, and
IoT, connecting a large number of users. In such
applications, a lot of private and sensitive data is being
transmitted over the network. Since resources, security, and
reliability are some of the major challenges in WSNs, it is
important to incorporate effective measures to overcome
these challenges. By encrypting network data,
cryptography can add a layer of security to WSNs. Since
power and chip area are two important design parameters
Fig. 1. NIST finalists ranked by Throughput per Area (LUTs) in resource-constrained systems, a cryptographic algorithm
that is secure, fast, and lightweight would drop resource
consumption drastically. Lightweight cryptography can
provide adequate security while consuming fewer
IV. FUTURE DIRECTIONS resources. The 10 NIST LWC finalists have been classified
Lightweight cryptography is still a growing field in the based on their FPGA benchmarking, which includes block
world of technology. A lot of research and experiments are size, performance metrics, and security. Hardware
being initiated and done by various research groups in implementations of cryptographic algorithms have shown
collaboration with NIST for the standardization of to be more efficient than software implementations, and
lightweight cryptography. One of the Ascon variants, this holds true for these algorithms as well. Through this
Ascon-80pq can provide a measure of resistance against classification, it is evident that out of the 10 finalists, the
quantum key-search. Hence, post-quantum cryptography hardware implementation of TinyJAMBU LWC will be
and encryption is an area where research and development best suited for providing reasonable security and
are happening in the field of lightweight cryptography. performance in WSNs. However, a cryptographic
Efficient lightweight algorithms that offer AEAD and coprocessor, when integrated with the wireless sensor
hashing can also be developed. Research is being node, could drastically improve the overall security and
conducted to understand and evaluate these algorithms performance of the system.
fully. It has been shown that larger rounds and key sizes
can affect the cipher’s performance and security [39]. REFERENCES
Research can be done in testing a different number of [1] H. Kupwade Patil and T. M. Chen, “Wireless Sensor Network
rounds, key sizes, block sizes, and key scheduling to attain Security,” Computer and Information Security Handbook. Elsevier,
optimum performance and security. So, the future research pp. 301–322, 2013.
[2] M. K. Singh, S. I. Amin, S. A. Imam, V. K. Sachan and A. Information Security Journal: A Global Perspective, vol. 19, no. 5.
Choudhary, "A Survey of Wireless Sensor Network and its types," Informa UK Limited, pp. 243–252, Oct. 28, 2010.
2018 International Conference on Advances in Computing, [22] C. A. Lara-Nino, M. Morales-Sandoval, and A. Diaz-Perez, “Novel
Communication Control and Networking (ICACCCN), pp, 326-330, FPGA-Based Low-Cost Hardware Architecture for the PRESENT
2018. Block Cipher,” 2016 Euromicro Conference on Digital System
[3] V. Hassija, V. Chamola, V. Saxena, D. Jain, P. Goyal, and B. Sikdar, Design (DSD). IEEE, Aug. 2016.
"A Survey on IoT Security: Application Areas, Security Threats, and [23] Harikrishnan T and C. Babu, “Cryptanalysis of hummingbird
Solution Architectures," in IEEE Access, vol. 7, pp. 82721-82743, algorithm with improved security and throughput,” 2015
2019. International Conference on VLSI Systems, Architecture,
[4] M. Chowdhury, M. F. Kader, and A. Asaduzzaman, “Security Issues Technology and Applications (VLSI-SATA). IEEE, Jan. 2015.
in Wireless Sensor Networks: A Survey,” International Journal of [24] A. Ghosal and S. DasBit, “A lightweight security scheme for query
Future Generation Communication and Networking, vol. 6, no. 5. processing in clustered wireless sensor networks,” Computers &
NADIA, pp. 97–116, Oct. 31, 2013. Electrical Engineering, vol. 41. Elsevier BV, pp. 240–255, Jan.
[5] H. Suo, J. Wan, C. Zou, and J. Liu, “Security in the Internet of 2015.
Things: A Review,” 2012 International Conference on Computer [25] K. Biswas, V. Muthukkumarasamy, E. Sithirasenan, and K. Singh,
Science and Electronics Engineering. IEEE, Mar. 2012. “A Simple Lightweight Encryption Scheme for Wireless Sensor
[6] K. S. Dr.S.P.Rajagopalan, “Security Analysis with respect to Networks,” Distributed Computing and Networking. Springer Berlin
Wireless Sensor Network – Review”, International Journal of Heidelberg, pp. 499–504, 2014.
Engineering and Computer Science, vol. 6, no. 4, Apr. 2017. [26] Sk. Md. M. Rahman et al., “A Lightweight Secure Data Aggregation
[7] M. Keerthika and D. Shanmugapriya, ‘Wireless Sensor Networks: Technique for Wireless Sensor Network,” 2014 IEEE International
Active and Passive attacks - Vulnerabilities and Countermeasures’, Symposium on Multimedia. IEEE, Dec. 2014.
Global Transitions Proceedings, vol. 2, no. 2, pp. 362–367, 2021. [27] H. Sedjelmaci and S. M. Senouci, “A lightweight hybrid security
[8] A. Toubal, B. Bengherbia, M. O. Zmirli, and A. Guessoum, “FPGA framework for wireless sensor networks,” 2014 IEEE International
implementation of a wireless sensor node with built-in security Conference on Communications (ICC). IEEE, Jun. 2014.
coprocessors for secured key exchange and data transfer,” [28] S. T. Patel and N. H. Mistry, “A survey: Lightweight cryptography
Measurement, vol. 153. Elsevier BV, p. 107429, Mar. 2020 in WSN,” 2015 International Conference on Communication
[9] D. Costa, S. Figuerêdo, and G. Oliveira, “Cryptography in Wireless Networks (ICCN). IEEE, Nov. 2015.
Multimedia Sensor Networks: A Survey and Research Directions,” [29] H. Madushan, I. Salam, and J. Alawatugoda, “A Review of the NIST
Cryptography, vol. 1, no. 1. MDPI AG, p. 4, Jan. 05, 2017. Lightweight Cryptography Finalists and Their Fault Analyses,”
[10] H. B. Acla and B. D. Gerardo, “Security Analysis of Lightweight Electronics, vol. 11, no. 24. MDPI AG, p. 4199, Dec. 15, 2022.
Encryption based on Advanced Encryption Standard for Wireless [30] S. Renner, E. Pozzobon, and J. Mottok, “A Hardware in the Loop
Sensor Networks,” 2019 IEEE 6th International Conference on Benchmark Suite to Evaluate NIST LWC Ciphers on
Engineering Technologies and Applied Sciences (ICETAS). IEEE, Microcontrollers,” Information and Communications Security.
Dec. 2019. Springer International Publishing, pp. 495–509, 2020.
[11] A. Faquih, P. Kadam, and Z. Saquib, “Cryptographic techniques for [31] K. Mohajerani et al., “FPGA Benchmarking of Round 2 Candidates
wireless sensor networks: A survey,” 2015 IEEE Bombay Section in the NIST Lightweight Cryptography Standardization Process:
Symposium (IBSS). IEEE, Sep. 2015. Methodology, Metrics, Tools, and Results”. 2020. [Online]
[12] T. Eisenbarth, S. Kumar, C. Paar, A. Poschmann and L. Uhsadel, "A Available: https://eprint.iacr.org/2020/1207 (accessed on 19
Survey of Lightweight-Cryptography Implementations," in IEEE December 2022)
Design & Test of Computers, vol. 24, no. 6, pp. 522-533, Nov.-Dec. [32] Wu, H., Huang, T. “TinyJAMBU: A Family of Lightweight
2007. Authenticated Encryption Algorithms (Version 2)”. 2021. [Online]
[13] T. Kumar, K. Reddy, S. Rinaldi, B. Parameshachari, and K. Available:https://csrc.nist.gov/CSRC/media/Projects/lightweight-
Arunachalam, “A Low Area High-Speed FPGA Implementation of cryptography/documents/finalist-round/updated-spec-
AES Architecture for Cryptography Application,” Electronics, vol. doc/tinyjambu-spec-final.pdf (accessed on 10 December)
10, no. 16. MDPI AG, p. 2023, Aug. 21, 2021. [33] Dobraunig, C., Eichlseder, M.; Mendel, F.; Schläffer, M. “Ascon
[14] C. Manifavas, G. Hatzivasilis, K. Fysarakis, and K. Rantos, v1.2”. 2021. [Online] Available:https://ascon.iaik.tugraz.at
“Lightweight Cryptography for Embedded Systems – A (accessed on 18 December 2022).
Comparative Analysis,” Data Privacy Management and [34] Banik, S et al., “GIFT-COFB v1.1”, 2021. [Online]
Autonomous Spontaneous Security. Springer Berlin Heidelberg, pp. Available:https://csrc.nist.gov/CSRC/media/Projects/lightweight-
333–349, 2014. cryptography/documents/finalist-round/updatedspec-doc/gift-cofb-
[15] J. Garcia-Alfaro et al., Eds., Data Privacy Management, spec-final.pdf (accessed on 7 December 2022)
Autonomous Spontaneous Security, and Security Assurance. [35] Daemen, J et al., Xoodyak, a lightweight cryptographic scheme.
Springer International Publishing, 2015. Submission to NIST LWC Project, 2021. [Online] Available:
[16] C. A. Lara-Nino, A. Diaz-Perez, and M. Morales-Sandoval, “Energy https://keccak.team/xoodyak.html (accessed on 11 December 2022)
and Area Costs of Lightweight Cryptographic Algorithms for [36] A. Soltani and S. Sharifian, “An ultra-high throughput and fully
Authenticated Encryption in WSN,” Security and Communication pipelined implementation of AES algorithm on FPGA”,
Networks, vol. 2018. Hindawi Limited, pp. 1–14, Sep. 04, 2018. Microprocessors and Microsystems, vol. 39, no. 7, pp. 480–493,
[17] W. J. Buchanan, S. Li, and R. Asif, “Lightweight cryptography 2015
methods,” Journal of Cyber Security Technology, vol. 1, no. 3–4. [37] S. Shanthi Rekha and P. Saravanan, “Low-Cost AES-128
Informa UK Limited, pp. 187–201, Oct. 2017 Implementation for Edge Devices in IoT Applications,” Journal of
[18] G. Leander, C. Paar, A. Poschmann, and K. Schramm, “New Circuits, Systems and Computers, vol. 28, no. 04. World Scientific
Lightweight DES Variants,” Fast Software Encryption. Springer Pub Co Pte Lt, p. 1950062, Mar. 31, 2019.
Berlin Heidelberg, pp. 196–210, 2007. [38] D.-S. Kundi, A. Khalid, A. Aziz, C. Wang, M. O’Neill and W. Liu,
[19] Ahmed, E.G., Shaaban, E. and Hashem, M." Lightweight mix "Resource-Shared Crypto-Coprocessor of AES Enc/Dec With SHA-
columns implementation for AES," In Proceedings of the 9th 3," in IEEE Transactions on Circuits and Systems I: Regular Papers,
WSEAS international conference on Applied informatics and vol. 67, no. 12, pp. 4869-4882, Dec. 2020
communications, pp. 253-258. 2009 [39] A. Biryukov, O. Dunkelman, N. Keller, D. Khovratovich, and A.
[20] M. Katagi and S. Moriai, “Lightweight cryptography for the internet Shamir, “Key Recovery Attacks of Practical Complexity on AES-
of things,” Sony Corporation, 2011. [Online]. 256 Variants with up to 10 Rounds,” Advances in Cryptology –
Available:https://www.researchgate.net/publication/267246530_Li EUROCRYPT 2010. Springer Berlin Heidelberg, pp. 299–319,
ghtweight_Cryptography_for_the_Internet_of_Things. (accessed 2010.
on 17 November 2022)
[21] L. A. Tawalbeh and S. Sweidan, “Hardware Design and
Implementation of ElGamalPublic-Key Cryptography Algorithm,”