A Deeper Look at the Energy Consumption of Lightweight Block Ciphers

In the last few years, the field of lightweight cryptography has seen an influx in the number of block ciphers and hash functions being proposed. In the past there have been numerous papers that have looked at circuit level implementation of block ciphers with respect to lightweight metrics like area power and energy. In the paper by Banik et al. (SAC‘15), for example, by studying the energy consumption model of a CMOS gate, it was shown that the energy consumed per cycle during the encryption operation of an r-round unrolled architecture of any block cipher is a quadratic function in r. However, most of these explorative works were at a gate level, in which a circuit synthesizer would construct a circuit using gates from a standard cell library, and the area power and energy would be estimated by estimating the switching statistics of the nodes in the circuit. Since only a part of the EDA design flow was done, it did not account for issues that might arise when the circuit is finally mapped into silicon post route. Metrics like area, power and energy would need to be re-estimated due to the effect of the parasitics introduced in the circuit by the connecting wires, nodes and interconnects. In this paper, we look to plug this very gap in literature by re-examining the designs of lightweight block ciphers with respect to their performances after completing the placement and routing process. This is a timely exercise to do since three of the block ciphers we analyze in the paper are used in around 13 of the 32 candidates in the second round of the NIST lightweight competition being conducted currently.