Lightweight Champions of the World: Side-Channel Resistant Open Hardware for Finalists in the NIST Lightweight Cryptography Standardization Process

Abstract

Cryptographic competitions played a significant role in stimulating the development and release of open hardware for cryptography. The primary reason was the focus of standardization organizations and other contest organizers on transparency and fairness of hardware benchmarking, which could be achieved only with all source code made available for public scrutiny. Consequently, the number and quality of open-source hardware implementations developed during subsequent major competitions, such as AES, SHA-3, and CAESAR, have steadily increased. However, most of these implementations were still quite far from being used in future products due to the lack of countermeasures against side-channel analysis (SCA). In this paper, we discuss the first coordinated effort at developing SCA-resistant open hardware for all finalists of a cryptographic standardization process. The developed hardware is then evaluated by independent labs for information leakage and resilience to selected attacks. Our target included the ten finalists of the NIST Lightweight Cryptography Standardization Process. The authors’ contributions included formulating detailed requirements, publicizing the submissions, matching open hardware with suitable SCA-evaluation labs, developing a subset of all implementations, serving as one of the six evaluation labs, performing FPGA benchmarking of all protected and unprotected implementations, and summarizing results in the comprehensive report. Our results confirm that NIST made the right decision in selecting Ascon as a future lightweight cryptography standard. They also indicate that at least three other algorithms, Xoodyak, TinyJAMBU, and ISAP, were very strong competitors and outperformed Ascon in at least one of the evaluated performance metrics.