RISC-V Instruction Set Extensions for Lightweight Symmetric Cryptography

Hao Cheng, Johann Groszschaedl, Ben Marshall, Daniel Page, Thinh H Pham

Research output: Contribution to journalArticle (Academic Journal)peer-review

6 Citations (Scopus)


The NIST LightWeight Cryptography (LWC) selection process aims to standardise cryptographic functionality which is suitable for resource-constrained devices. Since the outcome is likely to have significant, long-lived impact, careful evaluation of each submission with respect to metrics explicitly outlined in the call is imperative. Beyond the robustness of submissions against cryptanalytic attack, metrics related to their implementation (e.g., execution latency and memory footprint) form an important example. Aiming to provide evidence allowing richer evaluation with respect to such metrics, this paper presents the design, implementation, and evaluation of one separate Instruction Set Extension (ISE) for each of the 10 LWC final round submissions, namely Ascon, Elephant, GIFT-COFB, Grain-128AEADv2, ISAP, PHOTON-Beetle, Romulus, Sparkle, TinyJAMBU, and Xoodyak; although we base the work on use of RISC-V, we argue that it provides more general insight.
Original languageEnglish
Pages (from-to)193–237
Number of pages45
JournalIACR Transactions on Cryptographic Hardware and Embedded Systems (TCHES)
Issue number1
Publication statusPublished - 29 Nov 2022

Bibliographical note

Funding Information:
We would like to thank the anonymous reviewers for their helpful and constructive comments. This work has been supported in part by EPSRC via grant EP/R012288/1, under the RISE (http://www.ukrise.org) programme. The second author has been supported in part by the Fonds National de la Recherche (FNR) Luxembourg via grant C19/IS/13641232 (“Analysis and Protection of Lightweight Cryptographic Algorithms”).

Publisher Copyright:
© 2022, Ruhr-University of Bochum. All rights reserved.


Dive into the research topics of 'RISC-V Instruction Set Extensions for Lightweight Symmetric Cryptography'. Together they form a unique fingerprint.

Cite this