Low-latency implementation of the GIFT cipher on RISC-V architectures
Conventional cryptographic algorithms, such as AES-128, meet most security and privacy requirements in many modern applications. However, emerging domains such as the automotive sector, the Internet of Things (IoT), sensor networks, healthcare systems, and RFID tags operate in highly constrained computing environments. These scenarios require cryptographic algorithms specifically designed for efficiency, with requirements such as low energy consumption, a small code footprint, and minimal chip area. To address this, the National Institute of Standards and Technology (NIST) has launched initiatives to standardize lightweight cryptography.
In 2018, NIST published a call for lightweight AEAD (authenticated encryption with associated data) algorithms that are suitable for low chip area, minimal RAM and ROM requirements, and support low-energy, low-power, and low-latency implementations. Several submissions are inspired by the GIFT family of block ciphers, including ESTATE, Fountain, GIFT-COFB, HyENA, and LOTUS-AEAD.
Overview of the GIFT cipher
The GIFT family of block ciphers includes GIFT-64 and GIFT-128. Derived from the PRESENT cipher, GIFT offers a smaller, faster, and more secure alternative, addressing known vulnerabilities such as linear hulls. GIFT has undergone multiple security evaluations and maintains a wide security margin. Thanks to its low computational requirements, GIFT is particularly suitable for use in resource-constrained environments.
However, GIFT's hardware-oriented design, including a bit-based permutation layer, poses challenges for software implementations. Optimizing software performance requires specialized techniques to improve encryption latency (the number of clock cycles per block encryption) or throughput (the number of encrypted bits per clock cycle). Depending on the use case, optimizations can focus on parallel implementations or on minimizing latency.
Research focus and relevance of RISC-V
This research focused on optimizing encryption latency for the GIFT cipher by using bitslicing and fixslicing as acceleration techniques. Although previous studies have already evaluated these techniques on ARM and x86 architectures, their performance on RISC-V had not yet been investigated. Given the growing adoption of RISC-V as the "Linux of the open hardware movement," evaluating these techniques on RISC-V is of great importance.
