Energy-Efficient Cryptography

Supported by a research grant SM12-0005 from the Swedish Foundation for Strategic Research 


The main goal of this project is to improve energy efficiency of cryptographic systems used in mobile telecommunication.

The importance of improving energy efficiency of mobile telecommunication is hard to overestimate. At the end of 2011, one billion people in the world were connected to mobile broadband. The wireless Internet access network will continue growing to connect more people and devices. Industry foresees that over 50 billions devices will be connected into an Internet of Things by 2020. With billions of small, often battery powered devices generating a large part of traffic, energy consumption becomes a critical parameter for optimizations.

Longer battery life is only one of the drives for lowering the energy consumption. Another, even more important reason for reducing total energy consumed by mobile telecommunication systems is to lower their environmental impact. Today, the annual carbon dioxide emission per average 3G subscriber is about 30 kg.

Finally, energy costs account for as much as half of a mobile operator's operating expenses, so solutions that improve energy-efficiency of their systems are not only good for the environment, they also make commercial sense for operators and support sustainable, profitable business.

With billions of devices connected in a network, it is essential to guarantee security of their interactions. The wireless networks have to be protected against eavesdropping, false routing, message tampering, unauthorised usage and many other security threats. Therefore, cryptographic systems are an inseparable part of mobile telecommunication. This project focuses on improving energy efficiency of cryptographic systems. It will contribute its share to lowering the overall energy consumption of mobile telecommunication systems, helping their sustainable growth and lessening their environmental impact.


It is expected that newer generations of products and applications will sharpen demands for ultra-low energy consuming wireless devices. Various techniques for energy saving based on Discontinuous Reception (DRX) are known. However, DRX is vulnerable to unauthorized or fake trigger requests by malicious adversaries aiming to drain a device's battery. Existing message authentication methods can identify spoofed messages, but they require the reception of a complete message before its authenticity can be verified. In [1], we presented a new method which inserts authentication checkpoints at several positions within a message. This enables a device to identify that a message is unauthorized and turn its radio receiver off as soon as the first checkpoint fails. Our method has a low complexity with respect to the computational and memory resources and does not slow down the receiver. It can maintain the packet format prescribed by the IEEE 802.15.4 specification, which provides for backward compatibility. Finally, it incorporates authentication checkpoints at the MAC layer, which allows nodes that do not employ the presented method to participate in the communication. The method is patent pending.

In order to make cryptography energy-efficient, we need low-power cryptographic primitives and energy-efficient countermeasures against different kind of attacks. Feedback Shift Registers have the lower power among cryptographic primitives implemented in hardware, therefore we dedicated a considerable effort to their design and implementation [2]-[7], countermeasures against power analysis attacks [8], as well as on verifying their trustworthiness [9]-[11]. For the latter, we used a technique called Built-In Self-Test (BIST). BIST is widely used in industry for checking if cryptographic hardware operates as expected in-field. However, in Sept. 2013 and attack was reported in "Stealthy Dopant-Level Hardware Trojans", G. T. Becker, F. Regazzoni, C. Paar, W. P. Burleson, in Cryptographic Hardware and Embedded Systems (CHES'2013), LNCS vol. 8086, 2013, pp 197-214, which shaken the confidence of industry in BIST. The authors of this paper have compromised the Random Number Generator (RNG) of Intel's Ivy Bridge processor (which was believed to be cryptographically secure) by injecting into the RNG's a hardware Trojan which bypassed BIST and leaked secret keys from the RNG. The attack was done by modifying the dopant masks of selected transistors. The points of modifications were selected so that the test signature computed by the BIST for the Trojan-injected circuit coincided with the fault-free circuit signature. This created an urgent need to strengthen the traditional BIST methods so that they can resist malicious faults as well. In response to this need, we developed several methods for securing BIST against hardware Trojans [9]-[11]. The methods are patent pending.


[1] Energy-Efficient Message Authentication for IEEE 802.15.4-Based Wireless Sensor Network, E. Dubrova, M. Näslund, G. Selander, V. Tsiatsis, in Proceedings of 32nd Nordic Microelectronics Conference NORCHIP (NORCHIP'2014), Oct. 27-28, 2014, Tampere, Finland.

[2] An Improved Hardware Implementation of the Quark Hash Function, S. S. Mansouri, E. Dubrova, in Radio Frequency Identification: Security and Privacy Issues, Lecture Notes in Computer Science, vol. 8262, eds. Hutter, Michael and Schmidt, Jörn-Marc, Springer, Berlin/Heidelberg, 2013, pp. 113-127.

[3] An Equivalence-Preserving Transformation of Shift Registers, E. Dubrova, in Sequences and Their Applications (SETA'2014), eds. K.-U. Schmidt and A. Winterhof, LNCS 8865, 2014, pp. 187-199.

[4] A Faster Shift-Register Alternative to Filter Generators, M. Liu, S. S. Mansouri, E. Dubrova, in Proceedings of Euromicro Conference on Digital Systems Design (DSD'2013), Santander, Spain, September 4-6, 2013, pp. 713-718.

[5] An Algorithm for Constructing a Smallest Register with Non-Linear Update Generating a Given Binary Sequence, N. Li, E. Dubrova, in Proceedings of IEEE International Symposium on Multiple-Valued Logic (ISMVL'2014), Bremen, Germany May 19-21, 2014.

[6] Synthesis of Power- and Area-Efficient Binary Machines for Incompletely Specified Sequences, N. Li, E. Dubrova, in Proceedings of 19th Asia and South Pacific Design Automation Conference (ASP-DAC 2014), SunTec, Singapore, Jan. 20-23, 2014.

[7] A Method for Generating Full Cycles by a Composition of NLFSRs, E. Dubrova, Design, Codes and Cryptography, Springer, 2014, DOI 10.1007/s10623-014-9947-3.

[8] Double-Edge Transformation for Optimized Power Analysis Suppression Countermeasures, S. S. Mansouri, E. Dubrova, in Proceedings of Euromicro Conference on Digital Systems Design (DSD'2013), Santander, Spain, September 4-6, 2013, pp. 353-359.

[9] Secure and Efficient LBIST for Feedback Shift Register-Based Cryptographic Systems, E. Dubrova, M. Näslund, G. Selander, in Proceedings of 19th IEEE European Test Symposium (ETS'2014), Padeborn, Germany, May 26-30, 2014, pp.1-6.

[10] Keyed Logic BIST for Trojan Detection in SoC, E. Dubrova, M. Näslund, G. Carlsson, B. Smeets, in Proceedings of IEEE International Symposium on System-on-Chip (SOC'2014), Oct. 28-29, 2014, Tampere, Finland.

[11] Remotely Managed Logic Built-In Self-Test for Secure M2M Communications, E. Dubrova, M. Näslund, G. Carlsson, J. Fornehed, B. Smeets, Cryptology ePrint Archive, Report 2015/185, January 2015,


Elena Dubrova, project leader
E-mail: dubrova AT kth DOT se