1 Introduction

Internet of things (IoT) is the extremely focused research topic that has revolutionized the life of human beings through its ability to provide numerous advanced computing facilities at the doorstep. The word ‘things’ in IoT refers to a physical object that has a unique identifier or an embedded system with processing and automatic data transmission capability dedicated to a specific task. It has the potential to form a competent and ubiquitous connectivity between all the physical objects around us and the digital world. The whole world is currently witnessing a remarkable growth in IoT deployments and solutions. IoT directs the modern world to become smarter progressively through different challenging application areas such as smart healthcare (Majumdar et al. 2018a, b), smart agriculture (Ray 2017), smart energy grids (Majumdar et al. 2018a, b), home and building automation (Hui et al. 2017), smart traffic (Zhou et al. 2017) etc. In this new world of data, IoT is quickly expanding; however due to insufficient security and privacy measures its sustainable development can be affected a lot. Typically, IoT devices are responsible for collecting different types of sensed data through various sensors, out of them some may be highly confidential to the user’s perspective and should not be revealed to others. As per the various industry survey, security is the most promising concern for industrial IoT users today. So, it is utmost necessary to integrate more security features in both the hardware and the device software to enhance the IoT device layer security and ensure the protection of crucial sensed information. In this venture, incorporating the cryptography concept at the physical constraints of IoT devices can be a favorable option. Data encryption at IoT devices before transmitting to back-end systems (cloud server) using cryptographic algorithms can help to maintain data integrity and inhibit data sniffing by hackers. Though cryptography based security is increasingly important, supporting different cryptographic algorithms and standards within an IoT device is still quite challenging due to having large area and power overhead. Furthermore, all IoT encryption must be followed by a suitable and efficient encryption key management processes, as poor key management can compromise to overall security. IoT devices are basically lightweight that means designed with less storage space. Besides, IoT devices are also battery driven and thus low power consumption is preferable. So, the symmetric key cryptography algorithms are generally advisable for designing IoT devices due to their less processing power, storage space, complexity and bandwidth as compared to the asymmetric key cryptography algorithms.

Block cipher is a variant of secret key cryptography which had been adopted for designing resource-constrained computing devices for the past decade due to its easier software and hardware implementation, higher diffusion and error propagation features. It requires extremely restricted hardware resources as compared to the stream cipher. While designing block ciphers for wireless devices, the traditional block cipher like AES occupies almost 3400 GEs of the area (Eisenbarth et al. 2007) which is quite large to be fit into the device. A gate equivalent (GE) is a unit for measuring the manufacturing-technology-independent complexity of digital electronic circuits. For today's CMOS technologies, the silicon area of a two-input drive-strength-one NAND gate usually constitutes the technology-dependent unit area commonly referred to as gate equivalent. A specification in gate equivalents for a certain circuit reflects a complexity measure, from which a corresponding silicon area can be deduced for a dedicated manufacturing technology.

On the other hand, while constructing block ciphers, the traditional Feistel ciphers take much time and consume a large amount of energy as they need far more round functions than the substitution–permutation networks (SPN). In this regard, the combination of Feistel and SPN structure has been suggested in various literatures. The combined structure provides simple and small round functions which result in faster diffusion with lesser energy and storage consumption. Considering all the difficulties and vulnerabilities of small IoT devices, a lightweight symmetric key cryptographic strategy has been proposed herein by improving all the susceptibilities present in the existing literatures.

Additionally, the proposed cryptographic strategy has been designed by combining the Feistel and SPN structure together for ensuring faster diffusion. Moreover, a round key management strategy has also been accompanied by the encryption approach. In addition, an energy-efficient hardware device using modern technology with low node power has been designed which can use more gate operations to provide adequate security with less power consumption. Meanwhile, the prototype has been built upon FPGA board as the test bed. Furthermore, ASIC chip tape out has also been realized on TSMC 65 nm technology. The proposed scheme is supposed to be used in the healthcare, agriculture and other sectors where secure transmission of sensed data is a crucial factor. In this context, Table 1 lists the details of some sensors with which the designed LRBC ASIC can be embedded together for confirming an enhanced grade of sensing level security. However, the applicability of the LRBC is not limited to these listed sensors only and can be used with a variety of sensors and IoT devices as well if appropriately configured. In addition, various analyses have been presented in this paper which analyses the strength of the proposed scheme.

Table 1 Description of different sensors
Full size table

The rest of the paper has been organized as follows: Sect. 2 presents the related works in the relevant field in detail. The proposed lightweight cryptographic strategy has been presented in detail in Sect. 4. Section 5 presents the testing environment with results and different kinds of analysis. The paper has been concluded in Sect. 6.

2 Literature survey

The lightweight cryptography is strongly needed to deal with the data size, device power and cost of computing devices to a minimal level. So, while designing a cryptography algorithm dedicated to any small computing device, the main motive should be made it lightweight in every aspect such as memory usage, chip size, power consumption etc. (Singh et al. 2017). Though they were lightweight, lack of adequate security is one of the main reason behind discarding those. However, still many algorithms such as PRESENT (Andrey et al. 2007), CLEFIA (Shirai et al. 2007), KATAN/KTANTAN (De Canniere et al. 2009), LED (light encryption device) (Guo et al. 2011a, b), PICCOLO (Shibutani et al. 2011), PRINCE (Borghoff et al. 2012), PHOTON (Guo et al. 2011a, b), SPONGENT (Bogdanov et al. 2011), SIMON/SPECK (Beaulieu et al. 2015), LEA (low power encryption algorithm) (Hong et al. 2013), PRIDE (Albrecht et al. 2014), MIDORI (Banik et al. 2014), and TEA (tiny encryption algorithm) (Wheeler and Needham 1994) etc. are being followed and applied in various application areas. Some of the most popular recent lightweight block ciphers have been summarized in this section.

Li et al. (2018) introduced SFN (substitution–permutation Fiestel Network) encryption technique by following both of the SPN and Feistel network (FN) structure. Their approach was based on 64-bit input block and 96-bit key length out of which the rear 32-bit key was acted as a control signal and the remaining 64-bit was used for the purpose of key expansion and round encryption. Each bit in the 32-bit control signal conducted one round operation and used for selecting the working mode of the two structures (SPN/FN) such as key expansion or encryption and decryption. The hardware implementation of SFN required an area of 1876.04 GEs. A group of authors proposed a family of lightweight block ciphers called CHAM which was based on 4-branch Feistel structure performing ARX (Addition, Rotation, XOR) operations (Koo et al. 2017). It had a simple key schedule which was implemented without updating key status and thus required smaller areas during hardware implementation. In this approach, different round functions were configured so that it could reuse the reduced set of round keys iteratively. Researchers also (Jagdish et al. 2017) designed a lightweight block cipher algorithm named LiCi in which 31 consecutive rounds associated with 4 × 4 lightweight S-boxes were considered. It was designed to support 64-bits plaintext content along with 128 bits key length. LiCi utilized 1153 gate equivalents (GEs) of area, 1944 bytes of memory and 30 mW power. Bansod et al. (2017) proposed a SPN-based lightweight cryptography technique and named it BORON. It supported 64-bit plaintext block along with a key length of 128/80 bits. It was based on total 25 number of rounds where the 4-bit to 4-bit S-boxes followed by round permutations, shift, and XOR operations were used. Moreover, it was resilient to linear and differential attacks. BORON was implemented on both software and hardware platform and required 1939 GEs for a 128-bit key and 1626 GEs for an 80-bit key. Banik et al. (2017) revised the design strategy of PRESENT and proposed an improved SPN-based block cipher named GIFT. It replaced the costly S-box of PRESENT with a smaller and cheaper S-Box by introducing bit permutation in association with Difference Distribution Table (DDT)/Linear Approximation Table (LAT) of the S-Box. In this approach, two variations of GIFT were proposed namely GIFT-64 and GIFT-128 with a predefined set of 28 and 40 rounds, respectively while keeping the key size constant with 128-bits. Researchers introduced a 64-bit block cipher algorithm named QTL in which a combination of both SPN and the feistel structure concept was followed for the purpose of encryption (Lang et al. 2016). Moreover, it supported two different key length i.e. 64-bit and 128-bit. For the decryption, they followed the same approach as encryption except considering the round constants and round sub-keys in a reverse order only. In their approach, the key scheduling was excluded for reducing the memory and power consumption in hardware design. The hardware implementation of QTL required 1025.52 and 1206.52 GE area for the 64 and 128 bits keys modes respectively. The QTL is not resilient to the standard statistical attacks on block ciphers which is the main limitation of this approach (Sadeghi et al. 2017). Zhang et al. (2015) suggested an SPN-based block cipher algorithm ‘RECTANGLE’ which was designed to accept 64-bit plaintext and keys of either 80 or 128 bits for producing 64-bit ciphertext. In case of the 80-bit key, it consumed 74.31 μw power and 1600 GEs to implement the block cipher. Whereas, for the 128-bit key mode, the area consumption was 2064 GEs with a power consumption of 72.15 µw. Some of the advantages of this approach are like very hardware friendly design, better competitive software speed etc. Another group of researchers proposed a lightweight block cipher, AKF by incorporating the alternate key concept into the traditional Feistel cipher (Karakoç et al. 2015). In addition, authors also reintroduced the software oriented lightweight block cipher ITUbee in respect of AKF with 80-bit block size and 80-bit security key (Karakoç et al. 2013). ITUBEE used 20 rounds and key whitening layers for ensuring better security. This cipher used S-box of AES and reduced the required memory, power and time. ITUBEE was claimed to be resistant against the related key attack. Yang et al. (2015) proposed a family of compact and lightweight Feistel block ciphers, named SIMECK (SIMECK 32/64, SIMECK 48/96 and SIMECK 64/128) by amalgamating the advantages of both SIMON and SPECK. The hardware implementation was realized on both CMOS 130 nm and CMOS 65 nm techniques. SIMECK had been proven to be vulnerable to bit-flip fault attack and random-byte fault attack (Nalla et al. 2016). Guo et al. (2011a; b) proposed an SPN-type symmetric block cipher supporting algorithm named LED. It used a block size of 64 bits as input and considered either 64 bit (LED-64) or 128 bit (LED-128) as the key length. The LED was based on a sequence of identical rounds of encryption where each round comprised of three operations such as AddConstants, SubCells, ShiftRows, and MixColumns Serial similar to the round function of AES. Authors claimed that their approach was resistant against related and single key attack. Researchers also used elliptic curve cryptosystem-based proxy re-encryption schemes in lightweight devices for enhancing security features (Kim and Lee 2018). However, the additional computation in the polynomial equation made their scheme insignificant. Suzaki et al. (2011) proposed a 36-round lightweight block cipher named TWINE having block size of 64 bits and key size of 80/128 bits. Whereas, Wei et al. (2019) re-evaluated the security of TWINE-80 against impossible differential cryptanalysis in related-key model and improved the traditional impossible differential attack by one round.

3 System model

A lightweight cryptographic chip can be deployed inside a sensor for transforming the conventional flow of data into an encrypted form. This will help in configuring the encryption in the sensing layer. Figure 1 represents the system model for clearly understanding the significance of the cryptographic chip inside a sensor. As the sensors generate analog signal so a sensor compatible analog to digital convertor (ADC) is needed to transform the analog signal to digital form that will act as the input to the cryptographic chip. Based on the cryptographic functions coded inside the chip, the digitized sensed data is transformed into the encrypted form and further transmitted to the cloud server through data analytics center for storage. Later on, the authorized users will only be permitted to access the encrypted data from the cloud server through the cloud service provider. Designing this kind of lightweight chip can be beneficial in several security concerned applications like smart healthcare, smart agriculture, domotic and home automation etc. In this regard, a lightweight cryptographic algorithm named LRBC has been proposed and the corresponding ASIC chip tape out has also been realized. Various related algorithms have been scrutinized and so as to enhance the security aspect of the system, a new lightweight resource constrained block cipher strategy with a small and simple step has been designed and named LRBC. The proposed algorithm is the amalgamation of feistel and Substitution–Permutation–Linear network (SPLN) with a simple key combination. Generally, the feistel structure uses a large number of rounds and only operates on half of the block. SPN structure applies confusion, diffusion strategy which increases the redundancy of plaintext and confirms a strongly encrypted ciphertext. Thus, the mixture of this two structure has resulted in a more shielded system than using those strategies distinctively. The main constraints for designing lightweight encryption algorithm are storage, power, memory and speed.

Fig. 1
figure 1

System model

Full size image

4 Overview of LRBC

The proposed algorithm has been implemented using simple logical operations like Ex-OR operations, Ex-NOR operations, concatenation etc. Therefore, the data has been enciphered in such a way that it is made possible for an authorized user only to easily decrypt it. As the main goal is to design a light weight encrypted system, thus, the proposed strategy always deals with 16-bit block of data. Hence, the long plaintext bit has been splitted into the several blocks each with 16 bit length of data which is being processed using a datapath and the same procedures will be repeated for consecutive data blocks. When all the data blocks are being processed, the results have been merged to produce the final encrypted text. The four number of keys with 4-bit each has been combined to each other and design 24 combinations. In this way the proposed algorithm consumes less power, occupies less storage space, memory and attain high speed for the resource constrained devices that means it achieves the solution against all the constrained mentioned above and provides better security against different cryptographic attacks.

4.1 Key consideration

In the proposed approach, four numbers of keys having 4-bit each (K1, K2, K3 and K4) have been used for both the encryption and decryption processes. As in this scenario, a lightweight encryption is desired, so a simple but strong combination of keys have been taken into consideration. From the abovementioned four keys, 24 number of possible combinations can be made which will be used during the round operation of encryption/decryption process. Hence, it guarantees as resilient to related key attacks. The design of the key combinations has been depicted in Fig. 2.

Fig. 2
figure 2

Considered 4-bit key combinations

Full size image

4.2 Encryption strategy

Encryption is the procedure to convert the data into indecipherable form by following confusion and diffusion strategies. So, it is being needed to make this scheme more robust such that it becomes difficult to decrypt the data for an unauthorized user. The interpretation of the proposed LRBC encryption technique has been illustrated in Algorithm 1 and the graphical representation for the same has been depicted in Fig. 3. The proposed algorithm goes through repeated steps including round transposition, F-function etc. for 24 number of consecutive rounds. Each round operation generates intermediate ciphertexts (ICT) that act as the input for the immediately next round. The output of the 24th round has been considered as the final ciphertext (CT).

Fig. 3
figure 3

Encryption process of LRBC

Full size image

4.2.1 F-function generation

As per the proposed algorithm, every round has been configured with two F-functions which in turn comprised of three types of computing boxes namely, S-box, P-box, and L-box. Each type of box is responsible for performing different computations. Under every F-function, the computed output of S-box has been applied as the input of P-box and similarly the output of P-box has been applied as the input of L-Box. The computations performed by these boxes within an F-function has been illustrated in Algorithm 2. The operations performed inside each of this boxes can easily be understood using a suitable example.

figure a

4.2.2 Round transposition

After F-function operations, the data has to go through a round transposition operation which has been shown in Fig. 5. It has been used to provide an additional level of security over the data. As shown in figure, each input to the transposition method is of 4-bit. After each round of operation, the resultant bit values of the 4-bit output blocks have been treated as the input blocks for the next round.

figure b

4.3 Decryption strategy

It is undoubtedly important to have a successful decryption process while designing a strong encryption process. In this work, the decryption process of the proposed algorithm has been designed as the exactly same as encryption technique but in the reverse order.

5 Design principle

5.1 F-function

As discussed earlier, the 16-bit plaintext has been separated into four equal parts of four bits each. The F-function consists of S-box, P-box and L-box. The design of the proposed F-function is light and secure. According to literature, 8 × 8 S-box provides better security but takes more space for hardware implementation. In this regard, two numbers of 4 × 4 S-boxes have been designed for the proposed algorithm because it takes less area and consumes less power as compared to the 8 × 8 S-box.

The P-boxes configured inside the F-functions have been designed by incorporating concatenation operations among the data bits. Similarly, the L-boxes have been arranged using four Ex-OR and Ex-NOR gate operations. Finally, the output data bits have been concatenated as directed in Algorithm 2. All the operations performed on these boxes are lightweight in nature since those consume less space as well as power for hardware implementation. Figure 4 shows the complete data path design of the proposed algorithm, which consists of four numbers of 2:1 multiplexor, twenty four numbers of data Ex-OR, data registers, key storage etc. Generally, the area of hardware is specified in gate equivalent (GE). Moreover, one GE is considered to be equivalent to the area of two input NAND gate. For example, a 4-bit 2:1 mux require 0.5 GE area (Lang et al. 2016). Each 4-bit Ex-OR operation requires 7.075 GE (Lang et al. 2016). The detailed area requirements for various components used while designing the proposed algorithm have been listed in Table 2. The proposed algorithm has been designed by considering all the possible constraints.

Fig. 4
figure 4

Data path of LRBC scheme

Full size image
Table 2 Area requirement of LRBC
Full size table

5.2 Round transposition

The output values of the f-functions in a round such as × 1, × 2, × 3 and × 4 have been directly sent as the next round input blocks y3, y1, y4 and y3 respectively. Each connection is performed by simple wiring to each other as per the Fig. 5. All the wiring shown in the figure is capable to transmit 4-bits of data at a time.

Fig. 5
figure 5

LRBC round transposition process

Full size image

6 Simulation and hardware implementation

The overall workflow of this proposed lightweight encryption technique has been shown in Fig. 6.

Fig. 6
figure 6

Implementation flow

Full size image

In the 1st step the encryption algorithm has been developed and it is realized in Verilog Code. The Code is simulated in Xilinx-Vivado tool and the result has been shown in Fig. 7. As shown in the figure, the algorithm uses (0006)16 as a sample plaintext and generates (17eb)16 as the final ciphertext. The plaintext has been represented as ‘X’ and each intermediate ciphertext has been represented as ‘Yi’. The final ciphertext generated after 24 round operation has been represented as ‘Y’. After successfully completion of the frontend part, it has been implemented on NEXYS 4 DDR FPGA (Artix-7) trainer kit to test the real time expediency of the proposed approach. Figure 8 shows the FPGA implementation result of the same sample. Each high output bit has been indicated by green LED.

Fig. 7
figure 7

Simulation result from Xilinx-Vivado

Full size image
Fig. 8
figure 8

FPGA implementation result of 16 bit Plaintext

Full size image

Moreover, the code has been implemented on Synopsys Design-vision tool attached with TSMC 65 technology library file, which generates netlist file after synthesis. Further the netlist file has been used for backend design using Cadence Encounter Digital Implementation System (RTL to GDSII).Fig. 9 describes the final ASIC chip tapeout with the layout of the proposed algorithm. Power analysis has been performed from which it has been observed that power consumed by the proposed design is 11.40 μW which is less than most of the reported design while maintaining security. This is due to the use of 4-bit internal data operations in the proposed design. However, the comparison in terms of power has not been included in Table 6 as the power consumption mostly depends on the technology used. Moreover, the power comparison between different techniques designed in various technologies cannot be treated as justified. Furthermore, simulated values of power mostly depend on the simulation methods used, and the effort spent.

Fig. 9
figure 9

ASIC chip tapeout of LRBC on TSMC 65 nm technology

Full size image

7 Security analysis

The security strength of the proposed approach has been evaluated through two kinds of analysis namely, avalanche effect analysis and attack analysis.

7.1 Avalanche effect

It is treated as an important security analysis in the cryptography that measures the goodness ratio of an encryption technique. This analysis is basically performed to realize the fact that even a change of 1 bit in plaintext or key may cause an enormous change in ciphertext. If the change affects at least half of the bits that means 50% of the ciphertext, then it will be treated as a good avalanche effect (Majumdar et al. 2019). Higher avalanche effect signifies higher security. The avalanche effect can be observed by following the Eq. (1). Here, for a particular plaintext block, the hamming distance has been changed randomly up to five bit during observation and form fivedifferent test cases. Based on these test cases, a comparative study of LRBC with other state of the art lightweight encryption algorithms has been performed as shown in Table 3. Table 4 shows the similar observation considering the key while keeping a fixed plaintext. Figures 10 and 11 show the graphical representation of the avalanche effect for different test cases for LRBC with respect to plaintext and key respectively

$$ {\text{AE}} = \frac{{{\text{Number}}\;{\text{of}}\;{\text{changed}}\;{\text{bit}}\;{\text{in}}\;{\text{ciphertext}}}}{{{\text{Number}}\;{\text{of}}\;{\text{bits}}\;{\text{in}}\;{\text{ciphertext}}}} \times 100\% $$
(1)
Table 3 Average Avalanche effect analysis w.r.t plaintext
Full size table
Table 4 Average Avalanche effect analysis w.r.t key
Full size table
Fig. 10
figure 10

Avalanche effect analysis w.r.t plaintext

Full size image
Fig. 11
figure 11

Avalanche effect analysis w.r.t key

Full size image

Moreover, a graphical comparative analysis on average avalanche effects w.r.t both plaintext and key has been represented in Fig. 12. After this analysis, the average avalanche effect for the proposed approach has been found to be 58% w.r.t plaintext and 55.75% w.r.t key which is better than the other state of the art algorithms.

Fig. 12
figure 12

Comparative analysis on average avalanche effect

Full size image

8 Attack analysis

The proposed approach has been designed with simple but logically strong operational steps. The attack analysis of the proposed approach has been illustrated below, where the process of defense against various attacks has been explained.

8.1 Linear attack

This type of attack is known as known plaintext attack. In this case, attacker has the knowledge about some random plaintext and their corresponding ciphertext. The main goal is to recover the key, used in the encryption process. Basically, an attacker tries to make a linear relationship between the plaintext and their corresponding ciphertext using the Eq. (2) to figure out the probability of the equation to be satisfied (Heys 2002; Majumdar et al. 2019).

$$ x_{1} \oplus x_{2} \oplus \cdots \oplus x_{n} \oplus y_{1} \oplus y_{2} \oplus \cdots \oplus y_{n} = 0 $$
(2)

where x1, x2…xn are the random plaintext bit values and y1, y2…yn are their corresponding ciphertext bit values. For an encryption process, if the probability of satisfying the Eq. (2) is greater than or smaller greater than \(1/2^{n}\), where n = number of bits in the plaintext, then the cipher is not secured under this than \(1/2\), then it will be treated as vulnerable and can be possible to attack the cipher. The probability deviation from the value \(1/2\) is called bias. A bias value near to \(1/2\) represents better security against linear attack. Table 5 shows an example of linear probability analysis of the proposed S-box considering three sample linear expressions. It has been observed that the linear probability for most of linear expressions is exactly \(1/2 \) and the bias value is \(1/2 - 1/2 = 0\). Therefore, the proposed technique provides better security against the known plaintext attack or linear attack.

Table 5 Linear probability analysis
Full size table

8.2 Differential attack

This type of attack is called chosen plaintext attack. This type of attack focuses on the high probability of the occurrence of output differences with respect to a given input difference (Heys 2002; Majumdar et al. 2019). For example, X is a set of input plaintext bits to the proposed S-box such as X = [x1, x2 … xn] and Y is the corresponding set of ciphertext bits such as Y = [y1, y2…yn]. The difference between two plaintexts is represented as α = x1 ⨁ x2 and the difference between their corresponding ciphertext is represented as β = y1 ⨁ y2. An output difference β for a given input difference α is denoted as differential pair (α, β). If the occurrence of β for the given α is much particular type of attack. Generally it is necessary to reduce the difference pair probability to secure the cipher under differential attack or chosen ciphertext attack. Several combinations of 16-bit ‘α’ have been tested with various 16-bit plaintexts for generating the corresponding values of β. Consequently the (α, β) difference pair for the proposed approach has been observed. The maximum differential probability observed is \(9/2^{16}\). On the other hand, the most satisfactory differential probability found is \(2/2^{16}\) which is quite satisfactory for any encryption approach. Hence, it can be concluded that the proposed algorithm is protected against differential attack.

8.3 Side channel attack

Side channel attack is based on the information yielded from the implementation of the encryption algorithm (Nikova et al. 2011). The proposed algorithm has been resisted from the side channel attack as it uses the random number to the encryption operation and the secret key which has been used is independent of the plaintext being choosen. The input output dependency is also very small for the proposed algorithm. Moreover, the proposed scheme is also able to provide security against other attacks. From the cryptanalysis point of view, the key and the round functions used in any cryptographic approach are two most attack prone parts. In this respect, round functions and the key(s) should be formed seriously while designing any cryptographic approach. In related key attack, attackers observe the bit patterns of ciphertext and identify the original key bit. It can only be possible whenever same key is used for all the rounds in an encryption process (Banik et al. 2017; Karakoç et al. 2013). Since different keys have been used in each round, the proposed encryption approach guarantees safety against this type of attack. Therefore, it would be harder for an attacker to realize the exact pattern of the keys used in the proposed approach.

9 Functionality analysis

Table 6 listed a brief overview of some well known state of the art lightweight cryptographic algorithms with their characterics and performance measures. The functionality based comparative analysis of the other algorithms with the proposed LRBC has been drawn based on the parameters such as block size, key size, structure, round, logic process, frequency, area etc. From Table 6, it can be noticed that most of the algorithms had been designed to support either 32 or 64 bit of block sizes with varying key sizes. Moreover, the structure of the algorithms are either SPN or Feistel based. Out of these, only QTL had availed the advantages of the mixed structural strategies.

Table 6 Functionality analysis of lightweight cryptography approaches
Full size table

Furthermore, after observing the listed values it can also be noticed that small block size and key size helps in fast diffusion of plaintext bit and provide better security. Similar to QTL, the proposed cipher also used the combined structures. However, the proposed LRBC used the combination of Feistel and SPN structures with 24 consecutive rounds which facilitates a more immune cipher. Moreover, similar to SIMECK, 65 nm technology file is used to design the proposed LRBC which allows more gates but occupies less area than others. As a result, LRBC fulfilled all the requirements related to light-weight resource constrained devices and outperforms the others in performance.

10 Conclusion

This work designs and implements a new lightweight block cipher named LRBC for resource constrained IoT devices. The proposed cipher enhances the data security by incorporating the benefits of both feistel and SPN structure associated with an additional concept of linear box. Moreover, LRBC generates more number of active S-boxes which helps in resisting differential and linear attack. Minimal chip area and power are the two additional advantages of this scheme since it uses 4-bit internal data operations and optimized design. Additionally, the proposed design enhances the security in a great extent since it uses large number of gates. Rigorous security analysis shows that the proposed scheme guarantees high security with a balanced area and power consumption.