BLOC logo

Lightweight block ciphers are cost-effective solutions for symmetric encryption on embedded systems such as RFIDs and smartcards. They are specifically designed to fit in low-cost devices with very efficient hardware modules in terms number of gates, area, memory and speed. However one has to make sure that the lightweight design does not open the door to security flaws, this being guaranteed through built-in provable security.

4 Partners

In over 30 years, the theory of cryptography has developed considerably. However cryptography is not only a theoretical science: cryptographers know that the primitives they design are intended to end up in a wide range of computer systems, ranging from RFID tags to high-end computer workstations, and on which they are expected to perform as efficiently as possible.

In particular, these last 5 years have seen the proliferation of lightweight block ciphers dedicated to very constrained environments such as sensors and RFID tags. Beside efficiency, security is of course the most important evaluation criterion for a block cipher.As opposed to the traditional attack model (where one only deals with the property of pseudorandomness), a number of recent cryptanalytic results have focused on so-called related-key, known-key or chosen-key attacks, unveiling weaknesses in the key scheduling of many prominent block ciphers, most surprisingly the AES. Very few block ciphers support security arguments taking into account these stronger attacks, and in particular, no efficient one does so at the present time.

The BLOC research initiative aims at taking up the challenge of conceiving a block cipher supporting strong security claims with respect to related-, known-, and chosen-key attacks, with an implementation profile as lightweight as technologically possible. This can only be achieved by providing novel theoretical results about these attack models and advanced results on the cryptanalysis of existing designs. A first step forward consists in defining new appropriate security models that satisfactorily take into account related-, known- and chosen-key attacks. Based on these security models, a second research objective is to realize cryptographic high-level structures that would feature security proofs. A third research avenue consists in carefully analyzing existing block ciphers to assess the security level they provide against a wide range of attacks, from classical ones to related-, known-, and chosen-key attacks. A cryptanalysis effort on the recently proposed lightweight block ciphers is necessary. Building on these two complementary points of view, the cornerstone of BLOC resides in the design of at least one block cipher taking into account the security models and security proofs obtained in the two previous approaches, with a particular focus on the key schedule algorithm. The block cipher proposal shall support strong security arguments regarding related-, known-, and chosen-key attacks, and be as efficiently implementable as possible. On a more pragmatic side, BLOC also aims at providing a library of existing lightweight block ciphers for small embedded systems such as sensors and a complete implementation of the block cipher designed during the project both in software and in hardware.


The BLOC research initiative aims at providing new theoretical and practical results in the design and evaluation of secure block ciphers. More precisely, the main objectives of the project are:

  1. Enhanced security models (especially for the attack scenarios involving related keys) and security proofs for block ciphers, with a focus on secure key scheduling,
  2. Cryptanalysis of block ciphers, more specifically lightweight block ciphers in the traditional cryptanalytic models and other block ciphers with respect to related key attacks,
  3. Designing block ciphers featuring security proofs, with a specific care on the design of provably secure key schedule algorithms,
  4. Designing block ciphers with improved performances on small embedded systems such as sensors.

BLOC intends to introduce one or several new, cost-effective blockciphers in the scientific and industrial community. These encryption primitives will be provided together with security proofs (in particular for the key schedule algorithm) and will be specifically validated in terms of resistance against cryptanalysis and implementation performance.

Related publication

  • Direct Construction of Recursive MDS Diffusion Layers Using Shortened BCH Codes.
    Daniel Augot, Matthieu Finiasz.
    In FSE 2014, pp. 3-17, 2014. Best Paper Award