Int. j. inf. tecnol.

https://doi.org/10.1007/s41870-023-01439-9

ORIGINAL RESEARCH

Modified lightweight GIFT cipher for security enhancement

in resource‑constrained IoT devices
Nilufar Yasmin1 · Richa Gupta1

Received: 2 March 2023 / Accepted: 25 August 2023

© The Author(s), under exclusive licence to Bharati Vidyapeeth’s Institute of Computer Applications and Management 2023

Abstract The internet of things (IoT) ensures flexible net- 1 Introduction

work services to the end devices connected to it. Although
security has always been a concern for such networks. There Evolution of embedded systems and technology contributes
are several effective cryptographic protocols introduced in towards popularity of different smart devices and wearable
literatures to provide privacy and security to the information devices. The devices connected to the internet of things (IoT)
being transmitted in the network. But the problem occurs exchange huge network packets between them that also con-
in the case of resource-constrained IoT environment where sists of sensitive information [1]. Information is exchanged
the devices connected are unable to handle the features of in the form of images as well, hence image security in this
cryptographic protocols thereby compromising with secu- digital world is of importance too [2]. Since the network
rity. To address this precarious issue, this paper suggests a is getting extended with the interconnection of billions of
modification in a lightweight block cipher that can ensure devices day by day, there is a higher risk of security crisis
security in the constrained environment. To attain better that leads to information leakages [3]. Leakage of informa-
tradeoff between both security and performance, a modified tion may occur due to the vulnerability of the devices to
version of GIFT block cipher is proposed, which is one of various malicious attacks [4, 5]. Among those attacks, sev-
the recently introduced effective lightweight block cipher. eral attacks are made voluntarily by the attackers to acquire
This modified algorithm prioritizes the use of linear func- access to the personal information so as to gain financial
tions with bitslice substitution and involutive permutation profits that are illegal [6]. Such kind of activities deplete the
operations to attain high diffusion. The proposed algorithm reputation of the IoT network and prompt action is required
is then evaluated and compared with different cryptographic to be taken to keep it under control. With this aim, several
algorithms on the basis of various state-of-the-art param- researchers invented different methodologies and protocols
eters and the results proved its efficiency. among which the cryptographic protocols received atten-
tion [7, 8]. These protocols also maintained the reputation
Keywords Internet of things · Lightweight block of IoT by ensuring strong security and privacy for the end
ciphers · GIFT · Key schedule algorithm · Bitslicing · devices [9].
Involutive permutation The cryptographic algorithms convert the input mes-
sage into a cipher-text that cannot be easily cracked by
the attackers without deep knowledge regarding the for-
mulations used [10]. These cryptographic algorithms are
* Nilufar Yasmin made up of several complex mathematical formulations
[email protected] that require resources with high capacity to function prop-
Richa Gupta erly. One of the issues with the IoT network is its limited
[email protected] resource capacity [11, 12]. Most of the devices connected
1
Department of Electronics & Communication Engineering,
to the network are resource-constrained that are unable
Jaypee Institute of Information Technology, Noida, to run the cryptographic algorithms effectively [13]. The
Uttar Pradesh, India devices are generally limited in terms of computing power

13
Vol.:(0123456789)
 Int. j. inf. tecnol.

and memory which are the major requirements for the 1.2 Contribution
encryption algorithms to function normally. This com-
promises with the security of the devices thereby leading The work presented in the paper includes the following
to leakage of sensitive information [14–16]. major contributions:
The cryptographic algorithms can be categorized as
symmetric and asymmetric algorithms where, a single • Providing security to the resource-constrained IoT
key is used by the symmetric algorithm and a key pair is environment is a complex yet an important job. The
used by the asymmetric algorithm [17]. The symmetric lightweight block ciphers proved to function better
algorithm sends the key through the network that can be even in resource constrained environment by ensuring
hacked whereas, the private key of the asymmetric algo- optimal security. This paper contributes to the develop-
rithm is never shared via network to offer higher security ment of a modified lightweight symmetric block cipher
[18, 19]. Most of the modern applications rely on symmet- for secure networks in IoT environment.
ric algorithms for security [20]. This algorithm can be cat- • The traditional KSA of GIFT block cipher follow
egorized as block and stream ciphers where, a block of bits linear functions leading to slower and predictable bit
is encrypted in block cipher and stream cipher encrypts transitions. Thus, the major contribution of the work is
the plaintext bit-by-bit [21]. Since the block ciphers are to elevate the security by enhancing round key random-
efficient, these ciphers are particularly preferred. The ness and diffusion property of the GIFT block cipher
restrictions in the small-scale embedded systems led to using bitslice substitution and involutive permutation
the emergence of lightweight cryptography [22]. Hard- operations.
ware and software implementations of several lightweight • Performing extensive simulations for performance anal-
cryptographic systems are presented in literatures includ- ysis of the proposed modified lightweight GIFT block
ing PRESENT [23], SIMON, SPECK [24], RECTANGLE cipher and compare it with the existing block cipher algo-
[25], TWINE [26], PICCOLO [27], PICO [28], ROAD- rithms in terms of different performance metrics.
RUNNER [29], SKINNY, MANTIS [30], CLEFIA [31],
KLEIN [32], XTEA [33], LED [34], etc. These algorithms
proved to provide optimal performance and also enhancing 1.3 Paper organization
the security feature of the IoT network [35].
This paper has 6 sections: Sect.1 presents brief introduction;
Sect. 2 briefs the literature survey of the most recent meth-
1.1 Motivation odologies published under the field of IoT security using
lightweight protocols, Sect. 3 presents the preliminaries
The introduction of cryptographic systems resulted in relevant to the work, Sect. 4 presents proposed methodol-
increased percentage of security to the IoT applications ogy with description and mathematical formulations, Sect.
and the sensitive data circulated within the IoT environ- 5 covers the result section with comparative analysis and
ment. Among the existing cryptographic primitives, the discussion and finally Sect. 6.
symmetric lightweight block ciphers gained huge popu-
larity due to their performance and efficiency. One of the
major advantages of these algorithms is that these are
capable of securing blocks of data simultaneously thereby 2 Related work
enhancing the elasticity and efficiency of the network.
There are several block ciphers introduced in literatures So far, many methodologies to promote security of data in
to deal with major security crisis and to reach an optimum IoT have been implemented. Among those, the most effec-
level of performance without compromising the security. tive ones are reviewed under this section. Security in IoT is
The problem with these algorithms lies in the generation one of the most important requirements in recent times due
of round keys as the randomness of the round keys are not to the frequent attacks and threats involved. Cryptographic
ensured. The randomness property is one of the most cru- algorithms are effective, but these are found to be unsuit-
cial factors that is required to be focused to ensure security able for the IoT restricted devices. Thus, lightweight block
even in complex hazardous environments. This motivates ciphers are introduced that proved to work on low-power
to propose a new block cipher that helps in optimal genera- and resource-constrained devices. To this extent, Ramadan
tion of round keys with enhanced randomness and security. et al. [36] presented an ultra-lightweight secret-key block-
Moreover, the proposed algorithm strives to achieve an enciphering algorithm called LBC-IoT. The algorithm was
optimum level of performance without compromising the based on the feistel structure and the block length was
security in the IoT network. 32-bit with the key length of 80-bit. The algorithm proved

13
Int. j. inf. tecnol.

to restrict several attacks including side-channel, differential operations. Objective of the proposed algorithm is to reach
and linear attacks. an optimum level of performance without compromising
Another lightweight block cipher to protect the resource the security. Also, the randomness of the round keys and
constrained IoT smart systems was introduced by Ragab diffusion are ensured thereby providing highest percent-
et al. [37]. A modified version of symmetric XXTEA block age of security to the applications compared to the existing
cipher was designed for enhanced security of the smart methodologies.
devices. The traditional XXTEA algorithm was identified
to be more prone to key-related attacks and chosen-plaintext
attacks. The improvement was made with the employment of 3 Preliminaries
S-box with an additional layer of security using the chaotic
key generator system behind one-time padding. The results The lightweight block ciphers are capable of providing better
show the efficiency of the algorithm compared with the tra- security even to constrained devices in the IoT network. The
ditional XXTEA and advanced encryption standard (AES) GIFT block cipher is one of the most effective algorithms
algorithms. that can achieve an optimal tradeoff between security and
Smart devices making an interconnection in the IoT net- efficiency thereby offering better performance compared to
work have some intrinsic characteristics, because of which other block ciphers such as SIMON, SKINNY, PRESENT,
the existing algorithms are unable to provide effective pro- etc. [41]. This section presents the sequential steps followed
tection for the devices against the cryptographic attacks. in the existing GIFT cipher along with their significances.
To solve such an issue, Girija et al. [38] designed a new Since the proposed method explores the GIFT-128-bit block
lightweight block cipher called FibGeoPresent based on the cipher, the following explanation is centered on the GIFT-
Fibonacci series. Similar to some popular block ciphers, the 128-bit cipher.
FibGeoPresent cipher also used the S-box and P-box opera-
tions and was basically designed based on the substitution 3.1 GIFT‑128‑bit block cipher
permutation network (SPN) type.
The design of a key schedule algorithm (KSA) is required Based on the SPN structure method, GIFT is a symmetric
to be given utmost importance in the construction of sym- block cipher algorithm. This cipher performs four steps for
metric block ciphers. Though it has undeniable significance, each round including S-box generation, permutation, add
it is one of the least attentive areas in the development of an round key and constant XOR. The process of encryption
algorithm for encryption. Among other lightweight symmet- followed in the GIFT cipher is depicted in Fig. 1.
ric block ciphers, PRESENT is one of the most popular one After applying the input, which here is called as plaintext
with enhanced performance and security. But the KSA of several steps.
this cipher follow linear functions leading to slower bit tran-
sition that is predictable. To resolve this issue, Imdad et al. i. S-box generation
[39] introduced an enhanced KSA for the PRESENT-128
block cipher with avalanche effect, round key bit difference 128-bit key is delivered as the input to the block cipher to
and enhanced randomness. which the S-boxes are generated. The input key is split into
The IoT environment is composed of several number 4-bit blocks and it is now provided as the input to the 4-bit
of resource constrained devices that are highly targeted S-boxes. The invertible 4-bit S-box generated is used for the
by the cyber attackers. The normal encryption algorithms cipher state. The hexadecimal notation of the S-box used in
sometimes fail to secure such devices from the attacks as the cipher can be understood from [41].
new malicious codes are continuously being generated. To
overcome this issue, Alshammari et al. [40] introduced a ii. Permutation
lightweight cryptosystem that works for highly constrained
IoT devices. The algorithm was based on AES with a new As the next step, the GIFT block cipher performs permu-
chaotic S-box to achieve higher randomness with strong tation of bits where the ith bit of block B replaces the P128 (i)th
cryptographic properties. The evaluations of the algorithm bit of block B. The permutation operation on the input of
proved the reliability and the applicability for secured com- GIFT-128-bit block cipher can be seen in [41].
munication and image encryption.
Upon reviewing the existing methodologies, it has been iii. AddRoundKey
identified that the existing block ciphers are unable to find an
optimal tradeoff between the network performance and secu- Given the 128-bit blocks as Bi = 𝛽127 , ....𝛽0 and the
rity. This problem is optimally addressed in the proposed round keys can be represented as Rki = 𝛾127 , ...𝛾0 . The keys
work with the addition of substitution and permutation can be represented as K = 𝜅7 , ...𝜅0 where, the keys

13
 Int. j. inf. tecnol.

v. Key schedule algorithm

Input plaintext Key register

The KSA is one of the most significant steps in the GIFT

S-box generation cipher where the algorithm is responsible for key updation as
well as in extraction of the round key from the updated key.
Permutation The mathematical formulation for KSA is provided below
AddRoundKey in Eq. (4):

𝜅7 � � � �
�𝜅6 ‖...‖𝜅1 �𝜅0 ← 𝜅1 >>> 2�𝜅0 >>> 12‖...‖𝜅3 �𝜅2 (3)
Constant XOR Key schedule
where >>> indicates right rotation operator.
..

S-box generation 4 Proposed methodology

Permutation The IoT network is composed of several number of intercon-

nected devices that are solely employed to enable efficient
AddRoundKey communication and transmissions. Since the network deals
with several forms of data transmissions, it has to deal with
the cyber-attacks by providing effective security for the end
Constant XOR
devices. The traditional encryption algorithms are basically
formulated using simple mathematical computations that are
Cipher-text unfit for the resource constrained devices. To deal with these
issues, the lightweight block ciphers are introduced that
Fig. 1  Process of encryption followed in GIFT block cipher
proved to be more reliable than the traditional mechanisms.
The security solutions based on lightweight block ciphers
are proved to be capable of securing the resource constrained
devices much effectively. Among various lightweight block
ciphers, GIFT is one of the recent and effective cipher pro-
𝜅0 , 𝜅1 , 𝜅4 and 𝜅5 are selected and are used as V and W of viding higher security and efficiency. In general, the KSA
the round key. The round key can� be computed as follows: � of GIFT block cipher follows linear functions resulting in a
�
Rk = V‖W = 𝜐31 , ...𝜐0 �𝜔31 , ...𝜔0 V = 𝜅5 � �
�𝜅4 , W = 𝜅1 �𝜅0 . predictable bit transition. A robust KSA is expected to yield
�
Then, the round key is XORed with block B where, V is round keys that are independent of each other regardless of
XORed to 𝛽4i+2 and W is XORed to 𝛽4i+1. This can be math- the secret key. Thus, this work introduces a modified version
ematically represented as in Eq. (1): of GIFT block cipher that prioritizes the use of linear func-
tions in KSA. Moreover, the modified version reduces the
𝛽4i+2 ← 𝛽4i+2 ⊕ 𝜐i
(1) transparency in bit transitions and ensures randomness with
𝛽4i+1 ← 𝛽4i+1 ⊕ 𝜔i ; i = 0. 1, ....31 improved security. The flowchart of the proposed modified
lightweight GIFT-128-bit block cipher is displayed in Fig. 2.
iv. Constant XOR Initially, the input plaintext value is provided to the GIFT
cipher for encryption. For the obtained input, the algorithm
In this step, XOR operation is performed for the single computes the S-boxes by splitting the input into 4-bit blocks.
bit and round constants to block B. The round constants After generating the S-boxes, the bitslice substitution opera-
can be represented as C = 𝜍5 𝜍4 𝜍3 𝜍2 𝜍1 𝜍0 . The XOR opera- tion is carried out in the proposed method followed by the
tion followed in this step can be mathematically formu- involutive permutation. These two steps enhance the GIFT
lated as presented below in Eq. (2): block cipher resulting in better performance and security.
Irrespective of the secret key of GIFT cipher, the proposed
𝛽n−1 ← 𝛽n−1 ⊕ 1, 𝛽23 ← 𝛽23 ⊕ 𝜍5 , modification produces independent and random round keys
𝛽19 ← 𝛽19 ⊕ 𝜍4 , 𝛽15 ← 𝛽15 ⊕ 𝜍3 , (2) for computations. The bitslicing operation prioritizes the
𝛽11 ← 𝛽11 ⊕ 𝜍2 , 𝛽7 ← 𝛽7 ⊕ 𝜍1 , 𝛽3 ← 𝛽3 ⊕ 𝜍0 linear functionalities of KSA thereby resulting in higher
diffusion. Following this step, the involutive permutation
The round constants C = 𝜍5 𝜍4 𝜍3 𝜍2 𝜍1 𝜍0 used in the GIFT- operation is carried out on every 4-bits of the substitution
128-bit block cipher can be identified from [41]. function’s output for all the sub blocks. After this step, the

13
Int. j. inf. tecnol.

Plain text Key register i. Initialization

The proposed cipher receives the 128-bit plaintext as the

S-box generation
cipher state for encryption. The input plaintext can be repre-
sented as 𝛽127 , 𝛽126 , ...𝛽0 and 𝛽0 indicates the least significant
Bitslice substitution
bit. The 4-bit nibbles of the cipher state can be expressed as
U = u31 ��u30 ‖...‖u0 and a 128-bit key is also provided to the
Involutive
permutation
cipher as the key state expressed as K = 𝜅7 ‖ ‖ ‖
‖𝜅6 ‖...‖𝜅0 and
each 𝜅i indicates a 16-bit word.
Add round key

ii. S-box generation

Constant XOR Key schedule
The invertible 4-bit S-box is utilized in the proposed
modified GIFT cipher and this S-box is applied to all the
S-box generation 40 rounds nibbles of the cipher state. The expression for the applica-
tion of S-box to the cipher state is expressed mathematically
Bitslice substitution
as in Eq. (4):
( )
ui ← Sb ui ; ∀i ∈ {0, 1, ....31} (4)
Involutive
permutation
The hexadecimal notation of the S-box utilized in this
Add round key
Update key
step can be seen in [41].

Constant XOR iii. Bitslice substitution

Cipher text
Bitslice substitution is a non-linear function and makes
use of the substitution table generated in the previous step.
In case of bitslice substitution, the Boolean operations are
Fig. 2  Flowchart for the proposed modified lightweight GIFT block
cipher
utilized to apply the S-box to the input block. The basic
Boolean operations such as AND (&), OR ( |), XOR (⊕),
NOT (∼), etc. are followed in this step. For every column of
the input block, the S-box of this step is applied in parallel.
AddRoundKey step is executed where, the round key is
The operation of bitslicing is inspired from the RECTAN-
XORed with the blocks. Then, the constant XOR operation
GLE algorithm [25]. The function of bitslice substitution as
is applied to get the desired cipher-text as output.
proposed in this work is described below in Eq. (5):
T1 = X1 ; T2 = X0 &T1 ; T3 = X2 ⊕ X3 ;
4.1 Modified lightweight GIFT block cipher Y0 = T2 ⊕ T3 ; T5 = X3 ||T1 ; T6 = X0 ⊕ T5 ;
(5)
Y1 = X2 &T6 ; T8 = X1 ⊕ X2 ; T9 = T3 &T6 ;
In the proposed modified version of GIFT block cipher, the
modifications are made in the sequential steps followed. The Y3 = T8 &T9 ; T11 = Y0 ||T8 ; Y2 = T6 &T11
additional steps of bitslice substitution and involutive per-
where Ti indicates a 32-bit temporary variable. The input
mutations are carried out to enhance the security features of
block of the substitution block is indicated as X and the
GIFT. The major steps of the proposed modified GIFT block
output of the substitution block is indicated as Y .
cipher are as follows:
iv. Involutive permutation
i. Initialization
ii. S-box generation
In case of the involutive permutation, the output obtained
iii. Bitslice substitution
from the substitution block is distributed as 4-bits to vari-
iv. Involutive permutation
ous sub-blocks. The involutive permutation makes use of a
v. AddRoundKey
transpose matrix of size 16 × 4 to obtain the output values of
vi. Constant XOR
block B. The matrix considered for involutive permutation
can be represented as followed in Eq. (6):
These six steps are explained below:

13
 Int. j. inf. tecnol.

⎡ 𝛽0, 7 𝛽0, 6 𝛽0, 5 𝛽0, 4 ⎤ steps of the proposed symmetric algorithm followed in the
⎢𝛽 ⎥ encryption technique is displayed in Fig. 3.
⎢ 0, 3 𝛽0, 2 𝛽0, 1 𝛽0, 0 ⎥
⎢ 𝛽1, 7 𝛽1, 6 𝛽1, 5 𝛽1, 4 ⎥
⎢ ⎥
Mx = ⎢ ... ... ... ... ⎥ (6) 5 Results and discussion
⎢ ... ... ... ... ⎥
⎢ ⎥
⎢ ... ... ... ... ⎥ Simulation and analysis of the proposed work has been done
⎢ ⎥ using the Matlab platform, version 2021. Its performance
⎣ 𝛽15, 3 𝛽15, 2 𝛽15, 1 𝛽15, 0 ⎦
has been compared and analyzed with the existing algo-
The transpose of the above matrix Mx is taken in this step rithms to prove its performance efficiency. The simulation
to obtain the output of involutive permutation. In the matrix, scenario considered, metrics used and comparative analysis
each row is considered as 4-bits and these are distributed on of the proposed approach are elaborated in the forthcoming
different sub-blocks. sections.

v. AddRoundKey 5.1 Simulation scenario

The AddRoundKey step is then formulated where, the The proposed algorithm is evaluated based on different
round constants are added with the round keys. To attain perspectives. Since the modifications are carried within
this, the XOR operation is utilized between the cipher the algorithm, the round keys and secret key are evalu-
state bits and V and W . The mathematical formulation for ated to prove its effectiveness in terms of security. Here,
AddRoundKey can be found in Eq. (1). for performance evaluation of the proposed approach, a
synthetic dataset is generated using the ‘rand’ function
vi. Constant XOR in Matlab. The length of the plaintext generated is 128
bits long and the length of the round keys and secret key
The last step of the proposed modified GIFT block cipher are 128 bits long. In terms of the security perspective,
is constant XOR where, the XOR operation is performed for the cipher-text generated by the algorithm is evaluated
bit positions 1, 3, 7, 11, 15, 19 and 23 in the cipher state. based on different metrics. Each plaintext in the dataset
The mathematical formulation for constant XOR is provided
in Eq. (2). 32-bits 32-bits 32-bits 32-bits

vii. Key schedule

Input 128-bit key

Before updating the key state, a round key from the key
state is mined after the �XOR operations.
� In the proposed 32-bits 32-bits 32-bits 32-bits
method, the round key Rk = V‖W is extracted as four
16-bit words represented below in Eq. (7):
S-box S-box S-box S-box
V ← 𝜅5 ‖
‖𝜅4
(7)
W ← 𝜅1 ‖
‖𝜅0 Bit substitution Bit substitution Bit substitution Bit substitution
40 rounds

After extracting the round key as in the above equation,

updating of the key state is shown in Eq. (3). As in SKINNY Inv. permutation Inv. permutation Inv.permutation Inv. permutation
cipher, the round constants are generation of on the 6-bit
affine LFSR. The mathematical formulation is as followed
in Eq. (8): Add round key Add round key Add round key Add round key

( ) ( )
𝜍 5 , 𝜍 4 , 𝜍 3 , 𝜍 2 , 𝜍 1 , 𝜍0 ← 𝜍 4 , 𝜍 3 , 𝜍 2 , 𝜍 1 , 𝜍 0 , 𝜍 5 ⊕ 𝜍 4 ⊕ 1
(8)
Initially, zero is assigned to the six bits and then updated
and used in the upcoming rounds. The values for the consid- Cipher-text
ered round constants for every round can be seen in S-box
generation. On repeating the above steps for 40 rounds
Fig. 3  Sequential steps of the proposed modified lightweight GIFT
cipher-text is obtained from the given input. The sequential block cipher

13
Int. j. inf. tecnol.

is 128 bits long to ensure security and efficiency of the Power indicates the total power spent by the software/
algorithm proposed here as compared to other lightweight hardware systems in completing the execution of the pro-
block ciphers. The system configuration followed for the posed algorithm. Reduced power indicates better and sig-
implementation of the proposed work is as follows: the nificant performance.
implementations are performed in a system installed with
Intel(R) Core (TM) i5-8265U CPU @1.60 GHz 1.80 GHz 6 Software efficiency
operating system with 8 GB RAM, 1 TB HDD.
Software efficiency determines the balance between the
size of implementation and performance of the algorithm. It
5.2 Performance metrics is important for the proposed method to achieve higher per-
centage of software efficiency to attain better performance.
The algorithm is assessed in terms of throughput, energy, The formulation for software efficiency is as follows:
time, latency, power, and software efficiency. The mathemat- [ ]
ical formulations for the performance metrics are as follows: Tp Kbps
SE = (10)
csize [KB]
1 Throughput
where SE indicates the software efficiency, Tp indicates the
Throughput can be defined as the kilo-bits accomplished throughput calculated in Kbps and csize indicates the code
per second by the encryption or decryption process at a par- size given in KB.
ticular frequency. A frequency of 4 MHz is used in the soft-
ware implementation of the proposed work. It is desired to 5.3 Performance analysis
increase the throughput value to achieve higher performance.
The performance of the modified algorithm as proposed here
2 Energy is compared with other existing lightweight block ciphers
to prove the efficiency of the modified algorithm. For fair
Energy consumption can be defined as the overall energy analysis, the existing block ciphers are implemented under
consumed by any system during the encryption-decryption the same simulation scenario. The algorithms that are cho-
process. The formulation for energy can be given as follows: sen for comparison include PRESENT, PRESENT KSA,
( [ ] ) SIMON, SKINNY, GIFT, GIFT KSA and GIFT COFB.
lt cycles ∗ P[𝜇W] Different versions of PRESENT and GIFT algorithms are
ℑn [𝜇J] =
block
(9) chosen for comparison and analysis of their security and per-
𝛽size [bits] formance. The detailed evaluations of the proposed method
are described below:
where ℑn indicates the energy, lt indicates the latency and
𝛽size indicates the block size.

3 Time
Table 1  Throughput Methods Through-
Time indicates the total consumed by the algorithm assessment of the proposed and put
existing works
to complete the execution process of the encryption of (Kbps)
128-bits long plaintext. It is important to reduce the time
GIFT COFB 922
taken for completing the process to prove that the proposed
GIFT KSA 908
algorithm is efficient.
GIFT 720
SKINNY 576
4 Latency
SIMON 513
PRESENT KSA 426
Latency is the time taken by the algorithm to encrypt
PRESENT 439
a single block. In other words, it can be illustrated as the
Proposed 970
number of clock cycles required to figure out a single block’s
message input or encrypted version of it. The latency is Bold denotes the state-of-the-
required to be reduced to prove its performance efficiency. art parameter value for the
"Proposed Modified GIFT-
Algorithm" (PROPOSED in the
5 Power table)

13
 Int. j. inf. tecnol.

Fig. 4  Graphical representation of throughput assessment Fig. 5  Graphical representation of energy assessment

Table 2  Energy assessment of Methods Energy (µJ) Table 3  Time assessment of Methods Time (s)
the proposed and existing works the proposed and existing works
GIFT COFB 189.34 GIFT COFB 35.93
GIFT KSA 172.89 GIFT KSA 30.49
GIFT 208.67 GIFT 38.47
SKINNY 361.90 SKINNY 64.13
SIMON 642.71 SIMON 71.78
PRESENT KSA 2491.42 PRESENT KSA 129.64
PRESENT 2279.66 PRESENT 125.85
Proposed 115.43 Proposed 26.64

Bold denotes the state-of-the- Bold denotes the state-of-the-

art parameter value for the art parameter value for the
"Proposed Modified GIFT- "Proposed Modified GIFT-
Algorithm" (PROPOSED in the Algorithm" (PROPOSED in the
table) table)

The proposed scheme has been assessed for throughput energy consumption indicates the overall energy consumed
and obtained results are presented in tabular manner as by the system while converting the plaintext into cipher-
in Table 1. Tabulated data shows that the throughput pro- text. The graphical representation for energy consump-
vided by the proposed algorithm is higher when compared tion is provided in Fig. 5. It is seen from the graph that
with other algorithms. Improvement in throughput of the the proposed algorithm is optimal in reducing the amount
algorithm proposed is also displayed in Fig. 4. The graph of energy spent in encryption process. Compared to the
represents that the proposed modified algorithm is some- traditional GIFT, PRESENT, SIMON and SKINNY algo-
how better than the algorithms chosen here for comparison. rithms, the proposed algorithm produced optimal results
The throughput attained by the traditional GIFT cipher is in energy consumption. The average energy consumed by
720kbps and PRESENT is 439kbps. Also, the throughput the GIFT cipher is 208.67 µJ, by the PRESENT cipher is
scored by the SIMON and SKINNY algorithms are 513kbps 2279.66 µJ, by the SIMON and SKINNY algorithms are
and 576kbps. Among the compared algorithms, the GIFT 642.71 µJ and 361.90 µJ. On the conducted analysis, the
COFB scored higher throughput of 922kbps. The proposed GIFT KSA resulted in optimal results in terms of compared
algorithm achieved a total throughput rate of 970kbps block ciphers with an overall energy consumption rate of
higher than all the existing block ciphers considered for 172.89 µJ. The proposed algorithm resulted in an average
comparison. energy consumption rate of 115.43 µJ which is more optimal
The energy consumed by the modified algorithm pro- than the other results obtained.
posed here in the current work is analyzed and compared The proposed modified algorithm has been analyzed in
with other block ciphers and are presented in Table 2. The terms of the running time taken as displayed in Table 3.

13
Int. j. inf. tecnol.

Fig. 6  Graphical representation of time assessment Fig. 7  Graphical representation of latency assessment

process whereas, the GIFT KSA algorithm took minimum

Table 4  Latency assessment of Methods Latency
the proposed and existing works time. The time expended by the proposed algorithm to
(cycles/
complete the process is 26.64 s which is more.
block)
The latency of the algorithm proposed is assessed
GIFT COFB 1960 with other algorithms and the outcomes are presented
GIFT KSA 1660 in Table 4. From the values, it is seen that the proposed
GIFT 2096 algorithm reduced the latency in data transmission more
SKINNY 2138 optimally than the other algorithms. Also, the graphical
SIMON 2693 representation for latency analysis is displayed in Fig. 7.
PRESENT KSA 4322 The figure shows a decreasing trend of latency in case
PRESENT 4196 of proposed method as compared to other existing meth-
Proposed 1451 ods. Among the compared methods, reduced latency is
achieved by the GIFT KSA algorithm with a total latency
Bold denotes the state-of-the-
art parameter value for the of 1660 cycles/block. The traditional GIFT cipher resulted
"Proposed Modified GIFT- in a total latency of 2096 cycles/block whereas, the pro-
Algorithm" (PROPOSED in the posed algorithm resulted in 1451 cycles/block of latency.
table)
This means that the clock cycles required for the pro-
posed algorithm for completion of a single block encryp-
tion is low compared to the other algorithms When the
Tabular values show the worth of the proposed approach. clock cycles required for processing is high, the latency
To prove the competence of the algorithm proposed and to of the algorithm in completing and transmitting the block
highlight its importance, the traditional block ciphers are increases. This proves that the proposed algorithm is faster
implemented and comparison is made with the proposed and efficient as compared to other block ciphers.
algorithm. Due to the modifications made in the GIFT The power required for the completion of the process
cipher, the proposed algorithm resulted in better outcome. for the proposed and baseline algorithms are analyzed and
The graphical representation of the performance compari- the outcomes are presented in Table 5. Similar results are
son made is displayed in Fig. 6. The graph also shows bet- shown in a graphical manner in Fig. 8. Based on the values
ter value for the proposed method than the compared algo- obtained, it is clear that the introduced algorithm is more
rithms. Among the compared algorithms, the GIFT KSA optimal than the other compared algorithms. Compared
algorithm achieved optimal outcome of 30.49 s. The tradi- to the traditional algorithms, the introduced algorithm is
tional GIFT, PRESENT, SIMON and SKINNY algorithms more optimal and produced effective results. Among the
took 38.47 s, 125.85 s, 71.78 s and 64.13 s to complete compared algorithms, the PRESENT block cipher resulted
the encryption process. Among the compared algorithms, in 586.75 µW which is larger than the other block ciphers.
the PRESENT algorithm took longer time to complete the Also, among the compared algorithms, the power taken
by the GIFT KSA is optimal and is close to the proposed

13
 Int. j. inf. tecnol.

Table 5  Power assessment of Methods Power (µW)

the proposed and existing works
GIFT COFB 78.25
GIFT KSA 56.24
GIFT 89.60
SKINNY 152.34
SIMON 214.79
PRESENT KSA 622.56
PRESENT 586.75
Proposed 42.95

Bold denotes the state-of-the-

art parameter value for the
"Proposed Modified GIFT-
Algorithm" (PROPOSED in the
table)

Fig. 9  Graphical representation of software efficiency assessment

algorithm. The overall power taken by the proposed algo-
rithm is only 42.95 µW which is much less than the other
algorithms chosen for comparison.
The software efficiency of the introduced model is com-
pared with the baseline models and the outcomes are high-
lighted in Table 6. Tabulated results shows that the proposed
model is more efficient than the other algorithms chosen for
comparison. The software efficiency is measured in terms
of Kbps/Kb. Figure 9 shows software efficiency in graphi-
cal manner. The graph also shows an increasing trend in the
efficiency for the proposed method. Among the compared
methods, highest value of software efficiency is attained
by the GIFT COFB algorithm i.e., 8.00 Kbps/Kb and the
lowest value is attained by the PRESENT block cipher i.e.,
3.81 Kbps/Kb. Compared to these algorithms, the outcome
of the proposed algorithm is relatively high and the over-
all software efficiency attained by the proposed algorithm
Fig. 8  Graphical representation of power assessment
is 9.02 Kbps/Kb. This proves that the algorithm proposed
is efficient as compared to other block ciphers chosen for
comparison.
Table 6  Software efficiency assessment of the proposed and existing
works
Methods Software effi- Table 7  Frequency test analysis
ciency (Kbps/
Kb) Methods Frequency

GIFT COFB 8.00 GIFT COFB 0.982361298700039

GIFT KSA 7.88 GIFT KSA 0.976150905615062
GIFT 6.25 GIFT 0.959484280048124
SKINNY 5.00 SKINNY 0.932645950014331
SIMON 5.00 SIMON 0.925613662621871
PRESENT KSA 3.69 PRESENT KSA 0.89827039353685
PRESENT 3.81 PRESENT 0.89751200163051
Proposed 9.02 Proposed 0.988849587244412

Bold denotes the state-of-the-art parameter value for the "Proposed Bold denotes the state-of-the-art parameter value for the "Proposed
Modified GIFT-Algorithm" (PROPOSED in the table) Modified GIFT-Algorithm" (PROPOSED in the table)

13
Int. j. inf. tecnol.

5.3.1 NIST randomness test analysis � 𝜍n �

𝜍obs = �√ � (12)
n
The NIST randomness test is conducted to prove the random-
ness of the key being generated in the algorithm. Higher the
randomness in round key generation, higher will be the security 𝜍n = X1 + X2 + .....Xn (13)
of the system. In the proposed work, the frequency test and the
where erfc(⋅) indicates the complementary error function, 𝜍n
hamming weight test are carried out to prove the randomness
indicates the absolute value of the sequence and n indicates
of the key and the security efficiency of the algorithm.
the input string length.
5.3.2 Frequency test analysis
5.3.3 Hamming weight analysis
For any round key being produced, there should be an equal
Hamming weight analysis ensures randomness in the round
proportion of zeros and ones to ensure randomness. This is
keys by maintaining a perfect balance between the number
the basic NIST test and the KSA algorithms failing to pass
of zeros and ones in the keys. This balance helps to achieve
this test will not pass the other tests as the requirements
higher randomness in the ciphertext being produced. It is
for other tests are stricter. The results of the frequency test
suggested for an ideally balanced binary string with num-
analysis of the proposed and existing works is highlighted
ber of bits n should result in a hamming weight of n/2. The
in Table 7. Based on the table, it has been recognized that
analysis of hamming weight is carried out for the introduced
the value obtained by the proposed method is more optimal
and baseline algorithms and the outcomes obtained are pre-
than the other algorithms taken for comparison. The pro-
sented in Table 8. Based on the table, it is clear that the ham-
posed algorithm runs for 40 rounds. Also, the frequencies
ming weight attained by the presented model is higher than
achieved by the other algorithms are taken based on the aver-
that of the other algorithms. The proposed model attained a
age for the frequencies of every rounds. Compared to the
higher value of hamming weight than the other algorithms
other existing algorithms, the frequency of the algorithm
proving that it is more secure than the other algorithms.
proposed here is high. This means that the randomness of
Depending on the number of rounds of each algorithm, the
the round key for the presented algorithm is higher than the
hamming weight values of the algorithms are mentioned.
other algorithms. This analysis validates the security of the
This is because, for different number of rounds, the algo-
proposed algorithm as per NIST standards.
rithms result in different hamming weights. On the whole,
The mathematical calculations for frequency test are as
the hamming weight attained by the proposed algorithm is
follows:
optimal and for 40 rounds, the proposed algorithm resulted
� �
𝜍obs in a hamming weight of 127. The mathematical formulation
p = erfc √ (11) for hamming weight can be given as follows:
2
no. of non − zero bits
Hw = (14)
total bits
where Hw indicates the hamming weight.

5.3.4 Discussion
Table 8  Hamming weight analysis
Methods No. of rounds Hamming Based on the simulations conducted, it has been identified
weight that the proposed algorithm has enhanced security with
improved efficiency. The proposed algorithm also enhanced
GIFT COFB 40 71
the randomness of the round keys in each round and also
GIFT KSA 40 67
enriched the diffusion via involutive permutation. The
GIFT 40 67
analysis also demonstrated that the presented algorithm is
SKINNY 40 65
more effective than the existing popular block ciphers. With
SIMON 44 65
enhanced security, the throughput rate of the system is also
PRESENT KSA 31 32
increased due to the avoidance of attacks in IoT. This has
PRESENT 31 21
been proved through the throughput analysis performed in
Proposed 40 127
the last section. Also, the time taken by the proposed model
Bold denotes the state-of-the-art parameter value for the "Proposed in completion of the entire process of encryption is low that
Modified GIFT-Algorithm" (PROPOSED in the table) is reducing the overall latency of the system. The software

13
 Int. j. inf. tecnol.

efficiency is also analyzed and the outcomes demonstrated 3. Wheelus C, Zhu X (2020) IoT network security: threats, risks, and
that the presented method is much more efficient than the a data-driven defense framework. IoT 1(2):259–285
4. Hussaini S (2020) Cyber security in cloud using blowfish encryp-
other baseline algorithms implemented for comparison. The tion. Int J Inf Technol 6(5):13–19
proposed algorithm is applicable to a scenario in which there 5. Madhuri A, Nagaraju TV (2014) Reliable security in cloud com-
is a minimum requirement of energy regardless of power puting environment. Int J Inf Technol 1(1):21–28
consumption. Some of the common applications where the 6. Chanal PM, Kakkasageri MS (2020) Security and privacy in IOT:
a survey. Wirel Pers Commun 115(2):1667–1693
proposed algorithm is applicable include smart lighting sys- 7. Rizvi S, Pipetti R, McIntyre N, Todd J, Williams I (2020) Threat
tems, Wi-Fi enabled systems, etc. The proposed algorithm model for securing internet of things (IoT) network at device-
is also applicable for smart environments and is capable to level. Internet Things 11:100240
ensure security in any internet-based applications. Moreo- 8. Alam S, Siddiqui ST, Ahmad A, Ahmad R, Shuaib M (2020)
Internet of things (IoT) enabling technologies, requirements, and
ver, the simplicity of the algorithm provides opportunities security challenges. Springer, Singapore, pp 119–126
to be implemented in practical and real-time applications 9. Mrabet H, Belguith S, Alhomoud A, Jemai A (2020) A survey of
and scenarios. IoT security based on a layered architecture of sensing and data
analysis. Sensors 20(13):3625
10. Thakor VA, Razzaque MA, Khandaker MRA (2021) Lightweight
cryptography algorithms for resource-constrained IoT devices:
6 Conclusion a review, comparison and research opportunities. IEEE Access
9:28177–28193
11. Biswas A, Majumdar A, Nath S, Dutta A, Baishnab KL (2020)
In this paper, a modified version of GIFT block cipher is LRBC: a lightweight block cipher design for resource constrained
proposed to enhance the diffusion property and to achieve IoT devices. Journal of Ambient Intelligence and Humanized
higher security in the IoT network. The tradition KSA of Computing. 1–15
GIFT block cipher performs linear functions that leads to 12. Bhattacharyya S (2016) Research on edge computing: a detailed
study. Int J Inf Technol 2(6):9–13
slow and predictable bit transitions which is infeasible. To 13. Sarker, Victor Kathan, Tuan Nguyen Gia, Hannu Tenhunen, and
avoid that, two additional steps are added in the GIFT algo- Tomi Westerlund. "Lightweight security algorithms for resource-
rithm that can achieve optimal tradeoff between performance constrained IoT-based sensor nodes." In ICC 2020–2020 IEEE
and security. The GIFT cipher is enhanced with bitslice International Conference on Communications (ICC), pp. 1–7.
IEEE, 2020.
substitution and involutive permutation operations. These 14. Sultan I, Mir BJ, Banday MT (2020) Analysis and optimization
operations enhanced the KSA of GIFT cipher thereby mak- of advanced encryption standard for the internet of things. In:
ing it more efficient in various aspects of implementations. 7th International Conference on Signal Processing and Integrated
The simulation of the proposed algorithm proved that it is Networks (SPIN), pp 571–575. IEEE
15. Abdulraheem M, Awotunde JB, Jimoh RG, Oladipo ID (2020)
capable of achieving higher level of security than the exist- An efficient lightweight cryptographic algorithm for IoT security.
ing block cipher algorithms. Also, the proposed algorithm In: International Conference on Information and Communication
passed the NIST randomness test and assured enhanced ran- Technology and Applications, Springer, Cham, pp. 444–456
domness of round keys. 16. Aswathy RH, Malarvizhi N (2023) A design of lightweight ECC
based cryptographic algorithm coupled with linear congruen-
In future, it is aimed to further enhance the KSA of GIFT tial method for resource constraint area in IoT. J Ambient Intell
cipher and to conduct both hardware and software imple- Humanized Comput 14(5):5097–5106
mentations of it to attain high reliability and security. More- 17. Rana M, Mamun Q, Islam R (2022) Lightweight cryptography in
over, the hardware implementations of the algorithm are IoT networks: a survey. Futur Gener Comput Syst 129:77–89
18. Mousavi SK, Ghaffari A, Besharat S, Afshari H (2021) Security
planned to be conducted for small-scale embedded systems. of internet of things based on cryptographic algorithms: a survey.
Wirel Netw 27(2):1515–1555
Data availability No external dataset is used for simulation. 19. Sharma N, Afzal M, Dixit A (2020) Blockchain-Blockcerts based
birth/death certificate registration and validation. Int J Inf Technol
Declarations 6(2):17–23
20. Srikanth G, Umarani RG, Prabhu S (2023) An efficient Key Agree-
Conflict of interest On behalf of all authors, the corresponding au- ment and Authentication Scheme (KAAS) with enhanced security
thor states that there is no conflict of interest. control for IIoT systems. Int J Inf Technol 15(3):1221–1230
21. Sudhakaran P (2022) Energy efficient distributed lightweight
authentication and encryption technique for IoT security. Int J
Commun Syst 35(2):e4198
22. Rana M, Mamun Q, Islam R (2020) Current lightweight cryptog-
References raphy protocols in smart city IoT networks: a survey. http://​arxiv.​
org/​abs/​2010.​00852. Accessed 21 Dec 2022
1. Vishwakarma R, Jain AK (2020) A survey of DDoS attacking 23. Bogdanov A, Knudsen LR, Leander G, Paar C, Poschmann A,
techniques and defence mechanisms in the IoT network. Telecom- Robshaw MJ, Seurin Y, Vikkelsoe C (2007) PRESENT: An ultra-
mun Syst 73(1):3–25 lightweight block cipher. International workshop on cryptographic
2. Ganesh T (2021) An extensive analysis of security based solutions hardware and embedded systems. Springer, Berlin, Heidelberg, pp
using image encryption techniques. Int J Inf Technol 7(3):30–34 450–466

13
Int. j. inf. tecnol.

24. Beaulieu R, Shors D, Smith J, Treatman-Clark S, Weeks B, Wing- 35. Shamala L, Mary G, Zayaraz KV, Vijayalakshmi V (2021) Light-
ers L (2013) The SIMON and SPECK families of lightweight weight cryptography algorithms for internet of things enabled
block ciphers. IACR Cryptol 2013(1):404–449 networks: an overview. J Phys: Conf Ser 1717(1):012072
25. Zhang W, Bao Z, Lin D, Rijmen V, Yang B, Verbauwhede I (2015) 36. Ramadan RA, Aboshosha BW, Yadav K, Alseadoon IM,
RECTANGLE: a bit-slice lightweight block cipher suitable for Kashout MJ, Elhoseny M (2021) Lbc-iot: lightweight block
multiple platforms. Sci China Inf Sci 58(12):1–15 cipher for iot constraint devices. Cmc-Comput Mater Continua
26. Suzaki T, Minematsu K, Morioka S, Kobayashi E (2011) Twine: 67(3):3563–3579
a lightweight, versatile block cipher. In ECRYPT workshop on 37. Ragab AAM, Ahmed M, Wahdan AM, Selim GMI (2021) Design,
lightweight cryptography, vol 2011, pp 1–5 analysis, and implementation of a new lightweight block cipher
27. Shibutani K, Isobe T, Hiwatari H, Mitsuda A, Akishita T, Shirai for protecting IoT smart devices. J Ambient Intell Humaniz Com-
T (2011) Piccolo: an ultra-lightweight blockcipher. International put 5:1–18
workshop on cryptographic hardware and embedded systems. 38. Girija M, Manickam P, Ramaswami M (2022) FibGeoPresent: a
Springer, Berlin, Heidelberg, pp 342–357 highly secured and geographic coordinate system based authenti-
28. Bansod G, Pisharoty N, Patil A (2016) PICO: An ultra lightweight cated lightweight block cipher for smart system. Wirel Pers Com-
and low power encryption design for ubiquitous computing. mun 127(3):2211–2228
Defence Sci J 66(3):259–265 39. Imdad M, Ramli SN, Mahdin H (2022) An enhanced key schedule
29. Baysal A, Şahin S (2015) Roadrunner: a small and fast bitslice algorithm of PRESENT-128 block Cipher for random and non-
block cipher for low cost 8-bit processors. Lightweight cryptog- random secret keys. Symmetry 14(3):604
raphy for security and privacy. Springer, Cham, pp 58–76 40. Alshammari BM, Guesmi R, Guesmi T, Alsaif H, Alzamil A
30. Beierle C, Jean J, Kölbl S, Leander G, Moradi A, Thomas Pey- (2021) Implementing a symmetric lightweight cryptosystem in
rin Y, Sasaki PS, Sim SM (2016) The SKINNY family of block highly constrained IoT devices by using a chaotic S-box. Sym-
ciphers and its low-latency variant MANTIS. Annual international metry 13(1):129
cryptology conference. Springer, Berlin, Heidelberg, pp 123–153 41. Banik S, Pandey SK, Peyrin T, Sasaki Y, Sim SM, Todo Y (2017)
31. Shirai T, Shibutani K, Akishita T, Moriai S, Iwata T (2007) The GIFT: a small present. In: International conference on crypto-
128-bit blockcipher CLEFIA. International workshop on fast soft- graphic hardware and embedded systems, Springer, Cham, pp
ware encryption. Springer, Berlin, Heidelberg, pp 181–195 321–345
32. Gong Z, Nikova S, Law Y (2011) KLEIN: a new family of light-
weight block ciphers. International workshop on radio frequency Springer Nature or its licensor (e.g. a society or other partner) holds
identification: security and privacy issues. Springer, Berlin, Hei- exclusive rights to this article under a publishing agreement with the
delberg, pp 1–18 author(s) or other rightsholder(s); author self-archiving of the accepted
33. Needham RM, Wheeler DJ (1997) Tea extensions. Cambridge manuscript version of this article is solely governed by the terms of
University, Cambridge, UK such publishing agreement and applicable law.
34. Guo J, Peyrin T, Poschmann A, Robshaw Matt (2011) The LED
block cipher. International workshop on cryptographic hardware
and embedded systems. Springer, Berlin, Heidelberg, pp 326–341

13