Lightweight cryptography on ARM

We present multiple contributions to the efficient software implementation of cryptographic algorithms for ARM devices. The talk has three parts: (i) LS-designs (represented by Fantomas), their efficient implementation and side-channel security; (ii) techniques to optimize the PRESENT block cipher; (iii) miscellaneous observations about efficient implementation of dedicated MAC algorithms, such as Chaskey and SipHash. The implementations target the Cortex-M and Cortex-A families of ARM processors. These devices are located towards the mid to lower-end of the spectrum of ARM architectures, and are typical of scenarios considered for lightweight cryptography , such as the Internet of Things. We improve on the state-of-the-art implementations of these algorithms substantially, both in terms of efficiency, security or compactness, by making use of novel algorithmic techniques and features specific of the target platforms.