{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,5]],"date-time":"2026-05-05T07:00:05Z","timestamp":1777964405003,"version":"3.51.4"},"reference-count":14,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2020,12,4]],"date-time":"2020-12-04T00:00:00Z","timestamp":1607040000000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2020,12,4]],"date-time":"2020-12-04T00:00:00Z","timestamp":1607040000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"funder":[{"name":"EPFL Lausanne"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["J Cryptogr Eng"],"published-print":{"date-parts":[[2022,4]]},"abstract":"<jats:title>Abstract<\/jats:title><jats:p> is a stream cipher proposed by Ekdahl et al. at IACR ToSC 2019(3) with an objective to be deployed as the encryption primitive in 5G systems. The stream cipher offers 256-bit security and is ready for deployment in the post-quantum era, in which as a rule of thumb (due to Grover\u2019s algorithm), quantum security will vary as the square root of the classical security parameters. The authors further report good software performance figures in systems supporting the  instruction set. However, they only provide a theoretical analysis of the cipher\u2019s hardware efficiency. In this paper, we aim to fill this gap. We look at the three most important metrics of hardware efficiency: area, speed and power\/energy, and propose circuits that optimize each of these metrics and validate our results using three different standard cell libraries. The smallest  circuit we propose occupies only around 4776 gate equivalents of silicon area. Furthermore, we also report implementations which consume as little as 12.7\u00a0pJ per 128 bits of keystream and operate at a throughput rate of more than 1\u00a0Tbps.<\/jats:p>","DOI":"10.1007\/s13389-020-00251-6","type":"journal-article","created":{"date-parts":[[2020,12,4]],"date-time":"2020-12-04T05:03:27Z","timestamp":1607058207000},"page":"53-73","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":12,"title":["Melting SNOW-V: improved lightweight architectures"],"prefix":"10.1007","volume":"12","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-3019-2897","authenticated-orcid":false,"given":"Andrea","family":"Caforio","sequence":"first","affiliation":[]},{"given":"Fatih","family":"Balli","sequence":"additional","affiliation":[]},{"given":"Subhadeep","family":"Banik","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2020,12,4]]},"reference":[{"key":"251_CR1","doi-asserted-by":"crossref","unstructured":"Banik, S., Bogdanov, A., Regazzoni, F.: Exploring energy efficiency of lightweight block ciphers. In: Selected Areas in Cryptography\u2014SAC 2015\u201422nd International Conference, Sackville, NB, Canada, August 12\u201314, 2015, Revised Selected Papers. pp. 178\u2013194 (2015)","DOI":"10.1007\/978-3-319-31301-6_10"},{"key":"251_CR2","doi-asserted-by":"publisher","unstructured":"Banik, S., Bogdanov, A., Regazzoni, F.: Atomic-AES: A compact implementation of the AES encryption\/decryption core. In: Progress in Cryptology\u2014INDOCRYPT 2016\u201417th International Conference on Cryptology in India, Kolkata, India, December 11\u201314, 2016, Proceedings. pp. 173\u2013190 (2016). https:\/\/doi.org\/10.1007\/978-3-319-49890-4_10","DOI":"10.1007\/978-3-319-49890-4_10"},{"key":"251_CR3","unstructured":"Banik, S., Bogdanov, A., Regazzoni, F.: Atomic-AES v 2.0. IACR Cryptology ePrint Archive p. 1005 (2016). http:\/\/eprint.iacr.org\/2016\/1005"},{"key":"251_CR4","first-page":"1","volume":"2","author":"S Banik","year":"2018","unstructured":"Banik, S., Mikhalev, V., Armknecht, F., Isobe, T., Meier, W., Bogdanov, A., Watanabe, Y., Regazzoni, F.: Towards low energy stream ciphers. IACR Trans. Symmetr. Cryptol. 2, 1\u201319 (2018)","journal-title":"IACR Trans. Symmetr. Cryptol."},{"key":"251_CR5","doi-asserted-by":"publisher","first-page":"260","DOI":"10.1109\/TC.1982.1675982","volume":"3","author":"RP Brent","year":"1982","unstructured":"Brent, R.P., Kung, H.T.: A regular layout for parallel adders. IEEE Trans. Comput. 3, 260\u2013264 (1982). https:\/\/doi.org\/10.1109\/TC.1982.1675982","journal-title":"IEEE Trans. Comput."},{"key":"251_CR6","doi-asserted-by":"crossref","unstructured":"Canni\u00e8re, C.D., Preneel, B.: Trivium. In: Robshaw, M.J.B., Billet, O. (eds.) The eSTREAM Finalists, Lecture Notes in Computer Science, vol.\u00a04986, pp. 244\u2013266. Springer (2008)","DOI":"10.1007\/978-3-540-68351-3_18"},{"key":"251_CR7","doi-asserted-by":"publisher","first-page":"1","DOI":"10.13154\/tosc.v2019.i3.1-42","volume":"3","author":"P Ekdahl","year":"2019","unstructured":"Ekdahl, P., Johansson, T., Maximov, A., Yang, J.: A new SNOW stream cipher called SNOW-V. IACR Trans. Symmetr. Cryptol. 3, 1\u201342 (2019). https:\/\/doi.org\/10.13154\/tosc.v2019.i3.1-42","journal-title":"IACR Trans. Symmetr. Cryptol."},{"key":"251_CR8","unstructured":"ETSI\/SAGE: Specification of the 3GPP confidentiality and integrity algorithms UEA2 & UIA2, document 2: SNOW 3G specification, version 1.1, 2006. (2006)"},{"key":"251_CR9","doi-asserted-by":"publisher","unstructured":"Jean, J., Moradi, A., Peyrin, T., Sasdrich, P.: Bit-sliding: a generic technique for bit-serial implementations of SPN-based primitives\u2014applications to AES, PRESENT and SKINNY. In: Cryptographic Hardware and Embedded Systems\u2014CHES 2017\u201419th International Conference, Taipei, Taiwan, September 25\u201328, 2017, Proceedings. pp. 687\u2013707 (2017). https:\/\/doi.org\/10.1007\/978-3-319-66787-4_33","DOI":"10.1007\/978-3-319-66787-4_33"},{"key":"251_CR10","doi-asserted-by":"publisher","unstructured":"Kerckhof, S., Durvaux, F., Hocquet, C., Bol, D., Standaert, F.: Towards green cryptography: A comparison of lightweight ciphers from the energy viewpoint. In: Cryptographic Hardware and Embedded Systems - CHES 2012 - 14th International Workshop, Leuven, Belgium, September 9-12, 2012. Proceedings. pp. 390\u2013407 (2012). https:\/\/doi.org\/10.1007\/978-3-642-33027-8_23","DOI":"10.1007\/978-3-642-33027-8_23"},{"key":"251_CR11","doi-asserted-by":"publisher","unstructured":"Kogge, P.M., Stone, H.S.: A parallel algorithm for the efficient solution of a general class of recurrence equations. IEEE Trans. Computers 22(8), 786\u2013793 (1973). https:\/\/doi.org\/10.1109\/TC.1973.5009159, https:\/\/doi.org\/10.1109\/TC.1973.5009159","DOI":"10.1109\/TC.1973.5009159"},{"key":"251_CR12","doi-asserted-by":"publisher","first-page":"84","DOI":"10.13154\/tosc.v2019.i1.84-117","volume":"1","author":"S Li","year":"2019","unstructured":"Li, S., Sun, S., Li, C., Wei, Z., Hu, L.: Constructing low-latency involutory MDS matrices with lightweight circuits. IACR Trans. Symmetr. Cryptol. 1, 84\u2013117 (2019). https:\/\/doi.org\/10.13154\/tosc.v2019.i1.84-117","journal-title":"IACR Trans. Symmetr. Cryptol."},{"key":"251_CR13","unstructured":"Maximov, A.: AES mixcolumn with 92 XOR gates. IACR Cryptology ePrint Archive p. 833 (2019). https:\/\/eprint.iacr.org\/2019\/833"},{"key":"251_CR14","doi-asserted-by":"publisher","first-page":"91","DOI":"10.13154\/tches.v2019.i4.91-125","volume":"4","author":"A Maximov","year":"2019","unstructured":"Maximov, A., Ekdahl, P.: New circuit minimization techniques for smaller and faster AES sboxes. IACR Trans. Cryptogr. Hardw. Embed. Syst. 4, 91\u2013125 (2019). https:\/\/doi.org\/10.13154\/tches.v2019.i4.91-125","journal-title":"IACR Trans. Cryptogr. Hardw. Embed. Syst."}],"container-title":["Journal of Cryptographic Engineering"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s13389-020-00251-6.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s13389-020-00251-6\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s13389-020-00251-6.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,3,15]],"date-time":"2022-03-15T13:41:07Z","timestamp":1647351667000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s13389-020-00251-6"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,12,4]]},"references-count":14,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2022,4]]}},"alternative-id":["251"],"URL":"https:\/\/doi.org\/10.1007\/s13389-020-00251-6","relation":{},"ISSN":["2190-8508","2190-8516"],"issn-type":[{"value":"2190-8508","type":"print"},{"value":"2190-8516","type":"electronic"}],"subject":[],"published":{"date-parts":[[2020,12,4]]},"assertion":[{"value":"7 July 2020","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"17 November 2020","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"4 December 2020","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}}]}}