SAECHAM: Secure and Efficient Lightweight Block Cipher CHAM Variant

The addition, rotation, XOR (ARX) structure, which comprises three fundamental operations—Addition, Rotation, and XOR—makes it well-suited for lightweight cryptography. To design a secure and efficient ARX cipher, it is necessary to find the optimal structure by properly combining the order, number of operations, and rotation amounts. CHAM64 is an ARX block cipher with a 64-bit block size, which is proposed as an attempt to enhance the lightweight characteristics of LEA . In this article, we present secure and efficient CHAM (SAECHAM), a variant of CHAM64 with a rearranged order of operations and adjusted rotation amounts. By changing the order of the operations in CHAM64 , six different CHAM -like structures can be created. We propose the properties that can be eliminated in the implementation process depending on the rotation amount in each structure. To improve suitability for constrained environments, such as 8-bit and 16-bit microcontrollers, we reduce the search space for rotation amounts and analyze the number of instructions. Using an SMT solver-based automatic search method, we analyze the security of 62 CHAM64 variants through differential and linear analysis. Among them, we find four variants with equal or better resistance to differential and linear cryptanalysis compared to CHAM64 . As a result, we propose the variant with the fewest instructions among them as SAECHAM . Through software implementations on 8-bit AVR, 16-bit MSP430, 32-bit ARM Cortex-M3 and Cortex-M4 platforms, we demonstrate that SAECHAM is efficient in terms of encryption speed and also performs efficiently when implemented using SIMD operations in high-performance CPUs.