The article compares the performance and memory requirements of AES-GCM and ChaCha20Poly1305 AED encryption solutions for typical 8/16/32-bit embedded low-end processors in the Internet of Things device with different approaches to providing tolerance to Timing Attacks and Simple Power Analysis Attacks. Particular attention is given to the low-level multiplication implementation in GF(2128) with constant execution time as a key GCM operation, since low-end processors do not have ready instructions for carry-less multiplication. For each AVR/MSP430/ARM Cortex-M3 processor core, a carry-less multiplication with a constant execution time, which is similar in efficiency to algorithms with a non-constant execution time, is proposed.
 Alex Biryukov and Leo Perrin. State of the Art in Lightweight Symmetric Cryptography. Cryptology ePrint Archive, Report 2017/511, 2017.
 Sergey Panasenko and Sergey Smagin. Lightweight Cryptography: Underlying Principles and Approaches. International Journal of Computer Theory and Engineering, Vol. 3, No. 4, August 2011, pp. 516-520. https://doi.org/10.7763/IJCTE.2011.V3.360
 Sovyn Ya., Nakonechny Yu., Opirskyy I., Stakhiv M. Analysis of hardware support of cryptography in Internet of Things-devices // Ukrainian Scientific Journal of Information Security, 2018, vol. 24, issue 1, p. 36-48. https://doi.org/10.18372/2225-5036.24.12491
 Eldewahi A. E. W., Sharfi T. M. H., Mansor A. A., Mohamed N. A. F. and Alwahbani S. M. H. SSL/TLS attacks: Analysis and evaluation. 2015 International Conference on Computing, Control, Networking, Electronics and Embedded Systems Engineering (ICCNEEE), Khartoum, 2015, pp. 203-208. https://doi.org/10.1109/ICCNEEE.2015.7381362
 Schaumont P. Security in the Internet of Things: A challenge of scale. Design, Automation & Test in Europe Conference & Exhibition (DATE), 2017, Lausanne, 2017, pp. 674-679. https://doi.org/10.23919/DATE.2017.7927075
 Yang Y., Wu L., Yin G., Li L. and Zhao H. A Survey on Security and Privacy Issues in Internet-of-Things. IEEE Internet of Things Journal, Vol. 4, No. 5, pp. 1250-1258, Oct., 2017. https://doi.org/10.1109/JIOT.2017.2694844
 Dworkin M. Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) for Confidentiality and Authentication, NIST Special Publication 800-38D, November, 2007. https://doi.org/10.6028/NIST.SP.800-38c
 McGrew D. An interface and algorithms for authenticated encryption. IETF RFC 5116. January, 2008. https://doi.org/10.17487/rfc5116
 Nir Y., Langley A. ChaCha20 and Poly1305 for IETF Protocols. RFC 8439. June 2018. https://doi.org/10.17487/RFC8439
 Langley A., Chang W., Mavrogiannopoulos N., Strombergson J., Josefsson S. ChaCha20-Poly1305 Cipher Suites for Transport Layer Security (TLS). RFC 7905. June 2016. https://doi.org/10.17487/RFC7905
 "CAESAR Competition for Authenticated Encryption: Security, Applicability, and Robustness". 2012.
 Intel Architecture Instruction Set Extensions and Future Features Programming Reference. March, 2018.
 Shay Gueron. Intel Advanced Encryption Standard (AES) New Instructions Set. Intel White Paper, 2012.
 Shay Gueron, Michael E. Kounavis. Intel carry-less multiplication instruction and its usage for computing the GCM mode. Intel White Paper, April, 2014.
 ARM Architecture Reference Manual. ARMv8, for ARMv8-A architecture profile. December, 2017.
 Agner Fog. Instruction tables. Lists of instruction latencies, throughputs and micro-operation breakdowns for Intel, AMD and VIA CPUs. 2018.
 Shay Gueron, Adam Langley, Yehuda Lindell. AES-GCM-SIV Nonce Misuse-Resistant Authenticated Encryption. CFRG Meeting EUROCRYPT 2016, May, 2016. https://doi.org/10.1145/2810103.2813613
 Daemen J. and Rijmen V. The design of Rijndael. Springer-Verlag New York, Inc. Secaucus, NJ, USA, 2002. https://doi.org/10.1007/978-3-662-04722-4
 Conrado P. L. Gouvea, Julio Lopez. High Speed Implementation of Authenticated Encryption for the MSP430X Microcontroller. Progress in Cryptology LATINCRYPT 2012. LNCS, Vol. 7533, pp. 288-304. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-33481-8_16
 "The Cifra Project. A collection of cryptographic primitives targeted at embedded use." https://github.com/ctz/cifra, Feb., 2017.
 F. De Santis, A. Schauer and G. Sigl. ChaCha20-Poly1305 authenticated encryption for high-speed embedded IoT applications. Design, Automation & Test in Europe Conference & Exhibition (DATE), 2017, Lausanne, 2017, pp. 692-697. https://doi.org/10.23919/DATE.2017.7927078
 Atmel Corporation. 8-bit AVR Microcontroller with 8/16K Bytes of ISP Flash and USB Controller. Technical Reference Manual, 2008.
 Texas Instruments. User's Guide. MSP430FR58xx/59xx/68xx, and MSP430FR69xx Family, 2015.
 ARM, "ARM and Thumb-2 Instruction Set", 2016.
 McGrew D. A. and Viega J. The Galois/Counter Mode of Operation (GCM). Submission to NIST, 2005.
 Loup Vaillant. The design of Poly1305, 2017. http://loup-vaillant.fr/tutorials/poly1305-design. https://github.com/floodyberry/poly1305-donna/blob/master/poly1305-donna....