Compact implementations of Grøstl, JH and Skein for FPGAs
|
|
- Rodger Dennis
- 5 years ago
- Views:
Transcription
1 Compact implementations of Grøstl, JH and Skein for FPGAs Bernhard Jungk Hochschule RheinMain University of Applied Sciences Wiesbaden Rüsselsheim Geisenheim Abstract. This work is motivated by future developments of mass markets, where cryptographic infrastructures will become more and more important. One core component of such an infrastructure is a secure cryptographic hash function, which is used for a lot of applications like challenge-response authentication systems or digital signature schemes. Low budget impelementations of such components are therefore very important. In particular, the National Institute of Standards and Technology (NIST) has started a competition for a new secure hash algorithm (SHA-3). New hash functions should outperform older hash functions and thus we study the performance of some of the candidates. A significant comparison between the submitted candidates is only possible, if third party implementations of all proposed hash functions are provided. Of the submitted candidates, we implemented Grøstl, JH and Skein. Our focus on low budget cryptographic solutions makes it natural to investigate possible optimizations for area efficient implementations, and to neglect pure high-throughput considerations. Our results show, that - while all investigated candidates are quite large compared to a compact AES implementation - it is possible to implement all candidates reasonably small. In our evaluation JH is by far the most compact implementation, whereas Skein is the largest one. Our Grøstl implementation on the other hand is smaller than Skein and much faster than both other candidates and easily beats them in the throughput-area ratio by a factor of four. Key words: Cryptography, Hash Function, SHA-3, Compact Implementation, FPGA 1 Introduction The National Institute of Standards and Technology (NIST) has started a competition for a completely new hash function, very similar to the past AES competition (cf. [12]), to overcome the security problems and speculations about the SHA-1 (cf. [21]) and the SHA-2 family (e.g. [18,9])
2 of hash functions. Similar to the former AES effort, the rules of this competition require third party software and hardware implementations of all proposed candidates to evaluate the overall performance and resource requirements. In the present paper, the focus lies on implementations of the SHA-3 candidates Grøstl (cf. [7]), JH (cf. [22]) and Skein (cf. [6]). The Grøstl hash function borrows many ideas from the Rijndael/AES algorithm (cf. [17]), whereas the other algorithms are brand new. For some applications, FPGA implementations of cryptographic primitives provide better performance at lower cost compared to software implementations or are more flexible as custom ASIC chips. Especially low-end and slow embedded platforms for the mass market demand low cost solutions, therefore one main goal of the present work are compact implementations. Three FPGA-based implementations were developed and evaluated to explore the possible throughput-area trade-off of the different candidates. Most of the applied optimizations are of architectural nature, reducing the number of LUTs by arranging the necessary registers, RAMs and logic or by pipelining. However, the main optimization technique is the reduction of parallelism. To our best knowledge, this work reports the smallest implementations computing 256 bit hash digests, available that include padding. Grøstl needs 470 slices on a Virtex-5, JH needs 205 and Skein 555. The throughput of Grøstl (1132 MBit/s) is much higher than the throughput of Skein (237 MBit/s) and JH (27 MBit/s). Therefore, the throughput-area ratio is clearly dominated by Grøstl. 2 Previous work To our best knowledge no compact FPGA implementations of Grøstl, JH and Skein exist, except the results for Grøstl ([11]). Other teams often investigated either ASIC oder FPGA implementations for high-throughput applications (e.g. [19,20,2,8] and [14]). Nevertheless, some ideas of these papers are applicable to the present work, too. For example, the throughput of the serialized and hence smaller versions of Grøstl can be very similar to a fully parallel design, if the compression function is pipelined. The Grøstl hash function benefits from its similarity to the AES cipher, because some of the optimizations applied to AES (e.g. [4,3,5,16,15]) can be adapted to Grøstl. Good examples are the ideas for a compact AES implementation described in [5]. Especially the iterative design of this
3 implementation can be applied to Grøstl after some modifications. Other examples are AES S-box optimizations (e.g. [3]). For JH and Skein little previous work exists and therefore the work on the present compact implementations has to be investigated basically from scratch. One known actually non-optimization on most FPGA platforms are carry look-ahead adders, because they are actually often slower then the ripple-carry adder designs on FPGAs (cf. [24]). 3 Hardware Interface One important aspect of hardware architectures is the interface. Especially for compact implementations, the interface may have a major impact on the overall area. Thus not all comparisons of hardware implementations are meaningful, if the interface differs. The implemented interface is compliant to the Fast Simplex Link (FSL) specification (cf. [23]). The FSL is a popular method to connect IP cores to microprocessors, e.g. the Xilinx Microblaze softcore processor. The FSL interface is a generic 32 bit wide unidirectional link with an optional FIFO and optional clocks on the master and slave side, which then may be asynchronous. Two synchronous links form the complete bidirectional interface of our Grøstl implementations (see Tab. 1). The incoming link (slave) is utilized to transfer the input to the hash function in the following manner: Each input message block, consisting of 512 bits, is sent through the 32 bit wide interface. The length of the message block is transfered as a 9 bit vector for 256 bit hash digests. Signal Name I/O Description FSL Clk I FSL Clock for synchronous FIFO mode FSL Rst I Peripheral reset FSL M Data O Master input data (32 bits) FSL M Write O Master writes data to the FIFO FSL M Full I Master FIFO is full FSL S Data I Slave output data (32 bits) FSL S Read O Slave reads data from the FIFO FSL S Exists I Data exists in the slave FIFO FSL S Control O Control signal Tab. 1: Relevant parts of the FSL interface without the support for an asynchronous FIFO.
4 If necessary, the message block has to be filled with zeros to be of the correct length. The output is handled analogous using the outgoing link (master) without sending the accompanying length information, because the length is fixed. For the area and speed measurements, the FSL implementation, consisting of two FIFOs, is not included, because the implementation details are configurable and thus they vary, depending on the requirements of the application. 4 Implementations 4.1 Grøstl Most of the area savings can be achieved, when the parallelism is limited, by reducing the data path width. The general idea is to decompose the computation of a complete round into eight smaller parts. Thus only one eighth of the original S-boxes and MixBytes calculations are required for the 256 bit Grøstl variant, at the expense of an eightfold increase of clock cycles necessary for the computation of the complete compression function. The implementation consists of three main details: Usage of distributed RAM. An implicit ShiftBytes transformation. Pipelining of the round transformation. We can use LUTs configured as 16/32 bit deep and 32 bit wide distributed RAM instead of flip-flops, because the complete 512/1024 bit state is never required in one clock cycle. For the Grøstl hash function, two memories are necessary, one for each permutation P and Q. Both RAMs consist of Fig. 1: Compact implementation of Grøstl.
5 Fig. 2: Pipelined Grøstl compression function. eight individual RAMs representing the rows of the state matrix (Fig. 1). The usage of the distributed RAM makes it possible to implement the ShiftBytes sub-transformation implicitly, by calculating appropriate read addresses. The last important part of the optimization is the pipelining of the Grøstl round transformation. In addition to the speed-up, we gain additional area savings. This is only possible, if we add enough pipeline stages, to store the complete internal state in the pipeline, before the first part of the computation is completed. Then, we may read and write to the same addresses in the distributed RAM in each Grøstl round, which otherwise would not be possible and thus would require an additional round counter as offset to the read and write addresses (cf. [10]). The optimization is similar to the one proposed for AES in [5]. The main difference is the removal of the second memory necessary for the proposed AES implementation, which results in a significant additional area reduction for Grøstl due to its large internal state. An additional RAM of the same size is needed for the storage of the intermediate output h of the compression function, which is very similar to the other memories. Pipelining significantly increases the throughput and reduces the area, compared to the earlier implementation (cf. [10]). The most obvious place to introduce a pipeline is the compression function (Fig. 2). The best number of additional pipeline steps is 8 for the 256 bit implementation (16 for the larger variant). This choice follows from the decomposition of the complete Grøstl state in eight sub-states and the interleaving of the P and Q instances. The optimization of the S-box is based on finite field arithmetic, which is used to calculate each value on-the-fly instead of the usage of a lookup
6 table. The basic idea is a change of the representation of each finite field element to a computationally more efficient one (cf. [3]). This change works, because all finite fields with the same cardinality are isomorphic (cf. [13], Theorem 2.5). The performance of this architecture is quite good, because only 160 clock cycles are needed for a complete computation of the compression function (8 clock cycles per round for P and Q, 10 rounds and thus = 160). 4.2 JH The architecture of JH can be similarly decomposed (Fig. 3), to allow for a very compact implementation. However, since the JH round function is much smaller than the Grøstl implementation, the pipelining to achieve a high clock frequency is not needed. Unfortunately, due to the high number of rounds, the absolute throughput of a JH implementation with an 8 bit wide data bus is quite low. The JH architecture works as follows. The padded message block is copied into the input RAM, which is used for the grouping of bits required by JH. In the first round this input is copied to a temporary RAM, which allows the implementation to load new data, while the compression function is still running. Furthermore the input is injected into the execution of the compression function (XOR) in the first round. Fig. 3: The JH architecture.
7 Fig. 4: The compact core of the JH implementation. The core of the compression function transforms one constant and four bytes of the state ram alternately, such that the constants needed by the S-boxes are input to the core and stored by it right before they are used. The output of the JH core is written to either the constants RAM, the state RAM, or the output RAM. The output RAM takes care of the degrouping. The core itself (Fig. 4) consists of two S-boxes and a linear transformation. The permutation is achieved by writing to the state RAM according to the specification of the permutation. For the S-boxes and the linear transformation, we used the Boolean expressions presented in [22]. The construction needs at least 6400 clock cycles to compute the compression function completely (128 bytes state, 32 bytes constants and 40 rounds, thus ( ) 40 = 6400), and is therefore very slow compared to the Grøstl implementation. 4.3 Skein The overall architecture of the Skein implementation (Fig. 5) is much like the other two architectures. Like it was for Grøstl, a natural internal data width is 64 bit, because of the usage of 64 bit parts of its internal state. The computation of the round function works as follows. First the message block is copied in 64 bit blocks to the state RAM. Then the input is copied to a temporary RAM on the one hand and used as the input to the Skein core on the other hand. The Skein core computes exactly one round, including the key injection every fourth round. In all rounds, except for the last key injection, the
8 Fig. 5: The Skein architecture. output of the core is copied back to the state RAM. The last key injection is special, because there is actually an odd number of key injections, whereas the number of rounds in Skein is even. Thus we add an artificial 73th round, which does nothing but injecting the key. After this very last round, the saved message from the temporary RAM is added (XORed) to the output of the core and fed into the key schedule. The Skein round function itself consists of three 64 bit adders, rotation and XOR (Fig. 6). The logic delay of the 64 bit adders combined with the required barrel shifter is high, therefore it is necessary to boost the clock frequency by pipelining. Unfortunately, the permutation required by the Skein specification complicates this endeavor, leading to a complicated pipeline structure. Fig. 6: Pipelining the Skein round function.
9 Strictly speaking, the core consists of two pipelines, each of different depth. The 64 bit adders are cut in half, by using 32 bit adders and a pipeline step. This way, we need only three 32 bit adders. Furthermore the barrel shifter is implemented in the longer pipeline, thus reducing the logic delay of the shifting as much as possible in this design. The optimal pipeline depth would be 8 cycles. However, the permutation in the round computation would require to insert wait cycles. As far as we know, the current pipelining is the best possible one in the current architecture. The performance of this design is dominated by the large number of rounds required. Overall the architecture requires 584 clock cycles for one execution of the compression function (72 rounds + 1 extra round for the key injection and 8 clock cycles for each round, thus 73 8 = 584). 5 Evaluation We have implemented compact designs of Grøstl, JH and Skein and generated post place and route results for Virtex-5 FPGAs. The numbers of the throughput, tp, and the throughput-area ratio, tp-area are calculated by the following formula, where p is the clock period, b is the block size, cycles is the number of clock cycles for the round transformation and area is the number of used slices. b tp = p cycles tp-area = tp area The three implementations give very different post place and route results (Tab. 2). The Grøstl implementation has the highest throughput and uses less slices than Skein, which makes it the winner in two categories, namely absolute throughput and the throughput-area ratio. The winner in the area category is JH, which consumes much less area than Grøstl. The main cause for the large differences in the throughput is caused by the high number of rounds in JH and Skein compared to Grøstl. A possible countermeasure would be to unroll parts of the design and introduce longer pipelines, but obvious unrolling is inhibited by the permutation layers in the round transformations of JH and Skein. Therefore, the throughput difference will probably always remain quite large. Another important aspect is a comparison with existing work. We are not aware of any other compact implementations of Grøstl, JH and
10 Algorithm Data path Slices BRAM MHz MBit/s MBit/s/Slice Grøstl JH Skein Tab. 2: Implementation results for Virtex-5 FPGAs. Algorithm Digest Slices BRAM MHz MBit/s MBit/s/Slice Grøstl [7] n/a JH [8] n/a Skein [8] n/a Tab. 3: Third party results for Virtex-5 FPGAs. Skein, therefore we can only compare our results to high-throughput implementations. Tab. 3 shows the results with the highest throughput as shown on the SHA-3 Zoo hardware page [1]. Another problem with this comparison is their omission of the padding function and the usage of block ram in some implementations. Thus, a comparison is very rough. Nonetheless, the numbers are interesting in certain aspects. For example, it s interesting to see, that the throughput-area ratio of JH drops really bad. This points to the conclusion, that the 8 bit data path was a sub-optimal choice and that the additional control logic and multiplexers are competing with the area savings achieved by the reduction of the parallelism. 6 Conclusion and Further Work The present paper focuses on FPGA implementations of the SHA-3 candidates Grøstl, JH and Skein. One optimized implementation of each candidate was evaluated. The performance of Grøstl is considered the best, because the throughput-area ratio is much higher than that of JH or Skein. Additionally the area of Grøstl could be further reduced using a reduced data path width (8 bit) and thus Grøstl would compete with JH regarding the absolute required area, which is currently the winner in this area. Probably, the JH and Skein implementations could be improved, too, but it seems unlikely, that they will ever beat Grøstl. The further work of the author will concentrate on compact implementations of BLAKE and Keccak, which were not yet implemented due to time constraints.
11 References 1. SHA-3 Zoo: Hardware Implementations (2011), Hardware Implementations 2. Baldwin, B., Hanley, N., Hamilton, M., Lu, L., Byrne, A., O Neill, M., Marnane, W.: FPGA Implementations of the Round Two SHA-3 Candidates. The second SHA-3 Candidate Conference (2010) 3. Canright, D.: A Very Compact S-Box for AES. In: Proceedings of 7th International Workshop on Cryptographic Hardware and Embedded Systems (CHES). pp Springer-Verlag (2005) 4. Canright, D., Osvik, D.A.: A More Compact AES. Selected Areas in Cryptography: 16th Annual International Workshop, SAC 2009, Calgary, Alberta, Canada, August 13-14, 2009, Revised Selected Papers pp (2009) 5. Chodowiec, P., Gaj, K.: Very compact FPGA implementation of the AES algorithm. In: Proceedings of 5th International Workshop on Cryptographic Hardware and Embedded Systems (CHES). pp Springer-Verlag (2003) 6. Ferguson, N., Lucks, S., Schneier, B., Whiting, D., Bellare, M., Kohno, T., Callas, J., Walker, J.: The Skein Hash Function Family. Submission to NIST (Round 3) (2010), 7. Gauravaram, P., Knudsen, L.R., Matusiewicz, K., Mendel, F., Rechberger, C., Schläffer, M., Thomsen, S.S.: Grøstl a SHA-3 candidate. Submission to NIST (2008), 8. Homsirikamol, E., Rogawski, M., Gaj, K.: Comparing Hardware Performance of Fourteen Round Two SHA-3 Candidates Using FPGAs. Cryptology eprint Archive, Report 2010/445 (2010) 9. Isobe, T., Shibutani, K.: Preimage attacks on reduced Tiger and SHA-2. In: Fast Software Encryption. Lecture notes in computer science, vol Springer (2009) 10. Jungk, B., Reith, S.: On FPGA-based implementations of Grøstl. Cryptology eprint Archive, Report 2010/260 (2010) 11. Jungk, B., Reith, S.: On FPGA-Based Implementations of the SHA-3 Candidate Grostl. International Conference on Reconfigurable Computing and FPGAs 2011 pp (2010) 12. Kayser, R.F.: Announcing Request for Candidate Algorithm Nominations for a New Cryptographic Hash Algorithm (SHA-3) Family. In: Federal Register, vol. 72, pp National Institute of Standards and Technology (November 2007) 13. Lidl, R., Niederreiter, H.: Finite Fields (Encyclopedia of Mathematics and its Applications). Cambridge University Press (1996) 14. Matsuo, S., Knežević, M., Schaumont, P., Verbauwhede, I., Satoh, A., Sakiyama, K., Ota, K.: How Can We Conduct Fair and Consistent Hardware Evaluation for SHA-3 Candidate? The second SHA-3 Candidate Conference (2010) 15. McLoone, M., McCanny, J.: High Performance Single-Chip FPGA Rijndael Algorithm Implementations. In: Proceedings of 3rd International Workshop on Cryptographic Hardware and Embedded Systems (CHES). pp Springer-Verlag, London, UK (2001) 16. Pramstaller, N., Mangard, S., Dominikus, S., Wolkerstorfer, J.: Efficient AES Implementations on ASICs and FPGAs. In: Advanced Encryption Standard AES, pp Springer-Verlag (2005) 17. Rijmen, V., Daemen, J.: The Design of Rijndael. Springer (2002) 18. Sanadhya, S., Sarkar, P.: New collision attacks against up to 24-step SHA-2. In: Progress in Cryptology-INDOCRYPT. Lecture notes in computer science, vol Springer (2008)
12 19. Tillich, S., Feldhofer, M., Issovits, W., Kern, T., Kureck, H., Mühlberghuber, M., Neubauer, G., Reiter, A., Köfler, A., Mayrhofer, M.: Compact Hardware Implementations of the SHA-3 Candidates ARIRANG, BLAKE, Grøstl, and Skein. Cryptology eprint Archive, Report 2009/349 (2009) 20. Tillich, S., Feldhofer, M., Kirschbaum, M., Plos, T., Schmidt, J.M., Szekely, A.: High-Speed Hardware Implementations of BLAKE, Blue Midnight Wish, CubeHash, ECHO, Fugue, Grøstl, Hamsi, JH, Keccak, Luffa, Shabal, SHAvite-3, SIMD, and Skein. Cryptology eprint Archive, Report 2009/510 (2009) 21. Wang, X., Yin, Y.L., Yu, H.: Finding Collisions in the Full SHA-1. In: Proceedings of Crypto. Lecture notes in computer science, vol. 3621, pp Springer (2005) 22. Wu, H.: The Hash Function JH. Submission to NIST (round 3) (2011), round3.pdf 23. Xilinx: LogiCORE IP Fast Simplex Link (FSL) V20 Bus (v2.11c) (2010) 24. Xing, S., h. Yu, W.W.: FPGA Adders: Performance Evaluation and Optimal Design. IEEE Des. Test 15, (1998)
On Optimized FPGA Implementations of the SHA-3 Candidate Grøstl
On Optimized FPGA Implementations of the SHA-3 Candidate Grøstl Bernhard Jungk, Steffen Reith, and Jürgen Apfelbeck Fachhochschule Wiesbaden University of Applied Sciences {jungk reith}@informatik.fh-wiesbaden.de
More informationGroestl Tweaks and their Effect on FPGA Results
Groestl Tweaks and their Effect on FPGA Results Marcin Rogawski and Kris Gaj George Mason University {kgaj, mrogawsk}@gmu.edu Abstract. In January 2011, Groestl team published tweaks to their specification
More informationEvaluation of Hardware Performance for the SHA-3 Candidates Using SASEBO-GII
Evaluation of Hardware Performance for the SHA-3 Candidates Using SASEBO-GII Kazuyuki Kobayashi 1, Jun Ikegami 1, Shin ichiro Matsuo 2, Kazuo Sakiyama 1 and Kazuo Ohta 1 1 The University of Electro-Communications,
More informationHardware Performance Evaluation of SHA-3 Candidate Algorithms
Journal of Information Security, 2012, 3, 69-76 http://dx.doi.org/10.4236/jis.2012.32008 Published Online April 2012 (http://www.scirp.org/journal/jis) Hardware Performance Evaluation of SHA-3 Candidate
More informationLightweight Implementations of SHA-3 Candidates on FPGAs
Lightweight of SHA-3 Candidates on FPGAs Jens-Peter Kaps Panasayya Yalla Kishore Kumar Surapathi Bilal Habib Susheel Vadlamudi Smriti Gurung John Pham Cryptographic Engineering Research Group (CERG) http://cryptography.gmu.edu
More informationVivado HLS Implementation of Round-2 SHA-3 Candidates
Farnoud Farahmand ECE 646 Fall 2015 Vivado HLS Implementation of Round-2 SHA-3 Candidates Introduction NIST announced a public competition on November 2007 to develop a new cryptographic hash algorithm,
More informationThe SHA-3 Process. Keccak & SHA-3 day Brussels, 27 March 2013
The SHA-3 Process Keccak & SHA-3 day Brussels, 27 March 2013 Timeline 05 06 07 08 09 10 11 12 13 Summer 2005: Attacks on MD5, RIPEMD, SHA-0, SHA-1 The Wang effect Before 2005 MD4 (Dobbertin) MD5 (Boss.,
More informationTwo Hardware Designs of BLAKE-256 Based on Final Round Tweak
Two Hardware Designs of BLAKE-256 Based on Final Round Tweak Muh Syafiq Irsyadi and Shuichi Ichikawa Dept. Knowledge-based Information Engineering Toyohashi University of Technology, Hibarigaoka, Tempaku,
More informationLow-Area Implementations of SHA-3 Candidates
Jens-Peter Cryptographic Engineering Research Group (CERG) http://cryptography.gmu.edu Department of ECE, Volgenau School of IT&E, George Mason University, Fairfax, VA, USA SHA-3 Project Review Meeting
More informationCompact FPGA Implementations of the Five SHA-3 Finalists
Compact FPGA Implementations of the Five SHA-3 Finalists Stéphanie Kerckhof 1,François Durvaux 1, Nicolas Veyrat-Charvillon 1, Francesco Regazzoni 1, Guerric Meurice de Dormale 2,andFrançois-Xavier Standaert
More informationJaap van Ginkel Security of Systems and Networks
Jaap van Ginkel Security of Systems and Networks November 17, 2016 Part 3 Modern Crypto SSN Modern Cryptography Hashes MD5 SHA Secret key cryptography AES Public key cryptography DES Presentations Minimum
More informationPushing the Limits of SHA-3 Hardware Implementations to Fit on RFID
Motivation Keccak Our Designs Results Comparison Conclusions 1 / 24 Pushing the Limits of SHA-3 Hardware Implementations to Fit on RFID Peter Pessl and Michael Hutter Motivation Keccak Our Designs Results
More informationEnvironment for Fair and Comprehensive Performance Evalua7on of Cryptographic Hardware and So=ware. ASIC Status Update
Environment for Fair and Comprehensive Performance Evalua7on of Cryptographic Hardware and So=ware ASIC Status Update ECE Department, Virginia Tech Faculty - Patrick Schaumont, Leyla Nazhandali Students
More informationA Zynq-based Testbed for the Experimental Benchmarking of Algorithms Competing in Cryptographic Contests
A Zynq-based Testbed for the Experimental Benchmarking of Algorithms Competing in Cryptographic Contests Farnoud Farahmand, Ekawat Homsirikamol, and Kris Gaj George Mason University Fairfax, Virginia 22030
More informationSHA3 Core Specification. Author: Homer Hsing
SHA3 Core Specification Author: Homer Hsing homer.hsing@gmail.com Rev. 0.1 January 29, 2013 This page has been intentionally left blank. www.opencores.org Rev 0.1 ii Rev. Date Author Description 0.1 01/29/2013
More informationDesign of an Efficient Architecture for Advanced Encryption Standard Algorithm Using Systolic Structures
Design of an Efficient Architecture for Advanced Encryption Standard Algorithm Using Systolic Structures 1 Suresh Sharma, 2 T S B Sudarshan 1 Student, Computer Science & Engineering, IIT, Khragpur 2 Assistant
More informationVersion 2.0, November 11, Stefan Tillich, Martin Feldhofer, Mario Kirschbaum, Thomas Plos, Jörn-Marc Schmidt, and Alexander Szekely
High-Speed Hardware Implementations of BLAKE, Blue Midnight Wish, CubeHash, ECHO, Fugue, Grøstl, Hamsi, JH, Keccak, Luffa, Shabal, SHAvite-3, SIMD, and Skein Version 2.0, November 11, 2009 Stefan Tillich,
More informationUse of Embedded FPGA Resources in Implementa:ons of 14 Round 2 SHA- 3 Candidates
Use of Embedded FPGA Resources in Implementa:ons of 14 Round 2 SHA- 3 Candidates Kris Gaj, Rabia Shahid, Malik Umar Sharif, and Marcin Rogawski George Mason University U.S.A. Co-Authors Rabia Shahid Malik
More informationUse of Embedded FPGA Resources in Implementations of Five Round Three SHA-3 Candidates
Use of Embedded FPGA Resources in Implementations of Five Round Three SHA-3 Candidates Malik Umar Sharif, Rabia Shahid, Marcin Rogawski, Kris Gaj Abstract In this paper, we present results of the comprehensive
More informationEfficient Hardware Implementations of High Throughput SHA-3 Candidates Keccak, Luffa and Blue Midnight Wish for Single- and Multi-Message Hashing
Efficient Hardware Implementations of High Throughput SHA-3 Candidates Keccak, Luffa and Blue Midnight Wish for Single- and Multi-Message Hashing Abdulkadir Akın, Aydın Aysu, Onur Can Ulusel, and Erkay
More informationA Low-Area yet Performant FPGA Implementation of Shabal
A Low-Area yet Performant FPGA Implementation of Shabal Jérémie Detrey, Pierrick Gaudry, and Karim Khalfallah 2 CARAMEL project-team, LORIA, INRIA / CNRS / Nancy Université, Campus Scientifique, BP 239,
More informationA Lightweight Implementation of Keccak Hash Function for Radio-Frequency Identification Applications
A Lightweight Implementation of Keccak Hash Function for Radio-Frequency Identification Applications Elif Bilge Kavun and Tolga Yalcin Department of Cryptography Institute of Applied Mathematics, METU
More informationSHA-3 interoperability
SHA-3 interoperability Daniel J. Bernstein Department of Computer Science (MC 152) The University of Illinois at Chicago Chicago, IL 60607 7053 djb@cr.yp.to 1 Introduction: You thought software upgrades
More informationCryptography. Summer Term 2010
Summer Term 2010 Chapter 2: Hash Functions Contents Definition and basic properties Basic design principles and SHA-1 The SHA-3 competition 2 Contents Definition and basic properties Basic design principles
More informationA High-Speed Unified Hardware Architecture for AES and the SHA-3 Candidate Grøstl
A High-Speed Unified Hardware Architecture for AES and the SHA-3 Candidate Grøstl Marcin Rogawski Kris Gaj Cryptographic Engineering Research Group (CERG) http://cryptography.gmu.edu Department of ECE,
More informationFPGA Implementations of SHA-3 Candidates: CubeHash, Grøstl, LANE, Shabal and Spectral Hash
FPGA Implementations of SHA-3 Candidates: CubeHash, Grøstl, LANE, Shabal and Spectral Hash Brian Baldwin, Andrew Byrne, Mark Hamilton, Neil Hanley, Robert P. McEvoy, Weibo Pan and William P. Marnane Claude
More informationSide-channel Analysis of Grøstl and Skein
2012 IEEE IEEE Symposium CS Security on Security and Privacy and Workshops Privacy Workshops Side-channel Analysis of Grøstl and Skein Christina Boura, Sylvain Lévêque, David Vigilant Gemalto 6 rue de
More informationFair and Comprehensive Methodology for Comparing Hardware Performance of Fourteen Round Two SHA-3 Candidates using FPGAs
Fair and Comprehensive Methodology for Comparing Hardware Performance of Fourteen Round Two SHA-3 Candidates using FPGAs Kris Gaj, Ekawat Homsirikamol, and Marcin Rogawski ECE Department, George Mason
More informationWinter 2011 Josh Benaloh Brian LaMacchia
Winter 2011 Josh Benaloh Brian LaMacchia Symmetric Cryptography January 20, 2011 Practical Aspects of Modern Cryptography 2 Agenda Symmetric key ciphers Stream ciphers Block ciphers Cryptographic hash
More informationSkein. John Kevin Hicks
Skein John Kevin Hicks 2 Outline Introduction Skein Overview Threefish Block Cipher Unique Block Iteration Optional Argument System Skein Performance Security Claims and Current Cryptanalysis Conclusions
More informationOn the parallelization of slice-based Keccak implementations on Xilinx FPGAs
On the parallelization of slice-based Keccak implementations on Xilinx FPGAs Jori Winderickx, Joan Daemen and Nele Mentens KU Leuven, ESAT/COSIC & iminds, Leuven, Belgium STMicroelectronics Belgium & Radboud
More informationCONSIDERATIONS ON HARDWARE IMPLEMENTATIONS OF ENCRYPTION ALGORITHMS
CONSIDERATIONS ON HARDWARE IMPLEMENTATIONS OF ENCRYPTION ALGORITHMS Ioan Mang University of Oradea, Faculty of Electrotechnics and Informatics, Computer Science Department, 3, Armatei Romane Str., 3700
More informationImplementation & Benchmarking of Padding Units & HMAC for SHA-3 candidates in FPGAs & ASICs
Implementation & Benchmarking of Padding Units & HMAC for SHA-3 candidates in FPGAs & ASICs Ambarish Vyas Cryptographic Engineering Research Group (CERG) http://cryptography.gmu.edu Department of ECE,
More informationCryptographic Hash Functions
Cryptographic Hash Functions Çetin Kaya Koç koc@cs.ucsb.edu Çetin Kaya Koç http://koclab.org Winter 2017 1 / 34 Cryptographic Hash Functions A hash function provides message integrity and authentication
More informationJaap van Ginkel Security of Systems and Networks
Jaap van Ginkel Security of Systems and Networks November 5, 2012 Part 3 Modern Crypto SSN Week 2 Hashes MD5 SHA Secret key cryptography AES Public key cryptography DES Book Chapter 1 in full Chapter 2
More informationA j-lanes tree hashing mode and j-lanes SHA-256
A j-lanes tree hashing mode and j-lanes SHA-5 Shay Gueron 1, 1 Department of Mathematics, University of Haifa, Israel Intel Corporation, Israel Development Center, Haifa, Israel August 1, Abstract. j-lanes
More informationSharing Resources Between AES and the SHA-3 Second Round Candidates Fugue and Grøstl
Sharing Resources Between AES and the SHA-3 Second Round Candidates Fugue and Grøstl Kimmo Järvinen Department of Information and Computer Science Aalto University, School of Science and Technology Espoo,
More informationLightweight Implementations of SHA-3 Candidates on FPGAs
Lightweight Implementations of SHA-3 Candidates on FPGAs Jens-Peter Kaps, Panasayya Yalla, Kishore Kumar Surapathi, Bilal Habib, Susheel Vadlamudi, Smriti Gurung, and John Pham ECE Department, George Mason
More informationCS-E4320 Cryptography and Data Security Lecture 5: Hash Functions
Lecture 5: Hash Functions Céline Blondeau Email: celine.blondeau@aalto.fi Department of Computer Science Aalto University, School of Science Hash Functions Birthday Paradox Design of Hash Functions SHA-3
More informationImplementation and Comparative Analysis of AES as a Stream Cipher
Implementation and Comparative Analysis of AES as a Stream Cipher Bin ZHOU, Yingning Peng Dept. of Electronic Engineering, Tsinghua University, Beijing, China, 100084 e-mail: zhoubin06@mails.tsinghua.edu.cn
More informationHardware Implementations of the Round-Two SHA-3 Candidates: Comparison on a Common Ground
Hardware Implementations of the Round-Two SHA-3 Candidates: Comparison on a Common Ground Stefan Tillich 1 2, Martin Feldhofer 1, Mario Kirschbaum 1, Thomas Plos 1, Jörn-Marc Schmidt 1, Alexander Szekely
More informationCompact Hardware Implementations of ChaCha, BLAKE, Threefish, and Skein on FPGA
Compact Hardware Implementations of ChaCha, BLAKE, Threefish, and Skein on FPGA Nuray At, Jean-Luc Beuchat, Eiji Okamoto, İsmail San, and Teppei Yamazaki Department of Electrical and Electronics Engineering,
More informationProtection of the digital Holy Quran Using SAB hash function
Protection of the digital Holy Quran Using SAB hash function Mohammad A. Ahmad1,a, Dr. Imad Fakhri Alshaikhli1,b, 1 Department of Computer Science, International Islamic University of Malaysia, 53100 Jalan
More informationNIST SHA-3 ASIC Datasheet
NIST SHA-3 ASIC Datasheet -- NIST SHA-3 Competition Five Finalists on a Chip (Version 1.1) Technology: IBM MOSIS 0.13µm CMR8SF-RVT Standard-Cell Library: ARM s Artisan SAGE-X V2.0 Area: 5mm 2 (Core: 1.656mm
More informationFPGA Implementation of High Speed AES Algorithm for Improving The System Computing Speed
FPGA Implementation of High Speed AES Algorithm for Improving The System Computing Speed Vijaya Kumar. B.1 #1, T. Thammi Reddy.2 #2 #1. Dept of Electronics and Communication, G.P.R.Engineering College,
More informationAES as A Stream Cipher
> AES as A Stream Cipher < AES as A Stream Cipher Bin ZHOU, Kris Gaj, Department of ECE, George Mason University Abstract This paper presents implementation of advanced encryption standard (AES) as a stream
More informationCompact Implementation of Threefish and Skein on FPGA
Compact Implementation of Threefish and Skein on FPGA Nuray At, Jean-Luc Beuchat, and İsmail San Department of Electrical and Electronics Engineering, Anadolu University, Eskişehir, Turkey Email: {nat,
More informationEfficient Hardware Realization of Advanced Encryption Standard Algorithm using Virtex-5 FPGA
IJCSNS International Journal of Computer Science and Network Security, VOL.9 No.9, September 2009 59 Efficient Hardware Realization of Advanced Encryption Standard Algorithm using Virtex-5 FPGA Muhammad
More informationSecurity Applications
1. Introduction Security Applications Abhyudaya Chodisetti Paul Wang Lee Garrett Smith Cryptography applications generally involve a large amount of processing. Thus, there is the possibility that these
More informationHigh Performance Single-Chip FPGA Rijndael Algorithm Implementations
High Performance Single-Chip FPGA Rijndael Algorithm Implementations Máire McLoone and J.V McCanny DSiP TM Laboratories, School of Electrical and Electronic Engineering, The Queen s University of Belfast,
More informationCompact Hardware Implementations of the SHA-3 Candidates ARIRANG, BLAKE, Grøstl, and Skein
Compact Hardware Implementations of the HA-3 Candidates ARIRANG, BLAKE, Grøstl, and kein tefan Tillich, Martin Feldhofer, Wolfgang Issovits, Thomas Kern, Hermann Kureck, Michael Mühlberghuber, Georg Neubauer,
More informationIntroduction to Cryptology. Lecture 17
Introduction to Cryptology Lecture 17 Announcements HW7 due Thursday 4/7 Looking ahead: Practical constructions of CRHF Start Number Theory background Agenda Last time SPN (6.2) This time Feistel Networks
More informationUse of Embedded FPGA Resources in Implementations of Five Round Three SHA-3 Candidates
Use of Embedded FPGA Resources in Implementations of Five Round Three SHA-3 Candidates Malik Umar Sharif, Rabia Shahid, Marcin Rogawski and Kris Gaj George Mason University, USA Agenda SHA-3 High Speed
More informationLow area implementation of AES ECB on FPGA
Total AddRoundkey_3 MixCollumns AddRoundkey_ ShiftRows SubBytes 1 Low area implementation of AES ECB on FPGA Abstract This project aimed to create a low area implementation of the Rajindael cipher (AES)
More informationThe Grindahl hash functions
The Grindahl hash functions Søren S. Thomsen joint work with Lars R. Knudsen Christian Rechberger Fast Software Encryption March 26 28, 2007 Luxembourg 1/ 17 1 Introduction 2 Grindahl 3 Design considerations
More informationIMPLEMENTATION OF BLAKE ALGORITHM USING PIPELINING IN FPGA
International Journal Innovations in Scientific and IMPLEMENTATION OF BLAKE ALGORITHM USING PIPELINING IN FPGA 1 M.Jothi Kumar, 2 Chitravalavan 1 Research Scholar, Department Applied Electronics, A.V.C.
More informationAES Core Specification. Author: Homer Hsing
AES Core Specification Author: Homer Hsing homer.hsing@gmail.com Rev. 0.1.1 October 30, 2012 This page has been intentionally left blank. www.opencores.org Rev 0.1.1 ii Revision History Rev. Date Author
More informationVortex: A New Family of One-way Hash Functions Based on AES Rounds and Carry-less Multiplication
Vortex: A New Family of One-way Hash Functions Based on AES Rounds and Carry-less ultiplication Shay Gueron 2, 3, 4 and ichael E. Kounavis 1 1 Corresponding author, Corporate Technology Group, Intel Corporation,
More informationA Novel FPGA Implementation of AES-128 using Reduced Residue of Prime Numbers based S-Box
IJCSNS International Journal of Computer Science and Network Security, VOL.9 No.9, September 2009 305 A Novel FPGA Implementation of AES-128 using Reduced Residue of Prime Numbers based S-Box Muhammad
More informationFAULT DETECTION IN THE ADVANCED ENCRYPTION STANDARD. G. Bertoni, L. Breveglieri, I. Koren and V. Piuri
FAULT DETECTION IN THE ADVANCED ENCRYPTION STANDARD G. Bertoni, L. Breveglieri, I. Koren and V. Piuri Abstract. The AES (Advanced Encryption Standard) is an emerging private-key cryptographic system. Performance
More informationRC6 Implementation including key scheduling using FPGA
ECE 646, HI-3 1 RC6 Implementation including key scheduling using FPGA (ECE 646 Project, December 2006) Fouad Ramia, Hunar Qadir, GMU Abstract with today's great demand for secure communications systems,
More informationMinimum Area Cost for a 30 to 70 Gbits/s AES Processor
Minimum Area Cost for a 30 to 70 Gbits/s AE Processor Alireza Hodjat and Ingrid Verbauwhede Electrical Engineering Department University of California, Los Angeles {ahodjat, ingrid} @ ee.ucla.edu Abstract
More informationArea Optimization in Masked Advanced Encryption Standard
IOSR Journal of Engineering (IOSRJEN) ISSN (e): 2250-3021, ISSN (p): 2278-8719 Vol. 04, Issue 06 (June. 2014), V1 PP 25-29 www.iosrjen.org Area Optimization in Masked Advanced Encryption Standard R.Vijayabhasker,
More informationA Countermeasure Circuit for Secure AES Engine against Differential Power Analysis
A Countermeasure Circuit for Secure AES Engine against Differential Power Analysis V.S.Subarsana 1, C.K.Gobu 2 PG Scholar, Member IEEE, SNS College of Engineering, Coimbatore, India 1 Assistant Professor
More informationEfficient Hardware Design and Implementation of AES Cryptosystem
Efficient Hardware Design and Implementation of AES Cryptosystem PRAVIN B. GHEWARI 1 MRS. JAYMALA K. PATIL 1 AMIT B. CHOUGULE 2 1 Department of Electronics & Telecommunication 2 Department of Computer
More informationLightweight Crypto Design Principles - Approaches and Limitations
Lightweight Crypto Design Principles - Approaches and Limitations Axel Poschmann Division of Mathematical Sciences School of Physical and Mathematical Sciences August 31, 2011 Agenda Motivation Background
More informationImplementation of Full -Parallelism AES Encryption and Decryption
Implementation of Full -Parallelism AES Encryption and Decryption M.Anto Merline M.E-Commuication Systems, ECE Department K.Ramakrishnan College of Engineering-Samayapuram, Trichy. Abstract-Advanced Encryption
More informationAn 80Gbps FPGA Implementation of a Universal Hash Function based Message Authentication Code
An 8Gbps FPGA Implementation of a Universal Hash Function based Message Authentication Code Abstract We developed an architecture optimization technique called divide-and-concatenate and applied it to
More informationEfficient FPGA Implementations of PRINT CIPHER
Efficient FPGA Implementations of PRINT CIPHER 1 Tadashi Okabe Information Technology Group Tokyo Metropolitan Industrial Technology Research Institute, Tokyo, Japan Abstract This article presents field
More informationA unified architecture of MD5 and RIPEMD-160 hash algorithms
Title A unified architecture of MD5 and RIPMD-160 hash algorithms Author(s) Ng, CW; Ng, TS; Yip, KW Citation The 2004 I International Symposium on Cirquits and Systems, Vancouver, BC., 23-26 May 2004.
More informationECE 545 Lecture 8b. Hardware Architectures of Secret-Key Block Ciphers and Hash Functions. George Mason University
ECE 545 Lecture 8b Hardware Architectures of Secret-Key Block Ciphers and Hash Functions George Mason University Recommended reading K. Gaj and P. Chodowiec, FPGA and ASIC Implementations of AES, Chapter
More informationFPGA Implementation of Shabal: Our First Results (1/15/2010)
FGA Implementation of Shabal: Our First Results (1/15/2010) Romain Feron and Julien Francq EADS Defence & Security, Cyber Security Customer Solutions Center (CSCSC) Abstract. In this short note, we describe
More informationHigh Speed Cryptoprocessor for η T Pairing on 128-bit Secure Supersingular Elliptic Curves over Characteristic Two Fields
High Speed Cryptoprocessor for η T Pairing on 128-bit Secure Supersingular Elliptic Curves over Characteristic Two Fields Santosh Ghosh, Dipanwita Roy Chowdhury, and Abhijit Das Computer Science and Engineering
More informationComparison of the Hardware Performance of the AES Candidates Using Reconfigurable Hardware
Comparison of the Hardware Performance of the AES Candidates Using Reconfigurable Hardware Master s Thesis Pawel Chodowiec MS CpE Candidate, ECE George Mason University Advisor: Dr. Kris Gaj, ECE George
More informationHigh-Performance Cryptography in Software
High-Performance Cryptography in Software Peter Schwabe Research Center for Information Technology Innovation Academia Sinica September 3, 2012 ECRYPT Summer School: Challenges in Security Engineering
More informationObservations and Attacks On The SHA-3 Candidate Blender
Observations and Attacks On The SHA-3 Candidate Blender Craig Newbold cjnewbold@googlemail.com Abstract 51 candidates have been accepted as first round candidates in NIST s SHA-3 competition, to decide
More informationImproved (Pseudo) Preimage Attack and Second Preimage Attack on Round-Reduced Grøstl Hash Function *
JOURNAL OF INFORMATION SCIENCE AND ENGINEERING 30, 1789-1806 (014) Improved (Pseudo) Preimage Attack and Second Preimage Attack on Round-Reduced Grøstl Hash Function * JIAN ZOU 1,, WENLING WU 1, SHUANG
More informationECE 646 Lecture 12. Cryptographic Standards. Secret-key cryptography standards
ECE 646 Lecture 12 Cryptographic Standards Secret-key cryptography Federal Banking International NIST FIPS 46-1 DES FIPS 46-2 DES FIPS 81 Modes of operation FIPS 46-3 Triple DES FIPS 197 AES X3.92 DES
More informationHOST Cryptography III ECE 525 ECE UNM 1 (1/18/18)
AES Block Cipher Blockciphers are central tool in the design of protocols for shared-key cryptography What is a blockcipher? It is a function E of parameters k and n that maps { 0, 1} k { 0, 1} n { 0,
More informationA Case Against Currently Used Hash Functions in RFID Protocols
A Case Against Currently Used Hash Functions in RFID Protocols Martin Feldhofer and Christian Rechberger Graz University of Technology Institute for Applied Information Processing and Communications Inffeldgasse
More informationSIMON Says, Break the Area Records for Symmetric Key Block Ciphers on FPGAs
SIMON Says, Break the Area Records for Symmetric Key Block Ciphers on FPGAs Aydin Aysu, Ege Gulcan, and Patrick Schaumont Secure Embedded Systems Center for Embedded Systems for Critical Applications Bradley
More informationThe road from Panama to Keccak via RadioGatún
The road from Panama to Keccak via RadioGatún Guido Bertoni 1, Joan Daemen 1, Michaël Peeters 2 and Gilles Van Assche 1 1 STMicroelectronics 2 NXP Semiconductors Abstract. In this paper, we explain the
More informationAdvanced Encryption Standard and Modes of Operation. Foundations of Cryptography - AES pp. 1 / 50
Advanced Encryption Standard and Modes of Operation Foundations of Cryptography - AES pp. 1 / 50 AES Advanced Encryption Standard (AES) is a symmetric cryptographic algorithm AES has been originally requested
More informationFPGA Matrix Multiplier
FPGA Matrix Multiplier In Hwan Baek Henri Samueli School of Engineering and Applied Science University of California Los Angeles Los Angeles, California Email: chris.inhwan.baek@gmail.com David Boeck Henri
More informationECE 545. Digital System Design with VHDL
ECE 545 Digital System Design with VHDL Course web page: ECE web page Courses Course web pages ECE 545 http://ece.gmu.edu/coursewebpages/ece/ece545/f10/ Kris Gaj Research and teaching interests: Contact:
More informationFast implementation and fair comparison of the final candidates for Advanced Encryption Standard using Field Programmable Gate Arrays
Fast implementation and fair comparison of the final candidates for Advanced Encryption Standard using Field Programmable Gate Arrays Kris Gaj and Pawel Chodowiec George Mason University, Electrical and
More informationCryptographic Algorithms - AES
Areas for Discussion Cryptographic Algorithms - AES CNPA - Network Security Joseph Spring Department of Computer Science Advanced Encryption Standard 1 Motivation Contenders Finalists AES Design Feistel
More informationAn Instruction Set Extension for Fast and Memory- Efficient AES Implementation. Stefan Tillich, Johann Großschädl, Alexander Szekely
Institute for Applied Information Processing and Communications () GRAZ UNIVERSITY OF TECHNOLOGY An Instruction Set Extension for Fast and Memory- Efficient AES Implementation Stefan Tillich, Johann Großschädl,
More informationBYTE SLICING GRØSTL Optimized Intel AES-NI and 8-bit Implementations of the SHA-3 Finalist Grøstl
BYTE SLICING GRØSTL Optimized Intel AES-NI and 8-bit Implementations of the SHA-3 Finalist Grøstl Kazumaro Aoki 1, Günther Roland 2, Yu Sasaki 1 and Martin Schläffer 2 1 NTT Corporation, Japan 2 IAIK,
More informationData-Oriented Performance Analysis of SHA-3 Candidates on FPGA Accelerated Computers
Data-Oriented Performance Analysis of SHA-3 Candidates on FPGA Accelerated Computers Zhimin Chen, Xu Guo, Ambuj Sinha, and Patrick Schaumont ECE Department, Virginia Tech {chenzm, xuguo, ambujs87, schaum}@vt.edu
More informationA High-Speed Unified Hardware Architecture for the AES and SHA-3 Candidate Grøstl
A High-Speed Unified Hardware Architecture for the AES and SHA-3 Candidate Grøstl Marcin Rogawski and Kris Gaj Volgenau School of Engineering George Mason University Fairfax, Virginia 22030 email: {mrogawsk,
More informationDifferential Power Analysis of MAC-Keccak at Any Key-Length
Differential Power Analysis of MAC-Keccak at Any Key-Length Mostafa Taha and Patrick Schaumont Secure Embedded Systems Center for Embedded Systems for Critical Applications Bradley Department of ECE Virginia
More informationSecurity Analysis of Extended Sponge Functions. Thomas Peyrin
Security Analysis of Extended Sponge Functions Hash functions in cryptology: theory and practice Leiden, Netherlands Orange Labs University of Versailles June 4, 2008 Outline 1 The Extended Sponge Functions
More informationData Encryption Standard (DES)
Data Encryption Standard (DES) Best-known symmetric cryptography method: DES 1973: Call for a public cryptographic algorithm standard for commercial purposes by the National Bureau of Standards Goals:
More informationFast implementation and fair comparison of the final candidates for Advanced Encryption Standard using Field Programmable Gate Arrays
Kris Gaj and Pawel Chodowiec Electrical and Computer Engineering George Mason University Fast implementation and fair comparison of the final candidates for Advanced Encryption Standard using Field Programmable
More informationVLSI ARCHITECTURE FOR NANO WIRE BASED ADVANCED ENCRYPTION STANDARD (AES) WITH THE EFFICIENT MULTIPLICATIVE INVERSE UNIT
VLSI ARCHITECTURE FOR NANO WIRE BASED ADVANCED ENCRYPTION STANDARD (AES) WITH THE EFFICIENT MULTIPLICATIVE INVERSE UNIT K.Sandyarani 1 and P. Nirmal Kumar 2 1 Research Scholar, Department of ECE, Sathyabama
More informationHardware Accelerator for Stream Cipher Spritz
Hardware Accelerator for Stream Cipher Spritz by Debjyoti Bhattacharjee and Anupam Chattopadhyay School of Computer Science and Engineering (SCSE) 26-July-2016 Debjyoti Bhattacharjee and Anupam Chattopadhyay,
More informationImplementation of the block cipher Rijndael using Altera FPGA
Regular paper Implementation of the block cipher Rijndael using Altera FPGA Piotr Mroczkowski Abstract A short description of the block cipher Rijndael is presented. Hardware implementation by means of
More informationBlock Ciphers. Secure Software Systems
1 Block Ciphers 2 Block Cipher Encryption function E C = E(k, P) Decryption function D P = D(k, C) Symmetric-key encryption Same key is used for both encryption and decryption Operates not bit-by-bit but
More informationImplementation and Analysis of the PRIMATEs Family of Authenticated Ciphers
Implementation and Analysis of the PRIMATEs Family of Authenticated Ciphers Ahmed Ferozpuri Abstract Lightweight devices used for encrypted communication require a scheme that can operate in a low resource
More information