Compact Implementation of Threefish and Skein on FPGA
|
|
- Dominic McCarthy
- 5 years ago
- Views:
Transcription
1 Compact Implementation of Threefish and Skein on FPGA Nuray At, Jean-Luc Beuchat, and İsmail San Department of Electrical and Electronics Engineering, Anadolu University, Eskişehir, Turkey {nat, Faculty of Engineering, Information and Systems, University of Tsukuba, -- Tennodai, Tsukuba, Ibaraki, , Japan Abstract The SHA-3 finalist Skein is built from the tweakable Threefish block cipher. In order to have a better understanding of the computational efficiency of Skein (resource sharing, memory access scheme, scheduling, etc.), we design a low-area coprocessor for Threefish and describe how to implement Skein on our architecture. We harness the intrinsic parallelism of Threefish to design a pipelined ALU and interleave several tasks in order to achieve a tight scheduling. From our point of view, the main advantage of Skein over other SHA-3 finalists is that the same coprocessor allows one to encrypt or hash a message. I. INTRODUCTION In this article, we propose a novel hardware implementation of the SHA-3 finalist Skein []. As emphasized by Kerckhof et al., fully unrolled and pipelined architectures may sometimes hide a part of the algorithms complexity that is better revealed in compact implementations [2]. In order to have a deeper understanding of the computational efficiency of Skein (resource sharing, memory access scheme, scheduling, etc.), we decided to design a low-area coprocessor on a Field-Programmable Gate Array (FPGA). Furthermore, such an implementation is valuable for constrained environments, where some security protocols mainly rely on cryptographic hash functions (see for instance [3]). Skein is built from the tweakable Threefish block cipher, defined with a 256-, 52-, and 24-bit block size. The main contribution of this article is a lightweight implementation of Threefish (Section II). Then, we describe how to implement Skein on our coprocessor (Section III). We have prototyped our architecture on a Xilinx Virtex-6 device and discuss our results in Section IV. II. THE THREEFISH BLOCK CIPHER A. Algorithm Specification Threefish operates entirely on unsigned 64-bit integers and involves only three operations: rotation of k bits to the left (denoted by k), bitwise exclusive OR (denoted by ), and addition modulo 2 64 (denoted by ). Therefore, the plaintext P and the cipher key K are converted to N w 64-bit words. Note that the number of words N w and the number of rounds N r depend on the key size (Table I). The key schedule generates the subkeys from a block cipher key K = (k, k,..., k Nw ) and a 28-bit tweak Table I NUMBER OF ROUNDS FOR DIFFERENT KEY SIZES (REPRINTED FROM []). Key size # words # rounds [bits] N w N r T = (t, t ). K and T are extended with one parity word (Algorithm, lines and 2). Each subkey is a combination of N w words of the extended key, two words of the extended tweak, and a counter s (Algorithm, lines 5 to 9). Note that the extended key and the extended tweak are rotated by one word position between two consecutive subkeys. Algorithm Key schedule. Input: A block cipher key K = (k, k,..., k Nw ); a tweak T = (t, t ); the constant C 24 = BDBDAA9FCA22. Output: N r /4 + subkeys k s,, k s,,..., k s,nw, where s N r /4.. k Nw C 24 N w i= k i ; 2. t 2 t t ; 3. for s to N r /4 do 4. for i to N w 4 do 5. k s,i k (s+i) mod (Nw+); 6. end for 7. k s,nw 3 k (s+nw 3) mod (N w+) t s mod 3 ; 8. k s,nw 2 k (s+nw 2) mod (N w+) t (s+) mod 3 ; 9. k s,nw k (s+nw ) mod (N w+) s;. end for. return k s,, k s,,..., k s,nw, where s N r /4; A series of N r rounds (Figure and Algorithm 2, lines 4 to 9) and a final subkey addition (Algorithm 2, line 2) are applied to produce the ciphertext. The core of a round is the simple non-linear mixing function Mix d,j (Algorithm 2, lines 3 and 4). It consists of an addition, a rotation by a constant R d mod 8,j (repeated every eight rounds and defined
2 in [, Table 4]), and a bitwise exclusive OR. A word permutation π(i) (defined in [, Table 3]) is then applied to obtain the output of the round (Algorithm 2, line 7). Furthermore, a subkey is injected every four rounds (Algorithm 2, line 7). k, Mix4, e 4, v 4, k, R 4, e 4, v 4, f 4, f 4, f 4,2 v 4,2 k,2 k,3 R 4, e 4,3 f 4,3 v 4,3 v 5, v 5, v 5,2 v 5,3 Figure. Mix4, Permute One of the 72 rounds of Threefish-256. Algorithm 2 Encryption with the Threefish block cipher. Input: A plaintext block P = (p, p,..., p Nw ); N r /4 + subkeys k s,, k s,,..., k s,nw, where s N r /4; 4N w rotation constants R i,j, where i 7 and j N w /2. Output: A ciphertext block C = (c, c,..., c Nw ).. for i to N w do 2. v,i p i ; 3. end for 4. for d to N r do 5. for i to N w do 6. if d mod 4 = then 7. e d,i v d,i k d/4,i ; (Key injection) 8. else 9. e d,i v d,i ; (Rename). end if. end for 2. for j to N w /2 do 3. f d,2j e d,2j e d,2j+ ; (Mix d,j ) 4. f d,2j+ f d,2j (e d,2j+ R d mod 8,j ); 5. end for 6. for i to N w do 7. v d+,i f d,π(i) ; (Permute) 8. end for 9. end for 2. for i to N w do 2. c i v Nr,i k Nr/4,i; (Key injection) 22. end for 23. return C = (c, c,..., c Nw ); B. The UBI Chaining Mode Let E(K, T, P ) be a tweakable encryption function. The Unique Block Iteration (UBI) chaining mode allows one to build a compression function out of E. Each block M i of the message is processed with a unique tweak value T i encoding how many bytes have been processed so far, a type field (see [] for details), and two bits specifying whether it is the first and/or last block. The UBI chaining mode is computed as: H G, H i+ M i E(H i, T i, M i ), where G is a starting value of N w words. C. Hardware Implementation This short description of Threefish gives us the first hints on designing a dedicated coprocessor (Figure 2). Our architecture consists of a register file implemented by means of dualported memory, an ALU, and a control unit. The register file is organized into 64-bit words, and stores a plaintext block, an internal state (e d,i, where i N w ), an extended block cipher key, an extended tweak, the constant C 24, and all possible values of s involved in the key schedule. Thanks to this approach, the word permutation π(i) and the word rotation of the key schedule are conveniently implemented by addressing the register file accordingly. Since the round constants repeat every eight rounds (Algorithm 2, line 4), we decided to unroll eight iterations of the main loop of Threefish (Algorithm 2, lines 4 to 9). The rotation constants R d,i are included in the microcode executed by the control unit. Note that our register file is designed for Threefish-24 (i.e. N w = 6 and N r = 8). It is therefore straightforward to implement the two other variants of the algorithm on our architecture. WE Data Address WE Address Data Figure 2. Register file (dual-ported memory block) Port B Port A Start Nw p,..., p5 ei,,..., ei,5 k,..., k5 k6 t, t, t2, C24,,..., 4, 5 6, 7, 8, 9, 2 Control unit Idle Architecture of the Threefish coprocessor Port A Port B Arithmetic and Logic Unit (Figure 3b) ctrl: The next step consists in defining the architecture of the ALU and the instruction set of our coprocessor. In the following, Ri denotes a 64-bit register. Figure 3a illustrates our scheduling of the two mixing functions Mix 4, and Mix 4, of the fifth round of Threefish-256:
3 Port A R R4 R5 R6 e 4, bit 64 bits e 4, e 4,3 e 4, e 9 4, e 4,3 e 25 4, R3 R e 4, e 4, e 4,3 e 4,3 e 4, e4,2 R3 f 4, e 4,3 R3 R3 R6 e 33 4,3 f 4, f 4,2 R3 R f 4,3 R3 R3 R6 From port B From port A ctrl 7 ctrl :,, 2 or 3 ctrl 3:2, 4, 8 or 2 R ctrl 5:4 ctrl 6 ctrl 8 ctrl 9 ctrl b a, 6, 32 or 48 R4 R5 R6 or R3 To port B From R3 From R From From R6 Ctrl LUT6 2 bj aj bj aj aj bj (aj bj) Ctrl aj bj carryj+ carryj (carry = Ctrl) To R3 (a) Computation of Mix4, and Mix4, (Threefish-256) (b) Architecture of the ALU (c) Computation of R3 R or R3 R3 R6 on a Virtex-6 device Figure 3. Arithmetic and logic unit for Threefish encryption. The operand e 4, is loaded in register R; at the same time, we start the computation of e 4, R 4, ; this operation requires three clock cycles and intermediate results are stored in R4, R5, and R6. Then, e 4, is loaded in register ; the content of R is not modified (i.e. R must be controlled by an enable signal). We execute the instruction R3 R. R3 and R6 contain f 4, and e 4, R 4,, respectively. The instruction R3 R3 R6 allows us to compute f 4,. We schedule Mix 4, as soon as e 4, has been read, and manage to keep the pipeline continuously busy. In summary, our ALU must be able to carry out any rotation of a 64-bit word and to perform the following operation (Figure 3b): { R when Ctrl =, R3 () R3 R6 otherwise, where Ctrl denotes a control bit. Our ALU is therefore similar to the one proposed by Beuchat et al. [4] for the SHA-3 finalist BLAKE, and we can take advantage of their strategy to share hardware resources between the adder and the array of XOR gates (we propose here a more general approach that does not require a low-level VHDL description relying on libraries provided by Xilinx). Let us define two 64-bit operands a and b such that: { (R, ) when Ctrl =, (a, b) = (R3, R6) otherwise. It is well-known that a b = (a b) (a b) and a b = (a b) (a b), where,, and denote the bitwise OR, the bitwise AND, and the subtraction modulo 2 64 of two operands, respectively [5]. Thus, Equation () can be rewritten as follows: R3 (a b) ((a b) Ctrl ) Ctrl. (2) Figure 3c describes the implementation of Equation (2) on a Virtex-6 device. Since there is a single control signal to choose the arithmetic operation and to select a and b, Equation (2) involves only five variables, and is advantageously implemented by 64 LUT6 2 primitives and dedicated carry logic. In order to reduce the number of operands stored in the register file, we interleave the key schedule (Algorithm ) and the encryption process (Algorithm 2). This approach allows us to generate the subkeys on-the-fly. It is however necessary to compute t 2 and k Nw before the first key injection. The easiest way to compute t 2 would be to load t and t in registers R and, respectively, and to execute the instruction R3 R. Unfortunately, this solution requires one more control bit to select the inputs of the arithmetic operator, and it is not possible to implement the multiplexers and the adder on the same LUT6 2 primitive anymore. Since the critical path of our coprocessor is located in the 64-bit adder, an extra level of LUTs would decrease the clock frequency. However, we are able to compute t 2 using only the functionalities defined by Equation (). Since t 2 = (t ) (t ), it suffices to execute the following instructions: R4 t, R t,, R5 R4, R3 R, R6 R5, R3 R3 R6. This approach assumes that we can read simultaneously two values from the register file. Thanks to the multiplexer controlled by Ctrl 7, we can load data from port A or port B into register R 2 (Figure 3b). A similar strategy allows us to compute k Nw. The implementation of the key injection is more straightforward. Note that the multiplexers controlled by Ctrl 6 and Ctrl 8 allow us to bypass the register file and to use the content of R3 as an input to the ALU. Let us consider for instance the first key injection of Threefish-256: e,2 is defined as p 2 k,2 = p 2 k 2 t and is computed as follows: R k 2, t, R3 R R R3, p 2, R3 R. Figure 4 describes how we schedule the instructions of Threefish-256.
4 Computation of t 2 and k 4, and first key injection Register File Address A Address B Input B Output A t k k 2 k @k 2 3 t 2 k C 2 4 k 4 k k 3 p p @e,2 e, e,3 e,2 k 2 p 2 k t @e,2 e, e, e,2 Port A Port B t t k C 24 k k 2 k 3 k k 3 p p 3 k 2 p 2 t k t p e, e,3 e,2 R t k k k 2 k 3 k k 3 k 2 k,2 k k, e, e, e,3 e,3 ALU R6 t C 24 k k k 2 k 3 p p 3 t p 2 t p e, e 4, e,2 R3 t t 2 C 24 k 4 e, e,3 k,2 e,2 k, e, f, f, Permute v, v,3 Rename e, e, e,3 R3 R R3 R3 R6 Second key injection First round Register File Address A Address B Input B Output A @e 3, e 3, v 4,2 v 4, e 4, e 4,3 e 3, k k 4 k 3 v 4,2 k 2 t 2 t v e 4, e e 5, Port A Port B e, e 3, k k 4 k 3 t 2 v 4,2 k 2 t v 4, e 4, e 4,3 ALU R R6 e,3 e,3 e 6,3 e,2 e, e, e 57,3 e, e 2, e 52, e 2, e 2, e 2,3 e 23 2, e 2,3 e 3,3 e 4 2,3 e 3,3 e 3,2 e 3, e 37 3,3 e 3, e 3, e 5 3, k v 4, k 4 k 3 e4,3 v 4,2 k 2 v 4, v 4,3 t 2 k,2 t k, e 4, e 4, e 4,3 e 4,3 e 4, e 25 4, R3 f,2 f,3 f,2 f,3 f, f, f 2, f 2, f 2,2 f 2,3 f 3,2 f 3,3 f 3, f 3, e 4, e4,3 k,2 e 4,3 k, e 4, f 4, f 4, Permute v,2 v, v 2,2 v 2, v 2, v 2,3 v 3, v 3,3 v 3,2 v 3, v 4,2 v 4, v 4, v 4,3 v 5, v 5,3 Rename e,2 e, e 2, e 2, e 2,3 e 3, e 3,3 e 3,2 e 3, e 5, e 5,3 Second round Third round Fourth round Fifth round Figure 4. Scheduling of denotes the address of the 64-bit word d in the register file. Rename and Permute refer to lines 9 and 7 of Algorithm 2, respectively. The UBI chaining mode can be combined with the final key injection of Threefish encryption. It suffices to modify line 2 of Algorithm 2 as follows: e Nr,i v Nr,i k Nr/4,i and c i e Nr,i p i. The only difference between this operation and the mixing function MIX d,j is that no permutation is applied to the second operand of the bitwise exclusive OR. The control unit consists of an instruction memory, a small table to generate the address of k (s+i) mod (Nw+) during the key schedule (Algorithm ), and a simple finite-state machine. Since we unroll only eight rounds, we manage to keep the instruction memory compact. In the case of Threefish-52, we need for instance 45 instructions and 88 clock cycles to encrypt a plaintext block in UBI mode. III. SKEIN HASHING In this work, we focus on the simple Skein hash computation and refer the reader to [] for a description of the other modes of operation. Three UBI invocations allow one to compute the digest of a message M = (M, M,..., M b ) of up to bits, where each M i is a block of N w 64-bit word. We explain this process with an example: how to hash a message of 7 bytes M = (M, M, M 2 ) with Skein (Figure 5): ) Configuration block. The 32-byte string C encodes the desired output length and several parameters defined in []. In the simple hashing mode, G = UBI(, C, T cfg 2 2 ) depends only on the output size, and can be precomputed (see [, Appendix B]). 2) Message. Note that M and M contain 64 bytes of data each, and M 2 is the padded final block with 42 bytes of data. The tweak encodes whether M i is the first or last block of M, and the number of bytes processed so far. In this example, UBI(G, M, T msg 2 2 ) requires three calls to Threefish-52. 3) Output transform. The call to UBI(G,, T out 2 2 ) achieves hashing-appropriate randomness. If a single output block is not sufficient, several output transforms can be run in parallel []. In order to process a b-block message M, we load the precomputed value of G in the register file of our coprocessor. Then, b + calls to Threefish allow us to process the message
5 and to perform the output transform. In the case of Skein-52-52, the throughput is given by T = 52 b f (b+) 88 bits/s, where f denotes the clock frequency of our architecture. Configuration block G UBI(, C, T cfg 2 2 ) Tweak: Type: Cfg C M M M 2 Type: Msg Len: 64 First: Last: Message G UBI(G, M, T msg2 2 ) G G H UBI(G,, T out2 2 ) Tweak: Tweak: Tweak: Tweak: Type: Msg Type: Msg Type: Out Len: 28 First: Last: Len: 7 First: Last: Output transform Figure 5. Processing a 3-block message using Skein in the simple hashing mode. IV. RESULTS AND PERSPECTIVES We captured our architecture in the VHDL language and prototyped a fully autonomous implementation of Skein on a Xilinx Virtex-6 FPGA. Table II summarizes our results and the figures published by other researchers focusing on compact coprocessors (we refer the reader to the SHA-3 Zoo [2] for an overview of high-speed designs). Note that we considered the least favorable case, where the message consists of a single block, to compute the throughput. If we increase the size of the message, the throughput of our coprocessor converges asymptotically to 6 Mbits/s. The other hardware architectures of Skein reported in Table II make a single call to Threefish-52 and do not perform the output transform. Let us assume that all SHA-3 finalists provide the levels of security expected by the NIST. Then, according to Table II, BLAKE, Keccak, and Skein seem to be the best candidates for compact implementations on FPGA. Beuchat et al. [4] designed a low-area ALU for BLAKE on Xilinx devices. However, the datapath depends on the level of security one wishes to achieve. In order to overcome this drawback, Yamazaki et al. [7] proposed a unified coprocessor for the BLAKE family. Their ALU is built around a 64-bit datapath, and can process a 52-bit block (BLAKE-52) or two 256-bit blocks in parallel (BLAKE-256). From our point of view, the main advantage of Skein over other SHA-3 finalists is that the same coprocessor allows one to encrypt or hash a message. We plan to improve our architecture in order to support Threefish decryption, Skein-MAC, and tree hashing with Skein. H [4] J.-L. Beuchat, E. Okamoto, and T. Yamazaki, Compact implementations of BLAKE-32 and BLAKE-64 on FPGA, in Proceedings of the 2 International Conference on Field-Programmable Technology FPT 2, J. Bian, Q. Zhou, and K. Zhao, Eds. IEEE Press, 2, pp [5] H. Warren, Hacker s Delight. Addison-Wesley, 22. [6] J.-P. Aumasson, L. Henzen, W. Meier, and R. Phan, SHA-3 proposal BLAKE (version.4), Jan. 2. [7] T. Yamazaki, J.-L. Beuchat, and E. Okamoto, BLAKE-256, BLAKE- 52のコンパクトな統合実装, IEICE 暗号と情報セキュリティ実装技術小特集号, vol. J-95A, no. 5, 22. [8] B. Jungk, Compact implementations of Grøstl, JH and Skein for FPGAs, in Proceedings of the ECRYPT II Hash Workshop, 2. [9] G. Bertoni, J. Daemen, M. Peeters, G. Van Assche, and R. Van Keer, Keccak implementation overview (version 3.), Sep. 2. [] İ. San and N. At, Compact Keccak hardware architecture for data integrity and authentication on FPGAs, Information Security Journal: A Global Perspective, 22. [] K. Latif, M. Tariq, A. Aziz, and A. Mahboob, Efficient hardware implementation of secure hash algorithm (SHA-3) finalist - Skein, in Proceedings of the International Conference on Computer, Communication, Control and Automation 3CA2, 2. [2] The SHA-3 zoo, SHA-3 Zoo. REFERENCES [] N. Ferguson, S. Lucks, B. Schneier, D. Whiting, M. Bellare, T. Kohno, J. Callas, and J. Walker, The skein hash function family (version.3), Oct. 2. [2] S. Kerckhof, F. Durvaux, N. Veyrat-Charvillon, F. Regazzoni, G. Meurice de Dormale, and F.-X. Standaert, Compact FPGA implementations of the five SHA-3 finalists, in Proceedings of the ECRYPT II Hash Workshop, 2. [3] J. Zhai, C. Park, and G.-N. Wang, Hash-based RFID security protocol using randomly key-changed identification procedure, in Computational Science and Its Applications ICCSA 26, ser. Lecture Notes in Computer Science, no Springer, 26, pp
6 Table II COMPACT IMPLEMENTATIONS OF THE FIVE SHA-3 FINALISTS ON VIRTEX-5 AND VIRTEX-6 FPGAS. Algorithm FPGA Area 36k memory Frequency Throughput [slices] blocks [MHz] [Mbits/s] Aumasson et al. [6] BLAKE-256 xc5vlx Beuchat et al. [4] BLAKE-256 xc6vlx75t Aumasson et al. [6] BLAKE-52 xc5vlx Beuchat et al. [4] BLAKE-52 xc6vlx75t Kerckhof et al. [2] BLAKE-52 xc6vlx75t Yamazaki et al. [7] BLAKE (unified coprocessor) xc5vlx (BLAKE-256) 264 (BLAKE-52) Jungk [8] Grøstl-256 xcv Kerckhof et al. [2] Grøstl-52 xc6vlx75t Jungk [8] JH-256 xcv Kerckhof et al. [2] JH-52 xc6vlx75t Bertoni et al. [9] Keccak[r = 24, c = 576] xc5vlx Kerckhof et al. [2] Keccak[r = 24, c = 576] xc6vlx75t San & At [] Keccak[r = 24, c = 576] xc5vlx This Work Skein xc6vlx75t Jungk [8] Skein xcv Kerckhof et al. [2] Skein xc6vlx75t Latif et al. [] Skein xc5vlx-3 82 Not specified 9 6 Modified to implement the tweaked version submitted for the final round of the SHA-3 competition. Single call to Threefish-52.
Compact Hardware Implementations of ChaCha, BLAKE, Threefish, and Skein on FPGA
Compact Hardware Implementations of ChaCha, BLAKE, Threefish, and Skein on FPGA Nuray At, Jean-Luc Beuchat, Eiji Okamoto, İsmail San, and Teppei Yamazaki Department of Electrical and Electronics Engineering,
More informationTwo Hardware Designs of BLAKE-256 Based on Final Round Tweak
Two Hardware Designs of BLAKE-256 Based on Final Round Tweak Muh Syafiq Irsyadi and Shuichi Ichikawa Dept. Knowledge-based Information Engineering Toyohashi University of Technology, Hibarigaoka, Tempaku,
More informationSkein. John Kevin Hicks
Skein John Kevin Hicks 2 Outline Introduction Skein Overview Threefish Block Cipher Unique Block Iteration Optional Argument System Skein Performance Security Claims and Current Cryptanalysis Conclusions
More informationThe SHA-3 Process. Keccak & SHA-3 day Brussels, 27 March 2013
The SHA-3 Process Keccak & SHA-3 day Brussels, 27 March 2013 Timeline 05 06 07 08 09 10 11 12 13 Summer 2005: Attacks on MD5, RIPEMD, SHA-0, SHA-1 The Wang effect Before 2005 MD4 (Dobbertin) MD5 (Boss.,
More informationCompact FPGA Implementations of the Five SHA-3 Finalists
Compact FPGA Implementations of the Five SHA-3 Finalists Stéphanie Kerckhof 1,François Durvaux 1, Nicolas Veyrat-Charvillon 1, Francesco Regazzoni 1, Guerric Meurice de Dormale 2,andFrançois-Xavier Standaert
More informationA Novel Method for Secured Transaction of Images and Text on Cloud
A Novel Method for Secured Transaction of Images and Text on Cloud John Jeya Singh. T Research Scholar, Dept of Computer Science, Bharathiar University, Coimbatore, Tamil nadu, India. Dr E.Baburaj Professor
More informationHOST Cryptography III ECE 525 ECE UNM 1 (1/18/18)
AES Block Cipher Blockciphers are central tool in the design of protocols for shared-key cryptography What is a blockcipher? It is a function E of parameters k and n that maps { 0, 1} k { 0, 1} n { 0,
More informationIMPLEMENTATION OF BLAKE ALGORITHM USING PIPELINING IN FPGA
International Journal Innovations in Scientific and IMPLEMENTATION OF BLAKE ALGORITHM USING PIPELINING IN FPGA 1 M.Jothi Kumar, 2 Chitravalavan 1 Research Scholar, Department Applied Electronics, A.V.C.
More informationPushing the Limits of SHA-3 Hardware Implementations to Fit on RFID
Motivation Keccak Our Designs Results Comparison Conclusions 1 / 24 Pushing the Limits of SHA-3 Hardware Implementations to Fit on RFID Peter Pessl and Michael Hutter Motivation Keccak Our Designs Results
More informationLightweight Implementations of SHA-3 Candidates on FPGAs
Lightweight of SHA-3 Candidates on FPGAs Jens-Peter Kaps Panasayya Yalla Kishore Kumar Surapathi Bilal Habib Susheel Vadlamudi Smriti Gurung John Pham Cryptographic Engineering Research Group (CERG) http://cryptography.gmu.edu
More informationOn the parallelization of slice-based Keccak implementations on Xilinx FPGAs
On the parallelization of slice-based Keccak implementations on Xilinx FPGAs Jori Winderickx, Joan Daemen and Nele Mentens KU Leuven, ESAT/COSIC & iminds, Leuven, Belgium STMicroelectronics Belgium & Radboud
More informationImplementation & Benchmarking of Padding Units & HMAC for SHA-3 candidates in FPGAs & ASICs
Implementation & Benchmarking of Padding Units & HMAC for SHA-3 candidates in FPGAs & ASICs Ambarish Vyas Cryptographic Engineering Research Group (CERG) http://cryptography.gmu.edu Department of ECE,
More informationCryptography. Summer Term 2010
Summer Term 2010 Chapter 2: Hash Functions Contents Definition and basic properties Basic design principles and SHA-1 The SHA-3 competition 2 Contents Definition and basic properties Basic design principles
More informationA High-Speed Unified Hardware Architecture for AES and the SHA-3 Candidate Grøstl
A High-Speed Unified Hardware Architecture for AES and the SHA-3 Candidate Grøstl Marcin Rogawski Kris Gaj Cryptographic Engineering Research Group (CERG) http://cryptography.gmu.edu Department of ECE,
More informationCryptographic Hash Functions
Cryptographic Hash Functions Çetin Kaya Koç koc@cs.ucsb.edu Çetin Kaya Koç http://koclab.org Winter 2017 1 / 34 Cryptographic Hash Functions A hash function provides message integrity and authentication
More informationNetwork Security. Cryptographic Hash Functions Add-on. Benjamin s slides are authoritative. Chair for Network Architectures and Services
Chair for Network Architectures and Services Technische Universität München Network Security Cryptographic Hash Functions Add-on Benjamin s slides are authoritative Motivation (1) Common practice in data
More informationSHA3 Core Specification. Author: Homer Hsing
SHA3 Core Specification Author: Homer Hsing homer.hsing@gmail.com Rev. 0.1 January 29, 2013 This page has been intentionally left blank. www.opencores.org Rev 0.1 ii Rev. Date Author Description 0.1 01/29/2013
More informationVersion 2.0, November 11, Stefan Tillich, Martin Feldhofer, Mario Kirschbaum, Thomas Plos, Jörn-Marc Schmidt, and Alexander Szekely
High-Speed Hardware Implementations of BLAKE, Blue Midnight Wish, CubeHash, ECHO, Fugue, Grøstl, Hamsi, JH, Keccak, Luffa, Shabal, SHAvite-3, SIMD, and Skein Version 2.0, November 11, 2009 Stefan Tillich,
More informationLow-Area Implementations of SHA-3 Candidates
Jens-Peter Cryptographic Engineering Research Group (CERG) http://cryptography.gmu.edu Department of ECE, Volgenau School of IT&E, George Mason University, Fairfax, VA, USA SHA-3 Project Review Meeting
More informationAn 80Gbps FPGA Implementation of a Universal Hash Function based Message Authentication Code
An 8Gbps FPGA Implementation of a Universal Hash Function based Message Authentication Code Abstract We developed an architecture optimization technique called divide-and-concatenate and applied it to
More informationHardware Performance Evaluation of SHA-3 Candidate Algorithms
Journal of Information Security, 2012, 3, 69-76 http://dx.doi.org/10.4236/jis.2012.32008 Published Online April 2012 (http://www.scirp.org/journal/jis) Hardware Performance Evaluation of SHA-3 Candidate
More informationWinter 2011 Josh Benaloh Brian LaMacchia
Winter 2011 Josh Benaloh Brian LaMacchia Symmetric Cryptography January 20, 2011 Practical Aspects of Modern Cryptography 2 Agenda Symmetric key ciphers Stream ciphers Block ciphers Cryptographic hash
More informationSide-channel Analysis of Grøstl and Skein
2012 IEEE IEEE Symposium CS Security on Security and Privacy and Workshops Privacy Workshops Side-channel Analysis of Grøstl and Skein Christina Boura, Sylvain Lévêque, David Vigilant Gemalto 6 rue de
More informationImplementation and Analysis of the PRIMATEs Family of Authenticated Ciphers
Implementation and Analysis of the PRIMATEs Family of Authenticated Ciphers Ahmed Ferozpuri Abstract Lightweight devices used for encrypted communication require a scheme that can operate in a low resource
More informationCompact implementations of Grøstl, JH and Skein for FPGAs
Compact implementations of Grøstl, JH and Skein for FPGAs Bernhard Jungk Hochschule RheinMain University of Applied Sciences Wiesbaden Rüsselsheim Geisenheim bernhard.jungk@hs-rm.de Abstract. This work
More informationPower Analysis of MAC-Keccak: A Side Channel Attack. Advanced Cryptography Kyle McGlynn 4/12/18
Power Analysis of MAC-Keccak: A Side Channel Attack Advanced Cryptography Kyle McGlynn 4/12/18 Contents Side-Channel Attack Power Analysis Simple Power Analysis (SPA) Differential Power Analysis (DPA)
More informationEfficient Hardware Implementations of High Throughput SHA-3 Candidates Keccak, Luffa and Blue Midnight Wish for Single- and Multi-Message Hashing
Efficient Hardware Implementations of High Throughput SHA-3 Candidates Keccak, Luffa and Blue Midnight Wish for Single- and Multi-Message Hashing Abdulkadir Akın, Aydın Aysu, Onur Can Ulusel, and Erkay
More informationOn Optimized FPGA Implementations of the SHA-3 Candidate Grøstl
On Optimized FPGA Implementations of the SHA-3 Candidate Grøstl Bernhard Jungk, Steffen Reith, and Jürgen Apfelbeck Fachhochschule Wiesbaden University of Applied Sciences {jungk reith}@informatik.fh-wiesbaden.de
More informationLinear Cryptanalysis of Reduced Round Serpent
Linear Cryptanalysis of Reduced Round Serpent Eli Biham 1, Orr Dunkelman 1, and Nathan Keller 2 1 Computer Science Department, Technion Israel Institute of Technology, Haifa 32000, Israel, {biham,orrd}@cs.technion.ac.il,
More informationAdvanced Encryption Standard and Modes of Operation. Foundations of Cryptography - AES pp. 1 / 50
Advanced Encryption Standard and Modes of Operation Foundations of Cryptography - AES pp. 1 / 50 AES Advanced Encryption Standard (AES) is a symmetric cryptographic algorithm AES has been originally requested
More informationA Low-Area yet Performant FPGA Implementation of Shabal
A Low-Area yet Performant FPGA Implementation of Shabal Jérémie Detrey, Pierrick Gaudry, and Karim Khalfallah 2 CARAMEL project-team, LORIA, INRIA / CNRS / Nancy Université, Campus Scientifique, BP 239,
More informationA Chosen-key Distinguishing Attack on Phelix
A Chosen-key Distinguishing Attack on Phelix Yaser Esmaeili Salehani* and Hadi Ahmadi** * Zaeim Electronic Industries Co., Tehran, Iran. ** School of Electronic Engineering, Sharif University of Technology,
More informationVivado HLS Implementation of Round-2 SHA-3 Candidates
Farnoud Farahmand ECE 646 Fall 2015 Vivado HLS Implementation of Round-2 SHA-3 Candidates Introduction NIST announced a public competition on November 2007 to develop a new cryptographic hash algorithm,
More informationArea Optimization in Masked Advanced Encryption Standard
IOSR Journal of Engineering (IOSRJEN) ISSN (e): 2250-3021, ISSN (p): 2278-8719 Vol. 04, Issue 06 (June. 2014), V1 PP 25-29 www.iosrjen.org Area Optimization in Masked Advanced Encryption Standard R.Vijayabhasker,
More informationA Lightweight Implementation of Keccak Hash Function for Radio-Frequency Identification Applications
A Lightweight Implementation of Keccak Hash Function for Radio-Frequency Identification Applications Elif Bilge Kavun and Tolga Yalcin Department of Cryptography Institute of Applied Mathematics, METU
More informationCS-E4320 Cryptography and Data Security Lecture 5: Hash Functions
Lecture 5: Hash Functions Céline Blondeau Email: celine.blondeau@aalto.fi Department of Computer Science Aalto University, School of Science Hash Functions Birthday Paradox Design of Hash Functions SHA-3
More informationRC6 Implementation including key scheduling using FPGA
ECE 646, HI-3 1 RC6 Implementation including key scheduling using FPGA (ECE 646 Project, December 2006) Fouad Ramia, Hunar Qadir, GMU Abstract with today's great demand for secure communications systems,
More informationA j-lanes tree hashing mode and j-lanes SHA-256
A j-lanes tree hashing mode and j-lanes SHA-5 Shay Gueron 1, 1 Department of Mathematics, University of Haifa, Israel Intel Corporation, Israel Development Center, Haifa, Israel August 1, Abstract. j-lanes
More informationCCproc: A custom VLIW cryptography co-processor for symmetric-key ciphers
CCproc: A custom VLIW cryptography co-processor for symmetric-key ciphers Dimitris Theodoropoulos, Alexandros Siskos, and Dionisis Pnevmatikatos ECE Department, Technical University of Crete, Chania, Greece,
More informationLightweight Implementations of SHA-3 Candidates on FPGAs
Lightweight Implementations of SHA-3 Candidates on FPGAs Jens-Peter Kaps, Panasayya Yalla, Kishore Kumar Surapathi, Bilal Habib, Susheel Vadlamudi, Smriti Gurung, and John Pham ECE Department, George Mason
More informationCompact Hardware Implementations of the SHA-3 Candidates ARIRANG, BLAKE, Grøstl, and Skein
Compact Hardware Implementations of the HA-3 Candidates ARIRANG, BLAKE, Grøstl, and kein tefan Tillich, Martin Feldhofer, Wolfgang Issovits, Thomas Kern, Hermann Kureck, Michael Mühlberghuber, Georg Neubauer,
More informationS. Erfani, ECE Dept., University of Windsor Network Security. All hash functions operate using the following general principles:
4.14 Simple Hash Functions All hash functions operate using the following general principles: a) The input string is viewed as a sequence of n-byte blocks. b) The input is processed one block at a time
More informationFPGA Based Design of AES with Masked S-Box for Enhanced Security
International Journal of Engineering Science Invention ISSN (Online): 2319 6734, ISSN (Print): 2319 6726 Volume 3 Issue 5ǁ May 2014 ǁ PP.01-07 FPGA Based Design of AES with Masked S-Box for Enhanced Security
More informationEfficient and Provably Secure Methods for Switching from Arithmetic to Boolean Masking
Efficient and Provably Secure Methods for Switching from Arithmetic to Boolean Masking Blandine Debraize Gemalto, 6 rue de la Verrerie, 92197 Meudon Cedex, France blandine.debraize@gemalto.com Abstract.
More informationPerformance enhancement of Blowfish and CAST-128 algorithms and Security analysis of improved Blowfish algorithm using Avalanche effect
244 Performance enhancement of Blowfish and CAST-128 algorithms and Security analysis of improved Blowfish algorithm using Avalanche effect Krishnamurthy G.N, Dr. V. Ramaswamy, Leela G.H and Ashalatha
More informationLecture 5. Cryptographic Hash Functions. Read: Chapter 5 in KPS
Lecture 5 Cryptographic Hash Functions Read: Chapter 5 in KPS 1 Purpose CHF one of the most important tools in modern cryptography and security CHF-s are used for many authentication, integrity, digital
More informationAvailable online at ScienceDirect. Procedia Technology 24 (2016 )
Available online at www.sciencedirect.com ScienceDirect Procedia Technology 24 (2016 ) 918 924 International Conference on Emerging Trends in Engineering, Science and Technology (ICETEST - 2015) Design
More informationFPGA Implementation of High Speed AES Algorithm for Improving The System Computing Speed
FPGA Implementation of High Speed AES Algorithm for Improving The System Computing Speed Vijaya Kumar. B.1 #1, T. Thammi Reddy.2 #2 #1. Dept of Electronics and Communication, G.P.R.Engineering College,
More informationDifferential-Linear Cryptanalysis of Serpent
Differential-Linear Cryptanalysis of Serpent Eli Biham 1, Orr Dunkelman 1, and Nathan Keller 2 1 Computer Science Department, Technion, Haifa 32000, Israel {biham,orrd}@cs.technion.ac.il 2 Mathematics
More informationUse of Embedded FPGA Resources in Implementations of Five Round Three SHA-3 Candidates
Use of Embedded FPGA Resources in Implementations of Five Round Three SHA-3 Candidates Malik Umar Sharif, Rabia Shahid, Marcin Rogawski, Kris Gaj Abstract In this paper, we present results of the comprehensive
More informationLow-cost hardware implementations of Salsa20 stream cipher in programmable devices
Journal of Polish Safety and Reliability Association Summer Safety and Reliability Seminars, Volume 4, Number 1, 2013 Wrocław University of Technology, Wrocław, Poland Low-cost hardware implementations
More informationArchitectures and FPGA Implementations of the. 64-bit MISTY1 Block Cipher
Architectures and FPGA Implementations of the 64-bit MISTY1 Block Cipher P. Kitsos *, M. D. Galanis, O. Koufopavlou VLSI Design Laboratory Electrical and Computer Engineering Department University of Patras,
More informationSponge-based pseudo-random number generators
Sponge-based pseudo-random number generators Guido Bertoni 1, Joan Daemen 1, Michaël Peeters 2, and Gilles Van Assche 1 1 STMicroelectronics 2 NXP Semiconductors Abstract. This paper proposes a new construction
More informationAES as A Stream Cipher
> AES as A Stream Cipher < AES as A Stream Cipher Bin ZHOU, Kris Gaj, Department of ECE, George Mason University Abstract This paper presents implementation of advanced encryption standard (AES) as a stream
More informationAES Core Specification. Author: Homer Hsing
AES Core Specification Author: Homer Hsing homer.hsing@gmail.com Rev. 0.1.1 October 30, 2012 This page has been intentionally left blank. www.opencores.org Rev 0.1.1 ii Revision History Rev. Date Author
More informationEvaluation of Hardware Performance for the SHA-3 Candidates Using SASEBO-GII
Evaluation of Hardware Performance for the SHA-3 Candidates Using SASEBO-GII Kazuyuki Kobayashi 1, Jun Ikegami 1, Shin ichiro Matsuo 2, Kazuo Sakiyama 1 and Kazuo Ohta 1 1 The University of Electro-Communications,
More informationKeccak specifications
Keccak specifications Guido Bertoni 1, Joan Daemen 1, Michaël Peeters 2 and Gilles Van Assche 1 1 STMicroelectronics 2 NXP Semiconductors http://keccak.noekeon.org/ Version 2 September 10, 2009 Keccak
More informationEfficient FPGA Implementations of PRINT CIPHER
Efficient FPGA Implementations of PRINT CIPHER 1 Tadashi Okabe Information Technology Group Tokyo Metropolitan Industrial Technology Research Institute, Tokyo, Japan Abstract This article presents field
More informationFuture Challenges for Lightweight Cryptography
Future Challenges for Lightweight Cryptography F.-X. Standaert UCL Crypto Group Crypto for 2020, Tenerife, January 2013 Outline 1 1. Past results 2. Future challenges 1. Block ciphers 2 TEA, NOEKEON, AES,
More informationChapter 2 Hardware Implementation of Hash Functions
Chapter 2 Hardware Implementation of Hash Functions Zhijie Shi, Chujiao Ma, Jordan Cote, and Bing Wang 2.1 Introduction to Cryptographic Hash Functions Hash algorithm is a type of cryptographic primitives.
More informationA High Speed Hardware Architecture for Universal Message. Authentication Code
A High Speed Hardware Architecture for Universal Message Authentication Code Bo Yang Ramesh Karri Department of Electrical and Computer Engineering Polytechnic University, Brooklyn, NY, 11201 yangbo@photon.poly.edu,
More informationNIST SHA-3 ASIC Datasheet
NIST SHA-3 ASIC Datasheet -- NIST SHA-3 Competition Five Finalists on a Chip (Version 1.1) Technology: IBM MOSIS 0.13µm CMR8SF-RVT Standard-Cell Library: ARM s Artisan SAGE-X V2.0 Area: 5mm 2 (Core: 1.656mm
More informationJaap van Ginkel Security of Systems and Networks
Jaap van Ginkel Security of Systems and Networks November 17, 2016 Part 3 Modern Crypto SSN Modern Cryptography Hashes MD5 SHA Secret key cryptography AES Public key cryptography DES Presentations Minimum
More informationHardware Accelerator for Stream Cipher Spritz
Hardware Accelerator for Stream Cipher Spritz by Debjyoti Bhattacharjee and Anupam Chattopadhyay School of Computer Science and Engineering (SCSE) 26-July-2016 Debjyoti Bhattacharjee and Anupam Chattopadhyay,
More informationLecture 2B. RTL Design Methodology. Transition from Pseudocode & Interface to a Corresponding Block Diagram
Lecture 2B RTL Design Methodology Transition from Pseudocode & Interface to a Corresponding Block Diagram Structure of a Typical Digital Data Inputs Datapath (Execution Unit) Data Outputs System Control
More informationECE 545 Lecture 8b. Hardware Architectures of Secret-Key Block Ciphers and Hash Functions. George Mason University
ECE 545 Lecture 8b Hardware Architectures of Secret-Key Block Ciphers and Hash Functions George Mason University Recommended reading K. Gaj and P. Chodowiec, FPGA and ASIC Implementations of AES, Chapter
More informationKeccak discussion. Soham Sadhu. January 9, 2012
Keccak discussion Soham Sadhu January 9, 2012 Keccak (pronounced like Ketchak ) is a cryptographic hash function designed by Guido Bertoni, Joan Daemen, Michaël Peeters and Gilles Van Assche. Keccak is
More informationSecret Key Algorithms (DES) Foundations of Cryptography - Secret Key pp. 1 / 34
Secret Key Algorithms (DES) Foundations of Cryptography - Secret Key pp. 1 / 34 Definition a symmetric key cryptographic algorithm is characterized by having the same key used for both encryption and decryption.
More informationPreimage attacks on the round-reduced Keccak with the aid of differential cryptanalysis
Preimage attacks on the round-reduced Keccak with the aid of differential cryptanalysis Pawe l Morawiecki 1,3, Josef Pieprzyk 2, Marian Srebrny 1,3, and Micha l Straus 1 1 Section of Informatics, University
More informationThe road from Panama to Keccak via RadioGatún
The road from Panama to Keccak via RadioGatún Guido Bertoni 1, Joan Daemen 1, Michaël Peeters 2 and Gilles Van Assche 1 1 STMicroelectronics 2 NXP Semiconductors Abstract. In this paper, we explain the
More informationComparison of the Hardware Performance of the AES Candidates Using Reconfigurable Hardware
Comparison of the Hardware Performance of the AES Candidates Using Reconfigurable Hardware Master s Thesis Pawel Chodowiec MS CpE Candidate, ECE George Mason University Advisor: Dr. Kris Gaj, ECE George
More informationThe Salsa20 Family of Stream Ciphers
The Salsa20 Family of Stream Ciphers Based on [Bernstein, 2008] Erin Hales, Gregor Matl, Simon-Philipp Merz Introduction to Cryptology November 13, 2017 From a security perspective, if you re connected,
More informationDocumentation. Design File Formats. Constraints Files. Verification. Slices 1 IOB 2 GCLK BRAM
DES and DES3 Encryption Engine (MC-XIL-DES) May 19, 2008 Product Specification AllianceCORE Facts 10805 Rancho Bernardo Road Suite 110 San Diego, California 92127 USA Phone: (858) 385-7652 Fax: (858) 385-7770
More informationGroestl Tweaks and their Effect on FPGA Results
Groestl Tweaks and their Effect on FPGA Results Marcin Rogawski and Kris Gaj George Mason University {kgaj, mrogawsk}@gmu.edu Abstract. In January 2011, Groestl team published tweaks to their specification
More informationHash Function. Guido Bertoni Luca Breveglieri. Fundations of Cryptography - hash function pp. 1 / 18
Hash Function Guido Bertoni Luca Breveglieri Fundations of Cryptography - hash function pp. 1 / 18 Definition a hash function H is defined as follows: H : msg space digest space the msg space is the set
More informationSharing Resources Between AES and the SHA-3 Second Round Candidates Fugue and Grøstl
Sharing Resources Between AES and the SHA-3 Second Round Candidates Fugue and Grøstl Kimmo Järvinen Department of Information and Computer Science Aalto University, School of Science and Technology Espoo,
More informationEFFICIENT RECURSIVE IMPLEMENTATION OF A QUADRATIC PERMUTATION POLYNOMIAL INTERLEAVER FOR LONG TERM EVOLUTION SYSTEMS
Rev. Roum. Sci. Techn. Électrotechn. et Énerg. Vol. 61, 1, pp. 53 57, Bucarest, 016 Électronique et transmission de l information EFFICIENT RECURSIVE IMPLEMENTATION OF A QUADRATIC PERMUTATION POLYNOMIAL
More informationImplementation and Comparative Analysis of AES as a Stream Cipher
Implementation and Comparative Analysis of AES as a Stream Cipher Bin ZHOU, Yingning Peng Dept. of Electronic Engineering, Tsinghua University, Beijing, China, 100084 e-mail: zhoubin06@mails.tsinghua.edu.cn
More informationDesign of an Efficient Architecture for Advanced Encryption Standard Algorithm Using Systolic Structures
Design of an Efficient Architecture for Advanced Encryption Standard Algorithm Using Systolic Structures 1 Suresh Sharma, 2 T S B Sudarshan 1 Student, Computer Science & Engineering, IIT, Khragpur 2 Assistant
More informationSLICED: Slide-based concurrent error detection technique for symmetric block ciphers
SLICED: Slide-based concurrent error detection technique for symmetric block ciphers Abstract Fault attacks, wherein faults are deliberately injected into cryptographic devices, can compromise their security.
More informationHardware RSA Accelerator. Group 3: Ariel Anders, Timur Balbekov, Neil Forrester
Hardware RSA Accelerator Group 3: Ariel Anders, Timur Balbekov, Neil Forrester May 15, 2013 Contents 1 Background 1 1.1 RSA Algorithm.......................... 1 1.1.1 Definition of Variables for the RSA
More informationRC-6 CRYPTOSYSTEM IN VHDL. BY:- Deepak Singh Samant
RC-6 CRYPTOSYSTEM IN VHDL BY:- Deepak Singh Samant OBJECTIVE: TO IMPLEMENT A CRYPTOSYSTEM USING RIVEST CIPHER-6 (RC6) ALGORITHM IN VHDL(FPGA) What is CRYPTOLOGY? CRYPTOGRAPHY is the art and science of
More informationSHA-3 vs the world. David Wong
SHA-3 vs the world David Wong Sneru MD4 Sneru MD4 Sneru MD4 MD5 Merkle Damgård SHA-1 SHA-2 Sneru MD4 MD5 Merkle Damgård SHA-1 SHA-2 Sneru MD4 MD5 Merkle Damgård SHA-1 SHA-2 Sneru MD4 MD5 Merkle Damgård
More informationImplementation of Full -Parallelism AES Encryption and Decryption
Implementation of Full -Parallelism AES Encryption and Decryption M.Anto Merline M.E-Commuication Systems, ECE Department K.Ramakrishnan College of Engineering-Samayapuram, Trichy. Abstract-Advanced Encryption
More informationin a 4 4 matrix of bytes. Every round except for the last consists of 4 transformations: 1. ByteSubstitution - a single non-linear transformation is a
Cryptanalysis of Reduced Variants of Rijndael Eli Biham Λ Nathan Keller y Abstract Rijndael was submitted to the AES selection process, and was later selected as one of the five finalists from which one
More informationDierential-Linear Cryptanalysis of Serpent? Haifa 32000, Israel. Haifa 32000, Israel
Dierential-Linear Cryptanalysis of Serpent Eli Biham, 1 Orr Dunkelman, 1 Nathan Keller 2 1 Computer Science Department, Technion. Haifa 32000, Israel fbiham,orrdg@cs.technion.ac.il 2 Mathematics Department,
More informationPOMELO A Password Hashing Algorithm (Version 2)
POMELO A Password Hashing Algorithm (Version 2) Designer and Submitter: Hongjun Wu Division of Mathematical Sciences Nanyang Technological University wuhongjun@gmail.com 2015.01.31 Contents 1 Specifications
More informationIMPLEMENTATION OF SHA-256 ALGORITHM IN FPGA BASED PROCESSOR
IMPLEMENTATION OF SHA-256 ALGORITHM IN FPGA BASED PROCESSOR SOUNDARYA.J PG SCHOLAR, 1 SRI SHAKTHI INSTITUTEOF ENG AND TECH, COIMBATORE-641062. Abstract: Hash functions play a significant role in today's
More informationECE646 Project Final Report: Towards an Area-Constrained Implementation of the SHA-3 Final Round Keccak Algorithm. Project by Kim Turley
ECE646 Project Final Report: Towards an Area-Constrained Implementation of the SHA-3 Final Round Keccak Algorithm Project by Kim Turley Project Overview Goal: To explore in detail the elements of an areaconstrained
More informationA unified architecture of MD5 and RIPEMD-160 hash algorithms
Title A unified architecture of MD5 and RIPMD-160 hash algorithms Author(s) Ng, CW; Ng, TS; Yip, KW Citation The 2004 I International Symposium on Cirquits and Systems, Vancouver, BC., 23-26 May 2004.
More informationCryptography Functions
Cryptography Functions Lecture 3 1/29/2013 References: Chapter 2-3 Network Security: Private Communication in a Public World, Kaufman, Perlman, Speciner Types of Cryptographic Functions Secret (Symmetric)
More informationFPGA Implementation and Evaluation of lightweight block cipher - BORON
FPGA Implementation and Evaluation of lightweight block cipher - BORON 1 Tadashi Okabe 1 Information Technology Group, Tokyo Metropolitan Industrial Technology Research Institute, Tokyo, Japan Abstract
More informationAn FPGA Implementation and Performance Evaluation of the Serpent Block Cipher
An GA Implementation and Performance Evaluation of the Serpent Block Cipher AJ Elbirt 1, C Paar 2 Electrical and Computer Engineering Department Worcester Polytechnic Institute 100 Institute Road Worcester,
More informationUsing Error Detection Codes to detect fault attacks on Symmetric Key Ciphers
Using Error Detection Codes to detect fault attacks on Symmetric Key Ciphers Israel Koren Department of Electrical and Computer Engineering Univ. of Massachusetts, Amherst, MA collaborating with Luca Breveglieri,
More informationVLSI ARCHITECTURE FOR NANO WIRE BASED ADVANCED ENCRYPTION STANDARD (AES) WITH THE EFFICIENT MULTIPLICATIVE INVERSE UNIT
VLSI ARCHITECTURE FOR NANO WIRE BASED ADVANCED ENCRYPTION STANDARD (AES) WITH THE EFFICIENT MULTIPLICATIVE INVERSE UNIT K.Sandyarani 1 and P. Nirmal Kumar 2 1 Research Scholar, Department of ECE, Sathyabama
More informationSecurity Applications
1. Introduction Security Applications Abhyudaya Chodisetti Paul Wang Lee Garrett Smith Cryptography applications generally involve a large amount of processing. Thus, there is the possibility that these
More informationAppendix K SHA-3. William Stallings
Appendix K SHA-3 William Stallings K.1 THE ORIGINS OF SHA-3... 2 K.2 EVALUATION CRITERIA FOR SHA-3... 4 K.3 THE SPONGE CONSTRUCTION... 6 K.4 THE SHA-3 ITERATION FUNCTION f... 13 Structure of f... 14 Theta
More informationCONSIDERATIONS ON HARDWARE IMPLEMENTATIONS OF ENCRYPTION ALGORITHMS
CONSIDERATIONS ON HARDWARE IMPLEMENTATIONS OF ENCRYPTION ALGORITHMS Ioan Mang University of Oradea, Faculty of Electrotechnics and Informatics, Computer Science Department, 3, Armatei Romane Str., 3700
More informationSecret Key Algorithms (DES)
Secret Key Algorithms (DES) G. Bertoni L. Breveglieri Foundations of Cryptography - Secret Key pp. 1 / 34 Definition a symmetric key cryptographic algorithm is characterized by having the same key used
More informationFAULT DETECTION IN THE ADVANCED ENCRYPTION STANDARD. G. Bertoni, L. Breveglieri, I. Koren and V. Piuri
FAULT DETECTION IN THE ADVANCED ENCRYPTION STANDARD G. Bertoni, L. Breveglieri, I. Koren and V. Piuri Abstract. The AES (Advanced Encryption Standard) is an emerging private-key cryptographic system. Performance
More information