A High-Speed Unified Hardware Architecture for AES and the SHA-3 Candidate Grøstl
|
|
- Blaise Jennings
- 6 years ago
- Views:
Transcription
1 A High-Speed Unified Hardware Architecture for AES and the SHA-3 Candidate Grøstl Marcin Rogawski Kris Gaj Cryptographic Engineering Research Group (CERG) Department of ECE, Volgenau School of Engineering, George Mason University, Fairfax, VA, USA 5th EUROMICRO Conference on Digital System Design DSD 2 DSD 2 M.Rogawski, K. Gaj A High-Speed Unified Hardware Architecture... / 43
2 Outline Introduction Introduction DSD 2 M.Rogawski, K. Gaj A High-Speed Unified Hardware Architecture... 2 / 43
3 Motivation: SHA-3 Contriution Introduction Related work Methodology SHA-3 Competition and evaluation criteria (security, software and hardware performance, flexiility) Final round candidates: Blake, Grøstl, JH, Keccak, Skein NIST wepage: NIST also plans to (...) select the SHA-3 winner later in 22. DSD 2 M.Rogawski, K. Gaj A High-Speed Unified Hardware Architecture... 3 / 43
4 Motivation: Application to IPSec Introduction Related work Methodology Protocol Security Service Provided ESP confidentiality, integrity, and data origin authentication AH integrity and data origin authentication IKE negotiates connection parameters Supported Algorithms e.g.: (AES-CTR or AES-CBC) and (HMAC-SHA or AES- XCBC-MAC) e.g.: HMAC-SHA or AES- XCBC-MAC e.g.: DH and AES-PRNG DSD 2 M.Rogawski, K. Gaj A High-Speed Unified Hardware Architecture... 4 / 43
5 Introduction Related work Methodology Motivation: SHA-3 Competition (round 3) - Comprehensive studies Software enchmarking General CPUs: ebash - Bernstein and Lange Microcontrollers: XBX - Wenzel-Benner and Gräf Hardware enchmarking ASICs: Guo et al. DSD, DATE 2, Gürkaynak et al. SHA-3 2 FPGA high-speed: Homsirikamol et al. CHES, Mahoo et al. SHA-3 2 FPGA high-speed: (emedded-resources) Sharif et al. ECRYPT II, Shahid et al. FPT FPGA low-area: Kerckhof et al. CARDIS, Kaps et al. Indocrypt, Jungk et al. ReConFig DSD 2 M.Rogawski, K. Gaj A High-Speed Unified Hardware Architecture... 5 / 43
6 Introduction Related work Methodology Motivation: SHA-3 candidates - Unique Features Hash function mode of operation: Skein in tree hash mode: Schorr et al. ReConFig Hash function and lock cipher in a single core: Skein and Threefish: At et al. NTMS 2 Fugue (round 2) and AES: Järvinen SHA-3 Grøstl- (round 2) and AES: Järvinen SHA-3 Grøstl (round 3) and AES: [This work] DSD 2 M.Rogawski, K. Gaj A High-Speed Unified Hardware Architecture... 6 / 43
7 Methodology /2 Introduction Introduction Related work Methodology Grøstl - Homsirikamol et al. (CHES ), AES - (Cryptographic Engineering ch.) - starting points source_codes A for authenticated encryption ased on HMAC-Grøstl and AES-CTR mode FIFO-ased interface Long messages analysis - comparison to existing designs Short messages analysis - application for IPSec (up to 536 ytes) DSD 2 M.Rogawski, K. Gaj A High-Speed Unified Hardware Architecture... 7 / 43
8 Methodology 2/2 Introduction Introduction Related work Methodology High-speed FPGA devices: Altera (Stratix III and Stratix IV) and Xilinx (Virtex-5 and Virtex-6) Low-cost 65nm Altera Cyclone III (previous work comparison) Altera Quartus. and Xilinx ISE 3. ATHENa Automated Tool for Hardware EvaluatioN Benchmarking open-source tool, written in Perl, aimed at an AUTOMATED generation of OPTIMIZED results for MULTIPLE hardware platforms Currently under development at George Mason University. 3" DSD 2 M.Rogawski, K. Gaj A High-Speed Unified Hardware Architecture... 8 / 43
9 Block cipher in Counter mode AES and Grøstl applications AES and Grøstl differences AES and Grøstl together Initialization vector Counter M#(i) Key Block cipher C#(i) +(n ) M#(i+n ) Key Block cipher C#(i+n ) DSD 2 M.Rogawski, K. Gaj A High-Speed Unified Hardware Architecture... 9 / 43
10 AES and Grøstl applications AES and Grøstl differences AES and Grøstl together Hash-ased message authentication code (HMAC) select hkey hkey ipad hkey ipad data H( hkey ipad data ) hkey opad hkey opad H( hkey ipad data ) H( hkey opad H( hkey ipad data )) MAC(data) t= leftmost t ytes of H( hkey opad H( hkey ipad data )) DSD 2 M.Rogawski, K. Gaj A High-Speed Unified Hardware Architecture... / 43
11 AES and Grøstl rounds AES round input AddRoundKey SuBytes ShiftRows MixColumns output last output Groestl 256: s=52 defined. Groestl 52: s=24 AES and Grøstl applications AES and Grøstl Figure similarities : The Grøstl hash function. AES and Grøstl differences AES and Grøstl together 3.2 The compression function construction The compression function f is ased on two underlying l-it permutatio defined as follows: Groestl P/Q transformation f(h, m) =P (h m) Q(m) h. The construction input of f is illustrated in Figure 2. In Section 3.4, we descri s h m AddRoundConstant SuBytes ShiftBytes MixBytes Tweaks on Grøstl (P and Q differences): s P Q Figure 2: The compression function f. P and Q are l-it perm output 3.3 The output transformation Let trunc n (x) e the operation that discards all ut the trailing n its of transformation Ω is defined as Ω(x) =trunc n (P (x) x). DSD 2 M.Rogawski, K. Gaj A High-Speed Unified Hardware Architecture... / 43 f
12 Grøstl s hardware architectures AES and Grøstl applications AES and Grøstl differences AES and Grøstl together Parallel Architecture msg Basic Iterative Architecture Jarvinen 2 msg Quasi-Pipelined Architecture msg IV "" P Q P/Q IV P/Q # IV "" P/Q #2 digest digest digest DSD 2 M.Rogawski, K. Gaj A High-Speed Unified Hardware Architecture... 2 / 43
13 AES- and Grøstl-256 AES and Grøstl applications AES and Grøstl differences AES and Grøstl together Grøstl-256 AES- functionality hash function lock cipher rounds lock size 52 finalization yes no 2 data pipes doule (P and Q) single 3 Comments: four instances of AES in parallel needed (non-feedack modes only), 2 Grøstl s output transformation (finalization) will affect short messages throughput, 3 Grøstl s quasi-pipelined architecture has to e used. DSD 2 M.Rogawski, K. Gaj A High-Speed Unified Hardware Architecture... 3 / 43
14 AES/Grøstl together Introduction AES and Grøstl applications AES and Grøstl differences AES and Grøstl together Groestl 256 : =52, AES, ks= Groestl 52 : =24, AES 256, ks=256 Groestl din 64 SIPO Main Key AES #i ks Key Expansion unit Counter Last RdSuKey din IV AddRoundKey SuBytes ShiftRows h h /2 /2.. PISO sel_p/q AddConstant SuBytes MixColumn dout 64 dout sel_p/q ShiftBytes MixBytes DSD 2 M.Rogawski, K. Gaj A High-Speed Unified Hardware Architecture... 4 / 43
15 AES/Grøstl together - SuBytes AES and Grøstl applications AES and Grøstl differences AES and Grøstl together Groestl 256 : =52, AES, ks= Groestl 52 : =24, AES 256, ks=256 Main Key ks Key Expansion unit Counter AddRoundKey SuBytes ShiftRows MixColumn Last RdSuKey AES #i din dout Groestl IV h h /2 /2.. PISO 64 dout sel_p/q sel_p/q din 64 SIPO AddConstant SuBytes ShiftBytes MixBytes DSD 2 M.Rogawski, K. Gaj A High-Speed Unified Hardware Architecture... 5 / 43
16 AES and Grøstl applications AES and Grøstl differences AES and Grøstl together AES/Grøstl together - ShiftRows/ShiftBytes Groestl 256 : =52, AES, ks= Groestl 52 : =24, AES 256, ks=256 Main Key ks Key Expansion unit 2 Counter AddRoundKey SuBytes ShiftRows MixColumn Last RdSuKey AES #i din dout Groestl IV h h /2.. PISO /2 64 dout din 64 SIPO sel_p/q AddConstant SuBytes sel_p/q ShiftBytes 2 ShiftRows MixBytes DSD 2 M.Rogawski, K. Gaj A High-Speed Unified Hardware Architecture... 6 / 43
17 AES and Grøstl applications AES and Grøstl differences AES and Grøstl together AES/Grøstl together - AddRoundKey/AddConstant Groestl 256 : =52, AES, ks= Groestl 52 : =24, AES 256, ks=256 Main Key AES #i Groestl din 64 SIPO ks Key Expansion unit Counter Last RdSuKey din IV 2 AddRoundKey 3 SuBytes ShiftRows h h /2 /2.. PISO 3 AddConstant AddRoundKey sel_p/q SuBytes MixBytes 64 MixColumn dout dout sel_p/q ShiftBytes 2 ShiftRows DSD 2 M.Rogawski, K. Gaj A High-Speed Unified Hardware Architecture... 7 / 43
18 AES and Grøstl applications AES and Grøstl differences AES and Grøstl together AES/Grøstl together - MixColumn/MixBytes Groestl 256 : =52, AES, ks= Groestl 52 : =24, AES 256, ks=256 Main Key AES #i Groestl din 64 SIPO ks Key Expansion unit 2 Counter AddRoundKey 3 SuBytes ShiftRows MixColumn 4 Last RdSuKey din dout IV 3 AddConstant AddRoundKey h sel_p/q h /2 /2.. SuBytes 4 PISO 64 dout 2 sel_p/q ShiftBytes ShiftRows Shared MixBytes DSD 2 M.Rogawski, K. Gaj A High-Speed Unified Hardware Architecture... 8 / 43
19 AES and Grøstl applications AES and Grøstl differences AES and Grøstl together AES/Grøstl together - AES last round Groestl 256 : =52, AES, ks= Groestl 52 : =24, AES 256, ks=256 Main Key AES #i Groestl din 64 SIPO ks Key Expansion unit 2 Counter AddRoundKey 3 SuBytes ShiftRows MixColumn 4 Last RdSuKey 5 din dout h IV h /2.. /2 PISO 64 dout sel_p/q AddConstant sel_p/q ShiftBytes SuBytes 3 AddRoundKey 2 ShiftRows 4 Shared MixBytes 5 DSD 2 M.Rogawski, K. Gaj A High-Speed Unified Hardware Architecture... 9 / 43
20 AES and Grøstl applications AES and Grøstl differences AES and Grøstl together AES/Grøstl together - 3rd pipeline stage Groestl 256 : =52, AES, ks= Groestl 52 : =24, AES 256, ks=256 Main Key AES #i Groestl din 64 SIPO ks Key Expansion unit 2 Counter AddRoundKey 3 SuBytes ShiftRows 6 MixColumn 4 Last RdSuKey 5 din dout h IV h /2.. /2 PISO 64 dout sel_p/q AddConstant sel_p/q ShiftBytes SuBytes 3 AddRoundKey 2 ShiftRows 4 Shared MixBytes 6 5 DSD 2 M.Rogawski, K. Gaj A High-Speed Unified Hardware Architecture... 2 / 43
21 AES and Grøstl applications AES and Grøstl differences AES and Grøstl together AES/Grøstl together - The Counter from AES-CTR Groestl 256 : =52, AES, ks= Groestl 52 : =24, AES 256, ks=256 Main Key AES #i ks Groestl 64 din Counter SIPO 7 Key Expansion unit 7 Counter Last RdSuKey din IV 6 AddRoundKey 3 SuBytes 2 ShiftRows 5 h h /2.. /2 PISO AddConstant sel_p/q SuBytes 3 AddRoundKey 4 Shared MixBytes 6 5 MixColumn 4 dout 64 dout sel_p/q ShiftBytes 2 ShiftRows DSD 2 M.Rogawski, K. Gaj A High-Speed Unified Hardware Architecture... 2 / 43
22 AES and Grøstl applications AES and Grøstl differences AES and Grøstl together AES/Grøstl together - The AES Key Expansion Unit Groestl 256 : =52, AES, ks= Groestl 52 : =24, AES 256, ks=256 Main Key AES #i Groestl 64 din Counter SIPO +ks 7 ks ks 8 Key Expansion unit 7 Counter Last RdSuKey din IV 8 Key Expansion unit 6 AddRoundKey 3 SuBytes 2 ShiftRows 5 h h /2.. /2 PISO AddConstant sel_p/q SuBytes AddRoundKey 3 4 Shared MixBytes 6 5 MixColumn 4 dout 64 dout sel_p/q ShiftBytes 2 ShiftRows DSD 2 M.Rogawski, K. Gaj A High-Speed Unified Hardware Architecture / 43
23 AES and Grøstl applications AES and Grøstl differences AES and Grøstl together AES/Grøstl together - Proposed Design All uses are -it wide unless specified otherwise. Groestl 256 : =52 Groestl 52 : =24 AES: ks=/4 din 64 SIPO +ks ctr 2 ks ks x /2 LastRdSuKey IV 2 R ks KeyExpansion RdSuKey LastRdSuKey R3 R4 h PISO 64 dout AddRoundConstant AddRoundKey R2 SuBytes R SharedMixBytes ShiftBytes ShiftRows DSD 2 M.Rogawski, K. Gaj A High-Speed Unified Hardware Architecture / 43
24 Inner Pipelining (Receiver side) Inner Pipelining High-level scheduling lock I #(i) cycle: R: Q() P() A() Q() P() A()... A(9) I Q() P() R: I Q() P() A() Q() P()... P(9) A(9) I Q() R2: A(9) I Q() P() A() Q()... Q(9) P(9) A(9) I lock I #(i) DSD 2 M.Rogawski, K. Gaj A High-Speed Unified Hardware Architecture / 43
25 Core Interface 2. Typical scenario Introduction accepted y the destination circuit at the next rising edge of the clock. Active HIGH. Inner Pipelining High-level scheduling In a typical scenario, the SHA core is assumed to e surrounded y two standard FIFO modules: Input FIFO and Output FIFO, as shown in Fig. 2. Fig. 2: A typical configuration of a SHA core connected to two surrounding FIFOs. The Input FIFO serves as a source of input data, and the Output FIFO as a destination for output data. DSD 2 M.Rogawski, K. Gaj A High-Speed Unified Hardware Architecture / 43
26 High-level scheduling Introduction Inner Pipelining High-level scheduling Receiver Input Interface I# idle key I# idle I#2 idle I#3... idle I#m+ idle Computational Unit Groestl(I#) AES(idle) Groestl(I#) AES(I#) Groestl(I#2) AES(I#2)... Groestl(I#m) AES(I#m) Groestl(I#m+) Groestl(I#m+2) AES(idle) AES(idle) Output Interface idle O# idle... O#m idle O#m idle HMAC (I ) I# = ipad hkey Ciphertext = I#, I#2,..., I#m I#m+ = opad hkey Plaintext = O#, O#2,..., O#m I#m+2 = H(ipad hkey I) HMAC(I) - HMAC value for a given ciphertext I Sender Groestl-256: 52-it input lock Groestl-52: 24-it input lock Input Interface I# idle I# idle I#2 idle I#3 key... idle I#m+ idle Computational Unit AES(idle) Groestl(I#) AES(I#) AES(I#2)... AES(idle) AES(idle) Groestl(idle) Groestl(O#) Groestl(O#m) Groestl(I#m+) AES(idle) Groestl(I#m+2) Output Interface idle O# idle... O#m idle HMAC (O) I# = ipad hkey Plaintext = I#, I#2,..., I#m I#m+ = opad hkey Ciphertext = O#, O#2,..., O#m I#m+2 = H(ipad hkey O) HMAC(O) - HMAC value for a given ciphertext O Groestl-256: 52-it input lock Groestl-52: 24-it input lock DSD 2 M.Rogawski, K. Gaj A High-Speed Unified Hardware Architecture / 43
27 Throughput for long messages Inner Pipelining High-level scheduling throughput = locksize T (Time HE (N + ) Time HE (N)) () throughput long = locksize cycles T (2) HMAC-Grøstl-256 and AES--CTR core parameters: lock size = 52, cycles = 3 Time HE (i) - time for Hash/Encryption process of i-th lock of data DSD 2 M.Rogawski, K. Gaj A High-Speed Unified Hardware Architecture / 43
28 Inner Pipelining High-level scheduling HMAC-Grøstl - Throughput for short messages throughput HMAC/Grøstl throughput Grøstl = #locks 5 + #locks (3) select hkey hkey hkey ipad ipad data H( hkey ipad data ) 4 throughput = locksize #locks (5 + #locks) (cycles T ) (4) hkey opad 2 hkey ipad data hkey opad H( ) H( hkey opad H( hkey ipad data )) MAC(data) t= leftmost t ytes of hkey opad H( hkey ipad data H( )) 3 5 Five additional locks come from: Two HMAC-Key injections [-2], first hashing result [3], Grøstl finalization operation [4-5]. DSD 2 M.Rogawski, K. Gaj A High-Speed Unified Hardware Architecture / 43
29 Comparison to Järvinen design High-Speed FPGA results Comparison to Järvinen on Cyclone III - Area DSD 2 M.Rogawski, K. Gaj A High-Speed Unified Hardware Architecture / 43
30 Comparison to Järvinen design High-Speed FPGA results Comparison to Järvinen on Cyclone III - Frequency DSD 2 M.Rogawski, K. Gaj A High-Speed Unified Hardware Architecture... 3 / 43
31 Comparison to Järvinen design High-Speed FPGA results Comparison to Järvinen on Cyclone III - Throughput DSD 2 M.Rogawski, K. Gaj A High-Speed Unified Hardware Architecture... 3 / 43
32 Comparison to Järvinen design High-Speed FPGA results Comparison to Järvinen on Cyclone III - Throughput/Area DSD 2 M.Rogawski, K. Gaj A High-Speed Unified Hardware Architecture / 43
33 High-Speed FPGA - Area Comparison to Järvinen design High-Speed FPGA results DSD 2 M.Rogawski, K. Gaj A High-Speed Unified Hardware Architecture / 43
34 High-Speed FPGA - Frequency Comparison to Järvinen design High-Speed FPGA results DSD 2 M.Rogawski, K. Gaj A High-Speed Unified Hardware Architecture / 43
35 Comparison to Järvinen design High-Speed FPGA results High-Speed FPGA - Throughput for long messages DSD 2 M.Rogawski, K. Gaj A High-Speed Unified Hardware Architecture / 43
36 HMAC-Grøstl for short messages Comparison to Järvinen design High-Speed FPGA results DSD 2 M.Rogawski, K. Gaj A High-Speed Unified Hardware Architecture / 43
37 Introduction with 3 pipeline stages pays relatively small penalty in terms of extra circuitry (+3% in Virtex-5) and throughput drop (-29% in Virtex-5) Proposed coprocessor can e used directly for IPSec HMAC-Grøstl with AES-CTR and possily any non-feedack mode It can e implemented even on the smallest device in high-speed families from Altera (Stratix-III, Stratix-IV) and Xilinx (Virtex-5 and Virtex-6) Altera Cyclone III-ased coprocessor outperform alternative design y 57% and % in case of authenticated encryption (ESP) and authentication (AH), respectively Grøstl s similarity to AES will e eneficiary in hardware in case of SHA-3 Grøstl DSD 2 M.Rogawski, K. Gaj A High-Speed Unified Hardware Architecture / 43
38 Thank you! Introduction Thank you! Questions? Questions? CERG: Our resources: CERG: ATHENa: ATHENa: ATHENaDB: 44 DSD 2 M.Rogawski, K. Gaj A High-Speed Unified Hardware Architecture / 43
39 Backup slides Introduction Backup slides from here DSD 2 M.Rogawski, K. Gaj A High-Speed Unified Hardware Architecture / 43
40 AES/Grøstl together - Shared MixBytes AES i[7] 8 x2 m[7][5] x3 m[7][4] x4 m[7][3] x5 m[7][2] x7 m[7][] i[6] i[] 8 8 cm #6 cm # m[6][5..] m[][5..] i[7..] 64 it input to MixColumn/MixBytes o[7..] 64 it output from MixColumn/MixBytes a[7..] 64 it output from MixColumn g[7..] 64 it output from MixBytes m[i][5..] i th yte results of multiplication y constants m[7][4..] m[][4..] 4 4 Network of XORs in Groestl MixBytes cm #7 m[7][] 48 Groestl g[7] g[] m[7][5..] m[7][5..3] m[5][5..3] m[3][5..3] m[][5..3] m[6][5..3] m[4][5..3] m[2][5..3] m[][5..3] 6 6 a[7..] g[7..] Network of XORs in AES MixColumn Network of XORs in AES MixColumn 64 a[7] a[4] a[3] a[] o[7..] DSD 2 M.Rogawski, K. Gaj A High-Speed Unified Hardware Architecture... 4 / 43
41 Comparison to Groestl and 2xAES-CTR Separately on Cyclone III - Throughput DSD 2 M.Rogawski, K. Gaj A High-Speed Unified Hardware Architecture... 4 / 43
42 Comparison to Groestl and 2xAES-CTR Separately on Cyclone III - Area DSD 2 M.Rogawski, K. Gaj A High-Speed Unified Hardware Architecture / 43
43 Comparison to Groestl and 2xAES-CTR Separately on Cyclone III - Throughput/Area DSD 2 M.Rogawski, K. Gaj A High-Speed Unified Hardware Architecture / 43
Use of Embedded FPGA Resources in Implementations of Five Round Three SHA-3 Candidates
Use of Embedded FPGA Resources in Implementations of Five Round Three SHA-3 Candidates Malik Umar Sharif, Rabia Shahid, Marcin Rogawski and Kris Gaj George Mason University, USA Agenda SHA-3 High Speed
More informationA High-Speed Unified Hardware Architecture for the AES and SHA-3 Candidate Grøstl
A High-Speed Unified Hardware Architecture for the AES and SHA-3 Candidate Grøstl Marcin Rogawski and Kris Gaj Volgenau School of Engineering George Mason University Fairfax, Virginia 22030 email: {mrogawsk,
More informationImplementation & Benchmarking of Padding Units & HMAC for SHA-3 candidates in FPGAs & ASICs
Implementation & Benchmarking of Padding Units & HMAC for SHA-3 candidates in FPGAs & ASICs Ambarish Vyas Cryptographic Engineering Research Group (CERG) http://cryptography.gmu.edu Department of ECE,
More informationLightweight Implementations of SHA-3 Candidates on FPGAs
Lightweight of SHA-3 Candidates on FPGAs Jens-Peter Kaps Panasayya Yalla Kishore Kumar Surapathi Bilal Habib Susheel Vadlamudi Smriti Gurung John Pham Cryptographic Engineering Research Group (CERG) http://cryptography.gmu.edu
More informationSharing Resources Between AES and the SHA-3 Second Round Candidates Fugue and Grøstl
Sharing Resources Between AES and the SHA-3 Second Round Candidates Fugue and Grøstl Kimmo Järvinen Department of Information and Computer Science Aalto University, School of Science and Technology Espoo,
More information!"#$%&'()*+%&,-%&.*/.&0"&#%(1.*"0* 2+345*!%(,',%6.7*87'()*9/:37* :."&).*A%7"(*8('B.&7'6=* 8C2C3C*
!"#$%&'()*+%&,-%&.*/.&0"&#%(1.*"0* 2+345*!%(,',%6.7*87'()*9/:37* ;&
More informationGroestl Tweaks and their Effect on FPGA Results
Groestl Tweaks and their Effect on FPGA Results Marcin Rogawski and Kris Gaj George Mason University {kgaj, mrogawsk}@gmu.edu Abstract. In January 2011, Groestl team published tweaks to their specification
More informationUse of Embedded FPGA Resources in Implementa:ons of 14 Round 2 SHA- 3 Candidates
Use of Embedded FPGA Resources in Implementa:ons of 14 Round 2 SHA- 3 Candidates Kris Gaj, Rabia Shahid, Malik Umar Sharif, and Marcin Rogawski George Mason University U.S.A. Co-Authors Rabia Shahid Malik
More informationUse of Embedded FPGA Resources in Implementations of Five Round Three SHA-3 Candidates
Use of Embedded FPGA Resources in Implementations of Five Round Three SHA-3 Candidates Malik Umar Sharif, Rabia Shahid, Marcin Rogawski, Kris Gaj Abstract In this paper, we present results of the comprehensive
More informationLow-Area Implementations of SHA-3 Candidates
Jens-Peter Cryptographic Engineering Research Group (CERG) http://cryptography.gmu.edu Department of ECE, Volgenau School of IT&E, George Mason University, Fairfax, VA, USA SHA-3 Project Review Meeting
More informationVivado HLS Implementation of Round-2 SHA-3 Candidates
Farnoud Farahmand ECE 646 Fall 2015 Vivado HLS Implementation of Round-2 SHA-3 Candidates Introduction NIST announced a public competition on November 2007 to develop a new cryptographic hash algorithm,
More informationECE 545 Lecture 8b. Hardware Architectures of Secret-Key Block Ciphers and Hash Functions. George Mason University
ECE 545 Lecture 8b Hardware Architectures of Secret-Key Block Ciphers and Hash Functions George Mason University Recommended reading K. Gaj and P. Chodowiec, FPGA and ASIC Implementations of AES, Chapter
More informationHardware Benchmarking of Cryptographic Algorithms Using High-Level Synthesis Tools: The SHA-3 Contest Case Study
Hardware Benchmarking of Cryptographic Algorithms Using High-Level Synthesis Tools: The SHA-3 Contest Case Study Ekawat Homsirikamol and Kris Gaj Volgenau School of Engineering George Mason University
More informationFair and Comprehensive Methodology for Comparing Hardware Performance of Fourteen Round Two SHA-3 Candidates using FPGAs
Fair and Comprehensive Methodology for Comparing Hardware Performance of Fourteen Round Two SHA-3 Candidates using FPGAs Kris Gaj, Ekawat Homsirikamol, and Marcin Rogawski ECE Department, George Mason
More informationAES as A Stream Cipher
> AES as A Stream Cipher < AES as A Stream Cipher Bin ZHOU, Kris Gaj, Department of ECE, George Mason University Abstract This paper presents implementation of advanced encryption standard (AES) as a stream
More informationComparing Hardware Performance of Fourteen Round Two SHA-3 Candidates Using FPGAs
Comparing Hardware Performance of Fourteen Round Two SHA-3 Candidates Using FPGAs Ekawat Homsirikamol Marcin Rogawski Kris Gaj George Mason University ehomsiri, mrogawsk, kgaj@gmu.edu Last revised: Decemer
More informationHigh-Speed Hardware for NTRUEncrypt-SVES: Lessons Learned Malik Umar Sharif, and Kris Gaj George Mason University USA
High-Speed Hardware for NTRUEncrypt-SVES: Lessons Learned Malik Umar Sharif, and Kris Gaj George Mason University USA Partially supported by NIST under grant no. 60NANB15D058 1 Co-Author Malik Umar Sharif
More informationOn Optimized FPGA Implementations of the SHA-3 Candidate Grøstl
On Optimized FPGA Implementations of the SHA-3 Candidate Grøstl Bernhard Jungk, Steffen Reith, and Jürgen Apfelbeck Fachhochschule Wiesbaden University of Applied Sciences {jungk reith}@informatik.fh-wiesbaden.de
More informationVersion 2.0, November 11, Stefan Tillich, Martin Feldhofer, Mario Kirschbaum, Thomas Plos, Jörn-Marc Schmidt, and Alexander Szekely
High-Speed Hardware Implementations of BLAKE, Blue Midnight Wish, CubeHash, ECHO, Fugue, Grøstl, Hamsi, JH, Keccak, Luffa, Shabal, SHAvite-3, SIMD, and Skein Version 2.0, November 11, 2009 Stefan Tillich,
More informationImplementation and Comparative Analysis of AES as a Stream Cipher
Implementation and Comparative Analysis of AES as a Stream Cipher Bin ZHOU, Yingning Peng Dept. of Electronic Engineering, Tsinghua University, Beijing, China, 100084 e-mail: zhoubin06@mails.tsinghua.edu.cn
More informationComparison of the Hardware Performance of the AES Candidates Using Reconfigurable Hardware
Comparison of the Hardware Performance of the AES Candidates Using Reconfigurable Hardware Master s Thesis Pawel Chodowiec MS CpE Candidate, ECE George Mason University Advisor: Dr. Kris Gaj, ECE George
More informationCompact Hardware Implementations of ChaCha, BLAKE, Threefish, and Skein on FPGA
Compact Hardware Implementations of ChaCha, BLAKE, Threefish, and Skein on FPGA Nuray At, Jean-Luc Beuchat, Eiji Okamoto, İsmail San, and Teppei Yamazaki Department of Electrical and Electronics Engineering,
More informationHash functions & MACs
ECE 646 Lecture 11 Hash functions & MACs Required Reading W. Stallings, "Cryptography and Network-Security, Chapter 11 Cryptographic Hash Functions Appendix 11A Mathematical Basis of Birthday Attack Chapter
More informationCompact Dual Block AES core on FPGA for CCM Protocol
Compact Dual Block AES core on FPGA for CCM Protocol João Carlos C. Resende Ricardo Chaves 1 Compact Dual Block AES core on FPGA for CCM Protocol João CC Resende & Ricardo Chaves Outline Introduction &
More informationBenchmarking of Cryptographic Algorithms in Hardware. Ekawat Homsirikamol & Kris Gaj George Mason University USA
Benchmarking of Cryptographic Algorithms in Hardware Ekawat Homsirikamol & Kris Gaj George Mason University USA 1 Co-Author Ekawat Homsirikamol a.k.a Ice Working on the PhD Thesis entitled A New Approach
More informationTwo Hardware Designs of BLAKE-256 Based on Final Round Tweak
Two Hardware Designs of BLAKE-256 Based on Final Round Tweak Muh Syafiq Irsyadi and Shuichi Ichikawa Dept. Knowledge-based Information Engineering Toyohashi University of Technology, Hibarigaoka, Tempaku,
More informationThe SHA-3 Process. Keccak & SHA-3 day Brussels, 27 March 2013
The SHA-3 Process Keccak & SHA-3 day Brussels, 27 March 2013 Timeline 05 06 07 08 09 10 11 12 13 Summer 2005: Attacks on MD5, RIPEMD, SHA-0, SHA-1 The Wang effect Before 2005 MD4 (Dobbertin) MD5 (Boss.,
More informationSHA3 Core Specification. Author: Homer Hsing
SHA3 Core Specification Author: Homer Hsing homer.hsing@gmail.com Rev. 0.1 January 29, 2013 This page has been intentionally left blank. www.opencores.org Rev 0.1 ii Rev. Date Author Description 0.1 01/29/2013
More informationCan High-Level Synthesis Compete Against a Hand-Written Code in the Cryptographic Domain? A Case Study
Can High-Level Synthesis Compete Against a Hand-Written Code in the Cryptographic Domain? A Case Study Ekawat Homsirikamol & Kris Gaj George Mason University USA Project supported by NSF Grant #1314540
More informationA Zynq-based Testbed for the Experimental Benchmarking of Algorithms Competing in Cryptographic Contests
A Zynq-based Testbed for the Experimental Benchmarking of Algorithms Competing in Cryptographic Contests Farnoud Farahmand, Ekawat Homsirikamol, and Kris Gaj George Mason University Fairfax, Virginia 22030
More informationCompact implementations of Grøstl, JH and Skein for FPGAs
Compact implementations of Grøstl, JH and Skein for FPGAs Bernhard Jungk Hochschule RheinMain University of Applied Sciences Wiesbaden Rüsselsheim Geisenheim bernhard.jungk@hs-rm.de Abstract. This work
More informationCompact FPGA Implementations of the Five SHA-3 Finalists
Compact FPGA Implementations of the Five SHA-3 Finalists Stéphanie Kerckhof 1,François Durvaux 1, Nicolas Veyrat-Charvillon 1, Francesco Regazzoni 1, Guerric Meurice de Dormale 2,andFrançois-Xavier Standaert
More informationHardware Performance Evaluation of SHA-3 Candidate Algorithms
Journal of Information Security, 2012, 3, 69-76 http://dx.doi.org/10.4236/jis.2012.32008 Published Online April 2012 (http://www.scirp.org/journal/jis) Hardware Performance Evaluation of SHA-3 Candidate
More informationImplementation and Analysis of the PRIMATEs Family of Authenticated Ciphers
Implementation and Analysis of the PRIMATEs Family of Authenticated Ciphers Ahmed Ferozpuri Abstract Lightweight devices used for encrypted communication require a scheme that can operate in a low resource
More informationHOST Cryptography III ECE 525 ECE UNM 1 (1/18/18)
AES Block Cipher Blockciphers are central tool in the design of protocols for shared-key cryptography What is a blockcipher? It is a function E of parameters k and n that maps { 0, 1} k { 0, 1} n { 0,
More informationCryptographic Hash Functions
Cryptographic Hash Functions Çetin Kaya Koç koc@cs.ucsb.edu Çetin Kaya Koç http://koclab.org Winter 2017 1 / 34 Cryptographic Hash Functions A hash function provides message integrity and authentication
More informationData-Oriented Performance Analysis of SHA-3 Candidates on FPGA Accelerated Computers
Data-Oriented Performance Analysis of SHA-3 Candidates on FPGA Accelerated Computers Zhimin Chen, Xu Guo, Ambuj Sinha, and Patrick Schaumont ECE Department, Virginia Tech {chenzm, xuguo, ambujs87, schaum}@vt.edu
More informationAdvanced Encryption Standard and Modes of Operation. Foundations of Cryptography - AES pp. 1 / 50
Advanced Encryption Standard and Modes of Operation Foundations of Cryptography - AES pp. 1 / 50 AES Advanced Encryption Standard (AES) is a symmetric cryptographic algorithm AES has been originally requested
More informationC vs. VHDL: Benchmarking CAESAR Candidates Using High- Level Synthesis and Register- Transfer Level Methodologies
C vs. VHDL: Benchmarking CAESAR Candidates Using High- Level Synthesis and Register- Transfer Level Methodologies Ekawat Homsirikamol, William Diehl, Ahmed Ferozpuri, Farnoud Farahmand, and Kris Gaj George
More informationSide-channel Analysis of Grøstl and Skein
2012 IEEE IEEE Symposium CS Security on Security and Privacy and Workshops Privacy Workshops Side-channel Analysis of Grøstl and Skein Christina Boura, Sylvain Lévêque, David Vigilant Gemalto 6 rue de
More informationBenchmarking of Round 3 CAESAR Candidates in Hardware: Methodology, Designs & Results
Benchmarking of Round 3 CAESAR Candidates in Hardware: Methodology, Designs & Results Ekawat Homsirikamol, Farnoud Farahmand, William Diehl, and Kris Gaj George Mason University USA http://cryptography.gmu.edu
More informationWinter 2011 Josh Benaloh Brian LaMacchia
Winter 2011 Josh Benaloh Brian LaMacchia Symmetric Cryptography January 20, 2011 Practical Aspects of Modern Cryptography 2 Agenda Symmetric key ciphers Stream ciphers Block ciphers Cryptographic hash
More informationCS-E4320 Cryptography and Data Security Lecture 5: Hash Functions
Lecture 5: Hash Functions Céline Blondeau Email: celine.blondeau@aalto.fi Department of Computer Science Aalto University, School of Science Hash Functions Birthday Paradox Design of Hash Functions SHA-3
More informationGMU Hardware API for Authen4cated Ciphers
GMU Hardware API for Authen4cated Ciphers Ekawat Homsirikamol, William Diehl, Ahmed Ferozpuri, Farnoud Farahmand, Malik Umar Sharif, and Kris Gaj George Mason University USA http:/cryptography.gmu.edu
More informationLecture 1 Applied Cryptography (Part 1)
Lecture 1 Applied Cryptography (Part 1) Patrick P. C. Lee Tsinghua Summer Course 2010 1-1 Roadmap Introduction to Security Introduction to Cryptography Symmetric key cryptography Hash and message authentication
More informationCompact Implementation of Threefish and Skein on FPGA
Compact Implementation of Threefish and Skein on FPGA Nuray At, Jean-Luc Beuchat, and İsmail San Department of Electrical and Electronics Engineering, Anadolu University, Eskişehir, Turkey Email: {nat,
More informationFast implementation and fair comparison of the final candidates for Advanced Encryption Standard using Field Programmable Gate Arrays
Kris Gaj and Pawel Chodowiec Electrical and Computer Engineering George Mason University Fast implementation and fair comparison of the final candidates for Advanced Encryption Standard using Field Programmable
More informationFederal standards NIST FIPS 46-1 DES FIPS 46-2 DES. FIPS 81 Modes of. operation. FIPS 46-3 Triple DES FIPS 197 AES. industry.
ECE 646 Lecture 12 Federal Secret- cryptography Banking International Cryptographic Standards NIST FIPS 46-1 DES FIPS 46-2 DES FIPS 81 Modes of operation FIPS 46-3 Triple DES FIPS 197 AES X3.92 DES ANSI
More informationToward a New Methodology for Hardware Benchmarking of Candidates in Cryptographic Competitions: The CAESAR Contest Case Study
Toward a New Methodology for Hardware Benchmarking of Candidates in Cryptographic Competitions: The CAESAR Contest Case Study Ekawat Homsirikamol and Kris Gaj George Mason University, U.S.A. Fairfax, Virginia
More informationGrøstl a SHA-3 candidate
Grøstl a SHA-3 candidate http://www.groestl.info Praveen Gauravaram 1, Lars R. Knudsen 1, Krystian Matusiewicz 1, Florian Mendel 2, Christian Rechberger 2, Martin Schläffer 2, and Søren S. Thomsen 1 1
More informationECE 545. Digital System Design with VHDL
ECE 545 Digital System Design with VHDL Course web page: ECE web page Courses Course web pages ECE 545 http://ece.gmu.edu/coursewebpages/ece/ece545/f10/ Kris Gaj Research and teaching interests: Contact:
More informationECE 646 Lecture 12. Cryptographic Standards. Secret-key cryptography standards
ECE 646 Lecture 12 Cryptographic Standards Secret-key cryptography Federal Banking International NIST FIPS 46-1 DES FIPS 46-2 DES FIPS 81 Modes of operation FIPS 46-3 Triple DES FIPS 197 AES X3.92 DES
More informationSHA-3 interoperability
SHA-3 interoperability Daniel J. Bernstein Department of Computer Science (MC 152) The University of Illinois at Chicago Chicago, IL 60607 7053 djb@cr.yp.to 1 Introduction: You thought software upgrades
More informationEfficient Hardware Implementations of High Throughput SHA-3 Candidates Keccak, Luffa and Blue Midnight Wish for Single- and Multi-Message Hashing
Efficient Hardware Implementations of High Throughput SHA-3 Candidates Keccak, Luffa and Blue Midnight Wish for Single- and Multi-Message Hashing Abdulkadir Akın, Aydın Aysu, Onur Can Ulusel, and Erkay
More informationData Integrity & Authentication. Message Authentication Codes (MACs)
Data Integrity & Authentication Message Authentication Codes (MACs) Goal Ensure integrity of messages, even in presence of an active adversary who sends own messages. Alice (sender) Bob (receiver) Fran
More informationEnvironment for Fair and Comprehensive Performance Evalua7on of Cryptographic Hardware and So=ware. ASIC Status Update
Environment for Fair and Comprehensive Performance Evalua7on of Cryptographic Hardware and So=ware ASIC Status Update ECE Department, Virginia Tech Faculty - Patrick Schaumont, Leyla Nazhandali Students
More informationCryptographic Hash Functions. Rocky K. C. Chang, February 5, 2015
Cryptographic Hash Functions Rocky K. C. Chang, February 5, 2015 1 This set of slides addresses 2 Outline Cryptographic hash functions Unkeyed and keyed hash functions Security of cryptographic hash functions
More informationNIST SHA-3 ASIC Datasheet
NIST SHA-3 ASIC Datasheet -- NIST SHA-3 Competition Five Finalists on a Chip (Version 1.1) Technology: IBM MOSIS 0.13µm CMR8SF-RVT Standard-Cell Library: ARM s Artisan SAGE-X V2.0 Area: 5mm 2 (Core: 1.656mm
More informationData Integrity & Authentication. Message Authentication Codes (MACs)
Data Integrity & Authentication Message Authentication Codes (MACs) Goal Ensure integrity of messages, even in presence of an active adversary who sends own messages. Alice (sender) Bob (reciever) Fran
More informationLecture 2B. RTL Design Methodology. Transition from Pseudocode & Interface to a Corresponding Block Diagram
Lecture 2B RTL Design Methodology Transition from Pseudocode & Interface to a Corresponding Block Diagram Structure of a Typical Digital Data Inputs Datapath (Execution Unit) Data Outputs System Control
More informationLooting the LUTs : FPGA Optimization of AES and AES-like Ciphers for Authenticated Encryption
Looting the LUTs : FPGA Optimization of AES and AES-like Ciphers for Authenticated Encryption Mustafa Khairallah 1, Anupam Chattopadhyay 1,2, and Thomas Peyrin 1,2 1 School of Physical and Mathematical
More informationFuture Challenges for Lightweight Cryptography
Future Challenges for Lightweight Cryptography F.-X. Standaert UCL Crypto Group Crypto for 2020, Tenerife, January 2013 Outline 1 1. Past results 2. Future challenges 1. Block ciphers 2 TEA, NOEKEON, AES,
More informationSurvey of Commercially available chips and IP cores implementing cryptographic algorithms
Survey of Commercially available chips and IP cores implementing cryptographic algorithms Prepared by - Micheal Dugan, Prajakta Gogte, Prerna Arora Prepared for - ECE 646, Prof. Kris Gaj December 19, 2005
More informationECE 646 Lecture 12. Hash functions & MACs. Digital Signature. Required Reading. Recommended Reading. m message. hash function hash value.
ECE 646 Lecture 12 Required Reading W. Stallings, "Cryptography and Network-Security, Chapter 11 Cryptographic Hash Functions & MACs Appendix 11A Mathematical Basis of Birthday Attack Chapter 12 Message
More informationFast implementation and fair comparison of the final candidates for Advanced Encryption Standard using Field Programmable Gate Arrays
Fast implementation and fair comparison of the final candidates for Advanced Encryption Standard using Field Programmable Gate Arrays Kris Gaj and Pawel Chodowiec George Mason University, Electrical and
More informationLightweight Implementations of SHA-3 Candidates on FPGAs
Lightweight Implementations of SHA-3 Candidates on FPGAs Jens-Peter Kaps, Panasayya Yalla, Kishore Kumar Surapathi, Bilal Habib, Susheel Vadlamudi, Smriti Gurung, and John Pham ECE Department, George Mason
More informationEncryption and Decryption by AES algorithm using FPGA
Encryption and Decryption by AES algorithm using FPGA Sayali S. Kshirsagar Department of Electronics SPPU MITAOE, Alandi(D), Pune, India sayali.kshirsagar17@gmail.com Savita Pawar Department of Electronics
More informationExperimental Testing of the Gigabit IPSec-Compliant Implementations of Rijndael and Triple DES Using SLAAC-1V FPGA Accelerator Board
Experimental Testing of the Gigabit IPSec-Compliant Implementations of Rijndael and Triple DES Using SLAAC-1V FPGA Accelerator Board Pawel Chodowiec 1, Kris Gaj 1, Peter Bellows 2, and Brian Schott 2 1
More informationCAESAR Hardware API. Ekawat Homsirikamol, William Diehl, Ahmed Ferozpuri, Farnoud Farahmand, Panasayya Yalla, Jens-Peter Kaps, and Kris Gaj
CAESAR Hardware API Ekawat Homsirikamol, William Diehl, Ahmed Ferozpuri, Farnoud Farahmand, Panasayya Yalla, Jens-Peter Kaps, and Kris Gaj Cryptographic Engineering Research Group George Mason University
More informationCryptography and Network Security Chapter 12. Message Authentication. Message Security Requirements. Public Key Message Encryption
Cryptography and Network Security Chapter 12 Fifth Edition by William Stallings Lecture slides by Lawrie Brown Chapter 12 Message Authentication Codes At cats' green on the Sunday he took the message from
More informationLecture 4: Authentication and Hashing
Lecture 4: Authentication and Hashing Introduction to Modern Cryptography 1 Benny Applebaum Tel-Aviv University Fall Semester, 2011 12 1 These slides are based on Benny Chor s slides. Some Changes in Grading
More informationThe IPsec protocols. Overview
The IPsec protocols -- components and services -- modes of operation -- Security Associations -- Authenticated Header (AH) -- Encapsulated Security Payload () (c) Levente Buttyán (buttyan@crysys.hu) Overview
More informationCryptographic Hash Functions
Cryptographic Hash Functions Cryptographic Hash Functions A cryptographic hash function takes a message of arbitrary length and creates a message digest of fixed length. Iterated Hash Function A (compression)
More informationMessage authentication codes
Message authentication codes Martin Stanek Department of Computer Science Comenius University stanek@dcs.fmph.uniba.sk Cryptology 1 (2017/18) Content Introduction security of MAC Constructions block cipher
More informationBenchmarking of Round 2 CAESAR Candidates in Hardware: Methodology, Designs & Results
Benchmarking of Round 2 CAESAR Candidates in Hardware: Methodology, Designs & Results Ekawat Homsirikamol, Panasayya Yalla, Ahmed Ferozpuri, William Diehl, Farnoud Farahmand, Michael X. Lyons, and Kris
More informationHigh Level Synthesis of Cryptographic Hardware. Jeremy Trimble ECE 646
High Level Synthesis of Cryptographic Hardware Jeremy Trimble ECE 646 High Level Synthesis Synthesize (FPGA) hardware using software programming languages: C / C++, Domain specific Languages ( DSL ) Typical
More informationAES Core Specification. Author: Homer Hsing
AES Core Specification Author: Homer Hsing homer.hsing@gmail.com Rev. 0.1.1 October 30, 2012 This page has been intentionally left blank. www.opencores.org Rev 0.1.1 ii Revision History Rev. Date Author
More informationChapter 2 Hardware Implementation of Hash Functions
Chapter 2 Hardware Implementation of Hash Functions Zhijie Shi, Chujiao Ma, Jordan Cote, and Bing Wang 2.1 Introduction to Cryptographic Hash Functions Hash algorithm is a type of cryptographic primitives.
More informationHashes, MACs & Passwords. Tom Chothia Computer Security Lecture 5
Hashes, MACs & Passwords Tom Chothia Computer Security Lecture 5 Today s Lecture Hashes and Message Authentication Codes Properties of Hashes and MACs CBC-MAC, MAC -> HASH (slow), SHA1, SHA2, SHA3 HASH
More informationIntroduction to Network Security Missouri S&T University CPE 5420 Data Integrity Algorithms
Introduction to Network Security Missouri S&T University CPE 5420 Data Integrity Algorithms Egemen K. Çetinkaya Egemen K. Çetinkaya Department of Electrical & Computer Engineering Missouri University of
More informationFast implementations of secret-key block ciphers using mixed inner- and outer-round pipelining
Pawel Chodowiec, Po Khuon, Kris Gaj Electrical and Computer Engineering George Mason University Fast implementations of secret-key block ciphers using mixed inner- and outer-round pipelining http://ece.gmu.edu/crypto-text.htm
More informationCSCE 715: Network Systems Security
CSCE 715: Network Systems Security Chin-Tser Huang huangct@cse.sc.edu University of South Carolina Next Topic in Cryptographic Tools Symmetric key encryption Asymmetric key encryption Hash functions and
More informationImplementation of the block cipher Rijndael using Altera FPGA
Regular paper Implementation of the block cipher Rijndael using Altera FPGA Piotr Mroczkowski Abstract A short description of the block cipher Rijndael is presented. Hardware implementation by means of
More informationEvaluation of Hardware Performance for the SHA-3 Candidates Using SASEBO-GII
Evaluation of Hardware Performance for the SHA-3 Candidates Using SASEBO-GII Kazuyuki Kobayashi 1, Jun Ikegami 1, Shin ichiro Matsuo 2, Kazuo Sakiyama 1 and Kazuo Ohta 1 1 The University of Electro-Communications,
More informationH must be collision (2n/2 function calls), 2nd-preimage (2n function calls) and preimage resistant (2n function calls)
What is a hash function? mapping of: {0, 1} {0, 1} n H must be collision (2n/2 function calls), 2nd-preimage (2n function calls) and preimage resistant (2n function calls) The Merkle-Damgård algorithm
More informationSymmetric Crypto MAC. Pierre-Alain Fouque
Symmetric Crypto MAC Pierre-Alain Fouque Message Authentication Code (MAC) Warning: Encryption does not provide integrity Eg: CTR mode ensures confidentiality if the blockcipher used is secure. However,
More informationEkawat Homsirikamol, William Diehl, Ahmed Ferozpuri, Farnoud Farahmand, Michael X. Lyons, Panasayya Yalla, and Kris Gaj George Mason University USA
Toward Fair and Comprehensive Benchmarking of CAESAR Candidates in Hardware: Standard API, High-Speed ImplementaCons in VHDL/Verilog, and Benchmarking Using FPGAs Ekawat Homsirikamol, William Diehl, Ahmed
More informationRevisiting the IDEA Philosophy
Revisiting the IDEA Philosophy Pascal Junod 1,2 Marco Macchetti 2 1 University of Applied Sciences Western Switzerland (HES-SO) 2 Nagracard SA, Switzerland FSE 09 Leuven (Belgium), February 24, 2009 Outline
More informationCan High-Level Synthesis Compete Against a Hand-Written Code in the Cryptographic Domain? A Case Study
Can High-Level Synthesis Compete Against a Hand-Written Code in the Cryptographic Domain? A Case Study Ekawat Homsirikamol and Kris Gaj Volgenau School of Engineering George Mason University Fairfax, Virginia
More informationECE596C: Handout #7. Analysis of DES and the AES Standard. Electrical and Computer Engineering, University of Arizona, Loukas Lazos
ECE596C: Handout #7 Analysis of DES and the AES Standard Electrical and Computer Engineering, University of Arizona, Loukas Lazos Abstract. In this lecture we analyze the security properties of DES and
More informationJaap van Ginkel Security of Systems and Networks
Jaap van Ginkel Security of Systems and Networks November 5, 2012 Part 3 Modern Crypto SSN Week 2 Hashes MD5 SHA Secret key cryptography AES Public key cryptography DES Book Chapter 1 in full Chapter 2
More informationNetwork Security. Cryptographic Hash Functions Add-on. Benjamin s slides are authoritative. Chair for Network Architectures and Services
Chair for Network Architectures and Services Technische Universität München Network Security Cryptographic Hash Functions Add-on Benjamin s slides are authoritative Motivation (1) Common practice in data
More informationExploring Area/Delay Tradeoffs in an AES FPGA Implementation
Exploring Area/Delay Tradeoffs in an AES FPGA Implementation Joseph Zambreno, David Nguyen, and Alok Choudhary Department of Electrical and Computer Engineering Northwestern University Evanston, IL 60208,
More informationLecture 5. Cryptographic Hash Functions. Read: Chapter 5 in KPS
Lecture 5 Cryptographic Hash Functions Read: Chapter 5 in KPS 1 Purpose CHF one of the most important tools in modern cryptography and security CHF-s are used for many authentication, integrity, digital
More informationBYTE SLICING GRØSTL Optimized Intel AES-NI and 8-bit Implementations of the SHA-3 Finalist Grøstl
BYTE SLICING GRØSTL Optimized Intel AES-NI and 8-bit Implementations of the SHA-3 Finalist Grøstl Kazumaro Aoki 1, Günther Roland 2, Yu Sasaki 1 and Martin Schläffer 2 1 NTT Corporation, Japan 2 IAIK,
More informationLow area implementation of AES ECB on FPGA
Total AddRoundkey_3 MixCollumns AddRoundkey_ ShiftRows SubBytes 1 Low area implementation of AES ECB on FPGA Abstract This project aimed to create a low area implementation of the Rajindael cipher (AES)
More informationECE 646 Lecture 11. Hash functions & MACs. Digital Signature. message. hash. function. Alice. Bob. Alice s public key. Alice s private key
ECE 646 Lecture 11 Hash functions & MACs Digital Signature Alice Message Signature Message Signature Bob Hash function Hash function Hash value Public key algorithm yes Hash value 1 Hash value 2 no Public
More informationImplementer s Guide to the CAESAR Hardware API
Implementer s Guide to the CAESAR Hardware API Ekawat Homsirikamol, William Diehl, Ahmed Ferozpuri, Farnoud Farahmand, and Kris Gaj Electrical and Computer Engineering Department, George Mason University
More informationECE 646 Lecture 8. Modes of operation of block ciphers
ECE 646 Lecture 8 Modes of operation of block ciphers Required Reading: I. W. Stallings, "Cryptography and Network-Security," 5 th and 6 th Edition, Chapter 6 Block Cipher Operation II. A. Menezes, P.
More informationEfficient Hardware Design and Implementation of AES Cryptosystem
Efficient Hardware Design and Implementation of AES Cryptosystem PRAVIN B. GHEWARI 1 MRS. JAYMALA K. PATIL 1 AMIT B. CHOUGULE 2 1 Department of Electronics & Telecommunication 2 Department of Computer
More information