Lightweight Implementations of SHA-3 Candidates on FPGAs
|
|
- Kelley Allen
- 6 years ago
- Views:
Transcription
1 Lightweight of SHA-3 Candidates on FPGAs Jens-Peter Kaps Panasayya Yalla Kishore Kumar Surapathi Bilal Habib Susheel Vadlamudi Smriti Gurung John Pham Cryptographic Engineering Research Group (CERG) Department of ECE, Volgenau School of Engineering, George Mason University, Fairfax, VA, USA 2th International Conference on Cryptology in India Indocrypt 2 Indocrypt 2 J.-P. Kaps, Smriti Gurung, et al. Lightweight of SHA-3 on FPGAs / 27
2 Outline Introduction Introduction Indocrypt 2 J.-P. Kaps, Smriti Gurung, et al. Lightweight of SHA-3 on FPGAs 2 / 27
3 Hash Function Competition Hash Function Competition Previous Work Goal A hash algorithm reads an arbitrary length message and produces a fixed bit string called hash value/message digest. Main applications: Digital signatures, Message Authentication Codes (MAC), Universal Unique IDentifier(UUID/GUID), password tables and many more. NIST competition for new secure hash algorithm SHA-3 Announced in Nov 27, 64 entries submitted. 4 selected for Round 2. Currently in Round 3 5 finalists. NIST s selection criteria: Security, HW/SW speed, scalability. Indocrypt 2 J.-P. Kaps, Smriti Gurung, et al. Lightweight of SHA-3 on FPGAs 3 / 27
4 Hash Function Competition Hash Function Competition Previous Work Goal A hash algorithm reads an arbitrary length message and produces a fixed bit string called hash value/message digest. Main applications: Digital signatures, Message Authentication Codes (MAC), Universal Unique IDentifier(UUID/GUID), password tables and many more. NIST competition for new secure hash algorithm SHA-3 Announced in Nov 27, 64 entries submitted. 4 selected for Round 2. Currently in Round 3 5 finalists. NIST s selection criteria: Security, HW/SW speed, scalability. Motivation Analyze performance of candidates in a constrained FPGA environment determine scalability on FPGAs. Indocrypt 2 J.-P. Kaps, Smriti Gurung, et al. Lightweight of SHA-3 on FPGAs 3 / 27
5 Hash Function Competition Previous Work Goal Previous Work on SHA-3 Candidates Several Throughput/Area optimized implementations on FPGAs were published: Gaj et al.[ches 2], Matsuo et al.[sha-3 conference 2], Baldwin et al.[sha-3 conference 2]. Only two specific for low-area implementations of SHA-3 finalists: Kerckhof et al.[hash 2], Jungk et al.[reconfig 2]. Indocrypt 2 J.-P. Kaps, Smriti Gurung, et al. Lightweight of SHA-3 on FPGAs 4 / 27
6 Hash Function Competition Previous Work Goal Previous Work on SHA-3 Candidates Several Throughput/Area optimized implementations on FPGAs were published: Gaj et al.[ches 2], Matsuo et al.[sha-3 conference 2], Baldwin et al.[sha-3 conference 2]. Only two specific for low-area implementations of SHA-3 finalists: Kerckhof et al.[hash 2], Jungk et al.[reconfig 2]. Problem: Rating algorithm performance when are on different devices, made with different implementation goals and features, vary in both: area and throughput, and support different I/O interface widths. Indocrypt 2 J.-P. Kaps, Smriti Gurung, et al. Lightweight of SHA-3 on FPGAs 4 / 27
7 Hash Function Competition Previous Work Goal Our Goal: Comprehensive set of lightweight implementations of all Round 2 SHA-3 Candidates (except SIMD) and all SHA-3 Finalists. All optimized for the same target maximum Throughput to Area ratio for given area budget. All use the same standardized interface. Implemented on different families for fair comparison with other reported results. Target Details: Xilinx Spartan 3, low cost FPGA family Budget: 4-6 slices, Block RAM (BRAM) Implemented 256 bit digest versions only Indocrypt 2 J.-P. Kaps, Smriti Gurung, et al. Lightweight of SHA-3 on FPGAs 5 / 27
8 Assumptions Interface and Protocol Assumptions Implementing for minimum area alone can lead to unrealistic run-times. Target: Achieve the maximum Throughput/Area ratio for a given area budget. Realistic scenario: System on Chip: Certain area only available. Standalone: Smaller Chip, lower cost, but limit to smallest chip available, e.g. 768 slices on smallest Spartan 3 FPGA. Makes fair comparison of lightweight implementations possible. Indocrypt 2 J.-P. Kaps, Smriti Gurung, et al. Lightweight of SHA-3 on FPGAs 6 / 27
9 Interface and Protocol Introduction Assumptions Interface and Protocol Based on Interface and I/O Protocol from Gaj et al.[ches 2]. msg len ap, seq len ap (after padding ) in -bit words. msg len bp, seq len bp (before padding) in bits. n 2 msg len bp = seq len ap i + seq len bp n i= n msg len ap = seq len ap i w = 6 bits. w i= clk clk rst rst SHA Core w din dout src_ready dst_ready src_read dst_write w bits msg_len_ap msg_len_bp message w bits seq_len_ap seq seq_len_ap seq seq_len_ap n seq_len_bp n seq n a)sha Interface b)sha Protocol Indocrypt 2 J.-P. Kaps, Smriti Gurung, et al. Lightweight of SHA-3 on FPGAs 7 / 27
10 BLAKE-256 Algorithm Introduction BLAKE-256 Grøstl JH Keccak Skein M 52 P C P A B C D CM <<<6 Init. G G G G <<<2 P P2 G G G G CM CM G A B C Ti 4x <<< 8 <<< 7 D 256 IV H Key Features Salt value: A user Dependant constant 28 bits set all to 8 G functions : XOR, addition, shifting. P,P2 : Permutation Blake scales very well. Folded up to 4 times vertically and 4 times horizontally. Indocrypt 2 J.-P. Kaps, Smriti Gurung, et al. Lightweight of SHA-3 on FPGAs 8 / 27
11 BLAKE-256 Implementation BLAKE-256 Grøstl JH Keccak Skein din Reg REG_ dout REG_2 D C B A DRAM 5 Port A BRAM Port B 3 6 DRAM DRAM DRAM A REG_B CM REG_A <<<R3 <<<R REG_B2 B B C D REG_C <<<R4 <<<R2 A C D Implementation Salt : BRAM State: DRAM Quasi pipelined Half G function Registers: Reduce critical path Permutation causes a large controller with 2 addresses. BRAM contains constants, message, IV, intermediate hash. Scalability: Unfolding leads to worse TP/A. Improvement: Rescheduling of G results in 29 clock per block versus 35. Indocrypt 2 J.-P. Kaps, Smriti Gurung, et al. Lightweight of SHA-3 on FPGAs 9 / 27
12 Grøstl Algorithm Introduction BLAKE-256 Grøstl JH Keccak Skein IV 52 M 52 Hi P Addp 52 S Box x Sft Row Mix Hi 52 Addq S Box Sft Row Mix 255 H Q 52 x Key Features Based on AES like architecture S-BOX, shift rows, Mixed columns Grøstl scales well, like AES. Folded up to 8 times vertically. Small storage requirements. Uses many narrow memory accesses in parallel (8 per column). Indocrypt 2 J.-P. Kaps, Smriti Gurung, et al. Lightweight of SHA-3 on FPGAs / 27
13 Grøstl Implementation Introduction BLAKE-256 Grøstl JH Keccak Skein dout Port A BRAM Port B 3 5 B A Reg din Reg GFMul Reg SBox SBox B Reg 2 Add Constant SBox A 2 4xDRAM 4xDRAM 4xDRAM 4xDRAM A SBox Implementation State p,q : DRAM Shift Rows : how data accessed from DRAM Mix Column : GF-multiplier(half multiplier) Finalization takes as many clock cycles as block. BRAM stores only intermediate hash and IV. One new column every 3 clock cycles, P & Q interleaved. Scalability: Reducing number of clock cycles per column by adding S-Boxes and/or GF-Multiplier. Indocrypt 2 J.-P. Kaps, Smriti Gurung, et al. Lightweight of SHA-3 on FPGAs / 27
14 JH Algorithm Introduction BLAKE-256 Grøstl JH Keccak Skein M M E Group R 8 S box L P De group 42x S 256 R6 C S box L P 23 H 768 Key Features Grouping: reordering of 24 bits state SBOX : Permutation Linear transformation : rotation and XOR De-grouping: inverse of grouping Permutation, grouping, and de-grouping makes scaling difficult Folding increases size Indocrypt 2 J.-P. Kaps, Smriti Gurung, et al. Lightweight of SHA-3 on FPGAs 2 / 27
15 JH Implementation Introduction BLAKE-256 Grøstl JH Keccak Skein din Port A BRAM Port B 6 Reg 3 dout 5 2 Group De group Reg 3 S box L P Reg Reg 4 DRAM R 6 Implementation State: BRAM R8 function: Implemening 8X2 S-BOX for R8(S and S) R6 function :2 S-BOX for R6(S) -bit datapath to maximize use of BlockRAM. On-the-fly generation of round constants. Scalability: 64-bit datapath only viable without BlockRAM. Improvement: Group can be performed on M and de-group only on H Kerckhof et al.[ecrypt II 2]. Indocrypt 2 J.-P. Kaps, Smriti Gurung, et al. Lightweight of SHA-3 on FPGAs 3 / 27
16 Keccak Algorithm Introduction BLAKE-256 Grøstl JH Keccak Skein M Rotate Const θ ρ & π χ 88 zeros x Key Features θ simple XOR ρ, π rotation and reordering operate on columns χ logical operation on rows Dependency on Previous states prevents folding. Round Const ι H Indocrypt 2 J.-P. Kaps, Smriti Gurung, et al. Lightweight of SHA-3 on FPGAs 4 / 27
17 Keccak Implementation BLAKE-256 Grøstl JH Keccak Skein 5 din out_ Reg RegA_out rc_a 3 Chi_B RegB_out var_out RegC_out 3 Chi_B 3 2 Port B 3 A BRAM Port A 63 rc_a 63 3 var_out 63 3 Chi_B dout out_ Chi Reg B Reg C Reg A <<< A A Reg V Rho&Pi 63 var_out Implementation Round constants, States: BRAM Quasi-pipelined θ & ρ & π Fixed rotations turn into variable rotator for small datapaths. ρ & π contains the rotator. Scalability: 64-bit datapath only viable without BlockRAM. Adding 2 more 64-bit registers saves approx 7 clock cycles. Indocrypt 2 J.-P. Kaps, Smriti Gurung, et al. Lightweight of SHA-3 on FPGAs 5 / 27
18 Skein Algorithm Introduction BLAKE-256 Grøstl JH Keccak Skein M 52 M 52 4xMIX P 52 4x Keygen 52 8x+ Threefish Tweak IV 255 H Key Features Mix function : Addition, Rotation and XOR Tweak constant : Key Generation for each block 64-bit adders lead to long delay. Algorithm cannot be folded. 64 <<<R 64 MIX Indocrypt 2 J.-P. Kaps, Smriti Gurung, et al. Lightweight of SHA-3 on FPGAs 6 / 27
19 Skein Implementation Introduction BLAKE-256 Grøstl JH Keccak Skein 3 Reg din Port A BRAM Port B Tweak reg reg <<<R 63 dout 3 Implementation State: BRAM Key Generation,Mix : bit adder bit adder leads critical path through barrel shifter. Barrel shifter is single largest block in the design (92 slices). Finalization takes as many clock cycles as block hash. Scalability: Running Keygen and MIX in parallel. Improvement: Addition of Registers to cut down the critical path delay. Indocrypt 2 J.-P. Kaps, Smriti Gurung, et al. Lightweight of SHA-3 on FPGAs 7 / 27
20 Throughput versus Area on Spartan-3 of SHA-3 R-2 Candidates of SHA-3 Finalists Comparison with Kerckhof Comparison with Jungk 5 Shabal 4 Round 2 Round 2 & 3 Round 3 Throughput (Mbps) 3 BLAKE- 2 BLAKE-256 Grøstl-Grøstl SHAvite-3 BMW JH42 Fugue Luffa ECHO Hamsi Keccak CubeHash JH Skein Area (slices) Indocrypt 2 J.-P. Kaps, Smriti Gurung, et al. Lightweight of SHA-3 on FPGAs 8 / 27
21 of SHA-3 R-2 Candidates of SHA-3 Finalists Comparison with Kerckhof Comparison with Jungk Ranking by Throughput over Area on Spartan-3..8 Long Messages Short Messages TP/Area (Mbps/slice) BLAKE- Grøstl- SHAvite-3 ECHO Fugue JH42 Keccak Skein Shabal BLAKE-256 Grøstl BMW Luffa Hamsi JH CubeHash Algorithms with finalization rounds perform worse for short messages. Indocrypt 2 J.-P. Kaps, Smriti Gurung, et al. Lightweight of SHA-3 on FPGAs 9 / 27
22 of SHA-3 R-2 Candidates of SHA-3 Finalists Comparison with Kerckhof Comparison with Jungk Implementation Summary of Finalists for Long Messages Algorithm Block Size (bits) b Clock Cycles to hash N blocks clk = st + ( l + p) N + end Throughput b (l + p) T BLAKE ( + 38) N /( 35 T ) Grøstl ( + 55) N /( 547 T ) JH ( + 83) N 5 52/(845 T ) Keccak ( ) N /(3764 T ) Skein ( + 247) N /(2439 T ) st: Clock cycles computing initial steps before processing. l + p : Loading and processing cycles per block. end : Clock cycles needed for finalization and output of hash. st and end ignored for long messages as their influence goes toward zero. Indocrypt 2 J.-P. Kaps, Smriti Gurung, et al. Lightweight of SHA-3 on FPGAs 2 / 27
23 of SHA-3 R-2 Candidates of SHA-3 Finalists Comparison with Kerckhof Comparison with Jungk Implementation of Finalists on Xilinx Spartan-3 Long Message Short Message Area (slices) Block RAMs Maximum Delay (ns) T Throughput (Mbps) TP/Area (Mbps/slice) Throughput (Mbps) TP/Area (Mbps/slice) Algorithm BLAKE Grøstl JH Keccak Skein Short Message : clock cycles associated with initialization, loading, processing, finalization No. of blocks of message(n)= after padding for short message Indocrypt 2 J.-P. Kaps, Smriti Gurung, et al. Lightweight of SHA-3 on FPGAs 2 / 27
24 Throughput over Area of 5 Finalists of SHA-3 R-2 Candidates of SHA-3 Finalists Comparison with Kerckhof Comparison with Jungk TP/Area (Mbps/slice) Xilinx Virtex 5 Long Messages Short Messages. Grøstl JH42 BLAKE-256 Keccak Skein TP/Area (Mbps/slice) Xilinx Virtex 6 Long Messages Short Messages. Grøstl JH42 BLAKE-256 Keccak Skein No difference in ranking on the two devices. Keccak better than JH here, compared to Spartan-3. Indocrypt 2 J.-P. Kaps, Smriti Gurung, et al. Lightweight of SHA-3 on FPGAs 22 / 27
25 Throughput over Area of 5 Finalists of SHA-3 R-2 Candidates of SHA-3 Finalists Comparison with Kerckhof Comparison with Jungk Xilinx Spartan 6 Altera Cyclone ii.6.4 Long Messages Short Messages.6.4 Long Messages Short Messages TP/Area (Mbps/slice) TP/Area (Mbps/LE) Grøstl JH42 BLAKE-256 Keccak Skein. Grøstl better than BLAKE on Cyclone ii. Small changes in ranking depending on device. BLAKE-256 JH42 Grøstl Keccak Skein Indocrypt 2 J.-P. Kaps, Smriti Gurung, et al. Lightweight of SHA-3 on FPGAs 23 / 27
26 of SHA-3 R-2 Candidates of SHA-3 Finalists Comparison with Kerckhof Comparison with Jungk Comparison with [Kerckhof] (Virtex 6) Range of our Grøstl(K) Throughput (Mbps) Skein(K) 3 BLAKE-256 Grøstl JH42(K) 2 BLAKE-256(K) Keccak(K) Keccak Skein JH Area (slices) Indocrypt 2 J.-P. Kaps, Smriti Gurung, et al. Lightweight of SHA-3 on FPGAs 24 / 27
27 of SHA-3 R-2 Candidates of SHA-3 Finalists Comparison with Kerckhof Comparison with Jungk Comparison with [Jungk] (Virtex 5) 2 Range of our Grøstl(J) Keccak(J) Throughput (Mbps) 8 6 BLAKE-256(J) 4 BLAKE-256 Skein(J) Grøstl 2 JH42 Keccak Skein JH42(J) Area (slices) Indocrypt 2 J.-P. Kaps, Smriti Gurung, et al. Lightweight of SHA-3 on FPGAs 25 / 27
28 Announcement Introduction of SHA-3 R-2 Candidates of SHA-3 Finalists Comparison with Kerckhof Comparison with Jungk All the above data will shortly be available in the ATHENa database. Source codes will be available on the ATHENa webpage at the end of December. Follow the GMU Source Codes Link Thanks This work has been supported in part by NIST through the Recovery Act Measurement Science and Engineering Research Grant Project under contract no. 6NANBD4. Indocrypt 2 J.-P. Kaps, Smriti Gurung, et al. Lightweight of SHA-3 on FPGAs 26 / 27
29 of SHA-3 R-2 Candidates of SHA-3 Finalists Comparison with Kerckhof Comparison with Jungk Thanks for your attention. Indocrypt 2 J.-P. Kaps, Smriti Gurung, et al. Lightweight of SHA-3 on FPGAs 27 / 27
Low-Area Implementations of SHA-3 Candidates
Jens-Peter Cryptographic Engineering Research Group (CERG) http://cryptography.gmu.edu Department of ECE, Volgenau School of IT&E, George Mason University, Fairfax, VA, USA SHA-3 Project Review Meeting
More informationImplementation & Benchmarking of Padding Units & HMAC for SHA-3 candidates in FPGAs & ASICs
Implementation & Benchmarking of Padding Units & HMAC for SHA-3 candidates in FPGAs & ASICs Ambarish Vyas Cryptographic Engineering Research Group (CERG) http://cryptography.gmu.edu Department of ECE,
More informationLightweight Implementations of SHA-3 Candidates on FPGAs
Lightweight Implementations of SHA-3 Candidates on FPGAs Jens-Peter Kaps, Panasayya Yalla, Kishore Kumar Surapathi, Bilal Habib, Susheel Vadlamudi, Smriti Gurung, and John Pham ECE Department, George Mason
More information!"#$%&'()*+%&,-%&.*/.&0"&#%(1.*"0* 2+345*!%(,',%6.7*87'()*9/:37* :."&).*A%7"(*8('B.&7'6=* 8C2C3C*
!"#$%&'()*+%&,-%&.*/.&0"&#%(1.*"0* 2+345*!%(,',%6.7*87'()*9/:37* ;&
More informationA High-Speed Unified Hardware Architecture for AES and the SHA-3 Candidate Grøstl
A High-Speed Unified Hardware Architecture for AES and the SHA-3 Candidate Grøstl Marcin Rogawski Kris Gaj Cryptographic Engineering Research Group (CERG) http://cryptography.gmu.edu Department of ECE,
More informationUse of Embedded FPGA Resources in Implementations of Five Round Three SHA-3 Candidates
Use of Embedded FPGA Resources in Implementations of Five Round Three SHA-3 Candidates Malik Umar Sharif, Rabia Shahid, Marcin Rogawski and Kris Gaj George Mason University, USA Agenda SHA-3 High Speed
More informationUse of Embedded FPGA Resources in Implementa:ons of 14 Round 2 SHA- 3 Candidates
Use of Embedded FPGA Resources in Implementa:ons of 14 Round 2 SHA- 3 Candidates Kris Gaj, Rabia Shahid, Malik Umar Sharif, and Marcin Rogawski George Mason University U.S.A. Co-Authors Rabia Shahid Malik
More informationFair and Comprehensive Methodology for Comparing Hardware Performance of Fourteen Round Two SHA-3 Candidates using FPGAs
Fair and Comprehensive Methodology for Comparing Hardware Performance of Fourteen Round Two SHA-3 Candidates using FPGAs Kris Gaj, Ekawat Homsirikamol, and Marcin Rogawski ECE Department, George Mason
More informationVivado HLS Implementation of Round-2 SHA-3 Candidates
Farnoud Farahmand ECE 646 Fall 2015 Vivado HLS Implementation of Round-2 SHA-3 Candidates Introduction NIST announced a public competition on November 2007 to develop a new cryptographic hash algorithm,
More informationECE646 Project Final Report: Towards an Area-Constrained Implementation of the SHA-3 Final Round Keccak Algorithm. Project by Kim Turley
ECE646 Project Final Report: Towards an Area-Constrained Implementation of the SHA-3 Final Round Keccak Algorithm Project by Kim Turley Project Overview Goal: To explore in detail the elements of an areaconstrained
More informationGroestl Tweaks and their Effect on FPGA Results
Groestl Tweaks and their Effect on FPGA Results Marcin Rogawski and Kris Gaj George Mason University {kgaj, mrogawsk}@gmu.edu Abstract. In January 2011, Groestl team published tweaks to their specification
More informationEnvironment for Fair and Comprehensive Performance Evalua7on of Cryptographic Hardware and So=ware. ASIC Status Update
Environment for Fair and Comprehensive Performance Evalua7on of Cryptographic Hardware and So=ware ASIC Status Update ECE Department, Virginia Tech Faculty - Patrick Schaumont, Leyla Nazhandali Students
More informationTwo Hardware Designs of BLAKE-256 Based on Final Round Tweak
Two Hardware Designs of BLAKE-256 Based on Final Round Tweak Muh Syafiq Irsyadi and Shuichi Ichikawa Dept. Knowledge-based Information Engineering Toyohashi University of Technology, Hibarigaoka, Tempaku,
More informationEvaluation of Hardware Performance for the SHA-3 Candidates Using SASEBO-GII
Evaluation of Hardware Performance for the SHA-3 Candidates Using SASEBO-GII Kazuyuki Kobayashi 1, Jun Ikegami 1, Shin ichiro Matsuo 2, Kazuo Sakiyama 1 and Kazuo Ohta 1 1 The University of Electro-Communications,
More informationECE 545 Lecture 8b. Hardware Architectures of Secret-Key Block Ciphers and Hash Functions. George Mason University
ECE 545 Lecture 8b Hardware Architectures of Secret-Key Block Ciphers and Hash Functions George Mason University Recommended reading K. Gaj and P. Chodowiec, FPGA and ASIC Implementations of AES, Chapter
More informationECE 545. Digital System Design with VHDL
ECE 545 Digital System Design with VHDL Course web page: ECE web page Courses Course web pages ECE 545 http://ece.gmu.edu/coursewebpages/ece/ece545/f10/ Kris Gaj Research and teaching interests: Contact:
More informationUse of Embedded FPGA Resources in Implementations of Five Round Three SHA-3 Candidates
Use of Embedded FPGA Resources in Implementations of Five Round Three SHA-3 Candidates Malik Umar Sharif, Rabia Shahid, Marcin Rogawski, Kris Gaj Abstract In this paper, we present results of the comprehensive
More informationCompact implementations of Grøstl, JH and Skein for FPGAs
Compact implementations of Grøstl, JH and Skein for FPGAs Bernhard Jungk Hochschule RheinMain University of Applied Sciences Wiesbaden Rüsselsheim Geisenheim bernhard.jungk@hs-rm.de Abstract. This work
More informationEfficient Hardware Implementations of High Throughput SHA-3 Candidates Keccak, Luffa and Blue Midnight Wish for Single- and Multi-Message Hashing
Efficient Hardware Implementations of High Throughput SHA-3 Candidates Keccak, Luffa and Blue Midnight Wish for Single- and Multi-Message Hashing Abdulkadir Akın, Aydın Aysu, Onur Can Ulusel, and Erkay
More informationVersion 2.0, November 11, Stefan Tillich, Martin Feldhofer, Mario Kirschbaum, Thomas Plos, Jörn-Marc Schmidt, and Alexander Szekely
High-Speed Hardware Implementations of BLAKE, Blue Midnight Wish, CubeHash, ECHO, Fugue, Grøstl, Hamsi, JH, Keccak, Luffa, Shabal, SHAvite-3, SIMD, and Skein Version 2.0, November 11, 2009 Stefan Tillich,
More informationCompact FPGA Implementations of the Five SHA-3 Finalists
Compact FPGA Implementations of the Five SHA-3 Finalists Stéphanie Kerckhof 1,François Durvaux 1, Nicolas Veyrat-Charvillon 1, Francesco Regazzoni 1, Guerric Meurice de Dormale 2,andFrançois-Xavier Standaert
More informationCS-E4320 Cryptography and Data Security Lecture 5: Hash Functions
Lecture 5: Hash Functions Céline Blondeau Email: celine.blondeau@aalto.fi Department of Computer Science Aalto University, School of Science Hash Functions Birthday Paradox Design of Hash Functions SHA-3
More informationOn the parallelization of slice-based Keccak implementations on Xilinx FPGAs
On the parallelization of slice-based Keccak implementations on Xilinx FPGAs Jori Winderickx, Joan Daemen and Nele Mentens KU Leuven, ESAT/COSIC & iminds, Leuven, Belgium STMicroelectronics Belgium & Radboud
More informationA Zynq-based Testbed for the Experimental Benchmarking of Algorithms Competing in Cryptographic Contests
A Zynq-based Testbed for the Experimental Benchmarking of Algorithms Competing in Cryptographic Contests Farnoud Farahmand, Ekawat Homsirikamol, and Kris Gaj George Mason University Fairfax, Virginia 22030
More informationPushing the Limits of SHA-3 Hardware Implementations to Fit on RFID
Motivation Keccak Our Designs Results Comparison Conclusions 1 / 24 Pushing the Limits of SHA-3 Hardware Implementations to Fit on RFID Peter Pessl and Michael Hutter Motivation Keccak Our Designs Results
More informationSharing Resources Between AES and the SHA-3 Second Round Candidates Fugue and Grøstl
Sharing Resources Between AES and the SHA-3 Second Round Candidates Fugue and Grøstl Kimmo Järvinen Department of Information and Computer Science Aalto University, School of Science and Technology Espoo,
More informationC vs. VHDL: Benchmarking CAESAR Candidates Using High- Level Synthesis and Register- Transfer Level Methodologies
C vs. VHDL: Benchmarking CAESAR Candidates Using High- Level Synthesis and Register- Transfer Level Methodologies Ekawat Homsirikamol, William Diehl, Ahmed Ferozpuri, Farnoud Farahmand, and Kris Gaj George
More informationHardware Benchmarking of Cryptographic Algorithms Using High-Level Synthesis Tools: The SHA-3 Contest Case Study
Hardware Benchmarking of Cryptographic Algorithms Using High-Level Synthesis Tools: The SHA-3 Contest Case Study Ekawat Homsirikamol and Kris Gaj Volgenau School of Engineering George Mason University
More informationGMU SHA Core Interface & Hash Function Performance Metrics
GMU SHA Core Interface & Hash Function Performance Metrics Interface Why Interface Matters? Pin limit Total number of i/o ports Total number of an FPGA i/o pins Support for the maximum throughput Time
More informationComparing Hardware Performance of Fourteen Round Two SHA-3 Candidates Using FPGAs
Comparing Hardware Performance of Fourteen Round Two SHA-3 Candidates Using FPGAs Ekawat Homsirikamol Marcin Rogawski Kris Gaj George Mason University ehomsiri, mrogawsk, kgaj@gmu.edu Last revised: Decemer
More informationHardware Performance Evaluation of SHA-3 Candidate Algorithms
Journal of Information Security, 2012, 3, 69-76 http://dx.doi.org/10.4236/jis.2012.32008 Published Online April 2012 (http://www.scirp.org/journal/jis) Hardware Performance Evaluation of SHA-3 Candidate
More informationECE 646 Lecture 12. Cryptographic Standards. Secret-key cryptography standards
ECE 646 Lecture 12 Cryptographic Standards Secret-key cryptography Federal Banking International NIST FIPS 46-1 DES FIPS 46-2 DES FIPS 81 Modes of operation FIPS 46-3 Triple DES FIPS 197 AES X3.92 DES
More informationFederal standards NIST FIPS 46-1 DES FIPS 46-2 DES. FIPS 81 Modes of. operation. FIPS 46-3 Triple DES FIPS 197 AES. industry.
ECE 646 Lecture 12 Federal Secret- cryptography Banking International Cryptographic Standards NIST FIPS 46-1 DES FIPS 46-2 DES FIPS 81 Modes of operation FIPS 46-3 Triple DES FIPS 197 AES X3.92 DES ANSI
More informationA Lightweight Implementation of Keccak Hash Function for Radio-Frequency Identification Applications
A Lightweight Implementation of Keccak Hash Function for Radio-Frequency Identification Applications Elif Bilge Kavun and Tolga Yalcin Department of Cryptography Institute of Applied Mathematics, METU
More informationIMPLEMENTATION OF BLAKE ALGORITHM USING PIPELINING IN FPGA
International Journal Innovations in Scientific and IMPLEMENTATION OF BLAKE ALGORITHM USING PIPELINING IN FPGA 1 M.Jothi Kumar, 2 Chitravalavan 1 Research Scholar, Department Applied Electronics, A.V.C.
More informationNIST SHA-3 ASIC Datasheet
NIST SHA-3 ASIC Datasheet -- NIST SHA-3 Competition Five Finalists on a Chip (Version 1.1) Technology: IBM MOSIS 0.13µm CMR8SF-RVT Standard-Cell Library: ARM s Artisan SAGE-X V2.0 Area: 5mm 2 (Core: 1.656mm
More informationSHA-3 interoperability
SHA-3 interoperability Daniel J. Bernstein Department of Computer Science (MC 152) The University of Illinois at Chicago Chicago, IL 60607 7053 djb@cr.yp.to 1 Introduction: You thought software upgrades
More informationJaap van Ginkel Security of Systems and Networks
Jaap van Ginkel Security of Systems and Networks November 17, 2016 Part 3 Modern Crypto SSN Modern Cryptography Hashes MD5 SHA Secret key cryptography AES Public key cryptography DES Presentations Minimum
More informationImplementation and Analysis of the PRIMATEs Family of Authenticated Ciphers
Implementation and Analysis of the PRIMATEs Family of Authenticated Ciphers Ahmed Ferozpuri Abstract Lightweight devices used for encrypted communication require a scheme that can operate in a low resource
More informationCompact Hardware Implementations of ChaCha, BLAKE, Threefish, and Skein on FPGA
Compact Hardware Implementations of ChaCha, BLAKE, Threefish, and Skein on FPGA Nuray At, Jean-Luc Beuchat, Eiji Okamoto, İsmail San, and Teppei Yamazaki Department of Electrical and Electronics Engineering,
More informationGMU SHA Core Interface & Hash Function Performance Metrics Interface
GMU SHA Core Interface & Hash Function Performance Metrics Interface 1 Why Interface Matters? Pin limit Total number of i/o ports Total number of an FPGA i/o pins Support for the maximum throughput Time
More informationCompact Implementation of Threefish and Skein on FPGA
Compact Implementation of Threefish and Skein on FPGA Nuray At, Jean-Luc Beuchat, and İsmail San Department of Electrical and Electronics Engineering, Anadolu University, Eskişehir, Turkey Email: {nat,
More informationImplementation and Comparative Analysis of AES as a Stream Cipher
Implementation and Comparative Analysis of AES as a Stream Cipher Bin ZHOU, Yingning Peng Dept. of Electronic Engineering, Tsinghua University, Beijing, China, 100084 e-mail: zhoubin06@mails.tsinghua.edu.cn
More informationSHA3 Core Specification. Author: Homer Hsing
SHA3 Core Specification Author: Homer Hsing homer.hsing@gmail.com Rev. 0.1 January 29, 2013 This page has been intentionally left blank. www.opencores.org Rev 0.1 ii Rev. Date Author Description 0.1 01/29/2013
More informationBenchmarking of Cryptographic Algorithms in Hardware. Ekawat Homsirikamol & Kris Gaj George Mason University USA
Benchmarking of Cryptographic Algorithms in Hardware Ekawat Homsirikamol & Kris Gaj George Mason University USA 1 Co-Author Ekawat Homsirikamol a.k.a Ice Working on the PhD Thesis entitled A New Approach
More informationOn Optimized FPGA Implementations of the SHA-3 Candidate Grøstl
On Optimized FPGA Implementations of the SHA-3 Candidate Grøstl Bernhard Jungk, Steffen Reith, and Jürgen Apfelbeck Fachhochschule Wiesbaden University of Applied Sciences {jungk reith}@informatik.fh-wiesbaden.de
More informationHigh-Speed Hardware for NTRUEncrypt-SVES: Lessons Learned Malik Umar Sharif, and Kris Gaj George Mason University USA
High-Speed Hardware for NTRUEncrypt-SVES: Lessons Learned Malik Umar Sharif, and Kris Gaj George Mason University USA Partially supported by NIST under grant no. 60NANB15D058 1 Co-Author Malik Umar Sharif
More informationGMU Hardware API for Authen4cated Ciphers
GMU Hardware API for Authen4cated Ciphers Ekawat Homsirikamol, William Diehl, Ahmed Ferozpuri, Farnoud Farahmand, Malik Umar Sharif, and Kris Gaj George Mason University USA http:/cryptography.gmu.edu
More informationAES as A Stream Cipher
> AES as A Stream Cipher < AES as A Stream Cipher Bin ZHOU, Kris Gaj, Department of ECE, George Mason University Abstract This paper presents implementation of advanced encryption standard (AES) as a stream
More informationECE 545 Fall 2010 Exam 1
ECE 545 Fall 2010 Exam 1 Introduction & tasks: The SHA-1 (Secure Hash Algorithm-1) circuit is specified below using its a. pseudocode b. block diagram of one of its units called Message Scheduler c. top-level
More informationBenchmarking of Round 2 CAESAR Candidates in Hardware: Methodology, Designs & Results
Benchmarking of Round 2 CAESAR Candidates in Hardware: Methodology, Designs & Results Ekawat Homsirikamol, Panasayya Yalla, Ahmed Ferozpuri, William Diehl, Farnoud Farahmand, Michael X. Lyons, and Kris
More informationFundamentals of Linux Platform Security
Fundamentals of Linux Platform Security Security Training Course Dr. Charles J. Antonelli The University of Michigan 2012 Linux Platform Security Module 2 Password Authentication Roadmap Password Authentication
More informationCryptographic Hash Functions
Cryptographic Hash Functions Çetin Kaya Koç koc@cs.ucsb.edu Çetin Kaya Koç http://koclab.org Winter 2017 1 / 34 Cryptographic Hash Functions A hash function provides message integrity and authentication
More informationFPGA Implementation of Shabal: Our First Results (1/15/2010)
FGA Implementation of Shabal: Our First Results (1/15/2010) Romain Feron and Julien Francq EADS Defence & Security, Cyber Security Customer Solutions Center (CSCSC) Abstract. In this short note, we describe
More informationBenchmarking of Round 3 CAESAR Candidates in Hardware: Methodology, Designs & Results
Benchmarking of Round 3 CAESAR Candidates in Hardware: Methodology, Designs & Results Ekawat Homsirikamol, Farnoud Farahmand, William Diehl, and Kris Gaj George Mason University USA http://cryptography.gmu.edu
More informationHands-On Network Security: Practical Tools & Methods. Hands-On Network Security. Roadmap. Security Training Course
Hands-On Network Security: Practical Tools & Methods Security Training Course Dr. Charles J. Antonelli The University of Michigan 2012 Hands-On Network Security Module 4 Password Strength & Cracking Roadmap
More informationHands-On Network Security: Practical Tools & Methods
Hands-On Network Security: Practical Tools & Methods Security Training Course Dr. Charles J. Antonelli The University of Michigan 2012 Hands-On Network Security Module 4 Password Strength & Cracking Roadmap
More informationNetwork Security Fundamentals
Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University of Michigan 2013 Network Security Fundamentals Module 4 Password Strength & Cracking Roadmap Password Authentication
More informationJaap van Ginkel Security of Systems and Networks
Jaap van Ginkel Security of Systems and Networks November 5, 2012 Part 3 Modern Crypto SSN Week 2 Hashes MD5 SHA Secret key cryptography AES Public key cryptography DES Book Chapter 1 in full Chapter 2
More informationWinter 2011 Josh Benaloh Brian LaMacchia
Winter 2011 Josh Benaloh Brian LaMacchia Symmetric Cryptography January 20, 2011 Practical Aspects of Modern Cryptography 2 Agenda Symmetric key ciphers Stream ciphers Block ciphers Cryptographic hash
More informationCubeHash parameter tweak: 10 smaller MAC overhead
CubeHash parameter tweak: 10 smaller MAC overhead Daniel J. Bernstein Department of Computer Science University of Illinois at Chicago Chicago, IL 60607 7045 cubehash@box.cr.yp.to 1 Introduction CubeHashi+r/b+f
More informationCompact Dual Block AES core on FPGA for CCM Protocol
Compact Dual Block AES core on FPGA for CCM Protocol João Carlos C. Resende Ricardo Chaves 1 Compact Dual Block AES core on FPGA for CCM Protocol João CC Resende & Ricardo Chaves Outline Introduction &
More informationCAESAR Hardware API. Ekawat Homsirikamol, William Diehl, Ahmed Ferozpuri, Farnoud Farahmand, Panasayya Yalla, Jens-Peter Kaps, and Kris Gaj
CAESAR Hardware API Ekawat Homsirikamol, William Diehl, Ahmed Ferozpuri, Farnoud Farahmand, Panasayya Yalla, Jens-Peter Kaps, and Kris Gaj Cryptographic Engineering Research Group George Mason University
More informationHOST Cryptography III ECE 525 ECE UNM 1 (1/18/18)
AES Block Cipher Blockciphers are central tool in the design of protocols for shared-key cryptography What is a blockcipher? It is a function E of parameters k and n that maps { 0, 1} k { 0, 1} n { 0,
More informationKeccak discussion. Soham Sadhu. January 9, 2012
Keccak discussion Soham Sadhu January 9, 2012 Keccak (pronounced like Ketchak ) is a cryptographic hash function designed by Guido Bertoni, Joan Daemen, Michaël Peeters and Gilles Van Assche. Keccak is
More informationA Low-Area yet Performant FPGA Implementation of Shabal
A Low-Area yet Performant FPGA Implementation of Shabal Jérémie Detrey, Pierrick Gaudry, and Karim Khalfallah 2 CARAMEL project-team, LORIA, INRIA / CNRS / Nancy Université, Campus Scientifique, BP 239,
More informationImplementation of the block cipher Rijndael using Altera FPGA
Regular paper Implementation of the block cipher Rijndael using Altera FPGA Piotr Mroczkowski Abstract A short description of the block cipher Rijndael is presented. Hardware implementation by means of
More informationLooting the LUTs : FPGA Optimization of AES and AES-like Ciphers for Authenticated Encryption
Looting the LUTs : FPGA Optimization of AES and AES-like Ciphers for Authenticated Encryption Mustafa Khairallah 1, Anupam Chattopadhyay 1,2, and Thomas Peyrin 1,2 1 School of Physical and Mathematical
More informationFPGA Implementations of SHA-3 Candidates: CubeHash, Grøstl, LANE, Shabal and Spectral Hash
FPGA Implementations of SHA-3 Candidates: CubeHash, Grøstl, LANE, Shabal and Spectral Hash Brian Baldwin, Andrew Byrne, Mark Hamilton, Neil Hanley, Robert P. McEvoy, Weibo Pan and William P. Marnane Claude
More informationComparison of the Hardware Performance of the AES Candidates Using Reconfigurable Hardware
Comparison of the Hardware Performance of the AES Candidates Using Reconfigurable Hardware Master s Thesis Pawel Chodowiec MS CpE Candidate, ECE George Mason University Advisor: Dr. Kris Gaj, ECE George
More informationKeccak specifications
Keccak specifications Guido Bertoni 1, Joan Daemen 1, Michaël Peeters 2 and Gilles Van Assche 1 1 STMicroelectronics 2 NXP Semiconductors http://keccak.noekeon.org/ Version 2 September 10, 2009 Keccak
More informationSIMD Instruction Set Extensions for KECCAK with Applications to SHA-3, Keyak and Ketje!
SIMD Instruction Set Extensions for KECCAK with Applications to SHA-3, Keyak and Ketje! Hemendra K. Rawat and Patrick Schaumont! Virginia tech, Blacksburg, USA! {hrawat, schaum}@vt.edu! 1 Motivation q
More informationA High-Speed Unified Hardware Architecture for the AES and SHA-3 Candidate Grøstl
A High-Speed Unified Hardware Architecture for the AES and SHA-3 Candidate Grøstl Marcin Rogawski and Kris Gaj Volgenau School of Engineering George Mason University Fairfax, Virginia 22030 email: {mrogawsk,
More informationJava Implementation and Performance Analysis of 14 SHA-3 Hash Functions on a Constrained Device
Java Implementation and Performance Analysis of 14 SHA-3 Hash Functions on a Constrained Device Mats Knutsen Kim-André Martinsen Master of Science in Communication Technology Submission date: June 2010
More informationHardware Architectures
Hardware Architectures Secret-key Cryptography Public-key Cryptography Cryptanalysis AES & AES candidates estream candidates Hash Functions SHA-3 Montgomery Multipliers ECC cryptosystems Pairing-based
More informationHash functions & MACs
ECE 646 Lecture 11 Hash functions & MACs Required Reading W. Stallings, "Cryptography and Network-Security, Chapter 11 Cryptographic Hash Functions Appendix 11A Mathematical Basis of Birthday Attack Chapter
More informationextended external Benchmarking extension (XXBX)
extended external Benchmarking extension () John Pham and Jens-Peter Kaps Cryptographic Engineering Research Group (CERG) http://cryptography.gmu.edu Department of ECE, Volgenau School of Engineering,
More informationFPGA Matrix Multiplier
FPGA Matrix Multiplier In Hwan Baek Henri Samueli School of Engineering and Applied Science University of California Los Angeles Los Angeles, California Email: chris.inhwan.baek@gmail.com David Boeck Henri
More informationHardware Implementations of the Round-Two SHA-3 Candidates: Comparison on a Common Ground
Hardware Implementations of the Round-Two SHA-3 Candidates: Comparison on a Common Ground Stefan Tillich 1 2, Martin Feldhofer 1, Mario Kirschbaum 1, Thomas Plos 1, Jörn-Marc Schmidt 1, Alexander Szekely
More informationAvailable online at ScienceDirect. Procedia Technology 24 (2016 )
Available online at www.sciencedirect.com ScienceDirect Procedia Technology 24 (2016 ) 918 924 International Conference on Emerging Trends in Engineering, Science and Technology (ICETEST - 2015) Design
More informationAn 80Gbps FPGA Implementation of a Universal Hash Function based Message Authentication Code
An 8Gbps FPGA Implementation of a Universal Hash Function based Message Authentication Code Abstract We developed an architecture optimization technique called divide-and-concatenate and applied it to
More informationCan High-Level Synthesis Compete Against a Hand-Written Code in the Cryptographic Domain? A Case Study
Can High-Level Synthesis Compete Against a Hand-Written Code in the Cryptographic Domain? A Case Study Ekawat Homsirikamol & Kris Gaj George Mason University USA Project supported by NSF Grant #1314540
More informationAdvanced Encryption Standard / Rijndael IP Core. Author: Rudolf Usselmann
Advanced Encryption Standard / Rijndael IP Core Author: Rudolf Usselmann rudi@asics.ws www.asics.ws Rev. 1.1 November 12, 2002 Revision History Rev. Date Author Description 1.0 11/9/02 Rudolf Usselmann
More informationFPGA Implementation of High Speed AES Algorithm for Improving The System Computing Speed
FPGA Implementation of High Speed AES Algorithm for Improving The System Computing Speed Vijaya Kumar. B.1 #1, T. Thammi Reddy.2 #2 #1. Dept of Electronics and Communication, G.P.R.Engineering College,
More informationChapter 2 Hardware Implementation of Hash Functions
Chapter 2 Hardware Implementation of Hash Functions Zhijie Shi, Chujiao Ma, Jordan Cote, and Bing Wang 2.1 Introduction to Cryptographic Hash Functions Hash algorithm is a type of cryptographic primitives.
More informationDISTRIBUTED COMPUTING AND OPTIMIZATION SPACE EXPLORATION FOR FAIR A1\TD EFFICIENT BENCHMARKING OF CRYPTOGRAPHIC CORES IN FPGAS
DISTRIBUTED COMPUTING AND OPTIMIZATION SPACE EXPLORATION FOR FAIR A1\TD EFFICIENT BENCHMARKING OF CRYPTOGRAPHIC CORES IN FPGAS Committee: K~' by Benjamin Brewster A Thesis Submitted to the Graduate Faculty
More informationFuture Challenges for Lightweight Cryptography
Future Challenges for Lightweight Cryptography F.-X. Standaert UCL Crypto Group Crypto for 2020, Tenerife, January 2013 Outline 1 1. Past results 2. Future challenges 1. Block ciphers 2 TEA, NOEKEON, AES,
More informationPreimage attacks on the round-reduced Keccak with the aid of differential cryptanalysis
Preimage attacks on the round-reduced Keccak with the aid of differential cryptanalysis Pawe l Morawiecki 1,3, Josef Pieprzyk 2, Marian Srebrny 1,3, and Micha l Straus 1 1 Section of Informatics, University
More informationRevisiting the IDEA Philosophy
Revisiting the IDEA Philosophy Pascal Junod 1,2 Marco Macchetti 2 1 University of Applied Sciences Western Switzerland (HES-SO) 2 Nagracard SA, Switzerland FSE 09 Leuven (Belgium), February 24, 2009 Outline
More informationAppendix K SHA-3. William Stallings
Appendix K SHA-3 William Stallings K.1 THE ORIGINS OF SHA-3... 2 K.2 EVALUATION CRITERIA FOR SHA-3... 4 K.3 THE SPONGE CONSTRUCTION... 6 K.4 THE SHA-3 ITERATION FUNCTION f... 13 Structure of f... 14 Theta
More informationSecure Hash Algorithm-3(SHA-3) implementation on Xilinx FPGAs, Suitable for IoT Applications
Secure Hash Algorithm-3(SHA-3) implementation on Xilinx FPGAs, Suitable for IoT Applications Muzaffar Rao, Thomas Newe and Ian Grout University of Limerick, Ireland muhammad.rao @ ul.ie, thomas.newe @
More informationHardware Implementation of the Code-based Key Encapsulation Mechanism using Dyadic GS Codes (DAGS)
Hardware Implementation of the Code-based Key Encapsulation Mechanism using Dyadic GS Codes (DAGS) Viet Dang and Kris Gaj ECE Department George Mason University Fairfax, VA, USA Introduction to DAGS The
More informationSkein. John Kevin Hicks
Skein John Kevin Hicks 2 Outline Introduction Skein Overview Threefish Block Cipher Unique Block Iteration Optional Argument System Skein Performance Security Claims and Current Cryptanalysis Conclusions
More informationECE 545 Fall 2013 Final Exam
ECE 545 Fall 2013 Final Exam Problem 1 Develop an ASM chart for the circuit EXAM from your Midterm Exam, described below using its A. pseudocode B. table of input/output ports C. block diagram D. interface
More informationHigh Level Synthesis of Cryptographic Hardware. Jeremy Trimble ECE 646
High Level Synthesis of Cryptographic Hardware Jeremy Trimble ECE 646 High Level Synthesis Synthesize (FPGA) hardware using software programming languages: C / C++, Domain specific Languages ( DSL ) Typical
More informationData-Oriented Performance Analysis of SHA-3 Candidates on FPGA Accelerated Computers
Data-Oriented Performance Analysis of SHA-3 Candidates on FPGA Accelerated Computers Zhimin Chen, Xu Guo, Ambuj Sinha, and Patrick Schaumont ECE Department, Virginia Tech {chenzm, xuguo, ambujs87, schaum}@vt.edu
More informationECE 645: Lecture 1. Basic Adders and Counters. Implementation of Adders in FPGAs
ECE 645: Lecture Basic Adders and Counters Implementation of Adders in FPGAs Required Reading Behrooz Parhami, Computer Arithmetic: Algorithms and Hardware Design Chapter 5, Basic Addition and Counting,
More informationCryptography. Summer Term 2010
Summer Term 2010 Chapter 2: Hash Functions Contents Definition and basic properties Basic design principles and SHA-1 The SHA-3 competition 2 Contents Definition and basic properties Basic design principles
More informationDesign of an Efficient Architecture for Advanced Encryption Standard Algorithm Using Systolic Structures
Design of an Efficient Architecture for Advanced Encryption Standard Algorithm Using Systolic Structures 1 Suresh Sharma, 2 T S B Sudarshan 1 Student, Computer Science & Engineering, IIT, Khragpur 2 Assistant
More informationDEVELOPMENT AND BENCHMARKING OF CRYPTOGRAPHIC IMPLEMENTATIONS ON EMBEDDED PLATFORMS
DEVELOPMENT AND BENCHMARKING OF CRYPTOGRAPHIC IMPLEMENTATIONS ON EMBEDDED PLATFORMS by John Pham A Thesis Submitted to the Graduate Faculty of George Mason University In Partial fulfillment of The Requirements
More information