lightweight implementations of sha 3 candidates on fpgas
play

Lightweight Implementations of SHA-3 Candidates on FPGAs Jens-Peter - PowerPoint PPT Presentation

Sep 18, 2022 •157 likes •461 views

Introduction Methodology Implementations Results Lightweight Implementations of SHA-3 Candidates on FPGAs Jens-Peter Kaps Panasayya Yalla Kishore Kumar Surapathi Bilal Habib Susheel Vadlamudi Smriti Gurung John Pham Cryptographic

  1. Introduction Methodology Implementations Results Lightweight Implementations of SHA-3 Candidates on FPGAs Jens-Peter Kaps Panasayya Yalla Kishore Kumar Surapathi Bilal Habib Susheel Vadlamudi Smriti Gurung John Pham Cryptographic Engineering Research Group (CERG) http://cryptography.gmu.edu Department of ECE, Volgenau School of Engineering, George Mason University, Fairfax, VA, USA 12th International Conference on Cryptology in India Indocrypt 2011 Indocrypt 2011 J.-P. Kaps, Smriti Gurung, et al. Lightweight Implementations of SHA-3 on FPGAs 1 / 27

  2. Introduction Methodology Implementations Results Outline 1 Introduction 2 Methodology 3 Implementations 4 Results Indocrypt 2011 J.-P. Kaps, Smriti Gurung, et al. Lightweight Implementations of SHA-3 on FPGAs 2 / 27

  3. Introduction Hash Function Competition Methodology Previous Work Implementations Goal Results Hash Function Competition A hash algorithm reads an arbitrary length message and produces a fixed bit string called hash value/message digest. Main applications: Digital signatures, Message Authentication Codes (MAC), Universal Unique IDentifier(UUID/GUID), password tables and many more. NIST competition for new secure hash algorithm SHA-3 Announced in Nov 2007, 64 entries submitted. 14 selected for Round 2. Currently in Round 3 → 5 finalists. NIST’s selection criteria: Security, HW/SW speed, scalability. Indocrypt 2011 J.-P. Kaps, Smriti Gurung, et al. Lightweight Implementations of SHA-3 on FPGAs 3 / 27

  4. Introduction Hash Function Competition Methodology Previous Work Implementations Goal Results Hash Function Competition A hash algorithm reads an arbitrary length message and produces a fixed bit string called hash value/message digest. Main applications: Digital signatures, Message Authentication Codes (MAC), Universal Unique IDentifier(UUID/GUID), password tables and many more. NIST competition for new secure hash algorithm SHA-3 Announced in Nov 2007, 64 entries submitted. 14 selected for Round 2. Currently in Round 3 → 5 finalists. NIST’s selection criteria: Security, HW/SW speed, scalability. Motivation Analyze performance of candidates in a constrained FPGA environment ⇒ determine scalability on FPGAs. Indocrypt 2011 J.-P. Kaps, Smriti Gurung, et al. Lightweight Implementations of SHA-3 on FPGAs 3 / 27

  5. Introduction Hash Function Competition Methodology Previous Work Implementations Goal Results Previous Work on SHA-3 Candidates Several Throughput/Area optimized implementations on FPGAs were published: Gaj et al.[CHES 2010], Matsuo et al.[SHA-3 conference 2010], Baldwin et al.[SHA-3 conference 2010]. Only two specific for low-area implementations of SHA-3 finalists: Kerckhof et al.[HASH 2011], Jungk et al.[Reconfig 2011]. Indocrypt 2011 J.-P. Kaps, Smriti Gurung, et al. Lightweight Implementations of SHA-3 on FPGAs 4 / 27

  6. Introduction Hash Function Competition Methodology Previous Work Implementations Goal Results Previous Work on SHA-3 Candidates Several Throughput/Area optimized implementations on FPGAs were published: Gaj et al.[CHES 2010], Matsuo et al.[SHA-3 conference 2010], Baldwin et al.[SHA-3 conference 2010]. Only two specific for low-area implementations of SHA-3 finalists: Kerckhof et al.[HASH 2011], Jungk et al.[Reconfig 2011]. Problem: Rating algorithm performance when Implementations are on different devices, made with different implementation goals and features, vary in both: area and throughput, and support different I/O interface widths. Indocrypt 2011 J.-P. Kaps, Smriti Gurung, et al. Lightweight Implementations of SHA-3 on FPGAs 4 / 27

  7. Introduction Hash Function Competition Methodology Previous Work Implementations Goal Results Our Goal: Comprehensive set of lightweight implementations of all Round 2 SHA-3 Candidates (except SIMD) and all SHA-3 Finalists. All optimized for the same target → maximum Throughput to Area ratio for given area budget. All use the same standardized interface. Implemented on different families for fair comparison with other reported results. Target Details: Xilinx Spartan 3, low cost FPGA family Budget: 400-600 slices, 1 Block RAM (BRAM) Implemented 256 bit digest versions only Indocrypt 2011 J.-P. Kaps, Smriti Gurung, et al. Lightweight Implementations of SHA-3 on FPGAs 5 / 27

  8. Introduction Methodology Assumptions Implementations Interface and Protocol Results Assumptions Implementing for minimum area alone can lead to unrealistic run-times. ⇒ Target: Achieve the maximum Throughput/Area ratio for a given area budget. Realistic scenario: System on Chip: Certain area only available. Standalone: Smaller Chip, lower cost, but limit to smallest chip available, e.g. 768 slices on smallest Spartan 3 FPGA. Makes fair comparison of lightweight implementations possible. Indocrypt 2011 J.-P. Kaps, Smriti Gurung, et al. Lightweight Implementations of SHA-3 on FPGAs 6 / 27

  9. Introduction Methodology Assumptions Implementations Interface and Protocol Results Interface and Protocol Based on Interface and I/O Protocol from Gaj et al.[CHES 2010]. msg len ap, seq len ap (after padding ) in 32-bit words. msg len bp, seq len bp (before padding) in bits. n − 2 � msg len bp = seq len ap i · 32 + seq len bp n − 1 i =0 n − 1 bits � w msg len ap = seq len ap i · 32 seq_len_ap 0 0 i =0 seq w = 16 bits. 0 clk rst seq_len_ap 0 bits 1 w seq msg_len_ap 1 clk rst 1 msg_len_bp SHA Core w w seq_len_ap 1 n−1 din dout seq_len_bp message n−1 src_ready dst_ready src_read dst_write seq n−1 a)SHA Interface b)SHA Protocol Indocrypt 2011 J.-P. Kaps, Smriti Gurung, et al. Lightweight Implementations of SHA-3 on FPGAs 7 / 27

  10. BLAKE-256 Introduction Grøstl Methodology JH Implementations Keccak Results Skein BLAKE-256 Algorithm Key Features M C 255 Init. Ti 0 Salt value: A user Dependant 512 512 512 256 constant 128 bits set all to 0 P P P1 14x 512 512 8 G functions : XOR, addition, G G G G IV CM shifting. P2 H 511 255 G G G G P1,P2 : Permutation 256 0 Blake scales very well. CM CM G 32 A A’ Folded up to 4 times vertically 12 32 7 <<< <<< B B’ and 4 times horizontally. 32 C C’ 16 32 8 <<< <<< D D’ Indocrypt 2011 J.-P. Kaps, Smriti Gurung, et al. Lightweight Implementations of SHA-3 on FPGAs 8 / 27

  11. BLAKE-256 Introduction Grøstl Methodology JH Implementations Keccak Results Skein BLAKE-256 Implementation Implementation dout 32 CM REG_A DRAM 1 A A’ 0 1 Salt : BRAM 31 15 32 0 din 31 16 0 R4 16 Reg REG_B1 REG_B2 <<< State: DRAM Port−A 15 32 DRAM 1 B 1 B’ 0 BRAM 0 32 0 R2 Quasi pipelined Half G Port−B <<< 32 32 REG_C DRAM 1 C C’ function 32 0 R3 <<< Registers: Reduce REG_1 REG_2 DRAM 1 D 1 D’ R1 0 0 32 1 0 1 0 critical path <<< D 32 32 C B 32 32 A Permutation causes a large controller with 210 addresses. BRAM contains constants, message, IV, intermediate hash. Scalability: Unfolding leads to worse TP/A. Improvement: Rescheduling of G results in 290 clock per block versus 350 . Indocrypt 2011 J.-P. Kaps, Smriti Gurung, et al. Lightweight Implementations of SHA-3 on FPGAs 9 / 27

  12. BLAKE-256 Introduction Grøstl Methodology JH Implementations Keccak Results Skein Grøstl Algorithm M Key Features 512 512 IV Hi−1 Based on AES like architecture 512 S-BOX, shift rows, Mixed P Q Addp Addq 512 512 columns S−Box S−Box Grøstl scales well, like AES. 10x 10x Sft Row Sft Row Folded up to 8 times vertically. Mix Mix Small storage requirements. 255 Uses many narrow memory H 0 Hi accesses in parallel (8 per column). Indocrypt 2011 J.-P. Kaps, Smriti Gurung, et al. Lightweight Implementations of SHA-3 on FPGAs 10 / 27

  13. BLAKE-256 Introduction Grøstl Methodology JH Implementations Keccak Results Skein Grøstl Implementation 31 Implementation din 0 31 dout 15 B 1 16 Reg 0 32 15 A A State p,q : DRAM 0 B Port−A A Shift Rows : how data 1 0 1 0 2 1 0 2 1 0 0 1 BRAM 4xDRAM 4xDRAM 4xDRAM 4xDRAM accessed from DRAM Port−B 32 8 8 8 8 GFMul Add Constant Mix Column : Reg GF-multiplier(half Reg Reg 0 1 0 1 SBox SBox SBox SBox multiplier) Finalization takes as many clock cycles as 1 block. BRAM stores only intermediate hash and IV. One new column every 3 clock cycles, P & Q interleaved. Scalability: Reducing number of clock cycles per column by adding S-Boxes and/or GF-Multiplier. Indocrypt 2011 J.-P. Kaps, Smriti Gurung, et al. Lightweight Implementations of SHA-3 on FPGAs 11 / 27

  14. BLAKE-256 Introduction Grøstl Methodology JH Implementations Keccak Results Skein JH Algorithm 511 1024 Key Features 0 1023 512 M 512 Grouping: reordering of 1024 E 8 S 0 Group bits state SBOX : Permutation R 8 256 S−box C 0 Linear transformation : rotation L 42x and XOR R 6 S−box P 1024 De-grouping: inverse of L grouping De−group Permutation , grouping, and P 512 M de-grouping makes scaling 1023 511 1023 H 512 0 1024 768 difficult Folding increases size Indocrypt 2011 J.-P. Kaps, Smriti Gurung, et al. Lightweight Implementations of SHA-3 on FPGAs 12 / 27

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Exploring Lightweight Implementations of Generics Bruno Oliveira University of Oxford Page 1

Exploring Lightweight Implementations of Generics Bruno Oliveira University of Oxford Page 1

Exploring Lightweight Implementations of Generics Bruno Oliveira Exploring Lightweight Implementations of Generics Bruno Oliveira University of Oxford Page 1 Exploring Lightweight Implementations of Generics Bruno Oliveira Introduction

512 views • 11 slides
Reconfiguration Overhead in Dynamic Task-Based Implementations on FPGAs Padmini Nagaraj

Reconfiguration Overhead in Dynamic Task-Based Implementations on FPGAs Padmini Nagaraj

Reconfiguration Overhead in Dynamic Task-Based Implementations on FPGAs Padmini Nagaraj University of California, Berkeley, Distributed Mentor Program, Researcher Summer 2004 Professor Elaheh Bozorgzadeh University of California, Irvine,

415 views • 13 slides
Reconfiguration Overhead in Dynamic Task-Based Implementations on FPGAs Padmini Nagaraj UCB,

Reconfiguration Overhead in Dynamic Task-Based Implementations on FPGAs Padmini Nagaraj UCB,

Reconfiguration Overhead in Dynamic Task-Based Implementations on FPGAs Padmini Nagaraj UCB, Distributed Mentor Program, Researcher Summer 2004 Professor Elaheh Bozorgzadeh UCI, Distributed Mentor Program, Mentor Outline I. Introduction

607 views • 27 slides
NIST Lightweight Cryptography Workshop 2015 Session VII: Implementations &amp; Performance

NIST Lightweight Cryptography Workshop 2015 Session VII: Implementations &amp; Performance

NIST Lightweight Cryptography Workshop 2015 Session VII: Implementations &amp; Performance Performance of State-of-the-Art Cryptography on ARM-based Microprocessors Hannes Tschofenig &amp; Manuel Pegourie-Gonnard (Hannes.Tschofenig@arm.com,

509 views • 40 slides
with FP FPGAs: Cas ase Stu tudy on on a a Key-Value Store FPGAs in the Cloud Wider

with FP FPGAs: Cas ase Stu tudy on on a a Key-Value Store FPGAs in the Cloud Wider

Zsolt Istvn * , Gustavo Alonso, Ankit Singla Systems Group, Computer Science Dept., ETH Zrich * Now at IMDEA Software Institute, Madrid Providing Multi-tenant Services with FP FPGAs: Cas ase Stu tudy on on a a Key-Value Store FPGAs in

374 views • 15 slides
Toward Fair and Comprehensive Benchmarking of CAESAR Candidates in Hardware: Standard API,

Toward Fair and Comprehensive Benchmarking of CAESAR Candidates in Hardware: Standard API,

Toward Fair and Comprehensive Benchmarking of CAESAR Candidates in Hardware: Standard API, High-Speed ImplementaCons in VHDL/Verilog, and Benchmarking Using FPGAs Ekawat Homsirikamol, William Diehl, Ahmed Ferozpuri, Farnoud Farahmand, Michael

908 views • 53 slides
Its time to Think Lightweight! www.thinklightweight.com TO D A Y S TO P IC S 1.

Its time to Think Lightweight! www.thinklightweight.com TO D A Y S TO P IC S 1.

Its time to Think Lightweight! www.thinklightweight.com TO D A Y S TO P IC S 1. About Think Lightweight 2. What are Lightweight Structures? 3. Industry Applications 4. Product Line Review 5. Think Lightweight Component

832 views • 43 slides
Fixslicing - Application to some NIST LWC round 2 candidates Alexandre Adomnicai Thomas Peyrin

Fixslicing - Application to some NIST LWC round 2 candidates Alexandre Adomnicai Thomas Peyrin

Fixslicing - Application to some NIST LWC round 2 candidates Alexandre Adomnicai Thomas Peyrin Nanyang Technological University, Singapore Temasek Laboratories, Singapore Lightweight Cryptography Workshop 2020 What this talk is about B Constant-time

510 views • 24 slides
FPGAs milliseconds+ to reconfjgure custom chips ??? (next week) FPGAs ??? GPUs

FPGAs milliseconds+ to reconfjgure custom chips ??? (next week) FPGAs ??? GPUs

FPGAs milliseconds+ to reconfjgure custom chips ??? (next week) FPGAs ??? GPUs vector computations examples: computation second processor specialized for particular the accelerator concept 2 fmexible, slower functional units

423 views • 11 slides
FPGAs 1 To read more This days papers: Brown and Rose, Architecture of FPGAs and

FPGAs 1 To read more This days papers: Brown and Rose, Architecture of FPGAs and

FPGAs 1 To read more This days papers: Brown and Rose, Architecture of FPGAs and CPLDs: A Tutorial. (no review required) Putnam et al, A Reconfjgurable Fabric for Accelerating Large-Scale Datacenter Services 1

821 views • 43 slides
Optimizing Implementations of Linear Layers Zejun Xiang, Xiangyong Zeng, Da Lin, Zhenzhen Bao,

Optimizing Implementations of Linear Layers Zejun Xiang, Xiangyong Zeng, Da Lin, Zhenzhen Bao,

Optimizing Implementations of Linear Layers Zejun Xiang, Xiangyong Zeng, Da Lin, Zhenzhen Bao, Shasha Zhang Nov. 09, 2020 Lightweight Cryptography -Requirements -Primitives : SIMON SPECK Circuit size PRESENT, RECTANGLE

646 views • 22 slides
HW/SW Codesign w/ FPGAs The Nature of HW/SW I ECE 522 Hardware Software Codesign with FPGAs

HW/SW Codesign w/ FPGAs The Nature of HW/SW I ECE 522 Hardware Software Codesign with FPGAs

HW/SW Codesign w/ FPGAs The Nature of HW/SW I ECE 522 Hardware Software Codesign with FPGAs Instructor: Prof. Jim Plusquellic Text: A Practical Introduction to Hardware/Software Codesign, 2nd Edition&quot;, Patrick Schaumont, Springer,

649 views • 10 slides
FPGAs 1 CMPE691/491: Advanced FPGA Design FPGAs Large array of configurable logic blocks

FPGAs 1 CMPE691/491: Advanced FPGA Design FPGAs Large array of configurable logic blocks

FPGAs 1 CMPE691/491: Advanced FPGA Design FPGAs Large array of configurable logic blocks (CLB) connected via programmable interconnects Features and Specifications of FPGAs Basic Programmable Devices Features and Specifications of FPGAs

1.13k views • 46 slides
Psychosocial Evaluation of Adult Cardiothoracic Transplant Candidates and Candidates for

Psychosocial Evaluation of Adult Cardiothoracic Transplant Candidates and Candidates for

Psychosocial Evaluation of Adult Cardiothoracic Transplant Candidates and Candidates for Long-term Mechanical Circulatory Support by Kathleen L. Grady, PhD, RN, MS, FAAN Administrative Director, Center for Heart Failure, Bluhm Cardiovascular

589 views • 47 slides
Physical Design For FPGAs Rajeev Jayaraman Physical Implementation Tools Xilinx Inc. ISPD-2001

Physical Design For FPGAs Rajeev Jayaraman Physical Implementation Tools Xilinx Inc. ISPD-2001

Physical Design For FPGAs Rajeev Jayaraman Physical Implementation Tools Xilinx Inc. ISPD-2001 Do you know FPGAs? FPGAs are used only in prototyping and emulation systems? Can you design anything real in FPGAs? FPGAs are too

595 views • 48 slides
www.ExploreCalling.org www.ExploreCalling.org/presentations/aumcpbo 7436 active candidates 1295

www.ExploreCalling.org www.ExploreCalling.org/presentations/aumcpbo 7436 active candidates 1295

www.ExploreCalling.org www.ExploreCalling.org/presentations/aumcpbo 7436 active candidates 1295 candidates are under 30 35% of NEW candidates are U35* Under 35 Years Old * 2012 - 2013 NEW candidates by track* Chaplain Deacon Elder Local

898 views • 34 slides
Pr r t

Pr r t

Pr r t s ts r rt rt

576 views • 43 slides
Plural and : Protocols in Practice Jonathan Aldrich Workshop on Behavioral Types

Plural and : Protocols in Practice Jonathan Aldrich Workshop on Behavioral Types

Plural and : Protocols in Practice Jonathan Aldrich Workshop on Behavioral Types April 2011 School of Computer Science Empirical Study: Protocols in Java Object Protocol [Beckman, Kim, &amp; A to appear in ECOOP 2011]

734 views • 21 slides
The Super-Sbox Cryptanalysis Improved Attacks for AES-like Permutations Henri Gilbert and Thomas

The Super-Sbox Cryptanalysis Improved Attacks for AES-like Permutations Henri Gilbert and Thomas

Introduction Previous cryptanalysis techniques The Super-Sbox cryptanalysis Results The Super-Sbox Cryptanalysis Improved Attacks for AES-like Permutations Henri Gilbert and Thomas Peyrin Orange Labs and Ingenico FSE 2010 - Seoul - Korea

1.38k views • 19 slides
Sharing Resources Between AES and the SHA-3 Second Round Candidates Fugue and Grstl Kimmo

Sharing Resources Between AES and the SHA-3 Second Round Candidates Fugue and Grstl Kimmo

Sharing Resources Between AES and the SHA-3 Second Round Candidates Fugue and Grstl Kimmo Jrvinen Department of Information and Computer Science Aalto University, School of Science and Technology Espoo, Finland AES-inspired SHA-3

311 views • 12 slides
MATHEMATICS: DISCOVERED OR CONSTRUCTED? Klaus Truemper Erik Jonsson School of Engineering and

MATHEMATICS: DISCOVERED OR CONSTRUCTED? Klaus Truemper Erik Jonsson School of Engineering and

MATHEMATICS: DISCOVERED OR CONSTRUCTED? Klaus Truemper Erik Jonsson School of Engineering and Computer Science University of Texas at Dallas Aussois, January 711, 2013 The talk was given during the 17th Combinatorial Workshop 2013 in

543 views • 42 slides
Keccak, More Than Just SHA3SUM Guido Bertoni 1 Joan Daemen 1 Michal Peeters 2 Gilles Van Assche

Keccak, More Than Just SHA3SUM Guido Bertoni 1 Joan Daemen 1 Michal Peeters 2 Gilles Van Assche

Keccak, More Than Just SHA3SUM Guido Bertoni 1 Joan Daemen 1 Michal Peeters 2 Gilles Van Assche 1 1 STMicroelectronics 2 NXP Semiconductors FOSDEM 2013, Brussels, February 2-3, 2013 1 / 36 Outline 1 How it all began 2 Introducing Keccak 3

466 views • 42 slides
Cello Celebrations at UNCG: Cooperation between the University Libraries and the School of Music

Cello Celebrations at UNCG: Cooperation between the University Libraries and the School of Music

Cello Celebrations at UNCG: Cooperation between the University Libraries and the School of Music Mac Nelson, Cello Music Cataloger UNCG University Libraries SEMLA, Jacksonville, FL October 19, 2007 Why Cooperate? The Cello Music

473 views • 43 slides
The Two Nucleon System in Chiral Effective Field Theory: Searching for the Power Counting M.

The Two Nucleon System in Chiral Effective Field Theory: Searching for the Power Counting M.

The Two Nucleon System in Chiral Effective Field Theory: Searching for the Power Counting M. Pav on Valderrama Institut de Physique Nucl eaire dOrsay Chiral 13, Beijing, October 2012 Nuclear EFT p. 1 Contents The Nuclear

714 views • 33 slides

More recommend