Sie sind auf Seite 1von 24

Click to edit Master text styles Second level Third level Fourth level Fifth level

High Throughput Hardware Implementation of Secure Hash Algorithm (SHA-3) Finalist - BLAKE
By

Kashif Latif

ISRL

National University of Sciences and Technology

information Security Research Laboratory

Scheme of Presentation

evel h level ISRL h level information Security Research Laboratory

Introduction Scope Cryptographic Hash Functions Requirement of new hash algorithm SHA-3 Contest SHA-3 Finalists BLAKE Hash Function Implementation Results Conclusion it Master text styles Q/A el
33

INTRODUCTION

Hardware solutions to Cryptographic algorithms provide high speed and real time results for applications like data confidentiality & authentications FPGA is the best leading representative of reconfigurable hardware devices of modern era Implementations need both efficient and cost effective solutions of cryptographic algorithms on reconfigurable platforms

it Master text styles el evel h level ISRL h level information Security Research Laboratory

44

SCOPE

Cryptographic hash functions are widely used in many information security applications like digital signatures, message authentication codes (MACs) and other forms of authentications National Institute of Standards and Technology (NIST) USA has announced a public competition on November 2, 2007 to develop a new cryptographic hash algorithm called SHA-3 A response to recent advances in the it Master text styles cryptanalysis of commonly used hash el algorithms. Include SHA family: SHA-0, evel SHA-1, SHA-256 and SHA-512, MD4 and h level 55 MD5 ISRL information Security Research Laboratory

h level

A one-way procedure whose input is arbitrary random block of data and output is a fixed-size bit string A hash value H of plaintext M generated by a hash function h of the form H = h(M) More often, the data to be hashed is called the message, and the hash value is called the message digest or simply digest

CRYPTOGRAPHIC HASH FUNCTIONS

it Master text styles el evel h level ISRL h level information Security Research Laboratory

66

CRYPTOGRAPHIC HASH FUNCTIONS


APPLICATIONS Verifying File integrity Hashing Passwords Digital Signatures

it Master text styles el evel h level ISRL h level information Security Research Laboratory

77

CRYPTOGRAPHIC HASH FUNCTIONS

APPLICATIONS
Message Message Message Hash Function
Message Digest Signature Signature
Compare

Hash Function
Message Digest

K
Signature

it Master text styles Signatures with Conventional Encryption Digital el and Hash Functions evel h level 88 ISRL information Security Research Laboratory h level

Commonly used hash algorithms, SHA family: SHA-0, SHA-1, SHA-256 and SHA512, MD4 and MD5 In previous few years, cryptanalysis of these algorithms found serious vulnerabilities Collisions were reported for MD4, MD5, HAVAL-128 and RIPEMD in 2004 [1] A 263 operations collision attack on SHA-1 is reported in 2005 [2], previously it was thought of 280 operations it Master text styles A collision attack on MD5 is reported in el 2006 [3] evel SHA-3 Contest is a response to recent h level ISRL information Security Rin the cryptanalysis of these 99 advances esearch Laboratory h level

REQUIREMENT OF NEW HASH ALGORITHM

SHA-3 CONTEST

Publically open contest like AES in 19972001 NIST announced in November 2007 64 submissions, out of which 51 fulfilled the minimum submission requirements and were selected as the First Round Candidates in Dec 2008 Reduced to 14 in Round 2 of the competition 5 out of 14 Round 2 candidates selected and promoted to Final Round on 10 it Master text styles December 2010 el Tentative time-line for the end of this evel competition and selection of finalist for h level 1010 ISRL information Security in 4th aboratory SHA-3 is Research L quarter of 2012 h level

SHA-3 Finalists

BLAKE Grstl JH Keccak Skein

it Master text styles el evel h level ISRL h level information Security Research Laboratory

1111

Based on Bernsteins stream cipher ChaCha Uses iteration mode HAIFA Internal construction is local wide-pipe
Chain Value

BLAKE Hash function

Initializatio n

Rounds

Finalization

Next Chain Value

Salt

Counter

Message

Chain Value

Salt

it Master text styles el evel h level ISRL h level information Security Research Laboratory

1212

BLAKE Hash function Two basic variants BLAKE-256 and BALKE512 BLAKE-256 operates on 32-bit and BLAKE512 operates on 64-bit words Compression function takes four inputs Chaining hash value h = h0, h1, h2, , h7 Message block m = m0, m1, m2, , m15 Salt s = s0, s1, s2, s3 Counter t = t0, t1 Additional use of constants and Permutation table it MasterConstants c = c0, c1, c2, , c15 text styles el Permutation r {0,., 15} evel h'0 h level Output is new chaining hash value h'= 1313 ,

ISRL h level information Security Research Laboratory

BLAKE Hash function Initialization: 4x4 matrix of 16 words v = v0, v1, v2, , v15 initialized as follows:
v0 v4 v8 v12 v1 v5 v9 v13 v2 v6 v10 v14 v3 v7 v11 v15 h0 h4 h1 h5 h2 h6 h3 h7 s0 c0 s1 c1 s2 c2 s3 c3 t0 c4 t0 c5 t1 c6 t1 c7

Round Function: Simple transformation over state v, computation of following 8 G functions (v0, v4, v8,v12 ) G2 (v1, v5, v9,v13 ) G0
G4 (v2, v6, v10,v14 ) G6 (v3, v7, v11,v15 ) G8 (v0, v5, v10,v15 ) G10 (v1, v6, v11,v12 )

it Master text styles G12 (v2, v7, v8,v13 ) G14 (v3, v4, v9,v14 ) el evel h level ISRL h level information Security Research Laboratory

1414

BLAKE Hashas: function G (a, b, c, d ) is defined


a d c b a d c b = a + b + (mr(i) cr(i +1)) = ( d a ) >> 16 = c+d = ( b c ) >> 12 = a + b + (mr(i+1) cr(i )) = ( d a ) >> 8 = c+d = ( b c ) >> 7

it Master text styles el evel h level ISRL h level information Security Research Laboratory

+ > >

Bit wise XOR Addition Right rotate


1515

RoundBLAKE is iterated 14 times for function Hash function BLAKE-256 and 16 times for BLAKE-512 Finalization:
h'0 h'1 h'2 h'3 h'4 h'5 h'6 h'7 = h0 s0 v0 v8 = h1 s1 v1 v9 = h2 s2 v2 v10 = h3 s3 v3 v11 = h4 s0 v4 v12 = h5 s1 v5 v13 = h6 s2 v6 v14 = h7 s3 v7 v15

it Master text styles el evel h level ISRL h level information Security Research Laboratory

1616

Input/output interface

IMPLEMENTATION
clo res ck loa et ac d Hash hash_v k Module alid data _IN6 data_OU 4 T 6 4

I/O Interface

it Master text styles el evel h level ISRL h level information Security Research Laboratory

1717

IMPLEMENTATION Data path and Control path


input clock
Clock

reset selec t hash_e n hash_do ne

Input Registers

it Master text styles el evel h level ISRL h level information Security Research Laboratory

Control Path

Data Path

Counter FSM Logic State Reg

BLAKE Hash Core

Intermedia te Registers

Output Register

outpu t

1818

IMPLEMENTATION Data path Architecture


I V
Initializatio n

V_Reg

CV_Reg

m s g cn st.

Finalizatio it Master text styles n el hash evel h level ISRL h level information Security Research Laboratory

G Functions

G 1

G 2

G 3

G 4

1919

RESULTS
Device Xilinx Virtex 7 Xilinx Virtex 6 Xilinx Virtex 5
[Slices]

Area

Fmax
[MHz]

[ns]

1566 1602 1739

135.355 131.961 124.55

7.388 7.578 8.029

Device Xilinx Virtex 7 Xilinx Virtex 6 Xilinx Virtex 5

Block Size
[bits]

Nclk
[cycles]

[ns]

Thash
[ns]

TP
[Gb/s]

512 512 512

28 28 28

7.388 7.578 8.029

206.86 212.18 224.81

2.47 2.41 2.28

it Master text styles el evel h level ISRL h level information Security Research Laboratory

2020

Comparison with previous Author (s) work


Device Fmax
[MHz] [Slices]

Area

[Gb/s]

TP

[Mbps/slice]

TPA 1.58 1.51 1.31 1.45 0.50 0.38 1.10 1.57 1.33

Our work Our work Our work Aumasson et al. [7] Baldwin et al. [8] Matsuo et al. [9] Kris Gaj et al. [10] E. Hom. et al. [11] E. Hom. et al. [11]

Virtex 7 Virtex 6 Virtex 5 Virtex 5 Virtex 5 Virtex 5 Virtex 5 Virtex 6 Virtex 5

135.355 131.961 124.55 100.00 91.35 115.00 117.06 -

1566 1602 1739 1217 1653 1660 1871 1247 1691

2.47 2.41 2.28 1.76 0.83 0.64 2.07 1.96 2.25

it Master text styles el evel h level ISRL h level information Security Research Laboratory

2121

CONCLUSION

We have presented efficient and high throughput implementation of BLAKE-256 Results shown for Virtex 5, Virtex 6 and Virtex 7 Performance figures reported in terms of Area consumption, throughput and throughput per area Results achieved in this work are exceeding the performance for implementations reported so far it Master text styles el This work serves as performance evel investigation of BLAKE-256 on most uph level 2222 to-date FPGAs ISRL information Security Research Laboratory h level

Question & Answers

Q/A
2323

it Master text styles el evel h level ISRL h level information Security Research Laboratory

REFERENCES
[1] X. L. Xiaoyun Wang, D. Feng and H. Yu, Collisions for hash functions MD4, MD5, HAVAL-128 and RIPEMD, Cryptology ePrint Archive, Report 2004/199, http://eprint.iacr.org/2004/199, pp. 1-4. [2] M. Szydlo, SHA-1 collisions can be found in 263 operations, CryptoBytes Technical Newsletter, August 19, 2005. [3] M. Stevens, Fast collision attack on MD5, ePrint-2006-104, March 2006 http://eprint.iacr.org/2006/104.pdf, pp. 1-13. [4] Federal Register / Vol. 72, No. 212 / Friday, November 2, 2007 / Notices, http://csrc.nist.gov/groups/ ST/hash/documents/ FR_Notice_Nov07.pdf, pp. 1-9. [5] National Institute of Standards and Technology (NIST), Cryptographic Hash Algorithm Competition. http://www.nist.gov/itl/csd/ct/. [6] NIST Interagency Report 7764, Status Report on the Second Round of the SHA-3 Cryptographic Hash Algorithm Competition, February 2011, pp. 1-38. [7] J. Aumasson, L. Henzen, W. Meier, R. W. Phan, SHA-3 Proposal BLAKE version 1.3, http://131002.net/blake/blake.pdf, December 2010, pp. 1-79. [8] B. Baldwin, N. Hanley, M. Hamilton, L. Lu, A. Byrne, M. Neill and W. P. Marnane, FPGA Implementations of the Round Two SHA-3 Candidates, 2nd SHA-3 Candidate Conference, Santa Barbara, August 23-24, 2010, pp. 1-18. [9] S. Matsuo, M. Knezevic, P. Schaumont, I. Verbauwhede, A. Satoh, K. Sakiyama and K. Ota, How Can We Conduct Fair and Consistent Hardware Evaluation for SHA-3 Candidate?, 2nd SHA-3 Candidate Conference, Santa Barbara, August 23-24, 2010, pp. 1-15. [10] K. Gaj, E. Homsirikamol, and M. Rogawski, Fair and Comprehensive Methodology for Comparing Hardware Performance of Fourteen Round Two SHA-3 Candidates using FPGAs, in Proceedings of Cryptographic Hardware and Embedded Systems workshop, CHES 2010, Santa Barbara, Aug. 2010. [11] E. Homsirikamol, M. Rogawski and K. Gaj, Comparing Hardware Performance of Round 3 SHA-3 Candidates using Multiple Hardware Architectures in Xilinx and Altera FPGAs, ECRYPT II Hash Workshop 2011, Tallinn, Estonia, May 19-20, 2011, pp. 1-15.

it Master text styles el evel h level ISRL h level information Security Research Laboratory

2424