Conference Paper

Compact FPGA Implementations of the Five SHA-3 Finalists.

DOI: 10.1007/978-3-642-27257-8_14 Conference: Smart Card Research and Advanced Applications - 10th IFIP WG 8.8/11.2 International Conference, CARDIS 2011, Leuven, Belgium, September 14-16, 2011, Revised Selected Papers
Source: DBLP

ABSTRACT Allowing good performances on different platforms is an important criteria for the selection of the future sha-3 standard. In this paper, we consider the compact implementations of blake, Grøstl, jh, Keccak and Skein on recent fpga devices. Our results bring an interesting complement to existing analyzes, as most previous works on fpga implementations of the sha-3 candidates were optimized for high throughput applications. Following recent guidelines for the fair comparison of hardware architectures, we put forward clear trends for the selection of the future standard. First, compact fpga implementations of Keccak are less efficient than their high throughput counterparts. Second, Grøstl shows interesting performances in this setting, in particular in terms of throughput over area ratio. Third, the remaining candidates are comparably suitable for compact fpga implementations, with some slight contrasts (in area cost and throughput).

  • [Show abstract] [Hide abstract]
    ABSTRACT: There exists a broad range of RFID protocols in literature that propose hash functions as cryptographic primitives. Since keccak has been selected as the winner of the NIST SHA-3 competition in 2012, there is the question of how far we can push the limits of keccak to fulfill the stringent requirements of passive low-cost RFID. In this paper, we address this question by presenting a hardware implementation of keccak that aims for lowest power and lowest area. Our smallest (full-state) design requires only 2 927 GEs (for designs with external memory available) and 5 522 GEs (total size including memory). It has a power consumption of 12.5 μW at 1 MHz on a low leakage 130 nm CMOS process technology. As a result, we provide a design that needs 40% less resources than related work. Our design is even smaller than the smallest SHA-1 and SHA-2 implementations.
    Proceedings of the 15th international conference on Cryptographic Hardware and Embedded Systems; 08/2013
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: We provide a comprehensive evaluation of several lightweight block ciphers with respect to various hardware performance metrics, with a particular focus on the energy cost. This case study serves as a background for discussing general issues related to the relative nature of hardware implementations comparisons. We also use it to extract intuitive observations for new algorithm designs. Implementation results show that the most significant differences between lightweight ciphers are observed when considering both encryption and decryption architectures, and the impact of key scheduling algorithms. Yet, these differences are moderated when looking at their amplitude, and comparing them with the impact of physical parameters tuning, e.g. frequency / voltage scaling.
    Proceedings of the 14th international conference on Cryptographic Hardware and Embedded Systems; 09/2012
  • [Show abstract] [Hide abstract]
    ABSTRACT: We present GrÆStl, a combined hardware architecture for the Advanced Encryption Standard (AES) and Grøstl, one of the final round candidates of the SHA-3 hash competition. GrÆStl has been designed for low-resource devices implementing AES-128 (encryption and decryption) as well as Grøstl-256 (tweaked version). We applied several resource-sharing optimizations and based our design on an 8/16-bit datapath. As a feature, we aim for high flexibility by targeting both ASIC and FPGA platforms and do not include technology or platform-dependent components such as RAM macros, DSPs, or Block RAMs. Our ASIC implementation (fabricated in a 0.18μm CMOS process) needs only 16.5 kGEs and requires 742/1,025 clock cycles for encryption/decryption and 3,093 clock cycles for hashing one message block. On a Xilinx Spartan-3 FPGA, our design requires 956 logic slices and 302 logic slices on a Xilinx Virtex-6. Both stand-alone implementations of AES and Grøstl outperform existing FPGA solutions regarding low-area design by needing 79% and 50% less resources as compared to existing work. GrÆStl is the first combined AES and Grøstl implementation that has been fabricated as an ASIC.
    Proceedings of the 11th international conference on Smart Card Research and Advanced Applications; 11/2012

Full-text (2 Sources)

Available from
May 31, 2014