Article

SHA 3 and Keccak variants computation speeds on constrained devices

Authors:
To read the full-text of this research, you can request a copy directly from the authors.

Abstract

In 2015, the National Institute of Standards and Technology (NIST) announced Keccak as the new primitive to be used in SHA 3, not replacing but complementing SHA 2. The Keccak primitive, based on a sponge construction, has flexible parameters that can be controlled by the user to fit the needs of the application. However, the SHA 3 standard constrains and predefines the Keccak parameters to be used and thus making its use less flexible. In this paper we try to understand the influence of these parameters with respect to memory size and throughput, specifically for constrained devices used in the Internet of Things (IoT) where speed and efficiency is important. Apart from evaluations of the code on real devices, a mathematical model is also presented which helps predicting the performance of the Keccak primitive. We also compare the standard functions from SHA 2 with SHA 3 on different platforms. All implementations of SHA 2, SHA 3 and Keccak are purely written in Rust, since Rust guarantees safe memory manipulation whilst having the same performance as C. Our measurements show that for the software implementations SHA 2 is always faster than SHA 3 on all tested platforms. When only looking at the Keccak construction, Keccak-f[800] always outperforms other permutations based on Keccak-f when the capacity c stays below 276 bits. In addition, Keccak-f[800] has the added advantage of using less flash memory on 32-bit platforms.

No full-text available

Request Full-text Paper PDF

To read the full-text of this research,
you can request a copy directly from the authors.

... Overall, the integration of SHA-3 enhances the security, efficiency, and standardization of cryptographic hash functions within Blockchain protocols, reinforcing the overall robustness and reliability of Blockchain systems. It is worth noting that SHA-3 is often referred to as Keccak [95]. The Pseudocode of SHA-3 is presented in algorithm 1. ...
Conference Paper
Organizations worldwide are under pressure to reduce their use of non-renewable energy sources and carbon emissions due to their increasing negative impact on the ongoing climate crisis. Blockchain technology, popularized by its use in Bitcoin, has been adopted for various use cases but is criticized for its high energy consumption, depending on the consensus mechanism used. Consensus mechanisms are vital for securing blockchain networks by ensuring all nodes agree on the ledger's state, but they often trade-off between low energy consumption and high security. This paper analyzes the critical factors contributing to power consumption in blockchain networks, focusing on consensus mechanisms and hashing techniques. Through a comprehensive State-of-the-Art (SOTA) review and algorithmic analysis, we examine how various consensus algorithms impact energy usage and detail the computational and space complexities of different hashing algorithms. We also investigate the energy profiles and reduction strategies of major blockchain platforms. Our findings highlight the potential to enhance blockchain energy efficiency without compromising security or performance, providing a foundation for future research in sustainable blockchain technologies.
... The Keccak algorithm is a widely utilized cryptographic hash function that plays a crucial role in ensuring data privacy and maintaining the integrity of data exchange in various daily systems. However, there is an ongoing challenge in enhancing the performance of Keccak's circuit implementation, particularly in the context of embedded systems [14,15]. ...
Article
Full-text available
Hash functions are an essential mechanism in today’s world of information security. It is common practice to utilize them for storing and verifying passwords, developing pseudo-random sequences, and deriving keys for various applications, including military, online commerce, banking, healthcare management, and the Internet of Things (IoT). Among the cryptographic hash algorithms, the Keccak hash function (also known as SHA-3) stands out for its excellent hardware performance and resistance to current cryptanalysis approaches compared to algorithms such as SHA-1 and SHA-2. However, there is always a need for hardware enhancements to increase the throughput rate and decrease area consumption. This study specifically focuses on enhancing the throughput rate of the Keccak hash algorithm by presenting a novel architecture that supplies efficient outcomes. This novel architecture achieved impressive throughput rates on Field-Programmable Gate Array (FPGA) devices with the Virtex-5, Virtex-6, and Virtex-7 models. The highest throughput rates obtained were 26.151 Gbps, 33.084 Gbps, and 38.043 Gbps, respectively. Additionally, the research paper includes a comparative analysis of the proposed approach with recently published methods and shows a throughput rate above 11.37% Gbps in Virtex-5, 10.49% Gbps in Virtex-6 and 11.47% Gbps in Virtex-7. This comparison allows for a comprehensive evaluation of the novel architecture’s performance and effectiveness in relation to existing methodologies.
... Enhancing the performance of a KECCAK circuit implemented in embedded circuits is a significant challenge. Currently, the KECCAK algorithm is used in a wide range of applications requiring high security, such as smart cards and mobile communication [2][3][4][5][6][7][8][9]. Consequently, there is a need to enhance the KECCAK algorithm's resilience against multiple physical attacks, such as fault attacks. ...
Article
Full-text available
The hash function KECCAK integrity algorithm is implemented in cryptographic systems to provide high security for any circuit requiring integrity and protect the transmitted data. Fault attacks, which can extricate confidential data, are one of the most effective physical attacks against KECCAK hardware. Several KECCAK fault detection systems have been proposed to counteract fault attacks. The present research proposes a modified KECCAK architecture and scrambling algorithm to protect against fault injection attacks. Thus, the KECCAK round is modified so that it consists of two parts with input and pipeline registers. The scheme is independent of the KECCAK design. Iterative and pipeline designs are both protected by it. To test the resilience of the suggested detection system approach fault attacks, we conduct permanent as well as transient fault attacks, and we evaluate the fault detection capabilities (99.9999% for transient faults and 99.999905% for permanent faults). The KECCAK fault detection scheme is modeled using VHDL language and implemented on an FPGA hardware board. The experimental results show that our technique effectively secures the KECCAK design. It can be carried out with little difficulty. In addition, the experimental FPGA results demonstrate the proposed KECCAK detection scheme’s low area burden, high efficiency and working frequency.
... The reason why we only used this board for our measurements is because the behavior of the cryptographic primitives used is the same for the different ARM Cortex-M architectures, as shown for example in [19]. Timing measurements are made using the Data Watchpoint and Trace (DWT) unit of the microcontroller. ...
Article
Full-text available
To enable today’s industrial automation, a significant number of sensors and actuators are required. In order to obtain trust and isolate faults in the data collected by this network, protection against authenticity fraud and nonrepudiation is essential. In this paper, we propose a very efficient symmetric-key-based security mechanism to establish authentication and nonrepudiation among all the nodes including the gateway in a distributed cooperative network, without communicating additional security parameters to establish different types of session keys. The solution also offers confidentiality and anonymity in case there are no malicious nodes. If at most one of the nodes is compromised, authentication and nonrepudiation still remain valid. Even if more nodes get compromised, the impact is limited. Therefore, the proposed method drastically differs from the classical group key management schemes, where one compromised node completely breaks the system. The proposed method is mainly based on a hash chain with multiple outputs defined at the gateway and shared with the other nodes in the network.
Article
Full-text available
Embedded Operating Systems (OSs) are often developed in the C programming language. Developers justify this choice by the performance that can be achieved, the low memory footprint, and the ease of mapping hardware to software, as well as the strong adoption by industry of this programming language. The downside is that C is prone to security vulnerabilities unknowingly introduced by the software developer. Examples of such vulnerabilities are use-after-free, and buffer overflows. Like C, Rust is a compiled programming language that guarantees memory safety at compile time by adhering to a set of rules. There already exist a few OSs and frameworks that are entirely written in Rust, targeting sensor nodes. In this work, we give an overview of these OSs and frameworks and compare them on the basis of the features they provide, such as application isolation, scheduling, inter-process communication, and networking. Furthermore, we compare the OSs on the basis of the performance they provide, such as cycles and memory usage.
Conference Paper
Due to the constant influx of multiple security attacks into the next generation of mobile communication technologies, the Third Generation Partnership Project (3GPP) has established authentication and key agreement protocol, 5G-AKA, to securely access the 5G communication services while maintaining the integrity of the underlying network. However, some recent findings pointed out that 5G-AKA has many drawbacks, including perfect forward secrecy violations, malicious Serving Network (SN) attacks, de-synchronization attacks, privacy theft, stolen device, and denial of service (DoS) attacks when the user uses roaming mobile services. Considering the drawbacks of current 5G communication protocols and the necessity to facilitate additional security, a provably secure and lightweight protocol for 5G communication (PSLP-5G) is introduced. The PSLP-5G's security is guaranteed using the Scyther tool and Real-Or-Random (ROR) logic. Furthermore, performance comparisons are made to show how much lighter the PSLP-5G is than its counterparts. Additionally, the PSLP-5G's suitability for use in real-time applications is demonstrated by comparing the network performance of PSLP-5G and its counterparts using the Network Simulator tool NS3.
Conference Paper
Full-text available
The pervasive diffusion of electronic devices in security and privacy sensitive applications has boosted research in cryptography. In this context, the study of lightweight algorithms has been a very active direction over the last years. In general, symmetric cryptographic primitives are good candidates for low-cost implementations. For example, several previous works have investigated the performance of block ciphers on various platforms. Motivated by the recent SHA3 competition, this paper extends these studies to another family of cryptographic primitives, namely hash functions. We implemented different algorithms on an ATMEL AVR ATtiny45 8-bit microcontroller, and provide their performance evaluation. All the implementations were carried out with the goal of minimizing the code size and memory utilization, and are evaluated using a common interface. As part of our contribution, we make all the corresponding source codes available on a web page, under an open-source license. We hope that this paper provides a good basis for researchers and embedded system designers who need to include more and more functionalities in next generation smart devices.
Conference Paper
Full-text available
In this paper, we present new collision search attacks on the hash function SHA-1. We show that collisions of SHA-1 can be found with complexity less than 269 hash operations. This is the first attack on the full 80-step SHA-1 with complexity less than the 280 theoretical bound.
Conference Paper
Full-text available
This paper proposes a new construction for the generation of pseudo-random numbers. The construction is based on sponge functions and is suitable for embedded security devices as it requires few resources. We propose a model for such generators and explain how to define one on top of a sponge function. The construction is a novel way to use a sponge function, and inputs and outputs blocks in a continuous fashion, allowing to interleave the feed of seeding material with the fetch of pseudo-random numbers without latency. We describe the consequences of the sponge indifferentiability results to this construction and study the resistance of the construction against generic state recovery attacks. Finally, we propose a concrete example based on a member of the Keccak family with small width.
Conference Paper
Full-text available
The second round of the NIST-run public competition is underway to find a new hash algorithm(s) for inclusion in the NIST Secure Hash Standard (SHA-3). This paper presents the full implementations of all of the second round candidates in hardware with all of their variants. In order to determine their computational efficiency, an important aspect in NIST's round two evaluation criteria, this paper gives an area/speed comparison of each design both with and without a hardware interface, thereby giving an overall impression of their performance in resource constrained and resource abundant environments. The implementation results are provided for a Virtex-5 FPGA device. The efficiency of the architectures for the hash functions are compared in terms of throughput per unit area. To the best of the authors' knowledge, this is the first work to date to present hardware designs which test for all message digest sizes (224, 256, 384, 512), and also the only work to include the padding as part of the hardware for the SHA-3 hash functions.
Article
Full-text available
Manufacturers will likely offer multiple products with differing numbers of cores to cover multiple price-performance points, since Moore's Law will permit the doubling of the number of cores per chip every two years. While diversity may be understandable in this time of uncertainty, it exacerbates the already difficult jobs of programmers, compiler writers, and even architects. Hence, an easy-to-understand model that offers performance guidelines would be especially valuable. This article proposes one such model called Roofline, demonstrating it on four diverse multicore computers using four key floating-point kernels. The proposed Roofline model ties together floating-point performance, operational intensity, and memory performance in a 2D graph. The Roofline sets an upper bound on performance of a kernel depending on the kernel's operational intensity. If people think of operational intensity as a column that hits the roof, either it hits the flat part of the roof, meaning performance is compute-bound, or it hits the slanted part of the roof, meaning performance is ultimately memory-bound.
Article
The promise and the challenges of the first industry-supported language to master the trade-off between safety and control.
Article
Social Internet of Things (SIoT) is a new paradigm where IoT merges with Social Networks, allowing people and devices to interact, and facilitating information sharing. However, security and privacy issues are a great challenge for IoT but they are also enabling factors to create a “trust ecosystem”. In fact, the intrinsic vulnerabilities of IoT devices, with limited resources and heterogeneous technologies, together with the lack of specifically designed IoT standards, represent a fertile ground for the expansion of specific cyber threats. In this paper, we try to bring order on the IoT security panorama providing a taxonomic analysis from the perspective of the three main key layers of the IoT system model: Perception, Transportation and Application levels. As a result of the analysis, we will highlight the most critical issues with the aim of guiding future research directions. Index terms: Internet of Things, IoT System Model, Cyber Threats, Trust, IoT Security, IoT Protocols.
Article
The ability to generate secure random numbers is fundamental to the security of cryptographic protocols. Random Number Generators (RNGs) start to appear in recent modern Intel CPUs as used in desktops and servers. Solutions for embedded devices, such as e.g. sensor nodes and wireless routers, are still severely lacking however. In this paper we present the implementation of a secure pseudo-random number generator (PRNG) for the ARM Cortex-M microcontroller family, one of the most popular embedded platforms at this moment. For compactness and compatibility reasons, our implementation is software only. It uses the start-up values of on-chip SRAM as random seed and uses the Keccak hash function for both entropy extraction as well as pseudo-random number generation. Getting Keccak very compact in terms of memory requirements is therefore essential. Keccak is a tunable algorithm: in this paper we discuss the minimum security requirements and the storage costs as a function of the Keccak variant. The Keccak permutation of our choice, Keccak-f [200], is implemented in only 400 bytes. To the best of our knowledge, this is the smallest Keccak implementation published so far. With the addition of initialization, hashing, padding and output generation functions, our complete solution fits within 496 bytes of ROM and requires 52 bytes of RAM. One byte of pseudo-random data, with a security level of at least 128 bits, can be generated in 3337 cyles on an ARM Cortex-M3/4, i.e. 50KiB/s on a development board, plenty fast for a cryptographic PRNG in an embedded setting.
Conference Paper
The NIST competition for developing the new cryptographic hash algorithm SHA-3 has entered its third round. One evaluation criterion is the ability of the candidate algorithm to be implemented on resource-constrained platforms. This includes FPGAs for embedded and hand-held devices. However, there has not been a comprehensive set of lightweight implementations for FPGAs reported to date. We hope to fill this gap with this paper in which we present lightweight implementations of all SHA-3 finalists and all round-2 candidates with the exception of SIMD. All implementations were designed to achieve maximum throughput while adhering to an area constraint of 400-600 slices and one Block RAM on Xilinx Spartan-3 devices. We also synthesized them for Virtex-V, Altera Cyclone-II, and the new Xilinx Spartan-6 devices.
Conference Paper
Secure cryptographic hash functions are core components in many applications like challenge-response authentication systems or digital signature schemes. Many of these applications are used in cost-sensitive markets and thus slow budget implementations of such components are very important. In the present paper, we focus on the new SHA-3 competition, started by the National Institute of Standards and Technology (NIST), which searches for a new hash function in response to security concerns regarding the previous hash functions SHA-1 and the SHA-2 family. This work adds new valuable data to the competition, by providing an evaluation of area-efficient implementations of all finalists. Our results show, that it is possible to implement all candidates reasonably small. We focus on area-efficiency and therefore we do not rank the candidates by absolute throughput, but rather by the area and the throughput-area ratio. The results hint that Grøstl and Keccak are the best overall performers for compact implementations, if the throughput-area ratio is most important. The following candidate is BLAKE, while the Skein and JH implementations trail behind. The area ranking changes the results and puts JH on the top, followed by BLAKE, Grøstl, Keccak and Skein.