Download - 47_Presentation [Kashif Latif]
-
8/3/2019 47_Presentation [Kashif Latif]
1/24
Click to edit Master text stylesSecond level Third level Fourth level Fifth level
-
8/3/2019 47_Presentation [Kashif Latif]
2/24
High Throughput HardwareImplementation of SecureHash Algorithm (SHA-3)
Finalist - BLAKEBy
Kashif Latif
ISRL information Security Research LaboratoryNational University of Sciences and Technology
-
8/3/2019 47_Presentation [Kashif Latif]
3/24
-
8/3/2019 47_Presentation [Kashif Latif]
4/24
INTRODUCTION
t Master text styleselvel
levellevelISRL information Security Research Laboratory
Hardware solutions to Cryptographicalgorithms provide high speed and realtime results for applications like dataconfidentiality & authentications
FPGA is the best leading representative ofreconfigurable hardware devices ofmodern era
Implementations need both efficient andcost effective solutions of cryptographic
algorithms on reconfigurable platforms
44
-
8/3/2019 47_Presentation [Kashif Latif]
5/24
SCOPE
t Master text styleselvel
levellevelISRL information Security Research Laboratory
Cryptographic hash functions are widely
used in many information securityapplications like digital signatures,message authentication codes (MACs) andother forms of authentications
National Institute of Standards andTechnology (NIST) USA has announced apublic competition on November 2, 2007to develop a new cryptographic hash
algorithm called SHA-3 A response to recent advances in thecryptanalysis of commonly used hashalgorithms. Include SHA family: SHA-0,SHA-1, SHA-256 and SHA-512, MD4 andMD5 55
-
8/3/2019 47_Presentation [Kashif Latif]
6/24
CRYPTOGRAPHIC HASHFUNCTIONS
t Master text styleselvel
levellevelISRL information Security Research Laboratory
A one-way procedure whose input isarbitrary random block of data and outputis a fixed-size bit string
A hash valueHof plaintext M generatedby a hash function h of the form
H = h(M) More often, the data to be hashed is called
the message, and the hash value is called
the message digest or simply digest
66
-
8/3/2019 47_Presentation [Kashif Latif]
7/24
CRYPTOGRAPHIC HASHFUNCTIONS
APPLICATIONS
t Master text styleselvel
levellevelISRL information Security Research Laboratory
Verifying File integrity Hashing Passwords Digital Signatures
77
-
8/3/2019 47_Presentation [Kashif Latif]
8/24
CRYPTOGRAPHIC HASHFUNCTIONS
APPLICATIONS
t Master text styleselvel
levellevelISRL information Security Research Laboratory
Message
Signature
Message
Signature
Message
MessageDigest
HashFunction
Signature
HashFunction
Message
Digest
K
K
Compare
Digital Signatures with Conventional Encryptionand Hash Functions
88
-
8/3/2019 47_Presentation [Kashif Latif]
9/24
REQUIREMENT OF NEW HASHALGORITHM
t Master text styleselvel
levellevelISRL information Security Research Laboratory
Commonly used hash algorithms, SHA
family: SHA-0, SHA-1, SHA-256 and SHA-512, MD4 and MD5
In previous few years, cryptanalysis ofthese algorithms found serious
vulnerabilities Collisions were reported for MD4, MD5,
HAVAL-128 and RIPEMD in 2004 [1] A 263 operations collision attack on SHA-1
is reported in 2005 [2], previously it wasthought of 280 operations A collision attack on MD5 is reported in
2006 [3]
SHA-3 Contest is a response to recentadvances in the cr tanal sis of these 99
-
8/3/2019 47_Presentation [Kashif Latif]
10/24
SHA-3 CONTEST
t Master text styleselvel
levellevelISRL information Security Research Laboratory
Publically open contest like AES in 1997-
2001 NIST announced in November 2007 64 submissions, out of which 51 fulfilled
the minimum submission requirements
and were selected as the First RoundCandidates in Dec 2008
Reduced to 14 in Round 2 of thecompetition
5 out of 14 Round 2 candidates selectedand promoted to Final Round on 10December 2010
Tentative time-line for the end of this
competition and selection of finalist forSHA-3 is in 4th uarter of 2012 1010
-
8/3/2019 47_Presentation [Kashif Latif]
11/24
SHA-3 Finalists
t Master text styleselvel
levellevelISRL information Security Research Laboratory
BLAKE Grstl JH Keccak Skein
1111
-
8/3/2019 47_Presentation [Kashif Latif]
12/24
BLAKE Hash function
t Master text styleselvel
levellevelISRL information Security Research Laboratory
Based on Bernsteins stream cipherChaCha
Uses iteration mode HAIFA Internal construction is local wide-pipe
1212
Chain Value
Message Salt
Next Chain ValueRoundsInitializatio
nFinalization
Salt Chain ValueCounter
-
8/3/2019 47_Presentation [Kashif Latif]
13/24
BLAKE Hash function
t Master text styleselvel
levellevelISRL information Security Research Laboratory
Two basic variants BLAKE-256 and BALKE-512
BLAKE-256 operates on 32-bit and BLAKE-512 operates on 64-bit words
Compression function takes four inputs Chaining hash value h = h0, h1, h2, , h7 Message block m = m0, m1, m2, , m15 Salts = s0, s1, s2, s3 Counter t = t0, t1
Additional use of constants andPermutation table Constants c = c0, c1, c2, , c15 Permutation r {0,., 15}
Output is new chaining hash value h'= h'0,' ' '1313
-
8/3/2019 47_Presentation [Kashif Latif]
14/24
BLAKE Hash function
t Master text styleselvel
levellevelISRL information Security Research Laboratory
Initialization: 4x4 matrix of 16 words v =
v0, v1, v2, , v15 initialized as follows:
1414
v0 v1 v2 v3
v4 v5 v6 v7
v8 v9 v10 v11
v12 v13 v14 v15
h0 h1 h2 h3
h4 h5 h6 h7
s0 c0 s1 c1 s2 c2 s3 c3
t0 c4 t0 c5 t1 c6 t1 c7
Round Function: Simple transformationover state v, computation of following 8 GfunctionsG0 (v0, v4, v8,v12 ) G2 (v1, v5, v9,v13 )
G4 (v2, v6, v10,v14 ) G6 (v3, v7, v11,v15 )
G8 (v0, v5, v10,v15 ) G10 (v1, v6, v11,v12 )
G12 (v2, v7, v8,v13 ) G14 (v3, v4, v9,v14 )
-
8/3/2019 47_Presentation [Kashif Latif]
15/24
BLAKE Hash function
t Master text styleselvel
levellevelISRL information Security Research Laboratory
G (a, b, c, d) is defined as:
1515
a = a + b + (m r (i) c r (i +1))
d = ( d a ) >> 16
c = c + d
b = ( b c ) >> 12
a = a + b + (mr(i+1
)
c r(i))
d = ( d a ) >> 8
c = c + d
b = ( b c ) >> 7
Bit wise XOR+ Addition
>>
Right rotate
-
8/3/2019 47_Presentation [Kashif Latif]
16/24
BLAKE Hash function
t Master text styleselvel
levellevelISRL information Security Research Laboratory
Round function is iterated 14 times for
BLAKE-256 and 16 times for BLAKE-512 Finalization:
1616
h'0 = h0 s0 v0v8
h'1 = h1 s1 v1v9
h'2 = h2 s2 v2v10h'3 = h3 s3 v3v11
h'4 = h4 s0 v4v12
h'5 = h5 s1 v5v13
h'6 = h6 s2 v6v14
h'7 = h7 s3 v7v15
-
8/3/2019 47_Presentation [Kashif Latif]
17/24
IMPLEMENTATION
t Master text styleselvel
levellevelISRL information Security Research Laboratory
Input/output interface
1717
data_OUT
I/OInterface
HashModule
hash_valid
ack
loa
d
reset
clock
data_IN
6
4
64
-
8/3/2019 47_Presentation [Kashif Latif]
18/24
IMPLEMENTATION
t Master text styleselvel
levellevelISRL information Security Research Laboratory
Data path and Control path
1818
DataPath
hash_done
hash_en
select
reset
clock
Clock
Counter
FSMLogic
StateReg
Input Registers
BLAKEHashCore
Output Register
Intermediate
Registers
input
output
C
ontrolPath
-
8/3/2019 47_Presentation [Kashif Latif]
19/24
GFunctions
IMPLEMENTATION
t Master text styleselvel
levellevelISRL information Security Research Laboratory
Data path Architecture
1919
hash
Finalization
G1
G2
G3
G4
V_Reg
Initialization
IV
CV_Reg
msgcnst.
-
8/3/2019 47_Presentation [Kashif Latif]
20/24
RESULTS
t Master text styleselvel
levellevelISRL information Security Research Laboratory
2020
Device Area[Slices]
Fmax[MHz]
T[ns]
Xilinx Virtex 7 1566 135.355 7.388
Xilinx Virtex 6 1602 131.961 7.578
Xilinx Virtex 5 1739 124.55 8.029
Device Block Size[bits]
Nclk[cycles]
T[ns]
Thash[ns]
TP[Gb/s]
Xilinx Virtex 7 512 28 7.388 206.86 2.47
Xilinx Virtex 6 512 28 7.578 212.18 2.41
Xilinx Virtex 5 512 28 8.029 224.81 2.28
-
8/3/2019 47_Presentation [Kashif Latif]
21/24
Comparison with previouswork
t Master text styleselvel
levellevelISRL information Security Research Laboratory
2121
Author (s) Device Fmax[MHz]
Area[Slices]
TP[Gb/s]
TPA[Mbps/slice]
Our work Virtex 7 135.355 1566 2.47 1.58
Our work Virtex 6 131.961 1602 2.41 1.51
Our work Virtex 5 124.55 1739 2.28 1.31
Aumasson et al. [7] Virtex 5 100.00 1217 1.76 1.45
Baldwin et al. [8] Virtex 5 91.35 1653 0.83 0.50
Matsuo et al. [9] Virtex 5 115.00 1660 0.64 0.38
Kris Gaj et al. [10] Virtex 5 117.06 1871 2.07 1.10
E. Hom. et al. [11] Virtex 6 - 1247 1.96 1.57
E. Hom. et al. [11] Virtex 5 - 1691 2.25 1.33
-
8/3/2019 47_Presentation [Kashif Latif]
22/24
CONCLUSION
t Master text styleselvel
levellevelISRL information Security Research Laboratory
We have presented efficient and highthroughput implementation of BLAKE-256 Results shown for Virtex 5, Virtex 6 and
Virtex 7
Performance figures reported in terms ofArea consumption, throughput andthroughput per area
Results achieved in this work are
exceeding the performance forimplementations reported so far
This work serves as performanceinvestigation of BLAKE-256 on most up-to-date FPGAs 2222
-
8/3/2019 47_Presentation [Kashif Latif]
23/24
Question & Answers
t Master text styleselvel
levellevelISRL information Security Research Laboratory
Q/A
2323
REFERENCES
-
8/3/2019 47_Presentation [Kashif Latif]
24/24
REFERENCES
t Master text styleselvel
levell lISRL i S R L
[1] X. L. Xiaoyun Wang, D. Feng and H. Yu, Collisions for hash functions MD4, MD5, HAVAL-128and RIPEMD, Cryptology ePrint Archive, Report 2004/199, http://eprint.iacr.org/2004/199 , pp.1-4.[2] M. Szydlo, SHA-1 collisions can be found in 263 operations, CryptoBytes Technical
Newsletter, August 19, 2005.[3] M. Stevens, Fast collision attack on MD5, ePrint-2006-104, March 2006http://eprint.iacr.org/2006/104.pdf, pp. 1-13.[4] Federal Register / Vol. 72, No. 212 / Friday, November 2, 2007 / Notices,
http://csrc.nist.gov/groups/ ST/hash/documents/ FR_Notice_Nov07.pdf, pp. 1-9.[5] National Institute of Standards and Technology (NIST), Cryptographic Hash AlgorithmCompetition. http://www.nist.gov/itl/csd/ct/.
[6] NIST Interagency Report 7764, Status Report on the Second Round of the SHA-3Cryptographic Hash Algorithm Competition, February 2011, pp. 1-38.[7] J. Aumasson, L. Henzen, W. Meier, R. W. Phan, SHA-3 Proposal BLAKE version 1.3,http://131002.net/blake/blake.pdf, December 2010, pp. 1-79.[8] B. Baldwin, N. Hanley, M. Hamilton, L. Lu, A. Byrne, M. Neill and W. P. Marnane, FPGAImplementations of the Round Two SHA-3 Candidates, 2nd SHA-3 Candidate Conference,Santa Barbara, August 23-24, 2010, pp. 1-18.[9] S. Matsuo, M. Knezevic, P. Schaumont, I. Verbauwhede, A. Satoh, K. Sakiyama and K. Ota,
How Can We Conduct Fair and Consistent Hardware Evaluation for SHA-3 Candidate?, 2ndSHA-3 Candidate Conference, Santa Barbara, August 23-24, 2010, pp. 1-15.[10] K. Gaj, E. Homsirikamol, and M. Rogawski, Fair and Comprehensive Methodology forComparing Hardware Performance of Fourteen Round Two SHA-3 Candidates using FPGAs, inProceedings of Cryptographic Hardware and Embedded Systems workshop, CHES 2010,Santa Barbara, Aug. 2010.[11] E. Homsirikamol, M. Rogawski and K. Gaj, Comparing Hardware Performance of Round 3SHA-3 Candidates using Multiple Hardware Architectures in Xilinx and Altera FPGAs, ECRYPTII Hash Workshop 2011, Tallinn, Estonia, May 19-20, 2011, pp. 1-15.
2424
http://eprint.iacr.org/2004/199http://eprint.iacr.org/2006/104.pdfhttp://www.nist.gov/itl/csd/ct/http://131002.net/blake/blake.pdfhttp://131002.net/blake/blake.pdfhttp://www.nist.gov/itl/csd/ct/http://eprint.iacr.org/2006/104.pdfhttp://eprint.iacr.org/2004/199