On FPGA-Based Implementations of the SHA-3 Candidate Grøstl

The National Institute of Standards and Technology (NIST) has started a competition for a new secure hash standard. A significant comparison between the submitted candidates is only possible, if third party implementations of all proposed hash functions are provided. Our work is for the most part motivated by future developments of mass markets, where cryptographic infrastructures will become more and more important. One core component of such an infrastructure is a secure cryptographic hash function, which is used for a lot of applications like challenge-response authentication systems or digital signature schemes. We chose to evaluate the Grøstl hash function as one of the candidates heavily in¿uenced by the AES algorithm, because there is reasonable hope to reduce the area of the cryptographic infrastructure by integrating AES and one of these hash algorithms on a FPGA. Hence, Grøstl serves as an example for the hash functions related to the AES approach. Our focus on low budget cryptographic solutions makes it natural to investigate possible optimizations for area efficient implementations, alongside our high-throughput variant. Our results show, that - while Grøstl is inherently quite large compared to AES - it is possible to implement the Grøstl algorithm on small and low budget FPGAs like the second smallest available Spartan-3, while maintaining a reasonably high throughput.

[1]  Vincent Rijmen,et al.  Selected Areas in Cryptography, 16th Annual International Workshop, SAC 2009, Calgary, Alberta, Canada, August 13-14, 2009, Revised Selected Papers , 2009, Selected Areas in Cryptography.

[2]  Martin Feldhofer,et al.  High-Speed Hardware Implementations of BLAKE, Blue Midnight Wish, CubeHash, ECHO, Fugue, Gröstl, Hamsi, JH, Keccak, Luffa, Shabal, SHAvite-3, SIMD, and Skein , 2009, IACR Cryptol. ePrint Arch..

[3]  Vincent Rijmen,et al.  Using Normal Bases for Compact Hardware Implementations of the AES S-Box , 2008, SCN.

[4]  H. Niederreiter,et al.  Finite Fields: Encyclopedia of Mathematics and Its Applications. , 1997 .

[5]  Kyoji Shibutani,et al.  Preimage Attacks on Reduced Tiger and SHA-2 , 2009, FSE.

[6]  Vincent Rijmen Efficient Implementation of the Rijndael S-box , 2000 .

[7]  Keshab K. Parhi,et al.  On the Optimum Constructions of Composite Field for the AES Algorithm , 2006, IEEE Transactions on Circuits and Systems II: Express Briefs.

[8]  Ingrid Verbauwhede,et al.  A Systematic Evaluation of Compact Hardware Implementations for the Rijndael S-Box , 2005, CT-RSA.

[9]  Kris Gaj,et al.  Very Compact FPGA Implementation of the AES Algorithm , 2003, CHES.

[10]  Xiaoyun Wang,et al.  Finding Collisions in the Full SHA-1 , 2005, CRYPTO.

[11]  Georg Neubauer,et al.  Compact Hardware Implementations of the SHA-3 Candidates ARIRANG, BLAKE, Gröstl, and Skein , 2009, IACR Cryptol. ePrint Arch..

[12]  Steffen Reith,et al.  On FPGA-based implementations of Gröstl , 2010, IACR Cryptol. ePrint Arch..

[13]  Dag Arne Osvik,et al.  A More Compact AES , 2009, Selected Areas in Cryptography.

[14]  Florian Mendel,et al.  Symmetric Cryptography , 2009 .

[15]  David Canright,et al.  A Very Compact S-Box for AES , 2005, CHES.

[16]  Palash Sarkar,et al.  New Collision Attacks against Up to 24-Step SHA-2 , 2008, INDOCRYPT.

[17]  Kris Gaj,et al.  Fair and Comprehensive Methodology for Comparing Hardware Performance of Fourteen Round Two SHA-3 Candidates Using FPGAs , 2010, CHES.

[18]  Vincent Rijmen,et al.  The Design of Rijndael , 2002, Information Security and Cryptography.

[19]  Máire O'Neill,et al.  High Performance Single-Chip FPGA Rijndael Algorithm Implementations , 2001, CHES.

[20]  P. Schaumont,et al.  How Can We Conduct " Fair and Consistent " Hardware Evaluation for SHA-3 Candidate ? , 2010 .

[21]  Sandra Dominikus,et al.  Efficient AES Implementations on ASICs and FPGAs , 2004, AES Conference.

[22]  William P. Marnane,et al.  FPGA Implementations of the Round Two SHA-3 Candidates , 2010, 2010 International Conference on Field Programmable Logic and Applications.

[23]  J. Leasure,et al.  Announcing request for candidate algorithm nominations for a new cryptographic hash algorithm (SHA-3 , 2007 .

[24]  John Kelsey,et al.  Status Report on the Second Round of the SHA-3 Cryptographic Hash Algorithm Competition , 2011 .