High-Speed FPGA Implementation of Secure Hash Algorithm for IPSec and VPN Applications

Hash functions are special cryptographic algorithms, which are applied wherever message integrity and authentication are critical. Implementations of these functions are cryptographic primitives widely used in common cryptographic schemes and security protocols such as Internet Protocol Security (IPSec) and Virtual Private Network (VPN). In this paper, a novel FPGA implementation of the Secure Hash Algorithm 1 (SHA-1) is proposed. The proposed architecture exploits the benefits of pipeline and re-timing of execution through pre-computation of intermediate temporal values. Pipeline allows division of the calculation of the hash value in four discreet stages, corresponding to the four required rounds of the algorithm. Re-timing is based on the decomposition of the SHA-1 expression to separate information dependencies and independencies. This allows pre-computation of intermediate temporal values in parallel to the calculation of other independent values. Exploiting the information dependencies, the fundamental operational block of SHA-1 is modified so that maximum operation frequency is increased by 30% approximately with negligible area penalty compared to other academic and commercial implementations. The proposed SHA-1 hash function was prototyped and verified using a XILINX FPGA device. The implementation’s characteristics are compared to alternative implementations proposed by the academia and the industry, which are available in the international IP market. The proposed implementation achieved a throughput that exceeded 2,5 Gbps, which is the highest among all similar IP cores for the targeted XILINX technology.

[1]  Kris Gaj,et al.  A 1 Gbit/s Partially Unrolled Architecture of Hash Functions SHA-1 and SHA-512 , 2004, CT-RSA.

[2]  Bojani,et al.  HASH ALGORITHMS FOR CRYPTOGRAPHIC PROTOCOLS : FPGA IMPLEMENTATIONS , 2002 .

[3]  Odysseas G. Koufopavlou,et al.  VLSI implementation of the keyed-hash message authentication code for the wireless application protocol , 2003, 10th IEEE International Conference on Electronics, Circuits and Systems, 2003. ICECS 2003. Proceedings of the 2003.

[4]  William Stallings,et al.  Cryptography and network security , 1998 .

[5]  S. Choomchuay,et al.  An Architecture for a SHA-1 Applied for DSA , 2004 .

[6]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[7]  Jun Rim Choi,et al.  An efficient implementation of hash function processor for IPSEC , 2002, Proceedings. IEEE Asia-Pacific Conference on ASIC,.

[8]  Nghi Nguyen,et al.  Comparative Analysis of the Hardware Implementations of Hash Functions SHA-1 and SHA-512 , 2002, ISC.

[9]  Odysseas G. Koufopavlou,et al.  An ultra high speed architecture for VLSI implementation of hash functions , 2003, 10th IEEE International Conference on Electronics, Circuits and Systems, 2003. ICECS 2003. Proceedings of the 2003.

[10]  Sandra Dominikus,et al.  A hardware implementation of MD4-family hash algorithms , 2002, 9th International Conference on Electronics, Circuits and Systems.

[11]  William Stallings,et al.  Cryptography and network security (2nd ed.): principles and practice , 1998 .

[12]  Michael Roe,et al.  Performance of Block Ciphers and Hash Functions - One Year Later , 1994, FSE.

[13]  Tim Kerins,et al.  Single-chip FPGA implementation of a cryptographic co-processor , 2004, Proceedings. 2004 IEEE International Conference on Field- Programmable Technology (IEEE Cat. No.04EX921).

[14]  Odysseas G. Koufopavlou,et al.  Networking Data Integrity: High Speed Architectures and Hardware Implementations , 2003, Int. Arab J. Inf. Technol..

[15]  Bart Preneel,et al.  RIPEMD-160: A Strengthened Version of RIPEMD , 1996, FSE.

[16]  Ronald L. Rivest,et al.  The MD5 Message-Digest Algorithm , 1992, RFC.