On FPGA-based implementations of Gröstl

The National Institute of Standards and Technology (NIST) has started a competition for a new secure hash standard. To make a significant comparison between the submitted candidates, third party implementations of all proposed hash functions are needed. This is one of the reasons why the SHA-3 candidate Grostl has been chosen for a FPGA-based implementation. Mainly our work is motivated by actual and future developments of the automotive market (e.g. car-2-car communication systems), which will increase the necessity for a suitable cryptographic infrastructure in modern vehicles (cf. AUTOSAR project) even further. One core component of such an infrastructure is a secure cryptographic hash function, which is used for a lot of applications like challenge-response authentication systems or digital signature schemes. Another motivation to evaluate Grostl is its resemblance to AES. The automotive market demands, like any mass market, low budget and therefore compact implementations, hence our evaluation of Grostl focuses on area optimizations. It is shown that, while Grostl is inherently quite large compared to AES, it is still possible to implement the Grostl algorithm on small and low budget FPGAs like the second smallest available Spartan-3, while maintaining a reasonable high throughput.

[1]  Martin Feldhofer,et al.  High-Speed Hardware Implementations of BLAKE, Blue Midnight Wish, CubeHash, ECHO, Fugue, Gröstl, Hamsi, JH, Keccak, Luffa, Shabal, SHAvite-3, SIMD, and Skein , 2009, IACR Cryptol. ePrint Arch..

[2]  Vincent Rijmen,et al.  Using Normal Bases for Compact Hardware Implementations of the AES S-Box , 2008, SCN.

[3]  H. Niederreiter,et al.  Finite Fields: Encyclopedia of Mathematics and Its Applications. , 1997 .

[4]  Georg Neubauer,et al.  Compact Hardware Implementations of the SHA-3 Candidates ARIRANG, BLAKE, Gröstl, and Skein , 2009, IACR Cryptol. ePrint Arch..

[5]  Xiaoyun Wang,et al.  Finding Collisions in the Full SHA-1 , 2005, CRYPTO.

[6]  Joan Daemen,et al.  AES Proposal : Rijndael , 1998 .

[7]  Palash Sarkar,et al.  New Collision Attacks against Up to 24-Step SHA-2 , 2008, INDOCRYPT.

[8]  Vincent Rijmen,et al.  The Design of Rijndael , 2002, Information Security and Cryptography.

[9]  Sandra Dominikus,et al.  Efficient AES Implementations on ASICs and FPGAs , 2004, AES Conference.

[10]  William P. Marnane,et al.  FPGA Implementations of SHA-3 Candidates: CubeHash, Grøstl, LANE, Shabal and Spectral Hash , 2009, 2009 12th Euromicro Conference on Digital System Design, Architectures, Methods and Tools.

[11]  Máire O'Neill,et al.  High Performance Single-Chip FPGA Rijndael Algorithm Implementations , 2001, CHES.

[12]  J. Leasure,et al.  Announcing request for candidate algorithm nominations for a new cryptographic hash algorithm (SHA-3 , 2007 .

[13]  John Kelsey,et al.  Status Report on the Second Round of the SHA-3 Cryptographic Hash Algorithm Competition , 2011 .

[14]  Ingrid Verbauwhede,et al.  A Systematic Evaluation of Compact Hardware Implementations for the Rijndael S-Box , 2005, CT-RSA.

[15]  Kris Gaj,et al.  Very Compact FPGA Implementation of the AES Algorithm , 2003, CHES.

[16]  Jason Cong,et al.  On Area/Depth Trade-off in LUT-Based FPGA Technology Mapping , 1993, 30th ACM/IEEE Design Automation Conference.

[17]  Dag Arne Osvik,et al.  A More Compact AES , 2009, Selected Areas in Cryptography.

[18]  Florian Mendel,et al.  Symmetric Cryptography , 2009 .

[19]  Joan Boyar,et al.  New logic minimization techniques with applications to cryptology , 2009, IACR Cryptol. ePrint Arch..

[20]  Kyoji Shibutani,et al.  Preimage Attacks on Reduced Tiger and SHA-2 , 2009, FSE.

[21]  Vincent Rijmen Efficient Implementation of the Rijndael S-box , 2000 .

[22]  Keshab K. Parhi,et al.  On the Optimum Constructions of Composite Field for the AES Algorithm , 2006, IEEE Transactions on Circuits and Systems II: Express Briefs.

[23]  David Canright,et al.  A Very Compact S-Box for AES , 2005, CHES.