Reconfigurable Hardware Implementations of Tweakable Enciphering Schemes

Tweakable enciphering schemes are length-preserving block cipher modes of operation that provide a strong pseudorandom permutation. It has been suggested that these schemes can be used as the main building blocks for achieving in-place disk encryption. In the past few years, there has been an intense research activity toward constructing secure and efficient tweakable enciphering schemes. But actual experimental performance data of these newly proposed schemes are yet to be reported. In this paper, we present optimized FPGA implementations of six tweakable enciphering schemes, namely, HCH, HCTR, XCB, EME, HEH, and TET, using a 128-bit AES core as the underlying block cipher. We report the performance timings of these modes when using both pipelined and sequential AES structures. The universal polynomial hash function included in the specification of HCH, HCHfp (a variant of HCH), HCTR, XCB, TET, and HEH was implemented using a Karatsuba multiplier as the main building block. We provide detailed algorithm analysis of each of the schemes trying to exploit their inherent parallelism as much as possible. Our experiments show that a sequential AES core is not an attractive option for the design of these modes as it leads to rather poor throughput. In contrast, according to our place-and-route results on a Xilinx Virtex 4 FPGA, our designs achieve a throughput of 3.95 Gbps for HEH when using an encryption/decryption pipelined AES core, and a throughput of 5.71 Gbps for EME when using a encryption-only pipeline AES core. The performance results reported in this paper provide experimental evidence that hardware implementations of tweakable enciphering schemes can actually match and even outperform the data rates achieved by state-of-the-art disk controllers, thus showing that they might be used for achieving provably secure in-place hard disk encryption.

[1]  Palash Sarkar,et al.  A New Mode of Encryption Providing a Tweakable Strong Pseudo-random Permutation , 2006, FSE.

[2]  Antonino Mazzeo,et al.  An FPGA-Based Performance Analysis of the Unrolling, Tiling, and Pipelining of the AES Algorithm , 2003, FPL.

[3]  Çetin Kaya Koç,et al.  On fully parallel Karatsuba multipliers for GF(2 m) , 2003 .

[4]  Shai Halevi,et al.  A Parallelizable Enciphering Mode , 2004, CT-RSA.

[5]  Y. Inoguchi Outline of the ultra fine grained parallel processing by FPGA , 2004, Proceedings. Seventh International Conference on High Performance Computing and Grid in Asia Pacific Region, 2004..

[6]  Francisco Rodríguez-Henríquez,et al.  Block Cipher Modes of Operation from a Hardware Implementation Perspective , 2009, Cryptographic Engineering.

[7]  M.-C. Chen,et al.  Efficient substructure sharing methods for optimising the inner-product operations in Rijndael advanced encryption standard , 2005 .

[8]  Scott R. Fluhrer,et al.  The Extended Codebook (XCB) Mode of Operation , 2004, IACR Cryptol. ePrint Arch..

[9]  Palash Sarkar,et al.  HCH: A New Tweakable Enciphering Scheme Using the Hash-Encrypt-Hash Approach , 2006, INDOCRYPT.

[10]  Ramesh Karri,et al.  A High Speed Architecture for Galois/Counter Mode of Operation (GCM) , 2005, IACR Cryptol. ePrint Arch..

[11]  Jean-Didier Legat,et al.  Efficient Implementation of Rijndael Encryption in Reconfigurable Hardware: Improvements and Design Tradeoffs , 2003, CHES.

[12]  Dimitrios Soudris,et al.  DAGGER: a novel generic methodology for FPGA bitstream generation and its software tool implementation , 2005, 19th IEEE International Parallel and Distributed Processing Symposium.

[13]  D. McGrew,et al.  The Galois/Counter Mode of Operation (GCM) , 2005 .

[14]  Mridul Nandi,et al.  An Improved Security Bound for HCTR , 2008, FSE.

[15]  David Canright,et al.  A Very Compact S-Box for AES , 2005, CHES.

[16]  Matthew Robshaw Fast Software Encryption, 13th International Workshop, FSE 2006, Graz, Austria, March 15-17, 2006, Revised Selected Papers , 2006, FSE.

[17]  Jean-Jacques Quisquater,et al.  Implementation of the AES-128 on Virtex-5 FPGAs , 2008, AFRICACRYPT.

[18]  Berk Sunar,et al.  Cryptographic Hardware and Embedded Systems - CHES 2005, 7th International Workshop, Edinburgh, UK, August 29 - September 1, 2005, Proceedings , 2005, CHES.

[19]  John Viega,et al.  The Security and Performance of the Galois/Counter Mode (GCM) of Operation , 2004, INDOCRYPT.

[20]  Palash Sarkar,et al.  HCH: A New Tweakable Enciphering Scheme Using the Hash-Counter-Hash Approach , 2008, IEEE Transactions on Information Theory.

[21]  Peter Schwabe,et al.  Faster and Timing-Attack Resistant AES-GCM , 2009, CHES.

[22]  Victor Shoup,et al.  On Fast and Provably Secure Message Authentication Based on Universal Hashing , 1996, CRYPTO.

[23]  Mitsuru Matsui,et al.  On the Power of Bitslice Implementation on Intel Core2 Processor , 2007, CHES.

[24]  Peng Wang,et al.  HCTR: A Variable-Input-Length Enciphering Mode , 2005, CISC.

[25]  François Charot,et al.  Efficient Modular-Pipelined AES Implemenation in Counter Mode on ALTERA FPGA , 2003, FPL.

[26]  Vincent Rijmen,et al.  The Design of Rijndael: AES - The Advanced Encryption Standard , 2002 .

[27]  Xuejie Zhang,et al.  Design of an extremely high performance counter mode AES reconfigurable processor , 2005, Second International Conference on Embedded Software and Systems (ICESS'05).

[28]  Peter Schwabe,et al.  New AES Software Speed Records , 2008, INDOCRYPT.

[29]  Shai Halevi,et al.  EME*: Extending EME to Handle Arbitrary-Length Messages with Associated Data , 2004, INDOCRYPT.

[30]  Shai Halevi,et al.  Invertible Universal Hashing and the TET Encryption Mode , 2007, CRYPTO.

[31]  Scott R. Fluhrer,et al.  The Security of the Extended Codebook (XCB) Mode of Operation , 2007, IACR Cryptol. ePrint Arch..

[32]  Francisco Rodŕıguez-Henŕıquez,et al.  An Efficient FPGA implementation of CCM mode using AES , 2005 .

[33]  Akashi Satoh,et al.  High-Performance Hardware Architectures for Galois Counter Mode , 2009, IEEE Transactions on Computers.

[34]  Kris Gaj,et al.  Very Compact FPGA Implementation of the AES Algorithm , 2003, CHES.

[35]  Tim Good,et al.  AES on FPGA from the Fastest to the Smallest , 2005, CHES.

[36]  Francisco Rodríguez-Henríquez,et al.  Efficient Implementations of Some Tweakable Enciphering Schemes in Reconfigurable Hardware , 2007, INDOCRYPT.

[37]  Mitsuru Matsui,et al.  How Far Can We Go on the x64 Processors? , 2006, FSE.

[38]  David A. Wagner,et al.  Tweakable Block Ciphers , 2002, Journal of Cryptology.

[39]  Shai Halevi,et al.  A Tweakable Enciphering Mode , 2003, CRYPTO.

[40]  Gerhard Goos,et al.  Fast Software Encryption , 2001, Lecture Notes in Computer Science.

[41]  Palash Sarkar Improving Upon the TET Mode of Operation , 2007, ICISC.

[42]  Mihir Bellare,et al.  OCB: a block-cipher mode of operation for efficient authenticated encryption , 2001, CCS '01.

[43]  Kimmo Järvinen,et al.  Comparative survey of high-performance cryptographic algorithm implementations on FPGAs , 2005 .

[44]  Steven Trimberger,et al.  A 90-nm Low-Power FPGA for Battery-Powered Applications , 2006, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems.