A Presentation on VEST Hardware Performance, Chip Area Measurements, Power Consumption Estimates and Benchmarking in Relation to the AES, SHA-256 and SHA-512

In Part One of this document we present some explanatory background discussion on VEST design and how we have approached the task of benchmarking VEST variants in relation to AES and SHA-2. Many of the issues we touch upon are well understood by semi-conductor design and synthesis engineers, but since the greater proportion of the readers are cryptographers skilled in software design, we consider it necessary and helpful to discuss these issues. One such issue is the constraints imposed on a cipher implementation by power-budgets and thermal issues.

[1]  Morris Dworkin,et al.  Special Publication 800-38C, Recommendation for Block Cipher Modes of Operation: the CCM Mode for Authentication and Confidentiality , 2003 .

[2]  Ivan Damgård,et al.  A Design Principle for Hash Functions , 1989, CRYPTO.

[3]  Odysseas G. Koufopavlou,et al.  On the hardware implementations of the SHA-2 (256, 384, 512) hash functions , 2003, Proceedings of the 2003 International Symposium on Circuits and Systems, 2003. ISCAS '03..

[4]  Matthew Kwan Reducing the Gate Count of Bitslice DES , 2000, IACR Cryptol. ePrint Arch..

[5]  Matti Tommiska,et al.  A fully pipelined memoryless 17.8 Gbps AES-128 encryptor , 2003, FPGA '03.

[6]  Nicolas Courtois Cryptanalysis of Sfinks , 2005, ICISC.

[7]  Eli Biham,et al.  A Fast New DES Implementation in Software , 1997, FSE.

[8]  Manfred Josef Aigner,et al.  A Universal And Efficient SHA-256 Implementation for FPGAs , 2004 .

[9]  Xiaoyun Wang,et al.  Finding Collisions in the Full SHA-1 , 2005, CRYPTO.

[10]  Sean O'Neil Vector Stream Cipher Instant Key Recovery , 2006, IACR Cryptol. ePrint Arch..

[11]  Ruby B. Lee,et al.  Efficient permutation instructions for fast software cryptography , 2001 .

[12]  Joan Daemen,et al.  AES Proposal : Rijndael , 1998 .

[13]  Ralph C. Merkle,et al.  One Way Hash Functions and DES , 1989, CRYPTO.

[14]  Ramesh Karri,et al.  A High Speed Architecture for Galois/Counter Mode of Operation (GCM) , 2005, IACR Cryptol. ePrint Arch..

[15]  Scott R. Fluhrer,et al.  Multiple forgery attacks against Message Authentication Codes , 2005, IACR Cryptol. ePrint Arch..

[16]  Nicolas Sklavos,et al.  Asynchronous low power VLSI implementation of the International Data Encryption Algorithm , 2001, ICECS 2001. 8th IEEE International Conference on Electronics, Circuits and Systems (Cat. No.01EX483).

[17]  Jean-Didier Legat,et al.  Compact and efficient encryption/decryption module for FPGA implementation of the AES Rijndael very well suited for small embedded applications , 2004, International Conference on Information Technology: Coding and Computing, 2004. Proceedings. ITCC 2004..

[18]  Ruby B. Lee,et al.  Arbitrary bit permutations in one or two cycles , 2003, Proceedings IEEE International Conference on Application-Specific Systems, Architectures, and Processors. ASAP 2003.

[19]  Bruce Schneier,et al.  Helix: Fast Encryption and Authentication in a Single Cryptographic Primitive , 2003, FSE.

[20]  Stratix II vs. Virtex-4 Power Comparison & Estimation Accuracy White Paper , 2005 .

[21]  Ingrid Verbauwhede,et al.  Speed-area trade-off for 10 to 100 Gbits/s throughput AES processor , 2003, The Thrity-Seventh Asilomar Conference on Signals, Systems & Computers, 2003.

[22]  Ingrid Verbauwhede,et al.  Minimum area cost for a 30 to 70 Gbits/s AES processor , 2004, IEEE Computer Society Annual Symposium on VLSI.

[23]  Nghi Nguyen,et al.  Comparative Analysis of the Hardware Implementations of Hash Functions SHA-1 and SHA-512 , 2002, ISC.

[24]  Adi Shamir,et al.  Protecting Smart Cards from Passive Power Analysis with Detached Power Supplies , 2000, CHES.

[25]  Morris J. Dworkin,et al.  SP 800-38B. Recommendation for Block Cipher Modes of Operation: the CMAC Mode for Authentication , 2005 .

[26]  Akashi Satoh,et al.  A 10-Gbps full-AES crypto design with a twisted BDD S-Box architecture , 2004, IEEE Transactions on Very Large Scale Integration (VLSI) Systems.

[27]  Christof Paar,et al.  A Collision-Attack on AES: Combining Side Channel- and Differential-Attack , 2004, CHES.

[28]  Elaine B. Barker,et al.  Status Report on the First Round of the Development of the Advanced Encryption Standard , 1999, Journal of Research of the National Institute of Standards and Technology.

[29]  Larry Carter,et al.  New Hash Functions and Their Use in Authentication and Set Equality , 1981, J. Comput. Syst. Sci..

[30]  Ingrid Verbauwhede,et al.  A 21.54 Gbits/s fully pipelined AES processor on FPGA , 2004, 12th Annual IEEE Symposium on Field-Programmable Custom Computing Machines.

[31]  Akashi Satoh,et al.  An Optimized S-Box Circuit Architecture for Low Power AES Design , 2002, CHES.

[32]  Benjamin Gittins,et al.  Authenticated Encryption Mode of VEST Ciphers , 2005, IACR Cryptol. ePrint Arch..

[33]  Kris Gaj,et al.  Very Compact FPGA Implementation of the AES Algorithm , 2003, CHES.

[34]  Tim Good,et al.  AES on FPGA from the Fastest to the Smallest , 2005, CHES.

[35]  Odysseas G. Koufopavlou,et al.  Implementation of the SHA-2 Hash Family Standard Using FPGAs , 2005, The Journal of Supercomputing.