A High-Speed Hardware Architecture for Universal Message Authentication Code

We present an architecture level optimization technique called divide-and-concatenate based on two observations: 1) the area of an array multiplier and its associated data path decreases quadratically and their delay decreases linearly as their operand size is reduced and 2) in universal hash functions and their associated message authentication codes, two one-way hash functions are equivalent if they have the same collision probability property. In the proposed approach, we divide a 2w-bit data path (with collision probability 2-2w) into two w-bit data paths (each with collision probability 2-w) and concatenate their results to construct an equivalent 2w-bit data path (with a collision probability 2-2w ). We applied this technique on NH universal hash, a universal hash function that uses multiplications and additions. We implemented the straightforward 32-bit pipelined NH universal hash data path and the divide-and-concatenate architecture that uses four equivalent 8-bit divide-and-concatenate NH universal hash data paths on a Xilinx Virtex II XC2VP7-7 field programmable gate array (FPGA) device. This divide-and-concatenate architecture yielded a 94% increase in throughput with only 40% hardware overhead. Finally, the implementation of universal message authentication code (UMAC) with collision probability 2-32 using the divide-and-concatenate NH hash as a building block yielded a throughput of 79.2 Gb/s with only 3840 Virtex II XC2VP7-7 FPGA slices

[1]  염흥렬,et al.  [서평]「Applied Cryptography」 , 1997 .

[2]  Larry Carter,et al.  New Hash Functions and Their Use in Authentication and Set Equality , 1981, J. Comput. Syst. Sci..

[3]  Donald E. Eastlake,et al.  US Secure Hash Algorithm 1 (SHA1) , 2001, RFC.

[4]  Thomas Shrimpton,et al.  Cryptographic Hash-Function Basics: Definitions, Implications, and Separations for Preimage Resistance, Second-Preimage Resistance, and Collision Resistance , 2004, FSE.

[5]  Ronald L. Rivest,et al.  The MD5 Message-Digest Algorithm , 1992, RFC.

[6]  Daniel Gajski,et al.  An effective methodology for functional pipelining , 1992, ICCAD.

[7]  David Hung-Chang Du,et al.  An efficient parallel critical path algorithm , 1991, DAC '91.

[8]  William Stallings,et al.  Cryptography and Network Security: Principles and Practice , 1998 .

[9]  Sheila Frankel,et al.  The AES-XCBC-MAC-96 Algorithm and Its Use With IPsec , 2003, RFC.

[10]  Christof Paar,et al.  An FPGA-based performance evaluation of the AES block cipher candidate algorithm finalists , 2001, IEEE Trans. Very Large Scale Integr. Syst..

[11]  Miodrag Potkonjak,et al.  Critical Path Minimization Using Retiming and Algebraic Speed-Up , 1993, 30th ACM/IEEE Design Automation Conference.

[12]  Stephen T. Kent,et al.  Secure Border Gateway Protocol (S-BGP) - Real World Performance and Deployment Issues , 2000, NDSS.

[13]  Hugo Krawczyk,et al.  HMAC: Keyed-Hashing for Message Authentication , 1997, RFC.

[14]  David McGrew The Truncated Multi-Modular Hash Function (TMMH) , 2001 .

[15]  Hugo Krawczyk,et al.  Keying Hash Functions for Message Authentication , 1996, CRYPTO.

[16]  Hugo Krawczyk,et al.  MMH: Software Message Authentication in the Gbit/Second Rates , 1997, FSE.

[17]  Israel Koren Computer arithmetic algorithms , 1993 .

[18]  Larry Carter,et al.  Universal Classes of Hash Functions , 1979, J. Comput. Syst. Sci..

[19]  Stephen T. Kent,et al.  Secure Border Gateway Protocol (S-BGP) , 2000, IEEE Journal on Selected Areas in Communications.

[20]  Hugo Krawczyk,et al.  UMAC: Fast and Secure Message Authentication , 1999, CRYPTO.

[21]  Hugo De Man,et al.  Combined hardware selection and pipelining in high-performance data-path design , 1992, IEEE Trans. Comput. Aided Des. Integr. Circuits Syst..

[22]  Sarvar Patel,et al.  SQUARE HASH: Fast Message Authenication via Optimized Universal Hash Functions , 1999, CRYPTO.