Abstract:
This paper presents two implementation of keccak hash family algorithm that has selected as one of the SHA-3 competition finalist. Many cryptographic primitive those are used in crucial cryptographic schemes and commercial security protocols utilized function. In this paper 10-round unrolled architecture of the complete keccak algorithm is presented, implemented in Xilinx virtex-7 FPGA. The performance metrics, such as frequency and area that are gathered, show that the proposed implementation is more efficient in term of throughput/area compared to other similar ones proposed by academia. The maximum clock frequency supported by the design 267.2 MHz.
Index Terms:Encryption; Data transmission; Cipher text; Plaintext; Network security; VHDL
I. Introduction
Encryption is the process of converting a plaintext message into cipher text which can be decoded back into the original message. An encryption algorithm along with a key is used in the encryption and decryption of data. There are several types of data encryptions which form the basis of network security. Encryption schemes are based on block or stream ciphers.[1] The type and length of the keys utilized depend upon the encryption algorithm and the amount of security needed.
In conventional symmetric encryption a single key is used. With this key, the sender can encrypt a message and a recipient can decrypt the message but the security of the key becomes problematic. In asymmetric encryption, the encryption key and the decryption key are different. One is a public key by which the sender can encrypt the message and the other is a private key by which a recipient can decrypt the message. A modern branch of cryptography also known as public-key cryptography in which the algorithms employ a pair of keys (a public key and a private key) and use a different component of the pair for different steps of the algorithm[3]. These algorithms work on chunks of specific sized data along with a key resulting in blocks of cipher text.
SHA-3, originally known as keccak is a cryptographic hash function competition NIST requires the candidate algorithms to support at least four different output lengths {224,256,384,512} with associated security levels. ‘SHA-3 512’, in which output length is 512-bit, has the highest security level among all SHA-3 variants. In this paper has implemented ‘SHA-3 512’ hash function. Hash algorithms are used widely for cryptographic applications that ensure the authenticity of digital documents, such as digital signatures and message authentication codes. These algorithms take an electronic file and generate a short “digest,” a sort of digital fingerprint of the content.
Fig.1 Whole core diagram of the system
II. Objective
Optimization Target is one of the most important decisions to make in order to develop a fair comparison. The possible choices include Maximum Throughput, Minimum Area, Maximum Throughput to Area Ratio, Minimum Latency, etc. Main objective is to design SHA-3 algorithm done by candidate keccak for 512 bit cryptography. Verilog coding for proposed design is done in Xilinx ISE tool. All of the aforementioned targets can be used to make a comparison. Out of them, we have selected Maximum throughput to Area Ratio as our criteria of choice.
III. Related Work
a) Stream Ciphers
A block cipher operates on groups of bits typically groups of 64. If the final block of the plaintext message is shorter than 64 bits, it is padded with some regular pattern of 1s and 0s to make a complete block. Block ciphers encrypt each block independently, so the plaintext does not have to be processed in a sequential manner. This means that as well as allowing parallel processing for faster throughput, a block cipher also enables specific portions of the message (e.g. specific records in a database) to be extracted and manipulated. A block of plaintext will always encrypt to the same block of cipher text provided that the same algorithm and key are used.
Stream ciphers are cryptographic algorithms that transform a stream of plaintext messages of varying bit-length into cipher text of the same length, usually by generating a key stream that is then XORed with the plaintext. Using a shared secret key, stream ciphers can be used to provide confidentiality, i.e., restrict access to secret data to the parties in possession of the key by encrypting the plaintext secret data. In general, stream ciphers have very strong security properties, use few resources and high throughput thus making them ideal for mobile applications; well-known examples of stream ciphers include the RC4 cipherused in 802.11 Wireless Encryption Protocol, E0 cipher used in Bluetooth protocol, and the SNOW 3G cipher used by the 3GPP group in the new mobile cellular standard.
b) Hash Functions
Like hash functions, stream ciphers are important cryptographic primitives. However, hash functions transform arbitrary-length input messages into fixed-length message digests. They are used in many applications in commitment schemes, digital signatures and message authentication codes. To this end they are required to satisfy different security properties. These security properties include.Secondly, throughout the entire design process this optimization criterion is a very reliable guide. At every junction where the decisions must be made, it starting from the choice of high-level hardware architecture and down to the choice of the particular FPGA tool options, this criterion facilitates the decision process, leaving very few possible paths for further investigation[4]. Each submitted algorithm as compared to other submission (of the same hash length), including first and second preimage resistance to generic attacks. Also, if other security factors raised by the public comments during the evaluation process, including attacks which demonstrate that the actual Memory requirements will include factor such as gate count for hardware implementation and RAM requirement and code size for software implantation. Algorithms with greater flexibility that meet the need of more users are preferable. For example ‘flexibility’ includes the algorithm in order to achieve and efficiency algorithm implementation for wide variety of platform.
IV. Methodology
4.1 Architecture of core
Hash algorithms are used widely for cryptographic applications that ensure the authenticity of digital documents, such as digital signatures and message authentication codes. These algorithms take an electronic file and generate a short “digest,” a sort of digital fingerprint of the content In this selection has advantage over other possible choices. First, it is practical, as hardware cores are typically applied in situations.
Fig.2 Architecture of the hash function keccak 512
The width of the user input is far less than 576 bit. So the padding module uses a buffer to assemble the user input. If the buffer grows full, the padding module notices the permutation module its output is valid. Then the permutation module begins calculation, the buffer cleared, the padding module waiting for input simultaneously. In the high throughput core, two rounds are done per clock cycle. The round constant module is implemented by combinational logic, saving resource than block RAM, because most bits of the round constant is zero.
V. Simulation
These are the final result of keccak hash function. RTL view of keccak hash function and waveform are given below.
Fig.3 RTL View of Keccqak Hash Function
Fig. 4 Waveform of Keccak Hash Function
The give table shows that how many registers LUT’S and memory are required for design of architecture. For the 512 bit encryption process 2236 registers and 9365 LUT’S are used.
VI. Result
Logic utilization Used Available Utilization
Number of slices register 2213 357600 0%
Number of slices LUT’s
9613 178800 5%
Number of fully used LUT-FF Pairs 1673 10153 16%
Number of bonded IOBS 585 700 83%
Table I. Synthesis result after implementation
VII. Conclusion
In this paper Keccak hash function hardware implementations are described. For implementation of this function use virtex-7 FPGA device in this paper provide more encryption using less no of rounding i.e more permutation has to done, in 5 candidates of SHA-3 finalist. Keccak hash function provides more encryption in less rounding i.e for 512 bit encryption 10 rounds will be required to design and implement SHA-3 algorithm using keccak hash function.
VIII. References
[1] National Institute of Standard and Technology (NIST), ‘Cryptographic hash algorithm competition’, 2007, available on lineathttp://www.nist.gov/itl/csd/ct/hash_competition.cfm
[2] FatmaKahri, BelgacemBouallegue, Mohsen Machhout and RachedTourki Electronics and Micro-Electronics Laboratory ‘An FPGA implementation of the SHA-3: The BLAKE Hash Function'(2012) (E. ??. E. L) Faculty of Sciences of Monastir, Tunisia Kahrifatma@gmail.com
[3] A. H. Namin& M. A. Hasan (2010 a), Implementation of the Compression Function for Selected SHA-3 Candidates on FPGA. Retrieved Feb. 25th, 2010, from University of Waterloo, Department of Electrical and Computer Engineering.
[4] Schorr (2010), Performance Analysis of a Scalable Hardware FPGA Skein Implementation. Retrieved February 2010, from Kate Gleason College of Engineering Department of Computer Engineering Rochester ,New York.
[5] J. Elbirt (2009), Understanding and Applying Cryptograph and Data Security. Book ISBN 978-1-4200-6160-4 (alk.paper).
[6] Regenscheid, R. Perlner, S. Chang, J. Kelsey, M. Nandi, & S. Paul (2009), Status Report on the First Round of the SHA-3 Cryptographic Hash Algorithm Competition. Retrieved September 2009, from National Institute of Standards and Technology, U.S. Department of Commerce.
[7] C. Rechberger (2010), Second-Preimage Analysis of Reduced SHA-1, from KatholiekeUniversiteit Leuven, Department of Electrical Engineering.
[8] ImadFakhriAlshaikhli, Mohammad A. Ahmad, Hanady Mohammad Ahmad (2012). “Protection of the Texts Using Base64 and MD5.”JACSTRVol 2, No 1 (2012)(1): 12.
[9] E. Andreeva, B. Mennink, B. Preneel& M. Skrobot (2012), Security Analysis and Comparison of the SHA-3 Finalists BLAKE, Grostl, JH, Keccak, and Skein. fromKatholiekeUniversiteit Leuven.
[10] Brian Philofsky, ‘HDL Coding and design practices for improving Virtex-5 utilization, performance, and power’, XcellJounal, Issue 59, Four Quarter 2006, Xilinx.
[11] Guido Bertoni, Joan Daemen, Micha??lPeeters and Gilles Van Assche.’Keccak sponge function family main document’, version 1.2, April 2009, available on line at http://keccak.noekeon.org/.
[12] Y. K. Lee, M. Knezevic, and I. M. Verbauwhede, ‘Hardware design for Hash functions,’ in Secure Integrated Circuits and Systems, ser. Series on Integrated Circuits and Systems,Eds. Springer US, 2010.
...(download the rest of the essay above)