ZHOU Zhou,HE Yi-fan,SHEN Hai-bin,ZHAO Xu-xin

DOI: https://doi.org/10.3969/j.issn.1005-9490.2007.04.089

2007-01-01

Abstract:SMS4 algorithm is the domestic encryption standard released for WLAN use.An inner-round pipelined,high-speed engine is proposed after analyzing the features of this algorithm.By using pipelined or parallel multi-engines,throughput and hardware cost can be easily adjusted according to different applications.Compared with the 32-stage pipelined structure,hardware cost is much lower under the same throughput.Moreover,the SMS4 encryption/decryption system can easily fit in a low-cost Spartan II XC2S50 FPGA in a single-engine implementation.

Xiao CAI,Shu-guo LI

DOI: https://doi.org/10.19304/j.cnki.issn1000-7180.2015.09.020

2015-01-01

Abstract:Data integrity and authenticity are very important in field of information security.HMAC-MD5 algorithm is one of the algorithms that achieve this target.The performance of its software implementation is very low and its FPGA hardware implementation is much higher.For the sake of higher throughput,this paper propose a two-to-one structure.As the result,it costs only 33 cycles to process 5 12 bits data.At the same time,the design support three kinds of mode:HMAC-MD5 computation with Key,HMAC-MD5 computation without key,MD5 computation. The design contains many optimization strategies such as pre-computation, microinstruction controller, the resources reuse etc.After synthesizing by Quartus II 13.0 on Stratix III devices,the clock frequency reaches 100 MHz,the throughput reaches 1.55 Gb/s and 1 120 ALUTs logic resources have been used.

Yimeng Chen,Shuguo Li

DOI: https://doi.org/10.1109/iscas45731.2020.9181065

2020-01-01

Abstract:The SHA-256 algorithm is widely used in the field of security. In this paper, we propose a rescheduling method for the SHA-256 round computation. Based on the proposed rescheduling, we propose a design for SHA-256, in which the critical path is reduced. Our design is implemented on the Xilinx Virtex-4 FPGA. It achieves the throughput of 1984 Mbps with the area of 979 slices. Compared with other designs on FPGA, our design shows a better performance in terms of the throughput.

Junhui Li,Liji Wu,Xiangmin Zhang

DOI: https://doi.org/10.1109/asicon.2017.8252460

2017-01-01

Abstract:The Keyed-Hash Message Authentication Codes (HMAC) is a widely used method to ensure the integrity and authentication of data. In this paper an FPGA-based efficient processor of the Keyed-Hash Message Authentication Codes (HMAC) using the Secure Hash Algorithm3-224 (SHA3-224) is presented. Any length of message and key can be processed by this processer. To achieve the high throughput which can reach up to 2.3Gbps, some optimizations such as pre-process, key reusing and two SHA-3 cores cooperation are employed. As a result, this proposed HMAC processor is applicable for a wide range of performance-oriented security systems.

Junshang Li,Zishang He,Yajie Qin

DOI: https://doi.org/10.1109/asicon47005.2019.8983530

2019-01-01

Abstract:One of the major issues in implementation of hash functions algorithm is how to decrease the critical path delay and required area effectively. How to expand flexibility, generality and integrity are also important issues as well. As more information are stored and processed on the general-purpose microcontroller in the edge of internet of things (IoT), more efficient data encryption must be ensured. Before encryption of large data sets, it is preferred that the encryption is adapt to asynchronous operation for different volume and arrival data rate. In this paper, an asynchronous SHA-256 hardware accelerator with 32 computation clock cycles for each block is proposed and is at liberty to buffer intermediate hash values, which provides high throughput, robust transmission, adjustable computation frequency and is also easily integrated to microcontroller. The proposed design was implemented in SMIC 40nm technology and performed simulation and verification with Synopsys VCS. The results of post-synthesis simulation show the throughput up to 3.6Gbps.

Argyrios Sideris,Minas Dasygenis

DOI: https://doi.org/10.3390/computation11080152

2023-08-03

Computation

Abstract:Information is transmitted between multiple insecure routing hops in text, image, video, and audio. Thus, this multi-hop digital data transfer makes secure transmission with confidentiality and integrity imperative. This protection of the transmitted data can be achieved via hashing algorithms. Furthermore, data integrity must be ensured, which is feasible using hashing algorithms. The advanced cryptographic Secure Hashing Algorithm 3 (SHA-3) is not sensitive to a cryptanalysis attack and is widely preferred due to its long-term security in various applications. However, due to the ever-increasing size of the data to be transmitted, an effective improvement is required to fulfill real-time computations with multiple types of optimization. The use of FPGAs is the ideal mechanism to improve algorithm performance and other metrics, such as throughput (Gbps), frequency (MHz), efficiency (Mbps/slices), reduction of area (slices), and power consumption. Providing upgraded computer architectures for SHA-3 is an active area of research, with continuous performance improvements. In this article, we have focused on enhancing the hardware performance metrics of throughput and efficiency by reducing the area cost of the SHA-3 for all output size lengths (224, 256, 384, and 512 bits). Our approach introduces a novel architectural design based on pipelining, which is combined with a simplified format for the round constant (RC) generator in the Iota (ι) step only consisting of 7 bits rather than the standard 64 bits. By reducing hardware resource utilization in the area and minimizing the amount of computation required at the Iota (ι) step, our design achieves the highest levels of throughput and efficiency. Through extensive experimentation, we have demonstrated the remarkable performance of our approach. Our results showcase an impressive throughput rate of 22.94 Gbps and an efficiency rate of 19.95 Mbps/slices. Our work contributes to advancing computer architectures tailored for SHA-3, therefore unlocking new possibilities for secure and high-performance data transmission.

Argyrios Sideris,Theodora Sanida,Minas Dasygenis

DOI: https://doi.org/10.1007/s13389-023-00334-0

2023-09-01

Journal of Cryptographic Engineering

Abstract:In sensitive communications, the cryptographic hash function plays a crucial role, including in the military, healthcare, and banking, ensuring secure transmission by verifying data integrity and carrying out other vital tasks. Compared to other cryptographic hash algorithms, such as SHA-1 and SHA-2, the Keccak hash function (SHA-3) boasts superior hardware performance and is more resilient to modern cryptanalysis techniques. Nonetheless, hardware performance enhancements, such as boosting speed or reducing area usage, are constantly required. This research focuses on increasing the Keccak hash algorithm's throughput rate by introducing a novel architecture that reduces the total number of clock cycles required to obtain the result of a hash function. Additionally, the new simplified structure of the round constant (RC) generator design assures a reasonably low area and achieves the highest throughput and efficiency. Thus, when implemented, it achieved the highest throughput of 19.515 Gbps, 24.428 Gbps, 33.393 Gbps, and 36.358 Gbps on FPGA devices with the Virtex-5, Artix-7, Virtex-6, and Virtex-7, respectively. Finally, our approach is compared to recently published designs.

computer science, theory & methods

Yingjie Ji,Liji Wu,Xiangmin Zhang,

DOI: https://doi.org/10.1109/ASICON.2009.5351540

2009-01-01

Abstract:In a high performance network security co-processor, the low power masking technique is used to promote the power attack resistant level of the AES crypto engine. Based on the original AES module which shares one S-box when ciphering and decoding, in order to achieve higher security, the novel circuit design of masking is achieved by two ways respectively, one utilized SRAM, the other replicated some modules. Over 1000 different power curves are recorded and compared between the two masked engines and the original one respectively, and over 10000 curves are recorded to show the strength of the masking architecture. The design is verified to be feasible by FPGA.

Cankun Zhao,Hang Zhao,Jiangxue Liu,Bohan Yang,Wenping Zhu,Shuying Yin,Min Zhu,Shaojun Wei,Leibo Liu

DOI: https://doi.org/10.46586/tches.v2024.i4.231-257

2024-01-01

Abstract:SHA-3, the latest hash standard from NIST, is utilized by numerous cryptographic algorithms to handle sensitive information. Consequently, SHA-3 has become a prime target for side-channel attacks, with numerous studies demonstrating successful breaches in unprotected implementations. Masking, a countermeasure capable of providing theoretical security, has been explored in various studies to protect SHA-3. However, masking for hardware implementations may significantly increase area costs and introduce additional delays, substantially impacting the speed and area of higher-level algorithms. In particular, current low-latency first-order masked SHA-3 hardware implementations require more than four times the area of unprotected implementations. To date, the specific structure of SHA-3 has not been thoroughly analyzed for exploitation in the context of masking design, leading to difficulties in minimizing the associated area costs using existing methods. We bridge this gap by conducting detailed leakage path and data dependency analyses on two-share masked SHA-3 implementations. Based on these analyses, we propose a compact and low-latency first-order SHA-3 masked hardware implementation, requiring only three times the area of unprotected implementations and almost no fresh random number demand. We also present a complete theoretical security proof for the proposed implementation in the glitch+register-transition-robust probing model. Additionally, we conduct leakage detection experiments using PROLEAD, TVLA and VerMI to complement the theoretical evidence. Compared to state-of-theart designs, our implementation achieves a 28% reduction in area consumption. Our design can be integrated into first-order implementations of higher-level cryptographic algorithms, contributing to a reduction in overall area costs.

Nilotpola Sarma,Anuj Singh Thakur,Chandan Karfa

2024-07-16

Abstract:The design and synthesis of masked cryptographic hardware implementations that are secure against power side-channel attacks (PSCAs) in the presence of glitches is a challenging task. High-Level Synthesis (HLS) is a promising technique for generating masked hardware directly from masked software, offering opportunities for design space exploration. However, conventional HLS tools make modifications that alter the guarantee against PSCA security via masking, resulting in an insecure RTL. Moreover, existing HLS tools can't place registers at designated places and balance parallel paths in a cryptographic design which is needed to stop glitch propagation. This paper introduces a domain-specific HLS approach tailored to obtain a PSCA secure masked hardware implementation directly from a masked software implementation. It places the registers at specific locations required by the glitch-robust masking gadgets, resulting in a secure RTL. Moreover, our tool automatically balances parallel paths and facilitates a reduction in latency while preserving the PSCA security guaranteed by masking. Experimental results with the PRESENT Cipher's S-box and AES Canright's S-box masked with four state-of-the-art gadgets, show that MaskedHLS produces RTLs with 73.9% decrease in registers and 45.7% decrease in latency on an average} compared to manual register insertions. The PSCA security of the MaskedHLS generated RTLs is also shown with TVLA test.

Cryptography and Security

Tian-shu FU,Shu-guo LI

DOI: https://doi.org/10.19304/j.cnki.issn1000-7180.2016.10.003

2016-01-01

Abstract:In CBC mode,pipeline technique does not work on SM4 algorithm to increase throughput,as there is a feedback path from output to input.Over this problem,a logic simplifying method is proposed,which can reduce delay of one stage of XOR gates in each round function of encryption algorithm of SM4.Based on this method,SM4 with a 4-round-in-1 structure is designed,in which,delay of 4 stages of XOR gates can be reduced in the critical path,and this design has a higher throughput per unit area than the other schemes in this paper.Synthesis results show that the ASIC implementation of SM4 with a 4-round-in-1 structure can achieve 5.24 Gb/s in throughput, which is higher than that of reported designs.

Ling Bai,Shuguo Li

DOI: https://doi.org/10.1109/asicon.2009.5351591

2009-01-01

Abstract:To accelerate the speed of iterative computation for the existing SHA-256 algorithm, using 7-3-2 array compressor is proposed to reduce the critical path delay in this paper. The frequency of the proposed scheme is 1.7 times higher than other VLSI implementations under the same process. In addition, the paper designs a new universal architecture for implementing SHA-2 algorithms. The design is synthesized with the slow library of Synopsys Design Compiler in SMIC 0.18 mu m CMOS process. Its function has been verified sufficiently on FPGA. Furthermore, compared with the existing SHA-256 core, the results of the ASIC synthesis and FPGA verification are more preferable. This design is convenient to implant into SoC and embedded system with the versatile architecture and high clock frequency(1).

Xufan Wu,Shuguo Li

DOI: https://doi.org/10.1109/edssc.2017.8126446

2017-01-01

Abstract:In this paper, we propose two different hardware structure of SHA-3 hash algorithm for different width of circuit interface. They both support the four functions SHA3-224/256/384/512 of SHA-3 algorithm. The padding unit of our design is also implemented by hardware instead of software. Besides, a 3-round-in-1 structure is proposed to speed up the throughput of our circuit. We conduct an implementation based in SMIC 65 nm technology, SHA3-224, SHA3-256, SHA3-384 and SHA3-512 achieve the throughput of 65.5 Gbps, 61.8 Gbps, 47.2 Gbps and 32.7 Gbps respectively which are better than the reported designs.

Jia-wei Ma,Xu-guang Guan,Tong Zhou,Tao Sun

DOI: https://doi.org/10.1109/asicon.2017.8252479

2017-01-01

Abstract:With the application of Hash-based Message Authentication Code(HMAC) in the field of security, the research on its Side Channel Attack(SCA) has been paid more and more attention. In this paper, a new countermeasure against side channel attack for HMAC-SM3 is proposed, which uses the ring oscillator technology to construct the power disorder module. Through analyzing the power consumption of the improved HMAC-SM3 hardware circuit on FPGA, we proved the effectiveness of this countermeasure. Compared with the traditional masking protection technique, the power disorder module has the advantages of simpler design, less hardware cost, and no influence on the performance at all.

Anh-Tuan Hoang,Takeshi Fujino

DOI: https://doi.org/10.1145/2617595

IF: 2.837

2014-06-01

ACM Transactions on Reconfigurable Technology and Systems

Abstract:In current countermeasure design trends against differential power analysis (DPA), security at gate level is required in addition to the security algorithm. Several dual-rail pre-charge logics (DPL) have been proposed to achieve this goal. Designs using ASIC can attain this goal owing to its backend design restrictions on placement and routing. However, implementing these designs on field programmable gate arrays (FPGA) without information leakage is still a problem because of the difficulty involved in the restrictions on placement and routing on FPGA. This article describes our novel masked dual-rail pre-charged memory approach, called “intra-masking dual-rail memory (IMDRM) on LUT”, and its implementation on FPGA for Side-Channel Attack-resistant (SCA-resistant) AES. In the proposed design, all unsafe nodes, such as unmasking and masking, and parts of dual-rail memory with unsafe buses (buses that are not masked) are packed into a single LUT. This makes them balanced and independent of the placement and routing tools. Inputs and outputs of all LUTs are masked, and so can be considered safe signals. Several LUTs can be combined to create a safe SBox. The design is independent of the cryptographic algorithm, and hence, it can be applied to available cryptographic standards such as DES or AES as well as future standards. It requires no special placement or route constraints in its implementation. A correlation power analysis (CPA) attack on 1,000,000 traces of AES implementation on FPGA showed that the secret information is well protected against first-order side-channel attacks. Even though the number of LUTs used for memory in this implementation is seven times greater than that of the conventional unprotected single-rail memory table-lookup AES and three times greater than the implementation based on a composite field, it requires a smaller number of LUTs than all other advanced SCA-resistant implementations such as the wave dynamic differential logic, masked dual-rail pre-charge logic, and threshold.

computer science, hardware & architecture

Hang Yu,Zhenhao He,Liji Wu,Xiangmin Zhang

DOI: https://doi.org/10.1109/icasid.2019.8925299

2019-01-01

Abstract:The SM3-MAC algorithm is a Message Authentication Code (MAC) algorithm based on the SM3 hash algorithm proposed by Office of Security Commercial Code Administration in 2010. In this paper, a masking scheme for SM3-MAC algorithm using key mask is proposed. Then, 5,000 power traces are collected by software simulation with Hamming distance model. We can prove that the unmasked SM3-MAC hardware is vulnerable to first-order power analysis, while the masked SM3-MAC hardware does not have register leakage under the Hamming distance model. After that, the SAKURA-G FPGA board is used to collect two sets of power traces of the masked SM3-MAC hardware, each of which contains 3,000 traces. The Test Vector Leakage Assessment (TVLA) methodology proves that there is a 99.999% chance that no first-order power leakage is detected in the masked SM3-MAC hardware. Finally, the feasibility of second-order power analysis is discussed, and the effects of different pre-processing functions on correlation are investigated. A second-order test has been carried out to analyze the second-order security of the masked SM3-MAC hardware, which proves that there exists second-order leakage.

Xiao-jing DU,Shu-guo LI

DOI: https://doi.org/10.19304/j.cnki.issn1000-7180.2016.10.004

2016-01-01

Abstract:SHA-1 algorithm is one of the national standard for Secure Hash Algorithm.For the sake of accelerating the throughput of SHA-1 algorithm,a new 5-in-1 structure is proposed in this paper.This structure reduces the compression function from original 80 rounds to 16 5-in-1 rounds and in each round some functions f and adders can be moved out of the critical path.Based on this,we can shorten the critical path and increase the throughput.In SMIC 65nm technology,the throughput of SHA-1 can achieve 12.68 Gb/s,which is higher than that of other reported designs and can meet the requirement of high throughput.This design also supports resuming transfer.

Jia Zhao,Jun Han,Xiaoyang Zeng,Liang Li,Yunsong Deng

DOI: https://doi.org/10.1109/icasic.2007.4415761

2007-01-01

Abstract:This paper proposes a low cost VLSI implementation of a masked AES algorithm resistant to DPA (Differential Power Analysis) attack. In order to minimize the influence of the modification to the hardware cost while enabling it resistant to DPA, such methods as altering calculation order, module reuse and composite field computation are employed to reduce chip area and maintain its speed. Using the HHNEC 0.25 mum CMOS process, the scale of the design is about 48 K equivalent gates and its system frequency is up to 70 MHz. The throughput of the 128-bit data encryption and decryption are as high as 380 Mbit/s.

Ning Li,Xiaojun Dang,Yang Zhang

DOI: https://doi.org/10.1109/icitbs.2015.148

2015-01-01

Abstract:Message verification is important for information security, and the hash-based algorithm is a kind of implementation method. In this paper, we propose a circuit implementation scheme to realize message verification, which is based on SHA1, called HMAC-SHA1. In our scheme, the MD5 circuit module is reusable such that the circuit size is reduced and the processing speed is improved. Finally, we use VeriIog HDL to picture the circuit structure and implant it into FPGA to do experiments.

Qu Kaige,Wang An,Wu Liji,Ren Yanting,Zhang Xiangmin

DOI: https://doi.org/10.1109/cc.2015.7122475

2015-01-01

China Communications

Abstract:The Chinese hash algorithm SM3 is verified to be secure enough, but improper hardware implementation may lead to leakage. A masking scheme for SM3 algorithm is proposed to ensure the security of SM3 based Message Authentication Code (MAC). Our scheme was implemented in hardware, which utilizes hardware oriented secure conversion techniques between boolean and arithmetic masking. Security evaluation based on SAKU-RA-G FPGA board has been done with 2000 power traces from 2000 random plaintexts with random plaintext masks and random key masks. It has been verified that the masked SM3 hardware implementation shows no intermediate value leakage as expected. Our masked SM3 hardware can resist first-order correlation power attack (CPA) and collision correlation attack.