Presentation is loading. Please wait.

Presentation is loading. Please wait.

CS548_ ADVANCED INFORMATION SECURITY 20103272 Jong Heon, Park / 20103616 Hyun Woo, Cho Evaluation of Hardware Performance for the SHA-3 Candidates Using.

Published byAndrew Hines Modified over 9 years ago

Similar presentations

Presentation on theme: "CS548_ ADVANCED INFORMATION SECURITY 20103272 Jong Heon, Park / 20103616 Hyun Woo, Cho Evaluation of Hardware Performance for the SHA-3 Candidates Using."— Presentation transcript:

1 CS548_ ADVANCED INFORMATION SECURITY 20103272 Jong Heon, Park / 20103616 Hyun Woo, Cho Evaluation of Hardware Performance for the SHA-3 Candidates Using SASEBO-GII Paper Presentation #2

2 Contents  Introduction  Before the paper  Evaluation Platform  Design Strategy  Evaluation Criteria  Conclusion  References 2 / 33

3 Paper Introduction  Evaluation of Hardware Performance for the SHA-3 Candidates Using SASEBO-GII, Jan, 2010  They propose following issues for a fair evaluation,  Evaluation environment (platform)  Implementation method (design strategy)  Performance comparison method (criteria) Kazuyuki Kobayashi, Jun Ikegami, Shin’ichiro Matsuo, Kazuo Sakiyama, Kazuo Ohta Author 3 / 33

4 Before the paper http://csrc.nist.gov/groups/ST/hash/sha-3/index.html 4 / 33

5 Evaluation Platform  SASEBO (S ide-channel A ttack S tandard E valuation Bo ard )  The purpose of side-channel attack experiments within a single cryptographic circuit  SASEBO-GII  The purpose of additional experiments for security evaluation for a comprehensive cryptographic system 5 / 33

6 Evaluation Platform Fig 1. SASEBO-GII 6 / 33

7 Evaluation Platform Fig 2. Evaluation Environment Using SASEBO-GII 7 / 33

8 Evaluation Platform  Protocol between two FPGAs  Init : initialize a hash function in the cryptographic FPGA  Load & Fetch : transmitting and receiving the message data and the hash value  Ack : response signal for the load & fetch signals  idata / odata : input / output data (16bit)  EoM : end of message signal 8 / 33

9 Evaluation Platform  Performance depends on communication overhead between two FPGAs  We use a practical interface that can support a 16-bit data communication in 3 cycles  It takes 3*(256/16) = 48 cycles for 256-bit data  But, we ignore the overhead to evaluate hash core 9 / 33

10 Design Strategy  Specification of Data Input to Cryptographic FPGA  Message Padding  Input data must be a multiple of the block size  EoM (End of Message)  Some candidates need to know where is end of data  Bit Length of Message  Bit length is included in idata → candidates which need the information takes more time than the others. 10 / 33

11 Design Strategy  Architectures of Cryptographic FPGA  Fully Autonomous  Stores all of the intermediate values in register  an implementation assuming to be used in a real system 11 / 33

12 Design Strategy  Architectures of Cryptographic FPGA  External Memory  Only the data necessary for executing are stored register, the other data are stored external memory  Low-cost, but it makes overhead cycles  not suitable for high-speed i mplementation 12 / 33

13 Design Strategy  Architectures of Cryptographic FPGA  Core Functionality  Only the core part of a hash function  Used for estimating performance under ideal interface, where the overhead of the data access is ignored 13 / 33

14 Design Strategy  Performance : Throughput  Input Block Size = the size of input data  Number of Clock Cycles which is necessary to hash the data  Max Clock Frequency = 1/critical path delay  Increasing Max Clock Frequency, Decreasing Number of Clock Cycles Improve Throughput! 14 / 33

15 Design Strategy  Technique to Improve Throughput  Retiming Transformation holds down the critical path delay by averaging a processing time!  After Transformation, critical path consists of two adders. Therefore the maximum clock frequency improves. Before After 15 / 33

16 Design Strategy  Technique to Improve Throughput  Unfolding Transformation decreases the total number of clock cycles.  After Transformation, the DFG performs operations in one cycle. Although maximum clock frequency becomes lower, throughput improves. Before After 16 / 33

17 Design Strategy  How to deal with these optimization techniques :  Applying the Unfolding Transformation 17 / 33

18  Evaluation Items  Eight SHA-3 hash candidates on the cryptographic FPGA  Check the hardware performance(speed) and cost  Speed performance Latency, throughput  Cost Number of slices, registers, LUTs and size of a RAM  High throughput with a low hardware cost Evaluation Criteria 18 / 33

19  Evaluation Metrics  Hashing process for each data with a input block sizes  Uses the result as the next input data  Clock cycles, Hashing |M|-bit data Number of hash core operation Evaluation Criteria 19 / 33

20  Evaluation Metrics : Number of clocks used to input data : To execute hashing process in the core : To perform the final calculation process : To output the hash result Evaluation Criteria 20 / 33

21  Evaluation Metrics : Number of clocks used to input data : To execute hashing process in the core : To perform the final calculation process : To output the hash result - Only executed when outputting the result Evaluation Criteria 21 / 33

22  Evaluation Metrics  Throughput  Latency See this equation. Latency is an important metrics for a short message Evaluation Criteria 22 / 33

23  Evaluation Metrics  Throughput  When |Mp| is sufficiently large, Short massage for authentication Long massage Evaluation Criteria 23 / 33

24  Evaluation Metrics Long Massage (Throuhput) Short Massage (Latency) Interface + Core Core Function Block Evaluation Criteria 24 / 33

25  Result for Eight SHA-3 Candidates, Interface overhead Evaluation Criteria 25 / 33

26  Result for Eight SHA-3 Candidates, Core Function Block Evaluation Criteria 26 / 33

27  Performance Results of the SHA-3 Candidates Evaluation Criteria 27 / 33

28  Hardware Costs of the SHA-3 Candidates on Virtex5 Evaluation Criteria 28 / 33

29  Latency of Hash Function including interface Evaluation Criteria 29 / 33

30  Latency of Core Function Block for Short Massage Likely to be a Bottle Neck Performance of Interface is important part Evaluation Criteria 30 / 33

31 Conclusions  Propose a consistent evaluation criteria  Basic design of an evaluation environment using SASEBO-GII(interface spec, architecture…)  Propose evaluation items(speed, cost…)  Implement eight SHA-3 candidates  Future work.  Rest of the SHA-3 candidates  Evaluation for low power device(RFID tags) 31 / 33

32 References 1. National Institute of Standards and Technology (NIST), “Cryptographic Hash Algorithm Competition,” http://csrc.nist.gov/groups/ST/hash/sha-3/index. html. 2. S. Tillich, M. Feldhofer, M. Kirschbaum, T. Plos, J. -M. Schmidt, and A. Szekely, “High-Speed Hardware Implementations of BLAKE, Blue Midnight Wish, Cube- Hash, ECHO, Fugue, Grøstl, Hamsi, JH, Keccak, Luffa, Shabal, SHAvite-3, SIMD and Skein,” Cryptology ePrint Archive, Report 2009/510, 2009. 3. A. H. Namin and M. A. Hasan, “Hardware Implementation of the Compression Function for Selected SHA-3 Candidates,” CACR 2009-28 (2009). 4. B. Baldwin, A. Byrne, M. Hamilton, N. Hanley, R. P. McEvoy, W. Pan, and W. P. Marnane, “FPGA Implementations of SHA-3 Candidates:CubeHash, Grøstl, Lane, Shabal and Spectral Hash,” Cryptology ePrint Archive, Report 2009/342, 2009. 32 / 33

33 References 5. B. Jungk, S. Reith, and J. Apfelbeck, “On Optimized FPGA Implementations of the SHA-3 Candidate Grøstl,” Cryptology ePrint Archive, Report 2009/206, 2009. 6. “National Institute of Advanced Industrial Science and Technology (AIST), Research Center for Information Security (RCIS)“Side-channel Attack Standard Evaluation Board (SASEBO)”,” http://www.rcis.aist.go.jp/special/SASEBO/ SASEBO-GII-ja.html. 7. Z. Chen, S. Morozov, and P. Schaumont, “A Hardware Interface for Hashing Algorithms,” Cryptology ePrint Archive, Report 2008/529, 2008. 8. ECRYPT II, “SHA-3 Hardware Implementations,” http://ehash.iaik.tugraz. at/wiki/SHA-3 Hardware Implementations. 9. Y. K. Lee, H. Chan, and I. Verbauwhede, “Iteration Bound Analysis and Throughput Optimum Architecture of SHA-256 (384, 512) for Hardware Implementations,” in In Information Security Appliciations, 8th International Workshop, WISA 2007, vol. 4867 of LNCS, pp. 102-114, Springer, 2007. 33 / 33

34 Korex527 at gmail.com Betelgs at chol.com EYP_Z H^D / Thank You

Download ppt "CS548_ ADVANCED INFORMATION SECURITY 20103272 Jong Heon, Park / 20103616 Hyun Woo, Cho Evaluation of Hardware Performance for the SHA-3 Candidates Using."

Similar presentations

© 2004 Wayne Wolf Topics Task-level partitioning. Hardware/software partitioning.  Bus-based systems.

© 2004 Wayne Wolf Topics Task-level partitioning. Hardware/software partitioning.  Bus-based systems.
Improved Census Transforms for Resource-Optimized Stereo Vision

Improved Census Transforms for Resource-Optimized Stereo Vision
Topics covered: Memory subsystem CSE243: Introduction to Computer Architecture and Hardware/Software Interface.

Topics covered: Memory subsystem CSE243: Introduction to Computer Architecture and Hardware/Software Interface.
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
1 SECURE-PARTIAL RECONFIGURATION OF FPGAs MSc.Fisnik KRAJA Computer Engineering Department, Faculty Of Information Technology, Polytechnic University of.

1 SECURE-PARTIAL RECONFIGURATION OF FPGAs MSc.Fisnik KRAJA Computer Engineering Department, Faculty Of Information Technology, Polytechnic University of.
Parallell Processing Systems1 Chapter 4 Vector Processors.

Parallell Processing Systems1 Chapter 4 Vector Processors.
6.375 Project Arthur Chang Omid Salehi-Abari Sung Sik Woo May 11, 2011

6.375 Project Arthur Chang Omid Salehi-Abari Sung Sik Woo May 11, 2011
Hashing Algorithms: SHA-3 CSCI 5857: Encoding and Encryption.

Hashing Algorithms: SHA-3 CSCI 5857: Encoding and Encryption.
FPGA Latency Optimization Using System-level Transformations and DFG Restructuring Daniel Gomez-Prado, Maciej Ciesielski, and Russell Tessier Department.

FPGA Latency Optimization Using System-level Transformations and DFG Restructuring Daniel Gomez-Prado, Maciej Ciesielski, and Russell Tessier Department.
Your Security in the IT Market www.i.cz Hash Function Design: Overview of the basic components in SHA-3 competition Daniel Joščák, S.ICZ a.s. & MFF UK.

Your Security in the IT Market Hash Function Design: Overview of the basic components in SHA-3 competition Daniel Joščák, S.ICZ a.s. & MFF UK.
Zheming CSCE715.  A wireless sensor network (WSN) ◦ Spatially distributed sensors to monitor physical or environmental conditions, and to cooperatively.

Zheming CSCE715.  A wireless sensor network (WSN) ◦ Spatially distributed sensors to monitor physical or environmental conditions, and to cooperatively.
Towards SHA-3 Christian Rechberger, KU Leuven. Fundamental questions in CS theory Do oneway functions exist? Do collision-intractable functions exist?

Towards SHA-3 Christian Rechberger, KU Leuven. Fundamental questions in CS theory Do oneway functions exist? Do collision-intractable functions exist?
Characterization Presentation Neural Network Implementation On FPGA Supervisor: Chen Koren Maria Nemets 309326767 Maxim Zavodchik 310623772.

Characterization Presentation Neural Network Implementation On FPGA Supervisor: Chen Koren Maria Nemets Maxim Zavodchik
EE 141 Project 2May 8, 20031 Outstanding Features of Design Maximize speed of one 8-bit Division by: i. Observing loop-holes in 8-bit division ii. Taking.

EE 141 Project 2May 8, Outstanding Features of Design Maximize speed of one 8-bit Division by: i. Observing loop-holes in 8-bit division ii. Taking.
1 FPGA Lab School of Electrical Engineering and Computer Science Ohio University, Athens, OH 45701, U.S.A. An Entropy-based Learning Hardware Organization.

1 FPGA Lab School of Electrical Engineering and Computer Science Ohio University, Athens, OH 45701, U.S.A. An Entropy-based Learning Hardware Organization.
Scheduling with Optimized Communication for Time-Triggered Embedded Systems Slide 1 Scheduling with Optimized Communication for Time-Triggered Embedded.

Scheduling with Optimized Communication for Time-Triggered Embedded Systems Slide 1 Scheduling with Optimized Communication for Time-Triggered Embedded.
VHDL Coding Exercise 4: FIR Filter. Where to start? AlgorithmArchitecture RTL- Block diagram VHDL-Code Designspace Exploration Feedback Optimization.

VHDL Coding Exercise 4: FIR Filter. Where to start? AlgorithmArchitecture RTL- Block diagram VHDL-Code Designspace Exploration Feedback Optimization.
A Tool for Partitioning and Pipelined Scheduling of Hardware-Software Systems Karam S Chatha and Ranga Vemuri Department of ECECS University of Cincinnati.

A Tool for Partitioning and Pipelined Scheduling of Hardware-Software Systems Karam S Chatha and Ranga Vemuri Department of ECECS University of Cincinnati.
The Processor Data Path & Control Chapter 5 Part 1 - Introduction and Single Clock Cycle Design N. Guydosh 2/29/04.

The Processor Data Path & Control Chapter 5 Part 1 - Introduction and Single Clock Cycle Design N. Guydosh 2/29/04.
GPGPU platforms GP - General Purpose computation using GPU

GPGPU platforms GP - General Purpose computation using GPU

Similar presentations

Ads by Google