Advertisement

Hardware design for Hash functions

  • Yong Ki Lee
  • Miroslav Knežević
  • Ingrid M.R. Verbauwhede
Chapter
Part of the Integrated Circuits and Systems book series (ICIR)

Abstract

Due to its cryptographic and operational key features such as the one-way function property, high speed and a fixed output size independent of input size the hash algorithm is one of the most important cryptographic primitives. A critical drawback of most cryptographic algorithms is the large computational overhead. This is getting more critical since the data amount to process or communicate is increasing a lot. In many cases, a proper use of the hash algorithm reduces the computational overhead. Digital signature generation and the message authentication are the most common applications of the hash algorithms. The increasing data size also motivates hardware designers to have a throughput optimal architecture for a given hash algorithm. In this chapter, some popular hash algorithms and their cryptanalysis are briefly introduced, and a design methodology for throughput optimal architectures of MD4-based hash algorithms is described in detail.

Keywords

Message Block Hash Algorithm Critical Path Delay Functional Node Hash Operation 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

References

  1. 1.
    Digital Signature Standard. In National Institute of Standards and Technology. Federal Information Processing Standards Publication 186-2. Google Scholar
  2. 2.
    Helion SHA-1 hashing cores. Helion Technology.Google Scholar
  3. 3.
    RIPE, Integrity Primitives for Secure Information Systems, Final Report of RACE Integrity Primitives Evaluation (RIPE-RACE 1040). LNCS 1007, A. Bosselaers and B. Preneel, Eds., Springer-Verlag, 1995.Google Scholar
  4. 4.
    ISO/IEC 10118-3, Information technology – security techniques – hash functions – Part 3: Dedicated hash functions. 2003.Google Scholar
  5. 5.
    Federal Information Processing Standards Publication 180. Secure Hash Standard. National Institute of Standards and Technology. 1993.Google Scholar
  6. 6.
    Federal Information Processing Standards Publication 180-1. Secure Hash Standard. National Institute of Standards and Technology. 1995.Google Scholar
  7. 7.
    Federal Information Processing Standards Publication 180-2. Secure Hash Standard. National Institute of Standards and Technology. 2003.Google Scholar
  8. 8.
    R. Anderson and E. Biham. Two practical and provably secure block ciphers: BEAR and LION. In International Workshop on Fast Software Encryption (IWFSE’96), pages 113–120. LNCS 1039, D. Gollmann, Ed., Springer-Verlag, 1996.Google Scholar
  9. 9.
    B. Boer and A. Bosselaers. Collisions for the Compression Function of MD5. In Advances in Cryptology, Proceedings of EUROCRYPT’93, pages 293–304, 1993.Google Scholar
  10. 10.
    F. Chabaud and A. Joux. Differential collisions in SHA-0. In Advances in Cryptology, Proceedings of CRYPTO’98, pages 253–261, 1998.Google Scholar
  11. 11.
    F. Crowe, A. Daly, and W. Marnane. Single-chip FPGA implementation of a cryptographic co-processor. In Proceedings of the International Conference on Field Programmable Technology (FPT’04), pages 279–285, 2004.Google Scholar
  12. 12.
    L. Dadda, M. Macchetti, and J. Owen. An ASIC design for a high speed implementation of the hash function SHA-256 (384, 512). In ACM Great Lakes Symposium on VLSI, pages 421–425, 2004.Google Scholar
  13. 13.
    L. Dadda, M. Macchetti, and J. Owen. The design of a high speed ASIC unit for the hash function SHA-256 (384, 512). In Proceedings of the Conference on Design, Automation and Test in Europe (DATE’04), pages 70–75, 2004.Google Scholar
  14. 14.
    B. den Boer and A. Bosselaers. An attack on the last two rounds of MD4. In Advances in Cryptology, Proceedings of CRYPTO’91, pages 194–203. LNCS 576, J. Feigenbaum, Ed., Springer-Verlag, 1991.Google Scholar
  15. 15.
    H. Dobbertin. The status of MD5 after a recent attack. In Cryptographic Laboratories Research, 1996.Google Scholar
  16. 16.
    H. Dobbertin. Cryptanalysis of MD4. Journal of Cryptology, 11:253–271, November 4, 1998.MATHCrossRefGoogle Scholar
  17. 17.
    H. Dobbertin, A. Bosselaers, and B. Preneel. RIPEMD-160: A strengthened version of RIPEMD. In Fast Software Encryption, pages 71–82. LNCS 1039, D. Gollmann, Ed., Springer-Verlag, 1996.Google Scholar
  18. 18.
    H. Dobbertin, A. Bosselaers, and B. Preneel. RIPEMD-160: A strengthened version of RIPEMD. In Fast Software Encryption, pages 71–82, 1996.Google Scholar
  19. 19.
    S. Dominikus. A hardware implementation of MD-4 family hash algorithms. In Proceedings of the IEEE International Conference of Electronics Circuits and Systems (ICECS’02), pages 1143–1146, 2002.Google Scholar
  20. 20.
    T. S. Ganesh and T. S. B. Sudarshan. ASIC Implementation of a unified hardware architecture for non-key based cryptographic hash primitives. In Proceedings of the International Conference on Information Technology: Coding and Computing (ITCC’05), pages 580–585, 2005.Google Scholar
  21. 21.
    H. Gilbert and H. Handschuh. Security analysis of SHA-256 and sisters. In Selected Areas in Cryptography, pages 175–193, 2004.Google Scholar
  22. 22.
    H. Handschuh and D. Naccache. SHACAL (- Submission to NESSIE -).Google Scholar
  23. 23.
    P. Hawkes, M. Paddon, and G. Rose. On Corrective Patterns for the SHA-2 Family. Cryptology ePrint Archive, Report 2004/207, http://eprint.iacr.org/2004/207, 2004.
  24. 24.
    S. Indesteege, F. Mendel, B. Preneel, and C. Rechberger. Collisions and other non-random properties for step-reduced SHA-256. In Annual Workshop on Selected Areas in Cryptography. To be appear in LNCS, Springer-Verlag, 2008.Google Scholar
  25. 25.
    K. Järvinen, M. Tommiska, and J. Skyttä. Hardware implementation analysis of the MD5 hash algorihtm. In Proceedings of the Annual Hawaii International Conference on System Science (HICSS’05), page 298, 2005.Google Scholar
  26. 26.
    A. Joux, P. Carribault, W. Jalby, and C. Lemuet. Collisions in SHA-0. In Rump session of CRYPTO’04, 2004.Google Scholar
  27. 27.
    M. Knezevic, K. Sakiyama, Y. K. Lee, and I. Verbauwhede. On the high-throughput implementation of RIPEMD-160 hash algorithm. In Proceedings of the IEEE International Conference on Application-specific Systems, Architectures and Processors (ASAP’08), 2008.Google Scholar
  28. 28.
    Y. K. Lee, H. Chan, and I. Verbauwhede. Throughput optimized SHA-1 architecture using unfolding transformation. In IEEE International Conference on Application-specific Systems, Architectures and Processors (ASAP’06), pages 354–359, 2006.Google Scholar
  29. 29.
    Y. K. Lee, H. Chan, and I. Verbauwhede. Iteration bound analysis and throughput optimum architecture of SHA-256 (384,512) for hardware implementations. In The 8th International Workshop on Information Security Applications (WISA’07), pages 102–114. LNCS 4867, S. Kim, H. Lee, and M. Yung, Eds., Springer-Verlag, 2007.Google Scholar
  30. 30.
    Y. K. Lee, H. Chan, and I. Verbauwhede. Design methodology for throughput optimum architectures of hash algorithms of the MD4-class. Journal of Signal Processing Systems, Springer, Online first, 2008.Google Scholar
  31. 31.
    R. Lien, T. Grembowski, and K. Gaj. A 1 Gbit/s partially unrolled architecture of hash functions SHA-1 and SHA-512. In CT-RSA 2004, pages 324–338. LNCS 2964, T. Okamoto, Ed., Springer-Verlag, 2004.Google Scholar
  32. 32.
    M. Macchetti and L. Dadda. Quasi-pipelined hash circuits. In Proceedings of the IEEE Symposium on Computer Arithmetic (ARITH’05), pages 222–229, 2005.Google Scholar
  33. 33.
    R. P. McEvoy, F. M. Crowe, C. C. Murphy, and W. P. Marnane. Optimization of the SHA-2 family of hah functions on FPGAs. In Proceedings of the Emerging VLSI Technologies and Architectures (ISVLSI’06), pages 317–322, 2006.Google Scholar
  34. 34.
    F. Mendel, N. Pramstaller, C. Rechberger, and V. Rijmen. On the collision resistance of RIPEMD-160. In Information Security, pages 101–116, 2006.Google Scholar
  35. 35.
    H. Michail, A.P. Kakarountas, O. Koufopavlou, and C.E. Goutis. A low-power and high-throughput implementation of the SHA-1 hash function. In IEEE International Symposium on Circuits and Systems (ISCAS’05), pages 4086–4089, 2005.Google Scholar
  36. 36.
    Y. Ming-Yan, Z. Tong, W. Jin-Xiang, and Y. Yi-Zheng. An efficient ASIC implementation of SHA-1 engine for TPM. In IEEE Asia-Pacific Conference on Circuits and Systems, pages 873–876, 2004.Google Scholar
  37. 37.
    C. Ng, T. Ng, and K. Yip. A unified architecture of MD5 and RIPEMD-160 hash algorithms. In Proceedings of the International Symposium on Circuits and Systems (ISCAS’04), pages 889–892, 2004.Google Scholar
  38. 38.
    K. K. Parhi. In VLSI Digital Signal Processing Systems: Design and Implementation, pages 43–61 and 119–140. Weley, 1999.Google Scholar
  39. 39.
    B. Preenel. Encyclopedia of Cryptography and Security, Davies-Meyer Hash Function. H. C. A. van Tilborg, Ed., Springer, 2005.Google Scholar
  40. 40.
    R. Rivest. The MD4 message digest agorithm. In Advances in Cryptology, Proceedings of CRYPTO’90, pages 303–311. LNCS 537, S. Vanstone, Ed, Springer-Verlag, 1991.Google Scholar
  41. 41.
    R. Rivest. The MD5 Message-Digest Algorithm. Request for Comments: 1321, 1992.Google Scholar
  42. 42.
    A. Satoh and T. Inoue. ASIC-hardware-focused comparison for hash functions MD5, RIPEMD-160, and SHS. In Proceedings of the International Conference on Information Technology: Coding and Computing (ITCC’05), pages 532–537, 2005.Google Scholar
  43. 43.
    Vaudenay Serge. On the need for multipermutations: cryptanalysis of MD4 and SAFER. In Fast Software Encryption, pages 286–297, 1994.Google Scholar
  44. 44.
    P. C. van Oorschot and M. J. Wiener. Parallel collision search with cryptanalytic applications. Journal of Cryptology: The journal of the International Association for Cryptologic Research, 12(1):1–28, 1999.MATHMathSciNetGoogle Scholar
  45. 45.
    M. Wang, C. Su, C. Huang, and C. Wu. An HMAC processor with integrated SHA-1 and MD5 algorihtms. In Proceedings of the Asia and South Pacific Design Automation Conference (ASP-DAC’04), pages 456–458, 2004.Google Scholar
  46. 46.
    X. Wang, X. Lai, D. Feng, H. Chen, and X. Yu. Cryptanalysis of the hash functions MD4 and RIPEMD. In Advances in Cryptology, Proceedings of EUROCRYPT’05, pages 1–18, 2005.Google Scholar
  47. 47.
    X. Wang, Y. L. Yin, and H. Yu. Finding collisions in the full SHA-1. In Advances in Cryptology, Proceedings of CRYPTO’05, pages 17–35, 2005.Google Scholar
  48. 48.
    X. Wang and H. Yu. How to break MD5 and other hash functions. In Advances in Cryptology, Proceedings of EUROCRYPT’05, pages 19–35, 2005.Google Scholar
  49. 49.
    X. Wang, H. Yu, and Y. L. Yin. Efficient collision search attacks on SHA-0. In Advances in Cryptology, Proceedings of CRYPTO’05, pages 1–16, 2005.Google Scholar
  50. 50.
    J. Pieprzyk, Y. Zheng, and J. Seberry. HAVAL – one-way hashing algorithm with variable length of output. In Advances in Cryptology, Proceedings of AUSCRYPT’90, pages 83–104. LNCS 718, J. Seberry and Y. Zheng, Eds., Spring-Verlag, 1992.Google Scholar

Copyright information

© Springer Science+Business Media, LLC 2010

Authors and Affiliations

  • Yong Ki Lee
    • 1
    • 2
  • Miroslav Knežević
    • 3
  • Ingrid M.R. Verbauwhede
    • 3
  1. 1.University of CaliforniaLos AngelesUSA
  2. 2.Electrical EngineeringLos AngelesUSA
  3. 3.Katholieke Universiteit Leuven, ESAT/COSICLeuven-HeverleeBelgium

Personalised recommendations