Abstract
Secure applications for the Internet of Things (IoT) are constantly increasing and many of them require some lightweight cryptographic algorithms. Most lightweight cryptographic algorithms were not designed to be efficient in software platforms. As a result the throughput in software of these algorithms is low on recent IoT devices. In this paper we present optimization techniques for improving the software implementation of the QUARK functions. QUARK is a family of lightweight hash functions that is efficient in hardware but its design was not oriented for software platforms. We obtained a reduction on the number of binary operations required in each iteration of QUARK, and by computing in parallel some internal functions we achieved a further speed up. In addition, we also present the results of our optimized implementations of S-QUARK and D-QUARK on the 32-bit Intel Galileo platform.
The authors were partially supported by Intel Labs University Research Office.
The first author was partially supported by CNPq, Bolsista de Desenvolvimento Tecnológico em TICs do CNPq - Nível F.
The second author was partially supported by a research productivity scholarship from CNPq Brazil.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
The state of each instance of QUARK is initialized with the first b bits of the SHA-256 digest of their name.
- 2.
The reference code is available in [2] and has not any optimization.
- 3.
Our implementations are available in https://github.com/rbCabral/QUARK_32bits.
References
Aumasson, J.-P., Henzen, L., Meier, W., Naya-Plasencia, M.: Quark: a lightweight hash. J. Crypt. 26(2), 313–339 (2013)
Aumasson, J.-P., Henzen, L., Meier, W., Naya-Plasencia, M.: Quark: a lightweight hash, May 2015. https://131002.net/quark/
Aumasson, J.-P., Henzen, L., Meier, W., Naya-Plasencia, M.: Quark: a lightweight hash. In: Mangard, S., Standaert, F.-X. (eds.) CHES 2010. LNCS, vol. 6225, pp. 1–15. Springer, Heidelberg (2010)
Balasch, J., et al.: Compact implementation and performance evaluation of hash functions in ATtiny devices. In: Mangard, S. (ed.) CARDIS 2012. LNCS, vol. 7771, pp. 158–172. Springer, Heidelberg (2013)
Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: Sponge functions. In: ECRYPT Hash Workshop, vol. 2007 (2007)
Bogdanov, A., Knežević, M., Leander, G., Toz, D., Varıcı, K., Verbauwhede, I.: Spongent: a lightweight hash function. In: Takagi, T., Preneel, B. (eds.) CHES 2011. LNCS, vol. 6917, pp. 312–325. Springer, Heidelberg (2011)
Bogdanov, A., Knežević, M., Leander, G., DenizToz, K., Verbauwhede, I., Spongent: the design space of lightweight cryptographic hashing, June 2015. https://sites.google.com/site/spongenthash/home
De Cannière, C., Dunkelman, O., Knežević, M.: KATAN and KTANTAN — a family of small and efficient hardware-oriented block ciphers. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 272–288. Springer, Heidelberg (2009)
Eisenbarth, T., et al.: Compact implementation and performance evaluation of block ciphers in ATtiny devices. In: Mitrokotsa, A., Vaudenay, S. (eds.) AFRICACRYPT 2012. LNCS, vol. 7374, pp. 172–187. Springer, Heidelberg (2012)
Fog, A.: The microarchitecture of Intel, AMD and via CPUs/An optimization guide for assembly programmers and compiler makers (2014)
Guo, J., Peyrin, T., Poschmann, A.: The photon family of lightweight hash functions. In: Rogaway, P. (ed.) Advances in Cryptology – CRYPTO2011. Lecture Notes in Computer Science, vol. 6841, pp. 222–239. Springer, Heidelberg (2011)
Guo, J., Peyrin, T., Poschmann, A., The photon family of lightweight hash functions, May 2015. https://sites.google.com/site/photonhashfunction/
Hell, M., Johansson, T., Maximov, A., Meier, W.: A stream cipher proposal: Grain-128. In: IEEE International Symposium on Information Theory (ISIT). Citeseer (2006)
Intel\({\textregistered }\) corporation. Intel Quark SoC X1000 Core Developer’s Manual. Number 329679–001US, October 2013
Ramon, M.C.: Intel Galileo and Intel Galileo Gen 2. Springer, New York (2014). http://www.springer.com/us/book/9781430268390#aboutBook
Acknowledgments
This research was partially supported by Intel and CNPq. The authors would like to thank the anonymous reviewers for their helpful suggestions and comments. Additionally, they would like thank Armando Faz Hernández for his comments that greatly improved the manuscript.
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
A QUARK Family
A QUARK Family
Here is presented the definition of the QUARK family and the functions p, f, g and h for each member of the family. The function p, used by L, is the same for all three instances: given a vector L, \(p(L) = L_0 \oplus L_3\).
-
U-QUARK. It is the lightest flavor of QUARK. It was designed to provide a 136-bit hash value and has a security level of 64 bits. The functions f, g and h used in this instance are defined as follows.
-
Function f : Given a 68-bit vector X, the function f returns 1 bit computed as:
$$\begin{aligned} \begin{aligned} f(X) =&X_{0} \oplus ~X_{55} \oplus X_{14} \oplus X_{21} \oplus X_{28} \oplus X_{33} \oplus X_{37} \oplus X_{45} \oplus X_{50} \oplus X_{52} \\&\oplus X_{9}X_{28}X_{45}X_{59} \oplus X_{9} \oplus X_{33}X_{37}X_{52}X_{55} \oplus X_{21}X_{28}X_{33}X_{37}X_{45}X_{52} \\&\oplus X_{55}X_{59} \oplus X_{9}X_{15}X_{21}X_{28}X_{33} \oplus X_{45}X_{52}X_{55} \oplus X_{21}X_{28}X_{33} \\&\oplus X_{37}X_{45}X_{52}X_{55}X_{59} \oplus X_{15}X_{21}X_{55}X_{59} \oplus X_{9}X_{15} \oplus X_{33}X_{37}. \end{aligned} \end{aligned}$$ -
Function g : Given a 68-bit vector Y, the function g returns 1 bit computed as:
$$\begin{aligned} \begin{aligned} g(Y) =&~Y_{0} \oplus Y_{7} \oplus Y_{15} \oplus Y_{20} \oplus Y_{30} \oplus Y_{35} \oplus Y_{37} \oplus Y_{42} \oplus Y_{49} \oplus Y_{51} \\&\oplus Y_{7}Y_{30}Y_{42}Y_{58} \oplus Y_{35}Y_{37}Y_{51}Y_{54} \oplus Y_{7}Y_{16} \oplus Y_{20}Y_{30}Y_{35}Y_{37}Y_{42}Y_{51} \\&\oplus Y_{54}Y_{58} \oplus Y_{35}Y_{37} \oplus Y_{7}Y_{16}Y_{20}Y_{30}Y_{35} \oplus Y_{42}Y_{51}Y_{54} \oplus Y_{20}Y_{30}Y_{35} \\&\oplus Y_{54} \oplus Y_{37}Y_{42}Y_{51}Y_{54}Y_{58} \oplus Y_{16}Y_{20}Y_{54}Y_{58}. \end{aligned} \end{aligned}$$ -
Function h : Given two 68-bit vectors X and Y and a constant vector L, the function h returns 1 bit computed as:
$$\begin{aligned} \begin{aligned} h(X,Y,L) =&~L_{0} \oplus X_{1} \oplus Y_{2} \oplus X_{4} \oplus Y_{10} \oplus X_{25} \oplus X_{31} \oplus Y_{43} \oplus X_{56} \oplus Y_{59} \\&\oplus Y_{3}X_{55} \oplus X_{46}X_{55} \oplus X_{55}Y_{59} \oplus Y_{3}X_{25}X_{46} \oplus Y_{3}X_{46}X_{55} \\&\oplus Y_{3}X_{46}Y_{59} \oplus L_{0}X_{25}X_{46}Y_{59} \oplus L_{0}X_{25}. \end{aligned} \end{aligned}$$ -
D-QUARK. D-QUARK is the intermediary version of the QUARK family. It provides a hash value of 160 bits and has 80 bits of security level. The functions f, g, and h, are defined below:
-
Function f : Uses the same function f of U-QUARK, but with taps, 0, 11, 18, 19, 27, 36, 42, 47, 58, 64, 67, 71, 79 instead of 0, 9, 14, 15, 21, 28, 33, 37, 45, 50, 52, 55, 59, respectively.
-
Function g : Uses the same function g of U-QUARK, but with taps, 0, 9, 19, 20, 25, 38, 44, 47, 54, 63, 67, 69, 78 instead of 0, 7, 15, 16, 20, 30, 35, 37, 42, 49, 51, 54, 58, respectively.
-
Function h : Given two 88-bit vectors X and Y and a constant vector L, the function h returns 1 bit computed as:
$$\begin{aligned} \begin{aligned} h(X,Y,L) =&~L_{0} \oplus X_{1} \oplus Y_{2} \oplus X_{5} \oplus Y_{12} \oplus Y_{24} \oplus X_{35} \oplus X_{40} \oplus X_{48} \oplus Y_{55}\\&\oplus Y_{61} \oplus Y_{79} \oplus Y_{4}X_{68} \oplus X_{57}X_{68} \oplus X_{68}Y_{79} \oplus Y_{4}X_{35}X_{57} \\&\oplus X_{72} \oplus Y_{4}X_{57}X_{68} \oplus Y_{4}X_{57}Y_{79} \oplus L_{0}X_{35}X_{57}Y_{79} \oplus L_{0}X_{35}. \end{aligned} \end{aligned}$$ -
S-QUARK. The S-QUARK is the version that provides the highest level of security in the family QUARK. It provides a hash value of 256-bits and has 112 bits of security level. Like the other versions of QUARK, it uses essentially three functions, f, g and h, which are defined below:
-
Function f : Uses the same function f of U-QUARK, but with taps, 0, 16, 26, 28, 39, 52, 61, 69, 84, 94, 97, 103, 111 instead of 0, 9, 14, 15, 21, 28, 33, 37, 45, 50, 52, 55, 59, respectively.
-
Function g : Uses the same function g of U-QUARK, but with taps, 0, 13, 28, 30, 37, 56, 65, 69, 79, 92, 96, 101, 109 instead of 0, 7, 15, 16, 20, 30, 35, 37, 42, 49, 51, 54, 58, respectively.
-
Function h : Given two 128-bit vectors X and Y and a constant vector L, the function h returns 1 bit computed as:
$$\begin{aligned} \begin{aligned} h(X,Y,L) =&~L_{0} \oplus X_{1} \oplus Y_{3} \oplus X_{7} \oplus Y_{18} \oplus Y_{34} \oplus X_{47} \oplus X_{58} \oplus Y_{71} \oplus Y_{80} \\&\oplus X_{90} \oplus Y_{91} \oplus X_{105} \oplus Y_{111} \oplus Y_{8}X_{100} \oplus X_{72}X_{100} \oplus X_{100}Y_{111} \\&\oplus Y_{8}X_{47}X_{72} \oplus Y_{8}X_{72}X_{100} \oplus Y_{8}X_{72}Y_{111} \oplus L_{0}X_{47}X_{72}Y_{111} \\&\oplus L_{0}X_{47}. \end{aligned} \end{aligned}$$
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this paper
Cite this paper
Cabral, R., López, J. (2016). Fast Software Implementation of QUARK on a 32-Bit Architecture. In: Güneysu, T., Leander, G., Moradi, A. (eds) Lightweight Cryptography for Security and Privacy. LightSec 2015. Lecture Notes in Computer Science(), vol 9542. Springer, Cham. https://doi.org/10.1007/978-3-319-29078-2_7
Download citation
DOI: https://doi.org/10.1007/978-3-319-29078-2_7
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-29077-5
Online ISBN: 978-3-319-29078-2
eBook Packages: Computer ScienceComputer Science (R0)