Performance Analysis of the SHA-3 Candidates on Exotic Multi-core Architectures

  • Joppe W. Bos
  • Deian Stefan
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6225)


The NIST hash function competition to design a new cryptographic hash standard ‘SHA-3’ is currently one of the hot topics in cryptologic research, its outcome heavily depends on the public evaluation of the remaining 14 candidates. There have been several cryptanalytic efforts to evaluate the security of these hash functions. Concurrently, invaluable benchmarking efforts have been made to measure the performance of the candidates on multiple architectures. In this paper we contribute to the latter; we evaluate the performance of all second-round SHA-3 candidates on two exotic platforms: the Cell Broadband Engine (Cell) and the NVIDIA Graphics Processing Units (GPUs). Firstly, we give performance estimates for each candidate based on the number of arithmetic instructions, which can be used as a starting point for evaluating the performance of the SHA-3 candidates on various platforms. Secondly, we use these generic estimates and Cell-/GPU-specific optimization techniques to give more precise figures for our target platforms, and finally, we present implementation results of all 10 non-AES based SHA-3 candidates.


Cell Broadband Engine Graphics Processing Unit Hash function SHA-3 


  1. 1.
    American National Standards Institute. ANSI X9.44-2007: Key Establishment Using Integer Factorization Cryptography (2007)Google Scholar
  2. 2.
    Aumasson, J.-P., Henzen, L., Meier, W., Phan, R.C.-W.: SHA-3 proposal BLAKE (2008)Google Scholar
  3. 3.
    Bellare, M., Rogaway, P.: Optimal asymmetric encryption. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 92–111. Springer, Heidelberg (1995)CrossRefGoogle Scholar
  4. 4.
    Benadjila, R., Billet, O., Gilbert, H., Macario-Rat, G., Peyrin, T., Robshaw, M., Seurin, Y.: SHA-3 Proposal: ECHO (2009)Google Scholar
  5. 5.
    Benadjila, R., Billet, O., Gueron, S., Robshaw, M.J.B.: The Intel AES instructions set and the SHA-3 candidates. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 162–178. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  6. 6.
    Bernstein, D.J.: CubeHash specification (2.B.1) (2009)Google Scholar
  7. 7.
    Bertoni, G., Daemen, J., Peeters, M., Assche, G.V.: Keccak specifications (2009)Google Scholar
  8. 8.
    Bevand, M.: MD5 Chosen-Prefix Collisions on GPUs. Black Hat, Whitepaper (2009)Google Scholar
  9. 9.
    Biham, E., Dunkelman, O.: The SHAvite-3 Hash Function (2009)Google Scholar
  10. 10.
    Bos, J.W., Casati, N., Osvik, D.A.: Multi-Stream Hashing on the PlayStation 3. In: PARA 2008. LNCS. Springer, Heidelberg (to appear 2008), Google Scholar
  11. 11.
    Bresson, E., Canteaut, A., Chevallier-Mames, B., Clavier, C., Fuhr, T., Gouget, A., Icart, T., Misarsky, J.-F., Naya-Plasencia, M., Paillier, P., Pornin, T., Reinhard, J.-R., Thuillet, C., Videau, M.: The Hash Function Shabal (2008)Google Scholar
  12. 12.
    Canniere, C.D., Sato, H., Watanabe, D.: Hash Function Luffa (2009)Google Scholar
  13. 13.
    Chen, T., Raghavan, R., Dale, J., Iwata, E.: Cell broadband engine architecture and its first implementation: A performance view (November 2005),
  14. 14.
    Daemen, J., Rijmen, V.: The design of Rijndael. Springer, New York (2002)zbMATHGoogle Scholar
  15. 15.
    Ferguson, N., Lucks, S., Schneier, B., Whiting, D., Bellare, M., Kohno, T., Callas, J., Walker, J.: The Skein Hash Function Family (2009)Google Scholar
  16. 16.
    Gauravaram, P., Knudsen, L.R., Matusiewicz, K., Mendel, F., Rechberger, C., Schläffer, M., Thomsen, S.S.: Grøstl – a SHA-3 candidate (2008)Google Scholar
  17. 17.
    Gligoroski, D., Klima, V., Knapskog, S.J., El-Hadedy, M., Amundsen, J., Mjo lsnes, S.F.: Cryptographic Hash Function BLUE MIDNIGHT WISH (2009)Google Scholar
  18. 18.
    Halevi, S., Hall, W.E., Jutla, C.S.: The Hash Function Fugue (2009)Google Scholar
  19. 19.
    Harrison, O., Waldron, J.: Practical Symmetric Key Cryptography on Modern Graphics Hardware. In: USENIX Security Symposium, pp. 195–210 (2008)Google Scholar
  20. 20.
    Hofstee, H.P.: Power Efficient Processor Architecture and The Cell Processor. In: HPCA 2005, pp. 258–262. IEEE Computer Society, Los Alamitos (2005)Google Scholar
  21. 21.
    IEEE Std 1363-2000. IEEE Standard Specifications for Public-Key Cryptography. IEEE, New York (2000)Google Scholar
  22. 22.
    Krawczyk, H., Bellare, M., Canetti, R.: HMAC: Keyed-Hashing for Message Authentication. RFC 2104, IETF (1997)Google Scholar
  23. 23.
    Küçük, O.: The Hash Function Hamsi (2009)Google Scholar
  24. 24.
    Leurent, G., Bouillaguet, C., Fouque, P.-A.: SIMD Is a Message Digest (2009)Google Scholar
  25. 25.
    Manavski, S.A.: CUDA Compatible GPU as an Efficient Hardware Accelerator for AES Cryptography. In: ICSPC 2007, November 2007, pp. 65–68. IEEE, Los Alamitos (2007)Google Scholar
  26. 26.
    Marechal, S.: Advances in password cracking. Journal in Computer Virology 4(1), 73–81 (2008)CrossRefGoogle Scholar
  27. 27.
    NIST. FIPS-197: Advanced Encryption Standard (AES) (2001),
  28. 28.
    NIST. Secure hash standard. FIPS 180-2 (August 2002),
  29. 29.
    NIST. Announcing request for candidate algorithm nominations for a new cryptographic hash algorithm (SHA-3) family. Technical report, Department of Commerce (November 2007),
  30. 30.
    NVIDIA. NVIDIA Compute. PTX: Parallel Thread Execution (March 2008)Google Scholar
  31. 31.
    NVIDIA. NVIDIA CUDA Programming Guide 2.3 (2009)Google Scholar
  32. 32.
    NVIDIA. NVIDIA’s Next Generation CUDA Compute Architecture: Fermi. Whitepaper (September 2009)Google Scholar
  33. 33.
    Osvik, D.A., Bos, J.W., Stefan, D., Canright, D.: Fast software AES encryption. In: beyer, i. (ed.) FSE 2010. LNCS, vol. 6147, pp. 75–93. Springer, Heidelberg (2010)Google Scholar
  34. 34.
    Patterson, D., Hennessy, J.: Computer organization and design: the hardware/software interface. Morgan Kaufmann, San Francisco (2008)Google Scholar
  35. 35.
    Regenscheid, A., Perlner, R., jen Chang, S., Kelsey, J., Nandi, M., Paul., S.: Status report on the first round of the SHA-3 cryptographic hash algorithm competition. Technical Report 7620, NIST (September 2009),
  36. 36.
    RSA Laboratories. PKCS #1 v2.1: RSA Cryptography Standard (2002)Google Scholar
  37. 37.
    Stevens, M., Sotirov, A., Appelbaum, J., Lenstra, A., Molnar, D., Osvik, D.A., de Weger, B.: Short chosen-prefix collisions for MD5 and the creation of a rogue CA certificate. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 55–69. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  38. 38.
    Szerwinski, R., Güneysu, T.: Exploiting the power of GPUs for asymmetric cryptography. In: Oswald, E., Rohatgi, P. (eds.) CHES 2008. LNCS, vol. 5154, pp. 79–99. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  39. 39.
    Takahashi, O., Cook, R., Cottier, S., Dhong, S.H., Flachs, B., Hirairi, K., Kawasumi, A., Murakami, H., Noro, H., Oh, H., Onish, S., Pille, J., Silberman, J.: The circuit design of the synergistic processor element of a Cell processor. In: ICCAD 2005, pp. 111–117. IEEE Computer Society, Los Alamitos (2005)Google Scholar
  40. 40.
    Wu, H.: The Hash Function JH (2009)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Joppe W. Bos
    • 1
  • Deian Stefan
    • 2
  1. 1.Laboratory for Cryptologic AlgorithmsEPFLLausanneSwitzerland
  2. 2.Dept. of Electrical EngineeringThe Cooper UnionNew YorkUSA

Personalised recommendations