Abstract
Hash functions are used for numerous applications in computer networking, both on classical CPU-based systems and on dedicated hardware like FPGAs. During system development, hardware implementations require particular attention to take full advantage of performance gains through parallelization when using hashes. For many use cases, such as hash tables or Bloom filters, several independent short hash values for the same input key are needed. Here we consider the question how to save resources by splitting one large hash value into multiple sub-hashes. We demonstrate that even small flaws in the avalanche effect of a hash function induce significant deviation from a uniform distribution in such sub-hashes, which allows potential denial-of-service attacks. We further consider the cryptographic hash SHA3 and other non-cryptographic hashes, which do not exhibit such weaknesses, in terms of resource usage and latency in an FPGA implementation. The results show that while SHA3 was intended for security applications, it also outperforms the non-cryptographic hashes for other use cases on FPGAs.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Shi, Z., Ma, C., Cote, J., Wang, B.: Hardware implementation of hash functions. In: Tehranipoor, M., Wang, C. (eds.) Introduction to Hardware Security and Trust, pp. 27–50. Springer, Heidelberg (2012)
Bookstein, A.: Double hashing. J. Am. Soc. Inf. Sci. 23(6), 402 (1972)
Pagh, R., Rodler, F.F.: Cuckoo hashing. In: Heide, F.M. (ed.) ESA 2001. LNCS, vol. 2161, pp. 121–133. Springer, Heidelberg (2001). doi:10.1007/3-540-44676-1_10
Bloom, B.H.: Space/time trade-offs in hash coding with allowable errors. Commun. ACM 13(7), 422–426 (1970)
Broder, A., Mitzenmacher, M.: Using multiple hash functions to improve IP lookups. In: Proceedings of INFOCOM 2001, Twentieth Annual Joint Conference of the IEEE Computer and Communications Societies, vol. 3. IEEE (2001)
Feistel, H.: Cryptography and computer privacy. Sci. Am. 228(5), 15–23 (1973)
Neustar Inc, “Choosing a Good Hash Function, Part 3,” February 2012. https://research.neustar.biz/2012/02/02/choosing-a-good-hash-function-part-3/. Accessed 15 November 2016
oCERT.org, “#2012-001 multiple implementations denial-of-service via MurmurHash algorithm collision” (2012). http://www.ocert.org/advisories/ocert-2012-001.html. Accessed 14 November 2016
“Federal Register, vol. 72, no. 212”. http://csrc.nist.gov/groups/ST/hash/documents/FR_Notice_Nov07.pdf. Accessed 14 November 2016
Song, H., Dharmapurikar, S., Turner, J., Lockwood, J.: Fast hash table lookup using extended bloom filter: an aid to network processing. ACM SIGCOMM Comput. Commun. Rev. 35(4), 181–192 (2005)
Broder, A., Mitzenmacher, M.: Network applications of bloom filters: a survey. Internet Math. 1(4), 485–509 (2004)
Attig, M., Dharmapurikar, S., Lockwood, J.: Implementation results of bloom filters for string matching. In: 12th Annual IEEE Symposium on Field-Programmable Custom Computing Machines, FCCM 2004, pp. 322–323. IEEE (2004)
Klima, V.: Tunnels in hash functions: MD5 collisions within a minute. IACR Cryptol. ePrint Arch. 2006, 105 (2006)
Crosby, S., Wallach, D.: Denial of service via algorithmic complexity attacks. In: Usenix Security, vol. 2 (2003)
oCERT.org, “#2011-003 multiple implementations denial-of-service via hash algorithm collision” (2011). http://www.ocert.org/advisories/ocert-2011-003.html. Accessed 14 November 2016
Bar-Yosef, N., Wool, A.: Remote algorithmic complexity attacks against randomized hash tables. In: Filipe, J., Obaidat, M.S. (eds.) ICETE 2007. CCIS, vol. 23, pp. 162–174. Springer, Heidelberg (2008). doi:10.1007/978-3-540-88653-2_12
Jenkins, B.: Various publications on hash functions. http://www.burtleburtle.net/bob/hash/doobs.html,/hash/spooky.html,/c/lookup2.c,/c/lookup3.c. Accessed 15 November 2016
Das, A., Nguyen, D., Zambreno, J., Memik, G., Choudhary, A.: An FPGA-based network intrusion detection architecture. IEEE Trans. Inf. Forensics Secur. 3(1), 118–132 (2008)
Aumasson, J., Bernstein, D.: C++ program to find universal (key-independent) multicollisions for CityHash64. https://131002.net/siphash/citycollisions-20120730.tar.gz. Accessed 14 November 2016
Aumasson, J.-P., Bernstein, D.J.: SipHash: a fast short-input PRF. In: Galbraith, S., Nandi, M. (eds.) INDOCRYPT 2012. LNCS, vol. 7668, pp. 489–508. Springer, Heidelberg (2012). doi:10.1007/978-3-642-34931-7_28
Dworkin, M.: FIPS PUB 202. SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions, August 2015
Secworks Sweden AB, “Siphash verilog.” https://github.com/secworks/siphash. Accessed 15 November 2016
Hsing, H.: http://opencores.org/project,sha3 (2012). Accessed 15 November 2016
Acknowledgements
We would like to acknowledge the support of the German Federal Ministry for Economic Affairs and Energy.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Fiessler, A., Loebenberger, D., Hager, S., Scheuermann, B. (2017). On the Use of (Non-)Cryptographic Hashes on FPGAs. In: Wong, S., Beck, A., Bertels, K., Carro, L. (eds) Applied Reconfigurable Computing. ARC 2017. Lecture Notes in Computer Science(), vol 10216. Springer, Cham. https://doi.org/10.1007/978-3-319-56258-2_7
Download citation
DOI: https://doi.org/10.1007/978-3-319-56258-2_7
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-56257-5
Online ISBN: 978-3-319-56258-2
eBook Packages: Computer ScienceComputer Science (R0)