Pub Date : 2010-06-13DOI: 10.1109/HST.2010.5513107
Johann Heyszl, F. Stumpf
In this contribution, we present a highly efficient single-message protocol for repeated entity authentication based on Elliptic Curve Cryptography (ECC). Repeated unilateral authentication is used in scenarios where a prover repeatedly authenticates himself to the same verifier. Our protocol requires the transfer of only one single message for this purpose and reduces the required computations on the prover's side to a minimum which supports efficient implementations. In order to support this, a three pass setup protocol has to performed once. We have proven the efficiency of our approach through a prototype implementation of a remote keyless entry system including a microcontroller and an FPGA-based, GF(2163) Elliptic Curve (EC) co-processor which features state-of-the-art measures against simple and differential power analysis and fault attacks. General modular arithmetic is performed on the microcontroller and the EC scalar point multiplication is executed in 93.5k clock cycles on the FPGA based EC co-processor which has a hardware complexity of 12.7k gate equivalents. Our implementation results confirm the efficiency of our protocol for application scenarios where repeated authentication is performed through low-energy, uni-directional devices like in remote access control.
{"title":"Efficient one-pass entity authentication based on ECC for constrained devices","authors":"Johann Heyszl, F. Stumpf","doi":"10.1109/HST.2010.5513107","DOIUrl":"https://doi.org/10.1109/HST.2010.5513107","url":null,"abstract":"In this contribution, we present a highly efficient single-message protocol for repeated entity authentication based on Elliptic Curve Cryptography (ECC). Repeated unilateral authentication is used in scenarios where a prover repeatedly authenticates himself to the same verifier. Our protocol requires the transfer of only one single message for this purpose and reduces the required computations on the prover's side to a minimum which supports efficient implementations. In order to support this, a three pass setup protocol has to performed once. We have proven the efficiency of our approach through a prototype implementation of a remote keyless entry system including a microcontroller and an FPGA-based, GF(2163) Elliptic Curve (EC) co-processor which features state-of-the-art measures against simple and differential power analysis and fault attacks. General modular arithmetic is performed on the microcontroller and the EC scalar point multiplication is executed in 93.5k clock cycles on the FPGA based EC co-processor which has a hardware complexity of 12.7k gate equivalents. Our implementation results confirm the efficiency of our protocol for application scenarios where repeated authentication is performed through low-energy, uni-directional devices like in remote access control.","PeriodicalId":6367,"journal":{"name":"2010 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2010-06-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"79519240","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2010-06-13DOI: 10.1109/HST.2010.5513110
Junfeng Fan, Xu Guo, E. D. Mulder, P. Schaumont, B. Preneel, I. Verbauwhede
Implementations of cryptographic primitives are vulnerable to physical attacks. While the adversary only needs to succeed in one out of many attack methods, the designers have to consider all the known attacks, whenever applicable to their system, simultaneously. Thus, keeping an organized, complete and up-to-date table of physical attacks and countermeasures is of paramount importance to system designers. This paper summarizes known physical attacks and countermeasures on Elliptic Curve Cryptosystems. Instead of repeating the details of different attacks, we focus on a systematic way of organizing and understanding known attacks and countermeasures. Three principles of selecting countermeasures to thwart multiple attacks are given. This paper can be used as a road map for countermeasure selection in a first design iteration.
{"title":"State-of-the-art of secure ECC implementations: a survey on known side-channel attacks and countermeasures","authors":"Junfeng Fan, Xu Guo, E. D. Mulder, P. Schaumont, B. Preneel, I. Verbauwhede","doi":"10.1109/HST.2010.5513110","DOIUrl":"https://doi.org/10.1109/HST.2010.5513110","url":null,"abstract":"Implementations of cryptographic primitives are vulnerable to physical attacks. While the adversary only needs to succeed in one out of many attack methods, the designers have to consider all the known attacks, whenever applicable to their system, simultaneously. Thus, keeping an organized, complete and up-to-date table of physical attacks and countermeasures is of paramount importance to system designers. This paper summarizes known physical attacks and countermeasures on Elliptic Curve Cryptosystems. Instead of repeating the details of different attacks, we focus on a systematic way of organizing and understanding known attacks and countermeasures. Three principles of selecting countermeasures to thwart multiple attacks are given. This paper can be used as a road map for countermeasure selection in a first design iteration.","PeriodicalId":6367,"journal":{"name":"2010 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2010-06-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"77772191","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2010-06-13DOI: 10.1109/HST.2010.5513122
S. Narasimhan, R. Chakraborty, Dongdong Du, Somnath Paul, F. Wolff, C. Papachristou, K. Roy, S. Bhunia
Malicious alterations of integrated circuits during fabrication in untrusted foundries pose major concern in terms of their reliable and trusted field operation. It is extremely difficult to discover such alterations, also referred to as “hardware Trojans” using conventional structural or functional testing strategies. In this paper, we propose a novel non-invasive, multiple-parameter side-channel analysis based Trojan detection approach that is capable of detecting malicious hardware modifications in the presence of large process variation induced noise. We exploit the intrinsic relationship between dynamic current (IDDT ) and maximum operating frequency (Fmax) of a circuit to distinguish the effect of a Trojan from process induced fluctuations in IDDT . We propose a vector generation approach for IDDT measurement that can improve the Trojan detection sensitivity for arbitrary Trojan instances. Simulation results with two large circuits, a 32-bit integer execution unit (IEU) and a 128-bit Advanced Encryption System (AES) cipher, show a detection resolution of 0.04% can be achieved in presence of ±20% parameter (Vth) variations. The approach is also validated with experimental results using 120nm FPGA (Xilinx Virtex-II) chips.
{"title":"Multiple-parameter side-channel analysis: A non-invasive hardware Trojan detection approach","authors":"S. Narasimhan, R. Chakraborty, Dongdong Du, Somnath Paul, F. Wolff, C. Papachristou, K. Roy, S. Bhunia","doi":"10.1109/HST.2010.5513122","DOIUrl":"https://doi.org/10.1109/HST.2010.5513122","url":null,"abstract":"Malicious alterations of integrated circuits during fabrication in untrusted foundries pose major concern in terms of their reliable and trusted field operation. It is extremely difficult to discover such alterations, also referred to as “hardware Trojans” using conventional structural or functional testing strategies. In this paper, we propose a novel non-invasive, multiple-parameter side-channel analysis based Trojan detection approach that is capable of detecting malicious hardware modifications in the presence of large process variation induced noise. We exploit the intrinsic relationship between dynamic current (IDDT ) and maximum operating frequency (Fmax) of a circuit to distinguish the effect of a Trojan from process induced fluctuations in IDDT . We propose a vector generation approach for IDDT measurement that can improve the Trojan detection sensitivity for arbitrary Trojan instances. Simulation results with two large circuits, a 32-bit integer execution unit (IEU) and a 128-bit Advanced Encryption System (AES) cipher, show a detection resolution of 0.04% can be achieved in presence of ±20% parameter (Vth) variations. The approach is also validated with experimental results using 120nm FPGA (Xilinx Virtex-II) chips.","PeriodicalId":6367,"journal":{"name":"2010 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2010-06-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"78346706","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2010-06-13DOI: 10.1109/HST.2010.5513108
A. Maiti, Jeff Casarona, Luke McHale, P. Schaumont
To validate the effectiveness of a Physical Unclonable Function (PUF), it needs to be characterized over a large population of chips. Though simulation methods can provide approximate results, an on-chip experiment produces more accurate result. In this paper, we characterize a PUF based on ring oscillator (RO) using a significantly large population of 125 FPGAs. We analyze the experimental data using a ring oscillator loop delay model, and quantify the quality factors of a PUF such as uniqueness and reliability. The RO-PUF shows an average inter-die Hamming distance of 47.31%, and an average intra-die Hamming distance of 0.86% at normal operating condition. Additionally, we intend to make this large RO frequency dataset available publicly for the research community.
{"title":"A large scale characterization of RO-PUF","authors":"A. Maiti, Jeff Casarona, Luke McHale, P. Schaumont","doi":"10.1109/HST.2010.5513108","DOIUrl":"https://doi.org/10.1109/HST.2010.5513108","url":null,"abstract":"To validate the effectiveness of a Physical Unclonable Function (PUF), it needs to be characterized over a large population of chips. Though simulation methods can provide approximate results, an on-chip experiment produces more accurate result. In this paper, we characterize a PUF based on ring oscillator (RO) using a significantly large population of 125 FPGAs. We analyze the experimental data using a ring oscillator loop delay model, and quantify the quality factors of a PUF such as uniqueness and reliability. The RO-PUF shows an average inter-die Hamming distance of 47.31%, and an average intra-die Hamming distance of 0.86% at normal operating condition. Additionally, we intend to make this large RO frequency dataset available publicly for the research community.","PeriodicalId":6367,"journal":{"name":"2010 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2010-06-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"85397954","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2010-06-13DOI: 10.1109/HST.2010.5513117
G. Becker, Markus Kasper, A. Moradi, C. Paar
Intellectual property (IP) right violations are an increasing problem for hardware designers. Illegal copies of IP cores can cause multi-million dollar damages and are thus considered a serious threat. One possible solution to this problem can be digital watermarking schemes for integrated circuits. We propose a new watermarking technique that employs side-channels as building blocks and can easily and reliably be detected by methods adapted from side-channel analysis. The main idea is to embed a unique signal into a side-channel of the device that serves as a watermark. This enables circuit designers to check integrated circuits for unauthorized use of their watermarked cores. The watermark is hidden below the noise floor of the side channel and is thus hidden from third parties. Furthermore, the proposed schemes can be implemented with very few gates and are thus even harder to detect and to remove. The proposed watermarks can also be realized in a programmable fashion to leak a digital signature.
{"title":"Side-channel based watermarks for integrated circuits","authors":"G. Becker, Markus Kasper, A. Moradi, C. Paar","doi":"10.1109/HST.2010.5513117","DOIUrl":"https://doi.org/10.1109/HST.2010.5513117","url":null,"abstract":"Intellectual property (IP) right violations are an increasing problem for hardware designers. Illegal copies of IP cores can cause multi-million dollar damages and are thus considered a serious threat. One possible solution to this problem can be digital watermarking schemes for integrated circuits. We propose a new watermarking technique that employs side-channels as building blocks and can easily and reliably be detected by methods adapted from side-channel analysis. The main idea is to embed a unique signal into a side-channel of the device that serves as a watermark. This enables circuit designers to check integrated circuits for unauthorized use of their watermarked cores. The watermark is hidden below the noise floor of the side channel and is thus hidden from third parties. Furthermore, the proposed schemes can be implemented with very few gates and are thus even harder to detect and to remove. The proposed watermarks can also be realized in a programmable fashion to leak a digital signature.","PeriodicalId":6367,"journal":{"name":"2010 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2010-06-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"81055830","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2010-06-13DOI: 10.1109/HST.2010.5513115
F. Koushanfar, Y. Alkabani
This paper presents a provably secure method for embedding multiple watermarks in sequential designs. A number of different watermarks signed with the IP owner's secret key from a public key cryptography system are generated. The owner's watermarks are then dissembled into the states and transitions of the original sequential design. Hiding the multiple watermarks in the states and transitions is shown to be an instance of obfuscating a multi-point function with a generalized output. We draw on the theoretical cryptographic results of provable obfuscation of this function family to build a secure sequential multi-watermark system by construction. An iterative synthesis method for integrating the collection of watermarks to the original design is introduced. Analysis of watermark properties and the attack resiliency of the new multiple watermarking construction is presented. Experimental evaluations on benchmark circuits demonstrate practicality and low overhead of the new provably secure multiple watermarks construction method.
{"title":"Provably secure obfuscation of diverse watermarks for sequential circuits","authors":"F. Koushanfar, Y. Alkabani","doi":"10.1109/HST.2010.5513115","DOIUrl":"https://doi.org/10.1109/HST.2010.5513115","url":null,"abstract":"This paper presents a provably secure method for embedding multiple watermarks in sequential designs. A number of different watermarks signed with the IP owner's secret key from a public key cryptography system are generated. The owner's watermarks are then dissembled into the states and transitions of the original sequential design. Hiding the multiple watermarks in the states and transitions is shown to be an instance of obfuscating a multi-point function with a generalized output. We draw on the theoretical cryptographic results of provable obfuscation of this function family to build a secure sequential multi-watermark system by construction. An iterative synthesis method for integrating the collection of watermarks to the original design is introduced. Analysis of watermark properties and the attack resiliency of the new multiple watermarking construction is presented. Experimental evaluations on benchmark circuits demonstrate practicality and low overhead of the new provably secure multiple watermarks construction method.","PeriodicalId":6367,"journal":{"name":"2010 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2010-06-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"89055362","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2010-06-13DOI: 10.1109/HST.2010.5513104
Ekarat Laohavaleeson, C. Patel
In cryptographic applications, power consumption variations seen off-chip are a rich source of information for intruders to obtain secret or keying materials from the system. Differential Power Analysis (DPA) technique uses statistical functions to analyze the power consumption and extracts the secret keys from the cipher systems. Consequently, this side-channel information needs to be masked to make it very difficult or practically impossible to perform power analysis on the secured system. In this work, we propose an on-chip DPA countermeasure solution that can be added to an existing cryptographic core at the final design stage with minimal impact. The circuit was implemented in 0.18µm process and the results from detailed layout level simulations are presented in this work. The circuit has been verified to work with typical, fast and slow process parameters.
{"title":"Current flattening circuit for DPA countermeasure","authors":"Ekarat Laohavaleeson, C. Patel","doi":"10.1109/HST.2010.5513104","DOIUrl":"https://doi.org/10.1109/HST.2010.5513104","url":null,"abstract":"In cryptographic applications, power consumption variations seen off-chip are a rich source of information for intruders to obtain secret or keying materials from the system. Differential Power Analysis (DPA) technique uses statistical functions to analyze the power consumption and extracts the secret keys from the cipher systems. Consequently, this side-channel information needs to be masked to make it very difficult or practically impossible to perform power analysis on the secured system. In this work, we propose an on-chip DPA countermeasure solution that can be added to an existing cryptographic core at the final design stage with minimal impact. The circuit was implemented in 0.18µm process and the results from detailed layout level simulations are presented in this work. The circuit has been verified to work with typical, fast and slow process parameters.","PeriodicalId":6367,"journal":{"name":"2010 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2010-06-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"85900672","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2010-06-13DOI: 10.1109/HST.2010.5513111
Kazuyuki Kobayashi, Jun Ikegami, K. Sakiyama, K. Ohta, Miroslav Knezevic, Ünal Koçabas, Junfeng Fan, I. Verbauwhede, Eric Xu Guo, Shin'ichiro Matsuo, Sinan Huang, L. Nazhandali, Akashi Satoh
The objective of the SHA-3 NIST competition is to select, from multiple competing candidates, a standard algorithm for cryptographic hashing. The selected winner must have adequate cryptographic properties and good implementation characteristics over a wide range of target platforms, including both software and hardware. Performance evaluation in hardware is particularly challenging because of the large design space, wide range of target technologies, and multitude of optimization criteria. We describe the efforts of three research groups to evaluate SHA-3 candidates using a common prototyping platform. Using a SASEBO-GII FPGA board as a starting point, we evaluate the performance of the 14 remaining SHA-3 candidates with respect to area, throughput, and power consumption. Our approach defines a standard testing harness for SHA-3 candidates, including the interface specifications for the SHA-3 module on the SASEBO testing board.
{"title":"Prototyping platform for performance evaluation of SHA-3 candidates","authors":"Kazuyuki Kobayashi, Jun Ikegami, K. Sakiyama, K. Ohta, Miroslav Knezevic, Ünal Koçabas, Junfeng Fan, I. Verbauwhede, Eric Xu Guo, Shin'ichiro Matsuo, Sinan Huang, L. Nazhandali, Akashi Satoh","doi":"10.1109/HST.2010.5513111","DOIUrl":"https://doi.org/10.1109/HST.2010.5513111","url":null,"abstract":"The objective of the SHA-3 NIST competition is to select, from multiple competing candidates, a standard algorithm for cryptographic hashing. The selected winner must have adequate cryptographic properties and good implementation characteristics over a wide range of target platforms, including both software and hardware. Performance evaluation in hardware is particularly challenging because of the large design space, wide range of target technologies, and multitude of optimization criteria. We describe the efforts of three research groups to evaluate SHA-3 candidates using a common prototyping platform. Using a SASEBO-GII FPGA board as a starting point, we evaluate the performance of the 14 remaining SHA-3 candidates with respect to area, throughput, and power consumption. Our approach defines a standard testing harness for SHA-3 candidates, including the interface specifications for the SHA-3 module on the SASEBO testing board.","PeriodicalId":6367,"journal":{"name":"2010 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2010-06-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"84115718","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2010-06-13DOI: 10.1109/HST.2010.5513114
Mainak Banga, M. Hsiao
In this paper, we propose a four-step approach to filter and locate malicious insertion(s) implanted in a third party Intellectual Property (3PIP). In our approach, we first remove those easy-to-detect signals whose activation and propagation are easy using functional vectors. The remaining signals are subjected to a N-detect full-scan ATPG tool to identify those which are functionally hard-to-excite and/or propagate. But unlike recognizing hard-to-detect signal(s), behavioral change brought about by these insertion(s) needs to be taken into account to narrow down their implantation locations. So in our third step, detection condition of suspect signals are cross checked against the spec by a suspect-signal-guided equivalence checking set-up. Finally, a region isolation approach is applied on the filtered signals to determine clusters of untestable gates in the circuit. Experimental results on ISCAS'89 benchmarks show that we are able to return a very small set of candidate locations where the stealthy malicious insertion could reside.
{"title":"Trusted RTL: Trojan detection methodology in pre-silicon designs","authors":"Mainak Banga, M. Hsiao","doi":"10.1109/HST.2010.5513114","DOIUrl":"https://doi.org/10.1109/HST.2010.5513114","url":null,"abstract":"In this paper, we propose a four-step approach to filter and locate malicious insertion(s) implanted in a third party Intellectual Property (3PIP). In our approach, we first remove those easy-to-detect signals whose activation and propagation are easy using functional vectors. The remaining signals are subjected to a N-detect full-scan ATPG tool to identify those which are functionally hard-to-excite and/or propagate. But unlike recognizing hard-to-detect signal(s), behavioral change brought about by these insertion(s) needs to be taken into account to narrow down their implantation locations. So in our third step, detection condition of suspect signals are cross checked against the spec by a suspect-signal-guided equivalence checking set-up. Finally, a region isolation approach is applied on the filtered signals to determine clusters of untestable gates in the circuit. Experimental results on ISCAS'89 benchmarks show that we are able to return a very small set of candidate locations where the stealthy malicious insertion could reside.","PeriodicalId":6367,"journal":{"name":"2010 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2010-06-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"81330314","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2010-06-13DOI: 10.1109/HST.2010.5513102
Akashi Satoh, T. Katashita, T. Sugawara, N. Homma, T. Aoki
This paper presents hardware architectures for the hash algorithm Luffa, which is a candidate for the next-generation hash standard SHA-3. The architectures were implemented by using a 90-nm CMOS standard cell library. A high throughput of 35 Gbps for a high-speed architecture and a gate count of 14.7 kgate for a compact architecture were obtained. In comparison with Keccak, other SHA-3 candidate in the sponge function category, as well as with the current hash standard SHA-256, Luffa exhibited the advantage of flexible implementation ranging from high-speed to compact circuits.
{"title":"Hardware implementations of hash function Luffa","authors":"Akashi Satoh, T. Katashita, T. Sugawara, N. Homma, T. Aoki","doi":"10.1109/HST.2010.5513102","DOIUrl":"https://doi.org/10.1109/HST.2010.5513102","url":null,"abstract":"This paper presents hardware architectures for the hash algorithm Luffa, which is a candidate for the next-generation hash standard SHA-3. The architectures were implemented by using a 90-nm CMOS standard cell library. A high throughput of 35 Gbps for a high-speed architecture and a gate count of 14.7 kgate for a compact architecture were obtained. In comparison with Keccak, other SHA-3 candidate in the sponge function category, as well as with the current hash standard SHA-256, Luffa exhibited the advantage of flexible implementation ranging from high-speed to compact circuits.","PeriodicalId":6367,"journal":{"name":"2010 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2010-06-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"73537587","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: