Skip to main content
SpringerLink
Log in

High-Speed FPGA Implementation of Secure Hash Algorithm for IPSec and VPN Applications

  • Published:
The Journal of Supercomputing Aims and scope Submit manuscript

Abstract

Hash functions are special cryptographic algorithms, which are applied wherever message integrity and authentication are critical. Implementations of these functions are cryptographic primitives widely used in common cryptographic schemes and security protocols such as Internet Protocol Security (IPSec) and Virtual Private Network (VPN). In this paper, a novel FPGA implementation of the Secure Hash Algorithm 1 (SHA-1) is proposed. The proposed architecture exploits the benefits of pipeline and re-timing of execution through pre-computation of intermediate temporal values. Pipeline allows division of the calculation of the hash value in four discreet stages, corresponding to the four required rounds of the algorithm. Re-timing is based on the decomposition of the SHA-1 expression to separate information dependencies and independencies. This allows pre-computation of intermediate temporal values in parallel to the calculation of other independent values. Exploiting the information dependencies, the fundamental operational block of SHA-1 is modified so that maximum operation frequency is increased by 30% approximately with negligible area penalty compared to other academic and commercial implementations. The proposed SHA-1 hash function was prototyped and verified using a XILINX FPGA device. The implementation’s characteristics are compared to alternative implementations proposed by the academia and the industry, which are available in the international IP market. The proposed implementation achieved a throughput that exceeded 2,5 Gbps, which is the highest among all similar IP cores for the targeted XILINX technology.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. National Institute of Standards and Technology (NIST). Secure Hash Standard (SHS), FIPS PUB, 180–2, Standard, 2002.

  2. National Institute of Standards and Technology (NIST). The Keyed-Hash Message Authentication Code (HMAC), FIPS PUB, 198 Standard, 2002.

  3. National Institute of Standards and Technology (NIST). Digital Signature Standard (DSS), FIPS PUB, 186–2, 2000.

  4. IP Security Protocol (IPSEC) Charter—Latest RFCs and Internet Drafts for IPSec, http://www.ietf.org/html.charters/ipsec-charter.html.

  5. National Institute of Standards and Technology (NIST). Escrowed Encryption Standard (EES), FIPS PUB, 185, 1994.

  6. J. Menezes, P. C. van Oorschot, and S. A. Vanstone. Handbook of Applied Cryptography. CRC Press Inc., Boca Raton, 1996.

    Google Scholar 

  7. W. Stallings. Cryptography and Network Security, 2nd ed. Prentice-Hall Inc., Upper Saddle River, New Jersey, 1999.

    Google Scholar 

  8. S. Dominikus. A Hardware Implementation of MD-4 Family Hash Algorithms. In IEEE International Conference on Electronics, Circuits and Systems, 1143–1146, 2002.

  9. G. Selimis, N. Sklavos, and O. Koufopavlou. VLSI Implementation of the Keyed-Hash Message Authentication Code for the Wireless Application Protocol. In IEEE International Conference on Electronics, Circuits and Systems, 24–27, 2003.

  10. T. Grembowski, R. Lien, K. Gaj, N. Nguyen, P. Bellows, J. Flidr, T. Lehman, and B. Schott. Comparative Analysis of the Hardware Implementations of Hash Functions SHA-1 and SHA-512. A. H. Chan and V. Gligor, eds., In Information Security Conference, 75–89. Springer-Verlag, Heidelberg, 2002.

  11. Y. K. Kang, D. W. Kim, T. W. Kwon, and J. R. Choi. An Efficient Implementation of Hash Function Processor for IPSEC. In IEEE Asia-Pacific Conference on ASIC, sec. 2B(4), 2002.

  12. J. M. Diez, S. Bojanic, C. Carreras, and O. Nieto-Taladriz. Hash Algorithms for Cryptographic Protocols: FPGA Implementations. TELefonica FORum, 2002.

  13. N. Sklavos, G. Dimitroulakos, G., and O. Koufopavlou. An Ultra High Speed Architecture for VLSI Implementation of Hash Functions. In IEEE International Conference on Electronics, Circuits and Systems, 990–993, 2003.

  14. N. Sklavos, P. Kitsos, E. Alexopoulos, and O. Koufopavlou. Open Mobile Alliance (OMA) Security Layer: Architecture, Implementation and Performance Evaluation of the Integrity Unit. New Generation Computing: Computing Paradigms and Computational Intelligence, Springer-Verlag, (In print) 2004.

  15. N. Sklavos, E. Alexopoulos, and O. Koufopavlou. Networking Data Integrity: High Speed Architectures and Hardware Implementations. IAJIT Journal, 1:54–59, 2003.

    Google Scholar 

  16. F. Crowe, A. Daly, T. Kerins, and W. Marnane. Single-Chip Implementation of a Cryptographic Co-Processor. In IEEE International Conference on Field-Programmable Technology, 2004.

  17. S. Pongyupinpanich, and S. Choomchuay. An Architecture for SHA-1 Applied for DSA. In Third Asian International Mobile Computing Conference (AMOC 2004), Thailand, 133–136, 2004.

  18. R. Lien, T. Grembowski, and K. Gaj. A 1 Gbit/s Partially Unrolled Architecture of Hash Functions SHA-1 and SHA-512. In T. Okamoto, ed., In Cryptographers Track at RSA Conference, 324–338. Springer-Verlag. Berlin Heidelberg, 2004.

  19. R. L. Rivest. The MD5 Message Digest Algorithm. IETF Network Working Group, RFC 1321, 1992.

  20. M. Roe. Performance of Block Ciphers and Hash Functions-One Year Later. Second International Workshop for Fast Software Encryption, 359–362, 1994.

  21. H. Dobbertin, A.Bosselaers and B. Preneel. RIPEMD-160 a strengthened version of RIPEMD. In Fast Software Encryption, LNCS 1039, 71–82. Springer-Verlag. Berlin Heidelberg, 1996.

  22. ALMA Technologies. Web page, available at http://www.alma-tech.com

  23. Bisquare Systems Private Ltd. Web page, available at http://www.bisquare.com

  24. Helion Technology Ltd. Web page, available at http://www.heliontech.com

  25. Intron, Ltd. Web page, available at http://www.lviv.uar.net/~intron/

  26. Ocean Logic Ltd. Web page, available at http://www.ocean-logic.com

  27. Amphion. Web page, available at http://www.amphion.com/index.html

Download references

Author information

Authors and Affiliations

  1. VLSI Design Laboratory, University of Patras, Patras, GREECE

    Athanasios P. Kakarountas, Haralambos Michail, Athanasios Milidonis & Costas E. Goutis

  2. Electronics Laboratory, Physics Department, Aristotle University of Thessaloniki, Thessaloniki, GREECE

    George Theodoridis

Authors
  1. Athanasios P. Kakarountas
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Haralambos Michail
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Athanasios Milidonis
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Costas E. Goutis
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. George Theodoridis
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Athanasios P. Kakarountas.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Kakarountas, A.P., Michail, H., Milidonis, A. et al. High-Speed FPGA Implementation of Secure Hash Algorithm for IPSec and VPN Applications. J Supercomput 37, 179–195 (2006). https://doi.org/10.1007/s11227-006-5682-5

Download citation

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11227-006-5682-5

Keywords

Search

Navigation