skip to main content
research-article

On the exploitation of a high-throughput SHA-256 FPGA design for HMAC

Published: 23 March 2012 Publication History

Abstract

High-throughput and area-efficient designs of hash functions and corresponding mechanisms for Message Authentication Codes (MACs) are in high demand due to new security protocols that have arisen and call for security services in every transmitted data packet. For instance, IPv6 incorporates the IPSec protocol for secure data transmission. However, the IPSec's performance bottleneck is the HMAC mechanism which is responsible for authenticating the transmitted data. HMAC's performance bottleneck in its turn is the underlying hash function. In this article a high-throughput and small-size SHA-256 hash function FPGA design and the corresponding HMAC FPGA design is presented. Advanced optimization techniques have been deployed leading to a SHA-256 hashing core which performs more than 30% better, compared to the next better design. This improvement is achieved both in terms of throughput as well as in terms of throughput/area cost factor. It is the first reported SHA-256 hashing core that exceeds 11Gbps (after place and route in Xilinx Virtex 6 board).

References

[1]
CAST Inc. SHA-256 Core. Commercia IP datasheet. http://www.cast-inc.com/cores.
[2]
Cerf, V. 2010. Vint Cerf pushes for NZ IPv6 transition., Computer World Portal. Press Room. http://computerworld.co.nz/news.nsf/news/vint-cerf-pushes-for-nz-ipv6-transition.
[3]
Chaves, R., Kuzmanov, G. K., Sousa, L. A., and Vassiliadis, S. 2006. Improving SHA-2 Hardware Implementations. In Proceedings of the Workshop on Cryptographic Hardware and Embedded Systems (CHES'06). 298--310.
[4]
Chaves, R., Kuzmanov, G. K., Sousa, L. A., and Vassiliadis, S. 2008. Cost-efficient SHA hardware accelerators. IEEE Trans. VLSI Syst. 16, 8, 999--1008.
[5]
Dobbertin, H. 1996. The status of MD5 after a recent attack. RSALabs' CryptoBytes. 2, 2.
[6]
Dominikus, S. 2002. A hardware implementation of MD4-family hash algorithms. In Proceedings of the IEEE International Conference on Electronics Circuits and Systems (ICECS'02). 1143--1146.
[7]
Doraswamy, N. and Harkins, D. 2003. IPSec—The New Security Standard for the Internet, Intranets and Virtual Private Networks. 2nd Ed. Prentice-Hall PTR Publications.
[8]
Friedl, S. 2003. An illustrated guide to IPSec. http://www.unixwiz.netltechtips/iguide-ipsec.html.
[9]
Glabb, R., Imbert, L., Jullien, G., Tisserand, A., and Veyrat-Charvillon, N. 2007. Multi-mode operator for SHA-2 hash functions. J. Syst. Archit. 53, 2--3, 127--138.
[10]
Granado-Criado, J. M., Vega-Rodriguez, M. A., Sanchez-Perez, J. M., and Gomez-Pulido, J. A. 2010. A new methodology to implement the AES algorithm using partial and dynamic reconfiguration. Integration, VLSI J. 43, 72--80.
[11]
Helion Technology Ltd. Data security products. Commercial IP datasheet. http://www.heliontech.com/auth.htm.
[12]
Hodjat, A. and Verbauwhede, L. 2004. A 21.54 Gbits/s fully pipelined AES processor on FPGA. In Proceedings of the 12th Annual IEEE Symposium on Field-Programmable Custom Computing Machines. IEEE Computer Society, Los Alamitos, CA, 308--309.
[13]
Johnston, D. and Walker, J. 2004. Overview of IEEE 802.16 security. IEEE Secur. Priv. 2, 3, 40--48.
[14]
Khan, E., El-Kharashi, M. W., Gebali, F., and Abd-El-Barr, M. 2005. A reconfigurable hardware unit for the HMAC algorithm. In Proceedings of the 3rd International Conference on Information and Communication Technology. 861--874.
[15]
Kim, M., Kim, Y., Ryou, J., and Jun, S. 2007. Efficient implementation of the keyed-hash message authentication code based on SHA-1 algorithm for mobile trusted computing. In Proceedings of the 4th International Conference on Autonomic and Trusted Computing (ATC'07). 410--419.
[16]
Kim, T., Jao, W. I., and Tjang, S. 1998. Arithmetic optimization using carry-save-adders. In Proceedings of the 35th Annual Design Automation Conference (DAC'98). ACM, New York, NY, 433--438.
[17]
Kim, Y., Ryou, J., and Jun, S. 2009. Efficient hardware architecture of SHA-256 algorithm for trusted mobile computing. In Proceedings of the 4th International Conference on Information Security and Cryptology. Revised Selected Papers, M. Yung, P. Liu, and D. Lin, Eds., Lecture Notes In Computer Science, vol. 5437, Springer, 240--252.
[18]
Loeb, L. 1998. Secure Electronic Transactions: Introduction and Technical Reference. Artech House Publishers. Norwood, MA.
[19]
McEvoy, R. P., Crowe, F. M., Murphy, C. C., and William, P. 2006. Optimisation of the SHA-2 family of hash functions on FPGAs. In Proceedings of the IEEE Annual Symposium on VLSI (ISVLSI'06). 317--322
[20]
Michail, H. 2010. Cryptography in the Dawn of IPv6. IEEE GOLDRush Newsl. 17.
[21]
Michail, H., Kakarountas, A. P., Milidonis, A., and Goutis, C. E. 2009. A top-down design methodology for ultra high-performance hashing cores. IEEE Trans. Depend. Secure Comput. 6, 4, 255--268.
[22]
Michail, H., Milidonis, A., Kakarountas, A. P., and Goutis, C. E. 2005. Novel high throughput implementation of SHA-256 hash function through pre-computation technique. In Proceedings of the IEEE International Conference on Electronics, Circuits and Systems (ICECS'05). 240--244.
[23]
NIST: SP800-77. 2005. Guide to IPSec VPN's. National Institute of Standards and Technology Publications.
[24]
NIST-FIPS. 2002a. Digital signature standard federal information processing standard. (FIPS) Publication 186-1, NIST, US Department of Commerce.
[25]
NIST-FIPS. 2002b. The keyed-hash message authentication code (HMAC) federal information processing standard. (FIPS) Publication 198, NIST, US Department of Commerce.
[26]
NIST-FIPS. 2008. Secure hash standard. (FIPS) Publication 180-3. NIST, US Department of Commerce.
[27]
NIST-SHA3. 2011. Cryptographic hash algorithm competition. http://csrc.nist.gov/groups/ST/hash/sha3/index.html.
[28]
Perset, K. 2008. Internet address space: Economic considerations in the management of ipv4 and in the deployment of IPv6. Ministerial background report by organization for economic co-operation and development. GECD Ministerial Meeting on the Future of the Internet Economy.
[29]
Pouffary, Y. 2000. IPv6 networking for the 21st century. In Proceedings of IPv6 Advantages.
[30]
RFC1321. 1992. The MD5 message digest algorithm. IETF Publications. http://tools.ietf.org/html/rfc1321
[31]
RFC2104. 1997. HMAC: Keyed-hashing for message authentication. IETF Publications. http://tools.ietf.org/html/rfc2104.
[32]
RFC4303. 2005. IP Encapsulating security payload (ESP). IETF Publications. http://tools.ietf.org/html/rfc4303
[33]
Rogawski, M., Xin, X., Homsirikamol, E., Hwang, D., and Gaj, K. 2009. Implementing SHA-l and SHA-2 standards on the eve of SHA-3 competition. In Proceedings of the 7th International Workshop on Cryptographic Architectures Embedded in Reconfigurable Devices (CryptArchi'09).
[34]
Sklavos, N. and Koufopavlou, O. 2005. Implementation of the SHA-2 hash family standard using FPGAs. J. Supercomput. 31, 227--248.
[35]
Softjin Electronic Design. SHA 224/256/384/512 Core. Commercial IP datasheet. http://www.heliontech.com/auth.htm.
[36]
SSL. 1998. Introducton to SSL. http://docs.sun.com/source/816-6156-10/contents.htm.
[37]
Ting, K. K., Yuen, S. C. L., Lee, K.-H., and Leong, P. H. W. 2002. An FPGA based SHA-256 processor. In Proceedings of the 12th International Conference on Field Programmable Logic and Applications. M. Glesner, P. Zipf, and M.Renovell, Eds., Lecture Notes in Computer Science, vol. 2438, Springer, 577--585.
[38]
Wang X., Yin, Y. L., and Yu, H. 2005. Finding collisions in the full SHA1. In Proceedings of the 25th Annual International Cryptology Conference. Lecture Notes in Computer Science, vol. 3621, Springer, 17--36.
[39]
Zeghid, M., Bouallegue, B., Baganne, A., Machhout, M., and Tourki, R. 2007. A reconfigurable implementation of the new secure hash algorithm. In Proceedings of the 2nd International Conference on Availability, Reliability and Security. IEEE Computer Society, Los Alamitos, CA, 281--285.
[40]
Zeghid, M., Bouallegue, B., Baganne, A., Machhout, M., and Tourki, R. 2008. Architectural design features of a programmable high throughput reconfigurable SHA-2 Processor. J. Inf. Assur. Secur. 2, 147--158.

Cited By

View all
  • (2024)Thiết Kế Và Đánh Giá Thuật Toán Băm Bảo Mật SHA-256 Trên Nền Tảng Phần Cứng ZynQ-702Journal of Technical Education Science10.54644/jte.2024.142119:04(11-23)Online publication date: 28-Aug-2024
  • (2024)SHA-256 Hardware Proposal for IoT Devices in the Blockchain ContextSensors10.3390/s2412390824:12(3908)Online publication date: 17-Jun-2024
  • (2024)Hator: A High-Efficiency CGRA-Based 32/64-Bit Hashing Accelerator with Real-Time Performance Analysis2024 IEEE 17th International Symposium on Embedded Multicore/Many-core Systems-on-Chip (MCSoC)10.1109/MCSoC64144.2024.00033(137-144)Online publication date: 16-Dec-2024
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Transactions on Reconfigurable Technology and Systems
ACM Transactions on Reconfigurable Technology and Systems  Volume 5, Issue 1
March 2012
148 pages
ISSN:1936-7406
EISSN:1936-7414
DOI:10.1145/2133352
Issue’s Table of Contents
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 23 March 2012
Received: 01 August 2011
Accepted: 01 July 2011
Revised: 01 June 2011
Published in TRETS Volume 5, Issue 1

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. Hash functions
  2. fpga
  3. message authentication codes
  4. security

Qualifiers

  • Research-article
  • Research
  • Refereed

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)15
  • Downloads (Last 6 weeks)0
Reflects downloads up to 20 Jan 2025

Other Metrics

Citations

Cited By

View all
  • (2024)Thiết Kế Và Đánh Giá Thuật Toán Băm Bảo Mật SHA-256 Trên Nền Tảng Phần Cứng ZynQ-702Journal of Technical Education Science10.54644/jte.2024.142119:04(11-23)Online publication date: 28-Aug-2024
  • (2024)SHA-256 Hardware Proposal for IoT Devices in the Blockchain ContextSensors10.3390/s2412390824:12(3908)Online publication date: 17-Jun-2024
  • (2024)Hator: A High-Efficiency CGRA-Based 32/64-Bit Hashing Accelerator with Real-Time Performance Analysis2024 IEEE 17th International Symposium on Embedded Multicore/Many-core Systems-on-Chip (MCSoC)10.1109/MCSoC64144.2024.00033(137-144)Online publication date: 16-Dec-2024
  • (2024)MRCA: Multi-grained Reconfigurable Cryptographic Accelerator for Diverse Security Requirements2024 IEEE Symposium in Low-Power and High-Speed Chips (COOL CHIPS)10.1109/COOLCHIPS61292.2024.10531185(1-6)Online publication date: 17-Apr-2024
  • (2023)A High-Speed FPGA-Based Hardware Implementation for Leighton-Micali SignatureIEEE Transactions on Circuits and Systems I: Regular Papers10.1109/TCSI.2022.321001670:1(241-252)Online publication date: Jan-2023
  • (2022)In-Memory Computation Based Mapping of Keccak-f Hash FunctionFrontiers in Nanotechnology10.3389/fnano.2022.8417564Online publication date: 16-Mar-2022
  • (2022)Research on application of efficient hash function in blockchain technologyInternational Conference on High Performance Computing and Communication (HPCCE 2021)10.1117/12.2628073(17)Online publication date: 18-Feb-2022
  • (2022)High-performance Multi-function HMAC-SHA2 FPGA Implementation2022 20th IEEE Interregional NEWCAS Conference (NEWCAS)10.1109/NEWCAS52662.2022.9842174(30-34)Online publication date: 19-Jun-2022
  • (2022)A Coarse Grained Reconfigurable Architecture for SHA-2 Acceleration2022 IEEE International Parallel and Distributed Processing Symposium Workshops (IPDPSW)10.1109/IPDPSW55747.2022.00117(671-678)Online publication date: May-2022
  • (2022)A High-Efficiency FPGA-Based Multimode SHA-2 AcceleratorIEEE Access10.1109/ACCESS.2022.314614810(11830-11845)Online publication date: 2022
  • Show More Cited By

View Options

Login options

Full Access

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Media

Figures

Other

Tables

Share

Share

Share this Publication link

Share on social media