Harris E. Michail

An RNS Implementation of an

Elliptic curve point multiplication is considered to be the most significant operation in all elliptic curve cryptography systems, as it forms the basis of the elliptic curve discrete logarithm problem. Designs for elliptic curve cryptography point multiplication are area demanding and time consuming. Thus, the efficient realization of point multiplication is of fundamental importance for the performance of an elliptic curve system. In this paper, a hardware architecture of an elliptic curve point multiplier is proposed that exploits the intrinsic parallelism of the residue number system (RNS), in order to speed up the elliptic curve point calculations and minimize the area complexity of the elliptic curve point multiplier. The architecture proves to be the fastest among all known design approaches, while complexity is less than half of that of previous efforts. This architecture also supports the required input (binary-to-RNS) and output (RNS-to-binary) conversions. Through a graph-oriented approach, the area of the elliptic curve point multiplier is minimized, by optimizing the point addition and doubling algorithms. Also, through this approach, the number of execution steps for point addition is matched to the number of execution steps for point doubling. Additionally, the impact of various RNS bases, in terms of number of moduli and their bit lengths, on the area and speed of the proposed implementation is analyzed, in an effort to define the potential for using RNS in elliptic curve cryptography.

F_{p}

In this paper, an efficient implementation, in terms of performance, of the keyed-hash message authentication code (HMAC) using the SHA-1 hash function is presented. This mechanism is used for message authentication in combination with a shared secret key. The proposed hardware implementation can be synthesized easily for a variety of FPGA and ASIC technologies. Simulation results, using commercial tools, verified the efficiency of the HMAC implementation in terms of performance and throughput. Special care has been taken so that the proposed implementation does not introduce extra design complexity; while in-parallel functionality was kept to the required levels.

Elliptic Curve Point Multiplier

Many cryptographic primitives that are used in cryptographic schemes and security protocols such as SET, PKI, IPSec, and VPNs utilize hash functions, which form a special family of cryptographic algorithms. Applications that use these security schemes are becoming very popular as time goes by and this means that some of these applications call for higher throughput either due to their rapid acceptance by the market or due to their nature. In this work, a new methodology is presented for achieving high operating frequency and throughput for the implementations of all widely used-and those expected to be used in the near future-hash functions such as MD-5, SHA-1, RIPEMD (all versions), SHA-256, SHA-384, SHA-512, and so forth. In the proposed methodology, five different techniques have been developed and combined with the finest way so as to achieve the maximum performance. Compared to conventional pipelined implementations of hash functions (in FPGAs), the proposed methodology can lead even to a 160 percent throughput increase.

Efficient implementation of the keyed-hash message authentication code (HMAC) using the SHA-1 hash function

High-throughput and area-efficient designs of hash functions and corresponding mechanisms for Message Authentication Codes (MACs) are in high demand due to new security protocols that have arisen and call for security services in every transmitted data packet. For instance, IPv6 incorporates the IPSec protocol for secure data transmission. However, the IPSecs performance bottleneck is the HMAC mechanism which is responsible for authenticating the transmitted data. HMACs performance bottleneck in its turn is the underlying hash function. In this article a high-throughput and small-size SHA-256 hash function FPGA design and the corresponding HMAC FPGA design is presented. Advanced optimization techniques have been deployed leading to a SHA-256 hashing core which performs more than 30% better, compared to the next better design. This improvement is achieved both in terms of throughput as well as in terms of throughput/area cost factor. It is the first reported SHA-256 hashing core that exceeds 11Gbps (after place and route in Xilinx Virtex 6 board).

A Top-Down Design Methodology for Ultrahigh-Performance Hashing Cores

High throughput is a crucial factor in bit-serial GF(2^m) fields multiplication for a variety of different applications including cryptography, error coding detection and computer algebra. The throughput of a multiplier is dependent on the required number of clock cycles to reach a result and its critical path delay. However, most bit-serial GF(2^m) multipliers do not manage to reduce the required number of clock cycles below the threshold of m clock cycles without increasing dramatically their critical path delay. This increase is more evident if a multiplier is designed to be versatile. In this article, a new versatile bit-serial MSB multiplier for GF(2^m) fields is proposed that achieves a 50% increase on average in throughput when compared to other designs, with a very small increase in its critical path delay. This is achieved by an average 33.4% reduction in the required number of clock cycles below m. The proposed design can handle arbitrary bit-lengths upper bounded by m and is suitable for applications where the field order may vary.

On the exploitation of a high-throughput SHA-256 FPGA design for HMAC

Hash functions are forming a special family of cryptographic algorithms, which are applied wherever message integrity and authentication issues are critical. Implementations of these functions are cryptographic primitives to the most widely used cryptographic schemes and security protocols such as Secure Electronic Transactions (SET), Public Key Infrastructure (PKI), IPSec and Virtual Private Networks (VPNs). As time passes it seems that all these applications call for higher throughput due to their rapid acceptance by the market especially to the corresponding servers of these applications. In this work a new technique is presented for increasing frequency and throughput of the currently most used hash function, which is SHA-1. This technique involves the application of spatial and temporal precomputation. Comparing to conventional pipelined implementations of hash functions, the proposed technique leads to an implementation with more than 75% higher throughput.

Improved throughput bit-serial multiplier for GF(2m) fields

A design approach to create small-sized highspeed implementations of the keyed-hash message authentication code (HMAC) is presented. The proposed implementation can either operate in HMAC-MD5 and/or in HMAC-SHA1 mode. The proposed implementations do not introduce significant area penalty. However the achieved throughput presents an increase compared to commercially available IP cores that range from 30%-390%. The main contribution of the paper is the increase of the HMAC throughput to the required level to be used in modern telecommunication applications, such as VPN and the oncoming 802.11n

Server side hashing core exceeding 3 Gbps of throughput

Nowadays security is a critical issue as long as electronic transactions are concerned. Moreover taking into consideration the rapid growth of e-commerce and the future needs, it is essential to achieve higher throughput rates for the incorporated security schemes. The most common components in such security schemes are a cipher block and a hash function, with the second one being hard to compete with the throughput achieved by cipher blocks. In this paper a top-down methodology is presented which manages to increase throughput of SHA-1 hash function hardware design about 160% comparing to conventional implementations with a minor area penalty.

Efficient Small-Sized Implementation of the Keyed-Hash Message Authentication Code

The SHA-3 cryptographic hash algorithm is standardized in FIPS 202. We present a pipelined hardware architecture supporting all the four SHA-3 modes of operation and a high-performance implementation for FPGA devices that can support both multi-block and multi-message processing. Experimental results on different FPGA devices validate that the proposed design achieves significant throughput improvements compared to the available literature.

Holistic methodology for designing ultra high-speed SHA-1 hashing cryptographic module in hardware

A design approach to create small-sized, high-speed implementations of the keyed-hash message authentication code (HMAC) is the focus of this article. The approach showed that the critical path can be further reduced by exploiting special properties of the included hash functions. A significant design effort was made to keep the area low. The experimental results showed that a negligible area penalty was introduce for achieving an increase in throughput up to 390% compared to the competing implementations. Finally, the design was fully tested and verified for the Xilinx Virtex-E FPGA family using a prototype board.