multi purpose keccak for modern fpgas
play

Multi-Purpose Keccak for Modern FPGAs Panasayya Yalla Ekawat - PowerPoint PPT Presentation

Nov 06, 2023 •277 likes •648 views

Introduction Modes of Operation Implementation Results and Conclusion Multi-Purpose Keccak for Modern FPGAs Panasayya Yalla Ekawat Homsirikamol Jens-Peter Kaps Cryptographic Engineering Research Group (CERG) http://cryptography.gmu.edu

  1. Introduction Modes of Operation Implementation Results and Conclusion Multi-Purpose Keccak for Modern FPGAs Panasayya Yalla Ekawat Homsirikamol Jens-Peter Kaps Cryptographic Engineering Research Group (CERG) http://cryptography.gmu.edu Department of ECE, Volgenau School of Engineering, George Mason University, Fairfax, VA, USA Directions in Authenticated Ciphers – DIAC 2014 August 24th, 2014 DIAC 2014 P. Yalla, E. Homsirikamol, J.-P. Kaps Multi-Purpose Keccak for Modern FPGAs 1 / 35

  2. Introduction Modes of Operation Implementation Results and Conclusion Outline 1 Introduction 2 Modes of Operation 3 Implementation 4 Results and Conclusion DIAC 2014 P. Yalla, E. Homsirikamol, J.-P. Kaps Multi-Purpose Keccak for Modern FPGAs 2 / 35

  3. Introduction Modes of Operation Cryptographic Services Implementation Cryptographic Algorithms Results and Conclusion Cryptographic Services Security protocols typically provide the following cryptographic services: Integrity Authenticity Confidentiality Non Repudiation Key Exchange/Agreement Pseudo Random Numbers Services provided through secret key functions With the exception of Non Repudiation and Key Exchange all other services are provided by secret key functions. DIAC 2014 P. Yalla, E. Homsirikamol, J.-P. Kaps Multi-Purpose Keccak for Modern FPGAs 3 / 35

  4. Introduction Modes of Operation Cryptographic Services Implementation Cryptographic Algorithms Results and Conclusion Providing Cryptographic Services Secret key based cryptographic services can be provided by cryptographic functions. Integrity → Hash Authenticity, Integrity → Message Authentication Code (MAC) Confidentiality, Authenticity, Integrity → Authenticated Encryption with Associated Data (AEAD) Pseudo Random Numbers → Pseudo Random Number Generator (PRNG) Providing cryptographic functions through a single algorithm Using modes of operation More area efficient than using dedicated algorithms DIAC 2014 P. Yalla, E. Homsirikamol, J.-P. Kaps Multi-Purpose Keccak for Modern FPGAs 4 / 35

  5. Introduction Modes of Operation Cryptographic Services Implementation Cryptographic Algorithms Results and Conclusion Cryptographic Algorithms Advanced Encryption Standard Standard based on Rijndael Traditional block cipher 128-bit block size 128/192/256-bit key size DIAC 2014 P. Yalla, E. Homsirikamol, J.-P. Kaps Multi-Purpose Keccak for Modern FPGAs 5 / 35

  6. Introduction Modes of Operation Cryptographic Services Implementation Cryptographic Algorithms Results and Conclusion Cryptographic Algorithms Advanced Encryption Standard Standard based on Rijndael Traditional block cipher 128-bit block size 128/192/256-bit key size Keccak-p[1600, n r ] f-permutation It is the basis of Keccak, the Winner of competition for next Secure Hash Algorithm (SHA-3). 1600-bit state size Keccak is based on Sponge construction. DIAC 2014 P. Yalla, E. Homsirikamol, J.-P. Kaps Multi-Purpose Keccak for Modern FPGAs 5 / 35

  7. Introduction AES Modes of Operation Modes of Operation Keccak Modes of Operation Implementation Keccak Padding Results and Conclusion AES Hash: AES-Hash IV 256 256 256 256 256 256 M M 0 M 1 Rijndael Rijndael Rijndael n−1 256 256 256 H Based on Davies-Meyer. The message enters on the input for the key. Uses a block size of 256-bit → Rijndael. Not a NIST standardized mode. DIAC 2014 P. Yalla, E. Homsirikamol, J.-P. Kaps Multi-Purpose Keccak for Modern FPGAs 6 / 35

  8. Introduction AES Modes of Operation Modes of Operation Keccak Modes of Operation Implementation Keccak Padding Results and Conclusion AES MAC: CMAC M 0 M 1 M n−1 K / K 1 2 128 128 128 128 128 128 K AES−128 K AES−128 K AES−128 T Recommended mode of operation by NIST. Equivalent to One-Key CBC-MAC (OMAC1). K 1 and K 2 are derived from K through single bit shifts and XORed with constant. DIAC 2014 P. Yalla, E. Homsirikamol, J.-P. Kaps Multi-Purpose Keccak for Modern FPGAs 7 / 35

  9. Introduction AES Modes of Operation Modes of Operation Keccak Modes of Operation Implementation Keccak Padding Results and Conclusion AES AEAD: Galois Counter Mode IV || (Cnt=1 ) IV || (Cnt+1) IV || (Cnt+2) IV || (Cnt+n) 96 32 96 32 96 32 96 32 128 128 128 128 128 128 128 128 K AES−128 K AES−128 K AES−128 K AES−128 128 128 128 128 128 128 M 0 C 0 M 1 C 1 M n−1 C n−1 0 128 128 128 mul mul mul K AES−128 H AD 0 AD 1 [len(A)] || [len(c)] 64 64 mul mul mul T Recommended mode of operation by NIST. DIAC 2014 P. Yalla, E. Homsirikamol, J.-P. Kaps Multi-Purpose Keccak for Modern FPGAs 8 / 35

  10. Introduction AES Modes of Operation Modes of Operation Keccak Modes of Operation Implementation Keccak Padding Results and Conclusion AES PRNG: Fortuna 0 Cnt 0 Cnt(+1) 0 Cnt(+(n−1)) 32 96 96 32 96 32 128 128 128 256 256 256 K K K AES−256 AES−256 AES−256 128 128 128 R 0 R 1 R n−1 Cryptographically secure PRNG Not a NIST standardized mode. Used in Windows 2000 and Windows XP The seed is processed as key. DIAC 2014 P. Yalla, E. Homsirikamol, J.-P. Kaps Multi-Purpose Keccak for Modern FPGAs 9 / 35

  11. Introduction AES Modes of Operation Modes of Operation Keccak Modes of Operation Implementation Keccak Padding Results and Conclusion Keccak Modes of Operation Sponge Construction → Hash, MAC Duplex Construction → AEAD, PRNG DIAC 2014 P. Yalla, E. Homsirikamol, J.-P. Kaps Multi-Purpose Keccak for Modern FPGAs 10 / 35

  12. Introduction AES Modes of Operation Modes of Operation Keccak Modes of Operation Implementation Keccak Padding Results and Conclusion Keccak Hash: Keccak, i.e. the upcoming SHA-3 M P MS M 1 M 2 M n−1 H M 0 r 0 f f f f c 0 Sponge Mode r=1088, c=512, 24 rounds P MS : Padding for message in Sponge Mode | P MS (M) | = n · 1088 DIAC 2014 P. Yalla, E. Homsirikamol, J.-P. Kaps Multi-Purpose Keccak for Modern FPGAs 11 / 35

  13. Introduction AES Modes of Operation Modes of Operation Keccak Modes of Operation Implementation Keccak Padding Results and Conclusion Keccak MAC: Sponge M P (KeyPack||IV) P MS MS M n−1 M 0 M 1 T r 0 f f f f f c 0 KeyPack is used to encode the secret key in a uniform way. P MS : Padding for message in Sponge Mode | P MS (M) | = n · 1088 | P MS (KeyPack � IV) | = 1088 DIAC 2014 P. Yalla, E. Homsirikamol, J.-P. Kaps Multi-Purpose Keccak for Modern FPGAs 12 / 35

  14. Introduction AES Modes of Operation Modes of Operation Keccak Modes of Operation Implementation Keccak Padding Results and Conclusion Keccak AEAD: Keyak KeyPack||IV||AD ||E M ||3 M ||3 M ||1 0 0 n−1 1 AD ||0 AD ||1 C 0 C 1 C n−1 1 n−1 T Z 0 Z 1 Z n−1 P MK P MK P MK P MK P MK r 0 f f f f f f f f c 0 Lake Keyak, block size 1344, c=256, 12 rounds. Submission to Competition for Authenticated Encryption: Security, Applicability, and Robustness (CAESAR). P MK : Message padding for Keyak, | P MK (M i � 3) | = 1348, ∀ i � = n − 1; | P MK (M n − 1 � 1) | = 1348 DIAC 2014 P. Yalla, E. Homsirikamol, J.-P. Kaps Multi-Purpose Keccak for Modern FPGAs 13 / 35

  15. Introduction AES Modes of Operation Modes of Operation Keccak Modes of Operation Implementation Keccak Padding Results and Conclusion Keccak PRNG: Duplex P (Seed) P (0) P (0) SD SD SD R n−1 R 0 R 1 r 0 f f f f c 0 Block size 1344, c=256, 12 rounds P SD : Padding for seed in PRNG Mode P SD (0): Padded empty seed for additional random bits. | P SD (Seed) | = | P SD (0) | = 1348 DIAC 2014 P. Yalla, E. Homsirikamol, J.-P. Kaps Multi-Purpose Keccak for Modern FPGAs 14 / 35

  16. Introduction AES Modes of Operation Modes of Operation Keccak Modes of Operation Implementation Keccak Padding Results and Conclusion Keccak and AES Modes of Operation AES Modes Operation Mode Block Key Rd. Inputs Outputs Hash AES-Hash 256 N/A 14 | M | , M H MAC CMAC 128 128 10 | M | , M , K , IV T AEAD GCM 128 128 10 | M | , M , K , IV , T , C | AD | , AD PRNG Fortuna 128 N/A 14 S R Keccak Modes Operation Mode State Key Rd. Block Inputs Outputs Hash Sponge 1600 N/A 24 1088 | M | , M H MAC Sponge 1600 128 24 1088 | M | , M , K , IV T AEAD Duplex 1600 128 12 1344 | M | , M , K , IV , T , C | AD | , AD PRNG Duplex 1600 N/A 12 1344 S R M –Message, K –Key, AD –Associated Data, S –Seed, IV –Initialization Value H –Hash, T –Tag, C –Cipher-text, R –Random Number, | X | –Length of X DIAC 2014 P. Yalla, E. Homsirikamol, J.-P. Kaps Multi-Purpose Keccak for Modern FPGAs 15 / 35

  17. Introduction AES Modes of Operation Modes of Operation Keccak Modes of Operation Implementation Keccak Padding Results and Conclusion Keccak Padding Sponge Mode for 1087 951 847� 831� 703 7 0 1079 943 695 i) Hash and MAC 1E Key 01 0..0 0100 IV 01 0..0 80 8 128 8 96 16 128 8 688 8 ii) M M 0 M n−2 P (M ) MS n−1 1088 1088 1088 Padding for seed in 1347 1091 7 0 i) 1083 Duplex Mode for 05 seed 00 ....... 0 08 06 PRNG 256 8 1076 8 05: all blocks except 1347 7 0 ii) 1339 last block 05 00 ....... 0 08 06: last block 06 8 1332 8 DIAC 2014 P. Yalla, E. Homsirikamol, J.-P. Kaps Multi-Purpose Keccak for Modern FPGAs 16 / 35

Recommend

Keccak From: 1.The Keccak reference 2. Keccak and the SHA-3 Standardization written by ! Guido

Keccak From: 1.The Keccak reference 2. Keccak and the SHA-3 Standardization written by ! Guido

Keccak From: 1.The Keccak reference 2. Keccak and the SHA-3 Standardization written by ! Guido Bertoni (STMicroelectronics) , ! Joan Daemen (STMicroelectronics) , ! Michal Peeters (NXP Semiconductors) , ! Gilles Van Assche

488 views • 26 slides
with FP FPGAs: Cas ase Stu tudy on on a a Key-Value Store FPGAs in the Cloud Wider

with FP FPGAs: Cas ase Stu tudy on on a a Key-Value Store FPGAs in the Cloud Wider

Zsolt Istvn * , Gustavo Alonso, Ankit Singla Systems Group, Computer Science Dept., ETH Zrich * Now at IMDEA Software Institute, Madrid Providing Multi-tenant Services with FP FPGAs: Cas ase Stu tudy on on a a Key-Value Store FPGAs in

374 views • 15 slides
Efficient Multi-Ported Memories for FPGAs Eric LaForest Greg Steffan University of Toronto

Efficient Multi-Ported Memories for FPGAs Eric LaForest Greg Steffan University of Toronto

Efficient Multi-Ported Memories for FPGAs Eric LaForest Greg Steffan University of Toronto Computer Engineering Research Group February 22, 2010 Parallelism in FPGAs Larger SoCs on FPGAs Parallel Systems Parallel systems on FPGAs

680 views • 47 slides
Modern Session Encryption David Wong outline 3. NOISE 2. STROBE 4. ??? 1. KECCAK Sponge

Modern Session Encryption David Wong outline 3. NOISE 2. STROBE 4. ??? 1. KECCAK Sponge

Modern Session Encryption David Wong outline 3. NOISE 2. STROBE 4. ??? 1. KECCAK Sponge Construction 00101 01001 01100 11001 01011 10101 0 0 0 0 f f f f f 0 0 0 0 absorbing squeezing Duplex Construction input

808 views • 60 slides
Programming Modern FPGAs Ivo Bolsens Xilinx MPSOC August, 2006 MPSOC 2006 Outline Modern

Programming Modern FPGAs Ivo Bolsens Xilinx MPSOC August, 2006 MPSOC 2006 Outline Modern

Programming Modern FPGAs Ivo Bolsens Xilinx MPSOC August, 2006 MPSOC 2006 Outline Modern FPGA FPGA programmable platform Programming the FPGA Conclusions MPSOC 2006 slide 2 Modern FPGA 65nm technology, 40-nm gate

1.08k views • 65 slides
FPGAs as Tools and Architectures at ETH Systems FPGAs as Tools and Architectures at ETH Systems

FPGAs as Tools and Architectures at ETH Systems FPGAs as Tools and Architectures at ETH Systems

FPGAs as Tools and Architectures at ETH Systems FPGAs as Tools and Architectures at ETH Systems Real-Time Tracing and Verification The FPGA as a tool . Analysing a multi-Gb trace stream in real time. BRISC Research Architecture

804 views • 43 slides
A Methodology for Efficient Use of OpenCL, ESL and FPGAs in Multi- Core Architectures

A Methodology for Efficient Use of OpenCL, ESL and FPGAs in Multi- Core Architectures

A Methodology for Efficient Use of OpenCL, ESL and FPGAs in Multi- Core Architectures Alexandros Bartzas and George Economakos Microprocessors and Digital Systems Laboratory, National Technical University of Athens, Greece 5th Workshop on

611 views • 24 slides
Building Multi-Processor FPGA Systems Hands-on Tutorial to Using FPGAs and Linux Chris Martin

Building Multi-Processor FPGA Systems Hands-on Tutorial to Using FPGAs and Linux Chris Martin

Building Multi-Processor FPGA Systems Hands-on Tutorial to Using FPGAs and Linux Chris Martin Member Technical Staff Embedded Applications Agenda Introduction Problem: How to Integrate Multi-Processor Subsystems Why Why would you do

891 views • 42 slides
Heterogeneous Computing on Power: From Multi-core and Accelerators (GPUs, FPGAs) to Quantum

Heterogeneous Computing on Power: From Multi-core and Accelerators (GPUs, FPGAs) to Quantum

Heterogeneous Computing on Power: From Multi-core and Accelerators (GPUs, FPGAs) to Quantum Computers Max Plauth, Felix Eberhard, Lena Feinbube and Andreas Polze Operating Systems and Middleware Group 19.04.2017 Seminar Outline Choose a

735 views • 22 slides
Key Wrapping with the Keccak Permutation Dmitry Khovratovich University of Luxembourg 17 January

Key Wrapping with the Keccak Permutation Dmitry Khovratovich University of Luxembourg 17 January

Key Wrapping with the Keccak Permutation Dmitry Khovratovich University of Luxembourg 17 January 2013 Key Wrapping Key wrap problem Multi-user system (e.g., industrial VPN): Many keys in use; Need of regular update; New session key

578 views • 29 slides
The stadium has changed the skyline in Limerick forever. Now the province has a multi-purpose

The stadium has changed the skyline in Limerick forever. Now the province has a multi-purpose

The stadium has changed the skyline in Limerick forever. Now the province has a multi-purpose stadium facility to rival any modern stadia across Europe SCALE OF IMPACTS ASSESSMENT Prior to stadium completion Heineken Cup game resulted in 3.5

276 views • 16 slides
The Modern Marketer Understanding data science and the multi-channel, multi-device shopper Ben

The Modern Marketer Understanding data science and the multi-channel, multi-device shopper Ben

The Modern Marketer Understanding data science and the multi-channel, multi-device shopper Ben Glynn Managing Director, Emarsys SEA @Emarsys The challenges all modern retailers face Identifying more contacts, collecting more data

855 views • 34 slides
New Techniques for Searching Di ff erential Trails in Keccak Guozhen Liu, Weidong Qiu, Yi Tu

New Techniques for Searching Di ff erential Trails in Keccak Guozhen Liu, Weidong Qiu, Yi Tu

New Techniques for Searching Di ff erential Trails in Keccak Guozhen Liu, Weidong Qiu, Yi Tu Nanyang Technological University, Singapore Shanghai Jiao Tong University, China 3-Round Di ff erential Trail Core Search of Keccak Permutation 1 / 21

392 views • 21 slides
Cryptanalysis of Round-Reduced KECCAK using Non-Linear Structures Mahesh Sreekumar Rajasree

Cryptanalysis of Round-Reduced KECCAK using Non-Linear Structures Mahesh Sreekumar Rajasree

Cryptanalysis of Round-Reduced KECCAK using Non-Linear Structures Mahesh Sreekumar Rajasree Center for Cybersecurity, Indian Institute of Technology Kanpur INDOCRYPT 2019, Hyderabad Outline 2 Introduction Hash function Structure of KECCAK

752 views • 50 slides
A Novel Modular Adder for One Thousand Bits and More Using Fast Carry Chains of Modern FPGAs

A Novel Modular Adder for One Thousand Bits and More Using Fast Carry Chains of Modern FPGAs

A Novel Modular Adder for One Thousand Bits and More Using Fast Carry Chains of Modern FPGAs Marcin Rogawski, Ekawat Homsirikamol & Kris Gaj George Mason University USA 1 Co-Authors Ekawat Homsirikamol Marcin Rogawski a.k.a

657 views • 49 slides
Differential propagation analysis of Keccak Joan Daemen and Gilles Van Assche STMicroelectronics

Differential propagation analysis of Keccak Joan Daemen and Gilles Van Assche STMicroelectronics

Differential propagation analysis of Keccak Differential propagation analysis of Keccak Joan Daemen and Gilles Van Assche STMicroelectronics Fast Software Encryption, March 19-21, 2012 1 / 28 Differential propagation analysis of Keccak Outline

409 views • 36 slides
GWorkflowDL: A Multi-Purpose GWorkflowDL: A Multi-Purpose Language for Scientific Language for

GWorkflowDL: A Multi-Purpose GWorkflowDL: A Multi-Purpose Language for Scientific Language for

3rd CoreGIRD Workshop in Grid Middlewares GWorkflowDL: A Multi-Purpose GWorkflowDL: A Multi-Purpose Language for Scientific Language for Scientific Workflow Enactment Workflow Enactment Simone Pellegrini, Francesco Giacomini INFN CNAF Viale

694 views • 44 slides
NoC System Generator A tool for fast prototyping of multi-core systems on FPGAs Francesco Robino,

NoC System Generator A tool for fast prototyping of multi-core systems on FPGAs Francesco Robino,

NoC System Generator A tool for fast prototyping of multi-core systems on FPGAs Francesco Robino, Johnny Oberg, Hosein Attarzadeh, Ingo Sander KTH Royal Institute of Technology FPGAworld 2013 F. Robino (KTH) NoC System Generator

228 views • 7 slides
FPGAs milliseconds+ to reconfjgure custom chips ??? (next week) FPGAs ??? GPUs

FPGAs milliseconds+ to reconfjgure custom chips ??? (next week) FPGAs ??? GPUs

FPGAs milliseconds+ to reconfjgure custom chips ??? (next week) FPGAs ??? GPUs vector computations examples: computation second processor specialized for particular the accelerator concept 2 fmexible, slower functional units

423 views • 11 slides
FPGAs 1 To read more This days papers: Brown and Rose, Architecture of FPGAs and

FPGAs 1 To read more This days papers: Brown and Rose, Architecture of FPGAs and

FPGAs 1 To read more This days papers: Brown and Rose, Architecture of FPGAs and CPLDs: A Tutorial. (no review required) Putnam et al, A Reconfjgurable Fabric for Accelerating Large-Scale Datacenter Services 1

821 views • 43 slides
Algebraic Cryptanalysis of Round-Reduced Keccak with Linear Structures Meicheng Liu joint work

Algebraic Cryptanalysis of Round-Reduced Keccak with Linear Structures Meicheng Liu joint work

Algebraic Cryptanalysis of Round-Reduced Keccak with Linear Structures Meicheng Liu joint work with Jian Guo and Ling Song ASK 2016, September 2016 1/45 Outline Introduction SHA-3 hash function Specifications of Keccak Main Results

913 views • 65 slides
MODERN 1 MODERN 2 MODERN 3 MODERN 4 MODERN A peep at some distant orb has power to raise

MODERN 1 MODERN 2 MODERN 3 MODERN 4 MODERN A peep at some distant orb has power to raise

MODERN 1 MODERN 2 MODERN 3 MODERN 4 MODERN A peep at some distant orb has power to raise and purify our thoughts like a strain picture, or a passage from the grander poets. It always does one good. 5 MODERN 6 MODERN 7 MODERN 8

524 views • 24 slides
Keccak, More Than Just SHA3SUM Guido Bertoni 1 Joan Daemen 1 Michal Peeters 2 Gilles Van Assche

Keccak, More Than Just SHA3SUM Guido Bertoni 1 Joan Daemen 1 Michal Peeters 2 Gilles Van Assche

Keccak, More Than Just SHA3SUM Guido Bertoni 1 Joan Daemen 1 Michal Peeters 2 Gilles Van Assche 1 1 STMicroelectronics 2 NXP Semiconductors FOSDEM 2013, Brussels, February 2-3, 2013 1 / 36 Outline 1 How it all began 2 Introducing Keccak 3

466 views • 42 slides
HW/SW Codesign w/ FPGAs The Nature of HW/SW I ECE 522 Hardware Software Codesign with FPGAs

HW/SW Codesign w/ FPGAs The Nature of HW/SW I ECE 522 Hardware Software Codesign with FPGAs

HW/SW Codesign w/ FPGAs The Nature of HW/SW I ECE 522 Hardware Software Codesign with FPGAs Instructor: Prof. Jim Plusquellic Text: A Practical Introduction to Hardware/Software Codesign, 2nd Edition", Patrick Schaumont, Springer,

649 views • 10 slides

More recommend