On Optimized FPGA Implementations of the SHA-3 Candidate Groestl

The National Institute of Standards and Technology (NIST) has started a competition for a new secure hash standard. In this context third party implementations of all proposed hash functions are regarded as an important part of the competition. We chose to implement the Groestl hash function for FPGAs, for its resemblance to AES. More precisely we developed two optimized versions, one optimized for throughput, the other one for area. Both implementations improve the results and estimates presented in the original submission to the competition. The performance of both implementations may be improved further, thus Groestl seems to be a good candidate for implementations on medium sized FPGAs. Besides that, it is shown that Groestl needs a significant amount of resources, which will hinder its use for automotive applications

Comprehensive Evaluation of High-Speed and Medium-Speed Implementations of Five SHA-3 Finalists Using Xilinx and Altera FPGAs

In this paper we present a comprehensive comparison of all Round 3 SHA-3 candidates and the current standard SHA-2 from the point of view of hardware performance in modern FPGAs. Each algorithm is implemented using multiple architectures based on the concepts of iteration, folding, unrolling, pipelining, and circuit replication. Trade-offs between speed and area are investigated, and the best architecture from the point of view of the throughput to area ratio is identified. Finally, all algorithms are ranked based on their overall performance in FPGAs. The characteristic features of each algorithm important from the point of view of its implementation in hardware are identified

Groestl Tweaks and their Effect on FPGA Results

In January 2011, Groestl team published tweaks to their specification of Groestl. In this paper, we investigate the influence of these tweaks on the Groestl performance in hardware. The results indicate that the performance penalty in terms of the throughput to area ratio depends strongly on the architecture used. This penalty is smaller in case of architecture in which permutations P and Q are implemented using two independent units

Comparing Hardware Performance of Fourteen Round Two SHA-3 Candidates Using FPGAs

Performance in hardware has been demonstrated to be an important factor in the evaluation of candidates for cryptographic standards. Up to now, no consensus exists on how such an evaluation should be performed in order to make it fair, transparent, practical, and acceptable for the majority of the cryptographic community. In this report, we formulate a proposal for a fair and comprehensive evaluation methodology, and apply it to the comparison of hardware performance of 14 Round~2 SHA-3 candidates. The most important aspects of our methodology include the definition of clear performance metrics, the development of a uniform and practical interface, generation of multiple sets of results for several representative FPGA families from two major vendors, and the application of a simple procedure to convert multiple sets of results into a single ranking. The VHDL codes for 256 and 512-bit variants of all 14 SHA-3 Round 2 candidates and the old standard SHA-2 have been developed and thoroughly verified. These codes have been then used to evaluate the relative performance of all aforementioned algorithms using ten modern families of Field Programmable Gate Arrays (FPGAs) from two major vendors, Xilinx and Altera. All algorithms have been evaluated using four performance measures: the throughput to area ratio, throughput, area, and the execution time for short messages. Based on these results, the 14 Round 2 SHA-3 candidates have been divided into several groups depending on their overall performance in FPGAs

Cryptoraptor : high throughput reconfigurable cryptographic processor for symmetric key encryption and cryptographic hash functions

textIn cryptographic processor design, the selection of functional primitives and connection structures between these primitives are extremely crucial to maximize throughput and flexibility. Hence, detailed analysis on the specifications and requirements of existing crypto-systems plays a crucial role in cryptographic processor design. This thesis provides the most comprehensive literature review that we are aware of on the widest range of existing cryptographic algorithms, their specifications, requirements, and hardware structures. In the light of this analysis, it also describes a high performance, low power, and highly flexible cryptographic processor, Cryptoraptor, that is designed to support both today's and tomorrow's encryption standards. To the best of our knowledge, the proposed cryptographic processor supports the widest range of cryptographic algorithms compared to other solutions in the literature and is the only crypto-specific processor targeting the future standards as well. Unlike previous work, we aim for maximum throughput for all known encryption standards, and to support future standards as well. Our 1GHz design achieves a peak throughput of 128Gbps for AES-128 which is competitive with ASIC designs and has 25X and 160X higher throughput per area than CPU and GPU solutions, respectively.Electrical and Computer Engineerin

Applying FPGA Runtime Reconfiguration to Multi-Hash Proof-of-Work Algorithms

In the cryptocurrency mining field, algorithms have been developed to discourage the development of ASICs that greatly out-compete general-purpose hardware in both perfor- mance and power efficiency. A class of algorithms that claims to be ASIC-resistant is the class of randomised multi-hash proof-of-work algorithms, such as X16R. For these algo- rithms, the result of one iteration depends on the chained application of several randomly selected hash functions, which has the effect of disadvantaging fixed-function ASICs due to their inflexibility. FPGAs lie between GPUs and ASICs in terms of raw performance and flexibility. We investigate the use of FPGAs for this type of proof-of-work, in partic- ular, by leveraging the ability of modern FPGAs to quickly reconfigure at runtime. We implemented a design that runs the X16R algorithm by partially reconfiguring the FPGA for every hash function in the chain and processing the data in batches. We show that our system achieves better performance when compared to GPUs that are manufactured on the same semiconductor process technology node, while being several times more power ef- ficient. The two key takeaways from this work are that FPGA runtime reconfiguration can be used to effectively accelerate algorithms for which the demand for different processing elements changes over time, and that proof-of-work algorithm designers should consider FPGAs as a class of computing device that is separate from fixed-function ASICs

Monero Mining: CryptoNight Analysis

Το κρυπτονόμισμα Bitcoin αποτελεί την πρώτη πετυχημένη εφαρμογή της ιδέας του ηλεκτρονικού χρήματος χωρίς την διαμεσολάβηση τρίτων. Στην πορεία, πολλά κρυπτο- νομίσματα βασίστηκαν στην συγκεκριμένη τεχνολογία, εστιάζοντας το καθένα στους δικούς του στόχους και σκοπούς. Το κρυπτονόμισμα Monero είναι ένα τέτοιο εγχείρημα, βασικός σκοπός του οποίου είναι η διασφάλιση της ιδιωτικότητας και της ανωνυμίας. Σε έναν κόσμο όπου η παρακολούθηση εντείνεται, το εγχείρημα του Monero σημαίνει τον συναγερμό για την διαρκή καταπάτηση ενός εκ των θεμελιωδών ανθρώπινων δικαιωμάτων. Επιπλέον, καθώς οι επιχειρήσεις έχουν περιορίσει δραματικά τον υγιή ανταγωνισμό σχεδόν σε όλα τα διαδεδομένα κρυπτονομίσματα, το Monero προσπαθεί να τον διατηρήσει στην κοινότητά του. Ένα από τα δομικά στοιχεία του Monero είναι η διατήρηση της ισότητας μεταξύ των "ανθρακωρύχων" (miners), η οποία επιτυγχάνεται μέσω της ισονομίας (egalitarianism). Η ισονομία είναι συνέπεια μιας ιδιότητας της κρυπτογραφικής συνάρτησης που χρησιμοποιείται για την "εξόρυξη" νομισμάτων. Η συνάρτηση που χρησιμοποιείται στο Monero για αυτόν τον σκοπό λέγεται CryptoNight και είναι μέρος του CryptoNote πρωτοκόλλου. Το στοιχείο της συνάρτησης που επιτυγχάνει την ισονομία είναι μια κρυπτογραφική ιδιότητα, η οποία ονομάζεται memory-hardness. Η CryptoNight συνάρ- τηση θεωρείται ότι διαθέτει αυτήν την ιδιότητα. Όμως, μέχρι σήμερα αυτό παραμένει ισχυρισμός. Απ' όσο γνωρίζουμε, δεν υπάρχει μαθηματική απόδειξη για αυτόν τον ισχυρισμό αλλά ούτε και κάποια επίθεση που να τον διαψεύδει. Θέλοντας να ελέγξουμε την ορθότητα αυτού του ισχυρισμού, προσπαθήσαμε να κατασκευάσουμε μια μαθηματική απόδειξη. Αναφέρουμε τους λόγους για τους οποίους αποτυγχάνουμε να διατυπώσουμε μία τέτοια απόδειξη και προσπαθούμε να τους χρησι- μοποιήσουμε για να καταρρίψουμε αυτόν τον ισχυρισμό. Απ' όσο γνωρίζουμε, η παρού- σα εργασία είναι η πρώτη που μελετά αυτήν την ιδιότητα για την συνάρτηση CryptoNight και παρουσιάζεται για πρώτη φορά γραφικά η εσωτερική δομή της. Τέλος, παρουσιάζουμε την γνώση που αποκτήσαμε και ελπίζουμε αυτή η εργασία να φανεί χρήσιμη μελλοντικά σε συναδέλφους που θέλουν να συμβάλλουν στην έρευνα στο ευρύτερο πεδίο. Στόχος αυτής της έρευνας είναι να συνεισφέρει στην προσπάθεια του εγχειρήματος Monero για την διασφάλιση της ιδιωτικότητας, της ανωνυμίας και της ισότητας.Bitcoin has been a successful implementation of the concept of peer-to-peer electronic cash. Based on this technology several cryptocurrency projects have arisen, each one focusing on its purposes and goals. Monero is a decentralized cryptocurrency focusing on privacy and anonymity. In a world of surveillance, Monero raises the alarm about one of the fundamental human rights, which is continuously violated: Privacy. In addition, Monero is built to achieve equality between miners. Corporations are taking over almost every successful cryptocurrency, by making mining participation harder and harder for the hobbyists and supporters. Monero tries to keep its community clean of unhealthy competition. This is achieved through egalitarianism, which is based οn a cryptographic mining function. This function is called CryptoNight and is part of the CryptoNote protocol, the heart of Monero's structure. The feature of this function that makes it egalitarian is a cryptographic property, named memory-hardness. CryptoNight is alleged to be memory-hard. But, still today, this is just a claim. We put to the test this claim, trying to construct a formal mathematical proof, but we fail to do so. We discuss the reasons for our failure and try to use them to construct an attack on this feature. To our knowledge, we are the first to study this CryptoNight's property and the first to present graphically all the stages of CryptoNight's functionality. Finally, we present the knowledge gained and wish for this document to be useful in the future to colleagues that want to contribute in this field. The aim of this work is to contribute to Monero's fight for privacy, anonymity and equality