Whirlpool hash function: architecture and VLSI ... - IEEE Xplore

Download PDF
0 downloads 0 Views 261KB Size Report
Comment
speed and high security. An architecture and VLSI implementation of the newest standard in the hash families, Whirlpool that achieves high-speed performance.
WHIRLPOOL HASH FUNCTION: ARCHITECTURE AND VLSI IMPLEMENTATION P. Kitsos and O. Koufopavlou VLSI Design Laboratory Electrical and Computer Engineering Department University of Patras, Patras, GREECE E-mail: [email protected] ABSTRACT New encryption algorithms have to operate in a variety of current and future applications demanding both high speed and high security. An architecture and VLSI implementation of the newest standard in the hash families, Whirlpool that achieves high-speed performance is presented. The architecture permits a wide variety of implementation tradeoffs. The design was coded using VHDL language and for the hardware implementation a FPGA device was used. While no other previous Whirlpool implementation exist, the comparison with previous hash families’ implementations such as MD5, SHA-1, SHA-2 etc are given. These comparisons prove that the Whirlpool implementation is much faster compared with these previous implementations.

1. INTRODUCTION In recent years the need for effective and secure communications in both wire and wireless networks is very important. In modern electronics, security applications play a very important role. The interest in financial and other electronic transactions are growing rapidly and the security applications can provide a trust way to the customers in order to provide safe applications. Hash functions are used as building blocks in various cryptographic applications, such as the protection of information authentication and as a part for digital signature schemes. A hash function is a function that maps an input of arbitrary length into a fixed number of output bits, the hash value. The most known hash function is the Secure Hash Algorithm-1 (SHA-1) [1]. The security parameter of SHA-1 was chosen in order to achieve the similar level of security, in the range of 280 operations, as required by the best currently known attacks. But, the security level of SHA-1 does not match the security level guaranteed by

;‹,(((

the new announced AES encryption standard [2], which is specified 128-, 192-, and 256-bit keys. Many attempts have been taken place in order to proposed new hash functions to match the security level of the new encryption standard. The National Institute of Standards and Technology (NIST) announced the updated Federal Information Processing Standard (FIPS 180-2) [3], which introduced three new hash functions referred to as SHA-2 (256, 384, 512). In addition, the New European Schemes for Signatures, Integrity, and Encryption (NESSIE) project [4], was responsible to introduce a hash function with similar security level. So, it was announced that the hash function included in the NESSIE portfolio is Whirlpool [5]. All the above hash functions are adopted by the International Organization for Standardization (ISO/IEC) 10118-3 standard [6]. In this paper, an architecture and VLSI implementation of the new hash function, Whirlpool, are proposed. Due to no other Whirlpool implementation occurrence, comparisons with other hash families’ implementations [7]-[11] are provided. The comparison results prove that the proposed implementation performs better compared with every previous hash families’ such as MD5, SHA-1, SHA-2 etc. In section 2 is briefly described the Whirlpool hash function, while in section 3 the proposed architecture is presented. Experimental results and comparison analysis with other works are reported in section 4, and finally section 5 concludes the paper. 2. THE WHIRLPOOL HASH FUNCTION Whirlpool is a one-way 512-bit hash function operating on messages less than 2256 bits in length. It consists of the iterated application of a compression function, based on a dedicated 512-bit block cipher, W, that uses a 512-bit key that derived from the input data. The W has 10 rounds. The block diagram for the round function of the block cipher, W, is shown in Fig. 1.

,,

,6&$6

Input Data

M essag e

512

n

256

non-linear layer Ȗ

P adder mi

512

512

H t -1

permutation ʌ W

512

diffusion layer ș

Round Key

W out

512

Ht

ı[k] 512

512

Fig. 2: Whirlpool hash function architecture 512

Output Data

Fig.1: Block diagram of the W basic round The round function, ȡ[k], is based on combined operations from three algebraic functions. These functions are the non-linear layer Ȗ, the cyclical permutation ʌ, and the linear diffusion layer ș. So, the round function is the composite mapping ȡ[k], parameterized by the key k, and given by: U [ k ] { V [ k ] RT RS R J (1) Symbol “ R ” denotes the associative composition of algebraic functions where the right-most function is executed first. The key addition ı[k], consists of the bitwise addition (exor) of a key k. This key produced by the key scheduling part that uses the same round function ȡ, as the basic round of the cipher W. Finally, the Whirlpool iterates the hashing scheme over the t padded blocks mi, 1 d i d t , using the 512-bit block cipher W: n i P ( m i ), (2) H 0 P ( IV ), H i W [ H i 1 ]( n i ) † H i 1 † n i , 1 d i d t where, Ht is the hash value and IV (Initialization Vector) is a string of 512 0-bits. Before the hash operation, a message M of bit length L