Efficient Hardware Architecture of SHA-256 Algorithm for Trusted Mobile Computing

Kim, Mooseop; Ryou, Jae-Cheol; Jun, Sungik

doi:10.1007/978-3-642-01440-6_19

Cited by 22 publications

(16 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Compared with the straightforward implementation and the compact architecture like ref-4, the saved areas of SM3 with our compact architecture are approximate 36% and 12%, respectively. If the SRAM is shared with other modules, the number can be up to 47% and 27%, and it is smaller than that of SHA-256 in [8].…”

Section: Implementation Resultsmentioning

confidence: 87%

A Compact Hardware Implementation of SM3 Hash Function

Rao

et al. 2014

2014 IEEE 13th International Conference on Trust, Security and Privacy in Computing and Communications

View full text Add to dashboard Cite

With mobile and wireless devices becoming pervasive, low-cost hardwares of security functions are being desired. A compact hardware implementation of the SM3 hash algorithm is presented in this paper. A SRAM is used to do message expansion function instead of shift registers which are used in common hardware implementations, and the values of A∼H and V0∼V7 registers are updated in the serial shift way when they are initialized and updated. The computation units are saved as much as possible. Compared with traditional designs, the store resources for message expansion function can be shared with other modules to reduce the cost of a system. The Synopsys' DC synthesis results show that the area of the compact SM3 is approximate 8277 GEs while its throughput can be as high as 276 Mbps. If the SRAM is shared with other modules, only 6904 GEs are required to implement the SM3 hardware module in the system. The compact architecture can be accommodated to resource-constrained systems for its advantages of low-cost and low-power.

show abstract

Section: Implementation Resultsmentioning

confidence: 87%

A Compact Hardware Implementation of SM3 Hash Function

Rao

et al. 2014

2014 IEEE 13th International Conference on Trust, Security and Privacy in Computing and Communications

View full text Add to dashboard Cite

show abstract

“…Our design is also more compact than the work of E. B. Kavun and T. Yalcin [27] (about a factor of 4). We also compare our designs with the smallest SHA-1 and SHA-2 implementations from [32] and [30]. It shows that our design has about the same size as SHA-1 and needs about 36 % less area than SHA-2.…”

Section: Resultsmentioning

confidence: 96%

Pushing the Limits of SHA-3 Hardware Implementations to Fit on RFID

Pessl

Hutter

2013

Cryptographic Hardware and Embedded Systems - CHES 2013

View full text Add to dashboard Cite

Abstract. There exists a broad range of RFID protocols in literature that propose hash functions as cryptographic primitives. Since Keccak has been selected as the winner of the NIST SHA-3 competition in 2012, there is the question of how far we can push the limits of Keccak to fulfill the stringent requirements of passive low-cost RFID. In this paper, we address this question by presenting a hardware implementation of Keccak that aims for lowest power and lowest area. Our smallest (fullstate) design requires only 2 927 GEs (for designs with external memory available) and 5 522 GEs (total size including memory). It has a power consumption of 12.5 µW at 1 MHz on a low leakage 130 nm CMOS process technology. As a result, we provide a design that needs 40 % less resources than related work. Our design is even smaller than the smallest SHA-1 and SHA-2 implementations.

show abstract

“…As below, we separately discuss other implementations of SHA-256 circuit and other implementations of HMAC-SHA-256 circuit. 6.1.1 Scan-based Attack against Other SHA-256 Circuit Implementations As far as we know, basic iterative SHA-256 circuit [29], [40], two-unrolled SHA-256 circuit [41], [42], pipelining SHA-256 circuit [43], [44], two-unrolled pipelining SHA-256 circuit [45], four-unrolled pipelining SHA-256 circuit [45], and compact SHA-256 circuit [46] are proposed as SHA-256 circuit implementations.…”

Section: Scan-based Attack Against Other Sha-256/hmac-sha-256 Circuitmentioning

confidence: 99%

“…We consider that we cannot apply our scan-based attack directly to this circuit implementation. Compact SHA-256 circuit [46] The compact implementation of the SHA-256 circuit runs one iteration of PHASE 2 of Algorithm 1 in several clock cycles, not in one clock cycle. In this case, if the timing when one register moves to another register during one iteration can be specified, we expect that the bit-transition groups can be also found out using the scan data obtained from the HMAC-SHA-256 circuit including this SHA-256 circuit implementation.…”

Section: ]mentioning

confidence: 99%

Scan-based Side-channel Attack against HMAC-SHA-256 Circuits Based on Isolating Bit-transition Groups Using Scan Signatures

Oku

Yanagisawa

Togawa

2018

IPSJ Transactions on System LSI Design Methodology

View full text Add to dashboard Cite

Abstract:A scan chain is used by scan-path test, one of design-for-test techniques, which can control and observe internal registers in an LSI chip. On the other hand, a scan-based side-channel attack is focused on which can restore secret information by exploiting the scan data obtained from a scan chain inside the crypto chip during cryptographic processing. In this paper, we propose a scan-based attack method against a hash generator circuit called HMAC-SHA-256. Our proposed method is composed of three steps; Firstly, we isolate 64 bit-transition groups from a scan data using scan signatures based on the property of the HMAC-SHA-256 algorithm. Secondly, we classify these 64 bittransition groups into 32 pairs. Lastly, we find out the correspondence between the scan data and the internal registers in the target HMAC-SHA-256 circuit. Our proposed method restores the secret information by the three steps above, even if the scan chain includes registers other than the target hash generator circuit and hence it becomes too long. Experimental results show that our proposed method successfully restores two secret keys of the HMAC-SHA-256 circuit using up to 425 input messages in 7.5 hours.

show abstract

Efficient Hardware Architecture of SHA-256 Algorithm for Trusted Mobile Computing

Cited by 22 publications

References 11 publications

A Compact Hardware Implementation of SM3 Hash Function

A Compact Hardware Implementation of SM3 Hash Function

Pushing the Limits of SHA-3 Hardware Implementations to Fit on RFID

Scan-based Side-channel Attack against HMAC-SHA-256 Circuits Based on Isolating Bit-transition Groups Using Scan Signatures

Contact Info

Product

Resources

About