Abstract
This work presents a new method to compute the GHASH function involved in the Galois/Counter Mode of operation for block ciphers. If \({X= X_1\ldots X_n}\) is a bit string made of n blocks of 128 bits each, then the GHASH function essentially computes \({X_1H^n + X_2H^{n-1} + \cdots+ X_nH}\) , where H is the hash key and an element of the binary field \({\mathbb{F}_{2^{128}}}\) . This operation is usually computed using n successive multiply-and-add operations over \({\mathbb{F}_{2^{128}}}\) . Our proposed method replaces all but a fixed number of those multiplications by additions on the field. This is achieved using the characteristic polynomial of H. We present both how to use this polynomial to speed up the GHASH function and how to efficiently compute it for each session that uses a new H. We also show that the proposed technique can be parallelized to compute GHASH even faster. In order to completely eliminate the need for a field multiplication, we investigate a different set of bases for the field element representation and report their architectural and possible security impacts.
Similar content being viewed by others
References
Bajard, J.-C., Imbert, L., Jullien, G.A.: Parallel Montgomery multiplication in GF (2k) using trinomial residue arithmetic. In: Proceedings of 17th IEEE Symposium on Computer Arithmetic (ARITH), pp. 164–171 (2005)
Bulens P., Standaert F.-X., Quisquater J.-J., Pellegrin P., Rouvroy G.: Implementation of the AES-128 on Virtex-5 FPGAs. In: Progress in Cryptology—AFRICACRYPT. LNCS, vol. 5023, pp. 16–26. Springer, Berlin (2008)
Fan H., Hasan M.A.: A new approach to subquadratic space complexity parallel multipliers for extended binary fields. IEEE Trans. Comput. 56(2), 224–233 (2007)
Good T., Benaissa M.: AES on FPGA from the fastest to the smallest. In: Cryptographic Hardware and Embedded Systems—CHES. LNCS, vol. 3659, pp. 427–440. Springer, Berlin (2005)
Gordon J.A.: Very simple method to find the minimum polynomial of an arbitrary nonzero element of a finite field. Electron. Lett. 12(25), 663–664 (1976)
Jarvinen K.U., Tommiska M.T., Skyttae J.O.: A fully pipelined memoryless 17.8 Gbps AES-128 encryptor. In: International symposium on Field programmable gate arrays—FPGA, pp. 207–215. ACM, New York (2003)
Lemsitzer S., Wolkerstorfer J., Felber N., Braendli M.: Multi-Gigabit GCM-AES Architecture Optimized for FPGAs. In: Cryptographic Hardware and Embedded Systems—CHES, vol. 4727, pp. 227–238. Springer, Berlin (2007)
Mastrovito, E.D.: VLSI Architectures for Computation in Galois Fields. PhD thesis, Dept. of Electrical Eng., Link ping Univ., Sweden (1991)
McGrew D.A., Viega J.: The Security and Performance of the Galois/Counter Mode (GCM) of Operation. In: INDOCRYPT. LNCS, vol. 3348, pp. 343–355 (2004)
McGrew, D.A., Viega, J.: The Galois/Counter Mode of Operation (GCM) (2005)
Meloni, N., Negre, C., Hasan, M.A.: High performance GHASH function for Galois/Counter Mode. In: Applied Cryptography and Network Security (ACNS), Beijing, China. LNCS, vol. 6123 (2010)
NIST: Recommendation for block cipher modes of operation: Galois/Counter Mode (GCM) and GMAC (2007)
Paar C.: A new architecture for a parallel finite field multiplier with low complexity based on composite fields. IEEE Trans. Comput. 45(7), 856–861 (1996)
Patel, P.: Parallel multiplier designs for the Galois/counter mode of operation. Master’s thesis, Electrical and Computer Engineering, University of Waterloo (2008)
Rogaway, P.: Authenticated-encryption with associated-data. In: Proceedings of the 9th ACM Conference on Computer and Communications Security, pp. 98–107 (2002)
Sarkar P.: Efficient tweakable enciphering schemes from (block-wise) universal hash functions. IEEE Trans. Inform. Theory 55(10), 4749–4760 (2009)
Satoh, A.: High-speed hardware architectures for authenticated encryption mode GCM. In: IEEE International Symposium on Circuits and Systems—ISCAS, pp. 4831–4834 (2006)
Satoh, A.: High-Speed Parallel Hardware Architecture for Galois Counter Mode. In: IEEE International Symposium on Circuits and Systems—ISCAS, pp. 1863–1866 (2007)
Sugawara T., Aoki T.: High-Speed Pipelined Hardware Architecture for Galois Counter Mode. In: 10th International Conference—ISC. LNCS, vol. 4779, pp. 1863–1866. Springer, Berlin (2007)
Standaert F.X., Rouvroy G., Quisquater J.-J., Legat J.-D: Efficient implementation of Rijndael encryption in reconfigurable hardware: improvements and design tradeoffs. In: Cryptographic Hardware and Embedded Systems—CHES. LNCS, vol. 2779, pp. 334–350. Springer, Berlin (2003)
Author information
Authors and Affiliations
Corresponding author
Additional information
This work was done while N. Méloni was at the University of Waterloo, Canada.
Rights and permissions
About this article
Cite this article
Méloni, N., Negre, C. & Hasan, M.A. High performance GHASH and impacts of a class of unconventional bases. J Cryptogr Eng 1, 201–218 (2011). https://doi.org/10.1007/s13389-011-0013-z
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s13389-011-0013-z