Byte Slicing Grøstl: Improved Intel AES-NI and Vector-Permute Implementations of the SHA-3 Finalist Grøstl
Grøstl is an AES-based hash function and one of the 5 finalists of the SHA-3 competition. In this work we present high-speed implementations of Grøstl for small 8-bit CPUs, and large 64-bit CPUs with the recently introduced Intel AES-NI and AVX instruction sets. Since Grøstl does not use the same MDS mixing layer as the AES, a direct application of the AES instructions seems difficult. In contrast to previous findings, our Grøstl implementations using the AES instructions are currently by far the fastest known. To achieve optimal performance we parallelize each round of Grøstl by taking advantage of the whole bit width of the used processor. This results in the parallel computation of 16 Grøstl columns using 128-bit registers, and 32 Grøstl columns using 256-bit registers. This way, we get implementations running at 12.2 cylces/byte for Grøstl-256 and 18.6 cylces/byte for Grøstl-512.
KeywordsHash function SHA-3 competition Grøstl Software implementation Byte slicing Intel AES new instructions 8-bit AVR
Unable to display preview. Download preview PDF.
- 1.National Institute of Standards and Technology: Cryptographic Hash Project (2007), http://www.nist.gov/hash-competition
- 2.Gueron, S., Intel Corp.: Intel®Advanced Encryption Standard (AES) Instructions Set (2010), http://software.intel.com/en-us/articles/intel-advanced-encryption-standard-aes-instructions-set/ (retrieved December 21, 2010)
- 3.Benadjila, R., Billet, O., Gueron, S., Robshaw, M.: The Intel AES Instructions Set and the SHA-3 Candidates (2009), http://crypto.rd.francetelecom.com/ECHO/sha3/AES/ (retrieved December 22, 2010)
- 4.Gauravaram, P., Knudsen, L.R., Matusiewicz, K., Mendel, F., Rechberger, C., Schläffer, M., Thomsen, S.S.: Grøstl – a SHA-3 candidate. Submission to NIST (Round 3) (2011), http://www.groestl.info (retrieved May 03, 2010)
- 6.National Institute of Standards and Technology: FIPS PUB 197, Advanced Encryption Standard (AES). Federal Information Processing Standards Publication 197, U.S. Department of Commerce (2001)Google Scholar
- 8.Intel Corp.: Intel®64 and IA-32 Architectures Software Developers Manual (2010), http://www.intel.com/products/processor/manuals/ (retrieved December 21, 2010)
- 9.Intel Corp.: Using MMXTMInstructions to Transpose a Matrix (1996), ftp://download.intel.com/ids/mmx/MMX_App_Transpose_Matrix.pdf (retrieved July 12, 2011)
- 10.Çalik, Ç.: Multi-stream and Constant-time SHA-3 Implementations. NIST hash function mailing list (2010), http://www.metu.edu.tr/~ccalik/software.html#sha3 (retrieved May 03, 2010)
- 11.Atmel: 8-bit AVR Microcontroller with 16K Bytes In-System Programmable Flash. ATmega163 (2003), http://www.atmel.com/dyn/resources/prod_documents/doc1142.pdf (retrieved December 21, 2010)
- 12.Roland, G.A.: Efficient Implementation of the Grøstl-256 Hash Function on an ATmega163 Microcontroller (2009), http://groestl.info (retrieved May 03, 2010)