Embedded Syndrome-Based Hashing

  • Ingo von Maurich
  • Tim Güneysu
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7668)


We present novel implementations of the syndrome-based hash function RFSB on an Atmel ATxmega128A1 microcontroller and a low-cost Xilinx Spartan-6 FPGA. We explore several trade-offs between speed and area/code size on both platforms and show that RFSB is extremely versatile with applications ranging from lightweight to high performance. Our lightweight microcontroller implementation requires just 732 byte of ROM while still achieving a competitive performance with respect to other established hash functions. Our fastest FPGA implementation is based on embedded block memories available in Xilinx Spartan-6 devices and runs at 0.21 cycles/byte, with a throughput of 5.35 Gbit/s. To the best of our knowledge, this is the first time the RFSB hash function is implemented on either of these wide-spread platforms.


RFSB hash function code-based cryptography microcontroller hardware FPGA 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    ECRYPT Benchmarking of Lightweight Hash Functions in Atmel AVR devices (2012), (accessed July 21, 2012)
  2. 2.
    Augot, D., Finiasz, M., Gaborit, P., Manuel, S., Sendrier, N.: SHA-3 proposal: FSB (2008),
  3. 3.
    Augot, D., Finiasz, M., Sendrier, N.: A Fast Provably Secure Cryptographic Hash Function. Cryptology ePrint Archive, Report 2003/230 (2003),
  4. 4.
    Augot, D., Finiasz, M., Sendrier, N.: A Family of Fast Syndrome Based Cryptographic Hash Functions. In: Dawson, E., Vaudenay, S. (eds.) Mycrypt 2005. LNCS, vol. 3715, pp. 64–83. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  5. 5.
    Barreto, P.S.L.M., Cayrel, P.-L., Misoczki, R., Niebuhr, R.: Quasi-Dyadic CFS Signatures. In: Lai, X., Yung, M., Lin, D. (eds.) Inscrypt 2010. LNCS, vol. 6584, pp. 336–349. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  6. 6.
    Barreto, P., Misoczki, R., Simplicio Jr., M.: One-time signature scheme from syndrome decoding over generic error-correcting codes. Journal of Systems and Software 84(2), 198–204 (2011)CrossRefGoogle Scholar
  7. 7.
    Bernstein, D., Lange, T.: eBACS: ECRYPT Benchmarking of Cryptographic Systems (2012), (accessed July 21, 2012)
  8. 8.
    Bernstein, D., Lange, T.: eBASH: ECRYPT Benchmarking of All Submitted Hashes (2012), (accessed July 21, 2012)
  9. 9.
    Bernstein, D.J., Lange, T., Peters, C., Schwabe, P.: Really Fast Syndrome-Based Hashing. In: Nitaj, A., Pointcheval, D. (eds.) AFRICACRYPT 2011. LNCS, vol. 6737, pp. 134–152. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  10. 10.
    Beuchat, J., Sendrier, N., Tisserand, A., Villard, G.: FPGA Implementation of a Recently Published Signature Scheme. Rapport de recherche RR LIP 2004-14 (2004)Google Scholar
  11. 11.
    Biswas, B., Sendrier, N.: McEliece Cryptosystem Implementation: Theory and Practice. In: Buchmann, J., Ding, J. (eds.) PQCrypto 2008. LNCS, vol. 5299, pp. 47–62. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  12. 12.
    Cayrel, P.-L., Hoffmann, G., Persichetti, E.: Efficient Implementation of a CCA2-Secure Variant of McEliece Using Generalized Srivastava Codes. In: Fischlin, M., Buchmann, J., Manulis, M. (eds.) PKC 2012. LNCS, vol. 7293, pp. 138–155. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  13. 13.
    Coron, J.-S., Joux, A.: Cryptanalysis of a Provably Secure Cryptographic Hash Function. Cryptology ePrint Archive, Report 2004/013 (2004),
  14. 14.
    Courtois, N.T., Finiasz, M., Sendrier, N.: How to Achieve a McEliece-Based Digital Signature Scheme. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 157–174. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  15. 15.
    Damgård, I.B.: A Design Principle for Hash Functions. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 416–427. Springer, Heidelberg (1990)Google Scholar
  16. 16.
    Eisenbarth, T., Güneysu, T., Heyse, S., Paar, C.: MicroEliece: McEliece for Embedded Devices. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 49–64. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  17. 17.
    Finiasz, M.: Parallel-CFS: Strengthening the CFS McEliece-Based Signature Scheme. In: Biryukov, A., Gong, G., Stinson, D.R. (eds.) SAC 2010. LNCS, vol. 6544, pp. 159–170. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  18. 18.
    Finiasz, M., Gaborit, P., Sendrier, N.: Improved fast syndrome based cryptographic hash functions. In: Proceedings of ECRYPT Hash Workshop, vol. 2007, p. 155 (2007)Google Scholar
  19. 19.
    Fouque, P.-A., Leurent, G.: Cryptanalysis of a Hash Function Based on Quasi-cyclic Codes. In: Malkin, T. (ed.) CT-RSA 2008. LNCS, vol. 4964, pp. 19–35. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  20. 20.
    Gaborit, P., Lauradoux, C., Sendrier, N.: SYND: a Fast Code-Based Stream Cipher with a Security Reduction. In: IEEE International Symposium on Information Theory, ISIT 2007, pp. 186–190 (2007)Google Scholar
  21. 21.
    Gaj, K., Homsirikamol, E., Rogawski, M., Shahid, R., Sharif, M.U.: Comprehensive Evaluation of High-Speed and Medium-Speed Implementations of Five SHA-3 Finalists Using Xilinx and Altera FPGAs. Cryptology ePrint Archive, Report 2012/368 (2012),
  22. 22.
    Gyrfi, T., Cre, O., Hanrot, G., Brisebarre, N.: High-Throughput Hardware Architecture for the SWIFFT / SWIFFTX Hash Functions. Cryptology ePrint Archive, Report 2012/343 (2012),
  23. 23.
    Helion: Fast Hash Core Family for Xilinx FPGA (2011), (accessed July 21, 2012)
  24. 24.
    Heyse, S.: Code-based cryptography: Implementing the McEliece scheme in reconfigurable hardware. Diploma thesis (2009)Google Scholar
  25. 25.
    Heyse, S.: Low-Reiter: Niederreiter Encryption Scheme for Embedded Microcontrollers. In: Sendrier, N. (ed.) PQCrypto 2010. LNCS, vol. 6061, pp. 165–181. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  26. 26.
    Heyse, S.: Implementation of McEliece Based on Quasi-dyadic Goppa Codes for Embedded Devices. In: Yang, B.-Y. (ed.) PQCrypto 2011. LNCS, vol. 7071, pp. 143–162. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  27. 27.
    Heyse, S., Güneysu, T.: Towards One Cycle per Bit Asymmetric Encryption: Code-Based Cryptography on Reconfigurable Hardware. In: Prouff, E., Schaumont, P. (eds.) CHES 2012. LNCS, vol. 7428, pp. 340–355. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  28. 28.
    Kirchner, P.: Improved Generalized Birthday Attack. Cryptology ePrint Archive, Report 2011/377 (2011),
  29. 29.
    Landais, G., Sendrier, N.: CFS Software Implementation. Cryptology ePrint Archive, Report 2012/132 (2012),
  30. 30.
    Manuel, S.: Classification and Generation of Disturbance Vectors for Collision Attacks against SHA-1. Cryptology ePrint Archive, Report 2008/469 (2008),
  31. 31.
    McEliece, R.: A public-key cryptosystem based on algebraic coding theory. DSN progress report 42(44), 114–116 (1978)Google Scholar
  32. 32.
    Meziani, M., Cayrel, P.-L., El Yousfi Alaoui, S.M.: 2SC: An Efficient Code-Based Stream Cipher. In: Kim, T.-H., Adeli, H., Robles, R.J., Balitanas, M. (eds.) ISA 2011. CCIS, vol. 200, pp. 111–122. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  33. 33.
    Meziani, M., Dagdelen, Ö., Cayrel, P.-L., El Yousfi Alaoui, S.M.: S-FSB: An Improved Variant of the FSB Hash Family. In: Kim, T.-H., Adeli, H., Robles, R.J., Balitanas, M. (eds.) ISA 2011. CCIS, vol. 200, pp. 132–145. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  34. 34.
    Ness, J.: Microsoft certification authority signing certificates added to the Untrusted Certificate Store. Microsoft Security Research and Defense (2012), (accessed July 21, 2012)
  35. 35.
    Niederreiter, H.: A Public-Key Cryptosystem Based on Shift Register Sequences. In: Pichler, F. (ed.) EUROCRYPT 1985. LNCS, vol. 219, pp. 35–39. Springer, Heidelberg (1986)CrossRefGoogle Scholar
  36. 36.
    NIST. Announcing Request for Candidate Algorithm Nominations for a New Cryptographic Hash Algorithm (SHA3) Family (2007), (accessed July 21, 2012)
  37. 37.
    U. D. of Commerce. Secure Hash Standard (SHS). Technical report, National Institute of Standards and Technology (2008)Google Scholar
  38. 38.
    Rivest, R.: RFC 1321: The MD5 message-digest algorithm (April 1992)Google Scholar
  39. 39.
    Rothamel, L., Weiel, M.: Report Cryptography Lab SS2011 Implementation of the RFSB hash function (2011),
  40. 40.
    Saarinen, M.-J.O.: Linearization Attacks Against Syndrome Based Hashes. In: Srinathan, K., Rangan, C.P., Yung, M. (eds.) INDOCRYPT 2007. LNCS, vol. 4859, pp. 1–9. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  41. 41.
    Shoufan, A., Wink, T., Molter, G., Huss, S., Strentzke, F.: A novel processor architecture for McEliece cryptosystem and FPGA platforms. In: 20th IEEE International Conference on Application-specific Systems, Architectures and Processors, ASAP 2009, pp. 98–105. IEEE (2009)Google Scholar
  42. 42.
    Stevens, M.: On collisions for MD5. Master’s thesis, Eindhoven University of Technology, Department of Mathematics and Computing Science (June 2007)Google Scholar
  43. 43.
    Stevens, M., Lenstra, A., de Weger, B.: Chosen-Prefix Collisions for MD5 and Colliding X.509 Certificates for Different Identities. In: Naor, M. (ed.) EUROCRYPT 2007. LNCS, vol. 4515, pp. 1–22. Springer, Heidelberg (2007)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Ingo von Maurich
    • 1
  • Tim Güneysu
    • 1
  1. 1.Horst Görtz Institute for IT-SecurityRuhr-University BochumGermany

Personalised recommendations