Abstract
There exists a broad range of RFID protocols in literature that propose hash functions as cryptographic primitives. Since keccak has been selected as the winner of the NIST SHA-3 competition in 2012, there is the question of how far we can push the limits of keccak to fulfill the stringent requirements of passive low-cost RFID. In this paper, we address this question by presenting a hardware implementation of keccak that aims for lowest power and lowest area. Our smallest (full-state) design requires only 2 927 GEs (for designs with external memory available) and 5 522 GEs (total size including memory). It has a power consumption of 12.5 μW at 1 MHz on a low leakage 130 nm CMOS process technology. As a result, we provide a design that needs 40% less resources than related work. Our design is even smaller than the smallest SHA-1 and SHA-2 implementations.
Keywords
- Hardware Implementation
- SHA-3
- Keccak
- ASIC
- RFID
- Low-Power Design
- Embedded Systems
Chapter PDF
References
Akin, A., Aysu, A., Ulusel, O.C., Savaş, E.: Efficient Hardware Implementations of High Throughput SHA-3 Candidates Keccak, Luffa and Blue Midnight Wish for Single- and Multi-Message Hashing. In: 3rd International Conference Security of Information and Networks–SIN 2010, Taganrog, Russia, September 7-11, pp. 168–177 (2010)
Aumasson, J.-P., Henzen, L., Meier, W., Naya-Plasencia, M.: Quark: A Lightweight Hash. In: Mangard, S., Standaert, F.-X. (eds.) CHES 2010. LNCS, vol. 6225, pp. 1–15. Springer, Heidelberg (2010)
Baldwin, B., Byrne, A., Lu, L., Hamilton, M., Hanley, N., O’Neill, M., Marnane, W.P.: FPGA Implementations of the Round Two SHA-3 Candidates. In: International Conference on Field Programmable Logic and Applications–FPL 2010, Milano, Italy, August 31-September 2, pp. 400–407 (2010)
Bertoni, G., Daemen, J., Debande, N., Le, T.-H., Peeters, M., Van Assche, G.: Power Analysis of Hardware Implementations Protected with Secret Sharing. Cryptology ePrint Archive: Report 2013/067 (February 2013)
Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: Building Power Analysis Resistant Implementations of Keccak. In: Second SHA-3 Candidate Conference (August 2010)
Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: Cryptographic sponge functions. Submission to NIST (Round 3) (2011)
Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: The Keccak reference. Submission to NIST (Round 3) (2011)
Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: The Keccak SHA-3 submission. Submission to NIST (Round 3) (2011)
Bertoni, G., Daemen, J., Peeters, M., Van Assche, G., Keer, R.V.: Keccak Implementation Overview, V3.2 (2012)
Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: Sponge functions. In: ECRYPT Hash Workshop, Barcelona, Spain, May 24-25 (2007), http://sponge.noekeon.org/SpongeFunctions.pdf
Bogdanov, A., Knežević, M., Leander, G., Toz, D., Varıcı, K., Verbauwhede, I.: Spongent: A Lightweight Hash Function. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 312–325. Springer, Heidelberg (2011)
Bogdanov, A., Leander, G., Paar, C., Poschmann, A., Robshaw, M.J.B., Seurin, Y.: Hash Functions and RFID Tags: Mind the Gap. In: Oswald, E., Rohatgi, P. (eds.) CHES 2008. LNCS, vol. 5154, pp. 283–299. Springer, Heidelberg (2008)
Feldhofer, M., Rechberger, C.: A Case Against Currently Used Hash Functions in RFID Protocols. In: Dominikus, S. (ed.) Workshop on RFID Security 2006 (RFIDSec06), Graz, Austria, July 12-14, pp. 109–122 (July 2006)
Feldhofer, M., Rechberger, C.: A Case Against Currently Used Hash Functions in RFID Protocols. In: Meersman, R., Tari, Z., Herrero, P. (eds.) OTM 2006 Workshops. LNCS, vol. 4277, pp. 372–381. Springer, Heidelberg (2006)
Feldhofer, M., Wolkerstorfer, J.: Hardware Implementation of Symmetric Algorithms for RFID Security. In: RFID Security: Techniques, Protocols and System-On-Chip Design, pp. 373–415. Springer (2008)
Finkenzeller, K.: RFID-Handbook, 2nd edn. Carl Hanser Verlag (April 2003) ISBN 0-470-84402-7
Gaj, K., Homsirikamol, E., Rogawski, M.: Fair and Comprehensive Methodology for Comparing Hardware Performance of Fourteen Round two SHA-3 Candidates using FPGAs. In: Mangard, S., Standaert, F.-X. (eds.) CHES 2010. LNCS, vol. 6225, pp. 264–278. Springer, Heidelberg (2010)
Gaj, K., Homsirikamol, E., Rogawski, M., Shahid, R., Sharif, M.U.: Comprehensive Evaluation of High-Speed and Medium-Speed Implementations of Five SHA-3 Finalists Using Xilinx and Altera FPGAs. Cryptology ePrint Archive: Report 2012/368 (June 2012)
Guo, J., Peyrin, T., Poschmann, A.: The PHOTON Family of Lightweight Hash Functions. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841. Springer, Heidelberg (2011)
Guo, X., Huang, S., Nazhandali, L., Schaumont, P.: Fair and Comprehensive Performance Evaluation of 14 Second Round SHA-3 ASIC Implementations. In: Second SHA-3 Candidate Conference 2010 (2010)
Gürkaynak, F.K., Gaj, K., Muheim, B., Homsirikamol, E., Keller, C., Rogawski, M., Kaeslin, H., Kaps, J.-P.: Lessons Learned from Designing a 65nm ASIC for Evaluating Third Round SHA-3 Candidates. In: Third SHA-3 Candidate Conference (March 2012)
Henzen, L., Gendotti, P., Guillet, P., Pargaetzi, E., Zoller, M., Gürkaynak, F.K.: Developing a Hardware Evaluation Method for SHA-3 Candidates. In: Mangard, S., Standaert, F.-X. (eds.) CHES 2010. LNCS, vol. 6225, pp. 248–263. Springer, Heidelberg (2010)
Homsirikamol, E., Rogawski, M., Gaj, K.: Comparing Hardware Performance of Round 3 SHA-3 Candidates using Multiple Hardware Architectures in Xilinx and Altera FPGAs. In: CRYPT II Hash Workshop 2011 (May 2011)
Hsing, H.: Sha3 (keccak). OpenCores.org (January 2013)
Juels, A., Weis, S.A.: Defining Strong Privacy for RFID. Cryptology ePrint Archive, Report 2006/137 (April 2006), http://eprint.iacr.org/
Jungk, B., Apfelbeck, J.: Area-Efficient FPGA Implementations of the SHA-3 Finalists. In: International Conference on Reconfigurable Computing and FPGAs–ReConFig 2011, Cancun, Mexico, November 30-December 2, pp. 235–241 (2011)
Kaps, J.-P., Yalla, P., Surapathi, K.K., Habib, B., Vadlamudi, S., Gurung, S., Pham, J.: Lightweight Implementations of SHA-3 Candidates on FPGAs. In: Bernstein, D.J., Chatterjee, S. (eds.) INDOCRYPT 2011. LNCS, vol. 7107, pp. 270–289. Springer, Heidelberg (2011)
Kavun, E.B., Yalcin, T.: A Lightweight Implementation of Keccak Hash Function for Radio-Frequency Identification Applications. In: Ors Yalcin, S.B. (ed.) RFIDSec 2010. LNCS, vol. 6370, pp. 258–269. Springer, Heidelberg (2010)
Keccak Design Team. The Keccak sponge function family, http://keccak.noekeon.org/
Kerckhof, S., Durvaux, F., Veyrat-Charvillon, N., Regazzoni, F., de Dormale, G.M., Standaert, F.-X.: Compact FPGA Implementations of the Five SHA-3 Finalists. In: Prouff, E. (ed.) CARDIS 2011. LNCS, vol. 7079, pp. 217–233. Springer, Heidelberg (2011)
Kim, M., Ryou, J., Jun, S.: Efficient Hardware Architecture of SHA-256 Algorithm for Trusted Mobile Computing. In: Yung, M., Liu, P., Lin, D. (eds.) Inscrypt 2008. LNCS, vol. 5487, pp. 240–252. Springer, Heidelberg (2009)
Kobayashi, K., Ikegami, J., Knežević, M., Guo, E.X., Matsuo, S., Huang, S., Nazhandali, L., Kocabas, Ü., Fan, J., Satoh, A., Verbauwhede, I., Sakiyama, K., Ohta, K.: Prototyping Platform for Performance Evaluation of SHA-3 Candidates. In: IEEE International Symposium on Hardware-Oriented Security and Trust–HOST 2010, Anaheim, California, USA, June 13-14, pp. 60–63 (2010)
O’Neill, M.: Low-Cost SHA-1 Hash Function Architecture for RFID Tags. In: Dominikus, S. (ed.) Workshop on RFID Security 2008 (RFIDsec 2008), pp. 41–51 (July 2008)
Ranasinghe, D.C., Cole, P.H.: Networked RFID Systems and Lightweight Cryptography. Springer, Berlin (2008)
Saarinen, M.-J.O., Engels, D.: A Do-It-All-Cipher for rfid: Design Requirements (Extended Abstract). Cryptology ePrint Archive: Report 2012/317 (June 2012)
Sarma, S.: Towards the 5 Cent Tag. White paper, MIT Auto-ID Center (2001)
Sarma, S.E., Weis, S.A., Engels, D.W.: Radio Frequency Identification: Risks and Challenges. CryptoBytes (RSA Laboratories) 6(1), 325 (2003)
Sarma, S.E., Weis, S.A., Engels, D.W.: RFID Systems and Security and Privacy Implications. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 454–469. Springer, Heidelberg (2003)
Shamir, A.: SQUASH A New MAC with Provable Security Properties for Highly Constrained Devices Such as RFID Tags. In: Nyberg, K. (ed.) FSE 2008. LNCS, vol. 5086, pp. 144–157. Springer, Heidelberg (2008)
Strömbergson, J.: Implementation of the Keccak Hash Function in FPGA Devices. Technical report, InformAsic AB (2008)
Tillich, S., Feldhofer, M., Kirschbaum, M., Plos, T., Schmidt, J.-M., Szekely, A.: Hardware Implementations of the Round-Two SHA-3 Candidates: Comparison on a Common Ground. In: Proceedings of Austrochip 2010, Villach, Austria, October 6, pp. 43–48 (2010) ISBN 978-3-200-01945-4
Weis, S.A., Sarma, S.E., Rivest, R.L., Engels, D.W.: Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems. In: Hutter, D., Müller, G., Stephan, W., Ullmann, M. (eds.) Security in Pervasive Computing 2003. LNCS, vol. 2802, pp. 201–212. Springer, Heidelberg (2004)
Yoshida, H., Watanabe, D., Okeya, K., Kitahara, J., Wu, H., Küçük, Ö., Preneel, B.: MAME: A Compression Function with Reduced Hardware Requirements. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 148–165. Springer, Heidelberg (2007)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 International Association for Cryptologic Research
About this paper
Cite this paper
Pessl, P., Hutter, M. (2013). Pushing the Limits of SHA-3 Hardware Implementations to Fit on RFID. In: Bertoni, G., Coron, JS. (eds) Cryptographic Hardware and Embedded Systems - CHES 2013. CHES 2013. Lecture Notes in Computer Science, vol 8086. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-40349-1_8
Download citation
DOI: https://doi.org/10.1007/978-3-642-40349-1_8
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-40348-4
Online ISBN: 978-3-642-40349-1
eBook Packages: Computer ScienceComputer Science (R0)