Implementation of Hash Funcitons

[Safi Jadoon]

Our paper titled “Area-time Efficient Implementation of NIST Lightweight Hash Functions Targeting IoT Applications” is going to appear in IEEE IoTJ.

https://ieeexplore.ieee.org/abstract/document/9991841

https://eprint.iacr.org/2022/1716.pdf

We have evaluated four lightweight hash functions on Virtex-7/Artix-7, which are in the final round of the NIST LWC standardization process. The hash functions include PHOTON-Beetle, ASCON, Xoodyak, and SPARKLE.

Implementation Strategies:

Matrix multiplication is the main resource-consuming operation in PHOTON-Beetle. To achieve a smaller hardware footprint, a serialized execution technique for matrix multiplication has been adopted. For SPARKLE, implementations of the ARX-box are carried out in serial, parallel, and hybrid fashion. This can help to achieve a flexible TP/A ratio. A certain number of permutation rounds of ASCON and Xoodyak are executed in each clock cycle to explore certain trade-offs between the area consumption, latency and throughput.

Summary of the Results:

We have achieved the smallest hardware footprint for PHOTON-Beetle which consumes 3.4× smaller area than the other implementations in the literature [2]. ASCON and Xoodyak can achieve TP/A ratios that are 1.8× and 3.9× higher compared to the implementations in literature [1, 2]. In addition, we have implemented the SPARKLE for the first time as the implementations are not found in the literature.

Conclusion:

Efficient implementations of the finalist hash functions are presented in this work. The results obtained are better than the state-of-the-art. Further, the hardware implementations are also important for reviewers in choosing the final candidate for the hash competition.

[1] Rezvani, B., Coleman, F., Sachin, S., & Diehl, W. (2019). Hardware implementations of NIST lightweight cryptographic candidates: A first look. Cryptology ePrint Archive.

[2] Mohajerani, K., Haeussler, R., Nagpal, R., Farahmand, F., Abdulgadir, A., Kaps, J. P., & Gaj, K. (2021, February). Hardware Benchmarking of Round 2 Candidates in the NIST Lightweight Cryptography Standardization Process. In 2021 Design, Automation & Test in Europe Conference & Exhibition (DATE) (pp. 164-169). IEEE.

[Robert Moskowitz]

Things for you to consider:

A sponge hash, like Keccak, when used in keyed mode as in KMAC does in one operation what HMAC needs two hash functions to achieve.  Are all you tested sponges?  Do they equate to KMAC as an HMAC replacement?

Then on to HKDF which takes 2 - 3 HMACs.  Again a single KMAC is equivalent.  NIST has a lot of chained docs to update, starting with SP800-108 (in draft now) to make this "official".  Again how do these hashes match up.

Finally, just a task.  Whatever is selected, we have to make a new variant of EdDSA25519 using it rather than SHA512 to get all SHA out of our code base.  For any that support 256bit, then replace SHAKE256 in EdDSA448.

Thinks for thought.

Written while on vacation with the grandkids playing loudly in the room...

--
To unsubscribe from this group, send email to lwc-forum+...@list.nist.gov
Visit this group at https://groups.google.com/a/list.nist.gov/d/forum/lwc-forum
---
To unsubscribe from this group and stop receiving emails from it, send an email to lwc-forum+...@list.nist.gov.

--
Robert Moskowitz
Owner
HTT Consulting
C:      248-219-2059
F:      248-968-2824
E:      r...@labs.htt-consult.com

There's no limit to what can be accomplished if it doesn't matter who gets the credit