6.375 Final Presentation - PowerPoint PPT Presentation

1 / 42
About This Presentation
Title:

6.375 Final Presentation

Description:

Whirlpool is not a SHA-3 candidate. Will never be patented, free for public use ... Whirlpool Preprocessor ... Whirlpool Result. Successfully simulated and ... – PowerPoint PPT presentation

Number of Views:280
Avg rating:3.0/5.0
Slides: 43
Provided by: csgCsa
Category:

less

Transcript and Presenter's Notes

Title: 6.375 Final Presentation


1
FPGA Implementation of Whirlpool and FSB Hash
Algorithms
  • 6.375 Final Presentation
  • Jeff Simpson, Jingwen Ouyang, Kyle Fritz

2
Outline
  • Overview
  • Test Harness
  • Hash Algorithms
  • Whirlpool
  • FSB
  • Closing Remarks

3
Outline
  • Overview
  • Test Harness
  • Hash Algorithms
  • Whirlpool
  • FSB
  • Closing Remarks

4
What is a Hash?
  • A hash is a fingerprint of sorts a small key
    which can be used to identify a larger data set.
  • Hashes have many uses
  • Identifying that a data set is correct.
  • Performing database indexing
  • Cryptographic functions

5
SHA-3 Competition
  • National Institute of Science and Technology
    (NIST) is holding a competition to write the
    successor to the SHA-2 hashing algorithm.
  • Over 50 algorithms have been submitted for
    consideration.
  • NIST will make the final decision, but the
    community is performing analysis and making
    recommendations.

6
Project Goals
  • Implementation of hash algorithms on the Altera
    DE2-70 FPGA
  • Whirlpool hash
  • FSB hash (SHA-3 candidate, uses Whirlpool)
  • The process and results of implementing the SHA-3
    candidate algorithm will serve as an analysis of
    the algorithm.

7
Outline
  • Overview
  • Test Harness
  • Hash Algorithms
  • Whirlpool
  • FSB
  • Closing Remarks

8
Test Harness
  • Provide a layer of abstraction
  • Simplify memory access
  • Provide FPGA interface
  • Provide simple and fast end-to-end testing

9
Hash Abstraction
  • Put Length
  • Put Word
  • Get Hash
  • Get Table Lookup
  • Put Table Lookup Response
  • Hash does not need to know anything about memory
    organization, addressing, or interface
  • Test harness does not need to know anything about
    the Hash function.

10
Memory
  • 0400000040105F NIOS (4KB)
  • 04100000417FFF Input Message (32KB)
  • 04400000447FFF Hash Memory (32KB)
  • 100000017FFFFF Lookup Tables (8MB, Flash)

11
On FPGA
  • Intel HEX file is generated from test-case data
    for loading FPGA
  • Altera flash image is generated from lookup table
  • NIOS signals for the hash to start, then reads
    the result from memory when the hash has
    completed.

12
In Simulation
  • Verilog VMH file generated from test-case data,
    AND lookup table.
  • Hash is commanded to start automatically.
  • Result is displayed (saved to output log file)

13
Message Input VMH Format
  • _at_0002 // Message size in bits (64)
  • _at_0004 // Data address
  • _at_0005 // Result address
  • _at_400000 //Lookup table data (simulation only)

14
Testing
  • A suite of test-cases is used for automated
    testing
  • Reference hashes are automatically generated and
    compared to the simulation results.
  • FPGA results can be automatically compared in the
    same fashion.
  • A NIOS-based message generator is used to test
    message input gt 32KB

15
Outline
  • Overview
  • Test Harness
  • Hash Algorithms
  • Whirlpool
  • FSB
  • Closing Remarks

16
Typical Hash Structure
Preprocessing
Compression
Finalization
F
17
Typical Hash Structure
Preprocessing
Compression
Finalization
49
1d
af
F
18
Typical Hash Structure
Preprocessing
Compression
Finalization
491daf
3c
F
19
Typical Hash Structure
Preprocessing
Compression
Finalization
3c
00000000
F
491daf
20
Typical Hash Structure
Preprocessing
Compression
Finalization
3c
8
020
00000000
F
491daf
21
Typical Hash Structure
Preprocessing
Compression
Finalization
3c8020
F
46a931ff
22
Typical Hash Structure
Preprocessing
Compression
Finalization
46a931ff
F
3c8020
23
Typical Hash Structure
Preprocessing
Compression
Finalization
F
a903bd55
24
Typical Hash Structure
Preprocessing
Compression
Finalization
F
a903bd55
03bd55
25
Outline
  • Overview
  • Test Harness
  • Hash Algorithms
  • Whirlpool
  • FSB
  • Closing Remarks

26
Whirlpool Introduction
  • A stand-alone hash function based on a
    substantially modified Advanced Encryption
    Standard (AES)
  • Given a message less than 2256 bits in length, it
    returns a 512-bit message digest.
  • Whirlpool is not a SHA-3 candidate
  • Will never be patented, free for public use
  • No Bluespec implementations exist

27
Whirlpool Preprocessing
  • Input A input message being hashed (any size)
  • Padded input
  • A message,1, 0,0,0,,0,0,0 (512N 256
    bits)
  • B message length (256 bits)
  • Padded input A,B (512 N 512 bits)
  • Output Split the padded input to small message
    blocks (512 bits each)

28
Whirlpool Preprocessor
Input Words
Message Block
  • Input words are shifted into the message block
    one bit at a time until any of the following
    events
  • Message block is full It is sent and a new one
    is started.
  • Input word is finished The next one is loaded.
  • Message is complete The block is padded with a 1
    and the message length (in bits) before being
    sent.
  • Because these events happen independently, the
    preprocessor does not depend on message size,
    message block size or input word size.
  • It requires very little logic, but is rather
    slow, as it requires 1 cycle per bit, minimally.

29
Whirlpool Compression
  • Inputs
  • Current hash from previous iteration (8 bit x 64
    vector)
  • Small message blocks (512 bit)
  • Output
  • Intermediate Hash (8 bit x 64 vector)

30
Whirlpool Compression
  • Block Diagram
  • init
  • takes in message blocks and resets internal
    states
  • processBuffer
  • computes internal state from an internal block
    cipher
  • finalize
  • newHash currentHash input message state
  • newHash is sent out as result when there is no
    more input message blocks

31
Whirlpool Compression
  • Internal block cipher in processBuffer
  • Originally uses a randomly generated box, lack
    internal structure, hard to implement efficiently
    in hardware
  • Current version uses S-box, which has nice
    patterns for hardware implementation

32
Whirlpool Implementation
  • Do one branch at a time
  • Reuse hardware
  • Save logic
  • Take longer time
  • 10 rounds of iteration
  • Big for-loop takes a lot of logic, and increases
    critical path
  • Use counter to break into multiple cycles

33
Whirlpool Implementation
  • Use registers with ready bits instead of FIFOs
  • Put s-boxs lookup table onto SRAM
  • One table lookup per cycle
  • Concatenate vectors to avoid multi-layered MUX

34
Whirlpool Finalization
  • Functionality
  • Unwrap the intermediate hash from its vector form
    to a bit string as final output
  • (8 bit x 64 vector gt 512 bit string)
  • No separate finalization module
  • Done at the end of the compression module

35
Whirlpool Result
  • Successfully simulated and verified in Bluespec
    compiler
  • Successfully put onto FPGA and verified
  • Noticeable trade-offs between speed and area
  • We choose area over speed

36
Outline
  • Overview
  • Test Harness
  • Hash Algorithms
  • Whirlpool
  • FSB
  • Closing Remarks

37
Fast Syndrome-Based hash function
  • FSB is a family of hash functions submitted to
    the SHA-3 competition.
  • Maintains a large internal state.
  • Requires a large lookup table.
  • Simple design, simple operations.
  • Proof of reduction to known hard problems.
  • Authors are French.

38
FSB Preprocessing
  • Message blocks of 1240 bits.
  • Filled first with bits from message.
  • After last message input, single bit appended.
  • Padded with zeroes.
  • Last 64 bits contain message length in bits.

Message bits
Message bits
1
Zeroes
Zeroes
Length
39
FSB Compression
1984 bits
8 bits
01001
1101

21 bits
1240 bits
10110
Simple Math with Constants
5 bits
1987 bits
/
Memory
gtgt
p
1987 bits x 1024
40
FSB Compression
  • Implementation follows specification closely.
  • Single cycle division and modulo component.
  • Multiple cycle shifter.
  • Memory interface for loading pi vectors.

41
FSB Finalization
Whirlpool
512 bits
1984 bits
  • Breaks up 1984 bits into a stream of 32 bit input
    words for Whirlpool.

42
Closing Remarks
  • FSB is not ideal for hardware.
  • Large lookup table.
  • Large internal state.
  • Simple operations on large values.
  • Generalized code can be reused for other hash
    functions.
Write a Comment
User Comments (0)
About PowerShow.com