Abstract
Hash functions are special cryptographic algorithms, which are applied wherever message integrity and authentication are critical. Implementations of these functions are cryptographic primitives widely used in common cryptographic schemes and security protocols such as Internet Protocol Security (IPSec) and Virtual Private Network (VPN). In this paper, a novel FPGA implementation of the Secure Hash Algorithm 1 (SHA-1) is proposed. The proposed architecture exploits the benefits of pipeline and re-timing of execution through pre-computation of intermediate temporal values. Pipeline allows division of the calculation of the hash value in four discreet stages, corresponding to the four required rounds of the algorithm. Re-timing is based on the decomposition of the SHA-1 expression to separate information dependencies and independencies. This allows pre-computation of intermediate temporal values in parallel to the calculation of other independent values. Exploiting the information dependencies, the fundamental operational block of SHA-1 is modified so that maximum operation frequency is increased by 30% approximately with negligible area penalty compared to other academic and commercial implementations. The proposed SHA-1 hash function was prototyped and verified using a XILINX FPGA device. The implementation’s characteristics are compared to alternative implementations proposed by the academia and the industry, which are available in the international IP market. The proposed implementation achieved a throughput that exceeded 2,5 Gbps, which is the highest among all similar IP cores for the targeted XILINX technology.
Similar content being viewed by others
References
National Institute of Standards and Technology (NIST). Secure Hash Standard (SHS), FIPS PUB, 180–2, Standard, 2002.
National Institute of Standards and Technology (NIST). The Keyed-Hash Message Authentication Code (HMAC), FIPS PUB, 198 Standard, 2002.
National Institute of Standards and Technology (NIST). Digital Signature Standard (DSS), FIPS PUB, 186–2, 2000.
IP Security Protocol (IPSEC) Charter—Latest RFCs and Internet Drafts for IPSec, http://www.ietf.org/html.charters/ipsec-charter.html.
National Institute of Standards and Technology (NIST). Escrowed Encryption Standard (EES), FIPS PUB, 185, 1994.
J. Menezes, P. C. van Oorschot, and S. A. Vanstone. Handbook of Applied Cryptography. CRC Press Inc., Boca Raton, 1996.
W. Stallings. Cryptography and Network Security, 2nd ed. Prentice-Hall Inc., Upper Saddle River, New Jersey, 1999.
S. Dominikus. A Hardware Implementation of MD-4 Family Hash Algorithms. In IEEE International Conference on Electronics, Circuits and Systems, 1143–1146, 2002.
G. Selimis, N. Sklavos, and O. Koufopavlou. VLSI Implementation of the Keyed-Hash Message Authentication Code for the Wireless Application Protocol. In IEEE International Conference on Electronics, Circuits and Systems, 24–27, 2003.
T. Grembowski, R. Lien, K. Gaj, N. Nguyen, P. Bellows, J. Flidr, T. Lehman, and B. Schott. Comparative Analysis of the Hardware Implementations of Hash Functions SHA-1 and SHA-512. A. H. Chan and V. Gligor, eds., In Information Security Conference, 75–89. Springer-Verlag, Heidelberg, 2002.
Y. K. Kang, D. W. Kim, T. W. Kwon, and J. R. Choi. An Efficient Implementation of Hash Function Processor for IPSEC. In IEEE Asia-Pacific Conference on ASIC, sec. 2B(4), 2002.
J. M. Diez, S. Bojanic, C. Carreras, and O. Nieto-Taladriz. Hash Algorithms for Cryptographic Protocols: FPGA Implementations. TELefonica FORum, 2002.
N. Sklavos, G. Dimitroulakos, G., and O. Koufopavlou. An Ultra High Speed Architecture for VLSI Implementation of Hash Functions. In IEEE International Conference on Electronics, Circuits and Systems, 990–993, 2003.
N. Sklavos, P. Kitsos, E. Alexopoulos, and O. Koufopavlou. Open Mobile Alliance (OMA) Security Layer: Architecture, Implementation and Performance Evaluation of the Integrity Unit. New Generation Computing: Computing Paradigms and Computational Intelligence, Springer-Verlag, (In print) 2004.
N. Sklavos, E. Alexopoulos, and O. Koufopavlou. Networking Data Integrity: High Speed Architectures and Hardware Implementations. IAJIT Journal, 1:54–59, 2003.
F. Crowe, A. Daly, T. Kerins, and W. Marnane. Single-Chip Implementation of a Cryptographic Co-Processor. In IEEE International Conference on Field-Programmable Technology, 2004.
S. Pongyupinpanich, and S. Choomchuay. An Architecture for SHA-1 Applied for DSA. In Third Asian International Mobile Computing Conference (AMOC 2004), Thailand, 133–136, 2004.
R. Lien, T. Grembowski, and K. Gaj. A 1 Gbit/s Partially Unrolled Architecture of Hash Functions SHA-1 and SHA-512. In T. Okamoto, ed., In Cryptographers Track at RSA Conference, 324–338. Springer-Verlag. Berlin Heidelberg, 2004.
R. L. Rivest. The MD5 Message Digest Algorithm. IETF Network Working Group, RFC 1321, 1992.
M. Roe. Performance of Block Ciphers and Hash Functions-One Year Later. Second International Workshop for Fast Software Encryption, 359–362, 1994.
H. Dobbertin, A.Bosselaers and B. Preneel. RIPEMD-160 a strengthened version of RIPEMD. In Fast Software Encryption, LNCS 1039, 71–82. Springer-Verlag. Berlin Heidelberg, 1996.
ALMA Technologies. Web page, available at http://www.alma-tech.com
Bisquare Systems Private Ltd. Web page, available at http://www.bisquare.com
Helion Technology Ltd. Web page, available at http://www.heliontech.com
Intron, Ltd. Web page, available at http://www.lviv.uar.net/~intron/
Ocean Logic Ltd. Web page, available at http://www.ocean-logic.com
Amphion. Web page, available at http://www.amphion.com/index.html
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Kakarountas, A.P., Michail, H., Milidonis, A. et al. High-Speed FPGA Implementation of Secure Hash Algorithm for IPSec and VPN Applications. J Supercomput 37, 179–195 (2006). https://doi.org/10.1007/s11227-006-5682-5
Issue Date:
DOI: https://doi.org/10.1007/s11227-006-5682-5