BYTE SLICING GRØSTL - Optimized Intel AES-NI and 8-bit Implementations of the SHA-3 Finalist Grøstl
Kazumaro Aoki, Günther Roland, Yu Sasaki, Martin Schläffer
2011
Abstract
Grøstl is an AES-based hash function and one of the 5 finalists of the SHA-3 competition. In this work we present high-speed implementations of Grøstl for small 8-bit CPUs and large 64-bit CPUs with the recently introduced AES instructions set. Since Grøstl does not use the same MDS mixing layer as the AES, a direct application of the AES instructions seems difficult. In contrast to previous findings, our Grøstl implementations using the AES instructions are currently by far the fastest known. To achieve optimal performance we parallelize each round of Grøstl by taking advantage of the whole bit width of the used processor. This results in implementations running at 12.2 cylces/byte for Grøstl-256 and 18.6 cylces/byte for Grøstl-512.
References
- Atmel (2003). 8-bit AVR Microcontroller with 16K Bytes In-System Programmable Flash. ATmega163. Retrieved December 21, 2010, from http://www.atmel.com/dyn/resources/prod documents/ doc1142.pdf.
- Atmel (2003). 8-bit AVR Microcontroller with 16K Bytes In-System Programmable Flash. ATmega163. Retrieved December 21, 2010, from http://www.atmel.com/dyn/resources/prod documents/ doc1142.pdf.
- Benadjila, R., Billet, O., Gueron, S., and Robshaw, M. (2009). The Intel AES Instructions Set and the SHA-3 Candidates. Retrieved December 22, 2010, from http://crypto.rd.francetelecom.com/ECHO/sha3/AES/.
- Benadjila, R., Billet, O., Gueron, S., and Robshaw, M. (2009). The Intel AES Instructions Set and the SHA-3 Candidates. Retrieved December 22, 2010, from http://crypto.rd.francetelecom.com/ECHO/sha3/AES/.
- C¸ alik, C¸. (2010). Multi-stream and Constant-time SHA-3 Implementations. NIST hash function mailing list. Retrieved May 03, 2010, from http://www.metu.edu.tr/~ccalik/software.html#sha3.
- C¸ alik, C¸. (2010). Multi-stream and Constant-time SHA-3 Implementations. NIST hash function mailing list. Retrieved May 03, 2010, from http://www.metu.edu.tr/~ccalik/software.html#sha3.
- Fog, A. (2010). Instruction tables - Lists of instruction latencies, throughputs and microoperation breakdowns for Intel, AMD and VIA CPUs. Retrieved December 22, 2010, from http://www.agner.org/optimize/.
- Fog, A. (2010). Instruction tables - Lists of instruction latencies, throughputs and microoperation breakdowns for Intel, AMD and VIA CPUs. Retrieved December 22, 2010, from http://www.agner.org/optimize/.
- Fouque, P.-A., Stern, J., and Zimmer, S. (2009). Cryptanalysis of Tweaked Versions of SMASH and Reparation. In Avanzi, R., Keliher, L., and Sica, F., editors, Selected Areas in Cryptography 2008, Proceedings, volume 5381 of LNCS, pages 136-150. Springer.
- Fouque, P.-A., Stern, J., and Zimmer, S. (2009). Cryptanalysis of Tweaked Versions of SMASH and Reparation. In Avanzi, R., Keliher, L., and Sica, F., editors, Selected Areas in Cryptography 2008, Proceedings, volume 5381 of LNCS, pages 136-150. Springer.
- Gauravaram, P., Knudsen, L. R., Matusiewicz, K., Mendel, F., Rechberger, C., Schläffer, M., and Thomsen, S. S. (2011). Grøstl - a SHA-3 candidate. Submission to NIST (Round 3). Retrieved May 03, 2010, from http://www.groestl.info.
- Gauravaram, P., Knudsen, L. R., Matusiewicz, K., Mendel, F., Rechberger, C., Schläffer, M., and Thomsen, S. S. (2011). Grøstl - a SHA-3 candidate. Submission to NIST (Round 3). Retrieved May 03, 2010, from http://www.groestl.info.
- Gueron, S. and Intel Corp. (2010). Intel R Advanced Encryption Standard (AES) Instructions Set. Retrieved December 21, 2010, from http://software.intel.com/en-us/articles/inteladvanced-encryption-standard-aes -instructions-set/.
- Gueron, S. and Intel Corp. (2010). Intel R Advanced Encryption Standard (AES) Instructions Set. Retrieved December 21, 2010, from http://software.intel.com/en-us/articles/inteladvanced-encryption-standard-aes -instructions-set/.
- Hamburg, M. (2009). Accelerating AES with Vector Permute Instructions. In Clavier, C. and Gaj, K., editors, CHES, volume 5747 of LNCS, pages 18-32. Springer.
- Hamburg, M. (2009). Accelerating AES with Vector Permute Instructions. In Clavier, C. and Gaj, K., editors, CHES, volume 5747 of LNCS, pages 18-32. Springer.
- Intel Corp. (1996). Using MMXTMInstructions to Transpose a Matrix. Retrieved July 12, 2011, from ftp://download.intel.com/ids/mmx/MMX App Transp ose Matrix.pdf.
- Intel Corp. (1996). Using MMXTMInstructions to Transpose a Matrix. Retrieved July 12, 2011, from ftp://download.intel.com/ids/mmx/MMX App Transp ose Matrix.pdf.
Paper Citation
in Harvard Style
Aoki K., Roland G., Sasaki Y. and Schläffer M. (2011). BYTE SLICING GRØSTL - Optimized Intel AES-NI and 8-bit Implementations of the SHA-3 Finalist Grøstl . In Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2011) ISBN 978-989-8425-71-3, pages 124-133. DOI: 10.5220/0003515701240133
in Harvard Style
Aoki K., Roland G., Sasaki Y. and Schläffer M. (2011). BYTE SLICING GRØSTL - Optimized Intel AES-NI and 8-bit Implementations of the SHA-3 Finalist Grøstl . In Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2011) ISBN 978-989-8425-71-3, pages 124-133. DOI: 10.5220/0003515701240133
in Bibtex Style
@conference{secrypt11,
author={Kazumaro Aoki and Günther Roland and Yu Sasaki and Martin Schläffer},
title={BYTE SLICING GRØSTL - Optimized Intel AES-NI and 8-bit Implementations of the SHA-3 Finalist Grøstl},
booktitle={Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2011)},
year={2011},
pages={124-133},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0003515701240133},
isbn={978-989-8425-71-3},
}
in Bibtex Style
@conference{secrypt11,
author={Kazumaro Aoki and Günther Roland and Yu Sasaki and Martin Schläffer},
title={BYTE SLICING GRØSTL - Optimized Intel AES-NI and 8-bit Implementations of the SHA-3 Finalist Grøstl},
booktitle={Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2011)},
year={2011},
pages={124-133},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0003515701240133},
isbn={978-989-8425-71-3},
}
in EndNote Style
TY - CONF
JO - Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2011)
TI - BYTE SLICING GRØSTL - Optimized Intel AES-NI and 8-bit Implementations of the SHA-3 Finalist Grøstl
SN - 978-989-8425-71-3
AU - Aoki K.
AU - Roland G.
AU - Sasaki Y.
AU - Schläffer M.
PY - 2011
SP - 124
EP - 133
DO - 10.5220/0003515701240133
in EndNote Style
TY - CONF
JO - Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2011)
TI - BYTE SLICING GRØSTL - Optimized Intel AES-NI and 8-bit Implementations of the SHA-3 Finalist Grøstl
SN - 978-989-8425-71-3
AU - Aoki K.
AU - Roland G.
AU - Sasaki Y.
AU - Schläffer M.
PY - 2011
SP - 124
EP - 133
DO - 10.5220/0003515701240133