0% found this document useful (0 votes)
5 views6 pages

FPGA-based Tunable Keccak Core

Uploaded by

Mouna Bedoui
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
5 views6 pages

FPGA-based Tunable Keccak Core

Uploaded by

Mouna Bedoui
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 6

FPGA-based tunable Keccak core

Ahmed Maache Abdesattar Kalache


2023 International Conference on Smart Applications, Communications and Networking (SmartNets) | 979-8-3503-0252-3/23/$31.00 ©2023 IEEE | DOI: 10.1109/SmartNets58706.2023.10215714

Laboratory of Signals and Systems Laboratory of Signals and Systems


Institute of Electrical Engineering and Electronics Institute of Electrical Engineering and Electronics
University M’Hamed Bougara of Boumerdes, Algeria University M’Hamed Bougara of Boumerdes, Algeria
[email protected] [email protected]

Abstract—Nowadays’ great emphasis on data security has The design of hardware accelerated cryptographic algo-
led to a great need for hardware accelerated cryptograhic rithms that support multiple cryptographic primitives config-
algorithms to cope with the high communication bandwidth urable for different scenarios is common in literature [2], [4].
demand. These hardware accelerators need to be highly tunable
in order to support multiple operation modes for different Such flexibility offers systems the ability to support various
security applications. In this paper, a Field Programmable Gate cryptographic functions needed by a number of protocols
Array (FPGA)-based design and implementation of a tunable and standards producing flexible multi-purpose crypto-systems
Keccak core is presented. The Keccak core’s performance and that use ASICs and FPGAs. The main advantage of this
security parameters are configurable in the sense that bitrate, approach is its ability to provide a common implementation
capacity, and the number of rounds can be user-specified with
an extendable output length. Keccak’s sponge construction is that supports different requirements for new technologies such
exploited to enable different modes of operation. This level of as the Internet of Things (IoT), Wireless Sensor Networks
flexibility makes the core a suitable fit for a large range of (WSN), and Smart Grids. These technologies frequently face
security requirements and applications. The implemented core the difficulty of deploying efficient cryptographic algorithms
can be operated as a sponge-based Pseudo Random Number on embedded resource-constrained nodes [5]. Rather than
Generation (PRNG). The design was implemented in VHDL
(VHSCI Hardware Description Language) targeting a low-cost using multiple distinct cores, resource-shared multi-purpose
IntelFPGA Cyclone-V. The core achieved the following maximum cryptographic designs can assist in overcoming such chal-
throughput figures of: 11, 8.4, and 5.81Gbps for the three Secure lenges while offering area/power reductions. This adaptability
Hash Algorithm-3 (SHA-3) variants 256, 384, and 512-bit respec- also helps to protect against different attacks by switching to
tively, while occupying only 8% of the FPGA’s area. The random a higher security level of the same algorithm if necessary.
sequences generated by the sponge-based PRNG successfully
passed the National Institute of Standards and Technology (NIST) Throughput requirements may also require the system to
test suite. This paper demonstrated respectable area/performance switch to a more appropriate configuration to obtain a target
results compared to other studies in literature. performance goal [4].
Index Terms—Keccak, Secure Hash Algorithm, SHA-3, Pseudo
Random Number Generator, FPGA In this work, a Keccak-core design and implementation
is presented, which supports multiple modes of operation
I. I NTRODUCTION with tunable performance/security parameters and extendable
In today’s modern age, ensuring security and integrity of output digest length. We investigate a practical mode of
data is one of the most vital tasks in information technology. operation supported by our construction, namely reseedable
The current rapid increase in cyber-physical systems has put an cryptographically secure PRNGs, which are useful when high
enormous emphasis on high-bandwidth communication, which throughput bursts of random bits are required. For consistency
subsequently necessitate the use of hardware acceleration to and simplicity, the general nature NIST statistical test suite
speed-up cryptographic algorithms. This includes encryption, are used to assess the randomness of the generated random
authentication, and protections that span hardware and soft- sequence [6]. Contributions of this work lie in the hardware
ware in order to ensure the security and safety of systems implementation/evaluation of the most recent provably secure
while in operation [1]. PRNG in cryptography, the sponge-based PRNG on a low-cost
Generally speaking, Application Specific Integrated Cir- Cyclone-V device for embedded systems applications.
cuits (ASICs) provide the highest performance while being The rest of the paper is organized as follows. In Section
power-efficient [2]. However, this option is more suitable for II, a literature review is conducted. Section III covers related
industrial-scale production and therefore not cost efficient for cryptographic background concepts of Keccak and PRNG.
small count production or personal use. Field Programmable Section IV explains the design and implementation of the
Gate Arrays (FPGAs), on the other side, offer a lower cost flex- Keccak core and its supported modes of operation. Section
ible alternative that support infield reconfiguration. This allows V presents achieved results in terms of: throughput, area
for the realization of dynamically tunable high-performance utilization, and randomness related tests. These results are then
hardware cores [3]. compared to ones reported in related works. Conclusions and
979-8-3503-0252-3/23/$31.00 ©2023 IEEE future prospectives are outlined in Section VI.

Authorized licensed use limited to: UNIVERSITE DE MONASTIR. Downloaded on December 14,2023 at 12:38:56 UTC from IEEE Xplore. Restrictions apply.
II. R ELATED W ORK The permutation function Keccak-f performed on the state
array consists of nr = 24 rounds. This setting ensures a
In [7], authors used High-Level Synthesis (HLS) to imple-
high safety margin in addition to good performance [20].
ment a dynamically configurable SHA3 accelerator in terms
Each round R of Keccak-f [b] consists of five-step mappings
of digest length and capacity. However, HLS generated de-
R = ι o χ o π o ρ o θ as seen in the following set of
signs are relatively less efficient than conventional Hardware
equations:
Description Language (HDL) design flow [8]. High speed
pipelined SHA3 implementations were presented in the lit-
[θ] : C[x][z] ← a[x][0][z] ⊕ a[x][1][z] ⊕ ... ⊕ a[x][4][z]
erature [9]–[14]. Compared to the former work, however,
D[x][z] ← C[x − 1][z] ⊕ C[x + 1][z − 1]
their implementations support no such flexibility hence a
narrower application scope. In addition, these implementations a[x][y][z] ← a[x][y][z] ⊕ D[x][z]
were non-pipelined, which further limits their throughput. [ρ][π] : B[y][(2.x + 3.y)][z] ← A[x][y][rp(x, y)] (1)
The hashing units are of fixed output lengths and security [χ] : a[x][y][z] ← B[x][y][z] ⊕ (B[x + 1][y][z] ⊕ 1)
parameters, which in turns limits their suitability for different .B[x + 2][y][z]
applications. [ι] : a[0][0][z] ← a[0][0][z] ⊕ RCi [z]
Various studies were conducted on pseudo random num- During the absorption phase, the input block of length r is
ber generators using FPGAs. In [15], [16] FPGA stream lane-wise XORed with the state. If the current input block’s
cipher/Linear Feedback Shift Register (LFSR) based PRNGs length is less than r, padding is added [22]. The output is
were proposed. Authors in [17], [18] presented chaos based obtained by truncating the state after the input data has been
PRNGs. These works provide very compact hardware imple- completely absorbed. The output length is a user choice in
mentation and good performance. However, they are relatively certain applications. For hash functions, the lengths are 224,
weak against the cryptographic attack, and, hence should be 256, 384, and 512-bit. If the required output length is greater
avoided in secure applications. On the other hand, other studies than the bitrate, it is obtained by truncating the outputs after
have proposed cryptographically secure PRNG designs. High passing them through Keccak-f until the required length is
throughput and low power FPGA implementations of two satisfied [22]. This is the squeezing phase as demonstrated in
PRNGs are outlined in [19], one of which is the computa- Fig. 1.
tionally secure Blum Blum Shub generator.
B. Sponge construction based PRNG
III. BACKGROUND A pseudorandom generator is a deterministic algorithm that
A. SHA-3 and Keccak Family outputs a binary sequence of length N > n that ”looks”
random when given a truly random binary sequence of length
Keccak is a family of hash functions based on the Hermetic
n known as seed. A PRNG, in other words, is a mathematical
Sponge Construction approach which is itself based on random
formula or algorithm that generates a deterministic sequence
permutation networks on multiple state widths. Although it
of numbers that is entirely determined by the seed. As a result,
supports various state widths: 25, 50, 100, 200, 400, 800,
if the seed is compromised, the PRNG output sequences are
1600-bit, authors only submitted the permutation of width
known. Thus, randomness is a key requirement for a seed. A
b = 1600 [20]. SHA-3 is a subset of this family.
commonly used technique is to seed a PRNG with a TRNG-
As seen in Fig. 1, the Sponge Construction is composed
generated true random sequence and then use the PRNG. This
of two phases: absorption and squeezing. The sponge con-
is due to the fact that PRNG outperform TRNG in terms of
struction uses b = r + c bits of state. The bitrate r is the
performance.
rate at which states are updated with message bits between
As demonstrated in [23], the sponge construction can be
each application of the permutation function. The capacity c
used to implement PRNG. This results in a reseedable PRNG
defines the security level of the construction, where increasing
with a history-keeping mode that relies on a fixed length
the capacity results in a higher security level with performance
state which implies no memory growth. Furthermore, sponge
penalty and vise-versa [20]. The value of capacity is set by
construction is similar to mode in that each input absorption
the user depending on the target application.
of length r into the state is a feed request, and the same is true
for fetch requests. In addition, the input blocks never directly
affect the last c bits of the state.
IV. C ORE DESIGN AND IMPLEMENTATION
A. Keccak core
In contrast to software implementation, hardware implemen-
tation of Keccak lies on the high performance/area side with
respect to the SHA-3 competition finalists. In fact, Keccak out-
performed the other finalists in terms of area, throughput, and
Fig. 1. The Keccak Sponge Construction [21] energy-consumption-per-message-bit in ASICs and FPGAs

Authorized licensed use limited to: UNIVERSITE DE MONASTIR. Downloaded on December 14,2023 at 12:38:56 UTC from IEEE Xplore. Restrictions apply.
[24]. This is mainly due to the nature of Keccak-f that relies obtained. The second mode of operation is a slow one-way
heavily on simple mathematical operations such as bitwise function/key derivation function obtained by simply changing
logical operations and constant-value shifting. Therefore, the nr . The other two modes are: a reseedable PRNG and a TRNG
optimal design trade-off can be achieved for a wide range of post-processing step.
applications.
B. Sponge based PRNG
In our design of Keccak-f , we settled on the straight-
forward unfolded structure as depicted in Fig. 2. During the The security-performance tradeoffs of the PRNG should be
absorption phase, a multiplexer controlled by a round counter adjustable according to the application. In order to adjust the
determines whether the state is updated with the result of capacity and bitrate is achieved through controlling the read
the round function or with the new input block. To avoid signal from the Keccak core to the input DSFIFO. The read
overhead, the input block is stored in an input buffer in signal is pulled high at a given interval of rounds defined by
the form of a shift register. At each clock, 128-bit chunk an external 3-bit signal by tweaking the control unit at a few
enter the register in parallel with Keccak-f computation. The rounds’ states. The capacity values featured are 256 and 1024,
state is kept in a 1600-bit register that is refreshed after with a stride of 128.
each round. The round function’s five steps are implemented The implemented PRNG is reseedable, which means that
using combinational logic, with no inner round pipelining. The after random bits have been generated, an additional entropy
two steps of ρ and π are combined together because they source can be added. Instead of discarding the current state
are merely two consecutive permutations of the state. This of the PRNG, reseeding combines the current state with the
permutation’s values are hardwired in the rp array. An FSM new seed material [25]. The implementation can be used as
supplies the round constants. After the last round the state is a reseedable sponge PRNG by cascading the sponge function
truncated to 256-bit to output the hash digest. of the Keccak core without reinitializing the state.
Our implementation has two requests: feed and fetch. At
128-bit the beginning, the seed material is fed to the input DSFIFO
IN Buffer
in block (Double-Sided First-In-First-Out) in 16-bit chunks before be-
ing absorbed by the sponge’s input buffer shift register in
1600-bit 128-bit chunks. When the input seed length l = r, the input
Mux Ctrl buffer is XORed with the current state and forwarded to
RD_req the Keccak-f . This process is repeated until the DSFIFO
Reg generates a read-empty signal, denoting that the seed material
has been completely absorbed. The sponge is then switched
iterate
clk
FSM Ctrl
to the squeezing phase, where the desired output length is
RD_empty obtained [23]. Following the iteration of Keccak-f , the state
sys_ena
is registered in a shift register that is controlled externally to
Round Cst
iterate through the desired length of the output l ≤ r. To fetch
WR_req/OUT_ena Reg the random bits, the output shift register is connected to a 128-
1600-bit
bit digest buffer, which feeds to an output DSFIFO (128-bit
128-bit
OUT Buffer
digest
write-side and 16-bit read-side) controlled by the user.
After feeding each seed with length l < r through Keccak-
Fig. 2. Our Keccak core hardware design f [b = 1600], one random bit can be obtained directly. The
implementation, in this case, is in duplex construction mode.
The number of rounds nr is user-defined, with two restric- The latter accepts calls that take an input string and return
tions: it must be at least 24, and it can only be multiples of 12. an output string based on all previous inputs as demonstrated
The reason for this is not security-based. It is related to the in Fig. 3. In this context, a duplex object is an instance of
implementation’s flexibility and usability in applications where the duplex construction [25]. This can go even further by
slowing down the hash operation is advantageous. Reusing the allowing duplex objects to be different from one another. This
states in the FSM yields the user-defined nr mode. The control asymmetry is supported by the present implementation and
unit will loop indefinitely between the 24 rounds’ states as long can be obtained by changing the capacity and rounds number
as a control signal is pulled high. This control signal is checked control signals.
at the 12th and 24th states, which explains the constraint of
V. R ESULTS AND DISCUSSION
multiples of 12.
Our keccak core can support four modes of operation. The A. Keccak core FPGA implementation
first is a randomised hash function, in which data is fed as The core was written in VHDL. The synthesis process was
16-bit chunks into the device’s input DSFIFO and should be carried out using Intel Quartus Prime 20.1 on the low-cost
padded beforehand. The input bits is registered in the input Cyclone-V (5CSXFC6D6F31C6) (DE-10 Standard board).
buffer of core prior to absorption phase where input bits are Fig. 4 shows the RTL view of the synthesized core. The re-
forwarded to Keccak-f [b = 1600, nr = 24]. A digest is then sources utilization of the core is 8947LEs (3415ALMs) which

Authorized licensed use limited to: UNIVERSITE DE MONASTIR. Downloaded on December 14,2023 at 12:38:56 UTC from IEEE Xplore. Restrictions apply.
Test p-Value Conclusion
Frequency Test (Monobit) 0.01397 Random
Frequency Test within a Block 0.12058 Random
Run Test 0.56053 Random
Longest Run of Ones 0.13052 Random
Binary Matrix Rank 0.29228 Random
Discrete Fourier Transform 0.69992 Random
Non-Overlapping Template Matching 0.36968 Random
Overlapping Template Matching 0.84336 Random
Maurer’s Universal 0.31458 Random
Linear Complexity 0.22099 Random
Serial test 0.70625 Random
Approximate Entropy 0.17980 Random
Fig. 3. The Duplex Construction [25] Cumulative Sums (Forward) 0.01225 Random
Cumulative Sums (Reverse) 0.01225 Random
Random Excursions 0.14555 Random
accounts for 8% leaving the rest of FPGA for application Random Excursions Variant 0.26355 Random
TABLE II
specific logic. The usage of dedicated logic registers accounts PRNG S TATISTICAL T ESTS R ESULTS
for over 70% of the total logic usage, which is due to the
Keccak’s inherited reliance on permutation. The core clocks
at a maximum frequency fmax of 271.69MHz. The obtained
implementation is lightweight, fast, and highly flexible making C. Results comparison
it suitable for embedded applications.
The maximum throughput of the core is of the form : The comparison of proposed Keccak core with high speed
T Pmax c SHA-3 cores presented in literature is demonstrated in Table
T hroughput = .(1 − ) (2) III. In terms of area utilization, our base implementation of
nr + 1 b
Keccak(SHA3-256) is on part with the other high speed im-
where b is the state length 1600-bit, c is the capacity, nr is plementations reported in literature. In terms of performance,
the number of rounds, T Pmax is a constant that depends on the even though the base core features no internal round pipelining
maximum frequency fmax , it can be viewed as the throughput and even though the purpose of this work is not providing
of the core with capacity of 0 and a number of iteration of high throughput, it performs better than most of the other
1, resulting in T Pmax = 404.73Gbps. The capacity for each implementations.
SHA-3 variant is equal to twice of the digest length l. Finally,
After adjusting the base core to be tunable, we notice a 13%
the throughput results for the different SHA-3 variants are
area increase with an expected performance drop. However,
shown in Table I.
the performance dropped by a negligible 1.7%. Consequently,
Area fmax Latency Throughput the performance of the proposed flexible/tunable core is good
(LEs) (MHz) (cycles) (Gbps) compared with reported high-speed untunable designs despite
SHA-3 256 8947 271.69 25 11.0
SHA-3 384 8947 271.69 25 8.4 the absence of internal pipelining. Compared with the tunable
SHA-3 512 8947 271.69 25 5.81 cores reported by [7], our core utilizes less area with 225%
TABLE I
R ESULTS OF THE SHA-3 FPGA IMPLEMENTATION
higher throughput. Furthermore, our flexible core has higher
throughput than other non-flexible cores reported in [11], [12],
[9] and others.

B. Sponge based PRNG Equiv.


Tunable Area Thr.
To validate our Sponge-based PRNG implementation, Study Device design? (Slice+BRAM) Slices (Mbps)
[11] Virtex-6 no 1048+0 1048 8830
we generated pseudo-random numbers with Keccak-f [r = [12] Virtex-5 no 1338+1 1466 11252
1088, c = 512]. Squeezing the state after providing the empty [13] Virtex-5 no 1369+0 1369 13337
string as input yields the random sequence. The Signal Tap [14] Virtex-5 no 1215+0 1215 5054
[10] Virtex-5 no 1350+0 1350 10342
Logic Analyzer tool from Quartus Prime is used to extract [26] Virtex-5 no 1388+0 1388 11776
random bits in real-time. The system operates at a clock [27] Stratix-III no 2641+0 2641 8366
frequency of 100MHz (which is the default clock provided [9] Virtex-5 no 4793+0 4793 12984
[4] Virtex-6 no 1345+0 1345 14876
in the DE-10 Standard board). Each squeezed block is 256-bit [28] Virtex-6 no 1494+0 1494 8838
long and is taken every 24 clock cycles. If the state is reseeded [7] Virtex-6 yes 1541+0 1541 4992
with n high entropy bits, it will be resistant to any state [7] Virtex-6 yes 1888+0 1888 424
recovery attack by 2n . The NIST SP 800-22 verification suit Base Cyclone-V no 3011(ALMs)+0 1354 11468
Tunable Cyclone-V yes 3415(ALMs)+0 1536 11264
was used to assess the quality of the generated pseudo-random TABLE III
numbers. The results in Table II show that the sequence passed R ESULTS C OMPARISON OF K ECCAK CORE IMPLEMENTATION
all tests with all p-values greater than 0.01 implying that the
sequence is random.

Authorized licensed use limited to: UNIVERSITE DE MONASTIR. Downloaded on December 14,2023 at 12:38:56 UTC from IEEE Xplore. Restrictions apply.
Fig. 4. RTL view of the tunable Keccak core

VI. C ONCLUSIONS [9] H. Mestiri, F. Kahri, M. Bedoui, B. Bouallegue, and M. Machhout,


“High throughput pipelined hardware implementation of the keccak hash
This work presented a tunable Keccak core that can be function,” in Int. Symposium on Signal, Image, Video and Communica-
user-configured by modifying the capacity, bitrate, and the tions, 2016, pp. 282–286.
number of rounds. The design achieved respectable maximum [10] H. Mestiri, I. Barraj, and M. Machhout, “A high-speed keccak architec-
ture resistant to fault attacks,” in 32nd Int. Conf. on Microelectronics,
throughtput of 11Gbps compared to other works, with an 2020, pp. 1–4.
area usage of roughly 8% of the low-cost Cyclone-V FPGA. [11] T. Newe, M. Rao, D. Toal, G. Dooly, E. Omerdic, and A. Mathur,
These results suggest that the presented implementation is “Efficient and high speed fpga bump in the wire implementation for data
lightweight, fast, and highly tunable making it favourable for integrity and confidentiality services in the iot,” in Sensors for Everyday
Life: Healthcare Settings, 2017, pp. 259–285.
embedded applications. The core can operated as a reseedable [12] R. Shahid, M. Sharif, M. Rogawski, and K. Gaj, “Use of embedded fpga
PRNG and a post-processing unit for a TRNG. The PRNG resources in implementations of 14 round 2 sha-3 candidates,” in Int.
random sequences successfully passed NIST’s statistical tests. Conf. on Field-Programmable Technology, 12 2011, pp. 1–9.
[13] K. Gaj, E. Homsirikamol, M. Rogawski, R. Shahid, and M. U. Sharif,
In future work, a better performance design could be investi- “Comprehensive evaluation of high-speed and medium-speed implemen-
gated using internal pipelining. tations of five sha-3 finalists using xilinx and altera fpgas,” Cryptology
ePrint Archive, Paper 2012/368, 2012.
R EFERENCES [14] B. Jungk, M. Stottinger, and M. Harter, “Shrinking keccak hardware
[1] S. K. Mazumder, A. Kulkarni, S. Sahoo, F. Blaabjerg, A. Mantooth, implementations,” in SHA-3 2014 Workshop, Aug 2014. [Online].
J. Balda, Y. Zhao, J. Ramos-Ruiz, P. Enjeti, P. Kumar et al., “A review Available: https://csrc.nist.rip/groups/ST/hash/sha-3/Aug2014/program
of current research trends in power-electronic innovations in cyber- SHA3 workshop aug2014.pdf
physical systems,” IEEE Journal of Emerging and Selected Topics in [15] T. Tuncer and E. Avaroğlu, “Random number generation with lfsr based
Power Electronics, pp. 1–17, 2021. stream cipher algorithms,” in 40th Int. Convention on Information and
[2] P. Nannipieri, S. D. Matteo, L. Baldanzi, L. Crocetti, L. Zulberti, Communication Technology, Electronics and Microelectronics, 2017, pp.
S. Saponara, and L. Fanucci, “VLSI Design of Advanced-Features AES 171–175.
Cryptoprocessor in the Framework of the European Processor Initiative,” [16] H. Tang, T. Qin, Z. Hui, P. Cheng, and W. Bai, “Design and implemen-
IEEE Trans. on VLSI Systems, vol. 30, no. 2, pp. 177–186, 2022. tation of a configurable and aperiodic pseudo random number generator
[3] T. Nguyen, C. MacLean, M. Siracusa, D. Doerfler, N. J. Wright, and in fpga,” in IEEE 2nd Int. Conf. on Circuits, System and Simulation,
S. Williams, “Fpga-based hpc accelerators: An evaluation on perfor- 2018, pp. 47–51.
mance and energy efficiency,” Concurrency and Computation: Practice [17] R. Hobincu and O. Datcu, “Fpga implementation of a chaos based prng
and Experience, p. e6570, 2021. targetting secret communication,” in Int. Symposium on Electronics and
[4] D.-e.-S. Kundi, A. Khalid, A. Aziz, C. Wang, M. O’Neill, and W. Liu, Telecommunications, 2018, pp. 1–4.
“Resource-shared crypto-coprocessor of aes enc/dec with sha-3,” IEEE [18] S. Gomar and M. Ahmadi, “A digital pseudo random number generator
Trans. on Circuits and Systems I: Regular Papers, vol. 67, no. 12, pp. based on a chaotic dynamic system,” in 26th IEEE Int. Conf. on
4869–4882, 2020. Electronics, Circuits and Systems, 2019, pp. 610–613.
[5] B. Ilyas, S. M. Raouf, S. Abdelkader, T. Camel, S. Said, and H. Lei,
[19] B. Paul, G. Trivedi, P. Jan, and Z. Němec, “Efficient prng design
“An Efficient and Reliable Chaos-Based IoT Security Core for UDP/IP
and implementation for various high throughput cryptographic and low
Wireless Communication,” IEEE Access, vol. 10, pp. 49 625–49 656,
power security applications,” in 29th Int. Conf. Radioelektronika, 2019,
2022.
pp. 1–6.
[6] L. Bassham, A. Rukhin, J. Soto, J. Nechvatal, M. Smid, S. Leigh,
M. Levenson, M. Vangel, N. Heckert, and D. Banks, “A statistical [20] G. Bertoni, J. Daemen, M. Peeters, and G. V. Assche. (2011)
test suite for random and pseudorandom number generators for crypto- The keccak sha-3 submission. (accessed: 2022). [Online]. Available:
graphic applications,” Sep 2010, (accessed: 2022). [Online]. Available: https://keccak.team/files/Keccak-submission-3.pdf
https://tsapps.nist.gov/publication/get pdf.cfm?pub id=906762 [21] ——. (2011) Cryptographic sponge functions. (accessed: 2022).
[7] K. E. Ahmed and M. M. Farag, “Hardware/software co-design of a [Online]. Available: https://keccak.team/files/CSF-0.1.pdf
dynamically configurable sha-3 system-on-chip (soc),” in IEEE Int. [22] M. Dworkin. (2015, 08) Sha-3 standard: Permutation-based hash and
Conf. on Electronics, Circuits, and Systems, 2015, pp. 617–620. extendable-output functions. Federal Inf. Process. Stds. (NIST FIPS).
[8] M. W. Numan, B. J. Phillips, G. S. Puddy, and K. Falkner, “Towards [Online]. Available: https://doi.org/10.6028/NIST.FIPS.202
automatic high-level code deployment on reconfigurable platforms: A [23] G. Bertoni, J. Daemen, M. Peeters, and G. Van Assche, “Sponge-based
survey of high-level synthesis tools and toolchains,” IEEE Access, vol. 8, pseudo-random number generators,” in Cryptographic Hardware and
pp. 174 692–174 722, 2020. Embedded Systems, CHES, 2010.

Authorized licensed use limited to: UNIVERSITE DE MONASTIR. Downloaded on December 14,2023 at 12:38:56 UTC from IEEE Xplore. Restrictions apply.
[24] S. jen Chang, R. Perlner, W. Burr, M. Sonmez, J. Kelsey, S. Paul, processor,” Journal of Circuits, Systems and Computers, vol. 25, no. 04,
and L. Bassham, “Third-round report of the sha-3 cryptographic hash p. 1650026, 2016.
algorithm competition,” NIST Interagency/Internal Report (NISTIR), [27] A. Gholipour and S. Mirzakuchaki, “High-speed implementation of the
Tech. Rep., 11 2012. keccak hash function on fpga,” Int. Journal of Advanced Computer
[25] G. Bertoni, J. Daemen, M. Peeters, and G. Van Assche, “Duplexing the Science, vol. 2, no. 8, pp. 303–307, 2012.
sponge: Single-pass authenticated encryption and other applications,” in [28] E. Homsirikamol and K. Gaj, “Hardware benchmarking of cryptographic
Selected Areas in Cryptography, 2012, pp. 320–337. algorithms using high-level synthesis tools: The sha-3 contest case
[26] F. Kahri, H. Mestiri, B. Bouallegue, and M. Machhout, “High speed study,” in 11th Int. Symposium on Applied Reconfigurable Computing,
fpga implementation of cryptographic keccak hash function crypto- ser. Lecture Notes in Computer Science, vol. 9040, 2015, pp. 217–228.

Authorized licensed use limited to: UNIVERSITE DE MONASTIR. Downloaded on December 14,2023 at 12:38:56 UTC from IEEE Xplore. Restrictions apply.

You might also like