FPGA-based tunable Keccak core
Ahmed Maache Abdesattar Kalache
2023 International Conference on Smart Applications, Communications and Networking (SmartNets) | 979-8-3503-0252-3/23/$31.00 ©2023 IEEE | DOI: 10.1109/SmartNets58706.2023.10215714
Laboratory of Signals and Systems
Institute of Electrical Engineering and Electronics
University M’Hamed Bougara of Boumerdes, Algeria
[email protected]
[email protected]
Abstract—Nowadays’ great emphasis on data security has
led to a great need for hardware accelerated cryptograhic
algorithms to cope with the high communication bandwidth
demand. These hardware accelerators need to be highly tunable
in order to support multiple operation modes for different
security applications. In this paper, a Field Programmable Gate
Array (FPGA)-based design and implementation of a tunable
Keccak core is presented. The Keccak core’s performance and
security parameters are configurable in the sense that bitrate,
capacity, and the number of rounds can be user-specified with
an extendable output length. Keccak’s sponge construction is
exploited to enable different modes of operation. This level of
flexibility makes the core a suitable fit for a large range of
security requirements and applications. The implemented core
can be operated as a sponge-based Pseudo Random Number
Generation (PRNG). The design was implemented in VHDL
(VHSCI Hardware Description Language) targeting a low-cost
IntelFPGA Cyclone-V. The core achieved the following maximum
throughput figures of: 11, 8.4, and 5.81Gbps for the three Secure
Hash Algorithm-3 (SHA-3) variants 256, 384, and 512-bit respec-
tively, while occupying only 8% of the FPGA’s area. The random
sequences generated by the sponge-based PRNG successfully
passed the National Institute of Standards and Technology (NIST)
test suite. This paper demonstrated respectable area/performance
results compared to other studies in literature.
Index Terms—Keccak, Secure Hash Algorithm, SHA-3, Pseudo
Random Number Generator, FPGA
I. I NTRODUCTION
In today’s modern age, ensuring security and integrity of
data is one of the most vital tasks in information technology.
The current rapid increase in cyber-physical systems has put an
enormous emphasis on high-bandwidth communication, which
subsequently necessitate the use of hardware acceleration to
speed-up cryptographic algorithms. This includes encryption,
authentication, and protections that span hardware and soft-
ware in order to ensure the security and safety of systems
while in operation [1].
Generally speaking, Application Specific Integrated Cir-
cuits (ASICs) provide the highest performance while being
power-efficient [2]. However, this option is more suitable for
industrial-scale production and therefore not cost efficient for
small count production or personal use. Field Programmable
Gate Arrays (FPGAs), on the other side, offer a lower cost flex-
ible alternative that support infield reconfiguration. This allows
for the realization of dynamically tunable high-performance
hardware cores [3].
979-8-3503-0252-3/23/$31.00 ©2023 IEEE
Authorized licensed use limited to: UNIVERSITE DE MONASTIR. Downloaded on December 14,2023 at 12:38:56 UTC from IEEE Xplore. Restrictions apply.
Laboratory of Signals and Systems
Institute of Electrical Engineering and Electronics
University M’Hamed Bougara of Boumerdes, Algeria
The design of hardware accelerated cryptographic algo-
rithms that support multiple cryptographic primitives config-
urable for different scenarios is common in literature [2], [4].
Such flexibility offers systems the ability to support various
cryptographic functions needed by a number of protocols
and standards producing flexible multi-purpose crypto-systems
that use ASICs and FPGAs. The main advantage of this
approach is its ability to provide a common implementation
that supports different requirements for new technologies such
as the Internet of Things (IoT), Wireless Sensor Networks
(WSN), and Smart Grids. These technologies frequently face
the difficulty of deploying efficient cryptographic algorithms
on embedded resource-constrained nodes [5]. Rather than
using multiple distinct cores, resource-shared multi-purpose
cryptographic designs can assist in overcoming such chal-
lenges while offering area/power reductions. This adaptability
also helps to protect against different attacks by switching to
a higher security level of the same algorithm if necessary.
Throughput requirements may also require the system to
switch to a more appropriate configuration to obtain a target
performance goal [4].
In this work, a Keccak-core design and implementation
is presented, which supports multiple modes of operation
with tunable performance/security parameters and extendable
output digest length. We investigate a practical mode of
operation supported by our construction, namely reseedable
cryptographically secure PRNGs, which are useful when high
throughput bursts of random bits are required. For consistency
and simplicity, the general nature NIST statistical test suite
are used to assess the randomness of the generated random
sequence [6]. Contributions of this work lie in the hardware
implementation/evaluation of the most recent provably secure
PRNG in cryptography, the sponge-based PRNG on a low-cost
Cyclone-V device for embedded systems applications.
The rest of the paper is organized as follows. In Section
II, a literature review is conducted. Section III covers related
cryptographic background concepts of Keccak and PRNG.
Section IV explains the design and implementation of the
Keccak core and its supported modes of operation. Section
V presents achieved results in terms of: throughput, area
utilization, and randomness related tests. These results are then
compared to ones reported in related works. Conclusions and
future prospectives are outlined in Section VI.
 II. R ELATED W ORK
In [7], authors used High-Level Synthesis (HLS) to imple-
ment a dynamically configurable SHA3 accelerator in terms
of digest length and capacity. However, HLS generated de-
signs are relatively less efficient than conventional Hardware
Description Language (HDL) design flow [8]. High speed
pipelined SHA3 implementations were presented in the lit-
erature [9]–[14]. Compared to the former work, however,
their implementations support no such flexibility hence a
narrower application scope. In addition, these implementations
were non-pipelined, which further limits their throughput.
The hashing units are of fixed output lengths and security
parameters, which in turns limits their suitability for different
applications.
Various studies were conducted on pseudo random num-
ber generators using FPGAs. In [15], [16] FPGA stream
cipher/Linear Feedback Shift Register (LFSR) based PRNGs
were proposed. Authors in [17], [18] presented chaos based
PRNGs. These works provide very compact hardware imple-
mentation and good performance. However, they are relatively
weak against the cryptographic attack, and, hence should be
avoided in secure applications. On the other hand, other studies
have proposed cryptographically secure PRNG designs. High
throughput and low power FPGA implementations of two
PRNGs are outlined in [19], one of which is the computa-
tionally secure Blum Blum Shub generator.
III. BACKGROUND
A. SHA-3 and Keccak Family
Keccak is a family of hash functions based on the Hermetic
Sponge Construction approach which is itself based on random
permutation networks on multiple state widths. Although it
supports various state widths: 25, 50, 100, 200, 400, 800,
1600-bit, authors only submitted the permutation of width
b = 1600 [20]. SHA-3 is a subset of this family.
As seen in Fig. 1, the Sponge Construction is composed
of two phases: absorption and squeezing. The sponge con-
struction uses b = r + c bits of state. The bitrate r is the
rate at which states are updated with message bits between
each application of the permutation function. The capacity c
defines the security level of the construction, where increasing
the capacity results in a higher security level with performance
penalty and vise-versa [20]. The value of capacity is set by
the user depending on the target application.
Fig. 1. The Keccak Sponge Construction [21]
Authorized licensed use limited to: UNIVERSITE DE MONASTIR. Downloaded on December 14,2023 at 12:38:56 UTC from IEEE Xplore. Restrictions apply.
The permutation function Keccak-f performed on the state
array consists of nr = 24 rounds. This setting ensures a
high safety margin in addition to good performance [20].
Each round R of Keccak-f [b] consists of five-step mappings
R = ι o χ o π o ρ o θ as seen in the following set of
equations:
[θ] : C[x][z] ← a[x][0][z] ⊕ a[x][1][z] ⊕ ... ⊕ a[x][4][z]
D[x][z] ← C[x − 1][z] ⊕ C[x + 1][z − 1]
a[x][y][z] ← a[x][y][z] ⊕ D[x][z]
[ρ][π] : B[y][(2.x + 3.y)][z] ← A[x][y][rp(x, y)] (1)
[χ] : a[x][y][z] ← B[x][y][z] ⊕ (B[x + 1][y][z] ⊕ 1)
.B[x + 2][y][z]
[ι] : a[0][0][z] ← a[0][0][z] ⊕ RCi [z]
During the absorption phase, the input block of length r is
lane-wise XORed with the state. If the current input block’s
length is less than r, padding is added [22]. The output is
obtained by truncating the state after the input data has been
completely absorbed. The output length is a user choice in
certain applications. For hash functions, the lengths are 224,
256, 384, and 512-bit. If the required output length is greater
than the bitrate, it is obtained by truncating the outputs after
passing them through Keccak-f until the required length is
satisfied [22]. This is the squeezing phase as demonstrated in
Fig. 1.
B. Sponge construction based PRNG
A pseudorandom generator is a deterministic algorithm that
outputs a binary sequence of length N > n that ”looks”
random when given a truly random binary sequence of length
n known as seed. A PRNG, in other words, is a mathematical
formula or algorithm that generates a deterministic sequence
of numbers that is entirely determined by the seed. As a result,
if the seed is compromised, the PRNG output sequences are
known. Thus, randomness is a key requirement for a seed. A
commonly used technique is to seed a PRNG with a TRNG-
generated true random sequence and then use the PRNG. This
is due to the fact that PRNG outperform TRNG in terms of
performance.
As demonstrated in [23], the sponge construction can be
used to implement PRNG. This results in a reseedable PRNG
with a history-keeping mode that relies on a fixed length
state which implies no memory growth. Furthermore, sponge
construction is similar to mode in that each input absorption
of length r into the state is a feed request, and the same is true
for fetch requests. In addition, the input blocks never directly
affect the last c bits of the state.
IV. C ORE DESIGN AND IMPLEMENTATION
A. Keccak core
In contrast to software implementation, hardware implemen-
tation of Keccak lies on the high performance/area side with
respect to the SHA-3 competition finalists. In fact, Keccak out-
performed the other finalists in terms of area, throughput, and
energy-consumption-per-message-bit in ASICs and FPGAs
[24]. This is mainly due to the nature of Keccak-f that relies
heavily on simple mathematical operations such as bitwise
logical operations and constant-value shifting. Therefore, the
optimal design trade-off can be achieved for a wide range of
applications.
In our design of Keccak-f , we settled on the straight-
forward unfolded structure as depicted in Fig. 2. During the
absorption phase, a multiplexer controlled by a round counter
determines whether the state is updated with the result of
the round function or with the new input block. To avoid
overhead, the input block is stored in an input buffer in
the form of a shift register. At each clock, 128-bit chunk
enter the register in parallel with Keccak-f computation. The
state is kept in a 1600-bit register that is refreshed after
each round. The round function’s five steps are implemented
using combinational logic, with no inner round pipelining. The
two steps of ρ and π are combined together because they
are merely two consecutive permutations of the state. This
permutation’s values are hardwired in the rp array. An FSM
supplies the round constants. After the last round the state is
truncated to 256-bit to output the hash digest.
128-bit
IN Buffer
in block
1600-bit
Mux Ctrl
RD_req
Reg
iterate
clk
FSM Ctrl
RD_empty
sys_ena
Round Cst
WR_req/OUT_ena Reg
1600-bit
128-bit
OUT Buffer
digest
Fig. 2. Our Keccak core hardware design
The number of rounds nr is user-defined, with two restric-
tions: it must be at least 24, and it can only be multiples of 12.
The reason for this is not security-based. It is related to the
implementation’s flexibility and usability in applications where
slowing down the hash operation is advantageous. Reusing the
states in the FSM yields the user-defined nr mode. The control
unit will loop indefinitely between the 24 rounds’ states as long
as a control signal is pulled high. This control signal is checked
at the 12th and 24th states, which explains the constraint of
multiples of 12.
Our keccak core can support four modes of operation. The
first is a randomised hash function, in which data is fed as
16-bit chunks into the device’s input DSFIFO and should be
padded beforehand. The input bits is registered in the input
buffer of core prior to absorption phase where input bits are
forwarded to Keccak-f [b = 1600, nr = 24]. A digest is then
Authorized licensed use limited to: UNIVERSITE DE MONASTIR. Downloaded on December 14,2023 at 12:38:56 UTC from IEEE Xplore. Restrictions apply.
obtained. The second mode of operation is a slow one-way
function/key derivation function obtained by simply changing
nr . The other two modes are: a reseedable PRNG and a TRNG
post-processing step.
B. Sponge based PRNG
The security-performance tradeoffs of the PRNG should be
adjustable according to the application. In order to adjust the
capacity and bitrate is achieved through controlling the read
signal from the Keccak core to the input DSFIFO. The read
signal is pulled high at a given interval of rounds defined by
an external 3-bit signal by tweaking the control unit at a few
rounds’ states. The capacity values featured are 256 and 1024,
with a stride of 128.
The implemented PRNG is reseedable, which means that
after random bits have been generated, an additional entropy
source can be added. Instead of discarding the current state
of the PRNG, reseeding combines the current state with the
new seed material [25]. The implementation can be used as
a reseedable sponge PRNG by cascading the sponge function
of the Keccak core without reinitializing the state.
Our implementation has two requests: feed and fetch. At
the beginning, the seed material is fed to the input DSFIFO
(Double-Sided First-In-First-Out) in 16-bit chunks before be-
ing absorbed by the sponge’s input buffer shift register in
128-bit chunks. When the input seed length l = r, the input
buffer is XORed with the current state and forwarded to
the Keccak-f . This process is repeated until the DSFIFO
generates a read-empty signal, denoting that the seed material
has been completely absorbed. The sponge is then switched
to the squeezing phase, where the desired output length is
obtained [23]. Following the iteration of Keccak-f , the state
is registered in a shift register that is controlled externally to
iterate through the desired length of the output l ≤ r. To fetch
the random bits, the output shift register is connected to a 128-
bit digest buffer, which feeds to an output DSFIFO (128-bit
write-side and 16-bit read-side) controlled by the user.
After feeding each seed with length l < r through Keccak-
f [b = 1600], one random bit can be obtained directly. The
implementation, in this case, is in duplex construction mode.
The latter accepts calls that take an input string and return
an output string based on all previous inputs as demonstrated
in Fig. 3. In this context, a duplex object is an instance of
the duplex construction [25]. This can go even further by
allowing duplex objects to be different from one another. This
asymmetry is supported by the present implementation and
can be obtained by changing the capacity and rounds number
control signals.
V. R ESULTS AND DISCUSSION
A. Keccak core FPGA implementation
The core was written in VHDL. The synthesis process was
carried out using Intel Quartus Prime 20.1 on the low-cost
Cyclone-V (5CSXFC6D6F31C6) (DE-10 Standard board).
Fig. 4 shows the RTL view of the synthesized core. The re-
sources utilization of the core is 8947LEs (3415ALMs) which
 Test p-Value Conclusion
Frequency Test (Monobit) 0.01397 Random
Frequency Test within a Block 0.12058 Random
Run Test 0.56053 Random
Longest Run of Ones 0.13052 Random
Binary Matrix Rank 0.29228 Random
Discrete Fourier Transform 0.69992 Random
Non-Overlapping Template Matching 0.36968 Random
Overlapping Template Matching 0.84336 Random
Maurer’s Universal 0.31458 Random
Linear Complexity 0.22099 Random
Serial test 0.70625 Random
Approximate Entropy 0.17980 Random
Fig. 3. The Duplex Construction [25] Cumulative Sums (Forward) 0.01225 Random
Cumulative Sums (Reverse) 0.01225 Random
Random Excursions 0.14555 Random
accounts for 8% leaving the rest of FPGA for application Random Excursions Variant 0.26355 Random
TABLE II
specific logic. The usage of dedicated logic registers accounts PRNG S TATISTICAL T ESTS R ESULTS
for over 70% of the total logic usage, which is due to the
Keccak’s inherited reliance on permutation. The core clocks
at a maximum frequency fmax of 271.69MHz. The obtained
implementation is lightweight, fast, and highly flexible making C. Results comparison
it suitable for embedded applications.
The maximum throughput of the core is of the form : The comparison of proposed Keccak core with high speed
T Pmax c SHA-3 cores presented in literature is demonstrated in Table
T hroughput = .(1 − ) (2) III. In terms of area utilization, our base implementation of
nr + 1 b
Keccak(SHA3-256) is on part with the other high speed im-
where b is the state length 1600-bit, c is the capacity, nr is plementations reported in literature. In terms of performance,
the number of rounds, T Pmax is a constant that depends on the even though the base core features no internal round pipelining
maximum frequency fmax , it can be viewed as the throughput and even though the purpose of this work is not providing
of the core with capacity of 0 and a number of iteration of high throughput, it performs better than most of the other
1, resulting in T Pmax = 404.73Gbps. The capacity for each implementations.
SHA-3 variant is equal to twice of the digest length l. Finally,
After adjusting the base core to be tunable, we notice a 13%
the throughput results for the different SHA-3 variants are
area increase with an expected performance drop. However,
shown in Table I.
the performance dropped by a negligible 1.7%. Consequently,
Area fmax Latency Throughput the performance of the proposed flexible/tunable core is good
(LEs) (MHz) (cycles) (Gbps) compared with reported high-speed untunable designs despite
SHA-3 256 8947 271.69 25 11.0
SHA-3 384 8947 271.69 25 8.4 the absence of internal pipelining. Compared with the tunable
SHA-3 512 8947 271.69 25 5.81 cores reported by [7], our core utilizes less area with 225%
TABLE I
R ESULTS OF THE SHA-3 FPGA IMPLEMENTATION
higher throughput. Furthermore, our flexible core has higher
throughput than other non-flexible cores reported in [11], [12],
[9] and others.

B. Sponge based PRNG Equiv.

Tunable Area Thr.
To validate our Sponge-based PRNG implementation, Study Device design? (Slice+BRAM) Slices (Mbps)
[11] Virtex-6 no 1048+0 1048 8830
we generated pseudo-random numbers with Keccak-f [r = [12] Virtex-5 no 1338+1 1466 11252
1088, c = 512]. Squeezing the state after providing the empty [13] Virtex-5 no 1369+0 1369 13337
string as input yields the random sequence. The Signal Tap [14] Virtex-5 no 1215+0 1215 5054
[10] Virtex-5 no 1350+0 1350 10342
Logic Analyzer tool from Quartus Prime is used to extract [26] Virtex-5 no 1388+0 1388 11776
random bits in real-time. The system operates at a clock [27] Stratix-III no 2641+0 2641 8366
frequency of 100MHz (which is the default clock provided [9] Virtex-5 no 4793+0 4793 12984
[4] Virtex-6 no 1345+0 1345 14876
in the DE-10 Standard board). Each squeezed block is 256-bit [28] Virtex-6 no 1494+0 1494 8838
long and is taken every 24 clock cycles. If the state is reseeded [7] Virtex-6 yes 1541+0 1541 4992
with n high entropy bits, it will be resistant to any state [7] Virtex-6 yes 1888+0 1888 424
recovery attack by 2n . The NIST SP 800-22 verification suit Base Cyclone-V no 3011(ALMs)+0 1354 11468
Tunable Cyclone-V yes 3415(ALMs)+0 1536 11264
was used to assess the quality of the generated pseudo-random TABLE III
numbers. The results in Table II show that the sequence passed R ESULTS C OMPARISON OF K ECCAK CORE IMPLEMENTATION
all tests with all p-values greater than 0.01 implying that the
sequence is random.

Authorized licensed use limited to: UNIVERSITE DE MONASTIR. Downloaded on December 14,2023 at 12:38:56 UTC from IEEE Xplore. Restrictions apply.
 Fig. 4. RTL view of the tunable Keccak core
VI. C ONCLUSIONS
This work presented a tunable Keccak core that can be
user-configured by modifying the capacity, bitrate, and the
number of rounds. The design achieved respectable maximum
throughtput of 11Gbps compared to other works, with an
area usage of roughly 8% of the low-cost Cyclone-V FPGA.
These results suggest that the presented implementation is
lightweight, fast, and highly tunable making it favourable for
embedded applications. The core can operated as a reseedable
PRNG and a post-processing unit for a TRNG. The PRNG
random sequences successfully passed NIST’s statistical tests.
In future work, a better performance design could be investi-
gated using internal pipelining.
R EFERENCES
[1] S. K. Mazumder, A. Kulkarni, S. Sahoo, F. Blaabjerg, A. Mantooth,
J. Balda, Y. Zhao, J. Ramos-Ruiz, P. Enjeti, P. Kumar et al., “A review
of current research trends in power-electronic innovations in cyber-
physical systems,” IEEE Journal of Emerging and Selected Topics in
Power Electronics, pp. 1–17, 2021.
[2] P. Nannipieri, S. D. Matteo, L. Baldanzi, L. Crocetti, L. Zulberti,
S. Saponara, and L. Fanucci, “VLSI Design of Advanced-Features AES
Cryptoprocessor in the Framework of the European Processor Initiative,”
IEEE Trans. on VLSI Systems, vol. 30, no. 2, pp. 177–186, 2022.
[3] T. Nguyen, C. MacLean, M. Siracusa, D. Doerfler, N. J. Wright, and
S. Williams, “Fpga-based hpc accelerators: An evaluation on perfor-
mance and energy efficiency,” Concurrency and Computation: Practice
and Experience, p. e6570, 2021.
[4] D.-e.-S. Kundi, A. Khalid, A. Aziz, C. Wang, M. O’Neill, and W. Liu,
“Resource-shared crypto-coprocessor of aes enc/dec with sha-3,” IEEE
Trans. on Circuits and Systems I: Regular Papers, vol. 67, no. 12, pp.
4869–4882, 2020.
[5] B. Ilyas, S. M. Raouf, S. Abdelkader, T. Camel, S. Said, and H. Lei,
“An Efficient and Reliable Chaos-Based IoT Security Core for UDP/IP
Wireless Communication,” IEEE Access, vol. 10, pp. 49 625–49 656,
2022.
[6] L. Bassham, A. Rukhin, J. Soto, J. Nechvatal, M. Smid, S. Leigh,
M. Levenson, M. Vangel, N. Heckert, and D. Banks, “A statistical
test suite for random and pseudorandom number generators for crypto-
graphic applications,” Sep 2010, (accessed: 2022). [Online]. Available:
https://tsapps.nist.gov/publication/get pdf.cfm?pub id=906762
[7] K. E. Ahmed and M. M. Farag, “Hardware/software co-design of a
dynamically configurable sha-3 system-on-chip (soc),” in IEEE Int.
Conf. on Electronics, Circuits, and Systems, 2015, pp. 617–620.
[8] M. W. Numan, B. J. Phillips, G. S. Puddy, and K. Falkner, “Towards
automatic high-level code deployment on reconfigurable platforms: A
survey of high-level synthesis tools and toolchains,” IEEE Access, vol. 8,
pp. 174 692–174 722, 2020.
Authorized licensed use limited to: UNIVERSITE DE MONASTIR. Downloaded on December 14,2023 at 12:38:56 UTC from IEEE Xplore. Restrictions apply.
[9] H. Mestiri, F. Kahri, M. Bedoui, B. Bouallegue, and M. Machhout,
“High throughput pipelined hardware implementation of the keccak hash
function,” in Int. Symposium on Signal, Image, Video and Communica-
tions, 2016, pp. 282–286.
[10] H. Mestiri, I. Barraj, and M. Machhout, “A high-speed keccak architec-
ture resistant to fault attacks,” in 32nd Int. Conf. on Microelectronics,
2020, pp. 1–4.
[11] T. Newe, M. Rao, D. Toal, G. Dooly, E. Omerdic, and A. Mathur,
“Efficient and high speed fpga bump in the wire implementation for data
integrity and confidentiality services in the iot,” in Sensors for Everyday
Life: Healthcare Settings, 2017, pp. 259–285.
[12] R. Shahid, M. Sharif, M. Rogawski, and K. Gaj, “Use of embedded fpga
resources in implementations of 14 round 2 sha-3 candidates,” in Int.
Conf. on Field-Programmable Technology, 12 2011, pp. 1–9.
[13] K. Gaj, E. Homsirikamol, M. Rogawski, R. Shahid, and M. U. Sharif,
“Comprehensive evaluation of high-speed and medium-speed implemen-
tations of five sha-3 finalists using xilinx and altera fpgas,” Cryptology
ePrint Archive, Paper 2012/368, 2012.
[14] B. Jungk, M. Stottinger, and M. Harter, “Shrinking keccak hardware
implementations,” in SHA-3 2014 Workshop, Aug 2014. [Online].
Available: https://csrc.nist.rip/groups/ST/hash/sha-3/Aug2014/program
SHA3 workshop aug2014.pdf
[15] T. Tuncer and E. Avaroğlu, “Random number generation with lfsr based
stream cipher algorithms,” in 40th Int. Convention on Information and
Communication Technology, Electronics and Microelectronics, 2017, pp.
171–175.
[16] H. Tang, T. Qin, Z. Hui, P. Cheng, and W. Bai, “Design and implemen-
tation of a configurable and aperiodic pseudo random number generator
in fpga,” in IEEE 2nd Int. Conf. on Circuits, System and Simulation,
2018, pp. 47–51.
[17] R. Hobincu and O. Datcu, “Fpga implementation of a chaos based prng
targetting secret communication,” in Int. Symposium on Electronics and
Telecommunications, 2018, pp. 1–4.
[18] S. Gomar and M. Ahmadi, “A digital pseudo random number generator
based on a chaotic dynamic system,” in 26th IEEE Int. Conf. on
Electronics, Circuits and Systems, 2019, pp. 610–613.
[19] B. Paul, G. Trivedi, P. Jan, and Z. Němec, “Efficient prng design
and implementation for various high throughput cryptographic and low
power security applications,” in 29th Int. Conf. Radioelektronika, 2019,
pp. 1–6.
[20] G. Bertoni, J. Daemen, M. Peeters, and G. V. Assche. (2011)
The keccak sha-3 submission. (accessed: 2022). [Online]. Available:
https://keccak.team/files/Keccak-submission-3.pdf
[21] ——. (2011) Cryptographic sponge functions. (accessed: 2022).
[Online]. Available: https://keccak.team/files/CSF-0.1.pdf
[22] M. Dworkin. (2015, 08) Sha-3 standard: Permutation-based hash and
extendable-output functions. Federal Inf. Process. Stds. (NIST FIPS).
[Online]. Available: https://doi.org/10.6028/NIST.FIPS.202
[23] G. Bertoni, J. Daemen, M. Peeters, and G. Van Assche, “Sponge-based
pseudo-random number generators,” in Cryptographic Hardware and
Embedded Systems, CHES, 2010.
[24] S. jen Chang, R. Perlner, W. Burr, M. Sonmez, J. Kelsey, S. Paul,
and L. Bassham, “Third-round report of the sha-3 cryptographic hash
algorithm competition,” NIST Interagency/Internal Report (NISTIR),
Tech. Rep., 11 2012.
[25] G. Bertoni, J. Daemen, M. Peeters, and G. Van Assche, “Duplexing the
sponge: Single-pass authenticated encryption and other applications,” in
Selected Areas in Cryptography, 2012, pp. 320–337.
[26] F. Kahri, H. Mestiri, B. Bouallegue, and M. Machhout, “High speed
fpga implementation of cryptographic keccak hash function crypto-
Authorized licensed use limited to: UNIVERSITE DE MONASTIR. Downloaded on December 14,2023 at 12:38:56 UTC from IEEE Xplore. Restrictions apply.
processor,” Journal of Circuits, Systems and Computers, vol. 25, no. 04,
p. 1650026, 2016.
[27] A. Gholipour and S. Mirzakuchaki, “High-speed implementation of the
keccak hash function on fpga,” Int. Journal of Advanced Computer
Science, vol. 2, no. 8, pp. 303–307, 2012.
[28] E. Homsirikamol and K. Gaj, “Hardware benchmarking of cryptographic
algorithms using high-level synthesis tools: The sha-3 contest case
study,” in 11th Int. Symposium on Applied Reconfigurable Computing,
ser. Lecture Notes in Computer Science, vol. 9040, 2015, pp. 217–228.