Séminaire sécurité des systèmes électroniques embarqués

Accueil     Présentation     Archives

Kris Gaj


From C to Hardware: Toward Using High-Level Synthesis for Hardware Benchmarking of Candidates in Cryptographic Contests

Cryptographic contests have emerged as a commonly accepted way of developing cryptographic standards. Since late 1990s, this process has been applied to multiple cryptographic transformations targeted by subsequent contests, such as AES, NESSIE, CRYPTREC, eSTREAM, and SHA-3. Most recently, the CAESAR competition, devoted to the design and thorough analysis of a new generation of authenticated ciphers, has been put in motion by an informal committee of over 20 leading cryptographic experts. The growing number of candidates competing in cryptographic contests makes the hardware performance evaluation extremely time consuming and tedious, especially at the early stages of a given competition. The main difficulties include the long time necessary to develop and verify Register Transfer Level (RTL), hardware description language (HDL) codes of all candidates, and the need of developing implementations for multiple variants and architectures of each algorithm. High-level synthesis (HLS) offers a potential solution to the aforementioned problems. It substantially reduces the development and verification time, at the cost of a relatively small reduction in performance. In order to verify a potential validity of this approach, we have applied both the traditional RTL methodology and the newly proposed HLS-based methodology, based on the use of Vivado HLS, to the benchmarking and comparison of a) SHA-2 and 5 final SHA-3 candidates, as well as, b) AES-GCM and over a dozen of Round 1 CAESAR candidates. Our case studies have demonstrated substantial (but still not perfect) correlation in terms of the algorithm rankings according to all major performance measures: frequency, throughput, area, and the throughput to area ratio. Still, more research is needed in order to make our method fully reliable, and reduce the amount of time, effort, and hardware design expertise required to modify and extend existing software implementations of cryptographic algorithms to make them an effective input to the current generation of high-level synthesis tools.