Cryptology ePrint Archive: Report 2014/575
Simple AEAD Hardware Interface (SÆHI) in a SoC: Implementing an On-Chip Keyak/WhirlBob Coprocessor
Markku-Juhani O. Saarinen
Abstract: Simple AEAD Hardware Interface (SÆHI) is a hardware cryptographic interface aimed at CAESAR Authenticated Encryption with Associated Data (AEAD) algorithms. Cryptographic acceleration is typically achieved either with a coprocessor or via instruction set extensions. ISA modifications require re-engineering the CPU core, making the approach inapplicable outside the realm of open source processor cores. At minimum, we suggest implementing CAESAR AEADs as universal memory-mapped cryptographic coprocessors, synthesizable even on low end FPGA platforms. AEADs complying to SÆHI must also include C language API drivers targeting low-end MCUs that directly utilize the memory mapping in a ``bare metal'' fashion. This can also be accommodated on MMU-equipped mid-range CPUs.
Extended battery life and bandwidth resulting from dedicated cryptographic hardware is vital for currently dominant computing and communication devices: mobile phones, tablets, and Internet-of-Things (IoT) applications. We argue that these should be priority hardware optimization targets for AEAD algorithms with realistic payload profiles.
We demonstrate a fully integrated implementation of WhirlBob and Keyak AEADs on the FPGA fabric of Xilinx Zynq 7010. This low-cost System-on-Chip (SoC) also houses a dual-core Cortex-A9 CPU, closely matching the architecture of many embedded devices. The on-chip coprocessor is accessible from user space with a Linux kernel driver. An integration path exists all the way to end-user applications.
Category / Keywords: Secret-key cryptography, Cryptographic coprocessor, System-on-Chip, Keccak, Keyak, Whirlpool, WhirlBob, StriBob, CAESAR Project
Original Publication (with minor differences): TrustED 2014, 03 November 2014, Scottsdale AZ US. ACM (2014)
Date: received 23 Jul 2014, last revised 24 Oct 2014
Contact author: mjos at iki fi
Available format(s): PDF | BibTeX Citation
Version: 20141024:103809 (All versions of this report)
Short URL: ia.cr/2014/575
Discussion forum: Show discussion | Start new discussion
[ Cryptology ePrint archive ]