Paper 2020/1083

A Fast and Compact RISC-V Accelerator for Ascon and Friends

Stefan Steinegger and Robert Primas

Abstract

Ascon-p is the core building block of Ascon, the winner in the lightweight category of the CAESAR competition. With ISAP, another Ascon-p-based AEAD scheme is currently competing in the 2nd round of the NIST lightweight cryptography standardization project. In contrast to Ascon, ISAP focuses on providing hardening/protection against a large class of implementation attacks, such as DPA, DFA, SFA, and SIFA, entirely on mode-level. Consequently, Ascon-p can be used to realize a wide range of cryptographic computations such as authenticated encryption, hashing, pseudorandom number generation, with or without the need for implementation security, which makes it the perfect choice for lightweight cryptography on embedded devices. In this paper, we implement Ascon-p as an instruction extension for RISC-V that is tightly coupled to the processors register file and thus does not require any dedicated registers. This single instruction allows us to realize all cryptographic computations that typically occur on embedded devices with high performance. More concretely, with ISAP and Ascon's family of modes for AEAD and hashing, we can perform cryptographic computations with a performance of about 2 cycles/byte, or about 4 cycles/byte if protection against fault attacks and power analysis is desired. As we show, our instruction extension requires only 4.7 kGE, or about half the area of dedicated Ascon co-processor designs, and is easy to integrate into low-end embedded devices like 32-bit ARM Cortex-M or RISC-V microprocessors. Finally, we analyze the provided implementation security of ISAP, when implemented using our instruction extension.

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
Published elsewhere. Minor revision. CARDIS 2020
Keywords
authenticated encryptionasconisaphardware accelerationrisc-vri5cycv32e40pside-channelsfault attacksleakage resilience
Contact author(s)
stefan steinegger @ iaik tugraz at
robert primas @ iaik tugraz at
History
2020-10-02: revised
2020-09-09: received
See all versions
Short URL
https://ia.cr/2020/1083
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2020/1083,
      author = {Stefan Steinegger and Robert Primas},
      title = {A Fast and Compact {RISC}-V Accelerator for Ascon and Friends},
      howpublished = {Cryptology {ePrint} Archive, Paper 2020/1083},
      year = {2020},
      url = {https://eprint.iacr.org/2020/1083}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.