Performance Evaluation of SHA-3 Final Round Candidate Algorithms on ARM Cortex–M4 Processor

Introduction

Cryptographic Hash Functions are crucial in implementing multiple security goals and have led their way into various security applications like: digital signatures, storing passwords, digital time stamping, constructing block ciphers, generating pseudorandom numbers, maintaining secure web connections, and encryption key management etc. Among all hash functions being used, those from SHA (Secure Hash Algorithm) family covering SHA-0 (U.S. Department of Commerce, 1993), SHA-1 (U.S. Department of Commerce, 1995), SHA-2 {SHA-224, SHA-256, SHA-384, SHA-512} (U.S. Department of Commerce, 2002) have been the most commonly used ones. This SHA family of functions was developed by National Security Agency (NSA) and certified as Federal Information Processing Standard (FIPS) by National Institute of Standards and Technology (NIST), US Department of Commerce. All these are based on MD4 and MD5 algorithms, commonly known as MDx family of hash functions. Around year 2004 and later majority of hash functions based on MDx family (MD4, MD5, HAVAL, RIPEMD, SHA-0 and SHA-1) were attacked (Wang, Feng, Lai, & Yu, 2004) (Wang, Lai, Feng, & Chen, 2005) (Wang, Yu, & Yin, Efficient Collision Search Attacks on SHA-0, 2005) (Wang, Yin, & Yu, n. d.) (Biham & Chen, 2004) (Biham et al., 2005). Given that SHA-2 functions are in the same family and share a common heritage and design principles as the earlier broken functions, these attacks shook the long-term confidence of cryptographers in nearly all hash functions. A question that perturbed everybody’s mind was what if SHA-2 is compromised or successfully cryptanalyzed or broken and what could be its repercussions? If this proved true, the world would not be left with any option because SHA-2 was the best that we had at that time.

To handle this situation, NIST, initiated a design competition (public open competition) in November 2007 for designing next generation of hash functions (U.S. Department of Commerce, n. d.). The objective of the competition was to design a new hash standard named ‘SHA-3’ to augment current standard (SHA-2). NIST received 64 hash function submissions from over 200 cryptographers around the world. NIST also invited the public to evaluate the submissions and consequently a lot of cryptanalysis and public review were carried out. In December 2010, five algorithms (Blake, Grøstl, JH, Keccak, and Skein) advanced to the final round.

The ‘Reference Platform’ announced by NIST for SHA-3 competition consisted of general purpose machine (Windows Intel machines). Considerable domain of architectures like the ones prevalent in Smart Cards, Embedded systems, and Mobile platforms were ignored. This paper revolves around these five SHA-3 final round candidate algorithms and evaluation of their performance on architecture other than the one specified in ‘Reference Platform’ and thus in its way contribute to NIST’s public call to evaluate and compare performance of these candidate algorithms. This paper presents the performance comparison of SHA-3 finalists on ARM Cortex-M4 architecture. The choice of the target platform was a two-step decision. In the first step, the decision to go for embedded and mobile platform was directed by the recent surge in usage of these devices. In the second step, for zeroing down on ARM architecture, its market dominance and technical features were the main consideration.