• About
• PQC
• LWC
• CAESAR
• SHA-3
• Minerva
• ATHENa
• CAESAR Results >
  • FPGA: Rankings
  • FPGA: All Results
• SHA-3 Results >
  • FPGA: Rankings
  • FPGA: All Results
  • ASIC: Rankings
  • ASIC: All Results
• Presentations
• Publications
• Standards
• Specifications
• Contact Us

GMU Source Code

• Introduction

The VHDL source code provided below has been generated by members of the Cryptographic Engineering Research Group (CERG) at George Mason University in the period from January 2010 to April 2015.

• HLS-ready C Source Code for the SHA-3 Round 3 Candidates - ARC 2015 Conference Release, April 2015
  

Assumptions:

1. The detailed assumptions formulated in E. Homsirikamol and K. Gaj, "Hardware Benchmarking of Cryptographic Algorithms Using High-Level Synthesis Tools: The SHA-3 Contest Case Study," Proc. 11th International Symposium on Applied Reconfigurable Computing, ARC 2015, Bochum, Germany, April 15-17, 2015, pp. 217-228.
2. Primary Optimization Target:   Throughput/Area;   Secondary Optimization Target:   Throughput.
3. No use of embedded resources, such as multipliers, DSP units, or Block Memories, in the hash cores.

 

Algorithm	Source Code	Release Date
BLAKE	HLS_BLAKE.zip	04/15/2015
Groestl	HLS_Groestl.zip	04/15/2015
JH	HLS_JH.zip	04/15/2015
Keccak	HLS_Keccak.zip	04/15/2015
Skein	HLS_Skein.zip	04/15/2015

• Source Code for the SHA-3 Round 3 Candidates & SHA-2 - The Third SHA-3 Candidate Conference Release, March 2012
  

We reuse the same VHDL code to implement both 256 and 512 variants of all hash functions with the help of generics. A user needs only to select an appropriate value, HASH_SIZE_256 or HASH_SIZE_512, for the generic 'h' or 'hs' present in the top level entity. The VHDL file containing the top level entity of the given hash function is indicated in the source_list.txt file present in the 'sources' folder obtained from the zip file.


Assumptions:

1. All architectures defined in
   K. Gaj, E. Homsirikamol, M. Rogawski, R. Shahid, and M.U. Sharif, "Comprehensive Evaluation of High-Speed and Medium-Speed Implementations of Five SHA-3 Finalists Using Xilinx and Altera FPGAs," The 3rd SHA-3 Candidate Conference, Washington, D.C., March 22-23, 2012: paper, slides
2. The GMU Interface and Communication Protocol Used in the Implementations of the SHA-3 Round 3 Candidates (non-pipelined architectures).
3. Primary Optimization Target:   Throughput/Area;   Secondary Optimization Target:   Throughput.
4. No salt, No special modes of operation.
5. No use of embedded resources, such as multipliers, DSP units, or Block Memories.

• BLAKE
  

BLAKE_readme.txt

Source Code with and without Padding	Supported Architectures	Architecture Notation	Block Diagrams	Release Date
BLAKE_folded_pad.zip  BLAKE_folded.zip	Basic iterative  Folded horizontally	x1,  /k(h),  k=2,4	BLAKE_x1_diagrams.zip BLAKE_fh2_diagrams.zip BLAKE_fh4_diagrams.zip	03/23/2012
BLAKE_fh4v4_pad.zip  BLAKE_fh4v4.zip	Folded horizontally and vertically  with internal state stored  in memory	/4(h)/4(v)-m	BLAKE_fh4v4_diagrams.zip	03/23/2012
BLAKE_PPL_pad.zip  BLAKE_PPL.zip	Pipelined	x1-PPLn,  n=2,4  /2(h)-PPLn, n=2,4		03/23/2012

• Groestl
  

Groestl_readme.txt

Source Code with and without Padding	Supported Architectures	Architecture Notation	Architecture Notation	Release Date
Groestl_PpQ_x1_pad.zip  Groestl_PpQ_x1.zip	Parallel - Basic iterative	x1(P+Q)	Groestl_PpQ_x1_diagrams.zip	03/23/2012
Groestl_PpQ_folded_pad.zip  Groestl_PpQ_folded.zip	Parallel - Folded vertically	/k(v)(P+Q),  k=2,4,8	Groestl_PpQ_fvk_diagrams.zip	03/23/2012
Groestl_PpQ_PPL_pad.zip  Groestl_PpQ_PPL.zip	Parallel - Pipelined	x1-PPLn,  n=2,4		03/23/2012
Groestl_PsQ_x1_pad.zip  Groestl_PsQ_x1.zip	Quasi-pipelined - Basic iterative	x1(P/Q)	Groestl_PsQ_x1_diagrams.zip	03/23/2012
Groestl_PsQ_folded_pad.zip  Groestl_PsQ_folded.zip	Quasi-pipelined - Folded vertically	/k(v)(P/Q),  k=2,4,8	Groestl_PsQ_fvk_diagrams.zip	03/23/2012

• JH
  

JH_readme.txt

Source Code with and without Padding	Supported Architectures	Architecture Notation	Block Diagrams	Release Date
JH_unrolled_pad.zip  JH_unrolled.zip	Basic iterative  Unrolled	x1  x2	JH_x1_diagrams.zip  JH_x2_diagrams.zip	03/23/2012
JH_fv2_pad.zip  JH_fv2.zip	Folded vertically	/2(v)	JH_fv2_diagrams.zip	03/23/2012
JH_fv8-m.zip	Folded vertically with internal state stored in memory	/8(v)-m		03/23/2012
JH_PPL_pad.zip  JH_PPL.zip	Pipelined	x1-PPL2  x2-PPLn, n=2,4		03/23/2012

• Keccak
  

Keccak_readme.txt

Source Code with and without Padding	Supported Architectures	Architecture Notation	Block Diagrams	Release Date
Keccak_basic_pad.zip  Keccak_basic.zip	Basic iterative	x1	Keccak_x1_diagrams.zip	03/23/2012
Keccak_fv8-m.zip	Folded vertically with internal state stored in memory	/8(v)-m		03/23/2012
Keccak_PPL_pad.zip  Keccak_PPL.zip	Pipelined	x1-PPL2  x2-PPLn, n=2,4		03/23/2012

• Skein
  

Skein_readme.txt

Source Code with and without Padding	Supported Architectures	Architecture Notation	Block Diagrams	Release Date
Skein_unrolled_pad.zip  Skein_unrolled.zip	Basic iterative  Unrolled	x1  x4, x8	Skein_x1_diagrams.zip  Skein_x4_diagrams.zip  Skein_x8_diagrams.zip	03/23/2012
Skein_PPL_pad.zip  Skein_PPL.zip	Pipelined	x4-PPL2, x4-PPL5  x8-PPL10		03/23/2012

• SHA-2
  

Source Code with and without Padding	Supported Architectures	Architecture Notation	Block Diagrams	Release Date
SHA-2_pad.zip  SHA-2.zip	Basic iterative	x1		03/23/2012




---




• Source Code for the SHA-3 Round 3 Candidates & SHA-2 - CHES 2011 release, October 2011
  

Assumptions:

1. All architectures defined in
   E. Homsirikamol, M. Rogawski, and K. Gaj, "Throughput vs. Area Trade-offs in High-Speed Architectures of Five Round 3 SHA-3 Candidates Implemented Using Xilinx and Altera FPGAs," in LNCS 6917, Cryptographic Hardware and Embedded Systems - CHES 2011, Nara, Japan, Sep. 28-Oct. 1, pp. 491-506: slides
2. The GMU Interface and Communication Protocol Used in the Implementations the SHA-3 Round 3 Candidates.
3. Primary Optimization Target:   Throughput/Area;   Secondary Optimization Target:   Throughput.
4. No padding unit  (i.e., input is assumed to be already properly padded).
5. No salt, No special modes of operation.
6. No use of embedded resources, such as multipliers, DSP units or Block Memories.

• Best non-pipelined architectures without padding

Algorithm	Best Non-Pipelined High-Speed Architecture	Architecture Notation	Release Date
BLAKE	BLAKE_basic.zip	/2(h)	10/01/2011
Groestl	Groestl_PpQ_x1.zip Groestl_PsQ_x1.zip	x1 (P+Q) x1 (P/Q)	10/01/2011
JH	JH_basic.zip	x1	10/01/2011
Keccak	Keccak_basic.zip	x1	10/01/2011
Skein	Skein_basic.zip	x4	10/01/2011
SHA-2	SHA-2_basic.zip	x1	10/01/2011

• Folded & Unrolled Architectures without padding
  

Algorithm	Folded & Unrolled Architectures	Architecture Notations	Release Date
BLAKE	BLAKE_fh4fv4.zip BLAKE_folded.zip	/4(h)/4(v) x1, /k(h);       k=2,4	10/01/2011
Groestl	Groestl_PpQ_folded.zip Groestl_PsQ_folded.zip	/k(v) (P+Q);   k=2,4,8 /k(v) (P/Q);    k=2,4,8	10/01/2011
JH	JH_fv2.zip JH_u2.zip	/2(v) x2	10/01/2011
Skein	Skein_unrolled.zip	xk;                 k=1,4,8	10/01/2011

• Block Diagrams for the SHA-3 Round 3 Candidates - Basic, Folded, and Unrolled Architectures
  

Algorithm	Block Diagrams	Release Date
BLAKE	BLAKE_block_diagrams.zip	10/08/2011
Groestl	Groestl_block_diagrams.zip	10/10/2011
JH	JH_block_diagrams.zip	10/08/2011
Keccak	Keccak_block_diagrams.zip	10/01/2011
Skein	Skein_block_diagrams.zip	10/08/2011




---




• Source Code for the SHA-3 Round 2 Candidates & SHA-2 - Hash 2011 Release, May 2011
  

Assumptions:

1. Primary Optimization Target:   Throughput/Area;   Secondary Optimization Target:   Throughput.
2. Datapath width = Internal state size.
3. The GMU Interface and Communication Protocol Used in the Implementations the SHA-3 Round 2 Candidates.
4. No padding unit  (i.e., input is assumed to be already properly padded).
5. No salt, No special modes of operation.
6. No use of embedded resources, such as multipliers, DSP units, or Block Memories.
7. The VHDL file containing the top level entity of the given hash function is indicated in the source_list.txt file present in the 'sources' folder obtained from the zip file. The only exception to this rule is SIMD, in which VHDL code for 256 and 512-bit variants are in separate folders inside the zip file.
   




Algorithm	Basic High-Speed Architecture	Release Date
BLAKE	blake_basic_r2.zip	05/19/2011
BMW	bmw_basic_r2.zip	05/19/2011
CubeHash	cubehash_basic_r2.zip	05/19/2011
ECHO	echo_basic_r2.zip	05/19/2011
Fugue	fugue_basic_r2.zip	05/19/2011
Groestl	groestl_basic_r2.zip	08/31/2011
Hamsi	hamsi_basic_r2.zip	05/19/2011
JH	jh_basic_r2.zip	05/19/2011
Keccak	keccak_basic_r2.zip	05/19/2011
Luffa	luffa_basic_r2.zip	05/19/2011
Shabal	shabal_basic_r2.zip	05/19/2011
SHAvite-3	shavite3_basic_r2.zip	05/19/2011
SIMD	simd_basic_r2.zip	05/19/2011
Skein	skein_basic_r2.zip	05/19/2011
SHA-2	sha2_basic_r2.zip	05/19/2011

 

---

 

• Implementation Results

The results for all of the above listed implementations are available in the ATHENa database. In order to get familiar with the database please start from reading its help.
For each Round 3 source code, an effort has been made to generate results for the following 4 families of FPGAs:

• Altera Stratix III, and Stratix IV, and 
• Xilinx Virtex 5, and Virtex 6. 
For each Round 2 source code, an effort has been made to generate results for the following 11 families of FPGAs:

• Altera Cyclone II, Cyclone III, Cyclone IV, Stratix II, Stratix III, and Stratix IV, and 
• Xilinx Spartan 3, Spartan 6, Virtex 4, Virtex 5, and Virtex 6. 
Please note that for some large designs, it might have been impossible to implement them using certain low-cost families.
You can use filters at the bottom of the Hash Function Results Table in the database in order to limit your view to implementations of a particular algorithm, using particular family. In order to distinguish between the Round 2 and Round 3 versions of the same algorithm, please click on the header Algorithm, and then specify in the filter for the Group, SHA-3 Round 2 or SHA-3 Round 3, respectively.
In order to investigate any particular result in detail, please click on its ID. An overlay window should appear. In order to compare two results, please choose one result (by clicking anywhere within a line corresponding to this result), and then choose another one you would like to use for comparison. Then click on the "Compare Selected Results" button.


• Replicating GMU Results

In order replicate a selected result available in the ATHENa database, you need to

1. Locate the result in the ATHENa database, using available filters and search functions.
2. Click on the result ID in the left-most column.
3. Scroll to the bottom of the overlay window, to the category Other, and the field: Result Replication Files:  link.
4. Right-click on the string "link" and download the associated file <Result ID>.zip to a selected folder of your choice.
5. Unzip the obtained file. Get familiar with the readme.txt file located in the main folder after decompression.
6. Copy source code used to generate a given result, downloaded from this web page, to the folder src of the replication folder.
7. Run the replication script, called 'run', to re-generate the result. In Windows, this can be done either by double-clicking on "run.bat", or calling this script from the command-line window. In Linux, the user may need to change the ownership of "run.sh" first, by calling "chmod +x run.sh" in the console window. Afterwards, the user should call the "./run.sh" command.
8. Check implementation reports generated by the FPGA tools, these reports are generated as *.log and *.twr files and are located inside the replication folder. 

• Checking Functional Correctness of the Code

All source code zip files from GMU contain the following subfolders:

• kat       : Known Answer Test folder containing test vectors used to test our designs.
• sources   : Source files folder.
• tb        : Testbench files folder.

To perform functional simulation, you need to:

1. Add all the source files from the 'sources' folder
2. Add all the testbench files from the 'tb' folder
3. Copy the KAT files from the 'kat' folder to your verification tool's project folder
4. Compile the files with the following hierarchy (top last):
   1. synthesizable source files in the same order as in source_list.txt file
   2. sha_tb_all_pkg.vhd
   3. fifo_ram.vhd
   4. fifo.vhd
   5. hash_one_clk_wrapper or hash_two_clk_wrapper (whichever file is present in the tb folder)
   6. sha_tb_all.vhd.
5. Perform functional verification with sha_tb_all as your top level entity.

• Source Code from Other Groups

SHA-3 Round 3 and Round 2 Candidates:
• SHA-3 proposal BLAKE
• The Keccak sponge function family
SHA-3 Round 2 Candidates:
• RCIS-AIST, Japan: SHA-3 Hardware Project
• University of College Cork, Ireland: SHA-3 Hardware Project
• Virginia Tech, USA: Performance Evaluation of SHA-3 Candidates in ASIC and FPGA
• ETH Zurich, Switzerland: Hardware Evaluation of SHA3 2nd Round Candidates

• Contact information

Please contact us with any ideas about the desired features of our code, error reports, questions, etc.

Please indicate if you would like to receive e-mail notifications about the releases of new versions of our source code.


Please direct your correspondence to:

Kris Gaj
CERG: Cryptographic Engineering Research Group
ECE Department
George Mason University
Fairfax, VA 22030
U.S.A.

E-mail: kgaj (at) gmu.edu
Phone:  +1 703 993 1575
Fax:      +1 703 993 1601

You can also contact directly the primary author of a particular code (typically a graduate student), using name and an e-mail address provided in the fields Primary Designer Name(s) and Primary Designer Email(s) in the detailed view of any result obtained using that particular code.