VLSI implementations of the cryptographic hash functions MD6 and ïrRUPT

A public competition organized by the NIST recently started, with the aim of identifying a new standard for cryptographic hashing (SHA-3). Besides a high security level, candidate algorithms should show good performance on various platforms. While an average performance on high-end processors is generally not critical, implementability and flexibility in hardware is crucial, because the new standard will be implemented in a variety of lightweight devices. This paper investigates VLSI architectures of the SHA-3 candidates MD6 and irRUPT. The fastest circuit is the 16timesparallel MD6 core, reaching 16.3 Gbps at a complexity of 69.8 k gate equivalents (GE) on ASIC and 8.4 Gbps using 4465 Slices on FPGA. However, large memory requirements preclude the application of MD6 to resource-constrained systems. The most flexible and efficient circuit turns out to be our 2-irRUPT64times2-256/8 core, which achieves a throughput of 5.0 Gbps at 12.7 kGE on ASIC and 1.7 Gbps using 613 Slices on FPGA.