High Performance Cryptographic Engine PANAMA: Hardware Implementation G. Selimis, P. Kitsos, and O. Koufopavlou VLSI Design Labotaroty Electrical & Computer Engineering Department, University of Patras Patras, Greece Email: gselimis@ee.upatras.gr ABSTRACT In this paper a hardware implementation of a dual operation cryptographic engine PANAMA is presented. The implementation of PANAMA algorithm can be used both as a hash function and a stream cipher. A basic characteristic of PANAMA is a high degree of parallelism which has as result high rates for the overall system throughput. An other profit of the PANAMA is that one only architecture supports two cryptographic operations – encryption/ decryption and data hashing. The proposed system operates in 96.5 MHz frequency with maximum data rate 24.7 Gbps. The proposed system outperforms previous any hash functions and stream ciphers implementations in terms of performance. Additional techniques can increase the achieved throughput about 90%. 1. INTRODUCTION Today more and more sensitive data is stored digitally. Bank accounts, medical records and personal emails are some categories that data must keep secure. The science of cryptography tries to encounter the lack of security. Data confidentiality, authentication, non-reputation and data integrity are some of the main parts of cryptography. The evolution of cryptography drove in very complex cryptographic models which they could not be implemented before some years. The revolution of computers and especially CMOS technology permit the design and the implementation of systems with characteristics as limited area resources, low power consumption and high speed. Then due the CMOS technology known cryptographic standards were implemented and today they provide secure transactions. The use of systems with increasing complexity, which usually are more secure, has as result low rate of throughput. Last years the authors of new cryptographic algorithms try to suit high complexity transformations in systems with the view of high throughput rates. The assistance of FPGA and ASIC technologies in this road is substantial. FPGAs especially, are used for efficient and flexible implementations. When a current algorithm is broken and a new standard is created (e.g. Advanced Encryption Standard- AES [1]), it is perceivable that field devices are upgraded with a new encryption algorithm [2]. In addition the hardware implementations are more efficiency in FPGAs than general purpose CPUs due to the fact that the algorithm specifications suits much better in FPGA structure. Typical application with high speed requirements is encryption or decryption of video-rate in conditional access applications (e-g pay TV). The modern networks have been implemented to satisfy the demand for high bandwidth multimedia services. Then the switches which they are placed at the nodes of the network must provide high throughput. So if there is a need for secure networks, the systems in the network switches should not introduce delays. PANAMA [3] is a cryptographic module that can be used both as a cryptographic hash function and as stream cipher in applications with ultra high speed requirements In this paper an efficient implementation of the PANAMA is presented. The introduced system works either as a hash function or stream cipher. The proposed implementation is suitable for application with ultra high speed data rates. Comparisons with other previous published hash functions and stream ciphers implementations prove that the proposed one performs better in terms of overall system throughput. This paper is organized as follows: In section 2 the main features of Hash Functions and Stream Ciphers are presented. In section 3 the PANAMA specifications are given. The proposed Dual Operation Cryptographic Engine PANAMA is presented in detail in section 4. The FPGA synthesis results are given in section 5, and finally section 6 concludes the paper. 2. DEFINITIONS 2.1 Hash Functions The operation of a Hash function H is to map an input of arbitrary length into a fixed number of output bits, the hash value. Hash functions are used in cryptography mainly for authentication and digital signature schemes. The requirements for a hash function are as follows: • The input can be of any length. • Fixed - length output. • H(x) is relatively easy to compute for any given x. • H(x) is one-way function which means that given a hash value h, it is computationally infeasible to find some input x such that H(x) = h.