Sharing Resources Between AES and the SHA-3 Second Round Candidates Fugue and Grøstl

Four out of the 14 second round candidates of the NIST SHA-3 cryptographic hash algo­ rithm competition are so-called AES-inspired algorithms which share common structure and features with AES or even use it as a subroutine. This paper focuses on two of them, Fugue and Grøstl, and studies how efficiently logic can be shared in implementations combining them with AES. It will be shown that adding AES into the data paths is cheap both in terms of area and delay and, consequently, combined implementations are feasible in practice. Especially Grøstl achieves very small overheads. Such implementations have importance in a large variety of applications because they offer high-speed computations of a cryptographic hash algorithm and a block cipher with an area cost that is only slightly larger than a hash algorithm implementation alone. The paper presents methods to embed AES com­ putation(s) into the data paths of both Fugue and Grøstl and presents prototype implementations on an Altera Cyclone III FPGA.