Trustica » BLAKE2 embedded implementation

BLAKE2 embedded implementation

Written by Dominik Joe Pantůček on December 27, 2018.

Developing a cryptographic device requires going through all different parts of the system to deliver something the user can really trust. Read on to see why you should care what cryptographic primitives and how your devices use internally.

As many of you know, hash functions^[1] produce fixed-size value from variable-sized input. Sounds easy, but there is more you need from those. They need to be deterministic, have reasonably distribution of output values and should be non-invertible. Sometimes they are called one-way functions because of this property. But as there are many other one-way functions, we should be careful with the naming.

There have been many hash functions defined and used through the history of computing. Let us name DES^[2], MD5^[3], SHA1^[4], SHA2^[5] and SHA3 (KECCAK)^[6] for example. Let us also name BLAKE2^[7] – as it is our hash function of choice!

And why is it our hash function of choice? Firstly, it is designed to be at least as strong as SHA3. Secondly, it sports light-weight implementation almost ready for embedded systems. And thirdly, it supports variable-length output of up to 32 bytes – which we needed at a few places.

Cryptoucan™ contains a secure session RAM^[8], where all critical operations using secret material are performed. There are many layers of hardware protection of this memory and therefore to increase overall confidentiality of the private keys, the firmware needs to always use this memory region when working with sensitive data. And so we ported a BLAKE2 implementation for our micro-processor of choice and although it is now strictly single-threaded implementation, no state information is processed in regular memory.

For any security system a good hash function with solid and verifiable implementation is a must. In Cryptoucan™ we use it for UID derivation, for mixing randomness from hardware random number generator to the entropy pool and – what is probably most interesting – as a basis for secure key derivation function (KDF)^[9] that generates symmetric secret key from the PIN the user enters.

This key derivation function concatenates the PIN in question with random nonce called “salt”^[10], hashes this composite and then hashes the result repeatedly many times. That ensures that computing the function is harder (in terms of required CPU cycles) and therefore even if someone cracks all the protections and gets the private material, it should take them quite some time to get the actual private keys. And with long-enough PIN, it is not feasible to break the encryption using brute force attack.

And as this is the last blog article this year, thank you for staying with us all year long!

References

1. Wikipedia contributors. (2018, December 14). Hash function. In Wikipedia, The Free Encyclopedia. Retrieved 18:56, December 26, 2018, from https://en.wikipedia.org/w/index.php?title=Hash_function&oldid=873658982

2. Wikipedia contributors. (2018, December 17). Data Encryption Standard. In Wikipedia, The Free Encyclopedia. Retrieved 18:59, December 26, 2018, from https://en.wikipedia.org/w/index.php?title=Data_Encryption_Standard&oldid=874155852

3. Wikipedia contributors. (2018, December 17). MD5. In Wikipedia, The Free Encyclopedia. Retrieved 18:59, December 26, 2018, from https://en.wikipedia.org/w/index.php?title=MD5&oldid=874110320

4. Wikipedia contributors. (2018, November 29). SHA-1. In Wikipedia, The Free Encyclopedia. Retrieved 19:00, December 26, 2018, from https://en.wikipedia.org/w/index.php?title=SHA-1&oldid=871192539

5. Wikipedia contributors. (2018, December 12). SHA-2. In Wikipedia, The Free Encyclopedia. Retrieved 19:00, December 26, 2018, from https://en.wikipedia.org/w/index.php?title=SHA-2&oldid=873320831

6. Wikipedia contributors. (2018, December 15). SHA-3. In Wikipedia, The Free Encyclopedia. Retrieved 19:00, December 26, 2018, from https://en.wikipedia.org/w/index.php?title=SHA-3&oldid=873847578

7. BLAKE2 — fast secure hashing, available online at http://blake2.net/

8. Wikipedia contributors. (2018, November 4). Random-access memory. In Wikipedia, The Free Encyclopedia. Retrieved 19:02, December 26, 2018, from https://en.wikipedia.org/w/index.php?title=Random-access_memory&oldid=867257730

9. Wikipedia contributors. (2018, September 5). Key derivation function. In Wikipedia, The Free Encyclopedia. Retrieved 19:02, December 26, 2018, from https://en.wikipedia.org/w/index.php?title=Key_derivation_function&oldid=858212346

10. Wikipedia contributors. (2018, December 2). Salt (cryptography). In Wikipedia, The Free Encyclopedia. Retrieved 19:02, December 26, 2018, from https://en.wikipedia.org/w/index.php?title=Salt_(cryptography)&oldid=871597837