Menu
Home Specification Implementations Analysis Name Team SHA-3 cryptanalysis
Links
NIST SHA-3 IAIK @ TU Graz MAT @ DTU SHA-3 Zoo

Implementations

The reference implementation and some optimized code in C are part of the NIST submission package.

These and other software implementations have also been submitted to the eBASH benchmarking project. This tarball contains the Grøstl implementations currently included in eBASH. Among these are

Benchmarking results can be seen below.

Software benchmarks from eBASH

Digest sizeProcessorModeSpeed
224/256Intel Xeon (with AES-NI)64-bit13.8 cycles/byte
Intel Core 2 Duo64-bit21.4 cycles/byte
AMD Opteron64-bit19.3 cycles/byte
AMD Phenom II64-bit18.4 cycles/byte
Intel Core 2 Duo32-bit22.5 cycles/byte
Intel Pentium M32-bit29.9 cycles/byte
384/512Intel Xeon (with AES-NI)64-bit19.0 cycles/byte
Intel Core 2 Duo64-bit30.1 cycles/byte
AMD Opteron64-bit28.8 cycles/byte
AMD Phenom II64-bit27.0 cycles/byte
Intel Core 2 Duo32-bit36.6 cycles/byte
Intel Pentium M32-bit55.3 cycles/byte

8-bit software implementations

Günther A. Roland has implemented three different versions of Grøstl-256 for an 8-bit ATmega163 microcontroller in his Bachelor Thesis. To store the Grøstl state, 128 or 192 bytes of RAM are used. The results are given below.

Version (state)RAM (bytes)Flash (bytes)Speed (cycles/byte)
Low MEM (128)1642336738
Balanced (192)2264170517
High speed (192)9944228456

Hardware ASIC implementations

Stefan Tillich developed high-speed Grøstl-256 ASIC implementations in 0.18µm technology of UMC. Here are the synthesis results.

Total area (mm2)Total area (GE)Throughput (Gbit/s)
547,227.4758,4036.290
538,462.4157,4676.141
523,472.7455,8675.690
471,626.0650,3342.725