This application claims priority to and the benefit of Korean Patent Application No. 10-2008-0124199 filed in the Korean Intellectual Property Office on Dec. 8, 2008, the entire contents of which are incorporated herein by reference.
(a) Field of the Invention
The present invention relates to an apparatus and a method for hash cryptography, and more particularly, to an apparatus and a method for hash cryptography adopted in a mobile phone platform embedded system.
(b) Description of the Related Art
A trusted platform module (hereinafter, referred to as “TPM”), as a microcontroller which is based on the industrial standard established by the Trusted Computing Group (hereinafter, referred to as “TCG”), is used for computing security with reliability by a combination of hardware and software, and a cryptography algorithm and a hash algorithm are implemented by hardware therein.
Recently, with rapid development of wireless network technology, since a digital information society is enhanced and electronic commerce is activated, a cryptography technology is recognized as a core technology for a society based on a high-speed Internet network, stability and reliability in economic activities, protection of user's privacy, etc. In particular, a mobile platform such as a mobile phone may be attacked by hackers or malicious programs unless proper security action is provided.
A mobile phone working group (hereinafter, referred to as “WPWG”) of the TCG extends security standards of the TCG so as to be suitable for the mobile phone. In these security standards, a mobile trusted module (hereinafter, referred to as “MTM”), which is an essential security module for the mobile phone, is designated to use a secure hash algorithm (SHA)-1 that does not use a key in order to measure and verify the integrity of a corresponding platform. However, recently, use of a secure hash algorithm (SHA)-256 has been recommended and clarified in order to stably use the hash algorithm. Therefore, in the mobile phone, a cryptography apparatus for the integrity of the platform and user authentication and data authentication must be able to support both the SHA-1 and the SHA-256 so as to selectively use the SHA-1 or the SHA-256 according to a mobile environment.
Further, since most mobile devices have a limit in memory, a usable power supply, and computing performance, several technical difficulties occur in adopting the security standards of the TCG to the mobile phone. In particular, since the mobile phone has a limited battery capacity, additional driving of cryptograph calculation further shortens the lifespan of the battery. Therefore, the cryptography apparatus in the mobile phone requires a technology having low-power consumption and low-area optimized hardware.
The above information disclosed in this Background section is only for enhancement of understanding of the background of the invention and therefore it may contain information that does not form the prior art that is already known in this country to a person of ordinary skill in the art.
The present invention has been made in an effort to provide an apparatus and a method for hash cryptography having an advantage of selectively using an SHA-1 or an SHA-256.
The present invention has also been made in an effort to provide a low-power consumption and low-area optimized apparatus, and a method for hash cryptography.
An exemplary embodiment of the present invention provides an apparatus for hash cryptography that includes a message scheduler, a message compressor, and a controller. The message scheduler generates a plurality of first message data using calculation data when a first hash calculation is performed, and generates a plurality of second message data using the calculation data when a second hash calculation is performed. The message compressor calculates a first message digest by performing the first hash calculation by using the plurality of first message data when the first hash calculation is performed, and calculates a second message digest by performing the second hash calculation by using the plurality of second message data when the second hash calculation is performed. The controller determines hash calculation to be performed with respect to the calculation data of the first and second hash calculations from a control command received from the outside, and determines the number of times to perform the hash calculation depending on the length of the calculation data to control the message scheduler and the message compressor depending on the determined hash calculation and the determined number of times.
A second embodiment of the present invention provides a message scheduler that generates a plurality of first and second message data required for first and second hash calculations, respectively, in the apparatus for hash cryptography. The message scheduler includes a memory, a register, an XOR calculator, a rotation shift calculator, a logic calculator, and an OR calculator. The memory divides and stores block data to be calculated into N sub-block data, and the register stores and outputs input data. The XOR calculator operates when the first hash calculation is performed, and updates the data of the register by XOR-calculating the sub-block data stored in the memory and the data stored in the register. The rotation shift calculator rotation-shifts and outputs the data stored in the register after the XOR calculation is repeatedly performed a predetermined number of times by the XOR calculator. The logic calculator that operates when the second hash calculation is performed and performs corresponding logic calculation among a plurality of logic calculations with respect to any one of the sub-block data stored in the memory. The OR calculator updates the data of the register by OR-calculating the data outputted from the logic calculator and the data stored in the register.
The N sub-block data and the output data of the rotation shift calculator are respectively used as the plurality of first message data when the first hash calculation is performed, the data by the OR calculation after the corresponding logic calculation and the OR calculation are repeatedly performed with respect to the N sub-block data and the second message data of a predetermined number are used as the plurality of second message data when the second hash calculation is performed, and the data by the OR calculation is used as the plurality of second message data after the corresponding logic calculation and the OR calculation are repeatedly performed with respect to the N sub-block data and the second message data of a predetermined number when the second hash calculation is performed.
A third embodiment of the present invention provides a message compressor that performs hash calculation with respect to block data to be calculated in the apparatus for hash cryptography to calculate a message digest. The message compressor includes a plurality of registers and an OR calculator. The plurality of registers store and output inputted data, and are connected to each other in a structure in which data outputted from a former register is inputted into a latter register. The OR calculator OR-calculates first data selected among a plurality of inputted first data and data stored in a first register among the plurality of registers to update the data of the first register when a first hash calculation is performed, and OR-calculates second data selected among a plurality of inputted second data and data stored in a second register among the plurality of registers to update the data of the second register when a second hash calculation is performed. At this time, a first round calculation is performed, which stores the data outputted from the OR calculator in a third register that is positioned at a first location of the plurality of registers after repeatedly performing the OR calculation a first number of times while changing selection of the first data and operates the plurality of registers as shift registers when the first hash calculation is performed, and a message digest according to the first hash calculation is calculated by repeatedly performing the first round calculation a predetermined number of times of rounds while. At this time, a second round calculation is performed, which stores the data outputted from the OR calculator in the third register after repeatedly performing the OR calculation a second number of times while changing selection of the second data and operates the plurality of registers as the shift registers when the second hash calculation is performed, and a message digest according to the second hash calculation is calculated by repeatedly performing the second round calculation a predetermined number of times of rounds.
A fourth embodiment of the present invention includes: dividing calculation data received from the outside into N block data and storing the block data in a memory; storing the N block data in a register; generating the N block data stored in the register as first message data to be used in first to N-th rounds when a first hash calculation is performed; generating the first message data of a corresponding round by performing XOR calculation a predetermined number of times by using one XOR calculator on the basis of the first message data and the data stored in the register in each of (N+1)-th to M-th rounds when a first hash calculation is performed; generating the N block data stored in the register as second message data to be used in the first to N-th rounds when a second hash calculation is performed; generating the second message data of a corresponding round by performing XOR calculation a predetermined number of times by using one OR calculator on the basis of the second message data and the data stored in the register in each of (N+1)-th to K-th rounds when the second hash calculation is performed; calculating a first message digest by using M first message data corresponding to first to M-th rounds when the first hash calculation is performed; and calculating a second message digest by using second message data corresponding to first to K-th rounds when the second hash calculation is performed.
According to an embodiment of the present invention, the present invention can be adopted as a core element technology for verifying the integrity of systems and protecting user information in various security platforms that require a low-power consumption hash function, such as a trusted computing system for a mobile platform, an RFID system, a wireless network system, a sensor network system, a home network system, etc.
Further, it is possible to minimize power consumed by a hardware resource that does not process data by applying a clock signal only at the time when data stored in a register is changed.
In the following detailed description, only certain exemplary embodiments of the present invention have been shown and described, simply by way of illustration. As those skilled in the art would realize, the described embodiments may be modified in various different ways, all without departing from the spirit or scope of the present invention. Accordingly, the drawings and description are to be regarded as illustrative in nature and not restrictive. Like reference numerals designate like elements throughout the specification.
Throughout the specification and the appended claims, unless explicitly described to the contrary, the word “comprise” and variations such as “comprises” or “comprising” will be understood to imply the inclusion of stated elements but not the exclusion of any other elements. In addition, the terms “-er”, “-or”, “module”, and “block” described in the specification mean units for processing at least one function and operation, and can be implemented by hardware components or software components and combinations thereof.
Hereinafter, an apparatus and a method for hash cryptography according to an exemplary embodiment of the present invention will be described in detail with reference to the accompanying drawings.
Referring to
The interface 100 interfaces with a microprocessor of a system 20 through a system bus 21 of the system adopting the hash cryptography apparatus 10, receives data and a control signal indicating the start and stop of SHA-1/SHA-256 hash calculation from the microprocessor of the system 20, and transfers the result value to the microprocessor of the system 20 when the SHA-1/SHA-256 hash calculation is terminated.
The controller 200 manages and controls general data flow required for the SHA-1/SHA-256 hash calculation. More specifically, the controller 200 controls input and output of data through the interface 100, stores corresponding control commands when the inputted data are the control commands by checking addresses of the inputted data, and stores calculation data in the message scheduler 300 when the inputted data are the calculation data that will be subjected to the SHA-1/SHA-256 hash calculation. The controller 200 determines whether the hash calculation to be performed is the SHA-1 hash calculation or the SHA-256 calculation by examining the stored control commands and divides the calculation data into 512 bits of block data on the basis of the length of the inputted calculation data inputted through the interface 100. Herein, the number of times of performing the SHA-1/SHA-256 is determined depending on the number of block data. For example, when the length of the calculation data is 1024 bits, the calculation data is divided into two block data, such that the SHA-1/SHA-256 hash calculation for a block data including higher bits is performed, and thereafter, the SHA-1/SHA-256 hash calculation for a block data including lower bits is performed.
The controller 200 generates control signals required for the determined hash operation by referring to the stored control commands and transfers the generated control signals to the interface 100, the message scheduler 300, and the message compressor 400.
In the SHA-1/SHA-256 hash calculation, message digests of 160 and 256 bits are respectively calculated by receiving data having a length of maximum 264 bits. The SHA-1/SHA-256 hash calculation is performed by using the 512 bits of data as a basic block unit in order to calculate the message digest, the SHA-1 hash calculation for one basic block data is performed throughout 80 rounds, and the SHA-256 hash calculation is performed throughout 64 rounds. Therefore, the SHA-1/SHA-256 hash calculation for 1024 bits of calculation data can be performed at two times. That is, the SHA-1/SHA-256 hash calculation for higher 512 bits is performed throughout 80/64 rounds, and thereafter, the SHA-1/SHA-256 hash calculation for lower 512 bits can be performed throughout 80/64 rounds.
Further, the controller 200 controls an operation to store performance sequences and calculation results of calculations required for driving internal hardware modules of the message scheduler 300 and the message compressor 400 throughout 80/64 rounds.
Referring to
The counter 210 counts information on rounds in which the SHA-1/SHA-256 hash calculation is performed, while the SHA-1/SHA-256 hash calculation is performed and provides information on a currently performed round to the state transition unit 230. The counter 210 may be used as an 8-bit counter.
The counter 220 stores process information of an internal clock cycle in a currently performed round and provides the information to the state transition unit 230. At this time, the counter 210 may be used as a 4-bit counter.
The state transition unit 230 has states of a finite number for the SHA-1/SHA-256 hash calculation and is state-transitioned from a current state to another state depending on an input given based on information on the currently performed round, and the process information of the internal clock cycle from the counters 210 and 220. Therefore, the state transition unit 230 is synchronized to generate a control signal and transfers the generated control signal to the interface 100, the message scheduler 300, and the message compressor 400.
The register 240 stores the inputted control commands. Referring back to
That is, as expressed in Equations 1 and 2, as the message data Wt used for the hash calculation from a first round to a sixteenth round, sixteen 32-bit sub-block data M1 to M16 dividing 512-bit block data by 32 bits are used. Further, the message data Wt used for the SHA-1/SHA-256 hash calculation of 17th to 80th/17th to 64th rounds, additional data generated by using an established combinational logic circuit are used. Herein, M1 is first sub-block data including data of higher 32 bits in block data of 512 bits, and M16 is 16th sub-block data including data of lower 32 bits in the block data of 512 bits.
Herein, t is the number of rounds, and Mt is t-th sub-block data to be used in a t-th round in the block data of 512 bits and is sub-block data. ROT is rotate-shift calculation, and ROTLEFT1 means calculation that moves left for each one bit. ⊕ is exclusive OR (XOR) operation that is performed by the bit unit. ⊕
Herein, t is the number of rounds, and + is a modular adding operation. σ0 and σ1 are logic functions and can be expressed as shown in Equation 3 and Equation 4, respectively. σ0
σ0(x)=S7(x)⊕S18(x)⊕R3(x)
σ0(x)=S7(x)⊕S18(x)⊕R3(x) (Equation 3)
σ1(x)=S17(x)⊕S19(x)⊕R10(x)
σ1(x)=S17(x)⊕S19(x)⊕R10(x) (Equation 4)
In Equations 3 and 4, RN is calculation in which N bits are shifted right and means operation in which the shifted bits are filled with “0”, and SN means operation in which N bits are rotated right.
The message compressor 400 performs the SHA-1/SHA-256 hash calculation throughout 80/64 rounds for the message data Wt of 32 bits provided from the message scheduler 300, and stores the message digest which is the result value. At this time, the SHA-1 hash calculation and the SHA-256 hash calculation can be performed as shown in Equations 5 and 6.
As expressed in Equations 5 and 6, five variables a to e are used for the SHA-1 hash calculation and eight variables a to h are used for the SHA-256 hash calculation. These variables are shifted by each one step depending on the round, or store different values depending on predetermined calculation.
a
t
=f
t(bt-1,ct-1,dt-1)+et-1)+ROTLEFT5(at-1)+Wt+Kt;
b
t
=a
t-1
;c
t
=ROT
LEFT30(bt-1);dt=ct-1;et=dt-1
a
t
=f
t(bt-1,ct-1,dt-1)+et-1)+ROTLEFT5(at-1)+Wt+Kt;
b
t
=a
t-1
;c
t
=ROT
LEFT30(bt-1);dt=ct-1;et=dt-1 (Equation 5)
T
1
=h+Σi)e)+Ch(e,f,g)+KtWt;
T
2=Σ0(a)+Maj(a,b,c);
h=g; g=f; f=e; e=d+T1;
d=c; c=b; b=a; a=T1T2
T
1
=h+Σi)e)+Ch(e,f,g)+KtWt;
T
2=Σ0(a)+Maj(a,b,c);
h=g; g=f; f=e; e=d+T1;
d=c; c=b; b=a; a=T1T2 (Equation 6)
In Equation 5, Kt is a round constant defined in the SHA-1 hash calculation, and has a predetermined value depending on the calculated round. ft is a logic function used in the SHA-1 hash calculation and can be expressed as shown in Equation 7.
Further, in Equation 6, Ch, Maj, Σ0, and Σ1 are logic functions and can be expressed as shown in Equations 8 to 11.
f
t(b,c,d)=(bc) or (not bd) 1≦t≦20
f
t(b,c,d)=(b⊕c⊕d) 21≦t≦40, 61≦t≦80
f
t(b,c,d)=(bc) or (bd) or (cd) 41≦t≦60
f
t(b,c,d)=(bc) or (not bd) 1≦t≦20
f
t(b,c,d)=(bαc⊕d) 21≦t≦40, 61≦t≦80
f
t(b,c,d)=(bc) or (bd) or (cd) 41≦t≦60 (Equation 7)
Ch(x,y,z)=(x,y)⊕(
Ch(x,y,z)=(x,y)⊕(
Maj(x,y,z)=(xy)⊕(xz)⊕(yz)
Maj(x,y,z)=(xy)⊕(xz)⊕(yz) (Equation 9)
In Equations 8 and 9, ̂ is “AND” operation that is performed by the bit unit.
Σ0(x)=S2(x)⊕S13(x)⊕S22(x)
Σ0(x)=S2(x)⊕S13(x)⊕S22(x) (Equation 10)
Σ1(x)=S6(x)⊕S11(x)⊕S25(x)
Σ1(x)=S6(x)⊕S11(x)⊕S25(x) (Equation 11)
Next, a hardware structure of a message scheduler according to an exemplary embodiment of the present invention will be described in detail with reference to
Referring to
The memory 302 has an input terminal and an output terminal, and stores the block data of 512 bits that are transmitted from the microprocessor of the system 20. The logic function calculators 304 and 306 have input terminals and output terminals. Calculations required for the SHA-256 hash calculation, which correspond to Equations 3 and 4, are performed with respect to data inputted through the input terminals, which are outputted through the output terminals.
The XOR calculator 308 has two input terminals and an output terminal, and multiplies and outputs data inputted through the two input terminals through the output terminal. That is, the XOR calculator 308 performs calculation corresponding to “⊕” of Equation 1 required for the SHA-1 hash calculation.
The OR calculator 310 has two input terminals and an output terminal, and adds and outputs data inputted into the two input terminals through the output terminal.
The register 312 has an input terminal and an output terminal, and stores data inputted into the input terminal and outputs the stored data through the output terminal. In the embodiment of the present invention, the calculation of Equation 1 corresponding to 17th to 80th rounds is performed by using one XOR calculator 308, and the calculation of Equation 2 corresponding to 17th to 64th rounds is performed by one OR calculator 310. For this, since one XOR calculator 308 repeats multiplication calculation four times and one OR calculator 310 also repeats addition calculation four times, previous calculation values, i.e., intermediate values, are stored in the register 312 in calculating the message data Wt required for the SHA-1/SHA-256 hash calculation.
The rotation shift calculators 314 and 316 have input terminals and output terminals, and rotate data inputted through the input terminals to the right by 1 bit and outputs the data through the output terminals. That is, the rotation shift calculators 314 and 316 perform calculation corresponding to “ROTLEFT1” of Equation 1.
Each of the selectors 318, 324, and 326 has two input terminals and an output terminal, and selects any one of data inputted through the two input terminals depending on the SHA-1/SHA-256 hash calculation determined in the controller 200 and outputs the data through the output terminal. Further, each of the selectors 320 and 322 has three input terminals and an output terminal, and selects any one of data inputted through the three input terminals depending on the SHA-1/SHA-256 hash calculation determined in the controller 200 and outputs the data through the output terminal.
More specifically, a second input terminal of the selector 318 that receives the block data of 512 bits from a first input terminal is connected to the output terminal of the selector 326, and the output terminal of the memory 302 of which the input terminal is connected to the output terminal of the selector 318 is connected to first input terminals of the selectors 320 and 322, input terminals of the logic function calculators 304 and 306, and a first input terminal of the XOR calculator 308. The output terminals of the logic function calculators 304 and 306 are connected to second and third input terminals of the selector 320, respectively, and the output terminal of the selector 320 is connected to a first input terminal of the OR calculator 310. The output terminal of the XOR calculator 308 and the output terminal of the OR calculator 310 are connected to second and third input terminals of the selector 322, respectively, and the output terminal of the selector 322 is connected to the input terminal of the register 312 and the input terminal of the rotation shift calculator 316. Further, the output terminal of the register 312 is connected to a first input terminal of the selector 324, the input terminal of the rotation shift calculator 314, and a second input terminal of the XOR calculator 308. A second input terminal of the selector 324 is connected to the output terminal of the rotation shift calculator 314, the output terminal of the selector 324 and the output terminal of the rotation shift calculator 316 are connected to first and second input terminals, respectively, and the output terminal of the selector 326 is connected to the input terminal of the selector 318. At this time, data outputted through the output terminal of the selector 324 is message data Mt in a corresponding round.
Step-by-step detailed operations for the SHA-1 hash calculation in the message scheduler 300 are performed as shown in Table 1. Table 1 shows the step-by-step detailed operations for the SHA-1 hash calculation.
In Table 1, “x” represents that no value is relevant to the entire calculation, and “→” represents the same value as a value of a left blank. “Mout” represents data outputted from the memory 302, “M1” and “M2” represent data outputted from the selectors 322 and 324, respectively, and “R1” represents data outputted from the register 312. Further, “reg_w” represents data stored in the register 312, and “<<(reg_w)t” represents data in which data stored in the register 312 in a “t” round is rotated to the left by 1 bit.
First, in accordance with the control signal of the controller 200, the memory 302, XOR calculator 308, selectors 318, 322, and 324, register 312, and rotation shift calculators 314 and 316 of the message scheduler 300 serve as the logic calculator for the SHA-1 hash calculation to generate the message data Wt in 1st to 80th rounds to be used for the SHA-1 hash calculation.
Referring to Table 1, the message scheduler 300 generates the message data Wt to be used in 1st to 16th rounds throughout one clock cycle by using the block data of 512 bits. That is, when the block data of 512 bits are inputted through the interface 100, the block data are stored in the memory 302 through the selector 318. The block data stored in the memory 302 are stored in the register 312 through the selector 322. Thereafter, the register 312 sequentially outputs t-th sub-block data to the message compressor 400 through the selector 324 among the block data stored until t is changed from 1 to 16. At this time, the sub-block data outputted to the message compressor 400 are used as the message data Wt in the corresponding round.
Next, the message scheduler 300 generates the message data Wt in each of 16th to 80th rounds throughout four clock cycles 1 to 4.
More specifically, in the clock cycle 1, the memory 302 outputs (t-16)-th sub-block data Mt-16 from the block data of 512 bits stored in the memory 302. The sub-block data Mt-16 outputted from the memory 302 is stored in the register 312 through the selector 322. In addition, the sub-block data Mt-16 stored in the register 312 is inputted into the second input terminal of the XOR calculator 308.
Subsequently, in the clock cycle 2, the memory 302 outputs (t-14)-th sub-block data Mt-14 to the first input terminal of the XOR calculator 308 from the stored block data of 512 bits. The XOR calculator 308 multiplies and outputs the data Mt-16 and Mt-14 that is inputted into two input terminals. The data Mt-14|Mt-16 that is outputted from the XOR calculator 308 are stored in the register 312 through the selector 322. In addition, the Mt-14⊕Mt-16 that is stored in the register 312 is inputted into the second input terminal of the XOR calculator 308.
In the clock cycle 3, the memory 302 outputs (t-8)-th sub-block data Mt-8 to the first input terminal of the XOR calculator 308 from the stored block data of 512 bits.
The XOR calculator 308 multiplies and outputs the data Mt-8 and Mt-14⊕Mt-16 that that are inputted into the two input terminals thereof. The data Mt-8⊕Mt-14⊕Mt-16 that are outputted from the XOR calculator 308 are stored in the register 312 through the selector 322. The data Mt-8⊕Mt-14⊕Mt-16 that that are stored in the register 312 are inputted into the second input terminal of the XOR calculator 308 again.
Lastly, in the clock cycle 4, the memory 302 outputs (t-3)-th sub-block data Mt-3 to the first input terminal of the XOR calculator 308 from the stored block data of 512 bits. The XOR calculator 308 multiplies and outputs the data Mt-3⊕Mt-8⊕Mt-14⊕Mt-16 that are inputted into the two input terminals thereof. The data Mt-3⊕Mt-8⊕Mt-14⊕Mt-16 that are outputted from the XOR calculator 308 is stored in the register 312 through the selector 322. Further, the data Mt-3⊕Mt-8⊕Mt-14⊕Mt-16 that are outputted from the XOR calculator 308 is inputted into the rotation shift calculator 316 through the selector 322.
The data Mt-3⊕Mt-8⊕Mt-14⊕Mt-16 that is stored in the register 312 is outputted to the rotation shift calculator 314. The rotation shift calculator 314 rotates the data Mt-3⊕Mt-8⊕Mt-14⊕Mt-16 to the left by 1 bit and outputs the data. The data “<<1(reg_w)t” outputted from the rotation shift calculator 314 is inputted into the message compressor 400 through the selector 324, and the data “<<1(reg_w)t” outputted from the selector 324 is used as the message data Wt in the t-th round.
The rotation shift calculator 316 rotates the data Mt-3⊕Mt-8⊕Mt-14⊕Mt-16 to the left by 1 bit and outputs the data. The data “<<1(reg_w)t” outputted from the rotation shift calculator 316 is stored at the position Mt-18 of the sub-block data of the memory 302 through the selectors 326 and 318.
On the other hand, the data “<<1(reg_w)t” outputted from the selector 324 is stored at the position Mt-18 of the sub-block data of the memory 302 through the selectors 326 and 318. Like this, in the case when the data “<<1(reg_w)t” outputted from the selector 324 is stored at the position Mt-18 of the sub-block data of the memory 302 through the selectors 326 and 318, the rotation shift calculator 316 and the multiplexer 326 can be removed, but the number of clock cycles required for message data calculation of one round can be increased by one clock.
Like this, when the last clock cycle 4 is terminated, the message data of one round Wt is generated.
Therefore, the message scheduler 300 generates and outputs the message data Wt in 17th to 80th rounds to the message compressor 400 by repeating the steps 1 to 4 in each of 17th to 80th rounds, and the generated message data Wt are stored in the position Mt-16 of the sub-block data of the memory 302. As a result, an access address of the memory 302 can be defined as (i mod 24) when a round to be calculated is set to i.
Further, the step-by-step detailed operations for the SHA-256 hash calculation in the message scheduler 300 are performed as shown in Table 2. Table 2 shows the step-by-step detailed operations for the SHA-256 hash calculation. In Table 2, “x” represents that no value is relevant to the entire calculation, and “→” represents the same value as data of a left blank. “Mout” represents data outputted from the memory 302, “M1” and “M3” represent data outputted from the selectors 322 and 320, respectively, and “R1” represents data outputted from the register 312. Further, “A1” represents data outputted from the OR calculator 310.
First, in accordance with the control signal from the controller 200, the memory 302, logic function calculators 304 and 306, OR calculator 310, selectors 318, 320, 322, 324, and 326, and register 312 of the message scheduler 300 serve as the logic calculator for the SHA-256 hash calculation to generate the message data Wt in 1st to 64th rounds to be used for the SHA-256 hash calculation.
Referring to Table 2, the message scheduler 300 generates the message data Wt to be used in 1st to 16th rounds throughout one clock cycle in the same manner as the SHA-1 hash calculation.
Next, the message scheduler 300 generates the message data Wt in each of 16th to 64th rounds throughout four clock cycles 1 to 4.
More specifically, in the clock cycle 1, the memory 302 outputs the (t-16)-th sub-block data Mt-16 from the block data of 512 bits stored in the memory 302 to the selector 322. The sub-block data Mt-16 outputted from the memory 302 is stored in the register 312 through the selector 322. The data Mt-16 stored in the register 312 are inputted into the second input terminal of the OR calculator 310 through the selector 324.
In the clock cycle 2, the memory 302 outputs the (t-15)-th sub-block data Mt-15 from the block data of 512 bits stored in the memory 302 to the logic function calculator 304. The logic function calculator 304 performs calculation corresponding to Equation 3 with respect to the sub-block data Mt-16 and outputs the calculated data. Data “σ0(Mt-15)” outputted from the logic function calculator 304 is inputted into the first input terminal of the OR calculator 310 through the selector 320. The OR calculator 310 adds and outputs the data σ0(Mt-15) and Mt-16 that are inputted into two input terminals. The data σ0(Mt-15)+Mt-16 that is outputted from the OR calculator 310 is stored in the register 312 through the selector 322. In addition, the data σ0(Mt-15)+Mt-16 that is stored in the register 312 is inputted into the second input terminal of the OR calculator 310 through the selector 324.
In the clock cycle 3, the memory 302 outputs the (t-7)-th sub-block data Mt-7 from the block data of 512 bits stored in the memory 302 to the selector 320. The data (Mt-7) outputted from the memory 302 is inputted into the first input terminal of the OR calculator 310 through the selector 320. The OR calculator 310 adds and outputs the data Mt-7 and σ0(Mt-15)+Mt-16 that are inputted into two input terminals.
The data Mt-7+σ0Mt-15+Mt-16 that is outputted from the OR calculator 310 are stored in the register 312 through the selector 322. In addition, the data Mt-7+σ0Mt-15+Mt-16 that is stored in the register 312 is inputted into the second input terminal of the OR calculator 310 through the selector 324.
In the last clock cycle 4, the memory 302 outputs the (t-2)-th sub-block data Mt-2 from the block data of 512 bits stored in the memory 302 to the logic function calculator 306. The logic function calculator 306 performs calculation corresponding to Equation 4 with respect to the sub-block data Mt-2 and outputs the calculated data. Data σ1(Mt-2) outputted from the logic function calculator 306 is inputted into the first input terminal of the OR calculator 310 through the selector 320. The OR calculator 310 adds and outputs the data σ1(Mt-2) and Mt-7+σ0Mt-15+Mt-16 that are inputted into two input terminals. The data σ1(Mt-2)+Mt-7+σ0(Mt-15)+Mt-16 that is outputted from the OR calculator 310 is stored in the register 312 through the selector 322. Further, the data σ1(Mt-2)+Mt-7+σ0Mt-15+Mt-16 that is stored in the register 312 is stored at the position Mt-16 of the sub-block data in the memory 302 through the selectors 324, 326, and 318. Like this, after the last clock cycle 4 is terminated, the data σ1(Mt-2)+Mt-7+σ0Mt-15+Mt-16 that is stored in the register is outputted to the message compressor 400 through the selector 324, and the data σ1(Mt-2)+Mt-7+σ0 Mt-15+Mt-16 that is outputted from the selector 324 is used as the message data Wt in the t-th round. Further, the data σ1(Mt-2)+Mt-7+σ0Mt-15+Mt-16 that is outputted from the selector 324 is stored in the position Mt-16 of the sub-block data of the memory 302 through the selectors 326 and 318.
That is, when the last clock cycle 4 is terminated, the message data of one round Wt is generated. Therefore, the message scheduler 300 generates and outputs the message data Wt in 17th to 64th rounds to the message compressor 400 by repeating the steps 1 to 4 in each of 17th to 64th rounds, and the generated message data Wt are stored in the position Mt-16 of the sub-block data of the memory 302. As a result, the access address of the memory 302 can be defined as (i mod 24) when a round to be calculated is set to i.
In general, for the calculation shown in Equation 1, a memory 41, a selector 42, three XOR calculators 431 to 423 for calculation of Wt-3⊕Wt-8⊕Wt-14⊕DWt-16, a rotation shift calculator 44 for performing calculation of “ROTLEFT1”, and sixteen registers 451 to 4516 are required as shown in
However, the message scheduler 300 according to the embodiment of the present invention generates the message data Wt of 1st to 80th/1st to 64th rounds required for the SHA-1 and SHA-256 hash calculations by using one register 312, one OR calculator 310, and one XOR calculator 308, thereby minimizing the hardware area and the power consumption. Further, unlike
Next, a hardware structure of a message compressor according to an exemplary embodiment of the present invention will be described in detail with reference to
Referring to
Each of the registers 401 to 408 has an input terminal and an output terminal, and stores data inputted through the input terminal and outputs the stored data through the output terminal. Intermediate values in calculating the message digest in accordance with the SHA-1/SHA-256 hash calculation are stored in the registers 401 to 408.
The rotation shift calculators 411 and 412 have input terminals and output terminals and rotate data inputted through the input terminals to the left by 30 bits and 5 bits, respectively, and output the data through the output terminals. That is, the rotation shift calculators 411 and 412 perform calculations corresponding to ROTLEFT30 and ROTLEFT5 of Equation 1, respectively.
Each of the registers 413 to 415 has three input terminals and an output terminal and performs calculation of the corresponding logic function, and outputs the result value through the output terminal. That is, the logic function calculators 413, 414, and 415 perform calculations corresponding to “Maj” of Equation 6, “Ch” of Equation 6, and “f” of Equation 5, respectively, with respect to data inputted through the three input terminals. Further, each of the logic function calculators 416 and 417 has an input terminal and an output terminal, and performs calculation corresponding to Σ0 corresponding to Equation 10/Σ1 corresponding to Equation 11 with respect to data inputted through the input terminal and outputs the result value through the output terminal.
The OR calculator 420 has two input terminals and an output terminal, and adds and outputs data inputted through the two input terminals through the output terminal.
The storage module 430 stores Hi, which is an initial value used for the SHA-1 and SHA-256 hash calculations, and a round constant Kt. The round constant Kt may vary for each round.
Each of the selectors 441 to 447 has two input terminals and an output terminal, and selects any one of data inputted through the two input terminals depending on the SHA-1/SHA-256 hash calculation determined in the controller 200 and outputs the data through the output terminal. Further, the selector 448 has seven input terminals and an output terminal, and selects any one of data inputted through the seven input terminals depending on the SHA-1/SHA-256 hash calculation determined in the controller 200 and outputs the data through the output terminal.
More specifically, first and second input terminals of the OR calculator 420 are connected to the output terminals of the selectors 447 and 448, respectively, and the output terminal of the OR calculator 420 is connected to the registers 401 and first input terminals of the selectors 442, 443, and 444.
The output terminal of the register 401 is connected to the input terminal of the register 402, a first input terminal of the logic function calculator 413, the input terminal of the rotation shift calculator 412, and the input terminal of the logic function calculator 416. The output terminal of the register 402 is connected to a first input terminal of the selector 441, the input terminal of the rotation shift calculator 411, a second input terminal of the logic function calculator 413, and a first input terminal of the logic function calculator 414. The output terminal of the rotation shift calculator 411 is connected to a second input terminal of the selector 444.
The output terminal of the register 441 is connected to the input terminal of the register 403, and the output terminal of the register 403 is connected to a second input terminal of the selector 442, the second input terminal of the logic function calculator 414, and a third input terminal of the logic function calculator 413.
The output terminal of the register selector 442 is connected to the input terminal of the register 404, and the output terminal of the register 404 is connected to a second input terminal of the selector 443, a third input terminal of the logic function calculator 414, and a third input terminal of the selector 448.
The output terminal of the selector 443 is connected to the input terminal of the register 405, and the output terminal of the register 405 is connected to the input terminal of the register 406, a first input terminal of the logic function calculator 415, a first input terminal of the selector 447, and the input terminal of the logic function calculator 417. The output terminal of the register 406 is connected to the input terminal of the register 407 and a second input terminal of the logic function calculator 415. The output terminal of the register 407 is connected to a second input terminal of the selector 444 and a third input terminal of the logic function calculator 415. The output terminals of the logic function calculators 415 and 417 are connected to first and second input terminals of the selector 448, respectively. The output terminals of the logic function calculators 413 and 414 are connected to first and second input terminals of the selector 445, respectively, and the output terminals of the rotation shift calculator 412 and the logic function calculator 416 are connected to first and second input terminals of the selector 446, respectively.
The output terminal of the selector 444 is connected to the input terminal of the register 408. The output terminal of the register 408 is connected to a second input terminal of the selector 447.
Further, the output terminals of the selectors 445 and 446 are connected to fifth and sixth input terminals of the selector 448, respectively. The storage module 430 is connected to a fourth input terminal of the selector 448. The intermediate data Wt is connected to a seventh input terminal of the selector 448.
Step-by-step detailed operations for the SHA-1 hash calculation in the message compressor 400 are performed as shown in Table 3. Table 3 shows the step-by-step detailed operations for the SHA-1 hash calculation in the message compressor 400. In Table 3, “a” to “e” represent data stored in the registers 401 to 405, respectively.
In accordance with the control signal from the controller 200, the registers 401 to 405, rotation shift calculator 412, logic function calculator 414, OR calculator 420, storage module 430, and selectors 441 to 448 of the message compressor 400 operate to calculate the message digest in accordance with the SHA-1 hash calculation.
First, prior to the clock cycle 1 of Step 2, Ho to H4, which are initial values defined in the SHA-1 hash calculation, must be established in the registers 401 to 405 (Step 1). The initial values Ho to H4 are established throughout five clock cycles. For this, the registers 401 to 405 operate as the shift registers, and the selectors 441 to 443 output data outputted from former registers 402 to 404 to latter registers 403 to 405, respectively.
More specifically, in the clock cycle 1 of Step 1, the storage module 430 outputs H4. H4 outputted from the storage module 430 is inputted into a first input terminal of the OR calculator 420 through the selector 448. “e” established in the register 405 is inputted into a second input terminal of the OR calculator 420 through the selector 447. At this time, since a, b, c, d, and e are 0, an output value of the OR calculator 420 is H4, and H4 is stored in the register 401 (a=H4). In addition, values stored in the registers 401 to 404 are stored in the registers 402 to 405 by being shifted by one, respectively. Therefore, b, c, d, and e are H4, 0, 0, and 9, respectively.
In the clock cycle 2 of Step 1, the storage module 430 outputs H3. H3 outputted from the storage module 430 is inputted into the first input terminal of the OR calculator 420 through the selector 448. In addition, “e” established in the register 405 is inputted into the second input terminal of the OR calculator 420 through the selector 447. At this time, since e is 0, the output value of the OR calculator 420 is H3, and H3 is stored in the register 401 (a=H3). In addition, values stored in the registers 401 to 404 are stored in the registers 402 to 405 by being shifted by one, respectively. Therefore, b, c, d, and e are H3, H4, 0, and 0, respectively.
After the clock cycle 5 is performed in the same manner as above, a, b, c, d, and e are Ho, H1, H2, H3, and H4, respectively. By this configuration, when the initial values Ho to H4, are established in the registers 401 to 405, the message compressor 400 performs an operation of Step 2 shown in Table 3.
Referring to
In the clock cycle 2 of Step 2, the rotation shift calculator 412 rotates “a” of the register 401 to the left by 5 bits and outputs the rotated “a”. Data “ROTLEFT5(a)” outputted from the rotation shift calculator 412 is inputted into the first input terminal of the OR calculator 420 through the selectors 446 and 448. The OR calculator 420 adds and outputs the data “ROTLEFT5(a)” inputted into the first input terminal, and “e (=Kt+e)” of the register 405 inputted into the second input terminal through the selector 447. The data “ROTLEFT5(a)+Kt+e” outputted from the OR calculator 420 is stored in the register 405 through the selector 443 (ROTLEFT5(a)+Kt+e).
In the clock cycle 3 of Step 2, the selector 448 outputs the intermediate data Wt inputted into the seventh input terminal. Therefore, the OR calculator 420 adds and outputs the intermediate data Wt and e (=ROTLEFT5(a)+Kt+eROTLEFT5(a)) of the register inputted through the selector 447. The data “Wt+ROTLEFT5(a)+Kt+e” outputted from the OR calculator 420 is stored in the register 405 through the selector 443 (e=Wt+ROTLEFT5(a)+Kt+e).
In the last clock cycle 4 of Step 2, the logic function calculator 414 calculates and outputs b, c, and d of the registers 402 to 404. The data “f(b, c, d)” outputted from the logic function calculator 414 is inputted into the first input terminal of the OR calculator 420 through the selectors 445 and 448. The OR calculator 420 adds and outputs the data “f(b, c, d)” inputted into the first input terminal and e (=Wt+ROTLEFT5(a)+Kt+e) of the register 405, which is inputted into the second input terminal through the selector 447. The data “f(b, c, d)+Wt+ROTLEFT5(a)+Kt+e” outputted from the OR calculator 420 is stored in the register 401 (a=f(b, c, d)+Wt+ROTLEFT5(a)+Kt+e). In addition, a, b, c, d, and e stored in the registers 401 to 404 are shifted by one and stored.
As such, when the SHA-1 hash calculation for one round is terminated throughout four clock cycles 1 to 4, the above-mentioned four clock cycles 1 to 4 are repeated until the 80th round. Thereafter, the intermediate vales of the SHA-1 hash calculation are stored in the registers 401 to 405. At this time, in order to calculate the message digest of the SHA-1 hash calculation, the values a to e stored in the registers 401 to 405 throughout 80 rounds and the initial values H0 to H4 stored in the storage module 430 are added to each other. Therefore, in the same manner as in Step 1, in Step 3 the values stored in the registers 401 to 405 and the initial values Ho to H4 stored in the storage module 430 are added to each other throughout five clock cycles.
In this case, values of a (=a+H0), b (=b+H1), c (=c+H2), d (=d+H3), and e (=e+H4) are stored in the registers 401 to 405, respectively. In addition, when an interrupt signal or a polling signal indicating that the calculation is terminated in the controller 200 is generated, the initial values Ho to H4 stored in the storage module 430 are updated to the values a (=a+H0), b (=b+H1), c (=c+H2), d (=d+H3), and e (=e+H4) that are stored in the registers 401 to 405.
When the SHA-1 hash calculation is performed only at one time, the message compressor 400 outputs the updated initial values H0 (=a), H1 (=b), H2 (=c), H3 (=d), and H4 (=e) to a system 10 through the system bus 21 as output values of the SHA-1 hash calculation, and when the SHA-1 hash calculation is performed several times, the message compressor 400 repeatedly performs the above steps throughout 80 rounds by using the updated initial values as initial values of the SHA-1 hash calculation with respect to calculation data of 512 bits. As such, when the SHA-1 hash calculation is performed several times, the initial values H0 (=a), H1 (=b), H2 (=c), H3 (=d), and H4 (=e) are stored in the registers 401 to 405 at the time of performing the SHA-1 hash calculation with respect to second calculation data of 512 bits, such that Step 2 can be performed without Step 1.
Further, step-by-step detailed operations for the SHA-256 hash calculation in the message compressor 400 are performed as shown in Table 4. Table 4 shows the step-by-step detailed operations for the SHA-256 hash calculation in the message compressor 400.
In accordance with the control signal from the controller 200, the registers 401 to 408, logic function calculators 413 and 415 to 417, OR calculator 420, storage module 430, and selectors 441 to 448 of the message compressor 400 operate to calculate the message digest in accordance with the SHA-256 hash calculation.
Similar to the above-mentioned SHA-1 hash calculation, even in the SHA-256 hash calculation, prior to the clock cycle 1 of Step 2, H0 to H7 that are initial values defined in the SHA-256 hash calculation must be established in the registers 401 to 408 (Step 1). The initial values H0 to H7 are established throughout eight clock cycles. For this, the registers 401 to 408 operate as the shift registers and the selectors 441 to 444 output data outputted from former registers 402 to 404 and 407 to latter registers 403 to 405 and 408, respectively.
More specifically, in the clock cycle 1 of Step 1, the storage module 430 outputs H7. H7 outputted from the storage module 430 is inputted into the first input terminal of the OR calculator 420 through the selector 448. In addition, “h” established in the register 408 is inputted into the second input terminal of the OR calculator 420 through the selector 447. At this time, since a, b, c, d, e, f, g, and e are 0, the output value of the OR calculator 420 is H7 and H7 is stored in the register 401 (a=H7). In addition, values stored in the registers 401 to 407 are stored in the registers 402 to 408 by being shifted by one, respectively. Therefore, b, c, d, e, f, g, and h are H7, 0, 0, 0, 0, 0, and 0, respectively.
In the clock cycle 2 of Step 1, the storage module 430 outputs H6. H6 outputted from the storage module 430 is inputted into the first input terminal of the OR calculator 420 through the selector 448. In addition, “h” established in the register 408 is inputted into the second input terminal of the OR calculator 420 through the selector 447. At this time, since h is 0, the output value of the OR calculator 420 is H6, and H6 is stored in the register 401. In addition, values stored in the registers 401 to 407 are stored in the registers 402 to 408 by being shifted by one, respectively. Therefore, b, c, d, e, f, g, and h are H6, H7, 0, 0, 0, 0, and 0, respectively.
In the same manner as above, in the clock cycles 3 to 8 of Step 1, the storage module 430 outputs H5 to Ho, and after the clock cycle 8 is performed, a, b, c, d, e, f, g, and h become Ho, H1, H2, H3, H4, H5, H6, and H7, respectively.
By this configuration, when the initial values H0 to H7, are established in the registers 401 to 408, the message compressor 400 performs an operation of Step 2 shown in Table 4.
Referring to Table 4, in the clock cycle 1 of Step 2, the logic function calculator 415 performs logic function calculation corresponding to Equation 7 with respect to data e, f, and g stored in the registers 405 to 407 and outputs the calculated data. Data “Ch(e,f,g)” outputted from the logic function calculator 415 is inputted into the first input terminal of the OR calculator 420 through the selector 448, and h stored in the register 408 is inputted into the second input terminal of the OR calculator 420 through the selector 447. The OR calculator 420 adds and outputs the data “Ch(e,f,g) and h” that are inputted into the first and second input terminals. The data “Ch(e,f,g)+h” outputted from the OR calculator 420 is stored in the register 408 through the selector 444 (h=Ch(e,f,g)+h).
In the clock cycle 2, the storage module 430 outputs the round constant Kt. Kt outputted from the storage module 430 is inputted into the first input terminal of the OR calculator 420 through the selector 448, and h (=Ch(e,f,g)+h) stored in the register 408 is inputted into the second input terminal of the OR calculator 420 through the selector 447. The OR calculator 420 adds and outputs the data “Kt and Ch(e,f,g)+h” that are inputted into the first and second input terminals. The data “Kt+Ch(e,f,g)+h” outputted from the OR calculator 420 is stored in the register 408 through the selector 444 (h=Kt+Ch(e,f,g)+h).
In the clock cycle 3, the logic function calculator 417 performs logic function calculation corresponding to Equation 11 with respect to “e” stored in the register 405, and outputs the calculated “e”. Data “Σ1(e)” outputted from the logic function calculator 417 is inputted into the first input terminal of the OR calculator 420 through the selector 448, and h (=Kt+Ch(e,f,g,)+h) stored in the register 408 is inputted into the second input terminal of the OR calculator 420 through the selector 447. The
OR calculator 420 adds and outputs the data “Σ1(e) and Kt+Ch(e,f,g,)+h” that are inputted into the first and second input terminals. The data “Σ1(e)+Kt+Ch(e,f,g,)+h” outputted from the OR calculator 420 is stored in the register 408 through the selector 444 (h=Σ1(e)+Kt+Ch(e,f,g,)+h). In the clock cycle 4, the selector 448 outputs the intermediate data Wt. The
data Wt outputted from the selector is inputted into the first input terminal of the OR calculator 420 through the selector 448, and h (=Σ1(e)+Kt+Ch(e,f,g,)+h) stored in the register 408 is inputted into the second input terminal of the OR calculator 420 through the selector 447. The OR calculator 420 adds and outputs the data “Wt and Σ1(e)+Kt+Ch(e,f,g,)+h” that are inputted into the first and second input terminals.
The data “Wt+Σ1(e)+Kt+Ch(e,f,g,)+h” outputted from the OR calculator 420 is stored in the register 408 through the selector 444 (h=Wt+Σ1(e)+Kt+Ch(e,f,g,)+h). The message compressor 400 according to the embodiment of the present invention outputs the intermediate data Wt to the OR calculator 420 after the fourth clock cycle 4 by considering a time required to generate the intermediate data Wt in the message scheduler 300. That is, four clock cycles are required to generate the intermediate data Wt in the message scheduler 300. Referring to
In the clock cycle 5, “d” stored in the register 404 is inputted into the first input terminal of the OR calculator 420 through the selector 448, and h (=Wt+Σ1(e)+Kt+Ch(e,f,g,)+h) stored in the register 408 is inputted into the second input terminal of the OR calculator 420 through the selector 447. The OR calculator 420 adds and outputs the data “H3 and Wt+(e)+Kt+Ch(e,f,g,)+h” that are inputted into the first and second input terminals. The data “d+Wt+Σ1(e)+Kt+Ch(e,f,g,)+h” outputted from the OR calculator 420 is stored in the register 404 through the selector 442 (d=d+Wt+Σ1(e)+Kt+Ch(e,f,g,)+h). By this configuration, when the fifth clock cycle is terminated, a value for “e=d+T1” in Equation 6 is stored in the register 404.
In the clock cycle 6, the logic function calculator 413 performs logic function calculation corresponding to Equation 9 with respect to data “a”, “b”, and “c” stored in the registers 401 to 403, and outputs the calculated “a”, “b”, and “c”. Data “Maj(a,b,c)” outputted from the logic function calculator 413 is inputted into the first input terminal of the OR calculator 420 through the selectors 445 and 448, and e (=Wt+Σ1(e)+Kt+Ch(e,f,g,)+h) stored in the register 408 is inputted into the second input terminal of the OR calculator 420 through the selector 447. The OR calculator 420 adds and outputs the data “Maj(a,b,c) and Wt+Σ1(e)+Kt+Ch(e,f,g,)+h” that are inputted into the first and second input terminals. The data “Maj(a,b,c)+Wt+Σ1(e)+Kt+Ch(e,f,g,)+h” outputted from the OR calculator 420 is stored in the register 408 through the selector 442 (h=Maj(a,b,c)+Wt+Σ1(e)+Kt+Ch(e,f,g,)+h).
Lastly, in the clock cycle 7, the logic function calculator 416 performs the logic function calculation corresponding to Equation 9 with respect to “a” stored in the register 401, and outputs the calculated “a”. Data “Σ0(a)” outputted from the logic function calculator 416 is inputted into the first input terminal of the OR calculator 420 through the selectors 446 and 448, and h (=Maj(a,b,c)+Wt+Σ1(e)+Kt+Ch(e,f,g,)+h) stored in the register 408 is inputted into the second input terminal of the OR calculator 420 through the selector 447. The OR calculator 420 adds and outputs the data “Σ0(a) and Maj(a,b,c)+Wt+Σ1(e)+Kt+Ch(e,f,g,)+H7” that are inputted into the first and second input terminals. The data “Σ0(a)+Maj(a,b,c)+Wt+Σ0(e)+Kt+Ch(e,f,g,)+h” outputted from the OR calculator 420 is stored in the register 401 (h=Maj(a,b,c)+Wt+Σ1(e)+Kt+Ch(e,f,g,)+h). In addition, the data stored in the registers 401 to 407 are stored in the registers 402 to 408 by being shifted by one, respectively. That is, in the clock cycle 5, since “H3+Wt+Σ1(e)+Kt+Ch(e,f,g,)+h” is stored in the register 404, the data “H3+Wt+Σ1(e)+Kt+Ch(e,f,g,)+h” is stored in the register 405.
As such, when the SHA-256 hash calculation for one round is terminated throughout seven clock cycles 1 to 7, the above-mentioned seven clock cycles 1 to 7 are repeated until the 64th round. Thereafter, the intermediate vales of the SHA-256 hash calculation are stored in the registers 401 to 408. At this time, in order to calculate the message digest of the SHA-256 hash calculation, the values a to h stored in the registers 401 to 408 throughout 64 rounds and the initial values H0 to H7 stored in the storage module 430 are added to each other. Therefore, in the same manner as in Step 1, in Step 3 the values stored in the registers 401 to 408 and the initial values Ho to H7 stored in the storage module 430 are added to each other throughout eight clock cycles.
In this case, values of a (=a+H0), b (=b+H1), c (=c+H2), d (=d+H3), e (=e+H4), f (=f+H5), g (=g+H6), and h (=h+H7) are stored in the registers 401 to 408, respectively. In addition, when the interrupt signal or the polling signal indicating that the calculation is terminated in the controller 200 is generated, the initial values H0 to H7 stored in the storage module 430 are updated to the values a (=a+H0), b (=b+Hi), c (=c+H2), d (=d+Ho), e (=e+H4), f (=f+H5), g (=g+H6), and h (=h+H7) that are stored in the registers 401 to 408.
When the SHA-256 hash calculation is performed only one time, the message compressor 400 outputs the updated initial values a (=a+H0), b (=b+Hi), c (=c+H2), d (=d+H3), e (=e+H4), f (=f+H5), g (=g+H6), and h (=h+H7) to the system 10 through the system bus 21 as the output values of the SHA-256 hash calculation, and when the SHA-256 hash calculation is performed several times, the message compressor 400 repeatedly performs the above steps throughout 64 rounds by using the updated initial values as the initial values of the SHA-256 hash calculation with respect to the calculation data of 512 bits. When the SHA-256 hash calculation is performed several times, the initial values a (=a+H0), b (=b+H1), c (=c+H2), d (=d+Ho), e (=e+H4), f (=f+H5), g (=g+H6), and h (=h+H7) are stored in the registers 401 to 408 at the time of performing the SHA-1 hash calculation with respect to second calculation data of 512 bits, such that Step 2 can just be performed without Step 1.
In general, as shown in
However, according to an exemplary embodiment of the present invention, a message compressor 400 finally calculates one message digest by using eight registers 401 to 408 operating as the shift register and one OR calculator 420, thereby minimizing the hardware area and power consumption.
The exemplary embodiments of the present invention are implemented through not only the apparatus and method, but may be implemented through a program that realizes functions corresponding to constituent members of the exemplary embodiments of the present invention or a recording medium in which the program is recorded. The implementation will be easily implemented by those skilled in the art as described in the exemplary embodiments.
While this invention has been described in connection with what is presently considered to be practical exemplary embodiments, it is to be understood that the invention is not limited to the disclosed embodiments, but, on the contrary, is intended to cover various modifications and equivalent arrangements included within the spirit and scope of the appended claims.
Number | Date | Country | Kind |
---|---|---|---|
10-2008-0124199 | Dec 2008 | KR | national |