The invention generally relates to hashing methods and systems for hashing.
The SWIFFT collection of compression functions [Vadim Lyubashevsky, Daniele Micciancio, Chris Peikert, and Alon Rosen. Swifft: A modest proposal for fft hashing. In Kaisa Nyberg, editor, Fast Software Encryption, pages 54-72, Berlin, Heidelberg, 2008. Springer Berlin Heidelberg.] is known to support an asymptotic security proof, through which it is possible to show that finding collisions in a randomly chosen function from SWIFFT is at least as hard as finding short vectors in cyclic/ideal lattices in the worst case.
Embodiments of the invention seek to improve on the prior art methodologies.
In a first broad independent aspect, the invention provides a hashing method comprising the steps of:
converting an input message into a binary input matrix with columns and rows; multiplying the binary matrix with an integer specific to each row;
applying a Fourier Transform (FT) to obtain Fourier coefficients; wherein said FT is an optical FT; and
applying a linear combination across the rows.
This configuration is particularly advantageous as it may achieve in certain embodiments higher resolutions, increased precision, or enhanced security.
In a subsidiary aspect, said binary input matrix is processed with a look-up table to obtain matrix elements. In preferred embodiments, this pre-processing is electronic and carried out prior to optical processing.
In a further subsidiary aspect, said optical FT is a 2D optical FT which calculates a matrix of Fourier coefficients. This avoids in certain embodiments the need to reconstruct the 2D matrix as compared to 1D implementations.
In a further subsidiary aspect, the method further comprises the step of applying an element wise matrix multiplication in the Fourier domain with an additional matrix of the same size as the binary input matrix.
In a further subsidiary aspect, the method further comprises the step of applying an optical Inverse Fourier Transform (IFT) before said step of applying a summation across rows.
In a further subsidiary aspect, said step of applying a summation is optical.
In a further subsidiary aspect, said converting and multiplication of matrix elements are realised electronically prior to any optical processing. This provides the advantageous integration between electronic and optical system to further enhance the performance.
In a further subsidiary aspect, a look-up table is employed in the multiplication of matrix elements.
In a further subsidiary aspect, each column of said binary matrix is fed in parallel to a single free-space optical FT in order to provide outputs from said optical FT. This configuration is particularly advantageous in term of processing speed.
In a further subsidiary aspect, said outputs are fed into an array of waveguides to represent vectors of Fourier coefficients.
In a further subsidiary aspect, the method further comprises the step of re-stitching the vectors of said Fourier coefficients into columns of a further 2D matrix with columns and rows.
In a further subsidiary aspect, the method further comprises the step of multiplying each row of said further 2D matrix optically, element-wise against a pre-determined vector.
In a further subsidiary aspect, the method further comprises the step of summing across the rows by optical combination of the waveguides that make up each row of said 2D matrix into a single optical signal. This configuration further enhances performance.
In a further subsidiary aspect, the method further comprises the step of realising the electronic conversion of optical output signals to a modulo ρ answer via the use of a look-up table.
In a further subsidiary aspect, the method further comprises the step of normalising the optical outputs by rendering the highest value in the output equal to the highest value in the bit range and applying linear scaling over the other values. This configuration further enhances the method by allowing it to be much less susceptible to the effect of noise.
In a further broad aspect, the invention provides a processing system comprising an electronic processor configured to convert an input message into an integer matrix with columns and rows, and an optical processor configured to calculate a Fourier Transform (FT) to obtain a matrix of Fourier coefficients; wherein said FT is an optical FT; said optical processor being further configured to apply a linear combination across the rows.
In a preferred embodiment, said system is configured to convert said binary matrix into an integer matrix via a lookup table.
In an alternative embodiment, said FT is a Fast Fourier Transform (FFT).
In a further subsidiary aspect, said processing system comprises an electronic processor and an optical processor configured to carry out the hashing methods of any one of the preceding aspects.
Embodiments provide improvements to the SWIFFT proposals by appropriately employing optical computing hardware.
The algorithm can be broken down into a series of steps as follows (all operations take place over the set of integers modulo a certain value e.g. Zρ where ρ is the modulus):
1. Conversion of the input message into a binary matrix.
2. Multiplication of matrix elements by an integer unique to each row.
3. 1D Fast Fourier Transform (FFT) of matrix columns to calculate vectors of Fourier coefficients.
4. Re-stitching of the Fourier coefficient vectors into columns of a new matrix.
5. A linear combination across each matrix row.
Steps one and two may in certain embodiments be completed electronically via pre-processing in electronics. Item (1) can be achieved by taking the hexadecimal input string and re-addressing the bytes as a 2D array. Item (2) can be achieved via lookup table: values in the binary matrix that are of value 1 are changed via lookup table an integer determined by the row of the matrix, 0 values are untouched from the original matrix.
Steps (3, 4, and 5) can be achieved via specialised optical hardware in various configurations. All columns of the binary matrix are preferably fed in parallel into an optical system that performs a multi-vector parallel 1D Optical Fourier Transform (OFT) in free space via a lens. The output of each OFT is then fed into a 1D array of waveguides, this completes step (3). To complete step (4) the 1D arrays, once in waveguides can now be considered to be columns in a 2D matrix. For step (5), the layout of the OFT outputs is considered in this way. Viewing the data as a 2D matrix, elements from each row can now be modulated to calculate an optical multiplication of each value against some pre-determined vector. After optical multiplication, the waveguides that make up each row of the 2D matrix can be combined into a single optical signal to produce the summation across the row. Multiplying each row of the matrix, then summing across rows (using modulo arithmetic) gives the linear combination of step (5).
Further embodiments of the invention consider the use of an optical free-space computer, to change the algorithm to both potentially strengthen the security of the algorithm and simplify the hardware involved. Instead of having 1D OFT sections that are computed for each column of the input matrix, embodiments of the invention take the 2D OFT of the entire matrix using a single optical free-space section.
This simplifies the hardware by meaning that, in certain embodiments, only a single lens is required per Fourier Transform (FT)/Inverse Fourier Transform (IFT) operation and still only takes (1) time due to the use of optics. The only constraint to the speed of this operation is the speed at which data can be encoded into and read out from the system which could reasonably reach a 40 GHz frame rate.
With an electronic processor, a 2D FT on a matrix requires much more computation than one FT per matrix column as in SWIFFT. This is because the electronic FFT has a computational complexity of O(n log n) where n is the length of the vector in the 1D transform or the number of matrix elements in the 2D version. This disadvantage is not present with the OFT which computes in parallel at the speed of light. The use of the 2D transform changes the analogous problem from the Shortest Vector Problem (SVP) in polynomial cyclic lattices to the same problem over multivariate cyclic lattices which is known to have the same NP-hardness. The algorithm optimised for the optics is as follows and represented as a block diagram in
1. Conversion of the input message into a binary matrix.
2. Multiplication of matrix elements by an integer unique to each row.
3. 2D FFT of matrix to calculate matrix of Fourier coefficients.
4. An element wise matrix multiplication in the Fourier domain.
5. An inverse OFT section.
6. A summation across matrix rows.
Once again steps (1) and (2) are computed in electronic pre-processing via lookup table.
Step (3) is calculated by the 2D OFT via free-space optics. In a preferred embodiment, the new proposed algorithm takes place using a two-dimensional latent representation of the input data and key. This means that when the hashing takes place, the confusion and diffusion steps operate in multinomial rather than polynomial space, making the algorithm more secure, and requiring a new proof of security, independent of the original SWIFFT algorithm. The fact that an optical Fourier transform and multiplication is used changes the algorithmic complexity from O(n log (n)) to O(1). These two facts together provide a greater amount of data obfuscation as well as a reduced runtime (and energy cost) with respect to input/key size.
Step (4) is achieved via element wise matrix multiplication of the OFT result matrix with an additional matrix of the same size. The optical IFT of this output matrix is then taken (to reduce the dominance of the Direct Current (DC) term). As in section 2, the output is preferably summed across rows to output a vector of values that makes up the message digest.
Considerations for a Practical Optical System
The use of the OFT means that the output is not of the same scale as an integer implementation in electronics. One of the solutions to this is to consider all output from the optics relative to themselves: outputs are normalised by making the highest value in the output equal to the highest value in the bit range and applying linear scaling over the rest of the values.
A good hash function should be deterministic. The same value needs to be obtained every time the value is calculated in the optical system. The use of the OFT means that the computations are analogue and subject to noise in the system. In other words, the proposed algorithm makes use of a noisy, continuous Fourier transform of the input data which is sampled at discrete intervals. This optical function is mathematically distinct from DFT as proposed in the prior art. The inherent noise in the system, if not appropriately handled, would lead to non-determinism which is highly undesirable for a hashing function. As such a proposed method to increase precision is provided in the application in order to ensure that the output remains consistent.
Making an optical computer that is reliable up to 8-bit output precision is a difficult task. The outputs of the system must be accurate to 8-bit precision for the SWIFFT algorithm, therefore embodiments of the invention provide a software algorithm to get around this hardware limitation. Calculations can be computed on a lower precision machine utilising multiple passes through the system and bit-shifting the result appropriately shown in this case with multiplication, FT operations work in a similar way as it is linear:
154×201=30954=0111100011101010 (1)
To compute with only 8-bits of reliable output:
a=154=10011010
b=201=11001001 (2)
Split to 4-bit inputs so that the output precision is not exceeded:
a1=1001
a2=1010
b1=1100
b2=1001 (3)
Compute Result:
a·b=(a1·b1)<<8+(a1·b2)<<4+(a2·b1)<<4+(a2·b2)
a·b=(9·12)<<8+(9·9)<<4+(10·12)<<4+(10·9)
a·b=108<<8+81<<4+108<<4+90
a·b=27648+1296+1920+90 (4)
A similar method can be used to compute multiplications and FT operations at arbitrary precision on a precision-constrained machine.
As previously mentioned, all operations that take place in SWIFFT are over the set of integers modulo ρ where ρ is a pre-determined value. Each output from the system will fall in the range dictated by the system's precision. E.g. for an 8-bit input and output system, the output will also fall in the 8-bit range. The true values if computed electronically would fall in the 16-bit range, with the maximum possible value equal to 256{circumflex over ( )}2−1. The 8-bit outputs of this system represent rounded 16-bit values, as such to get the true value we must multiply them by 256, then calculate modulo ρ. A faster way to achieve the same calculation is to provide a look-up table via which the modulus of the true answer can be fetched without further computation. In an 8-bit machine the size of the lookup table would be only 256 bytes in size. Once the correct answers modulo ρ have been obtained, to sum across rows would be to add all these values together then modulo ρ. This additional computation could be avoided by using an optical summation of matrix rows, followed by a larger lookup table.
A further detailed embodiment of the invention will now be described. The algorithm can be split into two electronic stages with an optical stage in between, as shown in
First Electronic Stage
Optical Stage
Second Electronic Stage
The optical stage may be realized on any one or a combination of the prior art optical systems which are embodied in any of the following patent applications which are owned by Optalysys Limited:
Each one of these documents is incorporated by reference. The prior art system architectures would be configured to operate the method of various embodiments of the invention.
Other embodiments based on those shown in
The SWIFFT2D algorithm will now be compared with the SHA-256 algorithm currently used for bitcoin mining.
In a single SHA-256 iteration, there are around 3000 integer operations that need to be calculated sequentially: a x86 computer would have about that many instructions per hash. The security of the SHA-256 algorithm has not been proven however it has been implemented for several years now without a known vulnerability. Having said that, the SHA1 family of algorithms was thought to be secure and was subsequently shown to be not as strong as the length of the output implied.
SWIFFT2D is part of a family of provably secure hashing functions known to be NP-hard to find collisions, and thought to be unbreakable even with the advent on quantum computing. The downside of computing SWIFFT in the traditional form is the cost of the FT operations. On an optical device with high enough precision, the output of a hash function can be obtained synchronously with the optical frame rate, requiring only a lookup table on either side of the device. Even in a bad case of a low precision device e.g. a device with 4-bit readable output, we are able to obtain the result in 4 optical frames. Each element of the output vector requires a reduce-sum operation over 4 integers with a single integer modulo operation, all of which can be calculated independently in parallel.
Taking the comparison between the two algorithms into account, it is clear that an optical device calculating SWIFFT2D could be much faster than even specialised ASIC hardware calculating SHA-256. The power consumption of the optical system is also significantly lower. These two factors coupled with the improved security features of the algorithm mean that SWIFFT2D implemented on optical hardware is a completely viable improvement vs.
SHA-256.
Whilst the methodology of embodiments of the invention may be employed generally for hashing applications, specific implementations may be, for example, in the context of video processing, blockchain, and cryptocurrency mining.
Number | Date | Country | Kind |
---|---|---|---|
2001382.7 | Jan 2020 | GB | national |
Filing Document | Filing Date | Country | Kind |
---|---|---|---|
PCT/GB2021/050214 | 1/29/2021 | WO |