阅读说明：本技术 一种sm3算法的并行处理方法及电子设备 (Parallel processing method of SM3 algorithm and electronic equipment ) 是由 袁结全 吴�灿 崔志辉 詹晋川 陈世伟 于 2021-08-20 设计创作，主要内容包括：本发明公开了一种SM3算法的并行处理方法及电子设备,本发明通过对SM3密码杂凑算法公式进行化简,将运算中不必要的中间变量进行替代,并对化简后的公式进行循环展开、并行处理,从而达到简化运算过程,节约了计算资源,提高了运算速度。(The invention discloses a parallel processing method of SM3 algorithm and electronic equipment, simplifying SM3 cryptographic hash algorithm formula, replacing unnecessary intermediate variables in operation, and circularly expanding and parallel processing the simplified formula, thereby simplifying operation process, saving calculation resources and improving operation speed.)

1. A parallel processing method of SM3 algorithm, comprising the steps of:

s1, adding a digit 1 at the end of the message m with the length of L bits, and adding a 64-bit binary numerical value with the value of L after the added digit 1 to obtain a message after first filling;

s2, judging whether the message length after the first filling is an integral multiple of 512, if so, directly entering the step S4; otherwise, go to step S3;

s3, adding digit 0 between the added digit 1 and the added binary value until the message length is an integral multiple of 512, obtaining the message after the second filling and entering the step S4;

s4, grouping the current message according to 512 bits, each of the grouped messagesThe individual includes 16 words W₀,W₁,…,W₁₅；W₀Is the highest 32 bits of an individual, W₁₅The lowest 32 bits for an individual;

s5, expanding the W based on 16 words of each individual after grouping to obtain 52 words of W_jAnd 64 words of W_k' obtaining data of 132 words corresponding to each individual; wherein j is 16,17, …, 67; k is 0,1,2, …, 63;

s6 construction of intermediate variables SS1_n、SS2_n、TT1_nAnd TT2_n；

S7, substituting the intermediate variable into the calculation process of the register variable to obtain the calculation formula of the simplified register variable in the data compression process;

and S8, combining each two adjacent iterations of the compression iteration of the SM3 algorithm into one calculation based on the simplified calculation formula of the register variable, and completing the parallel processing of the SM3 algorithm.

2. The parallel processing method of the SM3 algorithm of claim 1, wherein the specific method of step S5 comprises the following sub-steps:

s5-1, converting the word W_j-16Result of a left shift of 15 bits, W, are cycled_j-9Cyclically shift the result sum by 15 bits left and W_j-3Performing exclusive or operation on the results of the left shift of 15 bits circularly to obtain a value Q0; wherein j is more than or equal to 16 and less than or equal to 67;

s5-2, carrying out exclusive OR operation on the result of carrying out circular left shift on the value Q0 and the value Q0 by 15 bits and the result of carrying out circular left shift on the value Q0 by 23 bits to obtain a value Q1;

s5-3, Q1 and W_j-13Cyclically left-shifted by 7 and W_j-6Performing exclusive OR operation on the three components, and recording the operation result as W_j；

S5-4, mixing W_kAnd W_k+4Performing exclusive OR operation, and recording the operation result as W_k’。

3. The parallel processing method of the SM3 algorithm of claim 2, wherein the specific method of step S6 is:

according to the formula:

construction of intermediate variables SS1_n、SS2_n、TT1_nAnd TT2_n(ii) a Wherein the length of each intermediate variable is 32 bits; n is a constant and represents the iteration number of the data compression process, and n is 1,2, … and 64; a. the_n-1Denotes the value of the register variable a at the n-1 th iteration in the data compression process, a when n is 1_n-1Is the initial value 7380166f of the register variable; e_n-1Denotes the value of the register variable E at the n-1 th iteration in the data compression process, E when n is 1_n-1Is the initial value of the register variable a96f30 bc; t is_nIs a fixed value, when n is less than or equal to 16, T_n0x79cc 4519; when n is more than or equal to 17 and less than or equal to 64, T_n＝0x7a879d8a；Represents a 32-bit exclusive-or operation; FF_n(. cndot.) represents a Boolean function; b is_n-1Denotes the value of the register variable B at the n-1 th iteration in the data compression process, when n is 1_n-1Initial values of register variables 4914b2b 9; c_n-1Denotes the value of the register variable C at the n-1 th iteration in the data compression process, C when n is 1_n-1Is the initial value 172442d7 of the register variable; d_n-1Denotes the value of the register variable D at the n-1 th iteration in the data compression process, D when n is 1_n-1Is the initial value of the register variable da8a 0600; GG (GG)_n(. cndot.) represents a Boolean function; f_n-1Denotes the value of the register variable F at the n-1 th iteration in the data compression process, and F when n is 1_n-1163138aa, the initial value of the register variable; g_n-1Indicating the value of the register variable G at the n-1 th iteration in the data compression process, G when n is 1_n-1Is the initial value e38dee4d of the register variable; h_n-1Denotes the value of the register variable H at the n-1 th iteration in the data compression process, H when n is 1_n-1Is a registerThe initial value of the variable b0fb0e4 e.

4. The parallel processing method of the SM3 algorithm of claim 3, wherein the specific method of step S7 is:

according to the formula:

B_r＝A_r-1

C_r＝A_r-2<<<9

D_r＝A_r-3<<<9

E_r＝P0(TT2_r)＝P0(GG_r(E_r-1,E_r-2,E_r-3<<<9)+(E_r-4<<<19)+((A_r-1<<<12)+E_r-1+(T_r<<<r))<<<7+W_r)

F_r＝E_r-1

G_r＝E_r-1<<<19

H_r＝E_r-3<<<19

substituting the intermediate variable into the calculation process of the register variable to obtain a calculation formula of the simplified register variable in the data compression process; wherein r is an integer and represents the iteration times of the data compression process, and r is more than or equal to 4 and less than or equal to 64; FF_r(. and GG)_rBoth represent boolean functions; p0(·) represents a permutation function, and the permutation process is to perform exclusive or of the permutation object, the result of left and right 9 bits of the permutation object cycle, and the result of left 17 bits of the permutation object cycle; a. the_r、B_r、C_r、D_r、E_r、F_r、G_rAnd H_rAll are register variables after the r-th iteration.

5. The parallel processing method of SM3 algorithm of claim 4, wherein the concrete method of step S8 is:

carrying out data compression on the data of 132 words in total corresponding to each individual, and calculating the register variable A in parallel in the data compression process_rAnd E_rThe value of (3) is obtained by the simplified register variable calculation formula after each iteration in the data compression process, and the register variable value after the last iteration is taken as output to complete the parallel processing of the SM3 algorithm.

6. A parallel processing electronic device of the SM3 algorithm, comprising:

a memory storing executable instructions; and

a processor configured to execute the executable instructions in the memory to implement the method of any of claims 1-5.

Technical Field

The invention relates to the field of data processing, in particular to a parallel processing method of an SM3 algorithm and electronic equipment.

Background

The SM3 cryptographic hash algorithm is a hash algorithm based on a packet iteration structure, is a cryptographic hash function standard adopted by China, and aims at a length L (L)<2⁶⁴) The SM3 algorithm generates a hash value with a length of 256 bits after padding and iterative compression, and the hash value is stored in the hash tableThere is an important application in message authentication integrity protection digital signatures. However, the existing SM3 algorithm needs 64 iterations in the data compression process, which consumes a lot of computing resources and slows down the operation speed.

Disclosure of Invention

Aiming at the defects in the prior art, the parallel processing method of the SM3 algorithm and the electronic equipment provided by the invention solve the problem that the SM3 algorithm consumes large computing resources for 64 iterations.

In order to achieve the purpose of the invention, the invention adopts the technical scheme that:

a parallel processing method of SM3 algorithm is provided, which comprises the following steps:

s1, adding a digit 1 at the end of the message m with the length of L bits, and adding a 64-bit binary numerical value with the value of L after the added digit 1 to obtain a message after first filling;

s2, judging whether the message length after the first filling is an integral multiple of 512, if so, directly entering the step S4; otherwise, go to step S3;

s3, adding digit 0 between the added digit 1 and the added binary value until the message length is an integral multiple of 512, obtaining the message after the second filling and entering the step S4;

s4, grouping the current message according to 512 bits, wherein each grouped individual comprises 16 words of W₀,W₁,…,W₁₅；W₀Is the highest 32 bits of an individual, W₁₅The lowest 32 bits for an individual;

s5, expanding the W based on 16 words of each individual after grouping to obtain 52 words of W_jAnd 64 words of W_k' obtaining data of 132 words corresponding to each individual; wherein j is 16,17, …, 67; k is 0,1,2, …, 63;

s6 construction of intermediate variables SS1_n、SS2_n、TT1_nAnd TT2_n；

S7, substituting the intermediate variable into the calculation process of the register variable to obtain the calculation formula of the simplified register variable in the data compression process;

and S8, combining each two adjacent iterations of the compression iteration of the SM3 algorithm into one calculation based on the simplified calculation formula of the register variable, and completing the parallel processing of the SM3 algorithm.

Further, the specific method of step S5 includes the following sub-steps:

s5-1, converting the word W_j-16Result of a left shift of 15 bits, W, are cycled_j-9Cyclically shift the result sum by 15 bits left and W_j-3Performing exclusive or operation on the results of the left shift of 15 bits circularly to obtain a value Q0; wherein j is more than or equal to 16 and less than or equal to 67;

s5-2, carrying out exclusive OR operation on the result of carrying out circular left shift on the value Q0 and the value Q0 by 15 bits and the result of carrying out circular left shift on the value Q0 by 23 bits to obtain a value Q1;

s5-3, Q1 and W_j-13Cyclically left-shifted by 7 and W_j-6Performing exclusive OR operation on the three components, and recording the operation result as W_j；

S5-4, mixing W_kAnd W_k+4Performing exclusive OR operation, and recording the operation result as W_k’。

Further, the specific method of step S6 is:

according to the formula:

construction of intermediate variables SS1_n、SS2_n、TT1_nAnd TT2_n(ii) a Wherein the length of each intermediate variable is 32 bits; n is a constant and represents the iteration number of the data compression process, and n is 1,2, … and 64; a. the_n-1Denotes the value of the register variable a at the n-1 th iteration in the data compression process, a when n is 1_n-1Is the initial value 7380166f of the register variable; e_n-1Denotes the value of the register variable E at the n-1 th iteration in the data compression process, E when n is 1_n-1Is the initial value of the register variable a96f30 bc; t is_nIs a fixed value, when n is less than or equal to 16, T_n0x79cc 4519; when n is more than or equal to 17 and less than or equal to 64, T_n＝0x7a879d8a；Represents a 32-bit exclusive-or operation; FF_n(. cndot.) represents a Boolean function; b is_n-1Denotes the value of the register variable B at the n-1 th iteration in the data compression process, when n is 1_n-1Initial values of register variables 4914b2b 9; c_n-1Denotes the value of the register variable C at the n-1 th iteration in the data compression process, C when n is 1_n-1Is the initial value 172442d7 of the register variable; d_n-1Denotes the value of the register variable D at the n-1 th iteration in the data compression process, D when n is 1_n-1Is the initial value of the register variable da8a 0600; GG (GG)_n(. cndot.) represents a Boolean function; f_n-1Denotes the value of the register variable F at the n-1 th iteration in the data compression process, and F when n is 1_n-1163138aa, the initial value of the register variable; g_n-1Indicating the value of the register variable G at the n-1 th iteration in the data compression process, G when n is 1_n-1Is the initial value e38dee4d of the register variable; h_n-1Denotes the value of the register variable H at the n-1 th iteration in the data compression process, H when n is 1_n-1Is the initial value of the register variable b0fb0e4 e.

Further, the specific method of step S7 is:

according to the formula:

B_r＝A_r-1

C_r＝A_r-2<<<9

D_r＝A_r-3<<<9

E_r＝P0(TT2_r)＝P0(GG_r(E_r-1,E_r-2,E_r-3<<<9)+(E_r-4<<<19)+((A_r-1<<<12)+E_r-1+(T_r<<<r))<<<7+W_r)

F_r＝E_r-1

G_r＝E_r-1<<<19

H_r＝E_r-3<<<19

substituting the intermediate variable into the calculation process of the register variable to obtain a calculation formula of the simplified register variable in the data compression process; wherein r is an integer and represents the iteration times of the data compression process, and r is more than or equal to 4 and less than or equal to 64; FF_r(. and GG)_rBoth represent boolean functions; p0(·) represents a permutation function, and the permutation process is to perform exclusive or of the permutation object, the result of left and right 9 bits of the permutation object cycle, and the result of left 17 bits of the permutation object cycle; a. the_r、B_r、C_r、D_r、E_r、F_r、G_rAnd H_rAll are register variables after the r-th iteration.

Further, the specific method of step S8 is:

carrying out data compression on the data of 132 words in total corresponding to each individual, and calculating the register variable A in parallel in the data compression process_rAnd E_rThe value of (3) is obtained by the simplified register variable calculation formula after each iteration in the data compression process, and the register variable value after the last iteration is taken as output to complete the parallel processing of the SM3 algorithm.

Parallel processing electronics providing an SM3 algorithm, comprising:

a memory storing executable instructions; and

a processor configured to execute the executable instructions in the memory to implement the method of any of claims 1-5.

The invention has the beneficial effects that: the invention simplifies the SM3 cryptographic hash algorithm formula, replaces unnecessary intermediate variables in operation, and circularly expands and processes the simplified formula in parallel, thereby simplifying the operation process, saving the computing resources and improving the operation speed.

Drawings

FIG. 1 is a schematic flow diagram of the process;

FIG. 2 is a block diagram of the SM3 algorithm of the present application;

fig. 3 is a schematic diagram of the compression process of the SM3 algorithm of the present application;

fig. 4 is a timing diagram of the compression process of the SM3 algorithm of the present application.

Detailed Description

The following description of the embodiments of the present invention is provided to facilitate the understanding of the present invention by those skilled in the art, but it should be understood that the present invention is not limited to the scope of the embodiments, and it will be apparent to those skilled in the art that various changes may be made without departing from the spirit and scope of the invention as defined and defined in the appended claims, and all matters produced by the invention using the inventive concept are protected.

As shown in fig. 1, the parallel processing method of the SM3 algorithm includes the following steps:

s1, adding a digit 1 at the end of the message m with the length of L bits, and adding a 64-bit binary numerical value with the value of L after the added digit 1 to obtain a message after first filling;

s2, judging whether the message length after the first filling is an integral multiple of 512, if so, directly entering the step S4; otherwise, go to step S3;

s3, adding digit 0 between the added digit 1 and the added binary value until the message length is an integral multiple of 512, obtaining the message after the second filling and entering the step S4;

s4, grouping the current message according to 512 bits, wherein each grouped individual comprises 16 words of W₀,W₁,…,W₁₅；W₀Is the highest 32 bits of an individual, W₁₅The lowest 32 bits for an individual;

s5, expanding the W based on 16 words of each individual after grouping to obtain 52 words of W_jAnd 64 words of W_k' obtaining data of 132 words corresponding to each individual; wherein j is 16,17, …, 67; k is 0,1,2, …, 63;

s6 construction of intermediate variables SS1_n、SS2_n、TT1_nAnd TT2_n；

S7, substituting the intermediate variable into the calculation process of the register variable to obtain the calculation formula of the simplified register variable in the data compression process;

and S8, combining each two adjacent iterations of the compression iteration of the SM3 algorithm into one calculation based on the simplified calculation formula of the register variable, and completing the parallel processing of the SM3 algorithm.

The specific method of step S5 includes the following substeps:

s5-1, converting the word W_j-16Result of a left shift of 15 bits, W, are cycled_j-9Cyclically shift the result sum by 15 bits left and W_j-3Performing exclusive or operation on the results of the left shift of 15 bits circularly to obtain a value Q0; wherein j is more than or equal to 16 and less than or equal to 67;

s5-2, carrying out exclusive OR operation on the result of carrying out circular left shift on the value Q0 and the value Q0 by 15 bits and the result of carrying out circular left shift on the value Q0 by 23 bits to obtain a value Q1;

s5-3, Q1 and W_j-13Cyclically left-shifted by 7 and W_j-6Performing exclusive OR operation on the three components, and recording the operation result as W_j；

S5-4, mixing W_kAnd W_k+4Performing exclusive OR operation, and recording the operation result as W_k’。

The specific method of step S6 is: according to the formula:

construction of intermediate variables SS1_n、SS2_n、TT1_nAnd TT2_n(ii) a Wherein the length of each intermediate variable is 32 bits; n is a constant and represents the iteration number of the data compression process, and n is 1,2, … and 64; a. the_n-1Denotes the value of the register variable a at the n-1 th iteration in the data compression process, a when n is 1_n-1Is the initial value 7380166f of the register variable; e_n-1Denotes the value of the register variable E at the n-1 th iteration in the data compression process, E when n is 1_n-1Is the initial value of the register variable a96f30 bc; t is_nIs a fixed value, when n is less than or equal toAt 16 hours, T_n0x79cc 4519; when n is more than or equal to 17 and less than or equal to 64, T_n＝0x7a879d8a；Represents a 32-bit exclusive-or operation; FF_n(. cndot.) represents a Boolean function; b is_n-1Denotes the value of the register variable B at the n-1 th iteration in the data compression process, when n is 1_n-1Initial values of register variables 4914b2b 9; c_n-1Denotes the value of the register variable C at the n-1 th iteration in the data compression process, C when n is 1_n-1Is the initial value 172442d7 of the register variable; d_n-1Denotes the value of the register variable D at the n-1 th iteration in the data compression process, D when n is 1_n-1Is the initial value of the register variable da8a 0600; GG (GG)_n(. cndot.) represents a Boolean function; f_n-1Denotes the value of the register variable F at the n-1 th iteration in the data compression process, and F when n is 1_n-1163138aa, the initial value of the register variable; g_n-1Indicating the value of the register variable G at the n-1 th iteration in the data compression process, G when n is 1_n-1Is the initial value e38dee4d of the register variable; h_n-1Denotes the value of the register variable H at the n-1 th iteration in the data compression process, H when n is 1_n-1Is the initial value of the register variable b0fb0e4 e.

The specific method of step S7 is: according to the formula:

B_r＝A_r-1

C_r＝A_r-2<<<9

D_r＝A_r-3<<<9

E_r＝P0(TT2_r)＝P0(GG_r(E_r-1,E_r-2,E_r-3<<<9)+(E_r-4<<<19)+((A_r-1<<<12)+E_r-1+(T_r<<<r))<<<7+W_r)

F_r＝E_r-1

G_r＝E_r-1<<<19

H_r＝E_r-3<<<19

substituting the intermediate variable into the calculation process of the register variable to obtain a calculation formula of the simplified register variable in the data compression process; wherein r is an integer and represents the iteration times of the data compression process, and r is more than or equal to 4 and less than or equal to 64; FF_r(. and GG)_rBoth represent boolean functions; p0(·) represents a permutation function, and the permutation process is to perform exclusive or of the permutation object, the result of left and right 9 bits of the permutation object cycle, and the result of left 17 bits of the permutation object cycle; a. the_r、B_r、C_r、D_r、E_r、F_r、G_rAnd H_rAll are register variables after the r-th iteration.

When j is different, T_jValue of (A) and FF_jThe formula for (X, Y, Z) is different, which is taken to be available:

when j is 0-15, T_jIs 79cc4519 which is the main component of the gasoline,

when j is 16-63, T_jIs 7a879d8a, FF_j(X,Y,Z)＝(X∧Y)∨(X∧Z)∨(Y∧Z)

When j is different, T_jValue of (A) and GG_jThe formula for (X, Y, Z) is different, which is taken to be available:

when j is 0-15, T_jIs 79cc4519 which is the main component of the gasoline,

when j is 16-63, T_jIs 7a879d8a,

wherein the A is 32 bit AND operation, the V is 32 bit OR operation,is a 32-bit not operation.

The specific method of step S8 is: carrying out data compression on the data of 132 words in total corresponding to each individual, and calculating the register variable A in parallel in the data compression process_rAnd E_rThe value of (3) is obtained by the simplified register variable calculation formula after each iteration in the data compression process, and the register variable value after the last iteration is taken as output to complete the parallel processing of the SM3 algorithm.

The parallel processing electronic device of the SM3 algorithm is characterized by comprising:

a memory storing executable instructions; and

a processor configured to execute the executable instructions in the memory to implement the method of any of claims 1-5.

In one embodiment of the present application, each datum is divided serially as shown in FIG. 2Set M (i) (M (i)) is 132 words W obtained by expansion_jAnd W_j') data compression with a compression function V (i +1) ═ CF (V (i), M (i)) (0)<＝i<N-1), the calculation is repeated again with the result value of the last compression as the next input, CF representing the compression function. The compression function is calculated as follows: let A, B, C, D, E, F, G, H be register variables, SS1, SS2, TT1 and TT2 be intermediate variables, and the variable lengths are all 32 bits.

When the first packet is compressed and the expanded data m (i) is compressed, i is 0: initial value of IV (compression function register): 7380166f 4914b2b 9172442 d7 da8a0600 a96f30bc 163138aa e38dee4d b0fb0e4e are assigned to register variables A, B, C, D, E, F, G and H, and if i >0 is not the first operation, the result of the last calculation V (i-1) needs to be assigned to A, B, C, D, E, F, G and H.

In the specific implementation process, after the formula is simplified, 8 register variables only need to be A_rAnd E_rCan calculate since A_rAnd E_rThe calculation conditions are consistent, so as to calculate A_rThe description is given for the sake of example:

as shown in FIG. 3, F represents the function of operation, and the first clock cycle of A is calculated by two-in-one method₀(initial value A is used as required) and A₁(need to use A)₀And an initial value A), a second clock cycle calculating A₂(need to use A)₁And A₀And initial values A) and A₃(need to use A)₂，A₁，A₀And initial value A), the third clock cycle calculates A₄(need to use A)₃，A₂，A₁And A₀) And A₅(need to use A)₄，A₃，A₂，A₁) By analogy, it can be found that in the calculation A_j+1In time, both the previous round and the current round are used. Thus in calculating A_jThen 6 registers are needed, i.e. reg _ A₀、reg_A₁、reg_A₂、reg_A₃、reg_A₄、reg_A₅The 6 registers can calculate the value A₀-A₆₃The value of (c).

As shown in FIG. 4, F is a function of the calculation, and A is calculated in the first clock cycle₀And A₁Let it hold for three clock cycles, the second clock cycle calculating A₂And A₃Let it remain for three clock cycles, the third clock cycle calculating A₄And A₅Holding it for three clock cycles; when A is₀And A₁After three clock cycles are kept, the subsequent calculation can not be used in A₀And A₁At this time reg _ A₀And reg _ A1 register can calculate A₆And A₇And by analogy, all values are finally calculated.

As can be seen from the above process, the invention combines each two rounds of functions into one function by adopting the loop iterative expansion method for this part of structure, so that two times of compression calculation can be realized in one clock cycle, and the processing cycle of the packet is reduced from 64 to 32.

In summary, the SM3 cryptographic hash algorithm formula is simplified, unnecessary intermediate variables in the operation are replaced, and the simplified formula is circularly expanded and processed in parallel, so that the operation process is simplified, the computing resources are saved, and the operation speed is improved.