SM3及SHA-2系列算法硬件可重构设计与实现

针对当前国内外杂凑算法标准和应用需求不同的现状,采用数据流可重构的设计思想和方法,在对SM3及SHA-2系列杂凑算法的不同特征进行分析研究的基础上,总结归纳出统一的处理模型,进而设计了一种新的硬件结构。基于该结构,根据不同环境对杂凑算法安全强度的不同要求,可以单独灵活地实现SM3,SHA-256,SHA-384及SHA-512算法。实验结果表明,设计的硬件电路有效降低了硬件资源消耗,提高了系统吞吐率,能够满足国内外商用杂凑算法的要求。     

杂凑算法的对偶问题

杂凑算法往往具有很高的杂凑速率,如MD_x(x版本的杂凑算法),SHA(数据杂凑标准)等。一个自然的问题是能否利用快速安全的杂凑算法构造相应的分组加密算法呢?本文把这个问题称为杂凑算法的对偶问题,本文试图用现有的结果证明给定一个安全快速的杂凑算法可以构造一个安全快速的分组加密算法。     

杂凑算法的对偶问题

杂凑算法往往具有很高的杂凑速率，如ＭＤｘ（ｘ版本的杂凑算法），ＳＨＡ（数据杂凑标准）等。一个自然的问题是否利用快速安全的杂凑算法构造相应的分组加密算法呢？本文把这个问题称为杂凑算法的对偶问题。本文试图用现有的结果证明给定一个安全快速的杂凑算法可以构造一个安全快速的分组加密算法。     

SM3杂凑算法的ASIC设计和实现

针对国家商用密码SM3杂凑算法提出了一种四合一的ASIC实现架构.该架构采用进位保留加法器和循环展开方式,与单轮结构相比,时钟周期数减少了75%,吞吐率提高了29.4%.采用65nm的SMIC工艺,在125MHz的低时钟频率下,吞吐率达到了4Gb/s.此款SM3杂凑算法芯片已经进行了流片,支持填充和暂停功能.     

SM3国产密码算法在JWT认证技术中的应用

<正>目前，JWT用户认证体系的应用越来越广泛，但JWT令牌存在使用的杂凑算法安全性不够，采用国外杂凑算法不符合国家信创要求等问题。SM3作为自主可控的国产密码杂凑算法，应用在JWT认证技术中，大幅提高了JWT令牌的安全性。同时，SM3国产密码算法的应用更能够满足国家相关机构的安全合规性要求。     

基于国密SM3算法的摘要码生成器设计

SM3杂凑算法是中国商用密码杂凑算法的标准.利用FPGA、单片机以及上位机,共同完成该算法的填充、分组、扩展以及压缩迭代等步骤,实现数据的输入和显示.首先上位机利用UART串口通信的方式将数据传送给单片机,其次单片机将接收的数据进行填充和分组,将分组后的数据利用SPI串行通信传送给FPGA进行计算,最后由上位机显示结果...     

一种用于可信计算的RISC-V处理器设计

针对我国自主可控处理器的设计需求,文中采用开源RISC-V指令集架构设计了一种适用于可信计算的处理器。处理器内核中指令运算阶段使用5级流水线技术,并采用定向前推技术解决了数据相关问题。仿真阶段使用Modelsim仿真软件对整数指令集进行测试,经验证指令功能正确。借助FPGA开发板,以国产操作系统深度为平台,在50 MHz的时钟频率下处理器能正确运行SM3密码杂凑算法,输出256 bit的杂凑值,并与预存杂凑值进行比对,根据比对结果输出IO控制信号,完成对外部设备的主动控制及度量,达到预期目标。     

基于强单向置换杂凑算法的构造和安全性分析

本文利用n上单向置换与完善置换的复合,构造基于强单向置换的杂凑算法,并证明了该算法的安全性等价于单向置换在多项式时间内不可求逆.     

杂凑算法扩散性能的偏差分析

对杂凑算法安全性的统计性能的分析,通常采用χ2检验的方法。给出另一种易于操作的新的方法:偏差分析法。给出了杂凑算法扩散性能偏差分析的理论分布和选取样本容量的下界的计算公式,并给出了MD5算法的运用实例。     

一种基于SRAM工艺FPGA的防克隆保护方法

随着现场可编程逻辑门阵列在电子设备中应用范围不断扩展,其设计中包含的知识产权信息极为重要和敏感,而当前广泛使用的基于静态随机存取存储器工艺的现场可编程逻辑门阵列器件每次上电时都需要重新配置,在配置过程中其数据流面临被克隆的风险.为防止配置数据流中重要知识产权信息被非法使用,以杂凑算法、异步电路的竞争与冒险现象、线性反馈...     

A Fault Detection Scheme for the FPGA Implementation of SHA-1 and SHA-512 Round Computations

The Secure Hash Algorithm is the most popular hash function currently used in many security protocols such as SSL and IPSec. Like other cryptographic algorithms, the hardware implementation of hash functions is of great importance for high speed applications. Because of the iterative structure of hash functions, a single error in their hardware implementation could result in a large number of errors in the final hash value. In this paper, we propose a novel time-redundancy-based fault diagnostic scheme for the implementation of SHA-1 and SHA-512 round computations. This scheme can detect permanent as well as transient faults as opposed to the traditional time redundancy technique which is only capable of detecting transient errors. The proposed design does not impose significant timing overhead to the original implementation of SHA-1 and SHA-512 round computation. We have implemented the proposed design for SHA-1 and SHA-512 on Xilinx xc2p7 FPGA. It is shown that for the proposed fault detection SHA-1 and SHA-512 round computations, there are, respectively, 3% and 10% reduction in the throughput with 58% and 30% area overhead as compared to the original schemes. The fault simulation of the implementation shows that almost 100% fault coverage can be achieved using the proposed scheme for transient and permanent faults.     

LTE系统密钥生成算法研究

介绍了单向散列函数特性和SHA-256算法原理.基于C语言实现SHA-256算法的程序设计,在Visual C++6.0环境下仿真测试结果,对该算法的单向散列函数特性进行了分析.对24组1 024 bit测试数据测试分析,结果表明,SHA-256算法具有理想的单向散列函数特性.     

高频率、低成本的SHA-256算法VLSI实现

SHA-256安全散列算法广泛应用于数据完整性校验及数字签名等领域.为满足安全SoC系统对SHA-256高工作频率和低硬件成本的设计需求,提出了一种新颖的SHA-256 VLSI实现方法,通过分解算法实现步骤,进而缩短关键路径,节省硬件资源.采用SMIC 0.13μm CMOS工艺综合实现,结果表明其最高工作频率达334.5MHz,资源消耗减少了70%.     

SHA-1算法及其在FPGA加密认证系统中的应用

本文对安全散列算法以及安全散列值的计算方法进行了深入的分析,给出了安全散列值的计算步骤,论证了安全散列算法的安全性和可靠性,最后提出了一种SHA-1(SecureHashAlgorithm安全哈希算法)算法在加密认证系统的应用。整个认证系统通过1-wire总线,使FPGA完成与DS28E01-100加密芯片的通信,主机内核采用了Xilinx公司设计开发的8位微控制器软核PicoBlaze。实验证明该设计能够完成加密认证系统的过程。     

一种基于循环展开结构的SHA-1算法实现

哈希算法在信息安全领域主要应用于验证数据完整性和签名认证。通过对SHA-1算法进行深入分析，提出了一种快速实现此算法的硬件方案。该方案改变了标准算法中的迭代结构，减少消息处理时钟周期数，进而提高吞吐量。与其他IP）核相比，该设计在面积、频率和吞吐量等方面表现出了较强的优势。     

智能信息载体DS1961S在预付费电能表中的应用

介绍了美国Dallas(现被Maxim公司收购)公司生产的智能化信息载体iButton DS1961S作为预购电量存储介质在预付费电能表中的具体应用。较为详尽的介绍了DS1961S的SHA-1加密引擎及加密算法，给出了预付费电能表的硬件结构及设计原理。     

Cost-Efficient SHA Hardware Accelerators

This paper presents a new set of techniques for hardware implementations of Secure Hash Algorithm (SHA) hash functions. These techniques consist mostly in operation rescheduling and hardware reutilization, therefore, significantly decreasing the critical path and required area. Throughputs from 1.3 Gbit/s to 1.8 Gbit/s were obtained for the SHA implementations on a Xilinx VIRTEX II Pro. Compared to commercial cores and previously published research, these figures correspond to an improvement in throughput/slice in the range of 29% to 59% for SHA-1 and 54% to 100% for SHA-2. Experimental results on hybrid hardware/software implementations of the SHA cores, have shown speedups up to 150 times for the proposed cores, compared to pure software implementations.      

On the development of high-throughput and area-efficient multi-mode cryptographic hash designs in FPGAs

In this paper, area-efficient and high-throughput multi-mode architectures for the SHA-1 and SHA-2 hash families are proposed and implemented in several FPGA technologies. Additionally a systematic flow for designing multi-mode architectures (implementing more than one function) of these families is introduced. Compared to the corresponding architectures that are produced by a commercial synthesis tool, the proposed ones are better in terms of both area (at least 40%) and throughput/area (from 32% up to 175%). Finally, the proposed architectures outperform similar existing ones in terms of throughput and throughput/area, from 4.2× up to 279.4× and from 1.2× up to 5.5×, respectively.     

INTEGRAL DISTINGUISHERS OF JH AND GRØSTL-512

In December of 2010 NIST selected five SHA-3 finalists - BLAKE, Grøstl, JH, Keccak, and Skein to advance to the third (and final) round of the SHA-3 competition. At present most specialists and scholars focus on the design and the attacks on these hash functions. However, it is very significant to study some properties of their primitives and underlying permutations. Because some properties reflect the pseudo-randomness of the structures. Moreover, they help us to find new cryptanalysis for some block cipher structures. In this paper, we analyze the resistance of JH and Grøstl-512 against structural properties built on integral distinguishers. And then 31.5 (out of 42) rounds integral distinguishers for JH compression function and 11.5 (out of 14) rounds for Grøstl-512 compression function are presented.     

Provably Good Codes for Hash Function Design

A new technique to lower-bound the minimum distance of certain types of quasi-cyclic codes with large dimension by reducing the problem to lower-bounding the minimum distance of a few significantly smaller codes has been developed. These codes have the property that they have extremely efficient software encoders. Using this technique, it is proved that a code which is similar to the SHA-1 (Secure Hash Algorithm, to be explained shortly) message expansion code has minimum distance $82$, and that too in just the last 64 of the 80 expanded words. In fact, the proposed code has much greater distance than that of SHA-1 code, which makes our proposed hashing scheme robust against cryptographic attacks. The technique is further used to find the minimum weight of the SHA-1 code itself (25 in last 60 words), which was an open problem. Estimating minimum distance of a code given by its parity-check matrix is well known to be a hard problem. Our technique is expected to be helpful in estimating minimum distance of similar codes as well as in designing future practical cryptographic hash functions.