A compact FPGA-based processor for the Secure Hash Algorithm SHA-256

This work reports an efficient and compact FPGA processor for the SHA-256 algorithm. The novel processor architecture is based on a custom datapath that exploits the reusing of modules, having as main component a 4-input Arithmetic-Logic Unit not previously reported. This ALU is designed as a result of studying the type of operations in the SHA algorithm, their execution sequence and the associated dataflow. The processor hardware architecture was modeled in VHDL and implemented in FPGAs. The results obtained from the implementation in a Virtex5 device demonstrate that the proposed design uses fewer resources achieving higher performance and efficiency, outperforming previous approaches in the literature focused on compact designs, saving around 60% FPGA slices with an increased throughput (Mbps) and efficiency (Mbps/Slice). The proposed SHA processor is well suited for applications like Wi-Fi, TMP (Trusted Mobile Platform), and MTM (Mobile Trusted Module), where the data transfer speed is around 50 Mbps.     

基于FPGA的SHA-1算法的设计与实现

SHA-1算法是目前常用的安全散列算法，被广泛地应用于电子商务等信息安全领域。为了满足安全散列算法的计算速度，该文将SHA-1分成5个硬件结构模块来实现，每个模块可以独立工作。对其进行了优化，达到了缩短关键路径的目的，提高了计算速度。独立的模块使得对每个模块的修改都不会影响其他模块的工作，为模块的进一步优化提供了方便。     

Multi-mode operator for SHA-2 hash functions

We propose an improved implementation of the SHA-2 hash family, with minimal operator latency and reduced hardware requirements. We also propose a high frequency version at the cost of only two cycles of latency per message. Finally we present a multi-mode architecture able to perform either a SHA-384 or SHA-512 hash or to behave as two independent SHA-224 or SHA-256 operators. Such capability adds increased flexibility for applications ranging from a server running multiple streams to independent pseudorandom number generation. We also demonstrate that our architecture achieves a performance comparable to separate implementations while requiring much less hardware.     

Hardware implementation analysis of SHA-256 and SHA-512 algorithms on FPGAs

Hash functions are common and important cryptographic primitives, which are very critical for data integrity assurance and data origin authentication security services. Field programmable gate arrays (FPGAs) being reconfigurable, flexible and physically secure are a natural choice for implementation of hash functions in a broad range of applications with different area-performance requirements. In this paper, we explore alternative architectures for the implementation of hash algorithms of the secure hash standards SHA-256 and SHA-512 on FPGAs and study their area-performance trade-offs. As several 64-bit adders are needed in SHA-512 hash value computation, new architectures proposed in this paper implement modulo-64 addition as modulo-32, modulo-16 and modulo-8 additions with a view to reduce the chip area. Hash function SHA-512 is implemented in different FPGA families of ALTERA to compare their performance metrics such as area, memory, latency, clocking frequency and throughput to guide a designer to select the most suitable FPGA for an application. In addition, a common architecture is designed for implementing SHA-256 and SHA-512 algorithms.     

SHA2 and SHA-3 accelerator design in a 7 nm technology within the European Processor Initiative

This paper proposes the architecture of the hash accelerator, developed in the framework of the European Processor Initiative. The proposed circuit supports all the SHA2 and SHA-3 operative modes and is to be one of the hardware cryptographic accelerators within the crypto-tile of the European Processor Initiative. The accelerator has been verified on a Stratix IV FPGA and then synthesised on the Artisan 7 nanometres TSMC silicon technology, obtaining throughputs higher than 50 Gbps for the SHA2 and 230 Gbps for the SHA-3, with complexity ranging from 15 to about 30 kGE and estimated power dissipation of about 13 (SHA2) to 26 (SHA-3) mW (supply voltage 0.75 V). The proposed design demonstrates absolute performances beyond the state-of-the-art and efficiency aligned with it. One of the main contributions is that this is the first SHA-2 SHA-3 accelerator synthesised on such advanced technology.     

基于SHA-256的磁盘复制审计系统设计与实现

随着计算机和互联网络技术的迅速发展,电子数据鉴定的结论成为具有证据力的法定证据之一,文中介绍了电子取证中基于SHA-256算法的磁盘复制审计系统的设计与实现,在分析SHA-256算法的基础上,利用FPGA芯片实现了基于SHA-256算法的磁盘复制审计系统,提出了实现磁盘复制和生成SHA-256哈希值一种电路设计方案;利用SHA-256算法对DMA传输方式中的CRC校验码进行计算得到磁盘数据摘要,从而保证了采集数据的一致性,并且整个复制过程必须是可审计的;最后讨论了基于A1tera公司生产的StratixⅡ系列FPGA的实现结果。     

Implementation of the SHA-2 Hash Family Standard Using FPGAs

The continued growth of both wired and wireless communications has triggered the revolution for the generation of new cryptographic algorithms. SHA-2 hash family is a new standard in the widely used hash functions category. An architecture and the VLSI implementation of this standard are proposed in this work. The proposed architecture supports a multi-mode operation in the sense that it performs all the three hash functions (256, 384 and 512) of the SHA-2 standard. The proposed system is compared with the implementation of each hash function in a separate FPGA device. Comparing with previous designs, the introduced system can work in higher operation frequency and needs less silicon area resources. The achieved performance in the term of throughput of the proposed system/architecture is much higher (in a range from 277 to 417%) than the other hardware implementations. The introduced architecture also performs much better than the implementations of the existing standard SHA-1, and also offers a higher security level strength. The proposed system could be used for the implementation of integrity units, and in many other sensitive cryptographic applications, such as, digital signatures, message authentication codes and random number generators.     

可重构计算平台上SHA系列函数的优化实现

针对当前哈希函数算法标准和应用需求不同的现状,以及同一系统对安全性可能有着不同的要求,采用可重构的设计思想,在对SHA-1、SHA-256、SHA-512三种哈希函数的不同特征进行深入分析的基础上,总结归纳出统一的处理模型。根据不同的要求,每一种SHA(SHA-1、SHA-256、SHA-512)系列哈希函数都可以单独灵活地执行。使用流水线,并在关键路径进行加法器的优化,提高了算法的吞吐率。并且使用效能比的概念,与M3服务器对比,可重构平台的效能比比通用服务器高很多。     

Design and implementation of totally-self checking SHA-1 and SHA-256 hash functions’ architectures

Many cryptographic primitives that are used in cryptographic schemes and security protocols such as SET, PKI, IPSec and VPN's utilize hash functions - a special family of cryptographic algorithms. Hardware implementations of cryptographic hash functions provide high performance and increased security. However, potential faults during their normal operation cause significant problems in the authentication procedure. Hence, the on-time detection of errors is of great importance, especially when they are used in security-critical applications, such as military or space. In this paper, two Totally Self-Checking (TSC) designs are introduced for the two most-widely used hash functions: SHA-1 and SHA-256. To the best of authors’ knowledge, there is no previously published work presenting TSC hashing cores. The achieved fault coverage is 100% in the case of odd erroneous bits. The same coverage is achieved for even erroneous bits, if they are appropriately spread. Additionally, experimental results in terms of frequency, area, throughput, and power consumption are provided. Compared to the corresponding Duplicated with Checking (DWC) architectures, the proposed TSC-based designs are more efficient in terms of area, throughput/area, and power consumption. Specifically, the introduced TSC SHA-1 and SHA-256 cores are more efficient by 16.1% and 20.8% in terms of area and by 17.7% and 23.3% in terms of throughput/area, respectively. Also, compared to the corresponding DWC architectures, the proposed TSC-based designs are on average almost 20% more efficient in terms of power consumption.     

对移动可信模块安全体制的研究

介绍了基于可信计算的移动可信模块(MTM)的设计思想,引入了移动远程所有者可信模块(MRTM)和移动本地所有者可信模块(MLTM),以满足不同利益相关者的需求.比较了MTM和TPM在安全模型上的区别,给出了实现可信机制的过程.MTM不仅满足了TPM的基本可信特性,还允许多方信任设备和组件一起工作,共享同样的安全架构,体现了移动设备的特性.     

基于FPGA的SHA-256算法实现

本文分析了SHA-256算法的基本工作流程,对算法硬件实现的关键路径进行了优化设计,讨论了几个关键模块的设计方案。最后给出了基于Altera公司的CYCLONE系列FPGA的实现结果。     

小面积高性能的SHA-1/SHA-256/SM3IP复用电路的设计

Hash算法的快速发展导致了两个问题,一个是旧算法与新算法在应用于产品时更新换代的问题,另一个是基于应用环境的安全性选择不同算法时的复用问题。为解决这两个问题,实现了SHA-1/SHA-256/SM3算法的IP复用电路,电路采用循环展开方式,并加入流水线的设计,在支持多种算法的同时,还具有小面积高性能的优势。首先,基于Xilinx Virtex-6FPGA对电路设计进行性能分析,电路共占用776Slice单元,最大吞吐率可以达到0.964Gbps。然后,采用SMIC 0.13μm CMOS工艺实现了该设计,最后电路的面积是30.6k门,比单独实现三种算法的电路面积总和减小了41.7%,工作频率是177.62 MHz,最大吞吐率达到1.34Gbps。     

SHA-1算法的HDL设计与仿真

随着宽带网络和数字视频的飞速发展,如何加强对数据内容的保护成为迫切需要解决的问题.HDCP是一种目前最有效的版权保护协议.它正是采用了SHA-1算法来验证信息传输的完整性.基于HDL语言的硬件设计方法,可以方便地设计硬件电路,建立SHA-1的算法模型,包括码流填充过程和压缩计算过程.用Veriiog HDL描述的电路,其综合结果可通过仿真验证.采用电路结构设计的SHA-1功能模块,简洁高效,可方便地在可编程逻辑器件中实现,并且已在多个嵌入式系统的设计中得到了应用和验证.     

应用于后量子密码的高速高效SHA-3硬件单元设计

随着量子计算技术的高速发展,传统的公钥密码体制正在遭受破译的威胁,将现有加密技术过渡到具有量子安全的后量子密码方案上是现阶段密码学界的研究热点。在现有的后量子密码(Post-Quantum Cryptography,PQC)方案中,基于格问题的密码方案由于其安全性,易实施性和使用灵活的众多优点,成为了最具潜力的PQC方案。SHA-3作为格密码方案中用于生成伪随机序列以及对关键信息散列的核心算子之一,其实现性能对整体后量子密码方案性能具有重要影响。考虑到今后PQC在多种设备场景下部署的巨大需求,SHA-3的硬件实现面临着高性能与有限资源开销相互制约的瓶颈挑战。对此,本文提出了一种高效高速的SHA-3硬件结构,这种结构可以应用于所有的SHA-3家族函数中。首先,本设计将64 bit轮常数简化为7 bit,既减少了轮常数所需的存储空间,也降低了运算复杂度。其次,提出了一种新型的流水线结构,这种新型结构相比于通常的流水线结构对关键路径分割得更加均匀。最后,将新型流水线结构与展开的优化方法结合,使系统的吞吐量大幅提高。本设计基于XilinxVirtex-6现场可编程逻辑阵列(FPGA)完成了原型实现,结果显示,所设计的SHA-3硬件单元最高工作频率可达459 MHz,效率达到14.71 Mbps/Slice。相比于现有的相关设计,最大工作频率提高了10.9%,效率提升了28.2%。     

无线传感器网络硬件平台的选型与搭建

本文介绍了一种基于无线传感器网络的智能家居监控系统的硬件平台的实现方案。根据实际要求,从低成本、低功耗、小型化等方面考虑,对组成该硬件平台的各大模块进行了选型分析与电路搭建,以满足嵌入式的无线数据通信硬件平台的要求。     

基于FPGA+COM Express的基带数字信号处理平台设计

针对卫星信号分离系统运算量大,实时性要求高的特点,设计了一种基于FPGA+COM Express的基带数字处理平台。通过对系统需求的分析,构建系统的硬件架构,将系统分为运算模块、网络接口模块、 A/D电路、D/A电路、电源变换电路和时钟管理电路等部分,然后根据各部分的具体需求确定主要芯片的选择和电路的具体设计。根据系统特点,将系统运算分为两类,将数据运算量大,实时性要求高但结构简单的部分用FPGA实现,将数据量少但控制结构复杂、实时性要求低的部分用COM Express实现。经测试,该平台能够满足卫星信号分离系统的运算需求和实时性要求。该方案可作为通用数字基带处理平台,能够灵活实现常用的基带数字信号处理系统所需的信号采集、运算、控制和输出,具有设计灵活多样,开发简单易行,研发周期短等优点。     

SHA-1在对象-关系访问层设计中的应用

在对象-关系访问层设计时,将对象标识（OID）的生成过程封装在该层的对象标识管理器（OIDM）中,可以大大提高应用程序的可移植性。分析对象-关系访问层体系结构和OID生成策略,128位随机数算法生成的OID已不适应数据信息量不断增加和海量数据存储的需求。根据160位SHA-1算法的特性,将该算法应用于对象-关系访问层设计,分析其可行性,并给出算法应用的Java实现模型。     

Fast Gabor texture feature extraction with separable filters using GPU

Gabor wavelet transform is one of the most effective texture feature extraction techniques and has resulted in many successful practical applications. However, real-time applications cannot benefit from this technique because of the high computational cost arising from the large number of small-sized convolutions which require over 10 min to process an image of 256 × 256 pixels on a dual core CPU. As the computation in Gabor filtering is parallelizable, it is possible and beneficial to accelerate the feature extraction process using GPU. Conventionally, this can be achieved simply by accelerating the 2D convolution directly, or by expediting the CPU-efficient FFT-based 2D convolution. Indeed, the latter approach, when implemented with small-sized Gabor filters, cannot fully exploit the parallel computation power of GPU due to the architecture of graphics hardware. This paper proposes a novel approach tailored for GPU acceleration of the texture feature extraction algorithm by using separable 1D Gabor filters to approximate the non-separable Gabor filter kernels. Experimental results show that the approach improves the timing performance significantly with minimal error introduced. The method is specifically designed and optimized for computing unified device architecture and is able to achieve a speed of 16 fps on modest graphics hardware for an image of 256² pixels and a filter kernel of 32² pixels. It is potentially applicable for real-time applications in areas such as motion tracking and medical image analysis.     

基于Android系统嵌入式移动可信网关设计

以往移动可信平台设计均以终端设计为主,不适用于移动物联网条件下,提出一种基于Android系统的嵌入式可信移动网关,结合可信平台模块（ TPM）芯片与Android系统特有特性,设计新的可信模块。本设计提出 Android 系统下软硬件系统架构以及每个模块的详细功能。根据设计利用 Atmel AT97SC3205T芯片对Cortex—A8 S5PV210平台可信改造,并在Android系统上开发网关应用程序。根据此平台已经开发ZigBee应用程序,此设计有较高的商业价值。     

基于FPGA的7-Zip加密文档高能效口令恢复方法

随着7-Zip压缩软件的广范使用,破解7-Zip加密文档的口令对信息安全有着非常重要的意义。目前,破解7-Zip加密文档主要采用CPU和GPU平台,而潜在的口令空间大,计算复杂度高,在有限的时间内找到正确的口令需要更高性能的计算平台。因此,文中通过分析解密算法的PMC特性,采用可重构的FPGA硬件计算平台,使用流水线技术来实现数据拼接和SHA-256算法,并利用预计算和CSA方法优化SHA-256算法的关键路径,同时使用双端口RAM存储校验数据,从而满足算法的计算需求和存储需求,实现高效能的7-Zip解密算法。实验数据表明,文中提出的优化方法能大幅提升SHA-256算法的性能,使其吞吐量达到110.080 Gbps,并且通过多种方法对解密算法进行优化,最终破解10位长度口令的速率达到了10608个/s,是CPU的226倍,GPU的1.4倍,且能效比是GPU的8倍,极大地提升了算法的性能,降低了高功耗需求。