A circuit and method for implementing a full-pipelined sm3 cryptographic hash algorithm
By successively reducing the message word register and optimizing the operation process of E in the SM3 cryptographic hash algorithm circuit, the problem of high storage resource consumption is solved, and a more efficient fully pipelined SM3 cryptographic hash algorithm circuit is realized.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Applications(China)
- Current Assignee / Owner
- WUHAN BINARY SEMICON CO LTD
- Filing Date
- 2026-03-13
- Publication Date
- 2026-06-19
AI Technical Summary
The existing circuits that implement the fully pipelined SM3 cryptographic hash algorithm require setting 16 message word registers in each round of message expansion, resulting in high storage resource consumption. Furthermore, the additions in the critical path of the compression process cannot be continuous, making it impossible to optimize the critical path.
By successively reducing the message word register in the message extension circuit and optimizing the operation of E in the compression circuit, compression is completed using a 3-2 compressor and a left shift operation, thus optimizing the critical path.
The use of message word registers is reduced, saving storage resources and optimizing the critical path of the compression process, thus improving circuit efficiency.
Smart Images

Figure CN122247672A_ABST
Abstract
Description
Technical Field
[0001] This invention relates to the field of information security technology, and in particular to a circuit and method for implementing a fully pipelined SM3 cryptographic hash algorithm. Background Technology
[0002] The rapid development of technologies such as cloud computing, artificial intelligence, and the Internet of Things has placed higher demands on data processing. However, data security during high-throughput data transmission has become a major challenge in the field of information security. To achieve highly secure data transmission, security chips with built-in cryptographic algorithms are typically employed.
[0003] Among existing technologies, the SM3 cryptographic hash algorithm is a cryptographic hash algorithm independently developed in my country, which hashes hashes of length 10 ... l ( l <2 64 ) Bit message m The data is padded to a multiple of 512 bits in length, then divided into 512-bit message blocks. Each message block is expanded, and the expanded message words W and W' are fed into a compression function for 64 rounds of compression to output the state value. After all message groups have been processed, the final state value is a 256-bit hash value. This algorithm can be widely used in data integrity detection, digital signature verification, and random number generation.
[0004] However, existing fully pipelined SM3 cryptographic hash algorithms require 16 message word registers in each round of message expansion, resulting in significant storage resource consumption. Furthermore, the critical path in the compression process involves the computation of E, and intermediate quantities... In 7 operations make The addition in the middle cannot be summed. The addition in the algorithm is continuous, making it impossible to optimize the critical path using a compressor. Therefore, there is an urgent need to improve the circuitry for implementing the fully pipelined SM3 cryptographic hash algorithm. Summary of the Invention
[0005] This invention provides a circuit and method for implementing a fully pipelined SM3 cryptographic hash algorithm, in order to solve the technical problem that existing circuits for implementing a fully pipelined SM3 cryptographic hash algorithm require setting 16 message word registers in each round of message expansion, resulting in high storage resource consumption.
[0006] Firstly, a circuit for implementing a fully pipelined SM3 cryptographic hash algorithm is provided, comprising: The message expansion circuit is used to expand N message words into K message words in M rounds, wherein in the subsequent rounds of expansion, the message word register used to store the message words is gradually reduced. A compression circuit, connected to the message expansion circuit, is used to receive the message words obtained from each round of expansion and output them after corresponding round of pipeline compression.
[0007] In some embodiments, when N is 16, M is 64, and K is 132, the message expansion circuit is used to expand the N message words divided into message groups in M rounds to obtain K message words. In subsequent rounds of expansion, the message word register used to store the message words is gradually reduced, including: In the first clock cycle, 16 message word registers are used to store the 16 message words divided into message groups. And calculated and ; In the second clock cycle, 16 message words are stored using 16 message word registers. as well as And calculated and ; And so on, in the 3rd to 52nd clock cycles, the calculation is... as well as ; In the 53rd clock cycle, 16 message words are stored using 16 message word registers. And calculated ; In the 54th clock cycle, 15 message words are stored using 15 message word registers. And calculated ; Following this pattern, during the 55th to 64th clock cycles, the message word register is decreased sequentially, and the result is calculated. .
[0008] In some embodiments, the message expansion circuit is used to expand N message words divided into message groups into K message words through M rounds, wherein in subsequent rounds of expansion, the message word register used to store the message words is gradually reduced, and the circuit further includes: The message word is obtained by performing a round of expansion using the following formula: message In the formula =16~67, For the permutation function in the predefined message extension; message In the formula =0~63.
[0009] In some embodiments, the compression circuit is used to receive the message word obtained from each round of expansion and output it after performing corresponding round-based pipeline compression, including: Assign initial values to the eight status registers, denoted as A, B, C, D, E, F, G, and H; Receive the message words obtained from each round of expansion, and update A, B, C, D, E, F, G, and H according to preset rules; among them, the calculation formula for updating E according to preset rules is as follows: ; ; In the formula, express The updated value; For the permutation function in the predefined message extension; For predefined Boolean functions; As an intermediate variable; This is the compensation value; It is a constant. =0~63.
[0010] In some embodiments, the calculation of E according to preset rules includes: Completed using a 3-2 compressor and a left shift operation. compression generation and ; according to The calculation result is from the preset Choose one as calculate .
[0011] Secondly, a method for implementing a fully pipelined SM3 cryptographic hash algorithm is provided, including the following steps: The message group is divided into N message words and expanded in M rounds to obtain K message words. In the subsequent rounds of expansion, the message word register used to store the message words is gradually reduced. Receive the message words obtained from each round of expansion, perform corresponding round-based pipeline compression, and then output them.
[0012] In some embodiments, when N is 16, M is 64, and K is 132, the step of expanding the N message words into K message words through M rounds, wherein in subsequent rounds of expansion, the message word register used to store the message words is gradually reduced, including: In the first clock cycle, 16 message word registers are used to store the 16 message words divided into message groups. And calculated and ; In the second clock cycle, 16 message words are stored using 16 message word registers. as well as And calculated and ; And so on, in the 3rd to 52nd clock cycles, the calculation is... as well as ; In the 53rd clock cycle, 16 message words are stored using 16 message word registers. And calculated ; In the 54th clock cycle, 15 message words are stored using 15 message word registers. And calculated ; Following this pattern, during the 55th to 64th clock cycles, the message word register is decreased sequentially, and the result is calculated. .
[0013] In some embodiments, the step of expanding the N message words into K message words through M rounds, wherein the message word register used to store the message words is gradually reduced in subsequent rounds of expansion, further includes: The message word is obtained by performing a round of expansion using the following formula: message In the formula =16~67, For the permutation function in the predefined message extension; message In the formula =0~63.
[0014] In some embodiments, receiving the message word obtained from each round of expansion and outputting it after corresponding round-based pipeline compression includes: Assign initial values to the eight status registers, denoted as A, B, C, D, E, F, G, and H; Receive the message words obtained from each round of expansion, and update A, B, C, D, E, F, G, and H according to preset rules; among them, the calculation formula for updating E according to preset rules is as follows: ; ; In the formula, express The updated value; For predefined permutation functions in compression; For predefined Boolean functions; As an intermediate variable; This is the compensation value; It is a constant. =0~63.
[0015] In some embodiments, the calculation of E according to preset rules includes: Completed using a 3-2 compressor and a left shift operation. compression generation and ; according to The calculation result is from the preset Choose one as calculate .
[0016] The beneficial effects of the technical solution provided by this invention include: This invention provides a circuit and method for implementing a fully pipelined SM3 cryptographic hash algorithm. The circuit includes a message expansion circuit and a compression circuit. The message expansion circuit expands N message words divided into message blocks into K message words through M rounds, wherein in subsequent rounds of expansion, the number of message word registers used to store the message words is gradually reduced. The compression circuit is connected to the message expansion circuit and receives the message words obtained from each round of expansion, performs corresponding round-based pipelined compression, and outputs the compressed message words. The circuit for implementing a fully pipelined SM3 cryptographic hash algorithm in this invention reduces the number of message word registers used to store the message words in subsequent rounds of expansion, thus saving storage resources. Attached Figure Description
[0017] To more clearly illustrate the technical solutions in the embodiments of the present invention, the accompanying drawings used in the description of the embodiments will be briefly introduced below. Obviously, the accompanying drawings described below are only some embodiments of the present invention. For those skilled in the art, other drawings can be obtained based on these drawings without creative effort.
[0018] Figure 1 This is a schematic diagram of the circuit structure for implementing a fully pipelined SM3 cryptographic hash algorithm on the i-th message packet, as provided in an embodiment of the present invention. Figure 2 This is a schematic diagram of the message extension circuit for implementing a fully pipelined SM3 cryptographic hash algorithm, provided by an embodiment of the present invention. Figure 3 A schematic diagram of a round expansion circuit for a message expansion circuit that implements a fully pipelined SM3 cryptographic hash algorithm is provided in an embodiment of the present invention. Figure 4 A schematic diagram of the structure of a compression circuit for implementing a fully pipelined SM3 cryptographic hash algorithm provided in an embodiment of the present invention; Figure 5 A schematic diagram of the structure of a round compression circuit for implementing a fully pipelined SM3 cryptographic hash algorithm compression circuit is provided in an embodiment of the present invention; Figure 6 A schematic diagram of the existing E operation update structure; Figure 7 This is a schematic diagram of the structure for updating the operation of E according to an embodiment of the present invention; Figure 8 For the length provided in the embodiments of the present invention, l A schematic diagram of the circuit structure for implementing a fully pipelined SM3 cryptographic hash algorithm for bit messages; Figure 9 This is a flowchart illustrating a method for implementing a fully pipelined SM3 cryptographic hash algorithm according to an embodiment of the present invention. Detailed Implementation
[0019] To make the objectives, technical solutions, and advantages of the embodiments of the present invention clearer, the technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are only some embodiments of the present invention, not all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those skilled in the art without creative effort are within the scope of protection of the present invention.
[0020] This invention provides a circuit for implementing a fully pipelined SM3 cryptographic hash algorithm, which solves the technical problem that existing circuits implementing a fully pipelined SM3 cryptographic hash algorithm require setting 16 message word registers in each round of message expansion, resulting in high storage resource consumption.
[0021] See Figure 1 As shown, this embodiment of the invention provides a circuit for implementing a fully pipelined SM3 cryptographic hash algorithm, including: a message extension circuit and a compression circuit.
[0022] The message expansion circuit is used to expand N message words divided into message groups into K message words through M rounds, wherein in subsequent rounds of expansion, the message word register used to store the message words is gradually reduced. Here, N, M, and K are all positive integers.
[0023] The compression circuit is connected to the message expansion circuit. The compression circuit is used to receive the message word obtained from each round of expansion and perform corresponding round-by-round compression to obtain a hash value.
[0024] Specifically, when N is 16, M is 64, and K is 132, the message group is a 512-bit message word, which is divided into 16 32-bit message words. The message expansion circuit is used to divide the 16 32-bit message words... Expanded to 132 32-bit message words The computation process requires a total of 64 rounds of pipeline expansion.
[0025] The step of expanding the N message words into K message words through M rounds, and successively reducing the message word register used to store the message words in subsequent rounds of expansion, includes: In the first clock cycle, 16 message word registers are used to store the 16 message words divided into message groups. And calculated and At the same time, output and Provided to the compression circuit for subsequent pipeline compression.
[0026] In the second clock cycle, 16 message words are stored using 16 message word registers. as well as And calculated and At the same time, output and Provided to the compression circuit for subsequent pipeline compression.
[0027] And so on, in the 3rd to 52nd clock cycles, the calculation is... as well as At the same time, output as well as Provided to the compression circuit for subsequent pipeline compression.
[0028] In the 53rd clock cycle, 16 message words are stored using 16 message word registers. And calculated .
[0029] In the 54th clock cycle, 15 message words are stored using 15 message word registers. And calculated .
[0030] Following this pattern, during the 55th to 64th clock cycles, the message word register is decreased sequentially, and the result is calculated. .
[0031] The message word is obtained by performing a single round of expansion using the following formula: message In the formula =16~67, For the permutation function in the predefined message extension. Figure 3 To execute the above formula, a wheel expansion circuit is configured with 52 wheel expansion circuits in the message expansion circuit.
[0032] message In the formula =0~63.
[0033] For example, the first round of the pipeline uses 16 message word registers for storage. The first message extension is calculated within one clock cycle, through methods such as... Figure 3 The wheel expansion circuit shown performs the operation and calculates... And calculate using XOR operation The entire process described above is completed within a single clock cycle. The next clock cycle can then input a new message block consisting of 16 message words. The typical length is... l ( l <2 64 Any message m padded with 512 bits will be divided into n message groups: B (0) B (1) ...B (n-1) Each message group B (i) All of them need to be expanded to generate 132 32-bit message words for subsequent pipeline compression.
[0034] The second round of the pipeline also has 16 message word registers. In the second clock cycle: first, the registers from the first round... and the calculated Stored in 16 message word registers. This is no longer needed in subsequent calculations, therefore it does not need to be stored in subsequent circuits. Then, through... Figure 3 The wheel expansion circuit shown performs the operation and calculates... ; and calculate using XOR operation All of the above processes are completed within the same clock cycle.
[0035] Production lines 3 through 52 all follow the above rules for calculation, sequentially calculating... as well as .
[0036] The 53rd round pipeline has 16 message word registers to store the messages from the 52nd round. And calculate using XOR operation However, it is no longer needed. Figure 3 The wheel expansion circuit shown.
[0037] The 54th round of the pipeline has 15 message word registers, requiring only computation. And no further storage is required. Therefore, starting from round 54, the number of message word registers required by the pipeline decreases sequentially in each round and they are no longer needed. Figure 3 The wheel expansion circuit shown reduces the number of message word registers by 66 and the number of wheel expansion circuits by 12 compared to existing technologies. See also Figure 3 As shown, starting from 62 clock cycles, two message word registers can be reduced each time.
[0038] In summary, the circuit implementing the fully pipelined SM3 cryptographic hash algorithm in this embodiment of the invention can reduce the number of message word registers and save storage resources by gradually stopping the storage of intermediate message words that are no longer needed after message expansion is completed in 64 rounds of operation. Furthermore, since round expansion circuitry is no longer needed after message expansion, the number of round expansion circuitry cycles can be reduced.
[0039] As an optional implementation, in one embodiment of the invention, the compression circuit is used to receive the message word obtained from each round of expansion and output it after performing corresponding round-based pipeline compression, including: Assign initial values to the eight status registers, denoted as A, B, C, D, E, F, G, and H; Receive the message words obtained from each round of expansion, and update A, B, C, D, E, F, G, and H according to preset rules; among them, the calculation formula for updating E according to preset rules is as follows: ; ; In the formula, express The updated value; For predefined permutation functions in compression; For predefined Boolean functions; As an intermediate variable; This is the compensation value; It is a constant. =0~63.
[0040] Specifically, Figure 4 This is a schematic diagram of the compression circuit, which includes 64 compression rings. Figure 5 This is a schematic diagram of a compression circuit. The critical path in the compression process is the update of E. The existing formula for calculating the update of E is as follows: ; ; For consecutive additions of more than two numbers, a compressor can be used to compress the data first, followed by an adder to complete the addition, thereby reducing the critical path. However, the existing calculation formula for E needs updating. In Make The addition in the middle cannot be summed. The addition in the expression is continuous, making compressed addition unusable. See also Figure 6 As shown, in the traditional approach, it is necessary to first complete The operation, including three additions. Continuous operation can be accomplished using a 3-2 compressor and an adder. Then, a 3-2 compressor and an adder are used to complete the final result. Add them together to get The critical path is shown in red. +1×3-2 compressors +2×adders +P0. Additionally, in Figure 4 middle, It is also a pre-defined Boolean function, which... The changes take different expressions; , This is an intermediate variable. Figure 5 middle, , Assign initial values to the eight status registers in each compression round, as well as the compressed output value, and configure each message packet B. (i) Correspondingly, among which Take the initial value IV (preset). Indicates a register, temporarily storing input. The value is used for subsequent calculations.
[0041] See Figure 4 and Figure 7 As shown, the embodiments of the present invention will In The operation is completed before the addition is executed, that is... . and The difference between them is the compensation value. , (Compensation Value) is used to correct calculation errors caused by cyclic shifts and addition reordering.
[0042] The updated calculation formula for E according to the new preset rules is as follows:
[0043] By performing the above transformation, all additions are made continuous, allowing the compressor to be used to further optimize the critical path.
[0044] Furthermore, the calculation of E according to preset rules includes: Completed using a 3-2 compressor and a left shift operation. compression generation and ; according to The calculation result is from the preset Choose one as calculate .
[0045] Specifically, pre-set They are respectively: , , , See also Figure 4 As shown, in this embodiment of the invention, a 3-2 compressor is first used to complete the left shift operation. The compression generates c and s. The compressed results c and s can then be directly compared with... Compression. There are four cases for CV here, which need to be considered... The selection is based on the calculation results. This embodiment of the invention uses... Figure 4 The parallel structure is shown. First, a 5-2 compressor is used for computation. Its compression result is then simultaneously combined with... Perform a 3-2 compression operation, then use traditional carry addition to calculate the four candidate results. Simultaneously, perform traditional carry addition in parallel. The result of this operation is used to select the correct result from four 3-2 compression operations, thus completing the final calculation. The selection of the correct result is achieved using a 4-1 selector with the following input: , respectively The carry generated by the 25th bit (i.e.) The carry-in of the first bit and the carry-out of the 32nd bit, i.e., the carry-out generated by the entire addition. Select , Select , Select , Select .
[0046] Through the above methods The critical path is shown in red. +1×5-2 compressor +1×3-2 compressor +1 adder +1×4-1 selector +P0, i.e., calculation The critical path replaces an adder with a path consisting of one 5-2 compressor, one 3-2 compressor, and one 4-1 selector. Since the adder's latency is much higher than that of the compressor, The computation path has been optimized.
[0047] Additionally, see Figure 8 As shown, it is the final corresponding length. l ( l <2 64 The circuit implements a fully pipelined SM3 cryptographic hash algorithm for a message m of 12 bits, which fills the message according to the SM3 standard and then divides it into 512-bit message blocks B. (i) Then, the corresponding message group is delayed by 64×i clock cycles to achieve non-blocking input messages. The given initial value IV is stored in 8 status registers for the first round of compression, and then the final hash value is calculated through pipeline, resulting in a 256-bit output hash value. .
[0048] See Figure 9 As shown, this embodiment of the invention also provides a method for implementing a fully pipelined SM3 cryptographic hash algorithm, comprising the following steps: Step S10: Expand the N message words of the message group into K message words in M rounds, wherein in the subsequent rounds of expansion, the message word register used to store the message words is gradually reduced. Step S20: Receive the message word obtained from each round of expansion, perform corresponding round-based pipeline compression, and then output it.
[0049] As an optional implementation, in one embodiment of the invention, when N is 16, M is 64, and K is 132, the step of expanding the N message words divided into message groups into K message words through M rounds, wherein in subsequent rounds of expansion, the message word register used to store the message words is gradually reduced, including: In the first clock cycle, 16 message word registers are used to store the 16 message words divided into message groups. And calculated and ; In the second clock cycle, 16 message words are stored using 16 message word registers. as well as And calculated and ; And so on, in the 3rd to 52nd clock cycles, the calculation is... as well as ; In the 53rd clock cycle, 16 message words are stored using 16 message word registers. And calculated ; In the 54th clock cycle, 15 message words are stored using 15 message word registers. And calculated ; Following this pattern, during the 55th to 64th clock cycles, the message word register is decreased sequentially, and the result is calculated. .
[0050] As an optional implementation, in one embodiment of the invention, when N is 16, M is 64, and K is 132, the step of expanding the N message words divided into message groups into K message words through M rounds, wherein in subsequent rounds of expansion, the message word register used to store the message words is gradually reduced, further comprising: The message word is obtained by performing a round of expansion using the following formula: message In the formula =16~67, For the permutation function in the predefined message extension; message In the formula =0~63.
[0051] As an optional implementation, in one embodiment of the invention, the step of receiving the message word obtained from each round of expansion and outputting it after corresponding round of pipeline compression includes: Assign initial values to the eight status registers, denoted as A, B, C, D, E, F, G, and H; Receive the message words obtained from each round of expansion, and update A, B, C, D, E, F, G, and H according to preset rules; among them, the calculation formula for updating E according to preset rules is as follows: ; ; In the formula, express The updated value; For predefined permutation functions in compression; For predefined Boolean functions; As an intermediate variable; This is the compensation value; It is a constant. =0~63.
[0052] As an optional implementation, in one embodiment of the invention, the calculation of E updating according to preset rules includes: Completed using a 3-2 compressor and a left shift operation. compression generation and ; according to The calculation result is from the preset Choose one as calculate .
[0053] In the description of this invention, it should be noted that the terms "upper," "lower," etc., indicating the orientation or positional relationship are based on the orientation or positional relationship shown in the accompanying drawings, and are only for the convenience of describing the invention and simplifying the description, and do not indicate or imply that the device or element referred to must have a specific orientation, or be constructed and operated in a specific orientation, and therefore should not be construed as a limitation of the invention. Unless otherwise expressly specified and limited, the terms "installed," "connected," and "linked" should be interpreted broadly. For example, they can refer to a fixed connection, a detachable connection, or an integral connection; they can refer to a mechanical connection or an electrical connection; they can refer to a direct connection or an indirect connection through an intermediate medium; they can refer to the internal communication between two elements. For those skilled in the art, the specific meaning of the above terms in this invention can be understood according to the specific circumstances.
[0054] It should be noted that in this invention, relational terms such as "first" and "second" are used merely to distinguish one entity or operation from another, and do not necessarily require or imply any such actual relationship or order between these entities or operations. Furthermore, the terms "comprising," "including," or any other variations thereof are intended to cover non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements includes not only those elements but also other elements not expressly listed, or elements inherent to such a process, method, article, or apparatus. Without further limitations, an element defined by the phrase "comprising one..." does not exclude the presence of other identical elements in the process, method, article, or apparatus that includes said element.
[0055] The above description is merely a specific embodiment of the present invention, enabling those skilled in the art to understand or implement the invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the general principles defined herein may be implemented in other embodiments without departing from the spirit or scope of the invention. Therefore, the present invention is not to be limited to the embodiments shown herein, but is to be accorded the widest scope consistent with the principles and novel features of the invention herein.
Claims
1. A circuit for implementing a fully pipelined SM3 cryptographic hash algorithm, characterized in that, include: The message expansion circuit is used to expand N message words into K message words in M rounds, wherein in the subsequent rounds of expansion, the message word register used to store the message words is gradually reduced. A compression circuit, connected to the message expansion circuit, is used to receive the message words obtained from each round of expansion and output them after corresponding round of pipeline compression.
2. The circuit for implementing the fully pipelined SM3 cryptographic hash algorithm according to claim 1, characterized in that, When N is 16, M is 64, and K is 132, the message expansion circuit is used to expand the N message words divided into message groups in M rounds to obtain K message words. In subsequent rounds of expansion, the message word register used to store the message words is gradually reduced, including: In the first clock cycle, 16 message word registers are used to store the 16 message words divided into message groups. And calculated and ; In the second clock cycle, 16 message words are stored using 16 message word registers. as well as And calculated and ; And so on, in the 3rd to 52nd clock cycles, the calculation is... as well as ; In the 53rd clock cycle, 16 message words are stored using 16 message word registers. And calculated ; In the 54th clock cycle, 15 message words are stored using 15 message word registers. And calculated ; Following this pattern, during the 55th to 64th clock cycles, the message word register is decreased sequentially, and the result is calculated. .
3. The circuit for implementing the fully pipelined SM3 cryptographic hash algorithm according to claim 2, characterized in that, The message expansion circuit is used to expand N message words divided into message groups into K message words through M rounds of expansion, wherein in subsequent rounds of expansion, the message word register used to store the message words is gradually reduced, and it also includes: The message word is obtained by performing a round of expansion using the following formula: message In the formula =16~67, For the permutation function in the predefined message extension; message In the formula =0~63.
4. The circuit for implementing the fully pipelined SM3 cryptographic hash algorithm according to claim 3, characterized in that, The compression circuit is used to receive the message words obtained from each round of expansion and perform corresponding round-based pipeline compression before outputting them, including: Assign initial values to the eight status registers, denoted as A, B, C, D, E, F, G, and H; Receive the message words obtained from each round of expansion, and update A, B, C, D, E, F, G, and H according to preset rules; among them, the calculation formula for updating E according to preset rules is as follows: ; ; In the formula, express The updated value; For predefined permutation functions in compression; For predefined Boolean functions; As an intermediate variable; This is the compensation value; It is a constant. =0~63.
5. The circuit for implementing the fully pipelined SM3 cryptographic hash algorithm according to claim 4, characterized in that, The calculation of E according to preset rules includes: Completed using a 3-2 compressor and a leftward shift operation. compression generation and ; according to The calculation result is from the preset Choose one as calculate .
6. A method for implementing a fully pipelined SM3 cryptographic hash algorithm, characterized in that, Includes the following steps: The message group is divided into N message words and expanded in M rounds to obtain K message words. In the subsequent rounds of expansion, the message word register used to store the message words is gradually reduced. Receive the message words obtained from each round of expansion, perform corresponding round-based pipeline compression, and then output them.
7. The method for implementing a fully pipelined SM3 cryptographic hash algorithm according to claim 6, characterized in that, When N is 16, M is 64, and K is 132, the N message words divided into message groups are expanded in M rounds to obtain K message words. In subsequent rounds of expansion, the message word register used to store the message words is gradually reduced, including: In the first clock cycle, 16 message word registers are used to store the 16 message words divided into message groups. And calculated and ; In the second clock cycle, 16 message words are stored using 16 message word registers. as well as And calculated and ; And so on, in the 3rd to 52nd clock cycles, the calculation is... as well as ; In the 53rd clock cycle, 16 message words are stored using 16 message word registers. And calculated ; In the 54th clock cycle, 15 message words are stored using 15 message word registers. And calculated ; Following this pattern, during the 55th to 64th clock cycles, the message word register is decreased sequentially, and the result is calculated. .
8. The method for implementing a fully pipelined SM3 cryptographic hash algorithm according to claim 7, characterized in that, The step of expanding the N message words into K message words through M rounds, wherein in subsequent rounds of expansion, the message word register used to store the message words is gradually reduced, also includes: The message word is obtained by performing a round of expansion using the following formula: message In the formula =16~67, For the permutation function in the predefined message extension; message In the formula =0~63.
9. The method for implementing a fully pipelined SM3 cryptographic hash algorithm according to claim 8, characterized in that, The process of receiving the message word obtained from each round of expansion, performing corresponding round-specific pipeline compression, and then outputting it includes: Assign initial values to the eight status registers, denoted as A, B, C, D, E, F, G, and H; Receive the message words obtained from each round of expansion, and update A, B, C, D, E, F, G, and H according to preset rules; among them, the calculation formula for updating E according to preset rules is as follows: ; ; In the formula, express The updated value; For predefined permutation functions in compression; For predefined Boolean functions; As an intermediate variable; This is the compensation value; It is a constant. =0~63.
10. The method for implementing a fully pipelined SM3 cryptographic hash algorithm according to claim 9, characterized in that, The calculation of E according to preset rules includes: Completed using a 3-2 compressor and a leftward shift operation. compression generation and ; according to The calculation result is from the preset Choose one as calculate .