CN115664849B - BMC, encrypted data generation system, method, device and storage medium thereof - Google Patents

BMC, encrypted data generation system, method, device and storage medium thereof Download PDF

Info

Publication number
CN115664849B
CN115664849B CN202211592786.1A CN202211592786A CN115664849B CN 115664849 B CN115664849 B CN 115664849B CN 202211592786 A CN202211592786 A CN 202211592786A CN 115664849 B CN115664849 B CN 115664849B
Authority
CN
China
Prior art keywords
adder
data
compression function
encrypted
output
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202211592786.1A
Other languages
Chinese (zh)
Other versions
CN115664849A (en
Inventor
孙旭
宋琪
赵新宇
周玉龙
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Suzhou Inspur Intelligent Technology Co Ltd
Original Assignee
Suzhou Inspur Intelligent Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Suzhou Inspur Intelligent Technology Co Ltd filed Critical Suzhou Inspur Intelligent Technology Co Ltd
Priority to CN202211592786.1A priority Critical patent/CN115664849B/en
Publication of CN115664849A publication Critical patent/CN115664849A/en
Application granted granted Critical
Publication of CN115664849B publication Critical patent/CN115664849B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Abstract

The application discloses a BMC and an encrypted data generation system, method, device and storage medium thereof, which are applied to the technical field of data verification and comprise the following steps: determining data to be encrypted; based on an SHA-256 algorithm, performing message filling grouping and grouping expansion on data to be encrypted to obtain a first parameter sequence K and a second parameter sequence W; based on the first parameter sequence K, the second parameter sequence W and the data to be encrypted, performing iterative compression of the SHA-256 algorithm by using a first compression function to obtain encrypted data which accord with the calculation result of the SHA-256 algorithm aiming at the data to be encrypted; in the iterative compression process, the first compression function used is the first compression function obtained after 2 single-round compression functions of the SHA-256 algorithm are combined. By applying the scheme of the application, the encrypted data can be effectively generated based on the SHA-256 algorithm, and the required clock period is reduced.

Description

BMC, encrypted data generation system, method, device and storage medium thereof
Technical Field
The invention relates to the technical field of data verification, in particular to a BMC (baseboard management controller) and an encrypted data generation system, method, device and storage medium thereof.
Background
SHA (Secure Hash Algorithm) -256 Algorithm is one of SHA-2 series issued by the national security agency of america, and the generated Hash value, that is, the length of the generated encrypted data, is 256 bits. With the destruction of the attack resistance of SHA-1, the SHA-256 algorithm is most applied in the current important security field. The SHA-256 algorithm supports plain text input of limited length to 264 bits, message packet length 512 bits, and iterative compression process message word length 32 bits.
In the hardware implementation of the algorithm, referring to fig. 1, a schematic diagram of a framework for implementing the SHA-256 algorithm at present is shown, where data to be encrypted, or referred to as data to be compressed, needs to undergo processes of message grouping and padding, packet expansion, and 64 rounds of function iterative compression per group, where the function iterative compression process is complex in computation, most in resource consumption, and most in time consumption. At present, the optimization of the SHA-256 algorithm is mainly realized by arranging multi-stage pipelining in iterative compression calculation, and although the performance of a circuit is optimized, a lot of resources of a trigger and a register are increased, and the area and the power consumption of a chip are increased.
Moreover, when a single round of compression function is implemented, the current technical scheme is generally completed by 2, 3 or at least one clock cycle, the whole 64 rounds of iterative compression are completed by 65 clock cycles at least, and a certain bottleneck exists in the calculation performance.
In summary, how to effectively generate encrypted data based on the SHA-256 algorithm and reduce the required clock period, thereby reducing the time consumption, is a technical problem that needs to be solved by those skilled in the art.
Disclosure of Invention
The invention aims to provide a BMC (baseboard management controller) and an encrypted data generation system, method, device and storage medium thereof, so that encrypted data can be effectively generated based on a SHA-256 algorithm, the required clock period is reduced, and time consumption is reduced.
In order to solve the technical problems, the invention provides the following technical scheme:
a method for generating encrypted data is applied to BMC and comprises the following steps:
determining data to be encrypted;
based on SHA-256 algorithm, performing message filling grouping and grouping expansion on the data to be encrypted to obtain a first parameter sequence K and a second parameter sequence W;
based on the first parameter sequence K, the second parameter sequence W and the data to be encrypted, performing iterative compression of an SHA-256 algorithm by using a first compression function to obtain encrypted data which accord with the calculation result of the SHA-256 algorithm for the data to be encrypted;
in the iterative compression process, the first compression function used is the first compression function obtained after 2 single-round compression functions of the SHA-256 algorithm are combined.
Preferably, the 1 st message word A2 output by the first compression function is represented as:
A2=T1’(E1,F1,G1,H1)+ T2’(A1,B1,C1);
where, T1' (E1, F1, G1, H1) = H1+ Σ 1 (E1)+ Ch(E1,F1,G1)+ K2 + W2;
E1=D+T1;F1=E;G1=F;H1=G;
T1=H +Σ 1 (E)+ Ch(E,F,G)+ K1 + W1;
Σ 1 (E)=ROTR^6(E)⊕ROTR^11(E)⊕SHR^25(E);
Σ 1 (E1)=ROTR^6(E1)⊕ROTR^11(E1)⊕SHR^25(E1);
Ch(E1,F1,G1)=(E1︿F1)⊕(﹁E1︿G1);
Ch(E,F,G)=(E︿F)⊕(﹁E︿G);
T2’(A1,B1,C1)=Σ 0 (A1) + Maj(A1,B1,C1);
A1=T1+T2;B1=A;C1=B;
T2=Σ 0 (A)+Maj(A,B,C);
Σ 0 (A)=ROTR^2(A)⊕ROTR^13(A)⊕SHR^22(A);
Σ 0 (A1)=ROTR^2(A1)⊕ROTR^13(A1)⊕SHR^22(A1);
Maj(A,B,C)=(A︿B)⊕(A︿C)⊕(B︿C);
Maj(A1,B1,C1)=(A1︿B1)⊕(A1︿C1)⊕(B1︿C1);
Wherein A is a1 st message word currently input to the first compression function, B is a2 nd message word currently input to the first compression function, C is a 3 rd message word currently input to the first compression function, D is a 4 th message word currently input to the first compression function, E is a 5 th message word currently input to the first compression function, F is a6 th message word currently input to the first compression function, G is a 7 th message word currently input to the first compression function, and H is an 8 th message word currently input to the first compression function;
k1 and K2 are respectively the 1 st parameter value and the 2 nd parameter value in the first parameter sequence K; w1 and W2 are respectively the 1 st parameter value and the 2 nd parameter value in the first parameter sequence W;
T1,T2,T1’,T2’,Σ 1 ,Σ 0 ch and Maj are set intermediate variables, and A1 to H1 sequentially represent the 1 st to 8 th message words output by the single-round compression function when a to H are input to the single-round compression function;
an AND operation of 32 bits < 65088 >, an OR operation of 32 bits < XOR >, an XOR operation of 32 bits < NOR >, a non operation of 32 bits < NOR >, + denotes mod2 32 The ROTR ^ k () represents that the value in the brackets is circularly shifted right by k bits; SHR ^ k () denotes that the value in brackets is shifted to the right by k bits and the lower left bit is complemented by 0, k being a positive integer.
Preferably, the 2 nd message word B2 output by the first compression function is represented as: b2= T1+ T2.
Preferably, the 3 rd message word C2 output by the first compression function is represented as: c2= a.
Preferably, the 4 th message word D2 output by the first compression function is represented as: d2= B.
Preferably, the 5 th message word E2 output by the first compression function is represented as:
E2=D1+T1’(E1,F1,G1,H1);
d1= C; d1 represents the 4 th message word output by the single round compression function obtained when a through H are input to the single round compression function.
Preferably, the 6 th message word F2 output by the first compression function is represented as: f2= D + T1.
Preferably, the 7 th message word G2 output by the first compression function is represented as: g2= E.
Preferably, the 8 th message word H2 output by the first compression function is represented as: h2= F.
Preferably, the method further comprises the following steps:
converting the exclusive or operation in Ch (E1, F1, G1) and Ch (E, F, G) into the operation of and gate and or gate by performing boolean function conversion on Ch (E1, F1, G1) and Ch (E, F, G);
wherein converted Ch (E1, F1, G1) = (E1 < F1) \65088 [. E1 < G1 > ]; ch (E, F, G) = (E < F) \65088c (| G).
Preferably, the method further comprises the following steps:
converting the exclusive or operation in Maj (a, B, C) and Maj (A1, B1, C1) into the operation of and gate and or gate by performing boolean function conversion on Maj (a, B, C) and Maj (A1, B1, C1);
wherein converted Maj (A, B, C) = (A (B _65088; C)) \65088; (B < C); maj (A1, B1, C1) = (A1 | (B1 _65088; C1)) \65088; (B1 | (C1).
Preferably, the method further comprises the following steps:
after iterative compression of the SHA-256 algorithm is carried out by using the first compression function, encrypted data which accord with the calculation result of the SHA-256 algorithm for the data to be encrypted are obtained, accuracy verification is carried out on the encrypted data, and the verification result is recorded.
Preferably, when the recorded verification result is a verification result indicating that the accuracy verification fails, a prompt message indicating that the verification fails is output.
Preferably, the 1 st message word A2 and the 5 th message word E2 output by the first compression function are output by 3 carry save adders, a first adder, a second adder, and a third adder;
the first carry save adder has a first input end with data H1+ K2+ W2 and a second input end with data sigma 1 (E1) The third input data is Ch (E1, F1, G1); the first output end data of the first carry save adder is respectively sent to the first input end of a second carry save adder and the first input end of a third carry save adder, and the second output end data of the first carry save adder is respectively sent to the second input end of the second carry save adder and the second input end of the third carry save adder;
the third input end data of the second carry save adder is C, the first output end and the second output end of the second carry save adder are both connected to the first adder, and the output data of the first adder is E2;
the first input data of the second adder is ∑ 0 (A1) The second input end data is Maj (A1, B1, C1), and the output end of the second adder is connected to the third input end of the third carry-save adder; and the first output end and the second output end of the third carry-in save adder are both connected to the third adder, and the output data of the third adder is A2.
Preferably, the first adder is a first carry bypass adder, the second adder is a first carry selection adder, and the third adder is a second carry bypass adder.
Preferably, the 2 nd message word B2 and the 6 th message word F2 output by the first compression function are output by 3 carry save adders, a fourth adder, a fifth adder and a sixth adder;
the first input end data of the fourth carry save adder is H + K1+ W1, and the second input end data is sigma 1 (E) The third input data is Ch (E, F, G); the first output end data of the fourth carry save adder is respectively sent to the first input end of a fifth carry save adder and the first input end of a sixth carry save adder, and the second output end data of the fourth carry save adder is respectively sent to the second input end of the fifth carry save adder and the second input end of the sixth carry save adder;
the third input end data of the fifth carry save adder is D, the first output end and the second output end of the fifth carry save adder are both connected to the fourth adder, and the output data of the fourth adder is F2;
the first input end data of the fifth adder is sigma 0 (A) The second input end data is Maj (a, B, C), and the output end of the fifth adder is connected to the third input end of the sixth carry save adder; and a first output end and a second output end of the sixth carry save adder are both connected to the sixth adder, and the output data of the sixth adder is B2.
Preferably, the fourth adder is a third carry bypass adder, the fifth adder is a second carry select adder, and the sixth adder is a fourth carry bypass adder.
An encrypted data generation system applied to BMC comprises:
the data to be encrypted determining module is used for determining data to be encrypted;
the parameter sequence determining module is used for performing message filling grouping and grouping expansion on the data to be encrypted based on an SHA-256 algorithm to obtain a first parameter sequence K and a second parameter sequence W;
the iterative compression module is used for performing iterative compression of an SHA-256 algorithm by using a first compression function based on a first parameter sequence K, the second parameter sequence W and the data to be encrypted to obtain encrypted data which accords with the calculation result of the SHA-256 algorithm for the data to be encrypted;
wherein, in the iterative compression process, the first compression function used is the first compression function obtained after combining 2 single-round compression functions of the SHA-256 algorithm.
A BMC comprising an encrypted data generation system as described above.
An encrypted data generating device applied to BMC comprises:
a memory for storing a computer program;
a processor for executing the computer program to implement the steps of the encrypted data generation method as described above.
A computer-readable storage medium for use in a BMC, the computer-readable storage medium having stored thereon a computer program which, when executed by a processor, performs the steps of the encrypted data generation method as described above.
By applying the technical scheme provided by the embodiment of the invention, after the data to be encrypted is determined, message filling grouping and grouping expansion can be carried out on the data to be encrypted based on the SHA-256 algorithm to obtain the first parameter sequence K and the second parameter sequence W, and then the encrypted data which accords with the calculation result of the SHA-256 algorithm for the data to be encrypted is obtained based on the first parameter sequence K, the second parameter sequence W and the data to be encrypted, namely, the encrypted data obtained by the method is consistent with the encrypted data obtained by using the traditional SHA-256 algorithm, namely, the scheme of the method can effectively generate the encrypted data based on the SHA-256 algorithm. Moreover, when the present application performs iterative compression, the first compression function is used to perform iterative compression of the SHA-256 algorithm, and the first compression function is the first compression function obtained by combining 2 single-round compression functions of the SHA-256 algorithm, which means the calculation content of the 2 single-round compression functions. Therefore, the scheme of the application can operate at a higher clock frequency, so that the overall performance is further improved, and the encrypted data corresponding to the data to be encrypted can be determined more quickly.
In summary, the scheme of the application can effectively generate the encrypted data based on the SHA-256 algorithm, and reduces the required clock period, thereby reducing the time consumption for generating the encrypted data.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
FIG. 1 is a block diagram of a current SHA-256 algorithm implementation;
FIG. 2 is a flow chart of an embodiment of a method for generating encrypted data according to the present invention;
FIG. 3 is a block diagram of a single round compression function used by the conventional SHA-256 algorithm;
FIG. 4 is a schematic diagram of an adder circuit for A2 and E2 according to an embodiment of the present invention;
FIG. 5 is a schematic diagram of an adder circuit for A2 and E2 according to another embodiment of the present invention;
FIG. 6 is a schematic diagram of a circuit configuration of an adder B2 and an adder F2 according to an embodiment of the present invention;
FIG. 7 is a schematic diagram of an encrypted data generating system according to the present invention;
fig. 8 is a schematic structural diagram of an encrypted data generating apparatus according to the present invention.
Detailed Description
The core of the invention is to provide an encrypted data generation method, which can effectively generate encrypted data based on SHA-256 algorithm and reduce the required clock period, thereby reducing the time consumption for generating the encrypted data.
In order that those skilled in the art will better understand the disclosure, the invention will be described in further detail with reference to the accompanying drawings and specific embodiments. It is to be understood that the described embodiments are merely exemplary of the invention, and not restrictive of the full scope of the invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Referring to fig. 2, fig. 2 is a flowchart illustrating an implementation of a method for generating encrypted data according to the present invention, where the method for generating encrypted data may include the following steps:
step S201: and determining the data to be encrypted.
Specifically, the data to be encrypted, that is, the input data, may also be referred to as data to be compressed, and after the data to be encrypted is determined, the subsequent steps may be performed to determine the encrypted data, and the determined encrypted data may also be referred to as digest data or a hash value.
The scheme of the application can be generally applied to the BMC, for example, the scheme is arranged in an encryption function module of the BMC to realize data encryption. Of course, in other specific situations, when the encrypted data needs to be obtained based on the SHA-256 algorithm, the scheme of the present application may also be applied.
Step S202: based on SHA-256 algorithm, message filling grouping and grouping expansion are carried out on data to be encrypted to obtain a first parameter sequence K and a second parameter sequence W.
Based on SHA-256 algorithm, message filling grouping and grouping expansion can be carried out on data to be encrypted, and the message grouping length is 512 bits according to the specification of SHA-256 algorithm.
After the data to be encrypted is subjected to message padding grouping and grouping expansion, a first parameter sequence K and a second parameter sequence W are determined according to the rule of the SHA-256 algorithm. The first parameter sequence K includes 64 parameter values, which may be sequentially represented as K1 to K64, and the second parameter sequence W also includes 64 parameter values, which may be sequentially represented as W1 to W64. It is understood that when the data to be encrypted is determined, the first parameter sequence K and the second parameter sequence W used this time can be determined.
Step S203: based on the first parameter sequence K, the second parameter sequence W and the data to be encrypted, performing iterative compression of the SHA-256 algorithm by using a first compression function to obtain encrypted data which accord with the calculation result of the SHA-256 algorithm aiming at the data to be encrypted;
in the iterative compression process, the first compression function used is the first compression function obtained after 2 single-round compression functions of the SHA-256 algorithm are combined.
The encrypted data which accords with the calculation result of the SHA-256 algorithm for the data to be encrypted can be obtained based on the first parameter sequence K, the second parameter sequence W and the data to be encrypted, that is, the encrypted data obtained by the scheme of the application is consistent with the encrypted data obtained by using the traditional SHA-256 algorithm, that is, the scheme of the application can effectively generate the encrypted data based on the SHA-256 algorithm.
In addition, when the application carries out iterative compression, the first compression function is used for carrying out the iterative compression of the SHA-256 algorithm, the first compression function is obtained by combining 2 single-round compression functions of the SHA-256 algorithm, which means the calculation content of the 2 single-round compression functions, and the application can complete the calculation in one clock cycle through the first compression function obtained after combination. Therefore, for a set of input data, a calculation iteration process of 65 clock cycles is required when the traditional SHA256 algorithm is adopted, and the scheme of the application can be completed by using only 33 clock cycles.
For the convenience of understanding, the single-round compression function used by the conventional SHA-256 algorithm is first described, and fig. 3 is a schematic diagram of a framework structure of a hardware circuit used for implementing the single-round compression function. A. B, C, D, E, F, G, H represent the inputs to the single round compression function, corresponding to the 1 st to 8 th message words to the first compression function described later. A1, B1, C1, D1, E1, F1, G1, H1 represent the output of the single round compression function, i.e., the 1 st to 8 th message words output by the single round compression function.
According to the rules of SHA-256 algorithm, the message words A, B, C, D, E, F, G, H, and A1, B1, C1, D1, E1, F1, G1, H1 are all 32 bits.
Before and after the single-round compression function is calculated, the input and output relational expressions are as follows:
{ A1, B1, C1, D1, E1, F1, G1, H1} = { T1+ T2, a, B, C, D + T1, E, F, G }. T1 and T2 are both intermediate variables.
2, since the message words in the calculation are all 32 bits, the ANDing operation of 32 bits is 65088, the ORing operation of 32 bits, the XOR operation of 32 bits, the non-operation of 32 bits, + denotes mod2 32 The ROTR ^ k () represents that the value in the brackets is circularly shifted right by k bits; SHR ^ k () indicates that the value in the bracket is shifted to the right by k bits, the lower bit on the left is supplemented by 0, k is a positive integer, and specifically, in the following text of the application, k in ROTR ^ k () has 4 values of 2,6, 11 and 13, and k in SHR ^ k () has 2 values of 22 and 25. In FIG. 3, kj represents the jth parameter value in the first parameter sequence K, and Wj represents the jth parameter value in the second parameter sequence W, i.e. the jth parameter value in the process of 64 iterations of each set of input data using the single round compression functionOne round uses W1 and K1, the second round uses W2 and K2, and so on.
As can be seen from fig. 3:
Ch(E,F,G)=(E︿F)⊕(﹁E︿G);
Maj(A,B,C)=(A︿B)⊕(A︿C)⊕(B︿C);
Σ 0 (A)=ROTR^2(A)⊕ROTR^13(A)⊕SHR^22(A);
Σ 1 (E)=ROTR^6(E)⊕ROTR^11(E)⊕SHR^25(E);
T1=H +Σ 1 (E)+ Ch(E,F,G)+ K1 + W1;
T2=Σ 0 (A)+Maj(A,B,C);
A1=T1+T2;
B1=A;
C1=B;
D1=C;
E1=D+T1;
F1=E;
G1=F;
H1=G。
by analyzing the single-round compression functions used by the conventional SHA-256 algorithm, in the iterative compression process, the first compression function used in the scheme of the application is the first compression function obtained after combining 2 single-round compression functions of the SHA-256 algorithm.
Therefore, in one embodiment of the present invention, the 1 st message word A2 output by the first compression function can be expressed as: a2= T1 '(E1, F1, G1, H1) + T2' (A1, B1, C1).
That is, when a to H are input data, A1 to H1 correspond to output values obtained after 1 round of compression is performed using a conventional single round of compression function, and A2 to H2 correspond to output values obtained after 2 rounds of compression is performed using a conventional single round of compression function. If a complete 64-round compression is performed, the output values obtained by performing 64-round compression in the conventional single-round compression function can be represented as a64 to H64. In the scheme of the present application, when a to H are input data, after 1 time of performing the first compression function, the obtained results are A2 to H2, and therefore, the output values obtained after performing 32 rounds of compression can be represented as a64 to H64.
T1’(E1,F1,G1,H1)=H1+Σ 1 (E1)+ Ch(E1,F1,G1)+ K2 + W2;
E1=D+T1;F1=E;G1=F;H1=G
T1=H +Σ 1 (E)+ Ch(E,F,G)+ K1 + W1;
Σ 1 (E)=ROTR^6(E)⊕ROTR^11(E)⊕SHR^25(E);
Σ 1 (E1)=ROTR^6(E1)⊕ROTR^11(E1)⊕SHR^25(E1);
Ch(E1,F1,G1)=(E1︿F1)⊕(﹁E1︿G1);
Ch(E,F,G)=(E︿F)⊕(﹁E︿G);
T2’(A1,B1,C1)=Σ 0 (A1) + Maj(A1,B1,C1);
A1=T1+T2;B1=A;C1=B;
T2=Σ 0 (A)+Maj(A,B,C);
Σ 0 (A)=ROTR^2(A)⊕ROTR^13(A)⊕SHR^22(A);
Σ 0 (A1)=ROTR^2(A1)⊕ROTR^13(A1)⊕SHR^22(A1);
Maj(A,B,C)=(A︿B)⊕(A︿C)⊕(B︿C);
Maj(A1,B1,C1)=(A1︿B1)⊕(A1︿C1)⊕(B1︿C1);
Wherein, A is the 1 st message word currently input to the first compression function, B is the 2 nd message word currently input to the first compression function, C is the 3 rd message word currently input to the first compression function, D is the 4 th message word currently input to the first compression function, E is the 5 th message word currently input to the first compression function, F is the 6 th message word currently input to the first compression function, G is the 7 th message word currently input to the first compression function, and H is the 8 th message word currently input to the first compression function;
k1 and K2 are respectively the 1 st parameter value and the 2 nd parameter value in the first parameter sequence K; w1 and W2 are respectively the 1 st parameter value and the 2 nd parameter value in the first parameter sequence W;
T1,T2,T1’,T2’,Σ 1 ,Σ 0 ch and Maj are set intermediate variables, and A1 to H1 sequentially represent the 1 st message word to the 8 th message word output by the single-round compression function when A to H are adopted to input the single-round compression function;
an AND operation of 32 bits < 65088 >, an OR operation of 32 bits < XOR >, an XOR operation of 32 bits < NOR >, a non operation of 32 bits < NOR >, + denotes mod2 32 The ROTR ^ k () represents that the value in the brackets is circularly shifted right by k bits; SHR ^ k () denotes that the value in brackets is shifted to the right by k bits and the lower left bit is complemented by 0, k being a positive integer.
Accordingly, the 2 nd message word B2 output by the first compression function may be expressed as: b2= T1+ T2.
Accordingly, the 3 rd message word C2 output by the first compression function may be represented as: c2= a.
Accordingly, the 4 th message word D2 output by the first compression function may be expressed as: d2= B.
Accordingly, the 5 th message word E2 output by the first compression function may be expressed as:
E2=D1+T1’(E1,F1,G1,H1)=C+T1’(E1,F1,G1,H1);
d1= C; d1 represents the 4 th message word output by the single round compression function, which is obtained when a through H are input to the single round compression function.
Accordingly, the 6 th message word F2 output by the first compression function may be expressed as: f2= D + T1.
Accordingly, the 7 th message word G2 output by the first compression function may be expressed as: g2= E.
Accordingly, the 8 th message word H2 output by the first compression function may be expressed as: h2= F.
It can be understood that after the specific form of the first compression function is determined, that is, after the relationship between A2 to H2 and a to H is determined, a corresponding hardware circuit can be designed accordingly to implement the function of the first compression function of the present application.
When a through H are taken as a set of inputs, the resulting output values may be represented as a64 through H64 after a full 64-pass compression is performed using a conventional single-pass compression function. In the scheme of the application, in the process of iterative compression, when a to H are used as a set of inputs, after a complete 32-round compression is performed by using the first compression function, the obtained output values can be represented as a64 to H64. It should be noted that the data to be encrypted is divided into multiple sets of data, for example, the 1 st set of data is compressed by the first compression function in 32 rounds, and the obtained output values are represented as a64 to H64. According to the SHA-256 algorithm, a64 to H64 are summed with the second set of data, the summed result is used as new input data, the new input data is subjected to a complete 32-round compression by the first compression function, and the obtained output value is summed with the third set of data to be used as new input data, and so on, and finally, the encrypted data obtained based on the SHA-256 algorithm is 32 × 8=256bit.
As described above, after the specific form of the first compression function is determined, that is, after the relationship between A2 to H2 and a to H is determined, corresponding hardware circuits can be designed accordingly to implement the function of the first compression function of the present application.
Whereas H2= F since C2= a, D2= B, G2= E. Therefore, the calculation processes of C2, D2, G2 and H2 are simple, the values are respectively equal to A, B, E and F of the input data, direct assignment is performed when hardware is realized, and a time sequence path is short.
The calculation process for F2 is the addition of two 32bit data, F2= D + T1. Where D is input data, T1= H + Σ 1 (E) + Ch (E, F, G) + K1+ W1. And the additions described in this application are all mod2 32 I.e. after summing the two 32-bit data, the upper part of the more than 32-bit is discarded directly.
H in T1 is input data, K1 is the 1 st parameter value in the first parameter sequence K, and W1 is the 1 st parameter value in the first parameter sequence W, i.e. K1 and W1 have been determined in step S102
Σ 1 (E) = ROTR ^6 (E) & ltROTR ^11 (E) & ltshR ^25 (E); according to sigma 1 (E) The corresponding hardware circuit can be set to realize the calculation process.
Ch (E, F, G) = (E F) = (£ G); according to the expression of Ch (E, F, G), corresponding hardware circuits can be set to implement the calculation process.
Further, in an embodiment of the present invention, considering that the xor operation is involved in Ch (E, F, G), the delay of the xor gate is higher than that of the and gate and the or gate from the device delay point of view, and therefore, the boolean function conversion can be performed, and the conversion is as follows:
ch (E, F, G) = (E < F) \65088c (| G). At the moment, only AND/OR operation is involved, so that the method can be directly calculated by using combinational logic, and the delay is effectively reduced.
Likewise, for Ch (E1, F1, G1), a conversion may also be performed, the converted Ch (E1, F1, G1) = (E1F 1) \65088 | (. E1. G1).
That is, in an embodiment of the present invention, the method may further include:
converting the exclusive or operation in Ch (E1, F1, G1) and Ch (E, F, G) into the operation of and gate and or gate by performing boolean function conversion on Ch (E1, F1, G1) and Ch (E, F, G);
wherein converted Ch (E1, F1, G1) = (E1 < F1) \65088 [. E1 < G1 > ]; ch (E, F, G) = (E F) 65088 | (. E) C.
Furthermore, it will be appreciated that Ch (E1, F1, G1) and Ch (E, F, G) represent essentially the same computational logic, with only differences in the input data. Maj (A, B, C) and Maj (A1, B1, C1) (. Sigma) 1 (E) Sum sigma 1 (E1),Σ 0 (A) Sum-sigma 0 (A1) The same applies.
B2= T1+ T2, i.e. the calculation process of B2 includes two parts, T1 and T2, where the part of T1 can be referred to the above description of the calculation process of T1 in the calculation process of F2, i.e. T1= H + Σ 1 (E) + Ch (E, F, G) + K1+ W1, and the description will not be repeated here.
T2=Σ 0 (A)+Maj(A,B,C);
Σ 0 (A) = ROTR ^2 (A) & ltROTR ^13 (A) & ltshR ^22 (A); according to sigma 0 (A) The corresponding hardware circuit can be set to realize the calculation process.
Maj (a, B, C) = (a | B | (a | C) | (B |); maj (a, B, C), the corresponding hardware circuitry may be configured to implement the calculation.
Since Maj (a, B, C) = (a:) (C) | (B:) (C) includes exclusive or operation, similar to the simplified process for Ch in the above embodiments, it can be converted into operation including only and or through boolean function conversion, and Maj (a, B, C) = (a: (B:) (65088c)) \\65088; (B; (C)) after conversion can be directly calculated using combinatorial logic due to only and or operation at this time, effectively reducing delay.
Similarly, a boolean function conversion may be performed on Maj (A1, B1, C1), and the converted Maj (A1, B1, C1) = (A1 (B1 _65088; C1)) \65088 \ (B1 \ C1). In other words, maj (a, B, C) and Maj (A1, B1, C1) essentially express the same computational logic, but differ in input data.
That is, in an embodiment of the present invention, the method may further include:
converting the exclusive or operation in Maj (a, B, C) and Maj (A1, B1, C1) into the operation of and gate and or gate by performing boolean function conversion on Maj (a, B, C) and Maj (A1, B1, C1);
wherein converted Maj (A, B, C) = (A (B _65088; C)) \65088; (B < C); maj (A1, B1, C1) = (A1 | (B1 _65088; C1)) \65088; (B1 | (C1).
E2= D1+ T1 '(E1, F1, G1, H1) = C + T1' (E1, F1, G1, H1). It can be seen that the calculation process for E2 includes C and T1' (E1, F1, G1, H1), where C is the input data, and is directly available without involving calculations. T1' (E1, F1, G1, H1) requires the calculation of the T1 function again on the calculation result of the first round, as follows:
T1’(E1,F1,G1,H1)=H1+Σ 1 (E1)+ Ch(E1,F1,G1)+ K2 + W2;
since E1= D + T1; f1= E; g1= F; h1= G.
Therefore, T1' (E1, F1, G1, H1) = G + Σ 1 (D+T1)+ Ch(D+T1,E,F)+ K2 + W2。
Thus, E2= C + G + Σ 1 (D+T1)+ Ch(D+T1,E,F)+ K2 + W2。
A2= T1 '(E1, F1, G1, H1) + T2' (A1, B1, C1). It can be seen that the calculation process of A2 includes the calculation processes of T1' (E1, F1, G1, H1) and T2' (A1, B1, C1), of which T1' (E1, F1, G1, H1) is analyzed in the calculation process of E2, and a description thereof is not repeated.
T2’(A1,B1,C1)=Σ 0 (A1) + Maj(A1,B1,C1)。
Since A1= T1+ T2; b1= a; c1= B.
Thus, T2' (A1, B1, C1) = Σ 0 (T1 + T2) + Maj (T1 + T2, A, B). It should be further understood that the optimization method of Maj herein may refer to the above processing manner, that is, maj containing xor operation is changed to only contain and or operation through boolean function conversion.
In an embodiment of the present invention, the method may further include:
after the first compression function is used for carrying out the iterative compression of the SHA-256 algorithm to obtain the encrypted data which accords with the calculation result of the SHA-256 algorithm aiming at the data to be encrypted, the accuracy verification is carried out on the encrypted data, and the verification result is recorded.
In a specific embodiment, for the same data to be encrypted, the encrypted data generated by using the encrypted data generation method of the present application should be consistent with the encrypted data directly obtained by using the conventional SHA-256 algorithm. In this embodiment, the accuracy of the encrypted data obtained in the scheme of the present application is verified, that is, the encrypted data obtained in the scheme of the present application is compared with the encrypted data obtained by directly using the conventional SHA-256 algorithm, and if the comparison indicates that the encrypted data is consistent, the situation is normal. If the inconsistency is not consistent, errors are indicated, such as errors in hardware design, acquisition related circuit faults and the like.
Further, in practical application, when the recorded verification result is a verification result indicating that the accuracy verification fails, prompt information indicating that the verification fails can be output so as to remind a worker to notice the situation in time.
As described above, A2= T1 '(E1, F1, G1, H1) + T2' (A1, B1, C1) = G + Σ 1 (D+T1)+ Ch(D+T1,E,F)+ K2 + W2+Σ 0 (T1+T2) + Maj(T1+T2,A,B)。
And E2= C + G + Σ 1 (D+T1)+ Ch(D+T1,E,F)+ K2 + W2。
When summing to obtain A2, and when summing to obtain E2, the specific summing circuit can be set and adjusted according to actual needs.
In an embodiment of the present invention, considering that there is a common part between the summation of A2 and the summation of E2, A2 and E2 can be calculated together, that is, in the design of the hardware circuit, the adder circuit can be designed to calculate A2 and E2 together.
Referring to fig. 4, for the 1 st message word A2 and the 5 th message word E2 output by the first compression function, the output is performed by 3 carry save adders, a first adder 40, a second adder 50 and a third adder 60;
the first input data of the first carry save adder 10 is H1+ K2+ W2, i.e. G + K2+ W2, and the second input data is Σ 1 (E1) I.e. sigma 1 (D + T1), the third input end data is Ch (E1, F1, G1), namely Ch (D + T1, E, F); the first output of the first carry save adder 10 is sent to the first input of the second carry save adder 20 and the first input of the third carry save adder 30, respectively, and the second output of the first carry save adder 10 is sent to the second input of the second carry save adder 30The output data is sent to the second input terminal of the second carry save adder 20 and the second input terminal of the third carry save adder 30, respectively;
the third input end data of the second carry save adder 20 is C, the first output end and the second output end of the second carry save adder 20 are both connected to the first adder 40, and the output data of the first adder 40 is E2;
the first input data of the second adder 50 is ∑ 0 (A1) I.e. sigma 0 (T1 + T2), the second input terminal data is Maj (A1, B1, C1), that is, maj (T1 + T2, a, B), the output terminal of the second adder 50 is connected to the third input terminal of the third carry save adder 30; the first output terminal and the second output terminal of the third carry save adder 30 are both connected to the third adder 60, and the output data of the third adder 60 is A2.
In addition, in the embodiment, 3 carry-save adders are used, and the carry-save adders are suitable for addition calculation of 3 inputs, so that the efficiency is high.
Further, in an embodiment of the present invention, referring to fig. 5, the first adder 40 is embodied as a first carry bypass adder 40, the second adder 50 is embodied as a first carry selection adder 50, and the third adder 60 is embodied as a second carry bypass adder 60.
In this embodiment, based on analysis of the computation timing sequence and experimental data statistics, it is determined that the first adder 40 and the second adder 50 both use carry selection adders, and the third adder 60 uses carry bypass adders, which can achieve higher computation efficiency and consumes less computation time.
As described above, B2= T1+ T2= H + Σ 1 (E)+ Ch(E,F,G)+ K1 + W1+Σ 0 (A)+Maj(A,B,C)。
And F2= D + T1= D + H + Σ 1 (E)+ Ch(E,F,G)+ K1 + W1。
When summing to obtain B2, and when summing to obtain F2, the specific summing circuit can be set and adjusted according to actual needs.
In one embodiment of the present invention, B2 and F2 can be calculated together, that is, the adder circuit is designed to calculate B2 and F2 together in terms of the design of the hardware circuit, considering that there is a common part between the summation of B2 and the summation of F2.
Specifically, referring to fig. 6, for the 2 nd message word B2 and the 6 th message word F2 output by the first compression function, the output is performed by 3 carry save adders, a fourth adder, a fifth adder and a sixth adder;
the fourth carry save adder 70 has a first input data of H + K1+ W1 and a second input data of Σ 1 (E) The third input data is Ch (E, F, G); the first output data of the fourth carry save adder 70 is sent to the first input end of the fifth carry save adder 80 and the first input end of the sixth carry save adder 90, respectively, and the second output data of the fourth carry save adder 70 is sent to the second input end of the fifth carry save adder 80 and the second input end of the sixth carry save adder 90, respectively;
the data at the third input end of the fifth carry save adder 80 is D, the first output end and the second output end of the fifth carry save adder 80 are both connected to the fourth adder, and the output data of the fourth adder is F2;
the first input data of the fifth adder is ∑ 0 (A) The second input terminal data is Maj (a, B, C), and the output terminal of the fifth adder is connected to the third input terminal of the sixth carry save adder 90; the first output end and the second output end of the sixth carry save adder 90 are both connected to the sixth adder, and the output data of the sixth adder is B2.
Further, in the embodiment of fig. 6, the fourth adder is specifically selected as the third carry bypass adder 100, the fifth adder is the second carry select adder 120, and the sixth adder is the fourth carry bypass adder 110.
By applying the technical scheme provided by the embodiment of the invention, after the data to be encrypted is determined, the data to be encrypted can be subjected to message filling grouping and grouping expansion based on the SHA-256 algorithm to obtain the first parameter sequence K and the second parameter sequence W, and then the encrypted data which accords with the calculation result of the SHA-256 algorithm aiming at the data to be encrypted is obtained based on the first parameter sequence K, the second parameter sequence W and the data to be encrypted, that is, the encrypted data obtained by the application is consistent with the encrypted data obtained by using the traditional SHA-256 algorithm, namely, the scheme of the application can effectively generate the encrypted data based on the SHA-256 algorithm. Moreover, when the present application performs iterative compression, the first compression function is used to perform iterative compression of the SHA-256 algorithm, and the first compression function is the first compression function obtained by combining 2 single-round compression functions of the SHA-256 algorithm, which means the calculation content of the 2 single-round compression functions. Therefore, the scheme of the application can operate at a higher clock frequency, so that the overall performance is further improved, and the encrypted data corresponding to the data to be encrypted can be determined more quickly.
In summary, the scheme of the application can effectively generate the encrypted data based on the SHA-256 algorithm, and reduces the required clock period, thereby reducing the time consumption for generating the encrypted data.
Corresponding to the above method embodiments, the embodiments of the present invention further provide an encrypted data generating system, which can be referred to in correspondence with the above. The encrypted data generation system can be applied to BMC and comprises the following steps:
a to-be-encrypted data determining module 701, configured to determine to-be-encrypted data;
a parameter sequence determining module 702, configured to perform message stuffing grouping and packet expansion on data to be encrypted based on an SHA-256 algorithm to obtain a first parameter sequence K and a second parameter sequence W;
the iterative compression module 703 is configured to perform iterative compression of the SHA-256 algorithm by using a first compression function based on the first parameter sequence K, the second parameter sequence W, and the data to be encrypted, so as to obtain encrypted data that conforms to a calculation result of the SHA-256 algorithm for the data to be encrypted;
in the iterative compression process, the first compression function used is the first compression function obtained after 2 single-round compression functions of the SHA-256 algorithm are combined.
Corresponding to the above method embodiment, the embodiment of the present invention further provides a BMC, an encrypted data generating device, and a computer readable storage medium, where the BMC may include the encrypted data generating system. Referring to fig. 8, the encrypted data generating apparatus may specifically include:
a memory 801 for storing a computer program;
a processor 802 for executing a computer program to implement the steps of the encrypted data generation method in any of the embodiments described above.
The computer-readable storage medium has stored thereon a computer program which, when executed by a processor, implements the steps of the encrypted data generation method as in any one of the above embodiments. A computer-readable storage medium as referred to herein may include Random Access Memory (RAM), memory, read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.
It is further noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrases "comprising a," "8230," "8230," or "comprising" does not exclude the presence of additional like elements in a process, method, article, or apparatus that comprises the element.
Those of skill would further appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the various illustrative components and steps have been described above generally in terms of their functionality in order to clearly illustrate this interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
The principle and the implementation of the present invention are explained in the present application by using specific examples, and the above description of the embodiments is only used to help understanding the technical solution and the core idea of the present invention. It should be noted that, for those skilled in the art, without departing from the principle of the present invention, several improvements and modifications can be made to the present invention, and these improvements and modifications also fall into the protection scope of the present invention.

Claims (20)

1. The encrypted data generation method is applied to BMC and comprises the following steps:
determining data to be encrypted;
based on SHA-256 algorithm, performing message filling grouping and grouping expansion on the data to be encrypted to obtain a first parameter sequence K and a second parameter sequence W;
based on the first parameter sequence K, the second parameter sequence W and the data to be encrypted, performing iterative compression of an SHA-256 algorithm by using a first compression function to obtain encrypted data which accord with the calculation result of the SHA-256 algorithm for the data to be encrypted;
in the iterative compression process, the used first compression function is a first compression function obtained after 2 single-round compression functions of the SHA-256 algorithm are combined;
the 1 st message word A2 output by the first compression function is represented as:
A2=T1’(E1,F1,G1,H1)+ T2’(A1,B1,C1);
where, T1' (E1, F1, G1, H1) = H1+ Σ 1 (E1)+ Ch(E1,F1,G1)+ K2 + W2;
E1=D+T1;F1=E;G1=F;H1=G;
T1=H +Σ 1 (E)+ Ch(E,F,G)+ K1 + W1;
Σ 1 (E)=ROTR^6(E)⊕ROTR^11(E)⊕SHR^25(E);
Σ 1 (E1)=ROTR^6(E1)⊕ROTR^11(E1)⊕SHR^25(E1);
Ch(E1,F1,G1)=(E1︿F1)⊕(﹁E1︿G1);
Ch(E,F,G)=(E︿F)⊕(﹁E︿G);
T2’(A1,B1,C1)=Σ 0 (A1) + Maj(A1,B1,C1);
A1=T1+T2;B1=A;C1=B;
T2=Σ 0 (A)+Maj(A,B,C);
Σ 0 (A)=ROTR^2(A)⊕ROTR^13(A)⊕SHR^22(A);
Σ 0 (A1)=ROTR^2(A1)⊕ROTR^13(A1)⊕SHR^22(A1);
Maj(A,B,C)=(A︿B)⊕(A︿C)⊕(B︿C);
Maj(A1,B1,C1)=(A1︿B1)⊕(A1︿C1)⊕(B1︿C1);
Wherein a is a1 st message word currently input to the first compression function, B is a2 nd message word currently input to the first compression function, C is a 3 rd message word currently input to the first compression function, D is a 4 th message word currently input to the first compression function, E is a 5 th message word currently input to the first compression function, F is a6 th message word currently input to the first compression function, G is a 7 th message word currently input to the first compression function, and H is an 8 th message word currently input to the first compression function;
k1 and K2 are respectively the 1 st parameter value and the 2 nd parameter value in the first parameter sequence K; w1 and W2 are respectively the 1 st parameter value and the 2 nd parameter value in the first parameter sequence W;
T1,T2,T1’,T2’,Σ 1 ,Σ 0 ch and Maj are set intermediate variables, and A1 to H1 sequentially represent the 1 st to 8 th message words output by the single-round compression function when a to H are input to the single-round compression function;
an AND operation of 32 bits < 65088 >, an OR operation of 32 bits < XOR >, an XOR operation of 32 bits < NOR >, a non operation of 32 bits < NOR >, + denotes mod2 32 The ROTR ^ k () represents that the value in the brackets is circularly shifted right by k bits; SHR ^ k () means that the value in the bracket is shifted to the right by k bits, and the lower left bit is complemented with 0, k being a positive integer.
2. The encrypted data generating method according to claim 1, wherein the 2 nd message word B2 output by the first compression function is represented as: b2= T1+ T2.
3. The encrypted data generating method according to claim 1, wherein the 3 rd message word C2 output by the first compression function is represented as: c2= a.
4. The encrypted data generation method according to claim 1, wherein the 4 th message word D2 output by the first compression function is represented as: d2= B.
5. The encrypted data generating method according to claim 1, wherein the 5 th message word E2 output by the first compression function is represented as:
E2=D1+T1’(E1,F1,G1,H1);
d1= C; d1 represents the 4 th message word output by the single round compression function obtained when a through H are input to the single round compression function.
6. The encrypted data generating method according to claim 1, wherein the 6 th message word F2 output by the first compression function is represented as: f2= D + T1.
7. The encrypted data generating method according to claim 1, wherein the 7 th message word G2 output by the first compression function is represented as: g2= E.
8. The encrypted data generating method according to claim 1, wherein the 8 th message word H2 output by the first compression function is represented as: h2= F.
9. The encrypted data generation method according to claim 1, further comprising:
converting the exclusive or operation in Ch (E1, F1, G1) and Ch (E, F, G) into the operation of and gate and or gate by performing boolean function conversion on Ch (E1, F1, G1) and Ch (E, F, G);
wherein converted Ch (E1, F1, G1) = (E1 < F1) \65088 [. E1 < G1 > ]; ch (E, F, G) = (E < F) \65088c (| G).
10. The encrypted data generation method according to claim 1, further comprising:
converting the exclusive or operation in Maj (a, B, C) and Maj (A1, B1, C1) into the operation of and gate and or gate by performing boolean function conversion on Maj (a, B, C) and Maj (A1, B1, C1);
wherein converted Maj (A, B, C) = (A (B _65088; C)) \65088; (B < C); maj (A1, B1, C1) = (A1 | (B1 _65088; C1)) \65088; (B1 | (C1).
11. The encrypted data generation method according to claim 1, further comprising:
after iterative compression of the SHA-256 algorithm is performed by using the first compression function to obtain encrypted data which accords with the calculation result of the SHA-256 algorithm for the data to be encrypted, accuracy verification is performed on the encrypted data, and the verification result is recorded.
12. The encrypted data generation method according to claim 11, wherein when the verification result recorded is a verification result indicating that the accuracy verification failed, a prompt message indicating that the verification failed is output.
13. The encrypted data generation method according to any one of claims 1 to 12, wherein the 1 st message word A2 and the 5 th message word E2 output by the first compression function are output by 3 carry-save adders, a first adder, a second adder, and a third adder;
wherein, the first input end data of the first carry save adder is H1+ K2+ W2, and the second input end data is sigma 1 (E1) The third input data is Ch (E1, F1, G1); the first output end data of the first carry save adder is respectively sent to the first input end of a second carry save adder and the first input end of a third carry save adder, and the second output end data of the first carry save adder is respectively sent to the second input end of the second carry save adder and the second input end of the third carry save adder;
the third input end data of the second carry save adder is C, the first output end and the second output end of the second carry save adder are both connected to the first adder, and the output data of the first adder is E2;
the first input data of the second adder is ∑ 0 (A1) The second input end data is Maj (A1, B1, C1), and the output end of the second adder is connected to the third input end of the third carry-save adder; the first output end and the second output end of the third carry-save adder are both connected to the third adder, and the output number of the third adderIs referred to as A2.
14. The method of generating encrypted data according to claim 13, wherein the first adder is a first carry bypass adder, the second adder is a first carry select adder, and the third adder is a second carry bypass adder.
15. The encrypted data generating method according to any one of claims 1 to 12, wherein the 2 nd message word B2 and the 6 th message word F2 output by the first compression function are output by 3 carry save adders, a fourth adder, a fifth adder, and a sixth adder;
the first input end data of the fourth carry save adder is H + K1+ W1, and the second input end data is sigma 1 (E) The third input data is Ch (E, F, G); the first output end data of the fourth carry save adder is respectively sent to the first input end of a fifth carry save adder and the first input end of a sixth carry save adder, and the second output end data of the fourth carry save adder is respectively sent to the second input end of the fifth carry save adder and the second input end of the sixth carry save adder;
the third input end data of the fifth carry save adder is D, the first output end and the second output end of the fifth carry save adder are both connected to the fourth adder, and the output data of the fourth adder is F2;
the first input end data of the fifth adder is Σ 0 (A) The second input end data is Maj (a, B, C), and the output end of the fifth adder is connected to the third input end of the sixth carry save adder; and a first output end and a second output end of the sixth carry save adder are both connected to the sixth adder, and the output data of the sixth adder is B2.
16. The encrypted data generating method according to claim 15, wherein the fourth adder is a third carry bypass adder, the fifth adder is a second carry select adder, and the sixth adder is a fourth carry bypass adder.
17. An encrypted data generation system, applied to a BMC, includes:
the data to be encrypted determining module is used for determining data to be encrypted;
the parameter sequence determining module is used for performing message filling grouping and grouping expansion on the data to be encrypted based on an SHA-256 algorithm to obtain a first parameter sequence K and a second parameter sequence W;
the iterative compression module is used for performing iterative compression of the SHA-256 algorithm by using a first compression function based on the first parameter sequence K, the second parameter sequence W and the data to be encrypted to obtain encrypted data which accords with the calculation result of the SHA-256 algorithm for the data to be encrypted;
in the iterative compression process, the used first compression function is a first compression function obtained after 2 single-round compression functions of the SHA-256 algorithm are combined;
the 1 st message word A2 output by the first compression function is represented as:
A2=T1’(E1,F1,G1,H1)+ T2’(A1,B1,C1);
where, T1' (E1, F1, G1, H1) = H1+ Σ 1 (E1)+ Ch(E1,F1,G1)+ K2 + W2;
E1=D+T1;F1=E;G1=F;H1=G;
T1=H +Σ 1 (E)+ Ch(E,F,G)+ K1 + W1;
Σ 1 (E)=ROTR^6(E)⊕ROTR^11(E)⊕SHR^25(E);
Σ 1 (E1)=ROTR^6(E1)⊕ROTR^11(E1)⊕SHR^25(E1);
Ch(E1,F1,G1)=(E1︿F1)⊕(﹁E1︿G1);
Ch(E,F,G)=(E︿F)⊕(﹁E︿G);
T2’(A1,B1,C1)=Σ 0 (A1) + Maj(A1,B1,C1);
A1=T1+T2;B1=A;C1=B;
T2=Σ 0 (A)+Maj(A,B,C);
Σ 0 (A)=ROTR^2(A)⊕ROTR^13(A)⊕SHR^22(A);
Σ 0 (A1)=ROTR^2(A1)⊕ROTR^13(A1)⊕SHR^22(A1);
Maj(A,B,C)=(A︿B)⊕(A︿C)⊕(B︿C);
Maj(A1,B1,C1)=(A1︿B1)⊕(A1︿C1)⊕(B1︿C1);
Wherein a is a1 st message word currently input to the first compression function, B is a2 nd message word currently input to the first compression function, C is a 3 rd message word currently input to the first compression function, D is a 4 th message word currently input to the first compression function, E is a 5 th message word currently input to the first compression function, F is a6 th message word currently input to the first compression function, G is a 7 th message word currently input to the first compression function, and H is an 8 th message word currently input to the first compression function;
k1 and K2 are respectively the 1 st parameter value and the 2 nd parameter value in the first parameter sequence K; w1 and W2 are respectively the 1 st parameter value and the 2 nd parameter value in the first parameter sequence W;
T1,T2,T1’,T2’,Σ 1 ,Σ 0 ch and Maj are set intermediate variables, and A1 to H1 sequentially represent the 1 st to 8 th message words output by the single-round compression function when a to H are input to the single-round compression function;
anding of 32bit < 65088 >, oring of 32bit, XORing of 32bit, non-operation of 32bit, + representing mod2 32 The arithmetic addition operation of (A), ROTR ^ k () represents that the value in the bracket is circularly shifted right by k bits; SHR ^ k () denotes that the value in brackets is shifted to the right by k bits and the lower left bit is complemented by 0, k being a positive integer.
18. A BMC comprising the encrypted data generating system of claim 17.
19. An encrypted data generating device, applied to a BMC, comprising:
a memory for storing a computer program;
a processor for executing the computer program to implement the steps of the encrypted data generation method according to any one of claims 1 to 16.
20. A computer-readable storage medium for use in BMC, having a computer program stored thereon, which, when executed by a processor, implements the steps of the encrypted data generation method according to any one of claims 1 to 16.
CN202211592786.1A 2022-12-13 2022-12-13 BMC, encrypted data generation system, method, device and storage medium thereof Active CN115664849B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211592786.1A CN115664849B (en) 2022-12-13 2022-12-13 BMC, encrypted data generation system, method, device and storage medium thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211592786.1A CN115664849B (en) 2022-12-13 2022-12-13 BMC, encrypted data generation system, method, device and storage medium thereof

Publications (2)

Publication Number Publication Date
CN115664849A CN115664849A (en) 2023-01-31
CN115664849B true CN115664849B (en) 2023-03-21

Family

ID=85020011

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211592786.1A Active CN115664849B (en) 2022-12-13 2022-12-13 BMC, encrypted data generation system, method, device and storage medium thereof

Country Status (1)

Country Link
CN (1) CN115664849B (en)

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113300831A (en) * 2021-07-26 2021-08-24 苏州浪潮智能科技有限公司 Method, system, medium and device for implementing secure hash algorithm

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150215114A1 (en) * 2014-01-29 2015-07-30 Mohammad A. Alahmad Method for generating a secure cryptographic hash function
CN111913749A (en) * 2020-08-07 2020-11-10 山东大学 SM3 algorithm FPGA implementation method and system based on assembly line
CN113630236A (en) * 2021-07-21 2021-11-09 浪潮电子信息产业股份有限公司 SM3 data encryption method and related device

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113300831A (en) * 2021-07-26 2021-08-24 苏州浪潮智能科技有限公司 Method, system, medium and device for implementing secure hash algorithm

Also Published As

Publication number Publication date
CN115664849A (en) 2023-01-31

Similar Documents

Publication Publication Date Title
CN112306741B (en) CRC (Cyclic redundancy check) method and related device
Yu et al. Efficient parallel verification of galois field multipliers
CN101296053A (en) Method and system for calculating cyclic redundancy check code
CN109933304B (en) Rapid Montgomery modular multiplier operation optimization method suitable for national secret sm2p256v1 algorithm
Pircher et al. Exploring the RISC-V vector extension for the Classic McEliece post-quantum cryptosystem
Noor et al. Resource shared galois field computation for energy efficient AES/CRC in IoT applications
Temenos et al. Nonscaling adders and subtracters for stochastic computing using Markov chains
CN112737778B (en) Digital signature generation and verification method and device, electronic equipment and storage medium
CN115664849B (en) BMC, encrypted data generation system, method, device and storage medium thereof
CN111914307B (en) High-level synthesis-based SM4 cryptographic algorithm accelerated processing method and system
Liu et al. Design methodology of variable latency adders with multistage function speculation
US8909510B2 (en) LFSR emulation
CN116318660B (en) Message expansion and compression method and related device
KR20050065976A (en) Apparatus and method for computing sha-1 hash function
Le et al. Mrsa: A high-efficiency multi romix scrypt accelerator for cryptocurrency mining and data security
Mukhopadhyay et al. Hierarchical verification of Galois field circuits
Kahri et al. An FPGA implementation of the SHA-3: The BLAKE hash function
CN113630236A (en) SM3 data encryption method and related device
CN113741972A (en) Parallel processing method of SM3 algorithm and electronic equipment
Ueno et al. Formal design of Galois-field arithmetic circuits based on polynomial ring representation
CN115765975B (en) Low-power-consumption realization method of SHA-256 algorithm, chip, server and storage medium
Caplan et al. Trade-offs in execution signature compression for reliable processor systems
Ali Efficient implementation of linearisation attacks on F-FCSR-16 type key-stream generators
Mahzoon et al. Polynomial formal verification of area-efficient and fast adders
Su et al. Formal verification of constrained arithmetic circuits using computer algebraic approach

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant