CN113971015B - UIA2 computing circuit, data processing method, chip, electronic device and storage medium - Google Patents
UIA2 computing circuit, data processing method, chip, electronic device and storage medium Download PDFInfo
- Publication number
- CN113971015B CN113971015B CN202111328426.6A CN202111328426A CN113971015B CN 113971015 B CN113971015 B CN 113971015B CN 202111328426 A CN202111328426 A CN 202111328426A CN 113971015 B CN113971015 B CN 113971015B
- Authority
- CN
- China
- Prior art keywords
- data
- exclusive
- ith
- sequence
- result
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000003672 processing method Methods 0.000 title claims abstract description 29
- 238000000034 method Methods 0.000 claims description 36
- 238000004422 calculation algorithm Methods 0.000 abstract description 17
- 229910052799 carbon Inorganic materials 0.000 description 124
- 230000006870 function Effects 0.000 description 108
- 238000004364 calculation method Methods 0.000 description 96
- 201000006054 Mulibrey nanism Diseases 0.000 description 91
- 238000013507 mapping Methods 0.000 description 32
- 238000010586 diagram Methods 0.000 description 26
- 238000012545 processing Methods 0.000 description 12
- 238000004458 analytical method Methods 0.000 description 11
- 238000005516 engineering process Methods 0.000 description 7
- 230000001419 dependent effect Effects 0.000 description 5
- 238000009795 derivation Methods 0.000 description 4
- OKTJSMMVPCPJKN-UHFFFAOYSA-N Carbon Chemical compound [C] OKTJSMMVPCPJKN-UHFFFAOYSA-N 0.000 description 3
- 238000004891 communication Methods 0.000 description 3
- 238000013461 design Methods 0.000 description 3
- 239000000758 substrate Substances 0.000 description 3
- 238000010295 mobile communication Methods 0.000 description 2
- 238000011160 research Methods 0.000 description 2
- 101150096839 Fcmr gene Proteins 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000015572 biosynthetic process Effects 0.000 description 1
- 238000004590 computer program Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000009877 rendering Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000003786 synthesis reaction Methods 0.000 description 1
- 230000001131 transforming effect Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F7/00—Methods or arrangements for processing data by operating upon the order or content of the data handled
- G06F7/38—Methods or arrangements for performing computations using exclusively denominational number representation, e.g. using binary, ternary, decimal representation
- G06F7/48—Methods or arrangements for performing computations using exclusively denominational number representation, e.g. using binary, ternary, decimal representation using non-contact-making devices, e.g. tube, solid state device; using unspecified devices
- G06F7/52—Multiplying; Dividing
- G06F7/523—Multiplying only
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F17/00—Digital computing or data processing equipment or methods, specially adapted for specific functions
- G06F17/10—Complex mathematical operations
- G06F17/15—Correlation function computation including computation of convolution operations
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Landscapes
- Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computational Mathematics (AREA)
- Mathematical Analysis (AREA)
- Mathematical Optimization (AREA)
- Pure & Applied Mathematics (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Computing Systems (AREA)
- Data Mining & Analysis (AREA)
- Mathematical Physics (AREA)
- Algebra (AREA)
- Software Systems (AREA)
- Databases & Information Systems (AREA)
- Logic Circuits (AREA)
- Compression, Expansion, Code Conversion, And Decoders (AREA)
Abstract
The application discloses a UIA2 computing circuit, a data processing method, a chip, electronic equipment and a storage medium thereof, and relates to the technical field of information security, wherein the UIA2 computing circuit comprises 64 stages of MUL units and 64 stages of mixed operation units respectively and correspondingly connected with the 64 stages of MUL units, wherein The ith MUL unit is used for receiving the 64-bit first data sequence, and carrying out the ith MUL operation on the 64-bit first data sequence to obtain an ith MUL operation result, wherein i is an integer and the value of i is traversed from 0 to 63; the ith mixed operation unit is respectively connected with the ith-1 level mixed operation unit and the ith MUL unit, and is used for receiving the ith-1 level mixed operation result and the ith MUL operation result of the ith-1 level operation unit and obtaining the ith mixed operation result based on the ith-1 level mixed operation result and the ith MUL operation result; the nth mixed operation result is an operation result corresponding to the first data sequence. The application can realize the parallel computation of the UIA2I algorithm.
Description
Technical Field
The present application relates to the field of information security technologies, and in particular, to a UIA2 computing circuit, a data processing method, a chip, an electronic device, and a storage medium thereof.
Background
With the development of mobile communication technology, security issues are one of the core issues of mobile communication devices based on the characteristics of the open network architecture and wireless propagation of the network protocol (Internet Protocol, IP). Security is currently generally related to both confidentiality and integrity, so there are many standardized encryption algorithms and integrity protection algorithms in network security architecture protocols. For example, there is a UIA2 message integrity protection algorithm based on SNOW-3G in the 3GPP security architecture, and the UIA2 integrity protection algorithm calculates a 32-bit message authentication code MAC according to an input message, so that the integrity protection of the message can be implemented according to the message authentication code MAC.
However, when calculating the message authentication code MAC, the calculation of MULxPOW (V, i, C) is generally included, and the calculation formula is MULxPOW (V, i, C) =mulx (V, i-1, C), i.e. the calculation of the ith time depends on the result of the ith-1 time (i is an integer greater than 1), so that in the hardware circuit for implementing the calculation of the message authentication code MAC, a multi-stage combining circuit is included, and the input of each stage depends on the output of the result of the last stage, thereby causing a long combining logic chain and having a great influence on the clock frequency and throughput of the system.
Disclosure of Invention
In view of the above, the present application provides a UIA2 computing circuit, a data processing method, a chip, an electronic device and a storage medium thereof.
In a first aspect, an embodiment of the present application provides a UIA2 computing circuit, where the UIA2 computing circuit includes 64 stages of MUL units, and 64 stages of hybrid operation units correspondingly connected to the 64 stages of MUL units, where: the ith MUL unit is used for receiving the 64-bit first data sequence, and carrying out the ith MUL operation on the 64-bit first data sequence to obtain an ith MUL operation result, wherein i is an integer and the value of i is traversed from 0 to 63; the ith mixed operation unit is respectively connected with the ith-1 level mixed operation unit and the ith MUL unit, and is used for receiving the ith-1 level mixed operation result and the ith MUL operation result of the ith-1 level operation unit and obtaining the ith mixed operation result based on the ith-1 level mixed operation result and the ith MUL operation result; the nth mixed operation result is an operation result corresponding to the first data sequence.
In a second aspect, an embodiment of the present application provides a data processing method of the UIA2 computing circuit according to the first aspect, where the method includes: the method comprises the steps that an ith MUL unit receives a 64-bit first data sequence, and performs an ith MUL operation on the 64-bit first data sequence to obtain an ith MUL operation result; the ith mixed operation unit receives an ith-1 level mixed operation result and the ith MUL operation result of the ith-1 level operation unit, and obtains an ith mixed operation result based on the ith-1 level mixed operation result and the ith MUL operation result; the nth mixed operation result is an operation result corresponding to the first data sequence.
In a third aspect, an embodiment of the present application provides a chip, including the UIA2 computing circuit provided in the first aspect.
In a fourth aspect, an embodiment of the present application provides an electronic device, including: one or more processors; a memory; one or more program code, wherein the one or more program code is stored in the memory and configured to be executed by the one or more processors, the one or more program code configured to perform the data processing method provided in the second aspect described above.
In a fifth aspect, an embodiment of the present application provides a computer readable storage medium having stored therein program code that is callable by a processor to perform the data processing method provided in the second aspect or to perform the data processing method provided in the first aspect.
The scheme provided by the application is that the UIA2 computing circuit comprises 64 stages of MUL units and 64 stages of mixed operation units which are respectively and correspondingly connected with the 64 stages of MUL units, wherein the ith stage of MUL unit is used for receiving a 64-bit first data sequence and carrying out the ith stage of MUL operation on the 64-bit first data sequence to obtain an ith stage of MUL operation result, i is an integer and the value of i is traversed from 0 to 63; the ith mixed operation unit is respectively connected with the ith-1 level mixed operation unit and the ith MUL unit, and is used for receiving the ith-1 level mixed operation result and the ith MUL operation result of the ith-1 level operation unit and obtaining the ith mixed operation result based on the ith-1 level mixed operation result and the ith MUL operation result; the nth mixed operation result is an operation result corresponding to the first data sequence. Therefore, the calculation of each stage of the MUL unit in the application can only depend on the input 64-bit first data sequence, and the output of the MUL unit of the previous stage is not needed, so that the serial calculation mode of the original MUL unit can be changed into a parallel calculation mode, the speed of a hardware circuit for calculating the message authentication code MAC is improved, the clock frequency is also improved, and the throughput requirement is met.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are needed in the description of the embodiments will be briefly described below, it being obvious that the drawings in the following description are only some embodiments of the present application, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 shows a schematic diagram of a calculation circuit of MULxPOW (V, i, C) function.
Fig. 2 shows a schematic diagram of a calculation circuit structure of MULx (V, C) function.
Fig. 3 shows a schematic diagram of a calculation circuit of MUL (V, P, C) function.
FIG. 4 shows one of the embodiments provided by the present applicationIs a schematic diagram of a bit-wise calculation circuit.
FIG. 5 shows one of the embodiments provided by the present applicationIs a schematic diagram of a bit-wise calculation circuit.
FIG. 6 shows one of the embodiments provided by the present applicationIs a schematic diagram of a bit-wise calculation circuit.
FIG. 7 shows one of the embodiments provided by the present applicationIs a schematic diagram of a bit-wise calculation circuit.
Fig. 8 shows a schematic diagram of a data processing method according to an embodiment of the application.
Fig. 9 shows a schematic diagram of a data processing method according to another embodiment of the application.
Fig. 10 shows a schematic diagram of a data processing method according to a further embodiment of the application.
FIG. 11 shows one embodiment of the present applicationIs a schematic diagram of a bit-wise calculation circuit.
FIG. 12 shows one of the embodiments provided by the present applicationIs a schematic diagram of a bit-wise calculation circuit.
FIG. 13 shows one embodiment of the present applicationIs a schematic diagram of a bit-wise calculation circuit.
Fig. 14 shows a block diagram of a data processing circuit according to a further embodiment of the application.
Fig. 15 shows a schematic diagram of a calculation circuit of MUL (V, P, C) function according to the present application.
Fig. 16 is a block diagram of an electronic device for performing a data processing method according to an embodiment of the present application.
Fig. 17 is a memory unit for storing or carrying program codes for implementing a data processing method according to an embodiment of the present application.
Detailed Description
In order to enable those skilled in the art to better understand the present application, the following description will make clear and complete descriptions of the technical solutions according to the embodiments of the present application with reference to the accompanying drawings.
In the related art, taking UIA2 integrity protection algorithm as an example, the process of calculating the message authentication code MAC generally includes the following steps:
In the first step, let LENGTH be the bit LENGTH used to calculate the MAC data and MESSAGE be the data itself.
In the second step, let d=length/64 round up +1, LENGTH be the LENGTH of the MESSAGE, and divide the MESSAGE into D64-bit MESSAGEs in units of bits, i.e. according to the LENGTH of the MESSAGE.
Third, using Snow-3G key generator to generate keys composed of 5 32-bit words, and setting the keys as Z1, Z2, Z3, Z4 and Z5. Z1 is the key output for the first time, and Z5 is the key generated for the last time.
Fourth, let p=z1 and go up to Z2, q=z3 and go up to Z4.
Fifth, let z5=otp [0] and OTP [1] and OTP [2] and OTP [ … ] and OTP [31], where OTP [0] is the most significant bit and OTP [31] is the least significant bit.
Sixth, for i=0 to D-3, let mj=message [64 j ] and MESSAGE [64 j+1 ] and … and MESSAGE [64 j+32 ]; for i=d-2, let M [ D-2] =message [64 x (D-2) ] and upper … and upper MESSAGE [ LENGTH-1] and upper 0; for i=d-1, let M [ D-1] =length [0] and LENGTH [1] and … and LENGTH [63].
Seventh, let eval=0, which is 64-bit wide, define an initial value of an Estimated Value (EVAL) as 0.
Eighth, eval=mul (EVAL xor M [ i ], P,0x0000 0000 0000 001B) for i=0 to D-2.
Ninth, eval=eval xor M [ D-1].
Tenth step, eval=mul (EVAL, Q,0x0000 0000 0000 001B).
Eleventh, eval=e0 and e1 and … and e63, where e 0 is the most significant bit and e 63 is the least significant bit.
Twelfth, for i=0 to 31, MAC [ i ] =e [ i ] xor OTP [ i ], i.e. the first 32 bits of e are truncated and xored with OTP, a MESSAGE authentication code MAC of MESSAGE applying UIA2 integrity protection algorithm is generated.
Wherein, the functional pseudocode used in the process of calculating the MAC by the UIA2 integrity protection algorithm is described as follows:
when V, P, C are all 64 bits of data, the pseudo code of the MUL (V, P, C) function may be:
result=0;
for i=0to 63inclusive;
if(P>>i)&0x01 equals 0x01
result=result xor MULxPOW(V,i,C);
wherein, the pseudo code of the MULxPOW (V, i, C) function may be:
if(i==0)
MULxPOW(V,i,C)=V;
else
MULxPOW(V,i,C)=MULx(MULxPOW(V,i-1,C),C);
wherein, the pseudo code of the MULx (V, C) function may be:
if(V[63]==1)
MULx(V,C)=(V<<1)xor C;
else
MULx(V,C)=(V<<1);
further, the pseudo code of the MUL (V, P, C) function is expanded, which can be obtained:
result=0;
result=p[0]==1result xor MULxPOW(V,0,C):result;
result=p[1]==1result xor MULxPOW(V,1,C):result;
result=p[2]==1result xor MULxPOW(V,2,C):result;
……
result=p[63]==1result xor MULxPOW(V,63,C):result;
as can be seen from the pseudo code of MULxPOW (V, P, C), when i=0, MULxPOW (V, 0, C) =v, corresponding to the initial condition given a calculation MUL (V, P, C) function, the result of step 2 in the MUL (V, P, C) function expansion pseudo code can be obtained, namely:
result=p[0]==1result xor V:result;
then, for step 3 in the pseudocode of MULxPOW (V, P, C), the result of MULxPOW (V, 1, C) needs to be obtained again, whereas as can be seen in the pseudocode of MULxPOW (V, P, C), MULxPOW (V, 1, C) =mulx (MULxPO W (V, 0, C), when i=1, thereby transforming MULxPOW (V, 1, C) into a function with MULxPOW (V, 0, C) as a variable.
Similarly, we can transform MULxPOW (V, i, C) into a function with MULxPOW (V, i-1, C) as a variable, the calculation process is as follows:
MULxPOW(V,0,C)=V;
MULxPOW(V,1,C)=MULx(MULxPOW(V,0,C),C);
MULxPOW(V,2,C)=MULx(MULxPOW(V,1,C),C);
……
MULxPOW(V,63,C)=MULx(MULxPOW(V,62,C),C)。
it can be seen that the calculation of each row depends on the result of the previous row, so that in the related art, when designing the hardware circuit of MULxPOW (V, i, C), a serial circuit is often used to calculate the result of MULxPOW (V, i, C). Referring to fig. 1, for example, fig. 1 shows a calculation circuit structure of a mulxpiow (V, i, C) function, and it can be seen that in the serial circuit, except that the circuit of the first stage block is a constant V, the circuits in the rest blocks are MULx (V, C) circuits, and the input of each stage depends on the output of the result of the last stage MULx (V, C). From the pseudo code of MULx (V, C), the MULx (V, C) circuit is composed of several operations of judgment, selection and exclusive OR, and the realization is relatively simple. Referring to fig. 2 for an example, fig. 2 shows a calculation circuit structure of MULx (V, C) function.
For the hardware circuit implementation of the MUL (V, P, C) function, it can be seen from the pseudo code of MUL (V, P, C) that after the calculation circuit of MULxPOW (V, i, C) is obtained, only the exclusive or circuit of the P selection circuit and the MULxPOW (V, i, C) result is needed. Referring to fig. 3, for example, fig. 3 shows a calculation circuit structure of MUL (V, P, C) function.
As can be seen in conjunction with fig. 3, the calculation of MUL (V, P, C) is a serial result of multiple exclusive or and selection, the input of each stage depends on the output of the result of the last stage MULxPOW (V, i, C), such an implementation method necessarily results in a long combinational logic chain, and it is difficult to implement the circuit by one stage of pipelining at the required clock frequency when the chips are integrated. Even if it is possible, the integration tool is quite laborious, optimizing the path using fast logic units, increasing the speed but at the same time increasing the power consumption. Yet another possibility is that the synthesis tool cannot be implemented in one stage of pipeline at the required clock frequency, thus requiring a beat of the computation, splitting it into two stages of combinational logic, and completing the computation once by two or more clock cycles, which undoubtedly reduces the throughput of the system computation.
In order to improve the above problem, the inventors have long studied and found that in UIA2 integrity protection algorithm, the output of MUL (V, P, C) is 64 bits of data and V, P, C is also 64 bits of data, so that the function can be understood as mapping a 192 bits input (64+64+64) to a 64 bits output. And the process of calculating MAC in conjunction with UIA2 algorithm, the inventors have also found that the eighth step "for i=0 to D-2, eval=mul (EVAL xor M [ i ], P,0x0000 0000 0000 001B)", and the tenth step "eval=mul (EVAL, Q, 0x000000000000)" are required to be used for MUL (V, P, C) function
001B) Where "the parameter C is a constant, i.e. c= 0x0000 0000 0000 001B.
Since the calculation process of the MUL (V, P, C) function can be set aside from P, only the MULxPOW (V, i, C) is concerned, the MUL (V, P, C) can be regarded as a function taking V as a variable, and since the MUL (V, P, C) is a function of a single variable, there is necessarily a one-to-one mapping relation, so that the mapping relation can be utilized, the implementation of each stage of circuit depends on the output V only, and the output of the previous stage is not needed, thereby simplifying the implementation of the circuit.
Specifically, the inventor proposes a data processing method, a circuit, a chip, an electronic device and a storage medium, which can determine the mapping relation between an input V and a function output by taking a parameter C as a constant, so that the calculation of each stage of a mulxpage (V, i, C) function can depend on the input V only, and the output of the previous stage is not required, thereby changing the serial calculation mode of the original mulxpage (V, i, C) function into a parallel calculation mode, improving the speed of a hardware circuit for calculating a message authentication code MAC, and improving the clock frequency and meeting the throughput requirement.
The process of determining the mapping relationship between the input V and the function output will be described first.
Taking UIA2 integrity protection algorithm as an example, V, P, C in MUL (V, P, C) function are all 64-bit data, and c= 0x0000 00000000 001B. Since the calculation process of the MUL (V, P, C) function can be set aside from P, only the MULxPOW (V, i, C) is concerned, and according to the circuit structure shown in fig. 1, the circuits in the rest blocks are MULx (V, C) circuits except the circuit of the first-stage block is a constant V. Thus, for ease of description, the MUL (V, P, C) function may be simplified:
order theAnd will->Marked as->Then the n-level nest of MULx (V, C) can be written +.>
Since MULxPOW (V, 0, c) =v, therefore, MULxPOW(V,2,C)=MULx(MULxPOW(V,1,C),
and so on, can be obtained: />
Thereby making it
Based on the above definition, c=0x00 is utilized000000 0000 001B (hereinafter, 0x 1B) is used to simplify MULxPOW (V, 1, C) =mulx (MULxPOW (V, 0, C), and C) to obtain:
from the pseudo code of MULx (V, C) function, it can be known that when the highest order V [63 ] of the parameter V]When 1, MULx (V, C) = (V)<<1) xor C, when the highest bit of the parameter V is V63]When not 1, MULx (V, C) = (V)<<1) Wherein xor is a logical operator, meaning bitwise exclusive OR, whose mathematical sign is The algorithm of (a) is: if the two values of a and b are different, the exclusive OR result is 1; if the values of a and b are the same, the exclusive OR result is 0.
Thus, the first and second substrates are bonded together,can be abbreviated as:
however, the inventors have found through research that since the 64-bit binary number of 0x1B is 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0001 1011, i.e., the left half is composed of 59 0 s, when a certain value a is xored with 0 s, the xored results are the same as the value a (i.e) Thus, whenWhen performing bit exclusive OR calculation with 0x1B, the outputs corresponding to 59 0 in the left half part can be directly +.>The 59 bit value of the left half of (2), whereas for a bit value of 1, due to +.>Exclusive OR with 0x1B is in +.>Is 1, thus, at +.>When (I)>1, whereby the bit of the binary value of the 64 bits of 0x1B is 1 can be used +.>Instead of 1. Thus (S)>Can continue to be abbreviated as:
due toSo can also be abbreviated asV[63]}: (V < 1). Wherein {0, …,0, V [63 ]],V[63],0,V[63],V[63]The left half has 59 0's, corresponding to 59 bit 0's in the left half of 64 bit 0x 1B.
It will be appreciated that when the most significant V63]When the number of the active carbon is not 1, namely 0,it may be equivalent to exclusive-or (V < 1) with data having 64 bits of 0, the exclusive-or result still being (V < 1). Thus when V63]When=0, it is still possible to make Due to V63 at this time]=0, and thus can correspond to +.> Thereby can be equivalent to +.>Thus, the most significant bit V63]Whether or not 1, & gt>Can be directly abbreviated as:
wherein, the operator is a left shift operator, which means that all numbers are shifted leftwards by corresponding digits in binary form, and the high shift (discard) is performed, and the empty bit of the low bit is zero-filled. Thus V < 1 can be understood as moving 64 bits of V [63] - [0] of V1 bit to the left, so that the high bit V [63] is moved out and the low bit space is complemented with 0.
It can thus be seen that,can be obtained by shifting the input parameter V left by 1 bit, and shifting the result to V [63] at the specified bit]Is obtained after bitwise exclusive OR operation, that is +.>Can be obtained directly from the input parameter V, i.e. the +.>Mapping relation with input parameter V.
Based on the analysis, it is further possible to realizeIs provided. For example, referring to FIG. 4, FIG. 4 shows a +.>Is a schematic diagram of a bit-wise calculation circuit. Wherein, the 64-bit data M [63] of M]~M[0]Corresponding to the 64-bit data V [63]]~V[0]The shift result after shifting 1 bit to the left corresponds to V < 1. Since M is equal to {0, …,0, V [63]],V[63],0,V[63],V[63]When the bits with the value of 0 are exclusive-ored, the exclusive-ored result is still the corresponding M value, so that exclusive-ored circuit design can be performed on only the bits with the value other than 0. That is, as shown in FIG. 4, V [63] due to {0, …,0 ],V[63],0,V[63],V[63]V63, which is a non-0 value only at bits 0, 1, 3, 4]Therefore, it can be only M [0 ]]、M[1]、M[3]、M[4]Increase and V63]Is a bitwise exclusive or circuit. It can be seen that the present application->Is dependent on the input parameter V only.
Similarly, when mulxpiow (V, 2, C) =mulx (mulxpiow (V, 1, C)) is simplified based on the above definition, it is possible to obtain:
from the pseudo code of MULx (V, C) function, it can be known that when the highest order V [63 ] of the parameter V]When 1, MULx (V, C) = (V)<<1) xor C, when the highest bit of the parameter V is V63]When not 1, MULx (V, C) = (V)<<1). Due to the fact that at this timeThe parameter V isThe most significant bit V63 of parameter V]Is->Thus (S)>Can be abbreviated as:
first, determiningIn particular, the value of (c):
due toThus, the first and second substrates are bonded together,
due toC=0x1b, and the most significant bit of C is C63]0, thus, < >>Can continue to be abbreviated as:
since the exclusive OR result is the same as the value a when the value a is exclusive-ored with 0, (V < 1) [63 ]]The exclusive OR result of xor0 is still (V < 1) [63 ]]. Thus, it can be seen that no matter what V63]Whether it is a 1 or not,are all (V < 1) [63 ]]. Therefore->Can be directly abbreviated as: />
Wherein, (V < 1) [63 ]]It can be understood that the new value of the highest bit after shifting V by 1 bit is 64 bits of data V [63 ] of V since V < 1 ]~V[0]Move 1 bit to the left, thereby high V63]Shifted out, the new highest bit has a value of V62]. It is thus possible to obtain a product,
based on this, the first and second light sources,can continue to be abbreviated as:
similarly, since the left half of the 64-bit binary number of 0x1B consists of 59 0 s, whenWhen performing bit exclusive OR calculation with 0x1B, the outputs corresponding to 59 0 in the left half part can be directly +.>The 59 bit value of the left half of (2), whereas for a bit value of 1, due to +.>Exclusive OR with 0x1B is at V62]Is 1, thus, at +.> V62 at the time]1, whereby the 64-bit binary number of 0x1B can be used with V62]Instead of 1. Thus (S)>Can continue to be abbreviated as:
based on the above formula, it can be seen that when V [62 ]]When the number of the active carbon is not 1, namely 0,it may be equivalent to that of a single-phase reactor,exclusive-or with 64-bit data of 0, the exclusive-or result is still +.>Thus when V62]When=0, still enable +.>Due to V62 at this time]=0, and thus can correspond to +.>Thereby can be equivalent to +.>Thus, V62]Whether or not 1, & gt>Can be directly abbreviated as:
it can thus be seen that,the result of (2) can be obtained by>After shifting 1 bit, the shifted result is compared with V62 at the designated bit ]And performing bit exclusive OR operation to obtain the bit-wise exclusive OR operation. Due to the fact that ∈10 is determined as described above>Can be directly obtained from the input parameter V, but +.>Except->In addition, also with V62]Related, therefore->Can also be obtained essentially directly from the input parameter V, i.e. +.>Mapping relation with input parameter V.
Based on the analysis, the method is thatAfter the calculation circuit of (a) can also be implemented +.>Is provided. For example, referring to FIG. 5, FIG. 5 shows a +.>Is a schematic diagram of a bit-wise calculation circuit. As shown in fig. 5, ->The computing circuit of (1) comprises->Most computing circuits are additionally provided with 4 AND V62]Is a bitwise exclusive or circuit. As can be seen from FIG. 5, the present application +.>Also depends only on the input parameter V.
Specifically, M64-bit data M [63 ]]~M[0]Corresponding toThe shift result after shifting 64 bits of data by 1 bit to the left as shown in the dotted line box shown in FIG. 5 +.>The calculation circuit after 1 bit of left shift corresponds toSince M is equal to {0, …,0, V [62 ]],V[62],0,V[62],V[62]When the bits with the value of 0 are exclusive-ored, the exclusive-ored result is still the corresponding M value, so that exclusive-ored circuit design can be performed on only the bits with the value other than 0. That is, as shown in FIG. 5, due to {0, …,0, V [62 ] ],V[62],0,V[62],V[62]V62 having a value other than 0 only at bits 0, 1, 3, 4]Therefore, it can be only M [0 ]]、M[1]、M[3]、M[4]The position is added with V62]Is a bitwise exclusive or circuit.
Thus, as can be seen from FIG. 5, the present applicationIs realized by hardware circuit of V, which is essentially 64-bit data V [63 ]]~V[0]After shifting to the left by 2 bits, shifting the result to the specified bitBit and V62]、V[63]And performing bit exclusive OR operation to obtain the bit-wise exclusive OR operation. Namely->Can be directly obtained according to the input parameter V, i.e. the +.>Mapping relation with input parameter V.
Similarly, when mulxpiow (V, 3, C) =mulx (mulxpiow (V, 2, C)) is simplified based on the above definition, it is possible to obtain:
in the same way as described above,can be abbreviated as:
first, determiningIn particular, the value of (c):
since C=0x1B, and C is the most significant C [63 ]]Is 0, and thus, as such,can continue to be abbreviated as:
wherein,,can be understood as +.>The value of the new highest bit after a 1-bit shift left, i.e. the original highest bit +.>Shifted out, the new highest bit has a value of +.>And then can obtain:
since c=0x1b, and C [62 ]]Is 0, and therefore,can continue to be abbreviated as:
wherein, (V < 1) [62 ]]It can be understood that the new next highest value after shifting V1 bit to the left, i.e. the original highest V63 ]Shifted out, the new highest bit has a value of V62]Then the new next highest order value is V61]. It is thus possible to obtain a product,
based on this, the first and second light sources,can continue to be abbreviated as:
similarly, due to 64 bits of 0x1BThe left half of the binary number of (2) consists of 59 0 s, and therefore, whenWhen performing bit exclusive OR calculation with 0x1B, the outputs corresponding to 59 0 in the left half part can be directly +.>The 59 bit value of the left half of (2), whereas for a bit value of 1, due to +.>Exclusive OR with 0x1B is at V [61 ]]Is 1, thus, at +.> V61 at the time]1, whereby the 64-bit binary number of 0x1B can be used as bit of 1 with V [61 ]]Instead of 1. Thus (S)>Can continue to be abbreviated as:
similarly, V61]Whether or not it is 1 or not,can be directly abbreviated as:
it can thus be seen that,the result of (a) may beBy putting->After shifting 1 bit, the shifted result is compared with V61 at the designated bit]And performing bit exclusive OR operation to obtain the bit-wise exclusive OR operation. Due to the fact that ∈10 is determined as described above>Can be directly obtained from the input parameter V, but +.>Except->In addition, also with V61 only]Related, therefore->Can also be obtained essentially directly from the input parameter V, i.e. +.>Mapping relation with input parameter V.
Based on the analysis, the method is thatAfter the calculation circuit of (a) can also be implemented +.>Is provided. For example, referring to FIG. 6, FIG. 6 shows a +.>Is a schematic diagram of a bit-wise calculation circuit. As shown in fig. 6, ->The computing circuit of (1) comprises->Most computing circuits are additionally provided with 4 AND V61]Is a bitwise exclusive or circuit. As can be seen from FIG. 5, the present application +.>Also depends only on the input parameter V.
Specifically, M64-bit data M [63 ]]~M[0]Corresponding toThe shift result after shifting 64 bits of data by 1 bit to the left as shown in the dotted line box shown in FIG. 6>The calculation circuit after 1 bit of left shift corresponds toSince M is equal to {0, …,0, V [61 ]],V[61],0,V[61],V[61]When the bits with the value of 0 are exclusive-ored, the exclusive-ored result is still the corresponding M value, so that exclusive-ored circuit design can be performed on only the bits with the value other than 0. That is, as shown in FIG. 6, V [61 ] due to {0, …,0],V[61],0,V[61],V[61]V61 having a value other than 0 only at bits 0, 1, 3, 4]Therefore, it can be only M [0 ]]、M[1]、M[3]、M[4]The position is added with V61]Is a bitwise exclusive or circuit.
Thus, as can be seen from FIG. 6, the present applicationIs realized by hardware circuit of V, which is essentially 64-bit data V [63 ] ]~V[0]After 3 bits of shift to left, the shifted result is compared with V61 at the designated bit]、V[62]、V[63]And performing bit exclusive OR operation to obtain the bit-wise exclusive OR operation. Namely->Can be directly obtained according to the input parameter V, i.e. the +.>Mapping relation with input parameter V.
Similarly, when mulxpiow (V, 60, C) =mulx (mulxpiow (V, 59, C) is simplified, it is possible to obtain:
wherein,,
due toC=0x1B, and C5]0, thus, < >>Can continue to be abbreviated as:
so that the number of the parts to be processed,
similarly, since the left half of the 64-bit binary number of 0x1B consists of 59 0 s, whenWhen performing bitwise exclusive OR calculation with 0x1B, the left half 59 pairs of 0 sThe corresponding output can be directly +.>The 59 bit value of the left half of (2), whereas for a bit value of 1, due to +.>Exclusive OR with 0x1B is at V4]Is 1, thus, at +.> V4 at the time]1, whereby the 64-bit binary number of 0x1B can be used with V4 as bit of 1]Instead of 1. Thus (S)>Can continue to be abbreviated as:
similarly, V4]Whether or not it is 1 or not,can be directly abbreviated as:
it can thus be seen that,the result of (2) can be obtained by>After shifting 1 bit, the shifted result is shifted between the designated bit and V4 ]And performing bit exclusive OR operation to obtain the bit-wise exclusive OR operation. From the following componentsFrom the above derivation, it is possible to determine +.>Can be directly obtained from the input parameter V, but +.>Except->In addition, also with V4 only]Related, therefore->Can also be obtained essentially directly from the input parameter V, i.e. +.>Mapping relation with input parameter V.
In the same way, can also realizeIs provided. For example, referring to FIG. 7, FIG. 7 shows a +.>Is a schematic diagram of a bit-wise calculation circuit. Specifically, M64-bit data M [63 ]]~M[0]Corresponding is +.>The shift result after shifting 64 bits of data by 1 bit to the left as shown in the dotted line box shown in FIG. 7>The calculation circuit after shifting 1 bit to the left corresponds to + ->For the same reason {0, …,0, V4],V[4],0,V[4],V[4]In the bits 0, 1, 3 only,At 4 is a value other than 0V 4]Therefore, it can be only M [0 ]]、M[1]、M[3]、M[4]The position is added with V4]Is a bitwise exclusive or circuit.
Similarly, as can be seen from FIG. 7, the present applicationIs also implemented by hardware circuit of V, which is essentially 64-bit data V [63 ]]~V[0]After shifting 60 bits to the left, shifting the result to V4 at the designated bit]…V[61]、V[62]、V[63]And performing bit exclusive OR operation to obtain the bit-wise exclusive OR operation. Namely->Can be directly obtained according to the input parameter V, i.e. the +. >Mapping relation with input parameter V.
It should be noted that due toBased on the analysis described above->It can be seen that its calculation is ultimately dependent on C5]=0, thus->Can continue to be abbreviated as:thereby making it
Due to C5]Is the position corresponding to the rightmost one of the 59 0's on the left in parameter C, i.e. C4]Has a value of 1. Thus, the first and second substrates are bonded together,is the last one calculated by the ruleThe nested functions are derived.
Based on the aboveThe inventor further found through research that each of the V values xored with the shifted result is a shifted value when the input parameter V shifts left, and each of the xored V values corresponds to bits 0, 1, 3, and 4 where the binary value of 64 bits of the parameter c=0x1b is 1.
Specifically, based on the foregoing analysis, it can be seen in conjunction with fig. 4 to 7 that:
further, the inventors have found that, forThe result of (2) may be M [0+j ] in the result M after shifting the input parameter V left by i bits]、M[1+j]、M[3+j]、M[4+j]And V [ N-i+j ]]And performing bit exclusive OR operation. Wherein j is an integer between 0 and i-1. Wherein N is the number of bits of the V parameter 64, M0+j]、M[1+j]、M[3+j]、M[4+j]The 0, 1, 3, 4 referred to in (a) is the bit where the binary value of N bits of parameter c=0x1b is 1. Thereby obtaining a determination mode of the mapping relation between the input V and the function output. Based on this, the inventors propose a data processing method, circuit, chip, electronic device and storage medium to determine the mapping relationship of input V and function output based on the characteristic that parameter C is constant and most of its bits are 0.
Therefore, for the MULxPOW (V, i, C) function which needs to calculate the output of the previous i before calculating the output of the next i in the related art, the function can be directly calculated according to the input parameter V without depending on the output of the previous level i, so that a serial calculation mode in the related art can be changed, and a parallel calculation mode is adopted, so that the output corresponding to each i of the MULxPOW (V, i, C) can be calculated simultaneously in one clock period, and the throughput of system calculation is improved.
Referring to fig. 8, fig. 8 is a flow chart illustrating a data processing method according to an embodiment of the application. In a specific embodiment, the data processing method is applicable to the data processing apparatus 800 shown in fig. 13 and an electronic device (fig. 15) provided with the data processing apparatus 800. The following details the flow shown in fig. 8, and the data processing method specifically may include the following steps:
step S110: and determining a second data sequence obtained after the first data sequence is shifted by i bits to the left.
Based on the foregoing reasoning, it can be appreciated that forThe result of (2) is that the parameter V is shifted left by i bits, and then M [0+j ] in the result M after V shift]、M[1+j]、M[3+j]、M[4+j]And V [64-i+j ] ]And performing bit exclusive OR operation. Therefore, the present application is used in determining the parameters V and +.>When the mapping relation of the function output is needed to be determined, the second data sequence obtained after the first data sequence is shifted left by i bits is determined.
The first data sequence is an N-bit binary sequence V0-V N-1 of a parameter V in a MULxPOW (V, i, C) function, the second data sequence is a new N-bit binary sequence M0-M N-1 obtained after the N-bit binary sequence V0-V N-1 is shifted, and i is an integer between 0 and N-1.
In some embodiments, the parameter V may be a value represented by a binary number, or may be a value represented by another binary number, and when the parameter V is represented by another binary number (e.g., hexadecimal), it may be converted into a binary sequence of N bits, thereby obtaining the first data sequence described above. As a specific embodiment, N may be 64, and a 64-bit binary sequence may be obtained based on the parameter V, so that the first data sequence may be a 64-bit binary sequence V [0] to V [63] distributed with binary values of 0 or 1. Then the first data sequence V0-V63 is shifted left by i bits to obtain new 64-bit binary sequence M0-M63 as the second data sequence.
Step S120: and when i is more than or equal to 1 and less than or equal to N-Z, performing exclusive OR operation on first data V [ N-i+j ] in the first data sequence and second data M [ k+j ] in the second data sequence to obtain an exclusive OR result corresponding to the second data M [ k+j ].
Wherein j is an integer between 0 and i-1, k is a bit where a binary 1 value is located in an N-bit binary sequence of a parameter C in the MULxPOW (V, i, C) function, the number of k is at least one, and Z is the highest bit of k.
Based on the foregoing reasoning, it can be appreciated that forAfter shifting the parameter V left by i bits, M [0+j ] in the result M after shifting V is required]、M[1+j]、M[3+j]、M[4+j]And V [ N-i+j ]]And performing bit exclusive OR operation. And M [0+j ]]、M[1+j]、M[3+j]、M[4+j]The 0, 1, 3, 4 referred to in (a) is the bit where the binary value of N bits of parameter c=0x1b is 1. Therefore, after the second data sequence obtained after the first data sequence is shifted by i bits to the left is determined, the bit where the binary 1 value in the N-bit binary sequence of the parameter C in the MULxPOW (V, i, C) function is located can be determined, so as to determine the M value to be bitwise xored in the second data sequence according to the bit. Wherein the parameter C in the MULxPOW (V, i, C) function is constant.
In some embodiments, the parameter C in the MULxPOW (V, i, C) function may be a value represented by a binary number, so that the bit k in which the binary 1 value is located in the N-bit binary sequence of the parameter C may be determined directly according to the parameter C. The parameter C may be a value expressed by another binary number, and when the parameter C is expressed by another binary number (for example, hexadecimal), it may be converted into a binary sequence of N bits, and then the bit k where the binary 1 value is located in the binary sequence of N bits is determined. Wherein the number of k is at least one.
It should be noted that, based on the foregoing analysis,the last nested function that can be calculated by the law is due to C5]Is the position corresponding to the rightmost one of the 59 0's on the left of the parameters C=0x1B, i.e. C4]Has a value of 1. Therefore, in the embodiment of the present application, the highest bit Z where the binary 1 value is located in the N-bit binary sequence of the parameter C in the MULxPOW (V, i, C) function can be determined first, so that the maximum nested function MULxPOW (V, i, C) realized by the above rule can be determined>Wherein i=n-Z. In some embodiments, since the bit k in which the binary 1 value is located in the N-bit binary sequence of the parameter C has been determined, the highest bit Z can be determined directly from the bit k, so that the maximum nesting function MULxPOW (V, i, C) achieved by the above-described law, i.e.) >Wherein i=n-Z. That is, when 1.ltoreq.i.ltoreq.N-Z, the first data V [ N-i+j ] in the first data sequence may be subjected to the above-described rule]And second data M [ k+j ] in said second data sequence]Performing exclusive-or operation to obtain the second data M [ k+j ]]And (5) a corresponding exclusive or result.
As a specific embodiment, N may be 64, and the parameter C may be a constant 0x1B, and since the binary number of 64 bits of 0x1B is 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0001 1011, bits in which the binary 1 value is located may be determined to be 0 th bit, 1 st bit, 3 rd bit, 4 th bit. I.e. the bits k are 0, 1, 3, 4. Wherein the most significant bit Z is 4. When i is not less than 1 and not more than N-Z, the exclusive OR operation is carried out on the first data V [ N-i+j ] in the first data sequence and the second data M [ k+j ] in the second data sequence to obtain an exclusive OR result corresponding to the second data M [ k+j ], and when i is not less than 1 and not more than 60, the exclusive OR operation is carried out on the first data V [ N-i+j ] in the first data sequence and the second data M [0+j ], M [1+j ], M [3+j ] and M [4+j ] in the second data sequence to obtain exclusive OR results corresponding to the second data M [0+j ], M [1+j ], M [3+j ] and M [4+j ].
Step S130: and correspondingly updating the second data M [ k+j ] in the second data sequence according to the exclusive OR result corresponding to the second data M [ k+j ], so as to obtain a third data sequence with N bits as an ith output result.
Wherein the ith output is used to characterize the MULxPOW (V, i, C) function, i.e.And outputting a result of the function.
It will be appreciated that due to the second data M k + j in the second data sequence]Needs to be matched with the first data V [ N-i+j ]]Performing exclusive-or operation to obtain final exclusive-or result of exclusive-or operation of each second data and the first data, and re-splicing with other data not participating in exclusive-or operation in the second data sequence to obtain new third data sequence with N bits, wherein the result is MULxPOW (V, i, C) functionAnd outputting a result of the function. Thus the MULxPOW (V, i, C) function can be calculated from the input parameter V only, without relying on the output of the previous stage i.
Step S140: and generating an information authentication code based on the ith output result, wherein the information authentication code is used for checking the integrity of information.
In the embodiment of the application, after the ith output result of the mulxPOW (V, i, C) function is obtained, an information authentication code is generated according to each ith output result of the mulxPOW function, and the information authentication code is used for checking the integrity of information.
In some embodiments, when the information authentication code is generated according to the UIA2 integrity protection algorithm, it may be specifically to bring the respective ith output result of the MULxPOW function into the MUL (V, P, C) function to determine an EVAL value based on the MUL (V, P, C) function, and then generate the information authentication code MAC based on the EVAL value. For example, the UIA2 integrity protection algorithm described above calculates the message authentication code MAC from the tenth step to the twelfth step.
It will be appreciated that when V, P, and C are all N bits (e.g., 64 bits), according to the pseudo code after the expansion of the MUL (V, P, and C) function, it can be seen that the MULxPOW (V, i, and C) needs to be calculated, and i is the corresponding result when the integers between 0 and N-1 (e.g., 0 and 63) are respectively taken. In the related art, since the serial calculation mode is adopted, that is, the output of the previous i is calculated before the output of the next i is calculated, more clock cycles are needed for calculation, and the throughput of system calculation is reduced. Therefore, in the embodiment of the application, for the output corresponding to each i which is 1.ltoreq.i.ltoreq.N-Z in MULxPOW (V, i, C), the output corresponding to each i which is 1.ltoreq.i.ltoreq.N-Z in MULxPOW (V, i, C) can be directly calculated according to the input parameter V without depending on the output of the previous stage i, so that a serial calculation mode in the related technology can be changed, and a parallel calculation mode is adopted, so that the output corresponding to each i which is 1.ltoreq.i.ltoreq.N-Z in MULxPOW (V, i, C) can be calculated simultaneously in one clock cycle, and the throughput of system calculation is improved.
In some embodiments, since the output of MULxPOW (V, 0, c) is directly the parameter V, for i=0, MULxPOW (V, 0, c) can also be calculated substantially directly from the parameter V alone. Thus, when i is more than or equal to 0 and less than or equal to N-Z, the hardware circuit implementation of MULxPOW (V, i, C) can be in a parallel computing mode, and when i is more than or equal to N-Z, the original serial computing mode can be adopted. Specifically, the i=n-z+1 output result of the next stage may be calculated directly according to the i=n-Z output result by adopting a serial calculation method in the related art, and then the i=n-1 output result is sequentially calculated. Therefore, the whole serial computing mode in the related technology is improved to local serial computing, and the rest adopts a parallel computing mode, so that the speed of a hardware circuit for computing the message authentication code MAC is improved, the clock frequency is also improved, and the throughput requirement is met.
According to the data processing method provided by the embodiment of the application, a second data sequence is obtained after a first data sequence is shifted left by i bits, wherein the first data sequence is an xP result corresponding to second data M [ k+j ] in a MULxPOW (V, i, C) function, the second data sequence is a new N-bit binary sequence M [0] M [ N-1] obtained after shifting the N-bit binary sequence V [0] N-1], i is an integer between 0 and N-1, when i is less than or equal to 1 and less than or equal to N-Z, the first data V [ N-i+j ] in the first data sequence and the second data M [ k+j ] in the second data sequence are subjected to exclusive OR operation, wherein j is an integer between 0 and i-1, k is an integer between MULxPOW (V, i, C) function, k is at least one bit of the binary 1 value in the N-bit binary sequence of the parameter C in the MULxPOW (V, i, C) function is at least one bit of the second data M [ k+j ] in the second data sequence, and at least one bit M [ k+j ] in the second data sequence is the second data m+j, and the second data m+j is the second data m+j in the second data sequence is used as an authentication result, and the result is generated, and the result is used for outputting the authentication result. Therefore, the calculation of each stage of MULxPOW (V, i, C) function in the application can only depend on the input V, and the output of the previous stage is not needed, so that the serial calculation mode of the original MULxPOW (V, i, C) function can be changed into a parallel calculation mode, the speed of a hardware circuit for calculating the message authentication code MAC is improved, the clock frequency is also improved, and the throughput requirement is met.
Referring to fig. 9, fig. 9 is a flow chart illustrating a data processing method according to another embodiment of the application. The following will describe the flow shown in fig. 9 in detail, specifically, N and C in the foregoing embodiment are defined: the n=64, the i is an integer between 0 and 63, and the parameter c= 0x0000 00000000 001B. The data processing method specifically comprises the following steps:
step S210: and determining a second data sequence obtained after the first data sequence is shifted by i bits to the left.
In the embodiment of the present application, step S210 may refer to the description of the foregoing embodiment, and is not repeated here.
Step S220: when i is more than or equal to 1 and less than or equal to 60, performing exclusive or operation on the first data V [ N-i+j ] in the first data sequence and the second data M [ j ], the second data M [1+j ], the second data M [3+j ] and the second data M [4+j ] in the second data sequence to obtain exclusive or results corresponding to the second data M [ j ], the second data M [1+j ], the second data M [3+j ] and the second data M [4+j ] respectively.
It will be appreciated that when N is 64 and the parameter C is a constant 0x1B, the bit k where the binary 1 value is located is 0, 1, 3, 4, since the 64-bit binary number of 0x1B is 00000000 00000000 00000000 00000000 00000000 00000000 00000000 0001 1011. Wherein the most significant bit Z is 4. Therefore, the second data M [ k+j ] in the second data sequence, which needs to be subjected to exclusive OR operation, is second data M [ j ], second data M [1+j ], second data M [3+j ], and second data M [4+j ].
In some embodiments, when i=1, j=0, which is equivalent to obtaining MULxPOW (V, 1, c) function, i.e.Whereby the first data V [ N-i+j ] requiring an exclusive OR operation in the first data sequence]Only one, i.e. the first data V63]Second data M [ k+j ] needing exclusive OR operation in second data sequence]For the second data M [0]]Second data M [1]]Second data M [3]]Second data M [4]]. At this time, step S220 may specifically include:
and performing exclusive-or operation on the first data V [63] and the second data M [0], the second data M [1], the second data M [3] and the second data M [4] respectively to obtain exclusive-or results corresponding to the second data M [0], the second data M [1], the second data M [3] and the second data M [4] respectively.
In some embodiments, the first data V [ N-i+j ] in the first data sequence, which needs to be xored, may be multiple, and step S220 may specifically include:
and performing exclusive-or operation on all first data corresponding to the same second data and the same second data according to the second data M [ j ], the second data M [1+j ], the second data M [3+j ] and the second data M [4+j ] corresponding to each first data V [ N-i+j ] to obtain an exclusive-or result corresponding to each second data.
It can be understood that, since each of the first data V [ N-i+j ] has the second data M [ j ], the second data M [1+j ], the second data M [3+j ], and the second data M [4+j ] that need to be xored with each other, and different first data may be xored with the same second data, all the first data that need to be xored with the same second data may be determined according to the second data M [ j ], the second data M [1+j ], the second data M [3+j ], and the second data M [4+j ] corresponding to each of the first data V [ N-i+j ], so that all the first data corresponding to the same second data and the same second data may be xored with each other to obtain a multiple xored result corresponding to each of the second data.
In one embodiment, j is an integer between 0 and 1 when i=2, which corresponds to the acquisition of MULxPOW (V, 2, c) functionWhereby the first data V [ N-i+j ] requiring an exclusive OR operation in the first data sequence]Comprising first data V62]First data V63]The second data M [ k+j ] in the second data sequence requiring exclusive OR operation]Including the first data V62]Corresponding second data M [0 ] ]Second data M [1]]Second data M [3]]Second data M [4]]And with the first data V63]Corresponding second data M [1]]Second data M [2]]Second data M [4]]Second data M [5]]。
It can be seen that the first data exclusive-ored with the second data M [0] has only V [62], the first data exclusive-ored with the second data M [1] has V [62] and V [63], the first data exclusive-ored with the second data M [2] has only V [63], the first data exclusive-ored with the second data M [3] has only V [62] and V [63], the first data exclusive-ored with the second data M [4] has only V [63], and thus, in connection with fig. 5, step S220 may specifically include:
performing exclusive-or operation on the first data V [62] corresponding to the second data M [0] and the second data M [0] to obtain an exclusive-or result corresponding to the second data M [0 ];
performing exclusive-or operation on the first data V [62] and the first data V [63] corresponding to the second data M [1] and the second data M [1] to obtain an exclusive-or result corresponding to the second data M [1 ];
performing exclusive-or operation on the first data V [63] corresponding to the second data M [2] and the second data M [2] to obtain an exclusive-or result corresponding to the second data M [2 ];
Performing exclusive-or operation on the first data V [62] corresponding to the second data M [3] and the second data M [3] to obtain an exclusive-or result corresponding to the second data M [3 ];
performing exclusive-or operation on the first data V [62] and the first data V [63] corresponding to the second data M [4] and the second data M [4] to obtain an exclusive-or result corresponding to the second data M [4 ];
and performing exclusive-or operation on the first data V [63] corresponding to the second data M [5] and the second data M [5] to obtain an exclusive-or result corresponding to the second data M [5 ].
Step S230: and correspondingly updating the second data M [ j ], the second data M [1+j ], the second data M [3+j ] and the second data M [4+j ] in the second data sequence according to exclusive OR results corresponding to the second data M [ j ], the second data M [1+j ], the second data M [3+j ] and the second data M [4+j ] respectively, so as to obtain a third data sequence with 64 bits as an ith output result.
The ith output result is used for representing the output result of the MULxPOW (V, i, C) function.
It will be appreciated that when N is 64 and the parameter C is a constant 0x1B, the second data M [ j ] in the second data sequence is due to]Second data M [1+j ] ]Second data M [3+j ]]Second data M [4+j ]]Needs to be matched with the first data V [ N-i+j ]]Performing exclusive-or operation, thereby obtaining final exclusive-or result of each second data after exclusive-or operation with the first data, and re-spelling with other data not participating in exclusive-or operation in the second data sequenceThen, a new third data sequence with N bits is obtained, and the result is MULxPOW (V, i, C) functionAnd outputting a result of the function. Thus the MULxPOW (V, i, C) function can be calculated from the input parameter V only, without relying on the output of the previous stage i.
Step S240: and generating an information authentication code based on the ith output result, wherein the information authentication code is used for checking the integrity of information.
It can be understood that when V, P, and C are all 64-bit data, according to the pseudo code after the MUL (V, P, and C) function is developed, it can be seen that the MULxPOW (V, i, and C) needs to be calculated, and i respectively takes the corresponding results when the integers between 0 and 63 are taken. In the related art, since the serial calculation mode is adopted, that is, the output of the previous i is calculated before the output of the next i is calculated, more clock cycles are needed for calculation, and the throughput of system calculation is reduced. Therefore, in the embodiment of the application, for the output corresponding to each i which is 1-60 in MULxPOW (V, i, C), the output can be directly calculated according to the input parameter V without depending on the output of the previous level i, so that the serial calculation mode in the related technology can be changed, and the parallel calculation mode is adopted, so that the output corresponding to each i which is 1-60 in MULxPOW (V, i, C) can be calculated simultaneously in one clock period, and the throughput of system calculation is improved.
In some embodiments, since the output of MULxPOW (V, 0, c) is directly the parameter V, for i=0, MULxPOW (V, 0, c) can also be calculated substantially directly from the parameter V alone. Thus, when i is more than or equal to 0 and less than or equal to 60, the hardware circuit implementation of MULxPOW (V, i, C) can be in a parallel computing mode, and when i is more than or equal to 60, the original serial computing mode can be adopted. Specifically, the output result of the ith=61 of the next stage may be calculated directly from the output result of the ith=60 by adopting a serial calculation method in the related art, and then sequentially calculated to the output result of the ith=63. Therefore, the whole serial computing mode in the related technology is improved to local serial computing, and the rest adopts a parallel computing mode, so that the speed of a hardware circuit for computing the message authentication code MAC is improved, the clock frequency is also improved, and the throughput requirement is met.
According to the data processing method provided by the embodiment of the application, N=64, parameter C= 0x0000 00000000 001B,k in MULxPOW (V, i, C) function is 0, 1, 3, 4,Z is 4, so that the second data sequence obtained by determining that the first data sequence is shifted left by i bits, wherein the first data sequence is 64 bit binary sequence V [0] to V [63] of parameter V in MULxPOW (V, i, C) function, the second data sequence is new 64 bit binary sequence M [0] to M [63] obtained by shifting 64 bit binary sequence V [0] to V [63] so that when 1 is less than or equal to i and less than or equal to 60, exclusive OR operation is carried out on the first data V [64-i+j ] in the first data sequence and the second data M [ j ], the second data M [1+j ], the second data M [3+j ] and the second data M [4+j ] in the second data sequence, obtaining exclusive or results corresponding to the second data M [ j ], the second data M [1+j ], the second data M [3+j ] and the second data M [4+j ], wherein j is an integer between 0 and i-1, so that according to exclusive or results corresponding to the second data M [ j ], the second data M [1+j ], the second data M [3+j ] and the second data M [4+j ], the second data M [ j ], the second data M [1+j ], the second data M [3+j ] and the second data M [4+j ] in the second data sequence are correspondingly updated to obtain a 64-bit third data sequence as an ith output result, the ith output result is used for representing an output result of MULxPOW (V, i, C) function, and then based on the ith output result, generating an information authentication code, the information authentication code is used to verify the integrity of the information. Therefore, the calculation of each stage of MULxPOW (V, i, C) function in the application can only depend on the input V, and the output of the previous stage is not needed, so that the serial calculation mode of the original MULxPOW (V, i, C) function can be changed into a parallel calculation mode, the speed of a hardware circuit for calculating the message authentication code MAC is improved, the clock frequency is also improved, and the throughput requirement is met.
Referring to fig. 10, fig. 10 is a flow chart illustrating a data processing method according to another embodiment of the application. The flow shown in fig. 10 will be described in detail, and parallel computation of i=61 to 64 can be realized based on the foregoing embodiment. The data processing method specifically comprises the following steps:
step S310: and determining a second data sequence obtained after the first data sequence is shifted by i bits to the left.
Step S320: when i is more than or equal to 1 and less than or equal to 60, performing exclusive or operation on the first data V [ N-i+j ] in the first data sequence and the second data M [ j ], the second data M [1+j ], the second data M [3+j ] and the second data M [4+j ] in the second data sequence to obtain exclusive or results corresponding to the second data M [ j ], the second data M [1+j ], the second data M [3+j ] and the second data M [4+j ] respectively.
Step S330: and correspondingly updating the second data M [ j ], the second data M [1+j ], the second data M [3+j ] and the second data M [4+j ] in the second data sequence according to exclusive OR results corresponding to the second data M [ j ], the second data M [1+j ], the second data M [3+j ] and the second data M [4+j ] respectively, so as to obtain a third data sequence with 64 bits as an ith output result.
Step S340: when i=61, exclusive or operation is performed on the first data V [3+j ] in the first data sequence and the second data M [ j ], the second data M [1+j ], the second data M [3+j ], the second data M [4+j ] in the second data sequence, and the first data V [63] in the first data sequence and the second data M [60], the second data M [61], the second data M [63], the second data M [0], the second data M [1], the second data M [3], and the second data M [4] in the second data sequence, so as to obtain an exclusive or result corresponding to each second data.
When N is 64 and the parameter C is a constant 0x1B, based on the foregoing analysis,the last nested function that can be calculated by the law described above is the last one, since its calculation is ultimately dependent on C5]And C5]Is the position corresponding to the rightmost one of the 59 0's on the left of the parameters C=0x1B, i.e. C4]Has a value of 1. The inventors have further found that, in +.>Subsequent calculation of the nested function +.>Dependent on C [ i ]](2≤i<5) Although the calculation is complex, the mapping relationship between the input V and the function output can be determined.
The following is firstly toThe process of determining the mapping relationship of the input V and the function output is described.
Specifically, when mulxpiow (V, 61, C) =mulx (mulxpiow (V, 60, C) is simplified, it is possible to obtain:
wherein,,
due toC=0x1B, and C4]1, thus, < >>Can continue to be abbreviated as:
based on the above formula, it can be seen that, due to (V < 1) [4]Exclusive OR with 1 is at V63]Is 1, thus, in (V < 1) [4 ]]When xor 1, V63]Is 1, so that V63 can be used]Instead of 1 and (V1) [4 ]]And performing exclusive OR. Thereby making itCan continue to be abbreviated as:
/>
and due to V63]When the number of the active carbon is not 1, namely 0,it may correspond to (V1) [4 ]]Exclusive-or with 0, the exclusive-or result is still (V < 1) [4 ]]. Thus when V63]When=0, it is still possible to makeDue to V63 at this time]=0, and thus can be equivalent toThereby can be equivalent to +.>Thus V [63 ]]Whether or not it is 1 or not,can be directly abbreviated as:
so that the number of the parts to be processed,
similarly, since the left half of the 64-bit binary number of 0x1B consists of 59 0 s, whenWhen performing bit exclusive OR calculation with 0x1B, the outputs corresponding to 59 0 in the left half part can be directly +.>The 59 bit value of the left half of (2), whereas for a bit value of 1, due to +.>Exclusive OR with 0x1B is at V3]xor V[63]Is 1, thus, at +. >V3 at the time]xor V[63]1, whereby the 64-bit binary number of 0x1B can be used with V3 as bit of 1]xor V[63]Instead of 1. Thus (S)>Can continue to be abbreviated as:
similarly, based on the above formula, it can be seen that V3]xor V[63]Whether or not it is 1 or not,can be directly abbreviated as:
it can thus be seen that,the result of (2) can be obtained by>After shifting 1 bit, the shifted result is compared with V3 at the designated bit]And V63]And performing bit exclusive OR operation to obtain the bit-wise exclusive OR operation. Since according to the above derivation +.>Can be directly obtained from the input parameter V, but +.>Except->In addition, also with V3 only]And V63]Related, therefore->Can also be obtained essentially directly from the input parameter V, i.e. +.>Mapping relation with input parameter V.
In the same way, can also realizeIs provided. Referring to fig. 11, an exemplary embodiment is shown in fig. 11Is a schematic diagram of a bit-wise calculation circuit. Specifically, M64-bit data M [63 ]]~M[0]Corresponding is +.>The shift result after shifting 64 bits of data by 1 bit to the left as shown in the dotted line box shown in FIG. 11>The phase of the calculation circuit after 1 bit of left shiftWhen is in
For the same reason {0, …,0, V3]xor V[63],V[3]xor V[63],0,V[3]xor V[63],V[3]xor V[63]Only at bits 0, 1, 3, 4 are non-0 values V [3 ] ]xor V[63]Therefore, it can be only M [0 ]]、M[1]、M[3]、M[4]The position is added with V3]And V63]Is a bitwise exclusive or circuit.
Similarly, as can be seen from FIG. 11, the present applicationIs also implemented by hardware circuit of V, which is essentially 64-bit data V [63 ]]~V[0]After shifting 61 bits to the left, the shifted result is shifted between the designated bit and V3]、V[4]…V[61]、V[62]、V[63]And performing bit exclusive OR operation to obtain the bit-wise exclusive OR operation. Namely->Can be directly obtained according to the input parameter V, i.e. the +.>Mapping relation with input parameter V.
The inventors have further found that, forThe result of (2) is largely that following the aforementioned +.>Only a small part is a special rule, and therefore, a determination can be made only for the mapping of this part of the special rule. Specifically, based on the foregoing analysis, in conjunction with fig. 11, it can be seen that:
i.e. forV3 as a result of]~V[62]The rule of the value of M exclusive-ored with the shifted result M is to follow the aforementioned +.>I.e. after shifting the input parameter V left by i bits, M [0+j ] in the result M after V shift]、M[1+j]、M[3+j]、M[4+j]And V [ N-i+j ]]I.e. V3 + j]And performing bitwise exclusive OR operation. Only V63]More specifically, it is required to be equal to M [0 ] in the shifted result M]、M[1]、M[3]、M[4]、M[60]、M[61]、M[63]Exclusive or is performed.
Based on the above analysis, it can be obtained that when i=61, this corresponds to obtaining MULxPOW (V, 61, c) function, namely The first data to be exclusive-ored in the first data sequence includes the first data V [3+j ]]And first data V63]The second data in the second data sequence, which needs exclusive OR operation, comprises the first data V [3+j]Corresponding second data M [ j ]]Second data M [1+j ]]Second data M [3+j ]]Second data M [4+j ]]And with the first data V63]Corresponding second data M [60]]Second data M [61]]Second data M [63]]Second data M [0]]Second data M [1]]Second data M [3]]Second data M [4]]. Wherein j is an integer between 0 and 59.
Therefore, in the embodiment of the present application, when i=61, in determining the mapping relationship between the input V and the function output, the first data V [3+j ] in the first data sequence may be xored with the second data M [ j ], the second data M [1+j ], the second data M [3+j ], the second data M [4+j ] in the second data sequence, and the first data V [63] in the first data sequence may be xored with the second data M [60], the second data M [61], the second data M [63], the second data M [0], the second data M [1], the second data M [3], and the second data M [4] in the second data sequence, respectively, so as to obtain the xored result corresponding to each second data.
Step S350: and according to the exclusive or result corresponding to each second data, correspondingly updating each second data in the second data sequence to obtain a third data sequence with N bits as a 61 st output result, wherein the 61 st output result is used for representing the output result of the MULxPOW (V, 61, C) function.
It will be appreciated that when N is 64 and the parameter C is a constant 0x1B, for the case of i=61, since some second data in the second data sequence needs to be xored with the first data, a final xored result of each second data after being xored with the first data can be obtained, and the final xored result is re-spliced with other data not participating in the xored operation in the second data sequence to obtain a new third data sequence with N bits, which is a MULxPOW (V, 61, C) function, namelyAnd outputting a result of the function. Thus the MULxPOW (V, 61, c) function can also be calculated from the input parameter V alone, without relying on the output of the previous stage i=60.
Step S360: when i=62, the first data V [2+j ] in the first data sequence is respectively operated with the second data M [ j ], the second data M [1+j ], the second data M [3+j ], the second data M [4+j ] in the second data sequence, the first data V [62] in the first data sequence is respectively operated with the second data M [60], the second data M [61], the second data M [63], the second data M [0], the second data M [1], the second data M [3], the second data M [4] in the second data sequence, and the first data V [63] in the first data sequence is respectively operated with the second data M [61], the second data M [62], the second data M [0], the second data M [1], the second data M [2], the second data M [3], the second data M [4] in the second data sequence, and the second data M [5] in the second data sequence, so as to obtain each corresponding exclusive or result.
In the same way, it can be confirmed thatV and the function outputMapping relation. The following is firstly to->The process of determining the mapping relationship of the input V and the function output is described.
Specifically, when mulxpiow (V, 62, C) =mulx (mulxpiow (V, 61, C) is simplified, it is possible to obtain:
wherein,,
so that the number of the parts to be processed,can be abbreviated as:
it can thus be seen that,the result of (2) can be obtained by>After shifting 1 bit, the shifted result is shifted between the designated bit and V2]、V[62]And V63]And performing bit exclusive OR operation to obtain the bit-wise exclusive OR operation. Since according to the above derivation +.>Can be directly obtained from the input parameter V, but +.>Except->In addition, also with V3 only]、V[62]And V63]Related, therefore->Can also be obtained essentially directly from the input parameter V, i.e. +.>Mapping relation with input parameter V.
In the same way, can also realizeIs provided. Referring to fig. 12, an exemplary embodiment is shown in fig. 12Is a schematic diagram of a bit-wise calculation circuit. Specifically, M64-bit data M [63 ]]~M[0]Corresponding is +.>The shift result after shifting 64 bits of data by 1 bit to the left as shown in the dotted line box shown in FIG. 12>The calculation circuit after shifting 1 bit to the left corresponds to + - >Due to {0, …,0, V [2 ]]xorV[63]xorV[62],V[2]xorV[63]xorV[62],0,V[2]xorV[63]xorV[62],V[2]xorV[63]xorV[62]V2, which is a non-0 value only at bits 0, 1, 3, 4]xorV[63]xorV[62]Thus, it can be only at M0]、M[1]、M[3]、M[4]The position is added with V2]、V[62]And V63]Is a bitwise exclusive or circuit.
Similarly, as can be seen from FIG. 12The application is thatIs also implemented by hardware circuit of V, which is essentially 64-bit data V [63 ]]~V[0]After shifting 62 bits to the left, the shifted result is shifted between the specified bit and V2]、V[3]…V[61]、V[62]、V[63]And performing bit exclusive OR operation to obtain the bit-wise exclusive OR operation. Namely->Can be directly obtained according to the input parameter V, i.e. the +.>Mapping relation with input parameter V.
Similarly, as can be seen in connection with FIG. 12, forV2]~V[61]The rule of the value of M exclusive-ored with the shifted result M is to follow the aforementioned +.>I.e. after shifting the input parameter V left by i bits, M [0+j ] in the result M after V shift]、M[1+j]、M[3+j]、M[4+j]And V [ N-i+j ]]I.e. V2+j]And performing bitwise exclusive OR operation. Only V62]、V[63]More particularly, V62]M [0 ] in the result M after the need and shift]、M[1]、M[3]、M[4]、M[60]、M[61]、M[63]Exclusive OR with V63]M [0 ] in the result M after the need and shift]、M[1]、M[2]、M[3]、M[4]、M[5]、M[61]、M[62]Exclusive or is performed. And M1]And M4]All are required to be in accordance with V63]Exclusive or twice.
Based on the above analysis, it can be obtained that when i=62, this corresponds to obtaining MULxPOW (V, 62, c) function, namelyThe first data to be exclusive-ored in the first data sequence includes first data V2+j ]First data V62]And first data V63]Requirements in the second data sequenceThe second data to be exclusive-ored includes the first data V [2+j ]]Corresponding second data M [ j ]]Second data M [1+j ]]Second data M [3+j ]]Second data M [4+j ]]And with the first data V62]Corresponding second data M [60]]Second data M [61]]Second data M [63]]Second data M [0]]Second data M [1]]Second data M [3]]Second data M [4]]And with the first data V63]Corresponding second data M [61]]Second data M [62]]Second data M [0]]Second data M [1]]Second data M [2]]Second data M [3]]Second data M [4]]Second data M [5]]. Wherein the second data M [1]]And second data M [4]]All that is required is to be identical to the first data V63]Exclusive or twice, j is an integer between 0 and 59.
Therefore, in the embodiment of the present application, when i=62, in determining the mapping relationship between the input V and the function output, the first data V [2+j ] in the first data sequence may be respectively exclusive-ored with the second data M [ j ], the second data M [1+j ], the second data M [3+j ], the second data M [4+j ] in the second data sequence, and the first data V [62] in the first data sequence may be respectively exclusive-ored with the second data M [60], the second data M [61], the second data M [63], the second data M [0], the second data M [1], the second data M [3], the second data M [4] in the second data sequence, and the first data V [63] in the first data sequence may be respectively exclusive-ored with the second data M [61], the second data M [62], the second data M [0], the second data M [1], the second data M [2], the second data M [3], and the second data M [4] in the second data sequence. Wherein, the second data M [1] and the second data M [4] are respectively required to be exclusive-ored with the first data V [63] twice, and j is an integer between 0 and 59.
Step S370: and according to the exclusive or result corresponding to each second data, correspondingly updating each second data in the second data sequence to obtain a third data sequence with N bits as a 62 th output result, wherein the 62 th output result is used for representing the output result of the MULxPOW (V, 62, C) function.
Step S380: when i=63, the first data V [1+j ] in the first data sequence is respectively calculated with the second data M [ j ], the second data M [1+j ], the second data M [3+j ], and the second data M [4+j ] in the second data sequence, the first data V [61] in the first data sequence is respectively calculated with the second data M [60], the second data M [61], the second data M [63], the second data M [0], the second data M [1], the second data M [3], and the second data M [4] in the second data sequence, the first data V [62] in the first data sequence is respectively calculated with the second data M [61], the second data M [62], the second data M [0], the second data M [1], the second data M [2], the second data M [3], the second data M [4], the second data M [5], and the second data V [62] in the second data sequence is respectively calculated with the second data M [61], the second data M [62], the second data M [0], the second data M [2], the second data M [3], and the second data M [5], and the second data M [6] in the second data sequence.
In the same way, it can be confirmed thatMapping relation between the input V of (c) and the function output. The following is firstly to->The process of determining the mapping relationship of the input V and the function output is described.
Specifically, when mulxpiow (V, 63, C) =mulx (mulxpiow (V, 62, C) is simplified, it is possible to obtain:
wherein,,
so that the number of the parts to be processed,can be abbreviated as:
it can thus be seen that,the result of (2) can be obtained by>After shifting 1 bit, the shifted result is compared with V1 at the designated bit]、V[61]And V62]And performing bit exclusive OR operation to obtain the bit-wise exclusive OR operation. Since according to the above derivation +.>Can be directly obtained from the input parameter V, but +.>Except->In addition, also with V1]、V[61]And V62]Related, therefore->Can also be obtained essentially directly from the input parameter V, i.e. +.>Mapping relation with input parameter V. />
In the same way, can also realizeIs provided. Referring to FIG. 13, exemplary, FIG. 13 showsThe method comprises the following steps ofIs a schematic diagram of a bit-wise calculation circuit. Specifically, M64-bit data M [63 ]]~M[0]Corresponding is +.>The shift result after shifting 64 bits of data by 1 bit to the left as shown in the dotted line box shown in FIG. 13 +.>The calculation circuit after shifting 1 bit to the left corresponds to + - >Due to {0, …,0, V [1 ]]xorV[62]xorV[61],V[1]xorV[62]xorV[61],0,V[1]xorV[62]xorV[61],V[1]xorV[62]xorV[61]V1, which is a non-0 value only at bits 0, 1, 3, 4]xorV[62]xorV[61]Thus, it can be only at M0]、M[1]、M[3]、M[4]The position is added with V1]、V[61]And V62]Is a bitwise exclusive or circuit.
Similarly, as can be seen from FIG. 13, the present applicationIs also implemented by hardware circuit of V, which is essentially 64-bit data V [63 ]]~V[0]After shifting 63 bits to the left, the shifted result is compared with V1 at the designated bit]、V[2]…V[61]、V[62]、V[63]And performing bit exclusive OR operation to obtain the bit-wise exclusive OR operation. Namely->Can be directly obtained according to the input parameter V, i.e. the +.>Mapping relation with input parameter V.
Similarly, as can be seen in connection with FIG. 13, forV1 as a result of]~V[60]The rule of the value of M exclusive-ored with the shifted result M is to follow the aforementioned +.>I.e. after shifting the input parameter V left by i bits, M [0+j ] in the result M after V shift]、M[1+j]、M[3+j]、M[4+j]And V [ N-i+j ]]I.e. V1 + j]And performing bitwise exclusive OR operation. Only V61]、V[62]、V[63]More particularly, V61]M [0 ] in the result M after the need and shift]、M[1]、M[3]、M[4]、M[60]、M[61]、M[63]Exclusive OR with V62]M [0 ] in the result M after the need and shift]、M[1]、M[2]、M[3]、M[4]、M[5]、M[61]、M[62]Exclusive OR with V63]M1 in the result M after the need and shift]、M[2]、M[3]、M[4]、M[5]、M[6]、M[62]、M[63]Exclusive or is performed. And M2]And M5]All are required to be in accordance with V63]Exclusive or twice, M1]And M4]All are required to be in accordance with V62]Exclusive or twice.
Based on the above analysis, it can be obtained that when i=63, this corresponds to obtaining MULxPOW (V, 63, c) function, namely The first data to be exclusive-ored in the first data sequence includes the first data V [1+j ]]First data V61]First data V62]And first data V63]The second data in the second data sequence, which needs exclusive OR operation, comprises the first data V [1+j]Corresponding second data M [ j ]]Second data M [1+j ]]Second data M [3+j ]]Second data M [4+j ]]And with the first data V [61 ]]Corresponding second data M [60 ]]Second data M [61 ]]Second data M [63 ]]Second data M [0 ]]Second data M [1 ]]Second data M [3 ]]Second data M [4 ]]And with the first data V62]Corresponding second data M [61 ]]Second data M [62 ]]Second data M [0 ]]Second data M [1 ]]Second data M [2 ]]Second data M [3 ]]Second data M [4 ]]Second data M [5 ]]And with the first data V63]Corresponding second data M [62 ]]Second data M [63 ]]Second data M [1 ]]Second data M [2 ]]Second data M [3 ]]Second data M [4 ]]Second data M [5 ]]Second data M [6 ]]. Wherein the second data M [1 ]]And second data M [4 ]]All that is required is to be identical to the first data V62]Exclusive or twice, second data M2 ]And second data M [5]]All that is required is to be identical to the first data V63]Exclusive or twice, j is an integer between 0 and 59.
Therefore, in the embodiment of the present application, when i=63, in determining the mapping relationship between the input V and the function output, the first data V [1+j ] in the first data sequence may be respectively compared with the second data M [ j ], the second data M [1+j ], the second data M [3+j ], and the second data M [4+j ] in the second data sequence, the first data V [61] in the first data sequence may be respectively compared with the second data M [60], the second data M [61], the second data M [63], the second data M [0], the second data M [1], the second data M [3], the second data M [4], the first data V [62] in the first data sequence is exclusive-ored with the second data M [61], the second data M [62], the second data M [0], the second data M [1], the second data M [2], the second data M [3], the second data M [4], the second data M [5] in the second data sequence, and the first data V [63] in the first data sequence is exclusive-ored with the second data M [62], the second data M [63], the second data M [1], the second data M [2], the second data M [3], the second data M [4], the second data M [5] and the second data M [6] in the second data sequence, so that exclusive-ored results corresponding to each second data are obtained. Wherein, the second data M [1] and the second data M [4] both need to be exclusive-ored with the first data V [62] twice, the second data M [2] and the second data M [5] both need to be exclusive-ored with the first data V [63] twice, j is an integer between 0 and 59.
Step S390: and according to the exclusive or result corresponding to each second data, correspondingly updating each second data in the second data sequence to obtain a third data sequence with N bits as a 63 rd output result, wherein the 63 rd output result is used for representing the output result of the MULxPOW (V, 63, C) function.
Step S400: and generating an information authentication code based on the ith output result, wherein the information authentication code is used for checking the integrity of information. And i is an integer between 0 and N-1.
In an embodiment of the present application, in the present application,the mapping relation between each input parameter and the input parameter V can be determined, so that the input parameter V can be directly calculated, the output of the previous stage i is not needed to be relied on, the serial calculation mode in the related technology can be changed, the parallel calculation mode is adopted, the output corresponding to each i of MULxPOW (V, i, C) can be calculated in one clock period, and the system calculation throughput is improved.
In some embodiments, the target output result may be determined from the ith output result according to the received key sequence of N bits, where i is an integer between 0 and N-1. And performing exclusive-or operation on the target output result and a preset initial value to obtain a target exclusive-or result, and finally generating an information authentication code based on the target exclusive-or result, wherein the information authentication code is used for checking the integrity of information.
The key sequence of N bits may be a binary sequence of N bits of parameter P in MUL (V, P, C). Whether the ith output result is to be the target output result added to the subsequent exclusive or process can be correspondingly selected according to the value of 0 or 1 of each bit key in the N-bit key sequence. For example, referring to fig. 3, depending on the binary 0 or 1 value of each bit in the binary sequence of N bits of the parameter P, it may be selected whether to exclusive-or the output result of the MULxPOW (V, i, C) function of the corresponding stage with the output result of the other stage, or to add the output result of the MULxPOW (V, i, C) function of the corresponding stage to the subsequent exclusive-or process.
The preset initial value may be a user self-set value, which is set to 0 in UIA2 integrity protection algorithm. For example, please refer to result=0 in fig. 3, which is a preset initial value.
It will be appreciated that after determining the target output result from the i-th output result according to the received N-bit key sequence, the output result of the MULxPOW (V, i, C) function selected for performing the exclusive-or operation may be obtained, so that the target output result may be subjected to the exclusive-or operation with a preset initial value to obtain a target exclusive-or result, which may be understood as the final output result of the MUL (V, P, C) function.
In the embodiment of the application, after obtaining the final output result of the target exclusive-or result, namely the MUL (V, P, C) function, an information authentication code for verifying the integrity of the information may be generated based on the target exclusive-or result. For example, the UIA2 integrity protection algorithm described above calculates the message authentication code MAC from the tenth step to the twelfth step.
According to the data processing method provided by the embodiment of the application, the parameter C= 0x0000 00000000 001B,k in the MULxPOW (V, i, C) function is 0, 1, 3 and 4,Z is 4, and the calculation of each stage in the MULxPOW (V, i, C) function can be only dependent on the input V without the output of the previous stage by determining the mapping relation between the calculation of each stage in the 64 stages and the output V, so that the serial calculation mode of the original MULxPOW (V, i, C) function is changed into the parallel calculation mode, the speed of a hardware circuit for calculating the message authentication code MAC is improved, the clock frequency is also improved, and the throughput requirement is met.
Based on the bitwise calculation circuit of each stage obtained by the aforementioned data processing method, the UIA2 calculation circuit may be redesigned to change the parallel calculation circuit of the MULxPOW (V, i, C) function therein to a serial calculation circuit. Specifically, referring to fig. 14, fig. 14 is a schematic diagram of a UIA2 computing circuit according to still another embodiment of the present application. And a calculation output for realizing a MULxPOW (V, i, C) function. The UIA2 computing circuit 500 includes a 64-stage MUL unit 510 and a 64-stage hybrid operation unit 520 correspondingly connected to the 64-stage MUL unit, wherein: each stage MUL unit of the 64-stage MUL unit 510 operates independently. Specifically, for the ith stage MUL unit in the 64 stage MUL units 510, the method is used for receiving a first data sequence with N64 bits, and performing an ith stage MUL operation on the first data sequence with 64N bits to obtain an ith stage MUL operation result, i is an integer, values of i are traversed from 0 to 63i and N are integers greater than 1, and values of i are traversed from 1 to N;
For the ith mixed operation unit in the 64-stage mixed operation units 520, the ith mixed operation unit is connected with the ith-1 stage mixed operation unit and the ith MUL unit respectively, and is used for receiving the ith-1 stage mixed operation result and the ith MUL operation result of the ith-1 stage mixed operation unit and obtaining the ith mixed operation result based on the ith-1 stage mixed operation result and the ith MUL operation result; the nth mixed operation result is an operation result corresponding to the first data sequence.
Therefore, based on the UIA2 computing circuit, the ith MUL unit can receive the 64-bit first data sequence, and perform the ith MUL operation on the 64-bit first data sequence to obtain an ith MUL operation result; the ith mixed operation unit can receive the ith-1 level mixed operation result and the ith MUL operation result of the ith-1 level operation unit and obtain the ith mixed operation result based on the ith-1 level mixed operation result and the ith MUL operation result; the nth mixed operation result is an operation result corresponding to the first data sequence.
In some embodiments, when i is greater than 0, the ith stage MUL cell includes an ith shift circuit, and an ith exclusive-or circuit connected to the ith shift circuit. Wherein: the ith shift circuit is used for receiving the 64-bit first data sequence, and performing an ith shift operation on the 64-bit first data sequence to obtain an ith shift result; the ith exclusive-or circuit is configured to receive the ith shift result and the 64-bit first data sequence, and perform an ith exclusive-or operation based on the ith shift result and the 64-bit first data sequence, to obtain an ith MUL operation result.
In some embodiments, the ith shift circuit is configured to shift the first data sequences V [0] to V [63] with 64 bits by i bits to obtain shifted second data sequences M [0] to M [63] with 64 bits as an ith shift result. The ith exclusive OR circuit is configured to output an exclusive OR result of first data V [64-i+j ] in the 64-bit first data sequence and second data M [ k+j ] in the 64-bit second data sequence, and correspondingly update the second data M [ k+j ] in the second data sequence based on the exclusive OR result, so as to obtain a third data sequence with 64 bits as an ith MUL operation result, where j is an integer and the value of j traverses from 0 to i-1, k is a specified bit, and the number of k is at least one.
Based on this, when i is greater than 0, the ith shift circuit may receive the 64-bit first data sequence, shift the 64-bit first data sequences V [0] to V [63] left by i bits, obtain shifted 64-bit second data sequences M [0] to M [63] as an ith shift result, and may input the ith shift result to the ith exclusive or circuit. And then the ith exclusive-or circuit can receive the 64-bit first data sequence and the ith shift circuit input by the ith shift circuit, and perform exclusive-or operation on first data V [64-i+j ] in the 64-bit first data sequence and second data M [ k+j ] in the 64-bit second data sequence to obtain an exclusive-or result, and then correspondingly update the second data M [ k+j ] in the second data sequence based on the exclusive-or result to obtain a 64-bit third data sequence as an ith MUL operation result, wherein j is an integer and the value of j is traversed from 0 to i-1, k is a specified bit, and the number of k is at least one.
In some embodiments, k may be 0, 1, 3, 4, and when the value of i traverses from 1 to 60, the second data M [ k+j ] is the second data M [ j ], the second data M [1+j ], the second data M [3+j ], the second data M [4+j ], where: the ith exclusive-or circuit comprises 4i exclusive-or gates, and the 4i exclusive-or gates are used for outputting exclusive-or results of the first data V [64-i+j ] and the second data M [ j ], the second data M [1+j ], the second data M [3+j ] and the second data M [4+j ].
That is, the exclusive OR circuits of each of the 1 st MUL unit to the 60 th MUL unit perform exclusive OR operation on the first data V [64-i+j ] and the second data M [ j ], the second data M [1+j ], the second data M [3+j ], and the second data M [4+j ] to obtain exclusive OR results. And correspondingly updating the second data M [ k+j ] in the second data sequence based on the exclusive OR result to obtain a third data sequence with 64 bits as each stage MUL operation result, wherein j is an integer and the value of j traverses from 0 to i-1, k is a designated bit, and the number of k is at least one.
Illustratively, in some embodiments, when i=1, j=0, the first data V [64-i+j ] is the first data V [63], and the second data M [ k+j ] is the second data M [0], the second data M [1], the second data M [3], the second data M [4], wherein:
The 1 st exclusive-or circuit corresponding to the 1 st level sub-logic circuit comprises 4 exclusive-or gates, and the 4 exclusive-or gates are used for outputting exclusive-or results of the first data V [63] and the second data M [0], the second data M [1], the second data M [3] and the second data M [4] respectively.
For example, referring to fig. 4, the level 1 sub-logic circuit includes a first exclusive-or gate for exclusive-or of the first data V [63] with the second data M [0], a second exclusive-or gate for exclusive-or of the first data V [63] with the second data M [1], a third exclusive-or gate for exclusive-or of the first data V [63] with the second data M [3], and a fourth exclusive-or gate for exclusive-or of the first data V [63] with the second data M [4 ]. Thus, the output result of the MULxPOW (V, 1, c) function can be obtained.
That is, for the 1 st exclusive-or circuit in the 1 st stage MUL unit, the exclusive-or operation between the first data V [63] and the second data M [0], the second data M [1], the second data M [3], and the second data M [4] can be implemented, so as to obtain an exclusive-or result. And updating the second data M [0], the second data M [1], the second data M [3] and the second data M [4] replaced in the second data sequence based on the exclusive OR result to obtain a new 64-bit third data sequence as the MUL operation result of the 1 st MUL unit.
In some embodiments, when i=2, the value of j traverses from 0 to 1, the first data V [ N-i+j ] includes first data V [62], first data V [63], and the second data M [ k+j ] includes second data M [0], second data M [1], second data M [3], second data M [4], and second data M [1], second data M [2], second data M [4], second data M [5] corresponding to the first data V [62], wherein:
the 2 nd exclusive or circuit comprises 8 exclusive or gates, and the 8 exclusive or gates are used for outputting exclusive or results of the second data M [0] and the first data V [62], the second data M [1] and the first data V [62] and the first data V [63], the second data M [2] and the first data V [63], the second data M [3] and the first data V [62], the second data M [4] and the first data V [62] and the first data V [63], and the second data M [5] and the first data V [63 ]. As illustrated by way of example in fig. 5.
That is, for the 2 nd exclusive-OR circuit in the 2 nd MUL unit, exclusive-OR operations can be implemented on the second data M [0] and the first data V [62], the second data M [1] and the first data V [62] and the first data V [63], the second data M [2] and the first data V [63], the second data M [3] and the first data V [62], the second data M [4] and the first data V [62] and the first data V [63], and the second data M [5] and the first data V [63] respectively, so as to obtain exclusive-OR results. And updating the second data M0-M5 replaced in the second data sequence based on the exclusive OR result to obtain a new 64-bit third data sequence as the MUL operation result of the 2 nd-stage MUL unit.
The same can be achieved for each stage of exclusive OR circuit in the 3 rd to 60 th stages of MUL units.
In some embodiments, when the value of i is 61, the value of j is traversed from 0 to 59, the 61 st exclusive or circuit includes 247 exclusive or gates, the 247 exclusive or gates are used for outputting exclusive or results of the first data V [3+j ] in the first data sequence and the second data M [ j ], the second data M [1+j ], the second data M [3+j ], the second data M [4+j ] in the second data sequence, and the first data V [63] in the first data sequence and the second data M [60], the second data M [61], the second data M [63], the second data M [0], the second data M [1], the second data M [3], the second data M [4] in the second data sequence respectively, and the exclusive or results are used for updating the second data corresponding to the new N-bit data sequence M [0] to M [ N-1], and the updated N-bit data sequence is output as the exclusive or result between 0 to 59. As shown in fig. 11, for example.
That is, for the 61 st exclusive-or circuit in the 61 st stage MUL unit, it can implement the exclusive-or operation of the first data v3+j in the first data sequence with the second data M [ j ], the second data M [1+j ], the second data M [3+j ], and the second data M [4+j ] in the second data sequence, where the value of j is traversed from 0 to 59, and the exclusive-or operation of the first data V [63] in the first data sequence with the second data M [60], the second data M [61], the second data M [63], the second data M [0], the second data M [1], the second data M [3], and the second data M [4] in the second data sequence, so as to obtain the exclusive-or result. And then based on the exclusive or result, correspondingly updating the second data replaced in the second data sequence to obtain a new 64-bit third data sequence as the MUL operation result of the 61-stage MUL unit.
In some embodiments, when the value of i is 62, the value of j traverses from 0 to 59, the 62 th exclusive or circuit includes 257 exclusive or gates, the 257 th exclusive or gates are used for outputting the result of updating the first data V [2+j ] in the first data sequence with the second data M [ j ], the second data M [1+j ], the second data M [3+j ], and the second data M [4+j ] in the second data sequence, the first data V [62] in the first data sequence with the second data M [60], the second data M [61], the second data M [63], the second data M [0], the second data M [1], the second data M [3], the second data M [4] in the first data sequence, and the first data V [63] in the first data sequence with the second data M [61], the second data M [62], the second data M [0], the second data M [1], the second data M [2], and the second data M [4] in the second data sequence respectively as the result of updating the second data M [0, the second data M [4] in the first data sequence. As shown in fig. 12, for example. It should be noted that the second data M [1] and the second data M [4] are exclusive-ored with the first data V [63] twice.
That is, for the 62 nd exclusive-or circuit in the 62 th stage MUL unit, it may implement the exclusive-or operation between the first data V [2+j ] in the first data sequence and the second data M [ j ], the second data M [1+j ], the second data M [3+j ], and the second data M [4+j ] in the second data sequence, where the value of j traverses from 0 to 59, the first data V [62] in the first data sequence and the second data M [60], the second data M [61], the second data M [63], the second data M [0], the second data M [1], the second data M [3], the second data M [4], and the first data V [63] in the first data sequence and the second data M [61], the second data M [62], the second data M [0], the second data M [1], the second data M [2], the second data M [3], the second data M [4] and the second data M [5] in the second data sequence are respectively subjected to the exclusive-or operation, where the first data V [63] and the second data M [4] in the second data sequence are subjected to the exclusive-or operation. And then based on the exclusive OR result, correspondingly updating the second data replaced in the second data sequence to obtain a new 64-bit third data sequence as the MUL operation result of the 62-stage MUL unit.
In some embodiments, when the value of i is 63, the value of j traverses from 0 to 59, the second 63 exclusive or circuit includes 267 exclusive or gates, the 267 exclusive or gates are used for outputting first data V [1+j ] in the first data sequence and second data M [ j ], second data M [1+j ], second data M [3+j ], second data M [4+j ] in the second data sequence, the first data V [61] in the first data sequence is respectively used as a result of updating the first data V [61] in the first data sequence with second data M [60], second data M [61], second data M [63], second data M [0], second data M [1], second data M [3], and second data M [4] in the first data sequence, the first data V [62] in the first data sequence and the second data M [61], second data M [3] in the second data sequence, second data M [3], second data M [5] in the second data sequence are respectively used as a result of updating the first data V [0], second data M [3] in the second data sequence, second data M [3] and second data M [4] in the first data sequence, and second data M [62] are respectively used as a result of updating the second data M [0] in the second data sequence. As shown in fig. 13, for example. It should be noted that the second data M [1] and the second data M [4] are exclusive-ored with the first data V [62] twice, and the second data M [2] and the second data M [5] are exclusive-ored with the first data V [63] twice.
That is, for the 63 rd exclusive OR circuit in the 63 rd stage MUL unit, it can implement that the first data V [1+j ] in the first data sequence and the second data M [ j ], the second data M [1+j ], the second data M [3+j ], the second data M [4+j ] in the second data sequence are traversed from 0 to 59, the first data V [61] in the first data sequence and the second data M [60], the second data M [61], the second data M [63], the second data M [0], the second data M [1], the second data M [3], the second data M [4], the first data V [62] in the first data sequence is exclusive-ored with the second data M [61], the second data M [62], the second data M [0], the second data M [1], the second data M [2], the second data M [3], the second data M [4], the second data M [5] in the second data sequence, and the first data V [63] in the first data sequence is exclusive-ored with the second data M [62], the second data M [63], the second data M [1], the second data M [2], the second data M [3], the second data M [4], the second data M [5] and the second data M [6] in the second data sequence, so that exclusive-ored results are obtained. Wherein, the second data M1 and the second data M4 are exclusive-or twice with the first data V62, and the second data M2 and the second data M5 are exclusive-or twice with the first data V63. And then based on the exclusive or result, correspondingly updating the second data replaced in the second data sequence to obtain a new 64-bit third data sequence as the MUL operation result of the 63-stage MUL unit.
In some embodiments, the ith stage hybrid operation unit is further configured to receive an ith bit key in a 64-bit key sequence, and output an exclusive or result of the ith-1 stage hybrid operation result and the ith stage MUL operation result, or output the ith-1 stage hybrid operation result as an ith stage hybrid operation result, based on the ith bit key.
Referring to fig. 15, fig. 15 shows a calculation circuit structure of a MUL (V, P, C) function according to the present application. Compared with the related technical scheme, the application changes the serial calculation of MULxPOW (V, i, C) into parallel calculation, namely the calculation of each stage of MULxPOW (V, i, C) in the application only depends on input V, so that the calculation of MULxPOW (V, i, C) is greatly time-sequence simplified, the MULxPOW (V, i, C) can be calculated in a parallel mode, thereby improving the speed of a MUL (V, P, C) function calculation circuit and improving the UIA2 operation throughput.
It will be appreciated that UIA2 is used in the 3G communication protocol and the algorithm is modified to 128-EIA1 and 128-NIA1 in the 4G and 5G protocols, so that the scheme of the present application may also be shared in hardware implementations of the 3G, 4G and 5G communication protocols.
The embodiment of the application provides a chip which comprises the data processing circuit. With the same interpretation as for one of the data processing circuits described previously. The description and beneficial effects are not repeated here.
Referring to fig. 16, a block diagram of an electronic device according to an embodiment of the present application is shown. The electronic device 100 may be an electronic device such as a smart phone capable of running applications. The electronic device 100 of the present application may include one or more of the following components: a processor 110, a memory 120, and one or more program codes, wherein the one or more program codes may be stored in the memory 120 and configured to be executed by the one or more processors 110, the one or more program codes configured to perform the data processing method as described in the foregoing method embodiments.
Processor 110 may include one or more processing cores. The processor 110 connects various parts within the overall electronic tag 100 using various interfaces and lines, performs various functions of the electronic tag 100 and processes data by executing or executing instructions, programs, code sets, or instruction sets stored in the memory 120, and invoking data stored in the memory 120. Alternatively, the processor 110 may be implemented in hardware in at least one of digital data processing (Digital Signal Processing, DSP), field programmable gate array (Field-Programmable Gate Array, FPGA), programmable logic array (Programmable Logic Array, PLA). The processor 110 may integrate one or a combination of several of a central processing unit (Central Processing Unit, CPU), a data processor (Graphics Processing Unit, GPU), and a modem, etc. The CPU mainly processes an operating system, a user interface, an application program and the like; the GPU is used for being responsible for rendering and drawing of display content; the modem is used for processing data. It will be appreciated that the modem may not be integrated into the processor 110 and may be implemented solely by a single communication chip.
The Memory 120 may include a random access Memory (Random Access Memory, RAM) or a Read-Only Memory (Read-Only Memory). Memory 120 may be used to store instructions, programs, code, sets of codes, or sets of instructions. The memory 120 may include a stored program area and a stored data area, wherein the stored program area may store instructions for implementing an operating system, instructions for implementing at least one function (such as a touch function, a sound playing function, an image playing function, etc.), instructions for implementing the various method embodiments described below, etc. The storage data area may also store data created by the electronic tag 100 in use (e.g., phonebook, audio-video data, chat log data), etc.
It is understood that the configuration shown in fig. 16 is merely an example, and that electronic device 100 may also include more or fewer components than shown in fig. 16, or have a completely different configuration than shown in fig. 16. The embodiment of the present application is not limited thereto.
Referring to fig. 17, a block diagram of a computer readable storage medium according to an embodiment of the present application is shown. The computer readable medium 800 has stored therein program code which can be invoked by a processor to perform the methods described in the method embodiments described above.
The computer readable storage medium 800 may be an electronic memory such as a flash memory, an EEPROM (electrically erasable programmable read only memory), an EPROM, a hard disk, or a ROM. Optionally, the computer readable storage medium 800 comprises a non-volatile computer readable medium (non-transitory computer-readable storage medium). The computer readable storage medium 800 has storage space for program code 810 that performs any of the method steps described above. The program code can be read from or written to one or more computer program products. Program code 810 may be compressed, for example, in a suitable form.
Finally, it should be noted that: the above embodiments are only for illustrating the technical solution of the present application, and are not limiting; although the application has been described in detail with reference to the foregoing embodiments, it will be appreciated by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some technical features thereof can be replaced by equivalents; such modifications and substitutions do not drive the essence of the corresponding technical solutions to depart from the spirit and scope of the technical solutions of the embodiments of the present application.
Claims (21)
1. The UIA2 computing circuit is characterized by comprising 64 stages of MUL units and 64 stages of mixed operation units which are respectively and correspondingly connected with the 64 stages of MUL units, wherein:
when i is greater than 0, the ith-stage MUL unit comprises an ith shift circuit and an ith exclusive OR circuit connected with the ith shift circuit, wherein i is an integer and the value of i traverses from 0 to 63;
the ith shift circuit is used for receiving a 64-bit first data sequence, and performing an ith shift operation on the 64-bit first data sequence to obtain an ith shift result;
the ith exclusive-or circuit is used for receiving the ith shift result and a 64-bit first data sequence, and performing an ith exclusive-or operation on the basis of the ith shift result and the 64-bit first data sequence to obtain an ith MUL operation result;
the ith mixed operation unit is respectively connected with the ith-1 level mixed operation unit and the ith MUL unit, and is used for receiving the ith-1 level mixed operation result and the ith MUL operation result of the ith-1 level operation unit and obtaining the ith mixed operation result based on the ith-1 level mixed operation result and the ith MUL operation result;
the nth mixed operation result is an operation result corresponding to the first data sequence.
2. The UIA2 computing circuit as claimed in claim 1, wherein the i-th shift circuit is configured to shift the first data sequences V [0] to V [63] with 64 bits left by i bits to obtain shifted second data sequences M [0] to M [63] with 64 bits as i-th shift results.
3. The UIA2 computing circuit as claimed in claim 2, wherein the ith exclusive-or circuit is configured to output an exclusive-or result of first data V [64-i+j ] in the 64-bit first data sequence and second data M [ k+j ] in the 64-bit second data sequence, and to correspondingly update the second data M [ k+j ] in the second data sequence based on the exclusive-or result, to obtain a third data sequence of 64 bits as an ith stage MUL operation result, where j is an integer and a value of j traverses from 0 to i-1, k is a specified bit, and the number of k is at least one.
4. A UIA2 computing circuit according to claim 3, wherein the second data M [ k+j ] is second data M [ j ], second data M [1+j ], second data M [3+j ], second data M [4+j ] when k is 0, 1, 3, 4, i, traversing from 1 to 60, wherein:
the ith exclusive-or circuit comprises 4i exclusive-or gates, and the 4i exclusive-or gates are used for outputting exclusive-or results of the first data V [64-i+j ] and the second data M [ j ], the second data M [1+j ], the second data M [3+j ] and the second data M [4+j ].
5. The UIA2 computing circuit as claimed in claim 4, wherein j=0, the first data V [64-i+j ] is first data V [63], the second data M [ k+j ] is second data M [0], second data M [1], second data M [3], second data M [4], when i=1, wherein:
the 1 st exclusive-or circuit comprises 4 exclusive-or gates, and the 4 exclusive-or gates are used for outputting exclusive-or results of the first data V [63] and the second data M [0], the second data M [1], the second data M [3] and the second data M [4] respectively.
6. The UIA2 computing circuit of claim 4, wherein when i = 2, the value of j traverses from 0 to 1, the first data V [64-i + j ] includes first data V [62], first data V [63], the second data M [ k + j ] includes second data M [0], second data M [1], second data M [3], second data M [4], and second data M [1], second data M [2], second data M [4], second data M [5] corresponding to the first data V [63], wherein:
the 2 nd exclusive or circuit comprises 8 exclusive or gates, and the 8 exclusive or gates are used for outputting exclusive or results of the second data M [0] and the first data V [62], the second data M [1] and the first data V [62] and the first data V [63], the second data M [2] and the first data V [63], the second data M [3] and the first data V [62], the second data M [4] and the first data V [62] and the first data V [63], and the second data M [5] and the first data V [63 ].
7. The UIA2 computing circuit of claim 4, wherein the value of j traverses from 0 to 59 when the value of i is 61, wherein:
the 61 st exclusive or circuit comprises 247 exclusive or gates for outputting exclusive or results of first data V [3+j ] in the first data sequence and second data M [ j ], second data M [1+j ], second data M [3+j ], second data M [4+j ] in the second data sequence, and first data V [63] in the first data sequence and second data M [60], second data M [61], second data M [63], second data M [0], second data M [1], second data M [3], second data M [4] in the second data sequence, respectively.
8. The UIA2 computing circuit of claim 4, wherein the value of j traverses from 0 to 59 when the value of i is 62, wherein:
the 62 nd exclusive or circuit includes 257 exclusive or gates, where 257 exclusive or gates are used to output exclusive or results of the first data V [2+j ] in the first data sequence and the second data M [ j ], the second data M [1+j ], the second data M [3+j ], and the second data M [4+j ] in the second data sequence, where the first data V [62] in the first data sequence and the second data M [60], the second data M [61], the second data M [63], the second data M [0], the second data M [1], the second data M [3], the second data M [4] in the second data sequence, and the first data V [63] in the first data sequence and the second data M [61], the second data M [62], the second data M [0], the second data M [1], the second data M [2], the second data M [3], the second data M [4], and the second data M [5] in the second data sequence, respectively.
9. The UIA2 computing circuit of claim 4, wherein the value of j traverses from 0 to 59 when the value of i is 63, wherein:
the second 63 exclusive or circuit comprises 267 exclusive or gates, wherein the 267 exclusive or gates are used for outputting first data V [1+j ] in the first data sequence and second data M [1+j ], second data M [3+j ] and second data M [4+j ] in the second data sequence, the first data V [61] in the first data sequence and the second data M [60], the second data M [61], the second data M [63], the second data M [0], the second data M [1], the second data M [3] and the second data M [4] in the second data sequence, and the first data V [62] in the first data sequence and the second data M [61], the second data M [62], the second data M [0], the second data M [1], the second data M2 ], the second data M [3], the second data M [4], the second data M5, and the second data M [5] and the second data M [3] in the second data sequence are respectively and the second data M [61], the second data M [0], the second data M [2], the second data M [4], and the second data M [5] in the second data sequence, and the second data M [6] in the second data sequence are respectively.
10. The UIA2 computing circuit according to any one of claims 1 to 9, wherein the i-th stage hybrid operation unit is further configured to receive an i-th bit key in a 64-bit key sequence, and based on the i-th bit key, output an exclusive or result of the i-1-th stage hybrid operation result and the i-th stage MUL operation result, or output the i-1-th stage hybrid operation result as an i-th stage hybrid operation result.
11. A data processing method of a UIA2 computing circuit according to any one of claims 1 to 10, wherein when i is greater than 0, the i-th stage MUL unit includes an i-th shift circuit, and an i-th exclusive or circuit connected to the i-th shift circuit, i being an integer and the value of i traversing from 0 to 63, the method comprising:
the ith shift circuit receives the 64-bit first data sequence, and performs an ith shift operation on the 64-bit first data sequence to obtain an ith shift result;
the ith exclusive-or circuit receives the ith shift result and the 64-bit first data sequence, and performs the ith exclusive-or operation based on the ith shift result and the 64-bit first data sequence to obtain an ith MUL operation result;
the ith mixed operation unit receives an ith-1 level mixed operation result and the ith MUL operation result of the ith-1 level operation unit, and obtains an ith mixed operation result based on the ith-1 level mixed operation result and the ith MUL operation result; the nth mixed operation result is an operation result corresponding to the first data sequence.
12. The method of claim 11, wherein the ith shift circuit receives the 64-bit first data sequence and performs an ith shift operation on the 64-bit first data sequence to obtain an ith shift result; the ith exclusive-or circuit receives the ith shift result and the 64-bit first data sequence, performs an ith exclusive-or operation based on the ith shift result and the 64-bit first data sequence, and obtains an ith MUL operation result, including:
the ith shift circuit receives the 64-bit first data sequence, and shifts the 64-bit first data sequences V [0] to V [63] left by i bits to obtain shifted 64-bit second data sequences M [0] to M [63] as an ith shift result;
the ith shifting circuit inputs the ith shifting result to the ith exclusive-or circuit;
the ith exclusive OR circuit receives the 64-bit first data sequence and the ith shift circuit input by the ith shift circuit, and carries out exclusive OR operation on first data V [64-i+j ] in the 64-bit first data sequence and second data M [ k+j ] in the 64-bit second data sequence to obtain an exclusive OR result;
And correspondingly updating the second data M [ k+j ] in the second data sequence based on the exclusive OR result to obtain a third data sequence with 64 bits as an i-th stage MUL operation result, wherein j is an integer, the value of j is traversed from 0 to i-1, k is a designated bit, and the number of k is at least one.
13. The method of claim 12, wherein performing an exclusive-or operation on the first data V [64-i+j ] in the 64-bit first data sequence and the second data M [ k+j ] in the 64-bit second data sequence when k is 0, 1, 3, 4, i is traversed from 1 to 60, to obtain an exclusive-or result, including:
and carrying out exclusive OR operation on the first data V [64-i+j ] and the second data M [ j ], the second data M [1+j ], the second data M [3+j ] and the second data M [4+j ] to obtain an exclusive OR result.
14. The method of claim 13, wherein when i=2, the value of j is traversed from 0 to 1, and the xoring the first data V [64-i+j ] with the second data M [ j ], the second data M [1+j ], the second data M [3+j ], and the second data M [4+j ] results in an exclusive-or result, including:
and exclusive OR operation is carried out on the second data M [0] and the first data V [62], the second data M [1] and the first data V [62] and the first data V [63], the second data M [2] and the first data V [63], the second data M [3] and the first data V [62], the second data M [4] and the first data V [62] and the first data V [63], the second data M [5] and the first data V [63] respectively, so that an exclusive OR result is obtained.
15. The method of claim 13, wherein when i=61, the value of j is traversed from 0 to 59, and the xoring the first data V [64-i+j ] with the second data M [ j ], the second data M [1+j ], the second data M [3+j ], and the second data M [4+j ] results in an exclusive-or result, including:
respectively comparing the first data V [3+j ] in the first data sequence with the second data M [ j ], the second data M [1+j ], the second data M [3+j ], the second data M [4+j ], and
and performing exclusive OR operation on the first data V [63] in the first data sequence and the second data M [60], the second data M [61], the second data M [63], the second data M [0], the second data M [1], the second data M [3] and the second data M [4] in the second data sequence respectively to obtain an exclusive OR result.
16. The method of claim 13, wherein when i=62, the value of j is traversed from 0 to 59, and the xoring the first data V [64-i+j ] with the second data M [ j ], the second data M [1+j ], the second data M [3+j ], and the second data M [4+j ] results in an exclusive-or result, including:
the first data V [2+j ] in the first data sequence and the second data M [ j ], the second data M [1+j ], the second data M [3+j ], the second data M [4+j ] in the second data sequence respectively,
The first data V [62] in the first data sequence are respectively identical to the second data M [60], the second data M [61], the second data M [63], the second data M [0], the second data M [1], the second data M [3], the second data M [4] in the second data sequence, and
and performing exclusive OR operation on the first data V [63] in the first data sequence and the second data M [61], the second data M [62], the second data M [0], the second data M [1], the second data M [2], the second data M [3], the second data M [4] and the second data M [5] in the second data sequence respectively to obtain an exclusive OR result.
17. The method of claim 13, wherein when i=63, the value of j is traversed from 0 to 59, and the xoring the first data V [64-i+j ] with the second data M [ j ], the second data M [1+j ], the second data M [3+j ], and the second data M [4+j ] results in an exclusive-or result, including:
combining the first data V [1+j ] in the first data sequence with the second data M [ j ], the second data M [1+j ], the second data M [3+j ], the second data M [4+j ] in the second data sequence,
the first data V [61] in the first data sequence are respectively matched with the second data M [60], the second data M [61], the second data M [63], the second data M [0], the second data M [1], the second data M [3], the second data M [4] in the second data sequence,
The first data V [62] in the first data sequence are respectively identical to the second data M [61], the second data M [62], the second data M [0], the second data M [1], the second data M [2], the second data M [3], the second data M [4], the second data M [5] and the second data M [0] in the second data sequence
And performing exclusive OR operation on the first data V [63] in the first data sequence and the second data M [62], the second data M [63], the second data M [1], the second data M [2], the second data M [3], the second data M [4], the second data M [5] and the second data M [6] in the second data sequence respectively to obtain an exclusive OR result.
18. The method of any one of claims 11-17, wherein the i-th stage hybrid-operation unit receives the i-1-th stage hybrid-operation result and the i-th stage MUL operation result of the i-1-th stage-operation unit, and obtains the i-th stage hybrid-operation result based on the i-1-th stage hybrid-operation result and the i-th stage MUL operation result, comprising:
the ith mixed operation unit receives an ith key in a 64-bit key sequence, and based on the ith key, outputs an exclusive or result of the ith-1 level mixed operation result and the ith MUL operation result, or outputs the ith-1 level mixed operation result as an ith mixed operation result.
19. A chip comprising the UIA2 computing circuit of any one of claims 1 to 10.
20. An electronic device, comprising:
one or more processors;
a memory;
one or more program code, wherein the one or more program code is stored in the memory and configured to be executed by the one or more processors, the one or more program code configured to perform the method of any of claims 11-18.
21. A computer readable storage medium having stored therein program code which is callable by a processor to perform the method according to any one of claims 11-18.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111328426.6A CN113971015B (en) | 2021-11-10 | 2021-11-10 | UIA2 computing circuit, data processing method, chip, electronic device and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111328426.6A CN113971015B (en) | 2021-11-10 | 2021-11-10 | UIA2 computing circuit, data processing method, chip, electronic device and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113971015A CN113971015A (en) | 2022-01-25 |
| CN113971015B true CN113971015B (en) | 2023-09-08 |
Family
ID=79589648
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111328426.6A Active CN113971015B (en) | 2021-11-10 | 2021-11-10 | UIA2 computing circuit, data processing method, chip, electronic device and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113971015B (en) |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6043036A (en) * | 1996-04-23 | 2000-03-28 | Aclara Biosciences | Method of sequencing nucleic acids by shift registering |
| CN101997680A (en) * | 2009-08-10 | 2011-03-30 | 北京多思科技发展有限公司 | Security chip directly supporting certificate management |
| CN103339891A (en) * | 2011-02-03 | 2013-10-02 | 华为技术有限公司 | A design of a good general-purpose hash function with limited resources |
| CN108008932A (en) * | 2016-10-28 | 2018-05-08 | 畅想科技有限公司 | Division synthesizes |
| CN109459615A (en) * | 2018-10-19 | 2019-03-12 | 湖南大学 | High pressure impedance measurement device and control method based on cascade multi-level converter |
| CN110147249A (en) * | 2018-02-12 | 2019-08-20 | 上海寒武纪信息科技有限公司 | A kind of calculation method and device of network model |
| CN111898148A (en) * | 2018-05-11 | 2020-11-06 | 创新先进技术有限公司 | Information supervision method and device based on block chain |
| CN112114776A (en) * | 2020-09-30 | 2020-12-22 | 合肥本源量子计算科技有限责任公司 | Quantum multiplication method and device, electronic device and storage medium |
| CN112152607A (en) * | 2020-09-15 | 2020-12-29 | Oppo广东移动通信有限公司 | Integrity protection circuit, data processing method thereof and original data verification device |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6656692B2 (en) * | 1999-12-21 | 2003-12-02 | Ingeneus Corporation | Parallel or antiparallel, homologous or complementary binding of nucleic acids or analogues thereof to form duplex, triplex or quadruplex complexes |
-
2021
- 2021-11-10 CN CN202111328426.6A patent/CN113971015B/en active Active
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6043036A (en) * | 1996-04-23 | 2000-03-28 | Aclara Biosciences | Method of sequencing nucleic acids by shift registering |
| CN101997680A (en) * | 2009-08-10 | 2011-03-30 | 北京多思科技发展有限公司 | Security chip directly supporting certificate management |
| CN103339891A (en) * | 2011-02-03 | 2013-10-02 | 华为技术有限公司 | A design of a good general-purpose hash function with limited resources |
| CN108008932A (en) * | 2016-10-28 | 2018-05-08 | 畅想科技有限公司 | Division synthesizes |
| CN110147249A (en) * | 2018-02-12 | 2019-08-20 | 上海寒武纪信息科技有限公司 | A kind of calculation method and device of network model |
| CN111898148A (en) * | 2018-05-11 | 2020-11-06 | 创新先进技术有限公司 | Information supervision method and device based on block chain |
| CN109459615A (en) * | 2018-10-19 | 2019-03-12 | 湖南大学 | High pressure impedance measurement device and control method based on cascade multi-level converter |
| CN112152607A (en) * | 2020-09-15 | 2020-12-29 | Oppo广东移动通信有限公司 | Integrity protection circuit, data processing method thereof and original data verification device |
| CN112114776A (en) * | 2020-09-30 | 2020-12-22 | 合肥本源量子计算科技有限责任公司 | Quantum multiplication method and device, electronic device and storage medium |
Non-Patent Citations (1)
| Title |
|---|
| 面向Cilk的并行递归程序优化技术研究;潘威;《中国优秀硕士学位论文全文数据库信息科技辑》;20120215;I137-79 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113971015A (en) | 2022-01-25 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Teh et al. | Implementation and practical problems of chaos-based cryptography revisited | |
| Wang et al. | FPGA-based Niederreiter cryptosystem using binary Goppa codes | |
| US10461925B2 (en) | Hardware masked substitution box for the data encryption standard | |
| US10171229B2 (en) | Pseudo-random bit generator based on multim-modal maps | |
| CN1677917B (en) | Method and system for circulated storage unit for stream cipher | |
| Roy et al. | Compact and side channel secure discrete Gaussian sampling | |
| KR20160132943A (en) | Solving digital logic constraint problems via adiabatic quantum computation | |
| Teh et al. | Unkeyed hash function based on chaotic sponge construction and fixed-point arithmetic | |
| JP2009003925A (en) | Extension of repetition period of random sequence | |
| CN108959168B (en) | SHA512 full-flow water circuit based on-chip memory and implementation method thereof | |
| KR100800468B1 (en) | Hardware cryptographic engine and method improving power consumption and operation speed | |
| JP6044738B2 (en) | Information processing apparatus, program, and storage medium | |
| CN112152784A (en) | Parallel processing techniques for hash-based signature algorithms | |
| Deshpande et al. | Fast and efficient hardware implementation of HQC | |
| CN116318660A (en) | Message expansion and compression method and related device | |
| CN109144472B (en) | Scalar multiplication of binary extended field elliptic curve and implementation circuit thereof | |
| Gafsi et al. | Hardware implementation of a strong pseudorandom number generator based block‐cipher system for color image encryption and decryption | |
| CN112740618A (en) | Signature device, verification device, signature system, signature method, signature program, verification method, and verification program | |
| CN116436709B (en) | Encryption and decryption method, device, equipment and medium for data | |
| CN117857008A (en) | Data processing method of torus full homomorphic encryption algorithm based on integer bootstrapping | |
| CN113971015B (en) | UIA2 computing circuit, data processing method, chip, electronic device and storage medium | |
| JP5427117B2 (en) | Message authenticator generation device, message authenticator verification device, message authenticator generation method, message authenticator verification method, and program | |
| KR20050065976A (en) | Apparatus and method for computing sha-1 hash function | |
| JP2009169316A (en) | Hash function operational device, signature device, program and hash function operational method | |
| Tay et al. | A tree search algorithm for low multiplicative complexity logic design |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |