JP2010256749A - Device and method for generating hash value, and program - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To divide an input message into a plurality of message blocks, and to dynamically change the feedback and feedforward, when the hash value of a prior round is fed back and when the message block is fed forward. <P>SOLUTION: A message-dividing means divides the input message into a plurality of message blocks, and an input means inputs the input message block thus divided and hash values obtained in the prior round. Moreover, an encryption means encrypts the input message to generate a hash value, and an output means outputs the hash value thus generated. <P>COPYRIGHT: (C)2011,JPO&INPIT

Description

  The present invention relates to a hash value generation device, a hash value generation method, and a program.

  In recent years, as the importance of information security increases, safe cryptographic hash functions that can be used in IC cards, RFID tags, and the like have become important. Currently, there are MD5 (for example, see Non-Patent Document 1) and SHA-1 (for example, Non-Patent Document 2) as hash functions that are most often used.

  However, it has been pointed out that MD5 has a safety problem. In addition, although SHA-1 is safer than MD5, there is a problem that the amount of calculation is large, and it takes time to process in a device with low processing capability such as an RFID tag or an IC card.

  On the other hand, in recent years, CPU multi-core has become common. However, there are currently few proposals for hash functions that can increase the speed by simultaneously using multiple cores.

  Incidentally, a hash function based on a stream cipher is known as a technique capable of high-speed processing even with an RFID tag or the like, as shown in Patent Document 1. Furthermore, in the method of Patent Document 1, when the message is MN bits and the hash value is MN bits, the number of processes is reduced to about 1 / M by connecting M hash functions that generate N-bit hash values in parallel. A reduced approach has been proposed. In this method, a method of feeding back the hash value of the previous block and a method of feeding forward the hash value of the previous block are proposed.

JP 2007-293147 A

R. Rivest, “The MD5 Message Digest Algorithm,” RFC 1321, 1992. NIST, “Secure Hash Standard,” FIPS 180-1, 1995.

  However, in the method disclosed in Patent Document 1, the feed-forward and the feedback destination are fixed in advance, and cannot be changed during the calculation of the hash value. That is, there is a problem that the stirring efficiency is lower than in the case where the feed-forward and the feedback destination are actively changed.

  Therefore, the present invention has been made in view of the above-described problems, and divides an input message into a plurality of message blocks, and feeds back a hash value of the previous round and feeds forward a message block. An object of the present invention is to provide a hash value generation device, a hash value generation method, and a program that dynamically change feedback and feedforward.

  The present invention proposes the following matters in order to solve the above problems.

  (1) The present invention provides message dividing means for dividing an input message into a plurality of message blocks (for example, corresponding to the message dividing unit 2 in FIG. 1), the divided input message blocks, and the hash obtained in the previous round. Input means (for example, corresponding to the message input units 3a and 3b in FIG. 1) and encryption means for encrypting the input message and generating a hash value (for example, the encryption unit in FIG. 1) 6a and 6b) and an output means for outputting the hash value, a hash value generator is proposed.

  According to this invention, the message dividing means divides the input message into a plurality of message blocks. The input means inputs the divided input message block and the hash value obtained in the previous round. The encryption means encrypts the input message and generates a hash value. Then, the output means outputs the hash value. Therefore, by dividing the input message into a plurality of message blocks, it is possible to reduce the memory used, and the RFID tag or the like can be processed at high speed.

  (2) The present invention relates to the hash value generation device of (1), wherein the output of the encryption means has a calculation means, and the input means, the encryption means, and the calculation means are n (n is 2 or more). (Integer) stages in parallel, the hash value output from the encryption means is input, and feedback means (for example, equivalent to the feedback unit 5 in FIG. 1) for returning the hash value to the input means; Hash value generation characterized by comprising feedforward means (for example, equivalent to the feedforward unit 4 in FIG. 1) that inputs a message output from the input means and outputs the message to the computing means A device is proposed.

  According to the present invention, the output of the encryption means is provided with a calculation means, and the input means, the encryption means, and the calculation means are configured in n (n is an integer of 2 or more) stages in parallel. The feedback means inputs the hash value output from the encryption means, returns the hash value to the input means, the feedforward means inputs the message output from the input means, and the message is input to the arithmetic means. Output. Therefore, since the processing can be performed in parallel with the n-stage parallel configuration, the processing can be performed at high speed.

  (3) The present invention provides preprocessing for performing padding processing on the hash value generation device of (1) or (2) so that the input message is an integral multiple of the number of parallel stages and the output bit length of the encryption means A hash value generating apparatus is proposed, characterized in that means (for example, equivalent to the preprocessing unit 1 in FIG. 1) is provided on the input side of the message dividing means.

  According to this invention, the preprocessing means performs the padding process so that the input message is an integral multiple of the number of parallel stages and the output bit length of the encryption means. Therefore, a message having an appropriate bit length can be divided and processed.

  (4) In the hash value generation device according to (2), the feedback unit actively determines to which input unit the input hash value is to be returned, and the feedforward unit receives the input message. Has been proposed to determine which computing means (for example, equivalent to the computing units 7a and 7b in FIG. 1) is to be output.

  According to this invention, the feedback means actively determines to which input means the input hash value is to be returned. The feedforward means actively determines to which computing means the inputted message is output. Therefore, the stirring efficiency can be further improved as compared with the case where the feedback destination or the feedforward destination is fixed in advance.

  (5) The present invention proposes a hash value generation device characterized in that the encryption means generates a hash value by stream ciphering for the hash value generation device of (1).

  According to the present invention, the encryption means generates a hash value by stream encryption. Therefore, since the stream cipher is used as the encryption means, the processing speed can be improved as compared with the conventional case. Here, the stream cipher need not be a specific stream cipher.

  (6) The present invention proposes a hash value generation device in which the encryption unit generates a hash value by block cipher with respect to the hash value generation device of (1).

  According to the present invention, the encryption means generates a hash value by block cipher. Therefore, since the block cipher is used as the encryption means, the key size can be reduced as compared with the stream cipher. Here, the block cipher need not be a specific block cipher.

  (7) The present invention proposes a hash value generation device according to (2), wherein the calculation means is an exclusive OR calculator.

  According to this invention, the computing means is an exclusive OR calculator. Therefore, the hash values for each round can be combined with a simple calculation.

  (8) The present invention includes a first step (for example, corresponding to step S101 in FIG. 3) and a message dividing unit that performs padding so that the input message is an integral multiple of the number of parallel stages and the output bit length of the encryption unit. Divides the input message into a plurality of message blocks (for example, corresponding to step S102 in FIG. 3), and the message input means outputs the divided message block and the hash value of the previous round to the encryption means, respectively. And a fourth step (for example, FIG. 3) that encrypts the inputted message block and the hash value of the previous block to generate a hash value. And the feedback means inputs the obtained hash value, and the feedback destination A fifth step of determining and outputting a message input means (e.g., corresponding to step S105 in FIG. 3), and a sixth step of determining and outputting the calculation means of the feedforward destination of the input message by the feedforward means Step (for example, equivalent to step S106 in FIG. 3), a seventh step for confirming whether there is still an input message (for example, equivalent to step S107 in FIG. 3), and when there is still an input message, An eighth step that repeats the third to sixth steps until there are no more input messages, and a ninth step that outputs a hash value from the output means when all messages have been processed (for example, , Corresponding to step S108 in FIG. 3) and a tenth step of combining the obtained plurality of hash values by an arithmetic means. -Up (e.g., corresponding to step S109 in FIG. 3) proposes a hash value generation method characterized by comprising a, a.

  According to the present invention, padding is performed so that the input message is an integral multiple of the number of parallel stages and the output bit length of the encryption means, and the message dividing means divides the input message into a plurality of message blocks. The message input means outputs the divided message block and the hash value of the previous round to the encryption means, respectively, and the encryption means encrypts the input message block and the hash value of the previous block to obtain the hash value Is generated. The feedback means inputs the obtained hash value, determines and outputs a feedback message input means, and the feedforward means determines and outputs a feedforward destination calculation means of the input message. Next, it is confirmed whether or not there is an input message. If there are still input messages, the above processing is repeated until there are no more input messages. When processing of all messages is completed, the hash value is output from the output unit, and the obtained plurality of hash values are combined by the calculation unit. Therefore, by dividing the input message into a plurality of message blocks, it is possible to reduce the memory used, and the RFID tag or the like can be processed at high speed. In addition, the n-stage parallel configuration allows processing to be performed in parallel, thus enabling high-speed processing. Furthermore, since the feedback means and the feedforward means actively determine the feedback destination and the feedforward destination, the stirring efficiency can be further improved as compared with the case where the feedback destination or the feedforward destination is fixed in advance. it can.

  (9) The present invention provides a computer with a first step (for example, corresponding to step S101 in FIG. 3) of padding so that the input message is an integral multiple of the number of parallel stages and the output bit length of the encryption means; A second step (for example, corresponding to step S102 in FIG. 3) in which the message dividing unit divides the input message into a plurality of message blocks, and the message block into which the message input unit is divided and the hash value of the previous round are encrypted. A fourth step (for example, corresponding to step S103 in FIG. 3) to be output to the means and a hash value are generated by encrypting the inputted message block and the hash value of the previous block (for example, , Corresponding to step S104 in FIG. 3), the feedback means inputs the obtained hash value, and The fifth step of determining and outputting the message input means of the feedback destination (for example, corresponding to step S105 in FIG. 3) and the feed forward means determine the calculation means of the feed forward destination of the input message and output it. A sixth step (for example, corresponding to step S106 in FIG. 3), a seventh step for confirming whether there is still an input message (for example, corresponding to step S107 in FIG. 3), and an input message still exist In this case, an eighth step that repeats the third step to the sixth step until there are no more input messages, and a ninth value that outputs a hash value from the output means when processing of all messages is completed. Steps (e.g., corresponding to step S108 in FIG. 3) and the obtained plurality of hash values are combined by an arithmetic means. Tenth step of (e.g., corresponding to step S109 in FIG. 3) proposes a program for executing a, a.

  According to the present invention, padding is performed so that the input message is an integral multiple of the number of parallel stages and the output bit length of the encryption means, and the message dividing means divides the input message into a plurality of message blocks. The message input means outputs the divided message block and the hash value of the previous round to the encryption means, respectively, and the encryption means encrypts the input message block and the hash value of the previous block to obtain the hash value Is generated. The feedback means inputs the obtained hash value, determines and outputs a feedback message input means, and the feedforward means determines and outputs a feedforward destination calculation means of the input message. Next, it is confirmed whether or not there is an input message. If there are still input messages, the above processing is repeated until there are no more input messages. When processing of all messages is completed, the hash value is output from the output unit, and the obtained plurality of hash values are combined by the calculation unit. Therefore, by dividing the input message into a plurality of message blocks, it is possible to reduce the memory used, and the RFID tag or the like can be processed at high speed. In addition, the n-stage parallel configuration allows processing to be performed in parallel, thus enabling high-speed processing. Furthermore, since the feedback unit and the feedforward unit actively determine the feedback destination and the feedforward destination, the stirring efficiency can be further improved as compared with the case where the feedback destination or the feedforward destination is fixed in advance. .

  According to the present invention, by dividing an input message into a plurality of message blocks, it is possible to reduce the memory used, and it is possible to perform high-speed processing even in an RFID tag or the like.

  In addition, since the n-stage parallel configuration allows the processing to be performed in parallel, the processing can be performed at high speed.

  Furthermore, since the feedback unit and the feedforward unit actively determine the feedback destination and the feedforward destination, the stirring efficiency can be further improved as compared with the case where the feedback destination or the feedforward destination is fixed in advance. There is an effect.

It is a lineblock diagram concerning a 1st embodiment. It is a figure which shows the structure of the encryption part which concerns on 1st Embodiment. It is a processing flow concerning a 1st embodiment. It is a figure which shows the structure of the encryption part which concerns on 2nd Embodiment. It is a figure which shows the structure of the encryption part which concerns on 2nd Embodiment. It is a block diagram concerning an application example. It is a block diagram concerning a prior art example.

Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings.
Note that the constituent elements in the present embodiment can be appropriately replaced with existing constituent elements and the like, and various variations including combinations with other existing constituent elements are possible. Therefore, the description of the present embodiment does not limit the contents of the invention described in the claims.

<First Embodiment>
A first embodiment according to the present invention will be described with reference to FIGS. 1 to 3.

<Configuration of hash value generation device>
As shown in FIG. 1, the hash value generation device according to the present embodiment includes a preprocessing unit 1, a message division unit 2, message input units 3a and 3b, a feedforward unit 4, a feedback unit 5, and an encryption unit. It is comprised from the conversion parts 6a and 6b and the calculating parts 7a and 7b. That is, as shown in FIG. 1, the structure of the message input unit, the encryption unit, and the calculation unit is a two-stage parallel connection.

  Here, the preprocessing unit 1 performs padding processing so that the input message is an integral multiple of the number of parallel stages and the output bit length of the encryption units 6a and 6b. The message dividing unit 2 divides the input message into a plurality of message blocks.

  The message input units 3a and 3b input the messages divided by the message dividing unit 2 and output them to the encryption units 6a and 6b. The encryption units 6a and 6b encrypt the input message and generate a hash value. The details of the configuration of the encryption units 6a and 6b will be described later. The calculation units 7a and 7b combine a plurality of hash values output from the encryption units 6a and 6b. The arithmetic units 7a and 7b are preferably composed of exclusive OR calculators, but are not limited thereto. In the case of an exclusive OR calculator, hash values for each round can be combined with a simple calculation.

  The feedforward unit 4 inputs a message output from the message input units 3a and 3b, and feeds the message to the arithmetic units 7a and 7b. The feedback unit 5 inputs the hash value output from the encryption units 6a and 6b, and feeds back the hash value to the message input units 3a and 3b. It should be noted that the feedforward unit 4 and the feedback unit 5 need not feed the data forward or feedback, and the feedforward unit 4 and the feedback unit 5 may use a hash value or a bit value of a message. Determine dynamically. Thereby, the stirring efficiency can be improved.

<Configuration of encryption unit>
The encryption unit according to the present embodiment uses a stream cipher, and its configuration is, for example, as shown in FIG. Specifically, the stream cipher unit 10 and the XOR 11 include a hash value input terminal that inputs a message data input terminal and a previous round hash value via the message input units 3a and 3b. It has.

  The stream encryption unit 10 inputs N-bit message data and the hash value of the previous round, and performs encryption by stream encryption. In the first round, since the hash value of the previous round does not exist, an arbitrary initial vector is used.

  The XOR 11 calculates and outputs an exclusive OR of the output data of the stream cipher unit 10, the message data, and the hash value of the previous round. As a result, an N-bit hash value is output.

  Detailed processing of the encryption unit is as follows. It is assumed that the message length is L, the length of the internal state of the stream cipher part is T, and the hash output is N bits.

  A message having a message length L whose hash value is to be calculated is input to the internal state of the stream cipher unit 10 as M_i from the top. Note that the input message is set in N-bit units by the preprocessing unit 1.

  Next, since the hash value of the previous round does not exist in the first round, an arbitrary initial vector such as 1001... Is input as H_i−1. Based on the input M_i and H_i−1, the stream cipher unit performs encryption by the stream cipher and outputs the result.

  Next, when the output of the stream cipher unit 10, the input message M_i, and an arbitrary initial vector H_i-1 are input to the XOR 11, the exclusive OR of these is taken and the hash value H_i is output. Then, the next message M_i and the hash value H_i-1 of the previous round are sequentially input to the stream encryption unit 10, and the hash value H_i is output.

  Such a process is executed (L−T) / N times to obtain a final hash value, which is used as the hash value of the message. When the number of processing times is less than (L−T) / N times, for example, a fixed message such as 101010... Is input and idled to ensure sufficient safety.

<Processing of hash value generation device>
The process of the hash value generation device according to this embodiment will be described with reference to FIG.

  First, as preprocessing, padding is performed so that the input message is an integral multiple of the number of parallel stages and the output bit length of the encryption units 6a and 6b (step S101). The message dividing unit 2 divides the input message into a plurality of message blocks (step S102).

  The message input units 3a and 3b output the divided message block and the hash value of the previous round to the encryption units 6a and 6b, respectively (step S103). The encryption units 6a and 6b encrypt the input message block and the hash value of the previous block to generate a hash value (step S104).

  The feedback unit 5 inputs the obtained hash value, determines the feedback destination message input units 3a and 3b, and outputs them (step S105). The feedforward unit 4 determines and outputs the feedforward destination calculation units 7a and 7b of the input message (step S106).

  Next, it is confirmed whether or not there is an input message (step S107). If there is still an input message (“Yes” in step S107), steps S103 to S106 are repeated until there are no more input messages. When all the messages have been processed (“No” in step S107), a hash value is output (step S108), and the obtained plurality of hash values are combined by the arithmetic units 7a and 7b (step S109). .

  Therefore, according to the present embodiment, in the hash value generation device using the stream cipher, it is possible to reduce the memory used by dividing the input message into a plurality of message blocks, and the RFID tag or the like can perform processing at high speed. It becomes possible. In addition, since the processing can be performed in parallel by the two-stage parallel configuration, processing can be performed at high speed. Furthermore, since the feedback unit and the feedforward unit actively determine the feedback destination and the feedforward destination, the stirring efficiency can be further improved as compared with the case where the feedback destination or the feedforward destination is fixed in advance. .

<Second Embodiment>
The second embodiment will be described with reference to FIGS. 4 and 5. In the first embodiment, an example in which the stream cipher is used in the encryption unit has been described. However, in the present embodiment, an example in which a block cipher is used in the encryption unit will be described. The constituent elements other than the encryption unit are the same as those in the first embodiment, and thus detailed description thereof is omitted.

<Configuration of encryption unit>
4 and 5 are block diagrams showing the configuration of the encryption unit according to this embodiment. FIG. 4 shows the configuration of a block cipher data randomization unit, and FIG. 5 shows the configuration of a key generation unit. An input block consisting of a bit string of a predetermined length is based on a desired key consisting of a bit string of a certain bit length. It converts to an output block having the same length as the input block, and has a data randomizing unit 21 and a key generating unit 22.

  The data randomizing unit 21 includes an initial transposing unit 23, a nonlinear function unit 24, and an inverse initial transposing unit 25. The initial transposing unit 23 divides the input block into predetermined sections, uses the value of each bit string at a position determined to correspond to each section of the key as the section position address in the input block, and corresponds the bit string of each section Sequentially move to a section determined by the section position address and a section having a predetermined positional relationship, pass the resulting block to the non-linear function unit 24, and indicate information indicating correspondence between the sections before and after the movement. This is passed to the reverse initial transposition unit 25.

  The non-linear function unit 24 includes a plurality of stages of involution processing units 26a to 26c, and divides the block received from the initial transposition unit 23 into two equal bit strings of the left bit string and the right bit string, and the left bit string is input to the left input L The exclusive OR of the left bit string and the right bit string is input to the first involution processing unit 26a as the right input R, and the left outputs of the respective involution processing units 26a to 26c are sequentially output to the next stage. And the right output is the left input L, and a block of bit strings obtained by combining the left output of the final stage and the exclusive OR of the left output and the right output is passed to the inverse initial transposition unit 25. is there.

  Each involution processing unit 26 includes function units 27a to 27c, a bit string generated by the function unit 27 using each predetermined one of the intermediate keys generated by the key generation unit 22 and the right input R as input, and a left input The exclusive OR with L is the left output, and the right input R is the right output.

  Each function unit 27 divides the right input R into predetermined sections, uses the value of each bit string at a position determined to correspond to each section of the intermediate key as a section position address in the right input, and The bit string is sequentially moved to a section determined by the corresponding section position address and a section having a predetermined positional relationship, and predetermined conversion is performed on the bit string resulting from the movement.

  The inverse initial transposition unit 25 performs the movement opposite to the movement between the sections performed by the initial transposition section 23 according to the correspondence information between the sections received from the initial transposition section 23 for the block received from the nonlinear function section 24. A block is output as its output block.

  The key generation unit 22 includes key processing units 28a to 28c having the same number of stages as the non-linear function unit 24. The key generation unit 22 bisects the key into a left bit string and a right bit string of equal length, and the left bit string is input to the left key input KL. The exclusive OR of the left bit string and the right bit string is input to the first key processing unit 28a as the right key input KR, and the left key output of each stage key processing unit 28 is sequentially input to the next right key input KR, the right key output is the left key input KL, and the left key output of each stage is passed to the nonlinear function unit 24 as each intermediate key.

  Each key processing unit 28 has key function units 29a to 29c, and an exclusive logic of the bit string generated by the key function units 29a to 29c with the desired initial vector and the right key input KR as inputs, and the left key input KL. The sum is the left key output, and the right key input KR is the right key output.

  Each key function unit 29 divides the right key input KR into predetermined sections, sets the value of each bit string at a position determined to correspond to each section of the initial vector as a section position address in the right key input KR, and sets each section Are sequentially moved to a section determined by the corresponding section position address and a section having a predetermined positional relationship, and a predetermined conversion is performed on the bit string resulting from the movement.

  Therefore, according to the present embodiment, even in a hash value generation device using block cipher, by dividing an input message into a plurality of message blocks, it is possible to reduce the memory used, and processing at high speed even in an RFID tag or the like Is possible.

<Application example>
An application example of the present invention will be described with reference to FIG. In this application example, as shown in FIG. 6, the message input unit, the encryption unit, and the calculation unit have n stages of parallel connections. Since other configurations are the same as those in the first and second embodiments, detailed description thereof is omitted.

  According to such a configuration, the scale of the apparatus is slightly increased, but the stirring efficiency can be further increased as compared with the configuration of the above embodiment. Here, n is an integer of 2 or more.

  The above-described series of processing is recorded on a computer-readable recording medium as a program, and the hash value generating apparatus of the present invention is realized by causing the hash value generating apparatus to read and execute the program recorded on the recording medium. can do.

  In addition, if a WWW (World Wide Web) system is used, a homepage providing environment (or display environment) is also included. Further, the program may be transmitted from a computer storing the program in a storage device or the like to another computer via a transmission medium or by a transmission wave in the transmission medium. Here, the “transmission medium” for transmitting the program refers to a medium having a function of transmitting information, such as a network (communication network) such as the Internet or a communication line (communication line) such as a telephone line.

  The program may be for realizing a part of the functions described above. Furthermore, what can implement | achieve the function mentioned above in combination with the program already recorded on the computer, what is called a difference file (difference program) may be sufficient.

  Note that the present invention can enable high-speed hash calculation even when applied to a UIM card or the like. Therefore, the present invention can be widely used for system construction in mobile communications including mobile phones and broadband businesses using stream ciphers and block ciphers.

  The embodiments of the present invention have been described in detail with reference to the drawings. However, the specific configuration is not limited to the embodiments, and includes designs and the like that do not depart from the gist of the present invention.

DESCRIPTION OF SYMBOLS 1 ... Pre-processing part 2 ... Message division part 3a ... Message input part 3b ... Message input part 4 ... Feed forward part 5 ... Feedback part 6a ... Encryption part 6b ..Encryption unit 7a ... Calculation unit 7b ... Calculation unit 10 ... Stream encryption unit 11 ... XOR
DESCRIPTION OF SYMBOLS 21 ... Data randomization part 22 ... Key generation part 23 ... Initial transposition part 24 ... Nonlinear function part 25 ... Inverse initial transposition part 26a ... Involution processing part 26b ... In Involution processing unit 27c ... Functional unit 27b ... Functional unit 27c ... Functional unit 28a ... Key processing unit 28b ... Key processing unit 28c ... Key processing unit 29a: Key function part 29b: Key function part 29c: Key function part

Claims (9)

Message dividing means for dividing an input message into a plurality of message blocks;
Input means for inputting the divided input message block and the hash value obtained in the previous round;
Encryption means for encrypting the input message to generate a hash value;
An output means for outputting the hash value;
A hash value generation device comprising: A calculation means at the output of the encryption means;
The input means, the encryption means, and the calculation means are configured in parallel (n is an integer of 2 or more) stages,
Feedback means for inputting the hash value output by the encryption means and returning the hash value to the input means;
A feedforward means for inputting a message output from the input means and outputting the message to the computing means;
The hash value generation device according to claim 1, further comprising:   The preprocessing means for performing padding processing is provided on the input side of the message dividing means so that the input message is an integral multiple of the number of parallel stages and the output bit length of the encryption means. The hash value generation device according to claim 2.   The feedback means actively determines to which input means the input hash value is returned, and the feedforward means actively determines to which calculation means the input message is output. The hash value generation device according to claim 2.   The hash value generation apparatus according to claim 1, wherein the encryption unit generates a hash value by stream encryption.   The hash value generation apparatus according to claim 1, wherein the encryption unit generates a hash value by block cipher.   The hash value generation device according to claim 2, wherein the calculation means is an exclusive OR calculator. A first step of performing padding so that the input message is an integral multiple of the number of parallel stages and the output bit length of the encryption means;
A second step in which the message dividing means divides the input message into a plurality of message blocks;
A third step in which the message input means outputs the divided message block and the hash value of the previous round to the encryption means;
A fourth step of encrypting the input message block and the hash value of the previous block to generate a hash value;
A feedback means for inputting the obtained hash value, determining a feedback destination message input means, and outputting the fifth step;
A sixth step in which the feedforward means determines and outputs a feedforward destination computing means of the input message; and
A seventh step to check if there is still an input message;
An eighth step that repeats the third to sixth steps until there are no more input messages if there are more input messages;
A ninth step of outputting a hash value from the output means when processing of all messages is completed;
A tenth step of combining the obtained plurality of hash values by an arithmetic means;
A hash value generation method characterized by comprising: On the computer,
A first step of performing padding so that the input message is an integral multiple of the number of parallel stages and the output bit length of the encryption means;
A second step in which the message dividing means divides the input message into a plurality of message blocks;
A third step in which the message input means outputs the divided message block and the hash value of the previous round to the encryption means;
A fourth step of encrypting the input message block and the hash value of the previous block to generate a hash value;
A feedback means for inputting the obtained hash value, determining a feedback destination message input means, and outputting the fifth step;
A sixth step in which the feedforward means determines and outputs a feedforward destination computing means of the input message; and
A seventh step to check if there is still an input message;
An eighth step that repeats the third to sixth steps until there are no more input messages if there are more input messages;
A ninth step of outputting a hash value from the output means when processing of all messages is completed;
A tenth step of combining the obtained plurality of hash values by an arithmetic means;
A program for running

Images