JP2017058501A - Hash function calculation device and method - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a hash function calculation device with which it is possible to reduce a circuit scale while maintaining sufficient uniformity.SOLUTION: A linear feedback shift register 11 generates N bit random number data R on the basis of previously designated M series each time a bit value B is held by an input register 13. An exclusive OR circuit 12 calculates the bitwise exclusive OR of the random number data and a calculation result ACC, and outputs N bit calculation result Q. An ACC register 15 holds the calculation result Q from the exclusive OR circuit 12 as a new calculation result ACC only when the bit value B held by the input register 13 is 1, and outputs a calculation result ACC obtained by acquiring up to the last bit as a hash value OUT.SELECTED DRAWING: Figure 1

Description

  The present invention relates to a hash function calculation technique, and more particularly to a hash function calculation technique for calculating a hash value which is a value of a hash function by performing a reduction process after masking an input argument with random number data.

When the hash function calculation process is implemented with a digital circuit, in addition to the uniformity of the calculation result, the lightness of the calculation process is required. In the present invention, in consideration of implementation in a digital circuit, a domain of arguments, a range of hash values, and a hash function in which the number of bit digits is constant are assumed.
Conventionally, linear congruential generators (LCGs) have been widely used as a hash function calculation method under such mounting conditions (see Non-Patent Document 1, etc.). This linear congruence method is one of algorithms for generating a pseudo-random number sequence (hereinafter referred to as a random number sequence), and its general form is represented by the following recurrence formula (1).

In this equation (1), X ₀ corresponds to a random number seed, A, B, and M are constants, and M> A, M> B, A> 0, and B ≧ 0. The generated random number sequence has periodicity, the period is M at maximum, B and M are relatively prime, A-1 can be divided by all the prime factors of M, and M is a multiple of 4. In some cases, A-1 also has a maximum period M when each is satisfied to be a multiple of 4.

  Therefore, the linear congruence method requires almost no storage area, is very simple with a practical pseudo-random number algorithm, and can be implemented very fast even on a low-function processor. In addition, multiplication and division seem to be necessary, but since it is multiplication by constants, it can be combined with shift and addition and subtraction, division is not necessary, it is only necessary to obtain a remainder, so it is possible to modify the expression by congruent arithmetic, etc. Can be transformed into a typical expression. For this reason, it is said that digital circuitization is easy compared with other hash function calculation methods.

`` Linear joint method '', Wikipedia, https://en.wikipedia.org/wiki/%E7%B7%9A%E5%BD%A2%E5%90%88%E5%90%8C%E6%B3%95 `` Linear feedback shift register '', Wikipedia, https://en.wikipedia.org/wiki/%E7%B7%9A%E5%BD%A2%E5%B8%B0%E9%82%84%E3%82% B7% E3% 83% 95% E3% 83% 88% E3% 83% AC% E3% 82% B8% E3% 82% B9% E3% 82% BF

  However, in the conventional technique using such a linear congruential method, the recurrence formula can be transformed into an efficient formula, but a circuit for calculating addition / subtraction and remainder is required, so that a certain circuit scale is required. There is a problem that it is necessary and cannot cope with further weight reduction of calculation processing.

  From the viewpoint of lightness of calculation processing, a method of preparing a random number table with uniformity in advance as a hash function calculation processing and masking the random number pattern of this random number table with an input argument can be considered. .

  FIG. 3 is a configuration example of the hash function calculation process. Here, an example in which a 16-bit argument is input and a 4-bit hash value is calculated is shown. As a random number table, a 16-bit × 4-bit 16-bit random number pattern is arranged by shifting one bit at a time. A random number table is used.

  In this configuration example, first, random number patterns (4 bits) corresponding to the row having the bit value “1” in the input argument are read from the random number table, respectively. Is masked. Thereafter, a 4-bit hash value is obtained by calculating exclusive OR (EXOR) for each bit digit of the obtained random number data.

  However, even with such a simple configuration example, it is necessary to prepare a uniform random number table, and a circuit configuration and processing for storing or generating such a random number table are required. Also, in order to realize a hash function with a larger range of arguments and a range of hash values, the required storage resources will increase significantly, increasing the circuit scale and reducing the size and integration of the device. There was a problem that the cost was hindered.

  An object of the present invention is to solve such a problem, and an object of the present invention is to provide a hash function calculation technique capable of reducing the circuit scale while ensuring sufficient uniformity.

  In order to achieve such an object, the hash function calculation device according to the present invention uses a hash value of N (N is an integer smaller than M) bits from an input M (M is an integer of 2 or more) bits argument. Is a hash function calculation device that calculates and outputs the argument, and obtains the argument bit by bit from the first bit to the last bit, and sequentially holds it as a bit value, and based on a previously designated M sequence, A linear feedback shift register that generates N-bit random number data each time the bit value is held in the input register, and an N-bit calculation result obtained in the calculation process up to the bit value held in the input register Exclusive logic that calculates an exclusive OR for each bit of the ACC register, the random number data, and the calculation result and outputs an N-bit calculation result And the ACC register holds the operation result from the exclusive OR circuit as a new calculation result only when the bit value of the input register is 1, and obtains up to the last bit. The calculated result is output as the hash value.

  In addition, when the bit value of the input register is 1, the configuration example of the hash function calculation apparatus according to the present invention selects an operation result from the exclusive OR circuit and the bit value is 0. In some cases, the apparatus further includes a selector for selecting a calculation result from the ACC register, and the ACC register holds a selection output selected by the selector as a new calculation result every time the bit value is held in the input register. It is what I did.

Also, the hash function calculation method according to the present invention calculates and outputs a hash value of N (N is an integer smaller than M) from an input M (M is an integer of 2 or more) bits and outputs the hash value. A hash function calculation method used in a computing device, wherein an input register acquires the argument bit by bit from the first bit to the last bit and sequentially holds it as a bit value, and a linear feedback shift register is designated in advance. Generating N-bit random number data every time the input register holds the bit value based on the M sequence;
An ACC register holding an N-bit calculation result obtained in a calculation process up to the bit value held in the input register; and an exclusive OR circuit for each bit of the random number data and the calculation result And an N-bit operation result is output, and the ACC register outputs the operation result from the exclusive-OR circuit only when the bit value of the input register is 1. Is stored as a new calculation result, and the calculation result obtained by acquiring up to the last bit is output as the hash value.

  According to the present invention, instead of storing a random number table in a memory or the like in advance, random number data is generated by LFSR, and based on this random number data, a hash that is statistically close to the case of using a uniform random number table is used. Arithmetic can be performed. Accordingly, it is not necessary to prepare a uniform random number table, and thus a circuit configuration and processing for storing or generating such a random number table are not necessary. Even when a hash function having a larger range of arguments or a range of hash values is realized, the required storage resources hardly increase. For this reason, it is possible to reduce the circuit scale while ensuring sufficient uniformity, and to achieve downsizing and integration of the device and further cost reduction.

It is a block diagram which shows the structure of the hash function calculation apparatus concerning this Embodiment. It is a flowchart which shows a hash function calculation process. It is an example of a structure of a hash function calculation process.

Next, an embodiment of the present invention will be described with reference to the drawings.
[Hash function calculator]
First, with reference to FIG. 1, the hash function calculation apparatus 10 concerning the 1st Embodiment of this invention is demonstrated. FIG. 1 is a block diagram showing the configuration of the hash function calculation apparatus according to this embodiment.

  The hash function calculation device 10 is composed of a digital circuit that can be mounted on an integrated circuit such as an LSI as a whole. From the input argument IN of M (M is an integer of 2 or more) bits, N (N is M This is a circuit device that calculates and outputs a hash value OUT of (smaller integer) bits.

  The hash function calculation apparatus 10 includes, as main circuit parts, a linear feedback shift register (LFSR) 11, an exclusive OR (EXOR) circuit 12, an input register 13, a selector 14, an ACC register 15, and A control unit 16 is provided.

  The linear feedback shift register 11 has a function of generating N-bit random number data R every time the bit value B is held in the input register 13 based on an M-sequence having a predetermined period generated by a polynomial specified in advance. doing. As a specific example of the LFSR, for example, a known technique such as Non-Patent Document 2 may be used.

  The exclusive OR circuit 12 calculates an exclusive OR for each bit of the random number data R from the linear feedback shift register 11 and the calculation result ACC from the ACC register 15 and outputs an N-bit operation result Q. It has a function to do.

  The input register 13 has a function of acquiring an argument IN input from the outside of the hash function calculation apparatus 10 one bit at a time from the first bit to the last bit, and sequentially holding it as a bit value B.

  The selector 14 selects the calculation result Q when the bit value B held in the input register 13 is 1, and outputs it as the selection output D. When the bit value B is 0, the selector 14 selects the calculation result ACC. And a function of outputting as a selection output D.

  The ACC register 15 is selected by the selector 14 based on the function of holding the N-bit calculation result ACC obtained in the calculation process up to the bit value B held in the input register and the bit value B held in the input register 13. A function of holding the selected output D as a new calculation result ACC, and a function of outputting the calculation result ACC obtained up to the last bit by the input register 13 as a hash value OUT.

  The control unit 16 controls the holding operation in the ACC register 15 according to the holding of the bit value B in the input register 13 and the linear feedback shift register 11 after the holding operation in the ACC register 15 is completed. And a function of updating the random number data R.

[Operation of this embodiment]
Next, the operation of the hash function calculation apparatus 10 according to this embodiment will be described.
The input hash function argument IN is assumed to arrive in order from the first bit to the last bit, one bit per unit time (hereinafter, clock) in a binary representation composed of a plurality of bits. Hereinafter, a case where the number of bits M of the argument IN is M = 4 bits will be described as an example, but the present invention is not limited to this.

  Each time the bit value B is held in the input register 13, the linear feedback shift register 11 sequentially outputs N-bit random number data R that is shifted by one bit along the M series. This random number data R corresponds to random number data (for 4 bits) read from the random number table of FIG.

  Accordingly, every time new random number data R is output from the linear feedback shift register 11, the exclusive OR circuit 12 performs exclusive logic between the random number data R and the calculation result ACC held in the ACC register 15. The sum is calculated and reduced, and the obtained calculation result Q is input as one selection input of the selector 14.

  Here, when the bit value B held in the input register 13 indicates 1, the selector 14 selects the operation result Q from the exclusive OR circuit 12 and outputs it to the ACC register 15, and the bit value B is 0. , The calculation result ACC is selected and output to the ACC register 15.

  Therefore, only the operation result Q that is the exclusive OR of the random number data R corresponding to the bit whose bit value B indicates 1 and the calculation result ACC among the M bits constituting the argument IN is selected by the selector 14. Thus, the mask process is performed, and the calculation result ACC is held in the ACC register 15.

  Thus, every time a new bit value B is held in the input register 13, the exclusive OR of all the random number data R selected so far is calculated by the exclusive OR circuit 12 and selected by the selector 14. D is selected and held in the ACC register 15 as the calculation result ACC. Therefore, the selection output D selected by the selector 14 while the last bit is held corresponds to the hash value OUT corresponding to the argument IN.

[Hash function calculation processing]
Next, the operation of the hash function calculation apparatus 10 according to the present embodiment will be described with reference to FIG. FIG. 2 is a flowchart showing hash function calculation processing.
When the hash function calculation apparatus 10 calculates the hash value OUT of the input argument IN, the hash function calculation apparatus 10 executes the hash function calculation processing of FIG.

  First, the control unit 16 initializes the calculation result ACC of the ACC register 15 and the random number data R of the linear feedback shift register 11 before the first bit arrives (step 100). For example, the calculation result ACC is initialized to “0000” and the random number data R is initialized to “1000”. Thereafter, the processing of the following steps 101 to 106 is repeatedly executed by M times as many as the number of bits of the argument IN every clock cycle.

First, the input register 13 waits for the arrival of 1 bit constituting the argument IN (step 101: NO), and according to the arrival of 1 bit (step 101: YES), the value of the arrival bit is changed to the bit value B. (Step 102).
When the bit value B is 1 (step 103: YES), the operation result Q selected from the selector 14 and output from the exclusive OR circuit 12 is held as the calculation result ACC in the ACC register 15. (Step 104).

  On the other hand, when the bit value B is “0” (step 103: NO), the calculation result ACC of the ACC register 15 selected by the selector 14 is held again in the ACC register 15. Therefore, in this case, the value of the calculation result ACC does not change, which is the same as nothing is processed.

  Thereafter, the control unit 16 confirms whether or not the arrival bit held in the input register 13 is the final bit of the argument IN (step 105). If it is not the final bit (step 105: NO), the control unit 16 stores the arrival bit in the linear feedback shift register 11. Instruct the update of the random number data R. As a result, the linear feedback shift register 11 updates the random number data R based on the M-sequence generated with the polynomial designated in advance (step 106), and returns to step 101.

  On the other hand, when the incoming bit is the last bit (step 105: YES), the ACC register 15 holds and outputs the selection output D selected by the selector 14 as the hash value OUT in accordance with the holding of the last bit (step 107). ), A series of hash function calculation processing is terminated.

[Effects of the present embodiment]
As described above, according to the present embodiment, the linear feedback shift register 11 generates the N-bit random number data R every time the input register 13 holds the bit value B based on the M sequence designated in advance. The logical OR circuit 12 calculates an exclusive OR for each bit of the random number data R and the calculation result ACC, and outputs an N-bit calculation result Q. The bit value held in the input register 13 by the ACC register 15 Only when B is 1, the operation result Q from the exclusive OR circuit 12 is held as a new calculation result ACC, and the calculation result ACC obtained up to the last bit is output as the hash value OUT. It is a thing.

  Thus, instead of storing the random number table in advance in a memory or the like, random number data R is generated by LFSR, and based on this random number data R, a hash operation that is statistically close to the case of using a uniform random number table It can be performed. Accordingly, it is not necessary to prepare a uniform random number table, and thus a circuit configuration and processing for storing or generating such a random number table are not necessary. Even when a hash function having a larger domain of the argument iN or a range of the hash value OUT is realized, the required storage resources are hardly increased. For this reason, it is possible to reduce the circuit scale while ensuring sufficient uniformity, and to achieve downsizing and integration of the device and further cost reduction.

In the present embodiment, when the bit value B of the input register 13 is 1, the operation result Q from the exclusive OR circuit 12 is selected, and when the bit value B is 0, the ACC register 15 The selector 14 for selecting the calculation result ACC from the input register 13 is further provided so that the ACC register 15 holds the selection output D selected by the selector 14 as a new calculation result ACC each time the input register 13 holds the bit value B. It may be.
Thereby, the update process of the calculation result ACC according to the bit value B of the input register 13 can be realized with a simple circuit configuration.

[Extended embodiment]
The present invention has been described above with reference to the embodiments, but the present invention is not limited to the above embodiments. Various changes that can be understood by those skilled in the art can be made to the configuration and details of the present invention within the scope of the present invention. In addition, each embodiment can be implemented in any combination within a consistent range.

  DESCRIPTION OF SYMBOLS 10 ... Hash function calculation apparatus, 11 ... Linear feedback shift register, 12 ... Exclusive OR circuit, 13 ... Input register, 14 ... Selector, 15 ... ACC register, 1 ... 6 control part, IN ... Argument, OUT ... Hash value , R: random number data, Q: operation result, B: bit value, D: selection output, ACC: calculation result

Claims (3)

A hash function calculation device that calculates and outputs a hash value of N (N is an integer smaller than M) bits from an input M (M is an integer of 2 or more) bit arguments,
An input register that obtains the argument bit by bit from the first bit to the last bit, and sequentially holds the bit value;
A linear feedback shift register that generates N-bit random number data each time the bit value is held in the input register, based on a pre-designated M-sequence;
An ACC register holding an N-bit calculation result obtained in the calculation process up to the bit value held in the input register;
An exclusive OR circuit that calculates an exclusive OR for each bit of the random number data and the calculation result and outputs an N bit operation result;
The ACC register holds the calculation result from the exclusive OR circuit as a new calculation result only when the bit value of the input register is 1, and the calculation result obtained by acquiring up to the last bit Is output as the hash value. The hash function calculation apparatus according to claim 1,
A selector for selecting an operation result from the exclusive OR circuit when the bit value of the input register is 1 and selecting a calculation result from the ACC register when the bit value is 0; ,
The ACC register holds a selection output selected by the selector as a new calculation result every time a bit value is held in the input register. A hash function calculation method used in a hash function calculation device that calculates and outputs a hash value of N (N is an integer smaller than M) from an input M (M is an integer of 2 or more) bit argument. ,
An input register obtaining the argument bit by bit from the first bit to the last bit, and sequentially holding it as a bit value;
A linear feedback shift register generating N-bit random number data each time the input register holds the bit value based on a pre-designated M sequence;
An ACC register holding an N-bit calculation result obtained in a calculation process up to the bit value held in the input register;
An exclusive OR circuit calculating an exclusive OR for each bit of the random number data and the calculation result, and outputting an N-bit calculation result;
The ACC register holds the calculation result from the exclusive OR circuit as a new calculation result only when the bit value of the input register is 1, and the calculation result obtained by acquiring up to the last bit A hash function calculation method comprising: outputting as a hash value.

Images