Suhali&Watanabe
Suhali&Watanabe
Suhali&Watanabe
based on FPGA
Where, h=g
g= f
σ 0256 ( x ) = ROTR 7 ( x) + ROTR 18 ( x ) + SHR 3 ( x ) (2)
f =e
(10)
e = d + Temp1
σ 256
( x) = ROTR ( x) + ROTR ( x) + SHR ( x)
17 19 10 (3)
1 d =c
c=b
Initial hash values, H 0 to H 7 as shown in Table 2 are
b=a
assigned to variables a, b, c, d, e, f, g, and h respectively.
a = Temp1 + Temp 2
These initial hash values are 32-bit words. There are 64 values
of the 32-bit constant K t in order to process the SHA-256 hash
Finally, hash values, H 0 to H 7 , are computed by the modulo-
function.
32 bit adders after 64 iterations. The final hash value of SHA-
TABLE II. INITIAL SHA-256 HASH VALUES 256 is obtained in a big-endian format.
Register Buffer Initialization
H 32’h6a09e667 H 0 = a + H 0 , H1 = b + H1 , H 2 = c + H 2 , H 3 = d + H 3
0
H1 32’hbb67ae85
H2 32’h3c6ef372 H4 = e + H4, H5 = f + H5, H6 = g + H6, H7 = h + H7
H3 32’ha54ff53a
32’h510e527f
Message Digest = H 0 || H 1 || H 2 || H 3 || H 4 || H 5 || H 6 || H 7
H4
H5 32’h9b05688c padded
message
H6 32’h1f83d9ab 13 14 15
H7 32’h5be0cd19
12 σ1
∑ (a) = ROTR
0
2
(a) + ROTR13 (a) + ROTR 22 (a) (6) 4 3 2 1 0
Fig. 1. Message Schedule of SHA-256 Algorithm
∑ (e) = ROTR
1
6
(e) + ROTR 11 (e) + ROTR 25 (e) (7)
h
Kt Compression
Function
unit5
g Data_in
Ch(e, f , g )
mux
f sel SHA256
unit4
Ai.....Hi
e ∑ (e)
1
Ao ..... Ho
Output
d SHA256
unit6
a
∑ (a) 0 IV. SHA-256 UNFOLDING DESIGN
The message schedule and compression function of the
SHA-256 algorithm need to be modified in order to produce
Fig. 2. Compression Function of SHA-256 Algorithm the unfolding architecture. An unfolding design is a technique
that reduces the number of latency based on the number of J
factors [10]. Besides, this technique can also increase the
III. SHA-256 DESIGN
throughput of the SHA-256 algorithm. In this paper, the
SHA-256 has been designed using Verilog code. It consists unfolding technique with factor 2 has been implemented.
of 6 modules in the top-level modules of SHA-256 Modifications of each of block in the message schedule and
architecture: counter SHA-256, message schedule, constant compression function have to be considered. Figure 4 and
SHA-256, multiplexer, compression function and output SHA- Figure 5 show the block diagrams of Temp1o and Temp 2 o .
256. Figure 3 illustrates the proposed SHA-256 hash function
architecture. 15 blocks input of 32-bit data is padded as input The following block diagrams of Temp1o and Temp 2 o are the
data; a single 1-bit is added at the end of the message. Then, it modifications of Equations (8) and (9). These equations are
is followed by n 0-bit, and the last 64-bit is the length of the added to the compression function of the SHA-256 algorithm.
message. The overall message of a SHA-256 hash function is
Temp1o consists of ∑ 1o , Cho ( next _ e , e, f ) , Message, Wt _1 and
512-bit. The input message, Wt for 16 ≤ t ≤ 63 can be
obtained by using Equation (1). The sequence of the message Constant, K t _1 ; while Temp2 o contains ∑ 0o and
is generated by using a counter module. The SHA-256 hash Majo ( next _ a , a , b ) .
A 32-bit adder is used in order to obtain
function uses 64 rounds iteration of the compression function these results. All data inputs are different for each of the
in order to obtain the final hash code. Before SHA-256 starts
processing the message, eight buffer initialisations of SHA- blocks in Temp1o and Temp 2 o block diagram architectures.
256 are generated with the help of a multiplexer module. The
ROM blocks are used to define constant, Kt. These constants Wt _ 1 K t _1
contain 64X32-bit ROM blocks. Finally, the output module is
used to produce the message digest SHA-256. In this module, next e
∑ 1o
buffer initialisations are added with the last output of
compression function of SHA-256.
g + Temp1o
next e
Cho ( next _ e , e, f )
e
f
+ Temp 2 o next _ e
11 XOR
next a
ROTR ( next _ e ) ∑ 1o
Majo ( next _ a , a , b )
a 25
ROTR ( next _ e )
b
Fig. 9. ∑1o ( next _ e ) Architecture
Fig. 5. Temp 2 o Block Diagram Architecture
Figure 10 and Figure 11 show the architectures for both
The two architectures for Cho(next_e,e,f) and σ 0o and σ 1o functions. The main function of these
Majo(next_a,a,b) are shown in Figure 6 and Figure 7. Both
architectures consist of AND, NOT and XOR gates with architectures is to generate a message schedule for SHA-256.
different structures of implementation. From Equations (4) For σ 0 o , W2 has to be rotated by the right direction with a
and (5), all data inputs for both of these architectures are
fixed amount of value while for σ 1 , WMessage _ 1 has to be
different. Data input next_e and next_a can be obtained based
on the compression function of SHA-256 algorithm as shown rotated by the right direction with a different value. In σ 0o
in Figure 2.
architecture, the W2 needs to be right shifted by 3 and for
σ 1o architecture, the WMessage _ 1 needs to be right shifted by
10.
7
ROTR (W2 )
W2 XOR
ROTR
18
(W2 ) σ 0o
Fig. 6. Cho (next_e,e,f) Function Architectures
3
SHR (W2 )
17
ROTR (WMessage _ 1)
while input next_e is for ∑1o . All the rotations for both
architectures follow the right direction with a fixed amount of Fig. 11. σ 1o Architecture
values. Finally, an XOR gate is used to combine all the inputs
to obtain the final outputs of ∑ 0o and ∑ 1o . V. RESULT AND DISCUSSION
2
ROTR ( next _ a ) The proposed SHA-256 design and SHA-256 unfolding
next _ a design were successfully designed using the Verilog code.
13 XOR ∑ 0o Both of the designs were analysed, synthesised and placed and
ROTR ( next _ a )
routed based on Altera Quartus II. Table 3 illustrates the
22 synthesis and implementation results of SHA-256 design and
ROTR ( next _ a ) SHA-256 unfolding design. These designs were simulated
using ModelSim. The throughput of these designs can be
Fig. 8. ∑ 0 o ( next _ a ) Architecture