Field
Embodiments relate to instruction processing apparatus. In particular, embodiments relate to instruction processing apparatus and instructions to process secure hash algorithms.
Background Information
Secure Hash Standard (SHS) (FIPS PUB 180-3), a Federal Information Processing Standards Publication, was published by the National Institute of Standards and Technology, in October, 2008. The SHS standard specifies secure hash algorithms SHA-224, SHA-256, SHA-384, and SHA-512. These four has algorithms are also collectively referred to herein as SHA2 has algorithms, SHA2 algorithms, SHA2 hashes, or the like.
These SHA2 hash algorithms allow computing a message digest representing a condensed representation of input data referred to as a message. When a message with a length less than 2^64 bits (for SHA-224 and SHA-256) or less than 2^128 bits (for SHA-384 and SHA-512) is input to the hash algorithm, a result called a message digest is output. The message digest is also sometimes referred to as a digest or a hash. The message digest is 224-bits for SHA-224, 256-bits for SHA-256, 384-bits for SHA-384, or 512-bits for SHA-512. SHA-224 and SHA-256 are based on a 32-bit word length. SHA-384 and SHA-512 are based on a 64-bit word length.
The hash algorithms specified in this Standard are called secure because, for a given algorithm, it is considered computationally infeasible 1) to find a message that corresponds to a given message digest, or 2) to find two different messages that produce the same message digest. This means that any change to a message will, with a very high probability, result in a different message digest.
The SHA2 algorithms are widely used in electronic devices for authentication, verification, identification, integrity checking, security, or other purposes. They may be used for various different purposes. One common use of the SHA2 algorithms is to verify the integrity of and/or detected changes to messages. For example, an initial message digest may be generated for a message, and then later another message digest may be regenerated for the message and should be the same as the initial message digest assuming the message itself has not been changed. Other examples of applications of secure hash functions include, but are not limited to, generating digital signatures, message authentication codes, verifying the integrity of files or messages, identifying files or data, and pseudorandom generation and key derivation.
FIG. 1 illustrates details of a single round of an SHA2 algorithm 100. A total of sixty-four rounds similar to the round shown may be used to compute the final message digest. Eight state words ai, bi, ci, di, ei, fi, gi, and hi 101 are input to the round. The eight state words are also referred to in the standard as the eight working variables. For SHA-224 and SHA-256 each of these state words are 32-bits. For SHA-384 and SHA-512 each of these state words are 64-bits. Also input to the round are a message input to the current round (i.e., W(i)) 102 and a constant input to the current round (i.e., K(i)) 103. A set of SHA2 operations 104 are performed for each round. The set of operations includes a number of modulo additions (shown by the boxes with plus signs inside), and evaluation of functions known as Ch, Σ1, Maj, and Σ0. There is also a remapping of the state words. The output of the round is eight updated state words ai+1, bi+1, ci+1, di+1, ei+1, fi+1, gi+1, and hi+1 105.
The set of operations for each of the sixty-four rounds include the following operations:Σ0(a)=(a ROTR 2)XOR(a ROTR 13)XOR(a ROTR 22)Σ1(e)=(e ROTR 6)XOR(e ROTR 11)XOR(e ROTR 25)Maj(a,b,c)=(a AND b)XOR(a AND c)XOR(b AND c)Ch(e,f,g)=(e AND f)XOR((NOT e)AND g)T1=h+Σ1(e)+Ch(e,f,g)+Ki+Wi T2=Σ0(a)+Maj(a,b,c)h=g g=f f=e e=d+T1 d=c c=b b=a a=T1+T2 
In the above, “ROTR” designates a bitwise right rotate operation by the number of bits its right, “XOR” designates a logical exclusive OR operation, “AND” designates a logical AND operation, “NOT” designates a logical NOT operation. The rotation amounts are specific for SHA-256. Other SHA2 algorithms use different shift and rotate amounts.
As can be seen, each round of the SHA2 algorithms involves a large number of operations. In addition, generating the message digest involves sixty-four of such rounds. One significant challenge is that conventionally implementing the SHA2 algorithms involves executing a large number of instructions on a processor. Commonly, each round of the SHA2 algorithms may take from several to many instructions. For example, in one possible implementation, within a round separate instructions may be used to perform each of the rotations, logical AND, XOR, and NOT operations, additions, etc. This, compounded with the fact that there are sixty-four rounds, may tend to make the implementation of the SHA2 algorithms very computationally intensive and to take a significant amount of time.