1. Technical Field
Embodiments generally relate to processors. In particular, embodiments generally relate to evaluating hash functions with processors.
2. Background Information
Hash functions are a type of cryptographic functions that are widely used in computer systems and other electronic devices. The hash functions generally take a message as an input, generate a corresponding hash value by applying the hash function to the message, and output a hash value. Typically, the same hash value should be generated if the same hash function is evaluated with the same message. Such hash functions are used for various purposes, such as for verification (e.g., verifying the integrity of files, data, or messages), identification (e.g., identifying files, data, or messages), authentication (e.g., generating message authentication codes), generating digital signatures, generating pseudorandom numbers, and the like. As one illustrative example, a hash function may be used to generate a hash value for a given message. At a later time, a hash value may be recomputed for the message using the same hash function. If the hash values are identical, then it can be assumed that the message hasn't been changed. In contrast, if the hash values are different, then it can be assumed that the message has been changed.
One known type of hash function or secure hashing algorithm is the SM3 hash function, which has been published by the Chinese Commercial Cryptography Association Office. An English language description of the SM3 hash function has been published as the Internet Engineering Task Force (IETF) Internet-Draft entitled “SM3 Hash Function,” by S. Shen and X. Lee, on Oct. 24, 2011. SM3 is currently specified as the hashing algorithm for the TCM (Trusted Computing Module) by the China Information Security Standardization Technical Committee (TC260) initiative. For a message of a given length, the SM3 hash algorithm generates a hash value having a length of 256-bits after padding and iterative compression. The iterative procedure involves dividing the message after padding into 512-bit blocks. The iterative procedure is then performed on the sequence of 512-bit blocks with the output state of the intermediate blocks serving as the input state for the next 512-bit SM3 block compression. The state of each intermediate block compression and the final hash value is a 256-bit value.
FIG. 1 illustrates the compression function 100 of the SM3 hash function. A detailed understanding of the compression function is not important to understand the embodiments disclosed herein. However, the compression function will be briefly described. Initially, the 256-bit state value V(i) is partitioned into eight 32-bit words A, B, C, D, E, F, G, and H. The initial state value for the first iteration is a constant defined by the SM3 hash function. The words A-H are specified in “Big Endian” format. A sequence of iterations from j=0 to 63 will be performed. In subsequent iterations, the input state value V(i) is the output state value from the prior iteration V(i+1). The leftward pointing arrow symbol (←) represents storing or assigning the value on the right to the parameter on the left. The symbol “<<<” represents a rotate operation. The symbol resembling a plus sign with a circle around it represents a logical exclusive OR (XOR) operation. Tj is a constant having a value that depends on the iteration (i.e., the value of j) as specified in the SM3 hash function. The variables SS1, SS2, TT1, and TT2 are internal intermediate values used in the iteration. FFj and GGj are Boolean functions specified in the SM3 hash algorithm. P0 is a permutation function specified in the SM3 hash algorithm. The particulars of the functions FFj, GGj, and P0 are not particularly relevant to an understanding of this description, and will be omitted for simplicity.
Notice that the term Wj is added to the evaluation of the Boolean function GGj. Notice also that the term W′j is added to the evaluation of the Boolean function FFj. The terms Wj and W′j represent message terms, message inputs, or simply messages. For iterations 0 to 15, the terms W0 to W15 are obtained from the 512-bit block being compressed. In particular, the 512-bit message block being compressed is divided or partitioned into sixteen 32-bit words referenced in big-endian format as W0 to W15. The remaining messages Wj and W′j are calculated during a message extension or message expansion portion of the SM3 hash algorithm.