Search

KR-20260063293-A - METHOD FOR IMPROVING PPA THROUGH PRE-COMPUTING OF COMPRESSION ROUND IN HASH COMPUTATION AND HASH COMPUTING CIRCUIT THROUGH THE SAME

KR20260063293AKR 20260063293 AKR20260063293 AKR 20260063293AKR-20260063293-A

Abstract

The present invention relates to a method for improving PPA through pre-operation of a compression round in a hash operation and a hash operation circuit through the same. Specifically, when configuring a pipeline circuit for a round operation of a compressor in a hash operation, the invention performs a pre-operation of a round function using a constant and substitutes a variable using the constant to optimize the combinational logic circuit for the operation of the round function and optimizes the register group used to pass the constant in the pipeline stage, thereby improving the performance of the hash operation circuit, reducing power consumption, and reducing the area, and the invention relates to the circuit itself.

Inventors

  • 김철수
  • 김 제임스 종만

Assignees

  • 주식회사 소테리아

Dates

Publication Date
20260507
Application Date
20241030

Claims (12)

  1. An extender that sequentially provides an input message for a hash operation and extended data that extends the input message; and A compressor that compresses the above input message and the above extended data by sequentially applying them to the operation of a round function; The above compressor is composed of a pipeline circuit including a plurality of register groups and a combinational logic circuit for the operation of the round function, and The above pipeline circuit is a hash operation circuit characterized by reducing the number of registers in the plurality of register groups and the complexity of the combinational logic circuit through a constant initialization vector (IV).
  2. In claim 1, The above pipeline circuit is, A hash operation circuit characterized by reducing the number of register groups required in the pipeline circuit by removing a register group that only transmits the constant in the middle of the pipeline stage when moving the constant through a pipeline stage composed of a register group, and storing the constant at the pipeline stage where it is finally to be stored.
  3. In claim 1, In the above pipeline circuit, A hash operation circuit characterized by performing the operation of the above round function in advance and substituting a variable using the above constant to reduce the complexity of the combinational logic circuit for the operation of the above round function.
  4. In claim 1, A hash operation circuit characterized by, in the 0th round of the operation of the above round function, pre-operating the round function for a and e among state variables including a, b, c, d, e, f, g, and h, and storing them in two 32-bit register groups to form a pipeline stage, and configuring the remaining state variables b, c, d, f, g, and h to be passed to the next pipeline stage without being stored in separate register groups.
  5. In claim 1, A hash operation circuit characterized in that, in the first round of the operation of the above-mentioned round function, each round function including Maj, Ch, and add, which have inputs of two constants and one variable, is configured by substituting the two constants with one variable.
  6. In claim 1, A hash operation circuit characterized in that, in the first round of the operation of the above round function, the round function Maj(a, b, c) = (a XOR b) + (b XOR c) + (c XOR a), where a is a 32-bit variable and b and c are 32-bit constants, the operation result of the above Maj(a, b, c) is expressed as “aa1a 101a 0aa0 aaa1 1a10 a110 aaa0 01a1”, represented by individual bits of variable a, and in the operation result, each a represents the binary value at the corresponding bit position of variable a, and the MSB is the one moving to the left and the LSB is the one moving to the right.
  7. In claim 1, A hash operation circuit characterized in that, in the first round of the operation of the above round function, the round function Ch(e, f, g) = (e and f) XOR (~e and g), e is a 32-bit variable, ~e is the complement of e, and f and g are 32-bit constants, so the operation result of the above Ch(e, f, g) is expressed as “~ee01 ~e0~e1 0000 e1e~e 01~ee ~e0e0 ~eeee 11ee”, which is represented by individual bits of the variable e, and in the operation result, e and ~e represent the binary values at the corresponding bit positions of the variables e and ~e, respectively, and the MSB is to the left and the LSB is to the right.
  8. In claim 1, A hash operation circuit characterized in that, in the first round of the operation of the above-mentioned round function, the round function add(h, k, w) = h + k + w, where h and k are constants and w is a variable, the result of the operation of add(h, k, w) is expressed as the sum “w~w~ww ~w~ww~ww ~ww~ww~www ~www~w ~w~ww~w ww~w~ww ~ww~ww” and the carry is expressed as “0ww1 www1 w0ww 0w11 w10w ww0w 10ww w0w1”, represented by individual bits of w and ~w, wherein in the result of the operation, w and ~w each represent the binary value at the corresponding bit position, and moving to the left is the MSB and moving to the right is the LSB.
  9. In claim 1, A hash operation circuit characterized in that, in the first round of the operation of the above round function, one 3-input adder is configured by replacing it with 18 inverters, one Ch operator is configured by replacing it with 7 inverters, one Maj operator, and four 32-bit register (DF/F) groups storing c, d, g, and h among state variables a, b, c, d, e, f, g, h are removed.
  10. In claim 1, A hash operation circuit characterized in that, in the second round of the operation of the above round function, the round function Maj(a, b, c) = (a XOR b) + (b XOR c) + (c XOR a), where a and b are 32-bit variables and c is a 32-bit constant, the operation result of Maj(a, b, c) is output as (a AND b) if each bit of the constant c is '0' and (a OR b) if it is '1'.
  11. In claim 1, A hash operation circuit characterized in that, in the second round of the operation of the above round function, the round function add(h, k, w) = h + k + w, where h and k are constants and w is a variable, the result of the operation of the above add(h, k, w) is expressed as the sum “w~w~ww ~w~ww~ww ~ww~ww~www ~www~w ~w~ww~w ww~w~ww ~ww~ww” and the carry is “0ww1 www1 w0ww 0w11 w10w ww0w 10ww w0w1”, expressed by individual bits of w and ~w, wherein in the result of the above operation, w and ~w each represent the binary value at the corresponding bit position, and moving to the left is the MSB and moving to the right is the LSB.
  12. In claim 1, A hash operation circuit characterized in that, in the second round of the operation of the above round function, one 3-input adder is configured by replacing it with 18 inverters, two 32-bit register (DF/F) groups storing state variables d and h are removed, and Maj is configured by reducing the complexity from (((3 x XOR) + (2 x OR)) x 32) gates to ((16 x AND) + (16 x OR)) gates.

Description

Method for Improving PPA Through Pre-computing of Compression Round in Hash Computation and Hash Computing Circuit Through the Same The present invention relates to a method for improving PPA through pre-operation of a compression round in a hash operation and a hash operation circuit through the same. More specifically, the invention relates to a method and circuit for improving the performance, reducing power consumption, and reducing the area of a hash operation circuit by configuring a pipeline circuit for a round operation of a compressor in a hash operation, performing a pre-operation of a round function using a constant, and optimizing a combinational logic circuit for the operation of a round function by substituting a variable using a constant, and optimizing a register group used to pass a constant in the pipeline stage. With the emergence of Bitcoin, SHA256 (Secure Hash Algorithm 256) is being used in various security and authentication tasks, including Bitcoin mining. The hash operation adopted in the SHA256 hash algorithm has a structure in which SHA256 is first performed on the first 512-bit input message of two 512-bit input messages, SHA256 is performed again on the second 512-bit (16x32-bit) input message reflecting the result, and a third SHA256 is performed again reflecting the result of the second SHA256 to finally output a hash digest. Here, a single SHA256 hash algorithm is configured to expand a 512-bit input message into 64 32-bit input messages, input the expanded input messages into a compressor to output 8 32-bit, or 256-bit, hash digests. Here, the compressor generates a hash value using the message expanded by the expander, and SHA256 uses 8 internal state variables (a, b, c, d, e, f, g, h) and has a structure that updates these state variables for each block to output a final hash value (hash digest). In the case of the above SHA256 hash algorithm, when performing 64 rounds, it is configured to form a pipeline structure by inserting a combinational logic circuit that performs round operations such as Majority (Maj), sigma (Σ 0 , Σ 1 ), Adder, and Choose (Ch) between each register and a register that stores 8 32-bit state variables. These 64 round operations are performed through a pipeline, which requires a large amount of hardware space, causes significant delays in operating state variables a and e among the state variables, and consequently consumes a lot of power. In other words, the structure of hash operations requires large-scale iterative computation. Regarding the scale of the circuit processing each round function, since eight 32-bit state variables must be rounded, the register bit width and the arithmetic unit data width are large, leading to a problem of significantly increased circuit complexity. Furthermore, operating such complex circuits consumes a very large amount of power, making it unenvironmentally friendly. In particular, for Bitcoin mining, SHA256 hash operations must be performed in three stages, and increasing the hash rate is an essential requirement to increase the efficiency of the proof-of-work process. To increase the hash rate, hash operations must first be processed at high speed to reduce the resulting power consumption, and various measures such as temperature management, scalability, modularity, and design support for dedicated hardware must be considered. Accordingly, the present invention aims to present a method and circuit that improve the performance of a hash operation circuit, reduce power consumption, and reduce the area by optimizing the circuit using constants input to the round circuit when configuring the circuit for the round operation of a compressor in a hash operation. Next, we will briefly explain the prior art existing in the technical field of the present invention, and then describe the technical details that the present invention aims to achieve differently from the said prior art. First, U.S. Patent Publication No. 2024-0015006 A1 (January 11, 2024) relates to an operation structure for energy-efficient hash operations, comprising receiving word data associated with an input message and identifying a series of input message extension operations to generate a hash for said input message, and then performing at least one message extension operation using said word data to generate a constant, and then performing a modified series of message extension operations to generate said hash of said input message, and comprising replacing at least one message extension operation with a pre-calculated constant. The aforementioned U.S. Patent Publication No. 2024-0015006 A1 describes pre-computing, but it relates to message expansion and not to compression operations, so it differs from the present invention. In fact, considering that numerous prior operations for extension operations, including the above U.S. Patent Publication No. 2024-0015006 A1, have been found but no prior operations for compression operations have been found, i