Search

US-12619552-B2 - Processing of cryptographic hash instruction

US12619552B2US 12619552 B2US12619552 B2US 12619552B2US-12619552-B2

Abstract

An apparatus comprises instruction decoding circuitry to decode a cryptographic hash instruction specifying at least one working operand and an input operand; and processing circuitry to perform, in response to decoding of the cryptographic hash instruction, two or more iterations of a cryptographic hash function. Each iteration of the cryptographic hash function comprises determining an updated value for the at least one working operand based on a previous value for the at least one working operand and a respective portion of the input operand selected to be processed in that iteration. The updated value for the at least one working operand in one iteration becoming the previous value for the at least one working operand in a next iteration. In response to decoding of the cryptographic hash instruction, the processing circuitry performs at least two iterations of the cryptographic hash function per processing cycle.

Inventors

  • Javier Diaz BRUGUERA

Assignees

  • ARM LIMITED

Dates

Publication Date
20260505
Application Date
20231130

Claims (20)

  1. 1 . An apparatus comprising: instruction decoding circuitry configured to decode a cryptographic hash instruction specifying at least one working operand and an input operand; and processing circuitry configured to perform, in response to decoding of the cryptographic hash instruction, a plurality of iterations of a cryptographic hash function, each iteration of the cryptographic hash function comprising determining an updated value for the at least one working operand based on a previous value for the at least one working operand and a respective portion of the input operand selected to be processed in that iteration, the updated value for the at least one working operand in one iteration becoming the previous value for the at least one working operand in a next iteration; in which: in response to decoding of the cryptographic hash instruction, the processing circuitry is configured to perform at least two iterations of the cryptographic hash function per processing cycle.
  2. 2 . The apparatus according to claim 1 , in which the cryptographic hash function comprises at least a portion of one round of SHA-1.
  3. 3 . The apparatus according to claim 1 , in which the processing circuitry is configured to perform two iterations of the cryptographic hash function per processing cycle.
  4. 4 . The apparatus according to claim 1 , in which the processing circuitry comprises unrolled multi-iteration logic circuitry disposed between two successive stages of clocked registers, where the unrolled multi-iteration logic circuitry is configured to process the at least one working operand read from a first of the successive sets of clocked registers as an input to a first iteration of the plurality of iterations to generate an updated value for the at least one working operand written to a second of the successive sets of clocked registers as an output of a later iteration than the first iteration.
  5. 5 . The apparatus according to claim 1 , in which the processing circuitry comprises a cryptographic hash instruction processing pipeline comprising a plurality of pipeline stages, each pipeline stage configured to perform at least two of the iterations of the cryptographic hash function per processing cycle.
  6. 6 . The apparatus according to claim 1 , in which: the plurality of iterations of the cryptographic hash function performed in response to the cryptographic hash instruction comprise a first iteration and a second iteration to be performed in a same processing cycle; and the processing circuitry is configured to perform a first computation for the first iteration in parallel with a second computation for the second iteration.
  7. 7 . The apparatus according to claim 6 , in which: the cryptographic hash function comprises applying a given hashing function to a subset of bit positions of the previous value for the at least one working operand, to generate a term used to generate a portion of the updated value for the at least one working operand; the first computation comprises applying the given hashing function to a first subset of bit positions of the first iteration's version of the previous value for the at least one working operand; and the second computation comprises applying the given hashing function to a second subset of bit positions of the first iteration's version of the previous value for the at least one working operand, where the second subset is different to the first subset.
  8. 8 . The apparatus according to claim 7 , in which the cryptographic hash function comprises mapping the second subset of bit positions of the previous value for the at least one working operand to the first subset of bit positions within the updated value for the at least one working operand.
  9. 9 . The apparatus according to claim 7 , in which the instruction decoder is configured to support a plurality of variants of the cryptographic hash instruction corresponding to different hashing functions used as the given hashing function.
  10. 10 . The apparatus according to claim 1 , in which, in the cryptographic hash function, a portion of the updated value for the at least one working operand depends on an addition of a plurality of terms, the plurality of terms including the respective portion of the input operand and one or more further terms derived from the previous value of the at least one working operand; and the plurality of iterations of the cryptographic hash function performed in response to the cryptographic hash instruction comprise a first iteration and a second iteration to be performed in a same processing cycle.
  11. 11 . The apparatus according to claim 10 , in which the processing circuitry is configured to perform a part of the addition for the first iteration in parallel with a part of the addition for the second iteration.
  12. 12 . The apparatus according to claim 10 , in which, in the cryptographic hash function: the plurality of terms for the addition comprise a rotated term which depends on a rotated version of bits from a selected subset of bit positions within the previous value for the at least one working operand; and the selected subset of bit positions correspond to bit positions in the updated value for the at least one working operand which depend on a result of the addition of the plurality of terms.
  13. 13 . The apparatus according to claim 12 , in which the processing circuitry comprises second-iteration addition circuitry to perform a rotated-term-dependent part of the addition for the second iteration based on at least two separate values representing, in a redundant representation, at least a portion of the rotated term for the addition for the second iteration.
  14. 14 . The apparatus according to claim 13 , in which the second-iteration addition circuitry is configured to commence performing the rotated-term-dependent part of the addition based on the at least two separate values before a non-redundant representation of the result for the addition for the first iteration is available; and the processing circuitry comprises carry adjustment circuitry to adjust a result of the addition for the second iteration dependent on whether generation of the non-redundant representation of the addition for the first iteration causes a carry out to propagate beyond a bit position corresponding to a most significant bit in the rotated term used for the addition in the second iteration.
  15. 15 . The apparatus according to claim 13 , in which: the processing circuitry comprises early carry-propagate addition circuitry configured to generate, in a non-redundant representation, a plurality of most significant bits for a result of the addition for the first iteration, the early carry-propagate addition circuitry being configured to generate the plurality of most significant bits at an earlier timing than a timing at which a non- redundant representation of remaining less significant bits of the result of the addition for the first iteration is generated; and in the rotated-term-dependent part of the addition for the second iteration, a least significant portion of the rotated term is represented in the non-redundant representation based on the most significant bits generated by the early carry-propagate addition circuitry.
  16. 16 . The apparatus according to claim 15 , comprising carry adjustment circuitry configured to selectively adjust a portion of the result of the addition for the second iteration depending on a carry out value determined when generating the non-redundant representation of the remaining less significant bits of the result of the addition for the first iteration.
  17. 17 . A system comprising: the apparatus of claim 1 , implemented in at least one packaged chip; at least one system component; and a board, wherein the at least one packaged chip and the at least one system component are assembled on the board.
  18. 18 . A chip-containing product comprising the system of claim 17 assembled on a further board with at least one other product component.
  19. 19 . A non-transitory computer-readable medium to store computer-readable code for fabrication of an apparatus comprising: instruction decoding circuitry to decode a cryptographic hash instruction specifying at least one working operand and an input operand; and processing circuitry to perform, in response to decoding of the cryptographic hash instruction, a plurality of iterations of a cryptographic hash function, each iteration of the cryptographic hash function comprising determining an updated value for the at least one working operand based on a previous value for the at least one working operand and a respective portion of the input operand selected to be processed in that iteration, the updated value for the at least one working operand in one iteration becoming the previous value for the at least one working operand in a next iteration; in which: in response to decoding of the cryptographic hash instruction, the processing circuitry is configured to perform at least two iterations of the cryptographic hash function per processing cycle.
  20. 20 . A method comprising: decoding a cryptographic hash instruction specifying at least one working operand and an input operand; and performing, in response to decoding of the cryptographic hash instruction, a plurality of iterations of a cryptographic hash function, each iteration of the cryptographic hash function comprising determining an updated value for the at least one working operand based on a previous value for the at least one working operand and a respective portion of the input operand selected to be processed in that iteration, the updated value for the at least one working operand in one iteration becoming the previous value for the at least one working operand in a next iteration; in which: in response to decoding of the cryptographic hash instruction, processing circuitry performs at least two iterations of the cryptographic hash function per processing cycle.

Description

BACKGROUND Technical Field The present technique relates to the field of data processing. Technical Background Cryptographic hashes can be used to generate digests of messages, program code or other streams of binary data. For example, one use case can be where a stream of binary data (e.g. a program download) is transmitted to a recipient. The recipient can calculate a cryptographic hash based on the received stream of data, and compare the hash with an expected value of the hash, to determine whether any transmission errors or malicious attacks have affected the integrity of the received stream. The cryptographic hash may be designed to have a very low probability that a modified data stream received by the recipient would map to the same hash value as the actual data stream intended to be received by the recipient, when the modification corresponds to common errors such as replacing one symbol of the message with another symbol, swapping the order of the two symbols, omitting one symbol, etc. Various cryptographic hash algorithms are available, with different trade-off points between performance and security. SUMMARY At least some examples of the present technique provide an apparatus comprising: instruction decoding circuitry to decode a cryptographic hash instruction specifying at least one working operand and an input operand; andprocessing circuitry to perform, in response to decoding of the cryptographic hash instruction, a plurality of iterations of a cryptographic hash function, each iteration of the cryptographic hash function comprising determining an updated value for the at least one working operand based on a previous value for the at least one working operand and a respective portion of the input operand selected to be processed in that iteration, the updated value for the at least one working operand in one iteration becoming the previous value for the at least one working operand in a next iteration; in which:in response to decoding of the cryptographic hash instruction, the processing circuitry is configured to perform at least two iterations of the cryptographic hash function per processing cycle. At least some examples provide a system comprising: the apparatus as described above, implemented in at least one packaged chip;at least one system component; anda board, wherein the at least one packaged chip and the at least one system component are assembled on the board. At least some examples provide a chip-containing product comprising the system described above assembled on a further board with at least one other product component. At least some examples of the present technique provide a non-transitory computer-readable medium to store computer-readable code for fabrication of an apparatus comprising: instruction decoding circuitry to decode a cryptographic hash instruction specifying at least one working operand and an input operand; andprocessing circuitry to perform, in response to decoding of the cryptographic hash instruction, a plurality of iterations of a cryptographic hash function, each iteration of the cryptographic hash function comprising determining an updated value for the at least one working operand based on a previous value for the at least one working operand and a respective portion of the input operand selected to be processed in that iteration, the updated value for the at least one working operand in one iteration becoming the previous value for the at least one working operand in a next iteration; in which:in response to decoding of the cryptographic hash instruction, the processing circuitry is configured to perform at least two iterations of the cryptographic hash function per processing cycle. At least some examples of the present technique provide a method comprising: decoding a cryptographic hash instruction specifying at least one working operand and an input operand; andperforming, in response to decoding of the cryptographic hash instruction, a plurality of iterations of a cryptographic hash function, each iteration of the cryptographic hash function comprising determining an updated value for the at least one working operand based on a previous value for the at least one working operand and a respective portion of the input operand selected to be processed in that iteration, the updated value for the at least one working operand in one iteration becoming the previous value for the at least one working operand in a next iteration; in which:in response to decoding of the cryptographic hash instruction, processing circuitry performs at least two iterations of the cryptographic hash function per processing cycle. Further aspects, features and advantages of the present technique will be apparent from the following description of examples, which is to be read in conjunction with the accompanying drawings. BRIEF DESCRIPTION OF THE DRAWINGS FIG. 1 illustrates an example of an apparatus comprising instruction decoding circuitry and processing circuitry; FIG. 2 ill