CN101483519A - Compressing function apparatus for generating hash function, hash function system and method - Google Patents

Abstract

The present invention provides a Hash function system for generating Hash function and a method thereof. The system comprises the following components: an information receiver which is used for receiving the information for calculating the Hash value; an information divider which divides the information received by the information receiver to information blocks with preset magnitude; a plurality of compression function devices, and each of which is composed by at least two parallel-connected serial step function device rows, receives the no-symbol constant quantity as initial chaining variable and receives the information blocks which are divided by the information divider and have preset magnitude as key, executes iterative operation through the at least two serial step function device rows and adds the iterative operation result with the initial link variable for outputting link variable; and a Hash function cascade device which is used for cascading the link variables generated by the last compression function device as the Hash value of information received by the information receiver. The parallel-connected serial step function device rows function with one another, can provide higher security and is a method which can totally resist common attack.

Description

Produce the compression function device and the hash function system and method for hash function

Technical field

In general, the present invention can be widely used in the cryptography every field, as digital signature, and message authentication etc.More specifically, the present invention relates to utilize the compression function device that contains parallel step functional unit row to produce the system and the method for hash function.

Background technology

Cryptographic Hash function claims hash function again, is basic cryptographic technique, is commonly used to the weak point " fingerprint " of construction data, the integrality of protected data.Hash function can be the short message string that the message string of random length is hashed to regular length, and the short message string of this regular length is commonly referred to as the cryptographic Hash or the hashed value of this message.Usually, the length of cryptographic Hash is 128,160,256 and 512 bits.Special hash function all be by compression function repeatedly iteration form.Widely used special hash function has MD5 and SHA-1 etc. at present, MD5 is published in Request for Comment 1321 (Requestfor Comment 1321, RFC 1321) on, title is " MD5 Message Digest 5 (MD5 Message-Digest Algorithm) ".SHA-1 is published in Federal Information Processing Standards bulletin 180-1 (Federal Information ProcessingStandards Publication 180-1, FIPS PUB 180-1) on, title is " secure Hash functional standard (Secure Hash Standard) ".

From 2004 so far, a series of differential attack analytical proofs at hash functions such as MD5 and SHA-1 MD5 and SHA-1 do not reach desirable safety requirements, it is very slow that main cause under attack is that extension of message and step function spread, and the difference of introducing can be followed the tracks of effectively and control.And because the raising of COMPUTER CALCULATION performance, from the angle of computationally secure, MD5 also can not be used by people as crash-resistant secure Hash function.

Based on such present situation, (National Institute of Standards andTechnology NIST) recommends to use SHA-256 as hash function, and openly collects new hash function standard towards the whole world in Unite States Standard technical committee.SHA-256 is published on the FIPS PUB 180-2, and title is " secure Hash functional standard (Secure Hash Standard) ".Corresponding patent document is No. the 6829355th, United States Patent (USP), and title is " producing the method and apparatus (Device for and method ofone-way cryptographic hashing) that one-way cipher is learned hash function ".

The design concept of No. 6829355 disclosed generation hash function method and apparatus of United States Patent (USP) and existing SHA-1 is basic identical, and difference is it by using the fail safe that strengthens hash function with respect to the longer output length of SHA-1 and more complicated extension of message and step function.

Cryptographic Hash function needs to satisfy three security properties usually:

1) the antigen picture is attacked, and promptly finds a message string to make that its cryptographic Hash just in time is that the computation complexity of in advance given cryptographic Hash can not be lower than 2 ⁿ

2) anti-second primary image is attacked, and finds promptly a message string to make its cryptographic Hash just in time to equal in advance given message string that (length is 2 ^k) the computation complexity of cryptographic Hash can not be lower than 2 ^N-kWith

3) anti-collision attack promptly finds any two message strings to make their the identical computation complexity of cryptographic Hash can not be lower than 2 ^N/2, wherein n is the length of cryptographic Hash.

If the computation complexity that exists preimage to attack is lower than 2 ⁿ, or the computation complexity that second preimage is attacked is lower than 2 ^N-k, perhaps the computation complexity of collision attack is lower than 2 ^N/2, think that then this hash function is unsafe.

Yet from existing latest analysis result to SHA-256, the step diffusion velocity of function is still slower, and the difference within several steps still is to eliminate by revising message, thereby this hash function is also. be not be perfectly safe believable.

In order to address the above problem, needing to provide higher fail safe, produces the hash function value quickly, and can resist the hash function system of common attack method fully.

Summary of the invention

Therefore, the invention provides novel compression function device and hash function system thereof, this compression function device contains at least two step function rows of executed in parallel, can produce the hash function value fast.

According to one embodiment of the present invention, the hash function system that produces the hash function value is provided, comprise message receiving apparatus, be used to receive the message that will calculate its hash function value; Message classification apparatus, the message that message receiving apparatus is received are divided into N block of information of pre-sizing, and wherein N is the positive integer more than or equal to 1; N compression function device, each compression function device is made of concurrently the step of dual serial at least functional unit row, wherein the first compression function device in this N compression function device receive unsigned constant as the first initial link variable and first message blocks that receives the pre-sizing of dividing out through the message classification apparatus as key, by this at least dual serial step functional unit row carry out interative computation and with interative computation result and the first initial link addition of variables to export first link variable, and the n-1 link variable that the n compression function device in this N compression function device receives the output of n-1 compression function device as n initial link variable and the n-1 message blocks that receives the pre-sizing of dividing out through the message classification apparatus as key, by this at least dual serial step functional unit row carry out interative computation and with interative computation result and n initial link addition of variables to export the n link variable, wherein n is greater than 1 positive integer smaller or equal to N; And the hash function cascade unit, be used for the link variable that N compression function device produced is cascaded up, as the cryptographic Hash of the received message of message receiving apparatus.

Best, this hash function system also comprises the message blocks filling device, and the message that is used for message receiving apparatus is received is filled, will be divided into the message blocks of this pre-sizing through the message of filling.

Best, this compression function device also comprises a plurality of replacement modules, and each is used for displacement that the message blocks that will produce hash function is scheduled to; And a plurality of logic modules, be respectively applied for the iteration of the predetermined steps functional unit in this output one of at least in iteration output and this a plurality of replacement modules of step functional unit in step functional unit row in dual serial step functional unit row at least, the step functional unit row before these step functional unit row export, the output or the link variable of logic module carry out logical operation before.

Best, this block of information M ⁽ⁱ⁾Be divided into 16 sub-pieces of message $M^{\left(i\right)}=(M_0^{\left(i\right)},M_1^{\left(i\right)},\·\·\·,M_{15}^{\left(i\right)}),$ I=1,2 ..., N, these a plurality of replacement modules comprise: first replacement module, be used for $M^{\left(i\right)}=(M_0^{\left(i\right)},M_1^{\left(i\right)},\·\·\·,M_{15}^{\left(i\right)})$ Be replaced as $P_1\left(M^{\left(i\right)}\right)=(M_{{\mathrm{\σ}}_1\left(0\right)}^{\left(i\right)},M_{{\mathrm{\σ}}_1\left(1\right)}^{\left(i\right)},\·\·\·,M_{{\mathrm{\σ}}_1\left(15\right)}^{\left(i\right)}),$ σ wherein ₁(t)=t mod 16,0≤t≤15, the second replacement modules, be used for $M^{\left(i\right)}=(M_0^{\left(i\right)},M_1^{\left(i\right)},\·\·\·,M_{15}^{\left(i\right)})$ Be replaced as $P_2\left(M^{\left(i\right)}\right)=(M_{{\mathrm{\σ}}_2\left(0\right)}^{\left(i\right)},M_{{\mathrm{\σ}}_2\left(1\right)}^{\left(i\right)},\·\·\·,M_{{\mathrm{\σ}}_2\left(15\right)}^{\left(i\right)}),$ σ wherein ₂(t)=9t+11 mod 16,0≤t≤15, the three replacement modules, be used for $M^{\left(i\right)}=(M_0^{\left(i\right)},M_1^{\left(i\right)},\·\·\·,M_{15}^{\left(i\right)})$ Be replaced as $S_1\left(M^{\left(i\right)}\right)=(M_{{\mathrm{\σ}}_3\left(0\right)}^{\left(i\right)},M_{{\mathrm{\σ}}_3\left(1\right)}^{\left(i\right)},\·\·\·,M_{{\mathrm{\σ}}_3\left(15\right)}^{\left(i\right)}),$ σ wherein ₃(t)=5t+6 mod 16,0≤t≤15, and the 4th replacement module, be used for $M^{\left(i\right)}=(M_0^{\left(i\right)},M_1^{\left(i\right)},\·\·\·,M_{15}^{\left(i\right)})$ Be replaced as $S_2\left(M^{\left(i\right)}\right)=(M_{{\mathrm{\σ}}_4\left(0\right)}^{\left(i\right)},M_{{\mathrm{\σ}}_4\left(1\right)}^{\left(i\right)},\·\·\·,M_{{\mathrm{\σ}}_4\left(15\right)}^{\left(i\right)}),$ σ wherein ₄(t)=13t+3 mod 16,0≤t≤15.

Best, this step functional unit is divided into the first step functional unit row and the second step functional unit row of dual serial, and these a plurality of logic modules comprise: first logic module is used for the link variable of first step functional unit row output and the link variable of second step functional unit row output are carried out the logic OR computing; Second logic module is used for logic OR computing that the output of first logic module and received link variable are scheduled to, and with the output of this operation result as the compression function device; The 3rd logic module, be used for back eight sub-pieces of message of the message blocks after the output of the 4th step functional unit of second functional unit row and experience the 3rd predetermined permutation module are carried out the logic OR computing, and this operation result is outputed to the 5th step functional unit in the second step functional unit row; The 4th logic module, be used for the sub-piece of the first eight message of the message blocks after the output of the 8th step functional unit of second functional unit row and experience the 4th predetermined permutation module is carried out the logic OR computing, and this operation result is outputed to the 9th in the second step functional unit row go on foot functional unit; And the 5th logic module, be used for back eight sub-pieces of message of the message blocks after the output of the 12 step functional unit of second functional unit row and experience the 4th predetermined permutation module are carried out the logic OR computing, and with the output of this operation result as the second step functional unit row.

Best, this step functional unit is by initially as follows: the first step functional unit in the first step functional unit row carries out initialization by link variable, and the second step functional unit to the, the 16 step functional unit in the first step functional unit row is respectively by the link variable initialization of 15 step of the first step functional unit to the in first step functional unit row functional unit output, and the sub-piece of the first eight message of the message blocks of the first step functional unit in the second step functional unit row after by experience the 3rd predetermined permutation module carries out initialization; The key of this step functional unit is given as follows: the message blocks that will experience after the first and second predetermined permutation modules is input to respectively going on foot in the functional unit of first step functional unit row as cipher key sequence, received link variable is input to first to fourth in the second step functional unit row as cipher key sequence goes on foot functional unit, the link variable that the 4th step functional unit of first step functional unit row is exported is input to second the 5th to the 8th step functional unit that goes on foot in the functional unit row as cipher key sequence, the link variable of the 8th step functional unit output of first step functional unit row is input to the 9th to the 12 step functional unit in the second step functional unit row as cipher key sequence, the link variable of the 12 step functional unit output of first step functional unit row is input to the 13 to the 16 step functional unit in the second step functional unit row as cipher key sequence; And the unsigned constant that should go on foot functional unit is given as follows: be that each step functional unit that first step functional unit row and second go on foot in the functional unit row is imported two unsigned constants.

Best, this step functional unit comprises: a plurality of logic modules are respectively applied for and receive the data that comprise key, unsigned constant and/or initial link variable, and received data are carried out logical operation; A plurality of function modules, each function module is connected between two or more logic modules in these a plurality of logic modules, be respectively applied for the output that receives the upstream logic module in the logic module that it was connected to, the functional operation that received data are scheduled to, and operation result is outputed to the downstream logic module of its logic module that is connected to; And a plurality of shift registers, be used for the output of receive logic module and function module, and received data are circulated mobile one left.

Best, comprise the execution function in these a plurality of function modules $\mathrm{sf}\left(x\right)=x\⊕r(x,6)\⊕r(x,23)$ The function module of computing, and carry out function $\mathrm{sg}\left(x\right)=x\⊕r(x,14)\⊕r(x,27)$ The function module of computing, (x is x to be circulated left move the function of n position n) to r here.

Best, comprise the logic module of carrying out circulative shift operation in these a plurality of logic modules, carry out mould 2 ³²The logic module of the logic module of add operation and execution XOR.

Be somebody's turn to do most, these a plurality of shift registers are eight shift registers, and by these a plurality of logic modules and the value A of these a plurality of function modules with this shift register _j, B _j, C _j, D _j, E _j, F _j, G _j, H _jBy the following formula value of converting to A _J+1, B _J+1, C _J+1, D _J+1, E _J+1, F _J+1, G _J+1, H _J+1:

A _j+1＝B _j+sf(A _j+K _2j)

$B_{j+1}=(C_j+E_j)\⊕\mathrm{sg}(\mathrm{sf}(A_j+K_{2j})+B_j+D_j+{\mathrm{\β}}_{2j})$

C _j+1＝sg(sf(A _j+K _2j)+B _j+D _j+β _2j) ^<<<21

$D_{j+1}=E_j+K_{2j+1}+{((G_j+A_j)\&CirclePlus;\mathrm{sf}(\mathrm{sg}(E_j+K_{2j+1})+F_j+H_j+{\mathrm{\&beta;}}_{2j+1}))}^{<<<13}$

E _j+1＝F _j+sg(E _j+K _2j+1)

$F_{j+1}=(G_j+A_j)\&CirclePlus;\mathrm{sf}(\mathrm{sg}(E_j+K_{2j+1})+F_j+H_j+{\mathrm{\&beta;}}_{2j+1})$

G _j+1＝sf(sg(E _j+K _2j+1)+F _j+H _j+β _2j+1) ^<<<9

$H_{j+1}=A_j+K_{2j}+{((C_j+E_j)\&CirclePlus;\mathrm{sg}(\mathrm{sf}(A_j+K_{2j})+B_j+D_j+{\mathrm{\&beta;}}_{2j}))}^{<<<17}$

Wherein, K _2jAnd K _2j+1Represent this key respectively, β _2jAnd β _2j+1Represent this unsigned constant respectively, x ^NExpression circulates x left and moves the n position.

Best, this shift register is 32 bit shift register, and this key and unsigned constant are 32 bit data.

According to another embodiment of the invention, the method for the hash function value that generates message is provided, comprise step: 1) receive N the message blocks that message also is divided into received message pre-sizing; 2) with unsigned constant as the first initial link variable, first message blocks in the message blocks that step 1) is divided is out compressed processing, and will compress result and the first initial link addition of variables to export first link variable of compressed processing; 3) with step 2) first link variable of compressed processing of output is as the second initial link variable, second message blocks in the message blocks that step 1) is divided is out compressed processing, and will compress result and the second initial link addition of variables to export second link variable of compressed processing; 4) repeating step 3), till all message blocks in the message blocks that step 1) divides out are all processed; And 5) cascade of N link variable is exported, hash function value as described message, wherein, the iteration step function row that comprises the dual serial of carrying out is concurrently at least handled in each compression, is used to handle initial link variable and message blocks and produces corresponding link variable.

Best, this step 1) comprises substep: the message that message receiving apparatus received is filled, will be divided into the message blocks of this pre-sizing through the message of filling.

Best, this compression is handled and comprised: displacement step is used for the message blocks that will produce the hash function value is carried out a plurality of predetermined displacements; And the logical operation step, be used for that output one of at least, the iteration of step function in the step function row before this step function row of iteration output and this a plurality of predetermined permutation computings of the step function in the step function row of dual serial step function row are exported at least, the output or the link variable of logical operation before carry out logical operation with this.

Best, this block of information M ⁽ⁱ⁾Be divided into 16 sub-pieces of message $M^{\left(i\right)}=(M_0^{\left(i\right)},M_1^{\left(i\right)},\&CenterDot;\&CenterDot;\&CenterDot;,M_{15}^{\left(i\right)}),$ I=1,2 ..., N, these a plurality of displacement step comprise: first the displacement substep, be used for $M^{\left(i\right)}=(M_0^{\left(i\right)},M_1^{\left(i\right)},\&CenterDot;\&CenterDot;\&CenterDot;,M_{15}^{\left(i\right)})$ Be replaced as $P_1\left(M^{\left(i\right)}\right)=(M_{{\mathrm{\&sigma;}}_1\left(0\right)}^{\left(i\right)},M_{{\mathrm{\&sigma;}}_1\left(1\right)}^{\left(i\right)},\&CenterDot;\&CenterDot;\&CenterDot;,M_{{\mathrm{\&sigma;}}_1\left(15\right)}^{\left(i\right)}),$ σ wherein ₁(t)=t mod 16,0≤t≤15, the second displacement substeps, be used for $M^{\left(i\right)}=(M_0^{\left(i\right)},M_1^{\left(i\right)},\&CenterDot;\&CenterDot;\&CenterDot;,M_{15}^{\left(i\right)})$ Be replaced as $P_2\left(M^{\left(i\right)}\right)=(M_{{\mathrm{\&sigma;}}_2\left(0\right)}^{\left(i\right)},M_{{\mathrm{\&sigma;}}_2\left(1\right)}^{\left(i\right)},\&CenterDot;\&CenterDot;\&CenterDot;,M_{{\mathrm{\&sigma;}}_2\left(15\right)}^{\left(i\right)}),$ σ wherein ₂(t)=9t+1 1mod 16,0≤t≤15, the three displacement substeps, be used for $M^{\left(i\right)}=(M_0^{\left(i\right)},M_1^{\left(i\right)},\&CenterDot;\&CenterDot;\&CenterDot;,M_{15}^{\left(i\right)})$ Be replaced as $S_1\left(M^{\left(i\right)}\right)=(M_{{\mathrm{\&sigma;}}_3\left(0\right)}^{\left(i\right)},M_{{\mathrm{\&sigma;}}_3\left(1\right)}^{\left(i\right)},\&CenterDot;\&CenterDot;\&CenterDot;,M_{{\mathrm{\&sigma;}}_3\left(15\right)}^{\left(i\right)}),$ σ wherein ₃(t)=5t+6 mod 16,0≤t≤15, and the 4th the displacement substep, be used for $M^{\left(i\right)}=(M_0^{\left(i\right)},M_1^{\left(i\right)},\&CenterDot;\&CenterDot;\&CenterDot;,M_{15}^{\left(i\right)})$ Be replaced as $S_2\left(M^{\left(i\right)}\right)=(M_{{\mathrm{\&sigma;}}_4\left(0\right)}^{\left(i\right)},M_{{\mathrm{\&sigma;}}_4\left(1\right)}^{\left(i\right)},\&CenterDot;\&CenterDot;\&CenterDot;,M_{{\mathrm{\&sigma;}}_4\left(15\right)}^{\left(i\right)}),$ σ wherein ₄(t)=13t+3 mod 16,0≤t≤15.

Best, this step function is divided into the first step function row and the second step function row of dual serial, and these a plurality of logical operation steps comprise: the first logical operation substep is used for the link variable of first step function row output and the link variable of second step function row output are carried out the logic OR computing; The second logical operation substep is used for logic OR computing that the output of the first logical operation substep and received link variable are scheduled to, and with the output of this operation result as compression function; The 3rd logical operation substep, be used for back eight sub-pieces of message of the output of the 4th step function of second function row and the message blocks of experience after the 3rd predetermined permutation module are carried out the logic OR computing, and this operation result is outputed to the 5th step function in the second step function row; The 4th logical operation substep, be used for the sub-piece of the first eight message of the output of the 8th step function of second function row and the message blocks of experience after the 4th predetermined permutation module is carried out the logic OR computing, and this operation result is outputed to the 9th in the second step function row go on foot function; And the 5th logical operation substep, be used for back eight sub-pieces of message of the output of the 12 step function of second function row and the message blocks of experience after the 4th predetermined permutation module are carried out the logic OR computing, and with the output of this operation result as the second step function row.

Preferably this step function is initialised as follows: the first step function in the first step function row carries out initialization by link variable, and 16 step of second in first step function row step function to the function is respectively by the link variable initialization of 15 step of the first step function to the in first step function row function output, and the sub-piece of the first eight message of the message blocks of the first step function in the second step function row after by experience the 3rd predetermined permutation module carries out initialization; The key of this step function is given as follows: will be input to respectively going on foot in the function of first step function row as cipher key sequence through the message blocks after first and second predetermined permutation, received link variable is input to first to fourth in the second step function row as cipher key sequence goes on foot function, the link variable that the 4th step function of first step function row is exported is input to second the 5th to the 8th step function that goes on foot in the function row as cipher key sequence, the link variable of the 8th step function output of first step function row is input to the 9th to the 12 step function in the second step function row as cipher key sequence, and the link variable of the 12 step function output of first step function row is input to the 13 to the 16 step function in the second step function row as cipher key sequence; And the unsigned constant that should go on foot functional unit is given as follows: be two unsigned constants of each step function input in the first step function row and the second step function row.

Best, this step function comprises step: reception comprises the data of key, unsigned constant and/or initial link variable and received data is carried out logical operation with a plurality of logic modules; Carry out a plurality of function modules, each function module is connected between two or more logic modules in these a plurality of logic modules, be respectively applied for the output that receives the upstream logic module in the logic module that it was connected to, the functional operation that received data are scheduled to, and operation result is outputed to the downstream logic module of its logic module that is connected to; And utilize shift register that the output of function module and logic module is circulated mobile one left, to produce the link variable of output.

According to an another kind of again execution mode of the present invention, computer product is provided, implement the program of realization based on the method for the hash function value that generates message on it, the method comprising the steps of: 1) receive N the message blocks that message also is divided into received message pre-sizing; 2) with unsigned constant as the first initial link variable, first message blocks in the message blocks that step 1) is divided is out compressed processing, and will compress result and the first initial link addition of variables to export first link variable of compressed processing; 3) with step 2) first link variable of compressed processing of output is as the second initial link variable, second message blocks in the message blocks that step 1) is divided is out compressed processing, and will compress result and the second initial link addition of variables to export second link variable of compressed processing; 4) repeating step 3), till all message blocks in the message blocks that step 1) divides out are all processed; And 5) with N link variable cascade output, as the cryptographic Hash of described message, wherein, the iteration step function row that comprises the dual serial of carrying out is concurrently at least handled in each compression, is used to handle initial link variable and message blocks and produces corresponding link variable.

By having the compression treatment device of two parallel processing lines, the link variable of this input and message blocks are handled just the opposite on left and right two parallel lines.Left side parallel line, link variable is used as the input of the shift register of step functional unit, and message is as the input of the key of step functional unit; Right parallel line, link variable is used as the input of the key of step functional unit, and message is used as the input of the shift register of step functional unit.And, left side parallel line is every the currency output of the shift register of the step functional units in the 4 steps input as the key of right parallel line, so the input key of right parallel line is can't be by directly actuated, therefore this structural design can provide higher fail safe, can resist existing attack method fully.Adapt with this compression function, need a kind ofly can both to play the step functional unit of strong diffusion to key difference and register difference, another aspect of the present invention is exactly to have designed a kind of step functional unit that key and register difference is all had strong diffusion.

Carry out following description in conjunction with the drawings, technical scheme that the present invention may be better understood and more technical characterictic, thus fully understand the present invention.

Description of drawings

In conjunction with the drawings with reference to following detailed, above and other objects of the present invention, feature and advantage will become clearer, wherein:

Fig. 1 is the structural representation according to the compression function device with parallel processing structure of embodiment of the present invention.

Fig. 2 has the schematic block diagram of the step functional unit of strong diffusion according to embodiment of the present invention to key and register difference.

Fig. 3 is the schematic block diagram according to the hash function system of embodiment of the present invention;

Fig. 4 is the flow chart according to the method for the cryptographic Hash of the hash function system generation origination message of embodiment of the present invention;

Fig. 5 is to use the compression function device first message blocks to be carried out the flow chart of iterative processing; And

The flow chart that Fig. 6 is to use the compression function device that the message blocks after first message blocks is carried out iterative processing.

Embodiment

Come to describe more all sidedly the present invention with reference to the accompanying drawing that preferred implementation of the present invention is shown below.Referenced drawings mark identical in institute's drawings attached is indicated components identical, characteristics and structure.Should be appreciated that the present invention can realize with other different forms, and should not be limited to execution mode as described herein, provide following execution mode just for comprehensively and intactly scope of the present invention is conveyed to those of ordinary skill in the art.Technical term used herein only is used to describe specific implementations, and has no intention to limit the present invention.Just as used herein like that, singulative " ", " a kind of " and " being somebody's turn to do " plural form of also intending to comprise is unless offer some clarification in addition in context.It is also to be understood that term " comprises " or " comprising " is used in this specification and comes regulation to have described feature, step, operation, part etc., do not exist or additional one or more further features, step, operation, part etc. but do not get rid of.

Unless otherwise defined, all terms used herein (comprising technology and scientific terminology) have with the present invention under the those of ordinary skill in field usually understand identical implication.It is also to be understood that, picture is defined in term in the common dictionary and should be interpreted as having and their the consistent implication of implication under prior art and/or the application's background, explained on the idealized or too formal meaning and should not be in, unless the clear and definite definition like this of this paper.

In addition, also be omitted in the known function of combination here and the detailed description of configuration in the following description, obscure the present invention, and keep the clear and simple and clear of description of the invention to prevent them.

Core technology of the present invention is futuramic compression function device and the step functional unit that key difference and register difference is all had strong diffusion.

Fig. 1 is the structural representation according to the compression function device with parallel processing structure of preferred implementation of the present invention.With reference to figure 1, comprise parallel two step functional unit row L-line 110 and R-line 120 according to the compression function device 100 of preferred implementation of the present invention.See on the whole, this compression function device 100 is the special parallel organizations that are made of these two parallel step functional unit row L-line and R-line 120, and each parallel step functional unit row can be made of the step functional unit that can finish an iterative processing.According to preferred implementation of the present invention, step functional unit row can be finished 16 iterative processings, finish four step functional units of per four iterative processings and form step functional unit row.As shown in Figure 1, the step functional unit row L-line 110 that finishes 16 iterative processings can comprise the sub-row 112,114,116 and 118 of step functional unit, and the step functional unit row R-line 120 that finishes 16 iterative processings can comprise the sub-row 122,124,126 and 128 of step functional unit.The 26S Proteasome Structure and Function of step functional unit and step functional unit row will be in following detailed description.

In addition, constitute compression function device 100 and also have five logic module LC1, LC2, LC3, LC4 and LC5, and four replacement module P ₁(M ⁽ⁱ⁾), P ₂(M ⁽ⁱ⁾), S ₁(M ⁽ⁱ⁾) and S ₂(M ⁽ⁱ⁾).

According to preferred implementation of the present invention, the input of supposing compression function device 100 is eight 32 link variable CV ^(i-1)With 512 message M that can be divided into 16 32 message blocks ⁽ⁱ⁾, and output is eight 32 link variable CV ⁽ⁱ⁾In this case, logic module LC1, LC2, LC3, LC4 and LC5 and four replacement module P ₁(M ⁽ⁱ⁾), P ₂(M ⁽ⁱ⁾), S ₁(M ⁽ⁱ⁾) and S ₂(M ⁽ⁱ⁾) functional description as follows: if with 512 message M ⁽ⁱ⁾Be divided into 16 32 message blocks

$M^{\left(i\right)}=(M_0^{\left(i\right)},M_1^{\left(i\right)},\&CenterDot;\&CenterDot;\&CenterDot;,M_{15}^{\left(i\right)}),$

P then ₁(M ⁽ⁱ⁾) be a such replacement module, it makes

$P_1\left(M^{\left(i\right)}\right)=(M_{{\mathrm{\&sigma;}}_1\left(0\right)}^{\left(i\right)},M_{{\mathrm{\&sigma;}}_1\left(1\right)}^{\left(i\right)},\&CenterDot;\&CenterDot;\&CenterDot;,M_{{\mathrm{\&sigma;}}_1\left(15\right)}^{\left(i\right)}),$ σ ₁(t)＝t?mod　16，0≤t≤15；

P ₂(M ⁽ⁱ⁾) be a such replacement module, it makes

$P_2\left(M^{\left(i\right)}\right)=(M_{{\mathrm{\&sigma;}}_2\left(0\right)}^{\left(i\right)},M_{{\mathrm{\&sigma;}}_2\left(1\right)}^{\left(i\right)},\&CenterDot;\&CenterDot;\&CenterDot;,M_{{\mathrm{\&sigma;}}_2\left(15\right)}^{\left(i\right)}),$ σ ₂(t)＝9t+11?mod?16，0≤t≤15；

S ₁(M ⁽ⁱ⁾) be a such replacement module, it makes

$S_1\left(M^{\left(i\right)}\right)=(M_{{\mathrm{\&sigma;}}_3\left(0\right)}^{\left(i\right)},M_{{\mathrm{\&sigma;}}_3\left(1\right)}^{\left(i\right)},\&CenterDot;\&CenterDot;\&CenterDot;,M_{{\mathrm{\&sigma;}}_3\left(15\right)}^{\left(i\right)}),$ σ ₃(t)＝5t+6?mod?16，0≤t≤15；

And S ₂(M ⁽ⁱ⁾) be a such replacement module, it makes

$S_2\left(M^{\left(i\right)}\right)=(M_{{\mathrm{\&sigma;}}_4\left(0\right)}^{\left(i\right)},M_{{\mathrm{\&sigma;}}_4\left(1\right)}^{\left(i\right)},\&CenterDot;\&CenterDot;\&CenterDot;,M_{{\mathrm{\&sigma;}}_4\left(15\right)}^{\left(i\right)}),$ σ ₄(t)＝13t+3?mod?16，0≤t≤15。

Below for convenience, will name with corresponding replacement module title through the corresponding message piece that a replacement module was replaced.For example, with 512 message M (i) experience P ₁(M ⁽ⁱ⁾) message blocks that obtains after the displacement $P_1\left(M^{\left(i\right)}\right)=(M_{{\mathrm{\&sigma;}}_1\left(0\right)}^{\left(i\right)},M_{{\mathrm{\&sigma;}}_1\left(1\right)}^{\left(i\right)},\&CenterDot;\&CenterDot;\&CenterDot;,M_{{\mathrm{\&sigma;}}_1\left(15\right)}^{\left(i\right)}),$ σ ₁(t)=t mod 16,0≤t≤15 are called through permuting information piece P ₁(M ⁽ⁱ⁾), or through permuting information piece P ₁

On the other hand, logic module LC1 comprises two inputs and an output, and wherein first input is the output of L-line 110, and second input is the output of R-line 120.Logic module LC2 comprises two inputs and an output, wherein first input is the output of logic module LC1, second input is the initial link variable of input compression function device or as the link variable CV (i-1) (supposing that current compression function device shown in Figure 2 is an i compression function device in the whole hash function treatment system) of the output of previous compression function device, and its output is the output of this compression function device, promptly eight 32 new link variables are link variable CV in the execution mode of Fig. 2 ⁽ⁱ⁾Logic module LC3 comprises two inputs and an output, wherein first input is the currency of sub-row 122 processing of first step functional unit eight 32 bit shift register afterwards of experience R-line 120, and second input is that these eight 32 message blocks are handled eight 32 S afterwards through replacement module S1 ₁Message blocks, and this output of logic module LC3 will be used as the currency that second of R-line 120 goes on foot eight 32 bit shift register of the sub-row 124 of functional unit.Logic module LC4 comprises two inputs and an output, wherein first input is the currency of sub-row 124 processing of the second step functional unit eight 32 bit shift register afterwards of experience R-line 120, second input is eight 32 message blocks before experience replacement module S2 handles, and this output is used as the currency that the 3rd of R-line 120 goes on foot eight 32 bit shift register of the sub-row 126 of functional unit.Logic module LC5 comprises two inputs and an output, wherein first input is the currency of sub-row 126 processing of the 3rd step functional unit eight 32 bit shift register afterwards of experience R-line 120, second input is eight 32 S2 message blocks after experience replacement module S2 handles, and this output is used as the currency that the 4th of R-line 120 goes on foot eight 32 bit shift register of the sub-row 128 of functional unit.

This according to preferred implementation of the present invention in, logic module LC1 and LC2 carry out mould 2 to corresponding eight 32 place values ³²Add operation.Logic module LC3-LC5 carries out XOR to corresponding eight 32 place values.

With reference to figure 1, the sequence number of the Reference numeral among the figure " 0 ", " 3 ", " 4 ", " 7 ", " 8 ", " 11 ", " 12 " and " 15 " expression iteration function device.Since 0 counting, the sub-row 112 of corresponding first step functional unit of each step functional unit row and 122 each all use four step functional units, carry out four iterative processings, counting is the 0th step, the first step, second step and the 3rd to go on foot iterative processing respectively.Similarly, corresponding second sequence number that goes on foot four iterative processings of the sub-row 114 of functional unit and 124 of each step functional unit row is respectively the 4th step, the 5th step, the 6th step and the 7th step iterative processing.The rest may be inferred.

According to preferred implementation of the present invention, step functional unit row comprise the step functional unit of four serials, replacement module P ₁(M ⁽ⁱ⁾) and P ₂(M ⁽ⁱ⁾) press through permuting information piece P respectively ₁(M ⁽ⁱ⁾) and P ₂(M ⁽ⁱ⁾) separately order is input to the corresponding step functional unit that is included in the step functional unit row with 2 32 message at every turn as key.Simultaneously, during each iteration, go on foot functional unit accordingly and number will receive user-defined two unsigned constants.

Describe the 26S Proteasome Structure and Function of step functional unit now in detail in conjunction with Fig. 2.Fig. 2 is the schematic block diagram that key and register difference is had the step functional unit of strong diffusion.With reference to figure 2, step functional unit 200 according to the present invention comprises eight 32 bit shift register R0-R7, the first logic module L1 to the, 18 logic module L18 and the first function module FU1 to the, four function module FU1.These eight 32 bit shift register R0-R7 include an input and an output.This shift register R0-R7 of eight 32 is respectively applied for and receives eight 32 message blocks, and received data are shifted.Specifically, every through step processing, shift register circulates left and moves one.

In preferred implementation according to the present invention, step functional unit 200 can also receive four other inputs by logic module, such as two key K except receive the data as the block of information that will handle with shift register R0-R7 _2jAnd K _2j+1With two different users can self-defining unsigned constant β _2jAnd β _2j+1

The 26S Proteasome Structure and Function of the first logic module L1 to the, 18 logic module L18 and the first function module FU1 to the, four function module FU1 is described below.

The first logic module L1 comprises two inputs and an output, and first input is the output of the 3rd shift register R2, and second input is the output of the 5th shift register R4.The second logic module L2 comprises two inputs and an output, and first input is the output of the 7th shift register R6, and second input is the output of the first shift register R0.The 3rd logic module L3 comprises two inputs and an output, and first input is the output of the first shift register R0, and second input is described 32 key K _2jThe 4th logic module L4 comprises two inputs and an output, and first input is the output of the 4th shift register R3, and second input is definable 32 the unsigned constant β of user _2jThe 5th logic module L5 comprises two inputs and an output, and first input is the output of the 5th shift register R4, and second input is described 32 key K _2j+1The 6th logic module L6 comprises two inputs and an output, and first input is the output of the 8th shift register R7, and second input is definable 32 the unsigned constant β of user _2j+1

The first function module FU1 comprises an input and an output, and this input is the output of the 3rd logic module L3, and the expression formula of function module FU1 is: $\mathrm{sf}\left(x\right)=x\&CirclePlus;r(x,6)\&CirclePlus;r(x,23),$ Here (x is x to be circulated left move the n position n) to r.

The 7th logic module L7 comprises two outputs of two inputs, and first input is the second shift register R1, and second input is the output of the first function module FU1, and the value of two outputs is identical, and one of them output is the input of the first shift register R0.The 8th logic module L8 comprises two inputs and an output, and first input is the output of the 4th logic module L4, and second input is the output of the 7th logic module L7.

The second function module FU2 comprises an input and an output, and this input is the output of the 5th logic module L5, and the expression formula of function module FU2 is: $\mathrm{sg}\left(x\right)=x\&CirclePlus;r(x,14)\&CirclePlus;r(r,27).$

The 9th logic module L9 comprises two outputs of two inputs, and first input is the 6th shift register R5, and second input is the output of the second function module FU2, and the value of two outputs is identical, and one of them output is the input of the 5th shift register R4.The tenth logic module L10 comprises two inputs and an output, and first input is the output of the 6th logic module L6, and second input is the output of the 9th logic module L9.

The 3rd function module FU3 comprises an input and an output, and this input is the output of the 8th logic module L8, and the expression formula of function module FU3 is identical with function module FU2.The 4th function module FU4 comprises an input and an output, and this input is the output of the tenth logic module L10, and the expression formula of function module FU4 is identical with function module FU1.

The 11 logic module L11 comprises two inputs and an output, and first input is the output of the 3rd logic module L3, and second input is the output of the 12 logic module L12; Output is the input of the 8th shift register R7.The 12 logic module L12 comprises output of an input, and this input is the output of the 13 logic module L13.The 13 logic module L13 comprises two outputs of 2 inputs, and first input is the output of the first logic module L1, and second input is the output of the 3rd function module FU3, and two outputs are identical, and one of them output is the input of the second shift register R1.The 14 logic module L14 comprises two inputs and an output, and first input is the output of the 5th logic module L5, and second input is the output of the 15 logic module L15; Output is the input of the 4th shift register R3.The 15 logic module comprises output of an input, and this input is the output of the 16 logic module L16.The 16 logic module L16 comprises two outputs of 2 inputs, and first input is the output of the second logic module L2, and second input is the output of the 4th function module FU4, and two outputs are identical, and one of them output is the input of the 6th shift register R5.The 17 logic module L17 comprises output of an input, and this input is the output of the 3rd function module FU3, and this output is the input of the 3rd shift register R2.The 18 logic module L18 comprises output of an input, and this input is the output of the 4th function module FU4, and this output is the input of the 7th shift register R6.

In preferred implementation according to the present invention, logic module L13, L16 carry out XOR, logic module L1-L11 and L14 carry out mould 232 add operations, and logic module L12, L15, L17 and L18 carry out respectively to circulate left and move 17,21,13 and 9 bit arithmetics.

As shown in Figure 2, the step functional unit is with the value A in j step among the shift register R0-R7 _j, B _j, C _j, D _j, E _j, F _j, G _j, H _jConvert the j+1 value A in step to _J+1, B _J+1, C _J+1, D _J+1, E _J+1, F _J+1, G _J+1, H _J+1Transfer process is as follows:

A _j+1＝B _j+sf(A _j+K _2j)

$B_{j+1}=(C_j+E_j)\&CirclePlus;\mathrm{sg}(\mathrm{sf}(A_j+K_{2j})+B_j+D_j+{\mathrm{\&beta;}}_{2j})$

C _j+1＝sg(sf(A _j+K _2j)+B _j+D _j+β _2j) ^<<<21

$D_{j+1}=E_j+K_{2j+1}+{((G_j+A_j)\&CirclePlus;\mathrm{sf}(\mathrm{sg}(E_j+K_{2j+1})+F_j+H_j+{\mathrm{\&beta;}}_{2j+1}))}^{<<<13}$

E _j+1＝F _j+sg(E _j+K _2j+1)

$F_{j+1}=(G_j+A_j)\&CirclePlus;\mathrm{sf}(\mathrm{sg}(E_j+K_{2j+1})+F_j+H_j+{\mathrm{\&beta;}}_{2j+1})$

G _j+1＝sf(sg(E _j+K _2j+1)+F _j+H _j+β _2j+1) ^<<<9

$H_{j+1}=A_j+K_{2j}+{((C_j+E_j)\&CirclePlus;\mathrm{sg}(\mathrm{sf}(A_j+K_{2j})+B_j+D_j+{\mathrm{\&beta;}}_{2j}))}^{<<<17}$

Here x ^NExpression circulates x left and moves the n position, be equivalent to above-mentioned function r (x, n).Change according to above formula and in fact to have finished shift register ring shift left single stepping.

As shown in Figure 2, in preferred implementation according to the present invention, after the value of shift register was given, this step functional unit had four inputs, and wherein two 32 input message are as key K, and two other is user-defined constant β.The key of the step functional unit among the L-line 110 is the message through displacement, and the key of the step functional unit among the R-line 120 is a link variable.Because in preferred implementation according to the present invention, the length single treatment of compression function device, the message blocks M through filling is 512 that fix, at first be divided into 16 32 words when compressing processing, therefore all computings are all carried out at 32 words in this compression function device. $M^{\left(i\right)}=(M_0^{\left(i\right)},M_1^{\left(i\right)},\&CenterDot;\&CenterDot;\&CenterDot;,M_{15}^{\left(i\right)}),$ Each J=0,1 ..., 15, all be 32 words.Because P ₁Be identical permutation, promptly $P_1\left(M^{\left(i\right)}\right)=(M_0^{\left(i\right)},M_1^{\left(i\right)},\&CenterDot;\&CenterDot;\&CenterDot;,M_{15}^{\left(i\right)}),$ So in Fig. 1, to P ₁(M ⁽ⁱ⁾) processing be exactly the key input of the 0th step functional unit $K_0=M_0^{\left(i\right)},$ $K_1=M_1^{\left(i\right)},$ The key input of first step functional unit $K_2=M_2^{\left(i\right)},$ $K_3=M_3^{\left(i\right)},$ The key input of the second step functional unit $K_4=M_4^{\left(i\right)},$ $K_5=M_5^{\left(i\right)},$ The key input of the 3rd step functional unit $K_6=M_6^{\left(i\right)},$ $K_7=M_7^{\left(i\right)},$ The key input of the 4th step functional unit $K_8=M_8^{\left(i\right)},$ $K_1=M_9^{\left(i\right)},$ The key input of the 5th step functional unit $K_{10}=M_{10}^{\left(i\right)},$ $K_{11}=M_{11}^{\left(i\right)},$ The key input of the 6th step functional unit $K_{12}=M_{12}^{\left(i\right)},$ $K_{13}=M_{13}^{\left(i\right)},$ The key input of the 7th step functional unit $K_{14}=M_{14}^{\left(i\right)},$ $K_{15}=M_{15}^{\left(i\right)},$ So far to P ₁(M ⁽ⁱ⁾) processing finish.To P ₂(M ⁽ⁱ⁾) processing similar because $P_2\left(M^{\left(i\right)}\right)=(M_{{\mathrm{\&sigma;}}_2\left(0\right)}^{\left(i\right)},M_{{\mathrm{\&sigma;}}_2\left(1\right)}^{\left(i\right)},\&CenterDot;\&CenterDot;\&CenterDot;,M_{{\mathrm{\&sigma;}}_2\left(15\right)}^{\left(i\right)}),$ So key input of the 8th step functional unit $K_{16}=M_{{\mathrm{\&sigma;}}_2\left(0\right)}^{\left(i\right)},$ $K_{17}=M_{{\mathrm{\&sigma;}}_2\left(1\right)}^{\left(i\right)},$ ..., the key input of the 15 step functional unit $K_{30}=M_{{\mathrm{\&sigma;}}_2\left(14\right)}^{\left(i\right)},$ $K_{31}=M_{{\mathrm{\&sigma;}}_2\left(15\right)}^{\left(i\right)}.$ So far to P ₂(M ⁽ⁱ⁾) processing finish.

According to preferred implementation of the present invention, in the step functional unit in R-line 120, eight shift registers are designated as RR0-RR7 from left to right successively, $S_1\left(M^{\left(i\right)}\right)=(M_{{\mathrm{\&sigma;}}_3\left(0\right)}^{\left(i\right)},M_{{\mathrm{\&sigma;}}_3\left(1\right)}^{\left(i\right)},\&CenterDot;\&CenterDot;\&CenterDot;,M_{{\mathrm{\&sigma;}}_3\left(15\right)}^{\left(i\right)}),$ Use S ₁(M ⁽ⁱ⁾) the first eight word of 32

J=0 ..., 7 eight shift registers of the 0th step functional unit of initialization R-line 120 correspondingly are about to

Compose and give RR0,

Compose and give RR1 ....The value of the shift register of the 0th step functional unit among the R-line 120 is designated as AR from left to right successively ₀, BR ₀, CR ₀, DR ₀, ER ₀, FR ₀, GR ₀, HR ₀, so ${\mathrm{<figure-callout\; id="0"\; label="AR"\; filenames="A200810002947E00301.png"\; state="\{\{state\}\}">AR</figure-callout>}}_0=M_{{\mathrm{\&sigma;}}_3\left(0\right)}^{\left(i\right)},$ ${\mathrm{<figure-callout\; id="0"\; label="BR"\; filenames="A200810002947E00301.png"\; state="\{\{state\}\}">BR</figure-callout>}}_0=M_{{\mathrm{\&sigma;}}_3\left(1\right)}^{\left(i\right)},$

${\mathrm{<figure-callout\; id="0"\; label="HR"\; filenames="A200810002947E00301.png"\; state="\{\{state\}\}">HR</figure-callout>}}_0=M_{{\mathrm{\&sigma;}}_3\left(7\right)}^{\left(i\right)}.$ Begin to carry out the step functional unit computing of the 0th among the R-line 120 then.The register value AR of output after the 3rd step, functional unit calculating was finished ₄, BR ₄, CR ₄, DR ₄, ER ₄, FR ₄, GR ₄, HR ₄Respectively with message

Carry out behind the logical difference exclusive disjunction register value as the 4th step functional unit of R-line 120.Similarly, because $S_2\left(M^{\left(i\right)}\right)=(M_{{\mathrm{\&sigma;}}_4\left(0\right)}^{\left(i\right)},M_{{\mathrm{\&sigma;}}_4\left(1\right)}^{\left(i\right)},\&CenterDot;\&CenterDot;\&CenterDot;,M_{{\mathrm{\&sigma;}}_4\left(15\right)}^{\left(i\right)}),$ The register value AR of output after the 7th step functional unit calculates and finishes ₈, BR ₈, CR ₈, DR ₈, ER ₈, FR ₈, GR ₈, HR ₈Respectively with message

Go on foot the register value of functional unit behind the XOR as the 8th of R-line 120, promptly the register value of the 8th of R-line 120 the step functional unit is ${\mathrm{AR}}_8\&CirclePlus;M_{{\mathrm{\&sigma;}}_4\left(0\right)}^{\left(i\right)},{\mathrm{BR}}_8\&CirclePlus;M_{{\mathrm{\&sigma;}}_4\left(1\right)}^{\left(i\right)},{\mathrm{CR}}_8\&CirclePlus;M_{{\mathrm{\&sigma;}}_4\left(2\right)}^{\left(i\right)},\&CenterDot;\&CenterDot;\&CenterDot;,{\mathrm{HR}}_8\&CirclePlus;M_{{\mathrm{\&sigma;}}_4\left(7\right)}^{\left(i\right)},$ The register value AR of output after the 11 step functional unit calculates and finishes ₁₂, BR ₁₂, CR ₁₂, DR ₁₂, ER ₁₂, FR ₁₂, GR ₁₂, HR ₁₂Respectively with message

Go on foot the register value of functional unit behind the XOR as the 12 of R-line 120, promptly the register value of the 12 of R-line 120 the step functional unit is ${\mathrm{AR}}_{12}\&CirclePlus;M_{{\mathrm{\&sigma;}}_4\left(8\right)}^{\left(i\right)},{\mathrm{BR}}_{12}\&CirclePlus;M_{{\mathrm{\&sigma;}}_4\left(9\right)}^{\left(i\right)},{\mathrm{CR}}_{12}\&CirclePlus;M_{{\mathrm{\&sigma;}}_4\left(10\right)}^{\left(i\right)},\&CenterDot;\&CenterDot;\&CenterDot;,{\mathrm{HR}}_{12}\&CirclePlus;M_{{\mathrm{\&sigma;}}_4\left(15\right)}^{\left(i\right)}.$

In addition, the input of the step functional unit among the R-line 120 is the register value of the step functional unit in some step among the L-line 110.In Fig. 2, the input of the 0th step functional unit to the three steps functional unit of visible R-line 120 is CV ^(i-1), promptly L-line the 0th goes on foot the register value of functional unit, CV ^(i-1)Participate in the computing of the 0th step functional unit to the three steps functional unit of R-line 120 according to following rule: the key of the 0th step functional unit of R-line 120 is input as ${\mathrm{<figure-callout\; id="0"\; label="K"\; filenames="A200810002947E00301.png"\; state="\{\{state\}\}">K</figure-callout>}}_0={\mathrm{CV}}_0^{(i-1)},$ ${\mathrm{<figure-callout\; id="1"\; label="K"\; filenames="A200810002947E00301.png,A200810002947E00311.png"\; state="\{\{state\}\}">K</figure-callout>}}_1={\mathrm{CV}}_1^{(i-1)},$ The key of first step functional unit is input as $K_2={\mathrm{CV}}_2^{(i-1)},$ ${\mathrm{<figure-callout\; id="3"\; label="K"\; filenames="A200810002947E00301.png"\; state="\{\{state\}\}">K</figure-callout>}}_3={\mathrm{CV}}_3^{(i-1)},$ The key of the second step functional unit is input as ${\mathrm{<figure-callout\; id="4"\; label="K"\; filenames="A200810002947E00301.png"\; state="\{\{state\}\}">K</figure-callout>}}_4={\mathrm{CV}}_4^{(i-1)},$ $K_5={\mathrm{CV}}_5^{(i-1)},$ The key of the 3rd step functional unit is input as $K_6={\mathrm{CV}}_6^{(i-1)},$ ${\mathrm{<figure-callout\; id="7"\; label="K"\; filenames="A200810002947E00301.png"\; state="\{\{state\}\}">K</figure-callout>}}_7={\mathrm{CV}}_7^{(i-1)}.$ The input that the 4th of R-line 120 goes on foot the 7th step functional unit is register value (also being the output valve of the 3rd step functional unit of the L-line110) AL of the 4th step functional unit of L-line110 ₄, BL ₄, CL ₄, DL ₄, EL ₄, FL ₄, GL ₄, HL ₄Therefore, the key of the 4th of R-line 120 the step functional unit is input as K ₈=AL ₄, K ₉=BL ₄, the key of the 5th step functional unit is input as K ₁₀=GL ₄, K ₁₁=DL ₄, the key of the 6th step functional unit is input as K ₁₂=EL ₄, K ₁₃=FL ₄, the key of the 7th step functional unit is input as K ₁₄=GL ₄, K ₁₅=HL ₄Similarly, the 8th of R-line 120 the input that goes on foot the 11 step functional unit is register value (also being the output valve of the 7th step functional unit of the L-line 110) AL of the 8th step functional unit of L-line 110 ₈, BL ₈, CL ₈, DL ₈, EL ₈, FL ₈, GL ₈, HL ₈Therefore, the key of the 8th of R-line 120 the step functional unit is input as K ₁₆=AL ₈, K ₁₇=BL ₈, the key of the 9th step functional unit is input as K ₁₈=CL ₈, K ₁₉=DL ₈, the key of the tenth step functional unit is input as K ₂₀=EL ₈, K ₂₁=FL ₈, the key of the 11 step functional unit is input as K ₂₂=GL ₈, K ₂₃=HL ₈The input that the 12 of R-line 120 goes on foot the 15 step functional unit is register value (also being the output valve of the 11 step functional unit of the L-line 110) AR of the 12 step functional unit of L-line120 ₁₂, BR ₁₂, CR ₁₂, DR ₁₂, ER ₁₂, FR ₁₂, GR ₁₂, HR ₁₂

Utilize Fig. 3 and Fig. 4 to describe below and utilize compression function device 100 and step functional unit 200 to produce hash function safely and efficiently according to the embodiment of the present invention, finally generate the method for the cryptographic Hash (eap-message digest) of origination message.

Fig. 3 is the hash function system according to embodiment of the present invention.With reference to figure 3, this hash function system comprises origination message receiving system 301, message blocks filling device 302, message classification apparatus 303, hash function cascade unit and compression function device 100-n, n=1,2, ..., N, wherein N is the natural number more than or equal to 1.

Message receiving apparatus 301 receives origination message m, so that calculate the cryptographic Hash of this message.Message receiving apparatus 301 also is sent to message blocks filling device 302 with received origination message m.In message blocks filling device 302, m suitably fills with origination message, so that the message M through filling can be divided into the message blocks of pre-sizing, carries out cryptographic Hash and must calculate so that be input to compression function device 100.According to preferred implementation of the present invention, the multiple that origination message m can be filled to 512 is so long, so that the message M through filling is divided at least one 512 message blocks.Specifically, be l (l＜2 for length ⁶⁴) origination message m, making that through filling its length is the integral multiple of 512 bits (position).Fill method be the afterbody in message at first add one 1, recharge 0 of k position, k is the minimum positive integer that makes that l+1+k=448 (mod512) sets up, 64 remaining length of filling message.Message-length after the filling is 512 * N bit.

Message blocks filling device 302 also will be sent to message classification apparatus 303 through filling message and divide.Under execution mode shown in Figure 2, message classification apparatus 303 will be divided into 512 block of information through filling message, and the message blocks of dividing out is designated as M ⁽ⁱ⁾, i=1,2 ..., N.Message blocks M to above-mentioned each 512 bit ⁽ⁱ⁾, 1≤i≤N is divided into 16 32 message $M^{\left(i\right)}=(M_0^{\left(i\right)},M_1^{\left(i\right)},\&CenterDot;\&CenterDot;\&CenterDot;,M_{15}^{\left(i\right)}).$

Message classification apparatus 303 is being divided after filling message, with each message blocks M of dividing out ⁱBe sent to compression function device 100-n.Each compression function device 100-n has the structure shown in Fig. 1 and 2, and wherein compression function device 100-1 uses user-defined eight 32 unsigned constant IV-CV initialization link variable CV ⁽⁰⁾, promptly

And the cryptographic Hash C of the final origination message that generates of compression function device 100-N output.

Specifically, compression function device 100-1 uses definable eight 32 unsigned constant IV-CV of user as the initialization link variable

Eight shift register R0-R7 of the first step functional unit 112 of the L-line 110 of initialization compression function device 100-1 correspondingly.Compression function device 100-1 is also with the first message blocks M ⁽¹⁾Use replacement module P ₁(M ⁽¹⁾), P ₂(M ⁽¹⁾) carry out replacement Treatment and obtain through permuting information piece P ₁(M ⁽¹⁾) and P ₂(M ⁽¹⁾), and will be through permuting information piece P ₁(M ⁽¹⁾) and P ₂(M ⁽¹⁾) press P ₁(M ⁽¹⁾) and P ₂(M ⁽¹⁾) each two 32 message of order be input to the step functional unit of L-line 110 as key, simultaneously each iteration have two unsigned constants be input to L-line 110 the step functional unit (below, the value of shift register R0-R7 after the i time iteration remembered make AL _I+1, BL _I+1, CL _I+1, DL _I+1, EL _I+1, FL _I+1, GL _I+1, HL _I+1, i=0,1 ..., 15).Compression function device 100-1 will be the current register value AL of the principle of son row with the output register of the i step functional unit row of L-line 110 according to four steps also _4i, BL _4i, CL _4i, DL _4i, EL _4i, FL _4i, GL _4i, HL _4i, i=1, the key that is input to the i+1 step functional unit row of R-line 120 is imported 2,3 each in order two 32 link variables, with eight shift register RR0-RR7 message of the first step functional unit of use among the R-line 120

-

Correspondingly initialization, and be that each iteration receives the step functional unit parameter of two unsigned constants as R-line 120.Then, compression function device 100-1 adds that with the initial value of link variable step functional unit 200 finishes the currency AR that obtains shift register RR0-RR7 after 16 iterative processings of R-line 120 ₁₆, BR ₁₆, CR ₁₆, DR ₁₆, ER ₁₆, FR ₁₆, GR ₁₆, HR ₁₆, and step functional unit 200 is finished the currency AL that obtains shift register R0-R7 after 16 iterative processings of L-line 110 ₁₆, BL ₁₆, CL ₁₆, DL ₁₆, EL ₁₆, FL ₁₆, GL ₁₆, HL ₁₆, promptly

${\mathrm{CV}}_0^{\left(1\right)}={\mathrm{CV}}_0^{\left(0\right)}+{\mathrm{AL}}_{16}+{\mathrm{AR}}_{16};$ ${\mathrm{CV}}_1^{\left(1\right)}={\mathrm{CV}}_1^{\left(1\right)}+{\mathrm{BL}}_{16}+{\mathrm{BR}}_{16};$ ...， ${\mathrm{CV}}_7^{\left(1\right)}={\mathrm{CV}}_7^{\left(0\right)}+{\mathrm{HL}}_{16}+{\mathrm{HR}}_{16}$ As next step initial link variate-value.

Compression function device 100-n is similar to the 26S Proteasome Structure and Function of compression function device 100-1, and difference is that compression function device 100-n is to n message blocks M[n] compress processing, so it uses link variable

Eight shift register R0-R7 of the L-line 110 of initialization compression function device 100-n correspondingly are with P ₁(M ⁽ⁿ⁾), P ₂(M ⁽ⁿ⁾) two 32 message are arranged in order at every turn be input to the step functional unit of L-line110 as key, be self-defining two unsigned constants of the step functional unit of each L-line 110, the i of L-line 110 gone on foot the currency AL of the output register of functional unit row _4i, BL _4i, CL _4i, DL _4i, EL _4i, FL _4i, GL _4i, HL _4iI=1,2,3 i+1 as R-line 120 go on foot the keys of the sub-row of functional unit, are input in the step functional unit that uses among the R-line 120 in order each two 32 link variables, be two unsigned constants of step functional unit input of using among each R-line 120, and with eight register RR0-RR7 message of the first step functional unit that uses among the R-line 120

-

Correspondingly carry out initialization.At last, the initial value of link variable is added the currency AL of L-line110 shift register R0-R7 ₁₆, BL ₁₆, CL ₁₆, DL ₁₆, EL ₁₆, FL ₁₆, GL ₁₆, HL ₁₆, and the currency AR of R-line 120 shift register RR0-RR7 ₁₆, BR ₁₆, CR ₁₆, DR ₁₆, ER ₁₆, FR ₁₆, GR ₁₆, HR ₁₆, promptly

${\mathrm{CV}}_0^{\left(n\right)}={\mathrm{CV}}_0^{(n-1)}+{\mathrm{AL}}_{16}+{\mathrm{AR}}_{16};{\mathrm{CV}}_1^{\left(n\right)}={\mathrm{CV}}_1^{(n-1)}+{\mathrm{BL}}_{16}+{\mathrm{BR}}_{16}$

${\mathrm{CV}}_7^{\left(n\right)}={\mathrm{CV}}_7^{(n-1)}+{\mathrm{HL}}_{16}+{\mathrm{HR}}_{16}$

As next step initial link variate-value.And when n=N, the hash function cascade unit 304 of hash function system receives the link variable of compression function device 100-N output, and cascades up in the following manner

$\mathrm{CV}={\mathrm{CV}}_0^{\left(N\right)}\left|\right|{\mathrm{CV}}_1^{\left(N\right)}\left|\right|{\mathrm{CV}}_2^{\left(N\right)}\left|\right|{\mathrm{CV}}_3^{\left(N\right)}\left|\right|{\mathrm{CV}}_4^{\left(N\right)}\left|\right|{\mathrm{CV}}_5^{\left(N\right)}\left|\right|{\mathrm{CV}}_6^{\left(N\right)}\left|\right|{\mathrm{CV}}_7^{\left(N\right)}$

Output is as the cryptographic Hash (eap-message digest) of origination message, and wherein symbol ‖ represents two binary strings are together in series.

Fig. 4 is the flow chart according to the method for the cryptographic Hash of the hash function system generation origination message of embodiment of the present invention.With reference to figure 4, according to preferred implementation of the present invention, at step S401, receive origination message m, and received origination message m is suitably filled, so that the message M through filling can be divided into the message blocks of pre-sizing.According to preferred implementation of the present invention, the multiple that origination message m can be filled to 512 is so long.Then, will be divided into 512 block of information through filling message, M ⁽ⁱ⁾, i=1,2 ..., N, and to the message blocks M of above-mentioned each 512 bit ⁽ⁱ⁾, 1≤i≤N is divided into 16 32 message $M^{\left(i\right)}=(M_0^{\left(i\right)},M_1^{\left(i\right)},\&CenterDot;\&CenterDot;\&CenterDot;,M_{15}^{\left(i\right)}),$ As mentioned above.

Next, at step S402, to link variable CV ⁽⁰⁾Carry out initialization.Use definable eight 32 unsigned constant IV-CV initialization of user link variable, be designated as

At step S403, to the first message blocks M ⁽¹⁾Compress processing.Below with reference to Fig. 5 this compression being handled is that step S403 is described in detail.

Fig. 5 is to use compression function device 100-1 to the first message blocks M ⁽¹⁾Carry out the flow chart of iterative processing.With reference to figure 5, at step S501, with user-defined eight 32 unsigned constant IV-CV initialization link variables

Eight shift register R0-R7 of the first step functional unit 112 of the L-line 110 of initialization compression function device 100 correspondingly.

At step S502, with the first message blocks M ⁽¹⁾Use replacement module P ₁(M ⁽¹⁾), P ₂(M ⁽¹⁾) carry out replacement Treatment and obtain through permuting information piece P ₁(M ⁽¹⁾) and P ₂(M ⁽¹⁾).Then, will be through permuting information piece P ₁(M ⁽¹⁾) and P ₂(M ⁽¹⁾) press P ₁(M ⁽¹⁾) and P ₂(M ⁽¹⁾) each two 32 message of order be input to L-line 110 the step functional unit as key, simultaneously each iteration has two unsigned constants to be input to the step functional unit of L-line 110.Below, the value note of shift register R0-R7 after the i time iteration made AL _I+1, BL _I+1, CL _I+1, DL _I+1, EL _I+1, FL _I+1, GL _I+1, HL _I+1, i=0,1 ..., 15.

At step S503, according to four steps is that the principle that a son is listed as is divided into four step functional unit row with every with walking abreast step functional unit row logic, and with the key input of the value of the output register of the i of L-line 110 step functional unit row as the 4i step functional unit row of R-line 120, that is the current register value AL that i step functional unit that goes on foot the L-line 110 of functional unit 200 is listed as, _4i, BL _4i, CL _4i, DL _4i, EL _4i, FL _4i, GL _4i, HL _4i, i=1, the 4i step functional unit that is input to R-line 120 as key 2,3 each in order two 32 link variables.Simultaneously, the step functional unit of R-line120 also receives user-defined two unsigned constants when each iteration.

At step S504, with eight register RR0-RR7 message of the step functional unit of use among the R-line 120

-

Correspondingly carry out initialization.

At step S505, the initial value of link variable is added that step functional unit 200 finishes the currency AR that obtains shift register RR0-RR7 after 16 iterative processings of R-line 120 ₁₆, BR ₁₆, CR ₁₆, DR ₁₆, ER ₁₆, FR ₁₆, GR ₁₆, HR ₁₆, and step functional unit 200 is finished the currency AL that obtains shift register R0-R7 after 16 iterative processings of L-line 110 ₁₆, BL ₁₆, CL ₁₆, DL ₁₆, EL ₁₆, FL ₁₆, GL ₁₆, HL ₁₆, promptly

${\mathrm{CV}}_0^{\left(1\right)}={\mathrm{CV}}_0^{\left(0\right)}+{\mathrm{AL}}_{16}+{\mathrm{AR}}_{16};$ ${\mathrm{CV}}_1^{\left(1\right)}={\mathrm{CV}}_1^{\left(1\right)}+{\mathrm{BL}}_{16}+{\mathrm{BR}}_{16};$ ...， ${\mathrm{CV}}_7^{\left(1\right)}={\mathrm{CV}}_7^{\left(0\right)}+{\mathrm{HL}}_{16}+{\mathrm{HR}}_{16}$

Then, the value of the link variable after will having compressed first message blocks

Export as link variable CV (l).

With reference to figure 4,, judge whether to exist next message blocks M to be processed again at step S404 ⁽ⁿ⁾There is next message blocks M if judge ⁽ⁿ⁾, then processing procedure advances to step S405.There is not next message blocks M if be judged as ⁽ⁿ⁾, then this processing procedure advances to step S406.

At step S405, use the message of compression function device 100 and 16 32 bits of step functional unit 200 iterative processings.

Describe in detail with compression function device 100-n n message blocks M with reference to figure 6 ⁽ⁿ⁾Compress the flow process of processing (step S405).Fig. 6 is to use compression function device 100-n to n message blocks M ⁽ⁿ⁾Carry out the flow chart of iterative processing.With reference to figure 6,, use link variable at step S601

Eight shift register R0-R7 of the L-line 110 of initialization compression function device 100-n correspondingly.

At step S602, with P ₁(M ⁽ⁿ⁾), P ₂(M ⁽ⁿ⁾) two 32 message are arranged in order at every turn be input to the step functional unit of L-line110 as key.Simultaneously, for each iteration, also user-defined two unsigned constants are input to the step functional unit of L-line 110, the value note of shift register R0-R7 after the i time iteration made AL _I+1, BL _I+1, CL _I+1, DL _I+1, EL _I+1, FL _I+1, GL _I+1, HL _I+1, i=0,1 ..., 15.

At step S603, according to four steps is that the principle that a son is listed as is divided into four step functional unit row with every with walking abreast step functional unit row logic, and with the key input of the value of the output register of the i of L-line 110 step functional unit row as the 4i step functional unit row of R-line 120, that is, press the current register value AL of the i step functional unit row of L-line110 _4i, BL _4i, GL _4i, DL _4i, EL _4i, FL _4i, GL _4i, HL _4i, i=1, the 4i that is input to R-line 120 functional unit step by step and for each iteration, also are imported into the step functional unit that uses among the R-line120 with two unsigned constants as key each two 32 link variables of 2,3 order.

At step S604, with eight register RR0-RR7 message of the step functional unit of use among the R-line 120

Correspondingly carry out initialization.

At step S605, the initial value of link variable is added the currency AL of L-line 110 shift register R0-R7 ₁₆, BL ₁₆, CL ₁₆, DL ₁₆, EL ₁₆, FL ₁₆, GL ₁₆, HL ₁₆, and the currency AR of R-line 120 shift register RR0-RR7 ₁₆, BR ₁₆, CR ₁₆, DR ₁₆, ER ₁₆, FR ₁₆, GR ₁₆, HR ₁₆, promptly

${\mathrm{CV}}_0^{\left(n\right)}={\mathrm{CV}}_0^{(n-1)}+{\mathrm{AL}}_{16}+{\mathrm{AR}}_{16};$ ${\mathrm{CV}}_1^{\left(n\right)}={\mathrm{CV}}_1^{(n-1)}+{\mathrm{BL}}_{16}+{\mathrm{BR}}_{16};...;$ ${\mathrm{CV}}_7^{\left(n\right)}={\mathrm{CV}}_7^{(n-1)}+{\mathrm{HL}}_{16}+{\mathrm{HR}}_{16}.$

The value of the link variable after will having compressed the n message blocks then

As link variable CV ⁽ⁿ⁾Output.

After the processing of completing steps S405, processing procedure turns back to step S404, so that judge whether to exist next message blocks M to be processed ⁽ⁿ⁾There is next message blocks M to be processed ⁽ⁿ⁺¹⁾Situation under, carry out said process, that is, with the output link variable of compression function device 100-n

Initial value as the link variable of next compression function device 100-(n+1) repeats above-mentioned iterative step S601-S607 then in compression function device 100-(n+1), with to next message M ⁽ⁿ⁺¹⁾Carry out iterative processing.Carry out such process, up to handling all message blocks.

Then, in step S406, with link variable

$\mathrm{CV}={\mathrm{CV}}_0^{\left(N\right)}\left|\right|{\mathrm{CV}}_1^{\left(N\right)}\left|\right|{\mathrm{CV}}_2^{\left(N\right)}\left|\right|{\mathrm{CV}}_3^{\left(N\right)}\left|\right|{\mathrm{CV}}_4^{\left(N\right)}\left|\right|{\mathrm{CV}}_5^{\left(N\right)}\left|\right|{\mathrm{CV}}_6^{\left(N\right)}\left|\right|{\mathrm{CV}}_7^{\left(N\right)}$

Output is as the cryptographic Hash (eap-message digest) of origination message, and wherein symbol ‖ represents two binary strings are together in series, and finishes the entire process process.

Above preferred implementation according to the present invention has been described the present invention and has been had the step functional unit of strong diffusion and utilize this step functional unit with strong diffusion to carry out the hash function system and the method thereof of extension of message.Yet, it will be understood by those skilled in the art that according to an aspect of the present invention, can carry out changes and improvements to described step functional unit and hash function system and method thereof, and not break away from the spirit and scope of the present invention.For example, it is so long origination message m can be filled to the multiple of other non-512 suitable figure places.In this case, the message M through filling is divided into the message blocks with suitable figure place, and each such message blocks M ⁽ⁱ⁾Also can be divided into the sub-piece of non-32 message, and this number of a little also can not 16 used sub-pieces of above-mentioned preferred implementation.Yet, in this case, the number of the shift register in the step functional unit of compression function device and the figure place of each shift register should change accordingly, and the change that data volume that functional unit received and exported the step and data length also should adapt to is so that the message blocks after compression function device and the variation adapts.

In addition, comprise two step functional units row according to the compression function device of preferred implementation of the present invention, each step functional unit row comprises four step functional unit row, and each step functional unit row comprises that four each and every one go on foot functional unit.Yet, those skilled in the art should be understood that, one aspect of the present invention, the compression function device can comprise more than two step functional unit row, each step functional unit row can not be made up of four step functional unit row yet, and each step functional unit row can not be made up of four step functional units yet.In addition, the sub-number of columns of each step functional unit that each step functional unit row in the compression function device are comprised can be inequality, and the step functional unit quantity that each step functional unit row are comprised also can be inequality.

Hash function system according to the embodiment of the present invention is divided at least two parallel step functional unit row with the step functional unit that is comprised, and list origination message and the link variable of handling to be imported in just in time opposite mode at these at least two parallel step functional units, can resist existing differential attack method effectively like this.And by the influence between the parallel step functional unit row, the feasible key that is listed as for the right step functional unit of compression function device can not directly be controlled, and spreads infeasible by revising the feasible difference that suppresses of key.In addition, step functional unit of the present invention just can spread in three step backs fully for the difference of key, then just can spread fully in four steps for the link variable difference, so it has very strong difference diffusivity, thereby resists existing attack method to hash function.In addition, compression function device of the present invention is owing to comprising the execution speed that at least two parallel step functional unit row have improved the hash function system that it constituted.Facts have proved that hash function system's realization speed according to the present invention is faster than SHA-256.Therefore, the designed hash function system of the present invention is a safer hash function efficiently system.

More than be described with reference to the drawings according to hash function of the present invention system, this accompanying drawing comprises according to the embodiment of the present invention the structure of hash function system and the flow process of method thereof.It should be appreciated by those skilled in the art that each frame and the combination software that can be made of computer program instructions fully thereof in these accompanying drawings realizes, also can be fully realize by hardware execution mode or the form that comprises the software and hardware unit.These computer program instructions can be loaded into computer or other programmable data processing device produce machine, make the instruction carried out on computer or other programmable data processing device create to be used for the parts of the function that is implemented in the frame appointment.These computer program instructions also can be stored in can vectoring computer or the computer-readable memory that works with particular form of other programmable data processing device in, make that being stored in instruction in the computer-readable memory produces and comprise the product of realizing the instruction unit of the function of appointment in the frame.This computer program instructions also can be loaded into computer or other programmable data processing device, to cause carrying out the sequence of operations step at computer or other programmable data processing device, produce the computer realization process, make the instruction of on computer or other programmable data processing device, carrying out be provided for realizing the function of appointment in the frame.

Those skilled in the art should understand that, define functional programs of the present invention and can consign to computer in a variety of forms, include but not limited to: (a) for good and all be stored in the non-information of writing on the storage medium (read-only memory device in the computer for example, such as can by ROM or the CD-ROM dish that Computer I/O annex reads); (b) can be stored in the information that to write on the storage medium (for example floppy disk and hard disk drive) with changing; Or (c) be sent to the information of computer by the communication media that for example uses radio base band signaling or broadband signalling technology (comprise the carrier signalling technology, such as via computer or the telephone network by modulator-demodulator).

Although above-mentioned is to describe the present invention with reference to illustrative embodiments, it will be understood by those skilled in the art that under the prerequisite that does not deviate from the aim of the present invention that limits by appended claims and scope, can carry out modification on various forms and the details to the present invention.Preferred implementation should only be thought illustrative, rather than restrictive.Therefore, detailed description of the present invention does not limit scope of the present invention, and scope of the present invention should be defined by the following claims, and the technical characterictic of having any different in the scope of the present invention is interpreted as comprising in the present invention.

Claims (22)

1. a hash function system that produces hash function comprises

Message receiving apparatus is used to receive the message that will calculate its hash function value;

Message classification apparatus, the message that message receiving apparatus is received are divided into N block of information of pre-sizing, and wherein N is the positive integer more than or equal to 1;

N compression function device, each compression function device is made of concurrently the step of dual serial at least functional unit row, wherein the first compression function device in this N compression function device receive unsigned constant as the first initial link variable and first message blocks that receives the pre-sizing of dividing out through the message classification apparatus as key, by the step of dual serial at least functional unit row carry out interative computation and with interative computation result and the first initial link addition of variables to export first link variable, and the n-1 link variable that the n compression function device in this N compression function device receives the output of n-1 compression function device as n initial link variable and the n-1 message blocks that receives the pre-sizing of dividing out through the message classification apparatus as key, by this at least dual serial step functional unit row carry out interative computation and with interative computation result and n initial link addition of variables to export the n link variable, wherein n is greater than 1 positive integer smaller or equal to N; And

The hash function cascade unit is used for the link variable that N compression function device produced is cascaded up, as the cryptographic Hash of the received message of message receiving apparatus.

2. hash function as claimed in claim 1 system also comprises:

The message blocks filling device, the message that is used for message receiving apparatus is received is filled, will be divided into the message blocks of described pre-sizing through the message of filling.

3. hash function as claimed in claim 1 system, wherein, described compression function device also comprises:

A plurality of replacement modules, each is used for displacement that the message blocks that will produce hash function is scheduled to; And

A plurality of logic modules are respectively applied for the iteration output of the predetermined steps functional unit in the output one of at least in the iteration output of the step functional unit in the step functional unit row in the described dual serial at least step functional unit row and the described a plurality of replacement modules, the step functional unit row before the described step functional unit row, the output or the link variable of logic module carry out logical operation before.

4. hash function as claimed in claim 3 system, wherein, described block of information M (i) is divided into 16 sub-pieces of message $M^{\left(i\right)}=(M_0^{\left(i\right)},M_1^{\left(i\right)},\&CenterDot;\&CenterDot;\&CenterDot;,M_{15}^{\left(i\right)}),$ I=1,2 ..., N, described a plurality of replacement modules comprise:

First replacement module, be used for $M^{\left(i\right)}=(M_0^{\left(i\right)},M_1^{\left(i\right)},\&CenterDot;\&CenterDot;\&CenterDot;,M_{15}^{\left(i\right)}),$ Be replaced as $P_1\left(M^{\left(i\right)}\right)=(M_{{\mathrm{\&sigma;}}_1\left(0\right)}^{\left(i\right)},M_{{\mathrm{\&sigma;}}_1\left(1\right)}^{\left(i\right)},\&CenterDot;\&CenterDot;\&CenterDot;,M_{{\mathrm{\&sigma;}}_1\left(15\right)}^{\left(i\right)}),$ σ wherein ₁(t)=t mod 16,0≤t≤15,

Second replacement module, be used for $M^{\left(i\right)}=(M_0^{\left(i\right)},M_1^{\left(i\right)},\&CenterDot;\&CenterDot;\&CenterDot;,M_{15}^{\left(i\right)}),$ Be replaced as $P_2\left(M^{\left(i\right)}\right)=(M_{{\mathrm{\&sigma;}}_2\left(0\right)}^{\left(i\right)},M_{{\mathrm{\&sigma;}}_2\left(1\right)}^{\left(i\right)},\&CenterDot;\&CenterDot;\&CenterDot;,M_{{\mathrm{\&sigma;}}_2\left(15\right)}^{\left(i\right)}),$ σ wherein ₂(t)=9t+11 mod 16,

The 3rd replacement module, be used for $M^{\left(i\right)}=(M_0^{\left(i\right)},M_1^{\left(i\right)},\&CenterDot;\&CenterDot;\&CenterDot;,M_{15}^{\left(i\right)}),$ Be replaced as $S_1\left(M^{\left(i\right)}\right)=(M_{{\mathrm{\&sigma;}}_3\left(0\right)}^{\left(i\right)},M_{{\mathrm{\&sigma;}}_3\left(1\right)}^{\left(i\right)},\&CenterDot;\&CenterDot;\&CenterDot;,M_{{\mathrm{\&sigma;}}_3\left(15\right)}^{\left(i\right)})$ σ ₃(t)=5t+6 mod 16, and

The 4th replacement module, be used for $M^{\left(i\right)}=(M_0^{\left(i\right)},M_1^{\left(i\right)},\&CenterDot;\&CenterDot;\&CenterDot;,M_{15}^{\left(i\right)}),$ Be replaced as $S_2\left(M^{\left(i\right)}\right)=(M_{{\mathrm{\&sigma;}}_4\left(0\right)}^{\left(i\right)},M_{{\mathrm{\&sigma;}}_4\left(1\right)}^{\left(i\right)},\&CenterDot;\&CenterDot;\&CenterDot;,M_{{\mathrm{\&sigma;}}_4\left(15\right)}^{\left(i\right)}).$

5. hash function as claimed in claim 4 system, wherein, the first step functional unit row and the second step functional unit that described step functional unit is divided into dual serial are listed as, and described a plurality of logic module comprises:

First logic module is used for the link variable of first step functional unit row output and the link variable of second step functional unit row output are carried out the logic OR computing;

Second logic module is used for logic OR computing that the output of first logic module and received link variable are scheduled to, and with the output of this operation result as the compression function device;

The 3rd logic module, be used for back eight sub-pieces of message of the message blocks after the output of the 4th step functional unit of second functional unit row and experience the 3rd predetermined permutation module are carried out the logic OR computing, and this operation result is outputed to the 5th step functional unit in the second step functional unit row;

The 4th logic module, be used for the sub-piece of the first eight message of the message blocks after the output of the 8th step functional unit of second functional unit row and experience the 4th predetermined permutation module is carried out the logic OR computing, and this operation result is outputed to the 9th in the second step functional unit row go on foot functional unit; And

The 5th logic module, be used for back eight sub-pieces of message of the message blocks after the output of the 12 step functional unit of second functional unit row and experience the 4th predetermined permutation module are carried out the logic OR computing, and with the output of this operation result as the second step functional unit row.

6. hash function as claimed in claim 5 system, wherein, described step functional unit is by initially as follows: the first step functional unit in the first step functional unit row carries out initialization by link variable, and the second step functional unit to the, the 16 step functional unit in the first step functional unit row is respectively by the link variable initialization of 15 step of the first step functional unit to the in first step functional unit row functional unit output, and the sub-piece of the first eight message of the message blocks of the first step functional unit in the second step functional unit row after by experience the 3rd predetermined permutation module carries out initialization;

Wherein, the key of described step functional unit is given as follows: the message blocks that will experience after the first and second predetermined permutation modules is input to respectively going on foot in the functional unit of first step functional unit row as cipher key sequence, received link variable is input to first to fourth in the second step functional unit row as cipher key sequence goes on foot functional unit, the link variable that the 4th step functional unit of first step functional unit row is exported is input to second the 5th to the 8th step functional unit that goes on foot in the functional unit row as cipher key sequence, the link variable of the 8th step functional unit output of first step functional unit row is input to the 9th to the 12 step functional unit in the second step functional unit row as cipher key sequence, the link variable of the 12 step functional unit output of first step functional unit row is input to the 13 to the 16 step functional unit in the second step functional unit row as cipher key sequence; And

The unsigned constant of described step functional unit is given as follows: be two unsigned constants of each step functional unit input in the first step functional unit row and the second step functional unit row.

7. hash function as claimed in claim 1 system, wherein, described step functional unit comprises:

A plurality of logic modules are respectively applied for and receive the data that comprise key, unsigned constant and/or initial link variable, and received data are carried out logical operation;

A plurality of function modules, each function module is connected between two or more logic modules in described a plurality of logic module, be respectively applied for the output that receives the upstream logic module in the logic module that it was connected to, the functional operation that received data are scheduled to, and operation result is outputed to the downstream logic module of its logic module that is connected to; And

A plurality of shift registers are used for the output of receive logic module and function module, and received data are circulated mobile one left.

8. hash function as claimed in claim 7 system wherein, comprises the execution function in described a plurality of function modules $\mathrm{sf}\left(x\right)=x\&CirclePlus;r(x,6)\&CirclePlus;r(x,23)$ The function module of computing, and carry out function $\mathrm{sg}\left(x\right)=x\&CirclePlus;r(x,14)\&CirclePlus;r(x,27)$ The function module of computing, (x is x to be circulated left move the function of n position n) to r here.

9. hash function as claimed in claim 7 system wherein, comprises the logic module of carrying out circulative shift operation in described a plurality of logic modules, carries out mould 2 ³²The logic module of the logic module of add operation and execution XOR.

10. hash function as claimed in claim 7 system, wherein, described a plurality of shift registers are eight shift registers, and by described a plurality of logic modules and the described a plurality of function module value A with described shift register _j, B _j, C _j, D _j, E _j, F _j, G _j, H _jBy the following formula value of converting to A _J+1, B _J+1, C _J+1, D _J+1, E _J+1, F _J+1, G _J+1, H _J+1:

A _j+1＝B _j+sf(A _j+K _2j)

$B_{j+1}=(C_j+E_j)\&CirclePlus;\mathrm{sg}(\mathrm{sf}(A_j+K_{2j})+B_j+D_j+{\mathrm{\&beta;}}_{2j})$

C _j+1＝sg(sf(A _j+K _2j)+B _j+D _j+β _2j) ^<<<21

$D_{j+1}=E_j+K_{2j+1}+{((G_j+A_j)\&CirclePlus;\mathrm{sf}(\mathrm{sg}(E_j+K_{2j+1})+F_j+H_j+{\mathrm{\&beta;}}_{2j+1}))}^{<<<13}$

E _j+1＝F _j+sg(E _j+K _2j+1)

$F_{j+1}=(C_j+A_j)\&CirclePlus;\mathrm{sf}(\mathrm{sg}(E_j+K_{2j+1})+F_j+H_j+{\mathrm{\&beta;}}_{2j+1})$

G _j+1＝sf(sg(E _j+K _2j+1)+F _j+H _j+β _2j+1) ^<<<9

$H_{j+1}=A_j+K_{2j}+{((C_j+E_j)\&CirclePlus;\mathrm{sg}(\mathrm{sf}(A_j+K_{2j})+B_j+D_j+{\mathrm{\&beta;}}_{2j}))}^{<<<17}$

Wherein, K _2jAnd K _2j+1Represent described key respectively, β _2jAnd β _2j+1Represent described unsigned constant respectively, x ^NExpression circulates x left and moves the n position.

11. hash function as claimed in claim 10 system, wherein, described shift register is 32 bit shift register, and described key and unsigned constant are 32 bit data.

12. a method that generates the hash function of message comprises step:

1) receives N the message blocks that message also is divided into received message pre-sizing;

2) with unsigned constant as the first initial link variable, first message blocks in the message blocks that step 1) is divided is out compressed processing, and will compress result and the first initial link addition of variables to export first link variable of compressed processing;

3) with step 2) first link variable of compressed processing of output is as the second initial link variable, second message blocks in the message blocks that step 1) is divided is out compressed processing, and will compress result and the second initial link addition of variables to export second link variable of compressed processing;

4) repeating step 3), till all message blocks in the message blocks that step 1) divides out are all processed; And

5) with N link variable cascade output, as the hash function value of described message,

Wherein, the iteration step function row that comprises the dual serial of carrying out is concurrently at least handled in each compression, is used to handle initial link variable and message blocks and produces corresponding link variable.

13. the method for the hash function of generation message as claimed in claim 12, wherein, described step 1) comprises substep:

The message that message receiving apparatus received is filled, will be divided into the message blocks of described pre-sizing through the message of filling.

14. the method for the hash function of generation message as claimed in claim 12, wherein, described compression is handled and is comprised:

Displacement step is used for the message blocks that will produce hash function is carried out a plurality of predetermined displacements; And

The logical operation step is used for the iteration output of the step function in the output one of at least of the iteration output of the step function in the step function row of described dual serial at least step function row and described a plurality of predetermined permutation computings, the step function row before the described step function row, the output or the link variable of logical operation are before carried out logical operation.

15. the method for the hash function value of generation message as claimed in claim 14, wherein, described block of information M ⁽ⁱ⁾Be divided into 16 sub-pieces of message $M^{\left(i\right)}=(M_0^{\left(i\right)},M_1^{\left(i\right)},\&CenterDot;\&CenterDot;\&CenterDot;,M_{15}^{\left(i\right)}),$ I=1,2 ..., N, described a plurality of displacement step comprise:

First the displacement substep, be used for $M^{\left(i\right)}=(M_0^{\left(i\right)},M_1^{\left(i\right)},\&CenterDot;\&CenterDot;\&CenterDot;,M_{15}^{\left(i\right)})$ Be replaced as $P_1\left(M^{\left(i\right)}\right)=(M_{{\mathrm{\&sigma;}}_1\left(0\right)}^{\left(i\right)},M_{{\mathrm{\&sigma;}}_1\left(1\right)}^{\left(i\right)},\&CenterDot;\&CenterDot;\&CenterDot;,M_{{\mathrm{\&sigma;}}_1\left(15\right)}^{\left(i\right)}),$ σ wherein ₁(t)=t mod 16,0≤t≤15,

Second the displacement substep, be used for $M^{\left(i\right)}=(M_0^{\left(i\right)},M_1^{\left(i\right)},\&CenterDot;\&CenterDot;\&CenterDot;,M_{15}^{\left(i\right)})$ Be replaced as $P_2\left(M^{\left(i\right)}\right)=(M_{{\mathrm{\&sigma;}}_2\left(0\right)}^{\left(i\right)},M_{{\mathrm{\&sigma;}}_2\left(1\right)}^{\left(i\right)},\&CenterDot;\&CenterDot;\&CenterDot;,M_{{\mathrm{\&sigma;}}_2\left(15\right)}^{\left(i\right)}),$ σ wherein ₂(t)=9t+11 mod 16,0≤t≤15,

The 3rd the displacement substep, be used for $M^{\left(i\right)}=(M_0^{\left(i\right)},M_1^{\left(i\right)},\&CenterDot;\&CenterDot;\&CenterDot;,M_{15}^{\left(i\right)})$ Be replaced as $S_1\left(M^{\left(i\right)}\right)=(M_{{\mathrm{\&sigma;}}_3\left(0\right)}^{\left(i\right)},M_{{\mathrm{\&sigma;}}_3\left(1\right)}^{\left(i\right)},\&CenterDot;\&CenterDot;\&CenterDot;,M_{{\mathrm{\&sigma;}}_3\left(15\right)}^{\left(i\right)})$ σ wherein ₃(t)=5t+6 mod 16,0≤t≤15, and

The 4th the displacement substep, be used for $M^{\left(i\right)}=(M_0^{\left(i\right)},M_1^{\left(i\right)},\&CenterDot;\&CenterDot;\&CenterDot;,M_{15}^{\left(i\right)})$ Be replaced as $S_2\left(M^{\left(i\right)}\right)=(M_{{\mathrm{\&sigma;}}_4\left(0\right)}^{\left(i\right)},M_{{\mathrm{\&sigma;}}_4\left(1\right)}^{\left(i\right)},\&CenterDot;\&CenterDot;\&CenterDot;,M_{{\mathrm{\&sigma;}}_4\left(15\right)}^{\left(i\right)}).$ σ wherein ₄(t)=13t+3 mod 16,0≤t≤15.

16. the method for the hash function value of generation message as claimed in claim 15, wherein, described step function is divided into the first step function row and the second step function row of dual serial, and described a plurality of logical operation step comprises:

The first logical operation substep is used for the link variable of first step function row output and the link variable of second step function row output are carried out the logic OR computing;

The second logical operation substep is used for logic OR computing that the output of the first logical operation substep and received link variable are scheduled to, and with the output of this operation result as compression function;

The 3rd logical operation substep, be used for back eight sub-pieces of message of the output of the 4th step function of second function row and the message blocks of experience after the 3rd predetermined permutation module are carried out the logic OR computing, and this operation result is outputed to the 5th step function in the second step function row;

The 4th logical operation substep, be used for the sub-piece of the first eight message of the output of the 8th step function of second function row and the message blocks of experience after the 4th predetermined permutation module is carried out the logic OR computing, and this operation result is outputed to the 9th in the second step function row go on foot function; And

The 5th logical operation substep is used for that the 12 of second function row is gone on foot the output of function and back eight sub-pieces of message of the message blocks after experience the 4th predetermined permutation module carry out the logic OR computing, and with the output of this operation result as the second step function row.

17. the method for the hash function value of generation message as claimed in claim 16, wherein, described step function is initialised as follows: the first step function in the first step function row carries out initialization by link variable, and 16 step of second in first step function row step function to the function is respectively by the link variable initialization of 15 step of the first step function to the in first step function row function output, and the sub-piece of the first eight message of the message blocks of the first step function in the second step function row after by experience the 3rd predetermined permutation module carries out initialization;

Wherein, the key of described step function is given as follows: will be input to respectively going on foot in the function of first step function row as cipher key sequence through the message blocks after first and second predetermined permutation, received link variable is input to first to fourth in the second step function row as cipher key sequence goes on foot function, the link variable that the 4th step function of first step function row is exported is input to second the 5th to the 8th step function that goes on foot in the function row as cipher key sequence, the link variable of the 8th step function output of first step function row is input to the 9th to the 12 step function in the second step function row as cipher key sequence, and the link variable of the 12 step function output of first step function row is input to the 13 to the 16 step function in the second step function row as cipher key sequence; And

Wherein, the unsigned constant of described step functional unit is given as follows: be two unsigned constants of each step function input in the first step function row and the second step function row.

18. the method for the hash function value of generation message as claimed in claim 12, wherein, described step function comprises step:

Reception comprises the data of key, unsigned constant and/or initial link variable and received data is carried out logical operation with a plurality of logic modules;

Carry out a plurality of function modules, each function module is connected between two or more logic modules in described a plurality of logic module, be respectively applied for the output that receives the upstream logic module in the logic module that it was connected to, the functional operation that received data are scheduled to, and operation result is outputed to the downstream logic module of its logic module that is connected to; And

Utilize shift register that the output of function module and logic module is circulated mobile one left, to produce the link variable of output.

19. the method for the hash function value of generation message as claimed in claim 18 wherein, comprises the execution function in described a plurality of function modules $\mathrm{sf}\left(x\right)=x\&CirclePlus;r(x,6)\&CirclePlus;r(x,23)$ The function module of computing, and carry out function $\mathrm{sg}\left(x\right)=x\&CirclePlus;r(x,14)\&CirclePlus;r(x,27)$ The function module of computing, (x is x to be circulated left move the function of n position n) to r here.

20. the method for the hash function value of generation message as claimed in claim 18 wherein, comprises the logic module of carrying out circulative shift operation in described a plurality of logic modules, carries out mould 2 ³²The logic module of the logic module of add operation and execution XOR.

21. the method for the hash function value of generation message as claimed in claim 18, wherein, described a plurality of shift registers are eight shift registers, and by described a plurality of logic modules and the described a plurality of function module value A with described shift register _j, B _j, C _j, D _j, E _j, F _j, G _j, H _jBy the following formula value of converting to A _J+1, B _J+1, C _J+1, D _J+1, E _J+1, F _J+1, G _J+1, H _J+1:

A _j+1＝B _j+sf(A _j+K _2j)

$B_{j+1}=(C_j+E_j)\&CirclePlus;\mathrm{sg}(\mathrm{sf}(A_j+K_{2j})+B_j+D_j+{\mathrm{\&beta;}}_{2j})$

C _j+1＝sg(sf(A _j+K _2j)+B _j+D _j+β _2j) ^<<<21

$D_{j+1}=E_j+K_{2j+1}+{((G_j+A_j)\&CirclePlus;\mathrm{sf}(\mathrm{sg}(E_j+K_{2j+1})+F_j+H_j+{\mathrm{\&beta;}}_{2j+1}))}^{<<<13}$

E _j+1＝F _j+sg(E _j+K _2j+1)

$F_{j+1}=(C_j+A_j)\&CirclePlus;\mathrm{sf}(\mathrm{sg}(E_j+K_{2j+1})+F_j+H_j+{\mathrm{\&beta;}}_{2j+1})$

G _j+1＝sf(sg(E _j+K _2j+1)+F _j+H _j+β _2j+1) ^<<<9

$H_{j+1}=A_j+K_{2j}+{((C_j+E_j)\&CirclePlus;\mathrm{sg}(\mathrm{sf}(A_j+K_{2j})+B_j+D_j+{\mathrm{\&beta;}}_{2j}))}^{<<<17}$

Wherein, K _2jAnd K _2j+1Represent described key respectively, β _2jAnd β _2j+1Represent described unsigned constant respectively, x ^NExpression circulates x left and moves the n position.

22. a computer product implements the program of realization based on the method for the hash function value that generates message on it, the method comprising the steps of:

1) receives N the message blocks that message also is divided into received message pre-sizing;

2) with unsigned constant as the first initial link variable, first message blocks in the message blocks that step 1) is divided is out compressed processing, and will compress result and the first initial link addition of variables to export first link variable of compressed processing;

3) with step 2) first link variable of compressed processing of output is as the second initial link variable, second message blocks in the message blocks that step 1) is divided is out compressed processing, and will compress result and the second initial link addition of variables to export second link variable of compressed processing;

4) repeating step 3), till all message blocks in the message blocks that step 1) divides out are all processed; And

5) with the output of N link variable, as the hash function value of described message,

Wherein, the iteration step function row that comprises the dual serial of carrying out is concurrently at least handled in each compression, is used to handle initial link variable and message blocks and produces corresponding link variable.

Images