国产通用处理器密码算法指令实现研究

计算机工程与科学 ›› 2022, Vol. 44 ›› Issue (07): 1162-1170.

国产通用处理器密码算法指令实现研究

陈子钰，何军，郭翔宇

（上海高性能集成电路设计中心,上海 201204）

收稿日期:2021-11-24 修回日期:2022-01-04 接受日期:2022-07-25 出版日期:2022-07-25 发布日期:2022-07-25

Implementation of cryptographic instructions for general purpose processors

CHEN Zi-yu，HE Jun，GUO Xiang-yu

（Shanghai High-Performance Integrated Circuit Design Center,Shanghai 201204,China ）

Received:2021-11-24 Revised:2022-01-04 Accepted:2022-07-25 Online:2022-07-25 Published:2022-07-25

摘要/Abstract

摘要： 介绍了国际主流密码算法AES和SHA，综述了当前主流通用处理器架构的密码算法指令发展现状。为提高国产通用处理器在密码安全领域的性能，设计了面向国产通用处理器的AES和SHA密码算法扩展指令集，实现了能全流水执行的AES和SHA密码算法指令执行部件，并进行了实现评估和优化。该密码算法指令执行部件的工作频率达2.0 GHz，总面积为17 644 μm2，总功耗为59.62 mW，相比软件采用原有通用指令实现，对AES密码算法的最小加速比为8.90倍，对SHA密码算法的最小加速比为4.47倍，在指令全流水执行时可达19.30倍，显著地改善了处理器执行AES和SHA密码算法的性能，有望应用于国产通用处理器并进一步提升国产通用处理器芯片在密码安全应用领域的竞争力。此外，该密码算法指令部件还可以封装成专门用于支持密码算法的IP，应用在密码安全领域的专用芯片中。

关键词: 通用处理器, AES, SHA, 密码算法, 密码算法指令, 处理器性能

Abstract: This paper introduces the international mainstream cryptographic algorithms AES and SHA, and summarizes the development status of cryptographic algorithm instructions in the current mainstream general processor architecture. In order to improve the performance of general purpose processor in the field of cryptographic security, an extended instruction set of AES and SHA cryptographic algorithm for general purpose processor is designed, and an instruction execution unit of AES and SHA cryptographic algorithm that can be fully pipeline execute are realized, evaluated and optimized. The operating frequency of the instruction execution unit can reach 2.0 GHz, the total area is 17 644 μm2, and the total power consumption is 59.62 mW. Compared with the software implementation with the gene- ral instructions, the minimum speedup for AES cryptographic algorithm is 8.90 times, the minimum speedup for SHA cryptographic algorithm is 4.47 times and its speedup can reach 19.30 times in the case of fully pipelined execution of instructions, which significantly improves the performance of the processor in executing AES and SHA cryptographic algorithms, It is expected to be applied to general purpose processors and further enhance the competitiveness of general purpose processor chips in the field of cryptographic security applications. In addition, the cryptographic algorithm instruction execution unit can also be encapsulated into an IP specially used to support cryptographic algorithm and applied to a special chip in the field of cryptographic security.

Key words: general purpose processor, advanced encryption standard(AES), secure hash algorrithm(SHA), cryptographic algorithm, cryptographic algorithm instruction, processor performance

陈子钰, 何军, 郭翔宇. 国产通用处理器密码算法指令实现研究[J]. 计算机工程与科学, 2022, 44(07): 1162-1170.

CHEN Zi-yu, HE Jun, GUO Xiang-yu. Implementation of cryptographic instructions for general purpose processors[J]. Computer Engineering & Science, 2022, 44(07): 1162-1170.

参考文献［15］

［1］	Bertoni G,Breveglieri L,Fragneto P,et al.Efficient software implementation of AES platforms ［C］∥Proc of International Workshop on Cryptographic Hardware and Embedded Systems,2002:159-171.
［2］	Li Y, Sakiyama K,Batina L,et al,Power variance analysis breaks a masked ASIC implementation of AES［C］∥Proc of Design,Automation & Test in Europe Conference & Exhibition (DATE),2010:1059-1064.
［3］	Irwansyah A,Nambiar V P,Khalil-Hani M.An AES tightly coupled hardware accelerator in an FPGA-based embedded processor core ［C］∥Proc of International Conference on Computer Engineering and Technology,2009:521-525.
［4］	Scharwechter P,Kammler D, Wieferink A,et al.ASIP architecture exploration for efficient IPSec encryption:A case study［J］.ACM Transactions on Embedded Computing Systems,2007,6(2):87-99.
［5］	Tillich S.Instruction set extensions for efficient AES implementation on 32-bit processors ［C］∥Proc of International Conference on Cryptographic Hardware and Embedded Systems,2006:270-284.
［6］	Fiskiran A M, Lee R B. On-chip lookup tables for fast symmetric-key encryption ［C］∥Proc of the 16th IEEE International Conference on Application-Specific Systems,Architectures and Processors,2005:356-363.
［7］	Sun Ying-hong, Tong Yuan-man,Wang Zhi-ying.AES implementation based on instruction extension and randomized scheduling ［J］.Computer Engineering and Applications,2009,45(16):106-110.(in Chinese)
［8］	Xia Hui,Jia Zhi-ping,Zhang Feng,et al.The research and application of a specific instruction processor for AES ［J］.Journal of Computer Research and Development,2011,48(8):1554-1562.(in Chinese)
［9］	Dworkin M J, Barker E B, Nechvatal J R, et al. Advanced encryption standard (AES):FIPS 197［S］. Gaithersburg:National Institute of Standards and Technology,2001.
［10］	Dang Q H.Secure hash standard (SHS):FIPS 180-4［S］.Gaithersburg:National Institute of Standards and Technology,2015.
［11］	Gueron S. Intel advanced encryption standard (AES) instruction set［R］.Intel White Paper,2010.
［12］	Sean G,Vinodh G,Kirk Y.et al.Intel SHA extensions:New instructions supporting the secure hash algorithm on Intel architecture processors［EB/OL］.［2021-08-13］.https://www.intel.com/content/www/us/en/developer/articles/technical/intel-sha-extensions.html.
［13］	IBM Power ISATM version 2.07［EB/OL］.［2021-08-13］. https://openpowerfoundation.org/?resource_lib=ibm-power-isa-version-2-07-b.
［14］	ARM architecture reference manual ARMv8,for ARMv8-A architecture profile ［EB/OL］.［2021-08-13］. https://developer.arm.com/documentation/ddi0487/ga.
［15］	Xue Gang-ru.Research on hardware acceleration and usage of Chinese cryptographic algorithms based on Zhaoxin CPU ［J］.Cyberspace Security,2019,10(4):83-88.(in Chinese)
	附中文参考文献：
［7］	孙迎红,童元满,王志英.采用指令集扩展和随机调度的AES算法实现技术［J］.计算机工程与应用，2009,45(16):106-110.
［8］	夏辉,贾智平,张峰,等.AES专用指令处理器的研究与实现［J］.计算机研究与发展，2011,48(8):1554-1562.
［15］	薛刚汝.基于兆芯CPU的国密算法硬件加速及应用研究［J］.网络空间安全，2019,10(4):83-88.

[1]	张治, 魏嘉鑫, 王林. LoRa数据传输网络混合加密设计[J]. 计算机工程与科学, 2021, 43(12): 2177-2182.
[2]	席胜鑫1，张文宁2，周清雷1，斯雪明3，李斌3. 基于拟态计算机的SHA512算法高吞吐量实现[J]. 计算机工程与科学, 2018, 40(08): 1344-1350.
[3]	谢敏，杨盼. ESF算法的相关密钥不可能差分分析[J]. 计算机工程与科学, 2018, 40(07): 1199-1205.
[4]	符鹤1，李春江2，王昊2，谢永芳1. 众核计算平台的高吞吐率密码算法加速[J]. 计算机工程与科学, 2018, 40(04): 580-586.
[5]	刘恒1，黄凯1，修思文2，李奕均3，严晓浪1. 多种哈希算法的可重构硬件架构设计[J]. J4, 2016, 38(03): 411-417.
[6]	李景霞1，吴国栋1，钱俊彦2. 基于邻接矩阵的Web服务组合[J]. J4, 2015, 37(09): 1627-1631.
[7]	郑朝霞,田园,蔚然,高峻. 小面积高性能的SHA-1/SHA-256/SM3 IP复用电路的设计[J]. J4, 2015, 37(08): 1417-1422.
[8]	高嵩，杜晴岚，陈超波. 基于快速级联分类器的行人检测方法研究[J]. J4, 2015, 37(06): 1183-1188.
[9]	王淦，张文英. SHA-3轮函数中χ及θ变换的性质研究[J]. J4, 2015, 37(02): 281-287.
[10]	黄友，张向文，许勇，潘明，任风华. 基于AES算法的滚码技术在汽车防盗系统中的应用[J]. J4, 2014, 36(02): 376-380.
[11]	陈永府,周峰,王启富,陈立平. 基于虚拟卷的U盘安全技术研究[J]. J4, 2014, 36(01): 68-72.
[12]	韩津生1,林家骏1,周文锦2, 叶建武3. 基于FPGA的AES核设计[J]. J4, 2013, 35(3): 80-84.
[13]	张琦滨,李〓强. Pshare:两级自适应分支预测算法及实现[J]. J4, 2011, 33(10): 80-84.
[14]	窦强, 童元满, 窦文华. 智能卡中抗高阶功耗攻击AES算法实现技术[J]. J4, 2009, 31(12): 16-19.
[15]	刘政林韩煜邹雪城陈毅成. AES能量攻击的建模与分析[J]. J4, 2008, 30(3): 17-20.