CN118214541B - SM3 parallel data encryption method based on ARM platform - Google Patents

Abstract

The invention belongs to the technical field of security password application, and discloses an SM3 parallel data encryption method based on an ARM platform. Firstly, multi-thread technology is used to fully utilize the characteristics of a multi-core CPU, and multiple threads simultaneously process multiple groups of plaintexts, thereby realizing parallelization at the software level. A message extension part is implemented in parallel using a NEON instruction set, and four adjacent data are loaded into a register at one time, and are simultaneously calculated using a parallel instruction set. An Ultra Round concept is proposed for a round function in a compression function, and the round function in the compression function that originally requires eight assignment operations at a time is reduced to only four assignment operations at a time by switching the input position of a word in each round, thereby realizing the improvement of the compression function performance.

Description

A SM3 parallel data encryption method based on ARM platform

Technical Field

The invention belongs to the technical field of security password application, and in particular relates to an SM3 parallel data encryption method based on an ARM platform.

Background Art

SM3 is a cryptographic hash algorithm standard developed by the China National Cryptography Administration. It belongs to the symmetric cryptographic system and is widely used in security fields such as digital signatures, data integrity verification, and identity authentication. The SM3 algorithm plays a key role in various fields and provides reliable basic technical support for information security. Its security and efficiency are equivalent to SHA-256. However, since most domestic CPUs are ARM architectures and most foreign CPUs are x86 architectures, and more and more mobile devices, embedded systems, and servers are using ARM processors, in addition, ARM processors are well-known for their low power consumption, especially in the field of mobile devices. Therefore, optimizing the SM3 algorithm to run efficiently on the ARM architecture can make it more competitive in power-sensitive scenarios such as mobile devices. Therefore, it is of great significance to design an efficient SM3 encryption method for the ARM architecture.

The SM3 original message extension part mainly includes the following steps:

① Group messages Divided into 16 words ;

②Generate expansion based on these 16 characters These words, namely ;

③ Using the above obtained Continue to generate the remaining 64 characters ,in .

The SM3 original compression function mainly includes the following steps:

①Let A, B, C, D, E, F, G, H be word registers, and SS1, SS2, TT1, TT2 be intermediate variables;

②Compression function , , where V ⁽ⁱ⁾ is initially the value in registers A, B, C, D, E, F, G, and H.

The specific process of the CF function is shown in Figure 4.

From the above, it can be seen that the SM3 algorithm has the problems of high memory usage and large code complexity. In this regard, researchers have conducted relevant research. For example, patent application CN113794552A discloses a SIMD-based SM3 parallel data encryption operation method and system, which realizes multi-way parallel operation while maintaining the hash dependency of data; but a large number of integer arrays and temporary variables are defined, and repeated definitions will lead to accumulated memory usage. The judgment of data length and conditional branches will also refer to additional memory overhead, which is not suitable for use on the ARM architecture with higher memory costs; and the additional judgment technology of this scheme needs to divide the data into equal length and unequal length for corresponding processing, which increases the additional judgment cost, and requires the introduction of conditional branches and additional calculations, which affects performance and poses security risks.

Patent application CN114422110A discloses a fast implementation method for SM3 hash function message processing for long instruction words, which is performed by expanding the loop operation in the SM3 cryptographic hash algorithm. The SM3 algorithm has up to 68 loops, and multiple operations are required in each loop, which greatly increases the complexity of the code, reduces the readability and maintainability of the code, and increases the size of the code. At the same time, it still needs to be The formula is iterated for 17 rounds, and the number of iterations is still relatively large. This technology simply inputs the data to be encrypted directly into the processor for processing. Although it uses the parallel instructions of NEON and realizes some parallelism at the hardware level, it does not give full play to the potential performance of multi-core CPUs and cannot maximize the encryption performance improvement.

Patent application CN117938401A discloses a data encryption method based on the parallel SM3 algorithm. It implements the rapid implementation of the SM3 algorithm by parallelizing 8 groups of messages based on the AVX2 instruction set. By obtaining 8 or 16 groups of inputs at one time and using the instructions in the AVX2 instruction set, the encryption of the SM3 algorithm is completed. However, this technology limits the number of plaintexts input each time, has poor flexibility, and can only input 16 groups at most at one time. In addition, this technology also only uses SIMD instructions to perform parallel processing of multiple groups of plaintexts at the hardware level, and does not consider optimization at the software level. It cannot fully utilize the potential performance of multi-core CPUs and cannot maximize the improvement of encryption performance.

Summary of the invention

To solve the above technical problems, the present invention provides an SM3 parallel data encryption method based on the ARM platform, which can be reasonably configured according to the number of CPU cores. On a machine with a large number of CPU cores, it can support the simultaneous processing of more groups of plaintext, thereby achieving overall performance improvement of the SM3 encryption algorithm.

The present invention provides an SM3 parallel data encryption method based on an ARM platform, comprising the following steps:

Step 1: Obtain the same number of plaintexts to be encrypted as the number of CPU cores;

Step 2: Create the same number of threads as the number of CPU cores, and make each thread encrypt a set of plaintext;

Step 3: For each group of plaintext processed by each thread, message padding is performed;

Step 4: Input the plain text after message filling into the parallel message expansion module, and use the NEON instruction set to process each group of data in parallel;

Step 5: Input the plaintext after the parallel message expansion module into the optimized CF compression function module, reduce the assignment operation by continuously changing the input position of the word, and reduce the number of loops, and finally obtain the encrypted hash value.

Furthermore, in step 3, the plaintext is filled with messages, specifically:

Divide the plaintext into 16 words, and use these 16 words to generate the subsequent 116 words, that is, ;

The formula , 16≤ j≤67 Replace with tmp1 of type uint32x4; where tmp1= ;

Will Replaced with tmp2 of type uint32x4, where tmp2= ;

Will Replace with tmp3 of uint32x4 type, where tmp3= ;

Will Replace with tmp4 of type uint32x4, where tmp4= ;

Will Replaced with tmp5 of type uint32x4, where tmp5= .

Furthermore, in step 4, each set of data is processed in parallel using the NEON instruction set, specifically:

Let j = 4 and perform 13 rounds of iterations;

In each iteration, the vld1q_u32 instruction in the NEON instruction set is used to load 4 words from W[j*4-16] into tmp1 at one time;

Load 4 words from W[j*4-13] into tmp2;

Load 4 words from W[j*4-9] into tmp3;

Load 4 words from W[j*4-6] into tmp4;

Then use NEON's veorq_u32 instruction to perform parallel XOR calculations on tmp1 and tmp3, and use the circular left shift instruction to shift tmp4 left by 15 bits. Finally, use the vst1q_u32 instruction to store the processed data into the W[j*4] array.

Furthermore, the CF compression function module includes registers A, B, C, D, E, F, G, and H for storing initial values, and registers SS1, SS2, TT1, and TT2 for storing intermediate variables in the calculation process. The Ultra Round function is executed in a loop, and the specific compression function part is implemented in the Ultra Round. At the same time, the Boolean function is split. The first 4 rounds of loops use Boolean function 1, and the last 15 rounds of loops use Boolean function 2 to reduce branch judgment. Among them, Boolean function 1 includes FF ₁ (X, Y, Z) = X Y Z，GG ₁ (X,Y, Z)=X Y Z, Boolean function 2 includes FF ₂ (X,Y, Z)=(X∧Y)∨(X∧Z)∨(Y∧Z), GG ₂ (X,Y, Z)=(X∧Y)∨(¬X∧Z), where X, Y, and Z are all values in the register that need to be calculated. represents the exclusive-OR operation, ∧ represents the AND operation, ∨ represents the OR operation, and ¬ represents the NOT operation.

Furthermore, the specific implementation steps of Ultra Round are:

First, the values of registers SS1, SS2, TT1, and TT2 are calculated for the process using the original compression function, and then the value of TT1 is assigned to register D. The value of TT2 is assigned to register H after being operated by the P_0 function. The value of B is shifted left by 9 bits and then assigned to register B. The value of F is shifted left by 19 bits and then assigned to register F, and finally the encrypted hash value is obtained.

The beneficial effects described in the present invention are as follows: the method described in the present invention uses multi-threading technology, fully utilizes the characteristics of a multi-core CPU, and multiple threads simultaneously process multiple groups of plaintexts, thereby realizing parallelization at the software level and avoiding the problem that the CPU may be idle during the execution of a single-threaded program; the present invention adopts NEON instruction-level parallel implementation for the message extension part, loads four adjacent data into the register at one time, and uses a parallel instruction set to calculate simultaneously, the principle is simple and easy to understand, and the code runs efficiently, and there is no redundant operations such as loop expansion, thereby greatly reducing the complexity of the calculation of the message extension part and realizing parallelization at the hardware level, and at the same time, the present invention only needs five registers for each encryption, greatly saving memory resources, and is more suitable for use on an ARM architecture with scarce memory resources; the concept of Ultra Round is proposed for the round function in the compression function, and the round function in the compression function that originally requires eight assignment operations at a time is reduced to only four assignment operations at a time by switching the input position of the word in each round, and at the same time, the number of loops is reduced, thereby realizing the improvement of the performance of the compression function.

BRIEF DESCRIPTION OF THE DRAWINGS

Fig. 1 is a flow chart of the extended portion of the original message of SM3;

FIG2 is a flow chart of the method of the present invention;

3 is a flow chart of the message extension part used in the present invention;

FIG4 is an illustration of the original compression function of SM3;

FIG5 is a schematic diagram of randomly generated plain text;

FIG6 is a schematic diagram showing a comparison of throughputs calculated by ten encryption rounds of the present invention and other schemes;

FIG. 7 is a schematic diagram comparing the delays calculated after ten rounds of encryption according to the present invention and other schemes.

DETAILED DESCRIPTION

In order to make the contents of the present invention more clearly understood, the present invention is further described in detail below based on specific embodiments in conjunction with the accompanying drawings.

As shown in FIG2 , the SM3 parallel data encryption method based on the ARM platform described in the present invention comprises the following steps:

Step 1: Get multiple groups of plaintext equal to the number of CPU cores (taking 4 cores as an example) and prepare them for SM3 encryption;

Step 2: Use the pthread_create() method in the pthread.h library of the C language to create the same number of threads as the number of CPU cores, and then call the work function to implement the function of encrypting a group of plaintexts by one thread, thus achieving parallelism at the software level.

Step 3: For each group of plaintext processed by each thread, it first enters the message filling module of the SM3 encryption algorithm. Assume that the length of message m is l bits. First, add the bit "1" to the end of the message, and then add k "0s", where k is the smallest non-negative integer that satisfies l+1+k≡448mod512. Then add a 64-bit bit string, which is the binary representation of the length l. The bit length of the padded message m' is a multiple of 512.

Step 4: Input the plain text after message filling into the parallel message expansion module, in which each group of data is processed in parallel using the NEON instruction set to achieve parallelism at the hardware level;

Step 5: Input the plain text after the message expansion function into the CF compression function part, and reduce the assignment operation by constantly changing the input position of the word, while reducing the number of loops.

In step 3, the original message expansion process is shown in Figure 1. generate These words, It is obtained by dividing the original message into groups, and By formula ,16≤j≤67 is obtained.

In order to make full use of the multi-channel parallel computing characteristics of the NEON instruction set, the present invention uses uint32x4 type variables to load 4 at a time. to the register, use NEON parallel instructions to calculate 4 sets of data at the same time, and store the calculated results in one go Specifically, the present invention converts the above formula Replaced with tmp1 of type uint32x4, where tmp1 = ,Will Replace with tmp2 of type uint32x4, where tmp2= , similarly, complete , and , which can make full use of NEON's parallel instructions such as veorq( tmp1 , tmp2 ) for hardware-level parallel computing, thereby achieving the effect of using the same instruction to simultaneously calculate four sets of data, greatly improving the computing performance of the message expansion part. The loop needs to be traversed from 16 to 67, a total of 52 rounds, and after the optimization of the present invention, the calculation The loop only needs to be traversed from 4 to 17, a total of 14 rounds, while parallel computing also reduces the number of loops. The message extension part optimization solution of the present invention is shown in FIG3.

In step 5, the compression function is optimized, and the round function of the original compression function of SM3 is shown in Figure 4. From the structure diagram, it can be seen that A in round j is obtained by calculating D in round j-1, B in round j is obtained by calculating A in the previous round, C in round j is obtained by calculating B in the previous round, and D in round j is obtained by calculating C in the previous round. After 4 rounds of calculation, A, B, C, D and E, F, G, H will return to the initial position. Therefore, the present invention defines these 4 rounds as an Ultra Round, and by switching the input position of the word in each round, the assignment of intermediate variables is reduced, and the number of cycles is reduced.

The specific implementation of Ultra Round is:

uint32_t Temp = rotate_left(*A, 12);

SS1 = rotate_left((Temp + *E + K[i]),7);

SS2 = SS1 ^ Temp;

TT1 = (FF1(*A, *B, *C) + *D + SS2 + (W[i] ^ W[i + 4]));

TT2 = (GG1(*E, *F, *G) + *H + SS1 + W[i]);

*D = TT1;

*H = P_0(TT2);

*B = rotate_left(*B, 9);

*F = rotate_left(*F, 19);

Compared with the original SM3 round function, four assignment operations are reduced in each round, thus improving the performance of the compression function.

The original compression function becomes:

Use a loop to call the UltraRound function multiple times, for a total of 19 rounds, changing the positions of the registers A, B, C, D, E, F, G, H each time. Let j be the number of loops. The first parameter passed into the UltraRound function is A, B, C, D, E, F, G, H, j. The second parameter is D, A, B, C, H, E, F, G, j+1. The third parameter is C, D, A, B, G, H, E, F, j+2. The fourth parameter is B, C, D, A, F, G, H, E, j+3.

The original SM3 compression function requires a total of 64 loop iterations, but after the elimination of intermediate variables is completed by round expansion, the number of loop iterations is reduced to 19 rounds. At the same time, the present invention splits the Boolean function, reduces branch judgment operations, improves operating efficiency, and reduces the risk of side channel attacks.

The method of the present invention is described below in conjunction with experiments.

The SM3 parallel acceleration algorithm implemented in the present invention performs encryption operations on randomly generated plaintexts, as shown in Figure 5; during the calculation process, a group of plaintexts are randomly selected for encryption operations, and at the same time, the SM3 pure C version implemented by the OPENSSL library and the SM3 pure C version implemented by the GMSSL library are compared. The present invention mainly tests two indicators: throughput and latency.

In the implementation and optimization of cryptographic algorithms, throughput is a crucial performance indicator. It directly reflects the amount of calculation that the algorithm can complete per unit time, thus becoming a key parameter for evaluating the algorithm's operational efficiency. In the present invention, the SM3 encryption algorithm is optimized by parallel computing. By comparing the amount of data encrypted per unit time by the same algorithm before and after optimization, the throughput indicator can clearly show the improvement of the algorithm's performance. The throughput calculated for ten rounds of encryption for the present invention and other schemes is shown in Figure 6.

As can be seen from FIG6 , the method proposed in the present invention has a corresponding improvement in throughput compared to GMSSL and OpenSSL. The improvement in throughput means that the amount of data that can be encrypted by the algorithm per unit time increases.

In the performance optimization of cryptographic algorithms, latency refers to the execution time of a single encryption, decryption or other cryptographic operation, that is, the time from the start of the operation to the completion of the operation. Latency is a key performance indicator because it directly affects the response speed and efficiency of the algorithm. In the process of performance optimization, reducing latency is generally considered to be one of the goals of improving system efficiency and response speed. Specifically in this study, the SM3 parallel encryption algorithm proposed in the present invention and the algorithms of GmSSL and OpenSSL were encrypted for 10,000 rounds respectively, and their latency was calculated respectively. The latency calculated by encrypting ten times by the present invention and other schemes is shown in Figure 7.

The results show that the method proposed in the present invention has significantly lower latency than the GmSSL and OpenSSL solutions, proving that the present invention improves the performance of the SM3 algorithm. The reduction in latency means that encryption takes less time, which is of great significance for improving the encryption response speed and improving the user experience.

Based on the above experimental results, it can be seen that compared with other versions of pure C code, the method proposed in the present invention has shown effective improvement in the main indicators for evaluating cryptographic algorithms. The present invention uses a parallel encryption scheme on the ARM platform to significantly reduce the latency of the SM3 algorithm and improve the throughput per unit time, thereby improving the overall performance of the SM3 algorithm.

The above description is only a preferred embodiment of the present invention and is not intended to be a further limitation of the present invention. All equivalent changes made using the contents of the present specification and drawings are within the protection scope of the present invention.

Claims (1)

1. An SM3 parallel data encryption method based on an ARM platform, characterized in that it comprises the following steps: Step 1: Obtain the same number of plaintexts to be encrypted as the number of CPU cores; Step 2: Create the same number of threads as the number of CPU cores, and make each thread encrypt a set of plaintext; Step 3: For each group of plaintext processed by each thread, message filling is performed; specifically: Divide the plaintext into 16 words, and use these 16 words to generate the subsequent 116 words, that is, ; The formula , 16≤j≤67 Replace with tmp1 of type uint32x4; where tmp1= ; Will Replace with tmp2 of type uint32x4, where tmp2= ; Will Replace with tmp3 of uint32x4 type, where tmp3= ; Will Replace with tmp4 of type uint32x4, where tmp4= ; Will Replaced with tmp5 of type uint32x4, where tmp5= ; Step 4: Input the plain text after message filling into the parallel message expansion module, and use the NEON instruction set to process each group of data in parallel; specifically: Let j = 4 and perform 13 rounds of iterations; In each iteration, the vld1q_u32 instruction in the NEON instruction set is used to load 4 words from W[j*4-16] into tmp1 at one time; Load 4 words from W[j*4-13] into tmp2; Load 4 words from W[j*4-9] into tmp3; Load 4 words from W[j*4-6] into tmp4; Then use NEON's veorq_u32 instruction to perform parallel XOR calculations on tmp1 and tmp3, and use the circular left shift instruction to shift tmp4 left by 15 bits. Finally, use the vst1q_u32 instruction to store the processed data into the W[j*4] array; Step 5: Input the plaintext after the parallel message expansion module into the optimized CF compression function module, reduce the assignment operation by constantly changing the input position of the word, and reduce the number of loops, and finally obtain the encrypted hash value; The CF compression function module includes registers A, B, C, D, E, F, G, and H for storing initial values, and registers SS1, SS2, TT1, and TT2 for storing intermediate variables in the calculation process. The module is executed in an Ultra Round function loop, and a specific compression function part is implemented in the Ultra Round. At the same time, the Boolean function is split, and the first 4 rounds of loops use Boolean function 1, and the last 15 rounds of loops use Boolean function 2 to reduce branch judgment; wherein the Boolean function 1 includes FF ₁ (X, Y, Z) = X Y Z，GG ₁ (X,Y, Z)=X Y Z, Boolean function 2 includes FF ₂ (X,Y, Z)=(X∧Y)∨(X∧Z)∨(Y∧Z), GG ₂ (X,Y, Z)=(X∧Y)∨(¬X∧Z), where X, Y, and Z are all values in the register that need to be calculated. represents XOR operation, ∧ represents AND operation, ∨ represents OR operation, and ¬ represents NOT operation; The specific implementation steps of the Ultra Round are: First, the values of registers SS1, SS2, TT1, and TT2 are calculated for the process using the original compression function, and then the value of TT1 is assigned to register D. The value of TT2 is assigned to register H after being operated by the P_0 function. The value of B is shifted left by 9 bits and then assigned to register B. The value of F is shifted left by 19 bits and then assigned to register F, and finally the encrypted hash value is obtained.