Progress In Science and Engineering Research Journal ISSN 2347-6680 (E)

FPGA IMPLEMENTATION OF SHA-256

P Anil Kumar1, P Bhanu Prakash2
Asst. Professor, ECE Department, Jagan's College of Engineering and Technology [JCET]

Abstract: We all know how important to provide security We should have short signature for a message of
these days, it may be for network or system. There are many arbitrary length for performance enhancement. Major
algorithms to secure the data on the name of encryption property of hash function is that its output length is
among which SHA (Secure Hash Algorithm) has its role
independent of the input length. Practical hash
reserved. There are a wide variety of SHA algorithms such
functions have output length varies by 128-512 bits.
as SHA 256, SHA 224 and SHA 384 and so on based size of
Finally, the computation should be highly sensitive to
message digest. This paper illustrates about the
implementation of SHA algorithm for the efficient
all input bits i.e. even if we make minor modifications

utilization of FPGA. The main aim of this paper is to obtain to the input, the result looks different.
high frequency operation within minimal area occupation.
Some important characteristics of hash functions are
Index Terms: Hash functions, Cryptography, SHA-256, pre image resistance (or one-way ness), second pre
FPGA, VHDL, Data integrity, Digital signature, Message image resistance (or weak collision resistance) and
authentication, Pre-image resistance, and Message digest. collision resistance (or strong collision resistance).

I. INTRODUCTION One-way ness means calculation is easy but is

computationally infeasible. Collision resistance implies
Hash functions are an important cryptographic
difficulty in finding two messes that have the same hash
primitive that occupy a wide role in protocols. They
value. That means it is computationally infeasible to
compute a message digest of short and fixed length bit
create two different messages x1 ≠ x2 with hash value
string. For a certain message, the message digest, or
z1 = h(x1) = h(x2) = z2. In the first case, x1 is given
hash values, are analogy to the fingerprint of a message.
and we try to find x2. This is called second pre image
Since they do not have a key. The use of hash functions
or weak collision resistance. The second case is given,
is vital in cryptography. Because hash functions have
if an attacker is free to choose both x1 and x2. This is
an essential role in digest signature schemes, message
referred as strong collision resistance. [3]
authentication codes and also widely used for other
cryptographic applications. Even though hash functions In recent years, the reputedly used hash function is the
have many vital applications in modern cryptography, Secure Hash Algorithm (SHA). Indeed, because other
they are perhaps well known for their crucial role in the hash functions were found to have substantial
practical use of digital signatures. The length of digital cryptanalytic weaknesses, SHA was the last remaining
signature is varied; thus we face many problems. Some standardized hash algorithm in 2005 and was developed
serious issues are heavy computational load, message by the National Institute of Standard and Technology
overhead, and security limitation. (NIST) and announced as a federal information
processing standard (FIPS 180) in 1993. When
Corresponding Author:[1]
limitations were found in SHA (now known as SHA-0),
1. Mr. P Anil Kumar, Asst. Professor, ECE Department, Jagan's a revised version was issued as FIPS 180-1 in Hash
College of Engineering and Technology, Nellore, AP.
Standard. SHA is based on the hash function MD4, and
Email Id: palabhanuprakash@[Link]
its design is analogous to MD4 model. SHA-1 produces
2. Mr. P Bhanu Prakash, ECE Department, Jagan's College of
Engineering and Technology, Nellore, AP a hash value of 160 bits. In 2002, NIST produced a
revised version of the standard, FIPS 180-2, defining

© 2015 PISER Journal [Link]

PISER 17, Vol.03, Issue: 01/06 January-February; Bimonthly International Journal
Page(s) 001-005
 Progress In Science and Engineering Research Journal ISSN 2347-6680 (E)
three new versions of SHA with hash value lengths of 4th Step: Message Compression
256, 384, and 512 bits well known as SHA-2. A revised The 𝑊𝑡 word from message expansion stage is then
document was issued as FIP PUB 180-3IN on 2008, passed to the SHA compression function or the ‘SHA
which added a 224-version. In 2005, NIST announced core’. The core utilizes 8working variables labelled
the intention to phase out approval of SHA-1 and move A,B,….H which are then initialized to predefined
to reliance on SHA-2 by 2010. [4] (0) (0)
values 𝐻0 𝑡𝑜 𝐻7 at the start of each call to the hash

II. SHA-256 ALGORITHM FLOW function.

Each algorithm can be described in two stages. The first Table 1: Initial Hash functions

stage is the preprocessing stage. In this stage the (0) (0)

A =𝐻0 6a09e667 E =𝐻4 510e527f
message is padded, parsed, into n blocks and the values (0) (0)
B =𝐻1 bb67ae85 F =𝐻5 9b05688c
that are going to be used in hash function are initialized. (0) (0)
C =𝐻2 3c6ef372 G =𝐻6 1f83d9ab
In the second stage hash calculations is done.
(0) (0)
D=𝐻3 a54ff53a H=𝐻7 5be0cd19
st
1 Step: Message Padding

The message, M, shall be padded before hash 5th Step: The algorithm is implemented by 64-cycle
computation begins. The purpose of this padding is to iterative computational each block. The eight working
ensure that the padded message is a multiple of 512 or variables are labeled A, B, C…..H which are updating
1024 bits, depending on the algorithm. Suppose that the the value during the 64-cycle as follows.
length of the message, M, is L bits. Append the bit “1” {𝟐𝟓𝟔}
𝑻𝟏 = 𝑯 + ∑𝟏 (𝑬) + 𝒄𝒉(𝑬, 𝑭, 𝑮) + 𝑲{𝟐𝟓𝟔}
𝒕 + 𝑾𝒕
to the end of the message, followed by K zero bits, here
{𝟐𝟓𝟔}
𝑻𝟐 = ∑𝟎 (𝑨) + 𝑴𝒂𝒋(𝑨, 𝑩, 𝑪)
the length l+1+k = 448mod512. The last 64 bits are
𝑪𝒉(𝑬, 𝑭, 𝑮) = (𝑬 ∧ 𝑭) ⊕ (¬)(𝑬 ∧ 𝑮)
used to store the size of data.
𝑴𝒂𝒋(𝑨, 𝑩, 𝑪) = (𝑨 ∧ 𝑩) ⊕ (𝑨 ∧ 𝑪) ⊕ (𝑩 ∧ 𝑪)
nd
2 Step: Parsing {𝟐𝟓𝟔}
∑𝟏 (𝑬) = 𝑹𝑶𝑻𝑹𝟔 (𝑬) ⊕ 𝑹𝑶𝑻𝑹𝟏𝟏 (𝑬)⨁𝑹𝑶𝑻𝑹𝟐𝟓(E)
After a message has been padded, it must be parsed into {𝟐𝟓𝟔}
∑𝟎 (𝑨) = 𝑹𝑶𝑻𝑹𝟐 (𝑨) ⊕ 𝑹𝑶𝑻𝑹𝟏𝟑 (𝑨)⨁𝑹𝑶𝑻𝑹𝟐𝟐(A)
N m-bits blocks before the hash computational can
H=G
begin.
G=F
rd
3 Step: Message Scheduler F=E

Each 512 bit block can be divided into 16 32-bit words E = D+T1

(𝑖) (𝑖)
𝑀0 to 𝑀15 which are then expanded into 64 words D=C

C=B
labelled 𝑊0 to 𝑊63 . Under the certain rule prescribed
by SHA-2 standard. B=A

A = T1+T2
(𝒊)
𝑴𝒕 𝟎 ≤ 𝒕 ≤ 𝟏𝟓
𝑊𝑡 = { {𝟐𝟓𝟔} 6th Step: After 64 iterations of the compression
𝝈𝟏 (𝑾𝒕−𝟐 ) + 𝑾𝒕−𝟕+𝝈{𝟐𝟓𝟔}(𝑾 𝟏𝟔 ≤ 𝒕 ≤ 𝟔𝟑
𝟎 𝒕−𝟏𝟓 )+𝑾𝒕−𝟏𝟔

function, an intermediate hash value 𝐻 (𝑖) is calculated

Here as follows:

(𝐼) (𝐼−1)
{256}
𝜎1 (𝑥) = 𝑅𝑂𝑇𝑅17 (𝑥) ⊕ 𝑅𝑂𝑇𝑅19 (𝑥) ⊕ 𝑆𝐻𝑅10 (𝑥) 𝐻0 = A + 𝐻0
{256} (𝐼) (𝐼−1)
𝜎0 (𝑥) = 𝑅𝑂𝑇𝑅 7 (𝑥) ⊕ 𝑅𝑂𝑇𝑅18 (𝑥) ⊕ 𝑆𝐻𝑅 3 (𝑥) 𝐻1 = B + 𝐻1

© 2015 PISER Journal [Link]

PISER 17, Vol.03, Issue: 01/06 January-February; Bimonthly International Journal
Page(s) 001-005
 Progress In Science and Engineering Research Journal ISSN 2347-6680 (E)
(𝑁) (𝑁) (𝑁) (𝑁) (𝑁) (𝑁) (𝑁) (𝑁)
𝐻0 ∥ 𝐻1 ∥ 𝐻2 ∥ 𝐻3 ∥ 𝐻4 ∥ 𝐻5 ∥ 𝐻6 ∥ 𝐻7
Start

In the case multi block first block follows some above

processes then second block same as first block but it
Yes No
uses the first block hash values like initial hash vales. [2]
If message
length 512
H H

G G
Padding in Divide into
single block two chunks F F

E ∑ (T1+D) E

Parsing
D D

C C

B B
Message scheduling Initialize initial hash
(512)16-32bit words) values with 8 working ∑ (T1+T2)
variables A A

Update the new hash T T

values within 64 1 2
iterations

H
Add Initial and
𝐾𝑡256 ∑ ∑
final hash values
Maj(A,B,C
𝑊𝑡 )

(16≤t≤6
𝑅𝑂𝑇𝑅 2 (𝐴)
3) 6 (𝐸)
𝑅𝑂𝑇𝑅 ∑256
0 (𝐴)
Yes No
𝑅𝑂𝑇𝑅13 (𝐴)
𝑅𝑂𝑇𝑅 (𝐸) 11 ∑1256 (𝐸)
Padding
o
Block two End 𝑅𝑂𝑇𝑅 22 (𝐴)
𝑅𝑂𝑇𝑅 25 (𝐸)
o
O
∑
o Calculations
Figure 1: SHA-256 Algorithm Round Ch(E,F,
G)
(𝐼) (𝐼−1)
o
𝐻2 = C + 𝐻2 o
(𝐼) (𝐼−1)
𝐻3 = D + 𝐻3
(𝐼) (𝐼−1)
𝐻4 = E + 𝐻4 𝑊𝑡−7
∑
𝑊𝑡−16
(𝐼) (𝐼−1)
𝐻5 = F + 𝐻5
𝑅𝑂𝑇𝑅 7 (𝑊𝑡−15)
(𝐼) (𝐼−1) 𝑅𝑂𝑇𝑅18 (𝑊𝑡−15) 𝜎0256
𝐻6 =G+ 𝐻6
𝑆𝐻𝑅 3 (𝑊𝑡−15)
(𝐼) (𝐼−1)
𝐻7 =H + 𝐻7 𝑅𝑂𝑇𝑅17 (𝑊𝑡−2)
𝜎1256
𝑅𝑂𝑇𝑅19 (𝑊𝑡−2)
After repeating steps one through four a total of N
𝑅𝑂𝑇𝑅10 (𝑊𝑡−2)
times, resulting 256-bits messages digest of the
message, M, Is Figure 2: Flow chart of SHA-256 algorithm

© 2015 PISER Journal [Link]

PISER 17, Vol.03, Issue: 01/06 January-February; Bimonthly International Journal
Page(s) 001-005
 Progress In Science and Engineering Research Journal ISSN 2347-6680 (E)

III. HARDWARE IMPLEMENTATION Controlling technique that optimizes the data

dependency. This technique allows for an improvement
In order to evaluate the proposed designed the resulting
in the throughput. How every it is significantly
SHA-256 hash function cores have been implemented
increased the critical area. Delay balancing increases
in Altera II by using FPGA. All the values presented for
the critical area. Here In this project we are used low
our cores were gotten after placing and route. A custom
embedded memory (1%). Another thing here we are try
computing unit (CCU) utilizing these SHA-2 cores.
to process parallel technique, to achieve higher
For efficient capabilities of the reconfigurable device, frequencies.
some design alteration could be made. The main one
lays in the use of fast carry chains for carry propagation Applications

Adders (CPA) instead of CSA in both the first and in 1) SHA-1, SHA-224, SHA-256, SHA-384, and SHA-
the second pipeline stage, since they are able to achieve 512 are the secure hash algorithms required by law
the same performance results in FPGA, with minimal for use in certain U. S. Government applications,
area resources. On implementation of SHA-256 hash including use within other cryptographic
function, a single BRAM can be used, since the 64 32- algorithms and protocols, for the protection of
bits fit in a 32-bit port embedded memory. sensitive unclassified information. FIPS PUB 180-
1 also encouraged adoption and use of SHA-1 by
In the processing every word, logical operations in the
private and commercial organizations.
every iteration may be a simple combination circuit,
2) A prime motivation for the publication of the
while the arithmetic only needs 32 bits adder to
Secure Hash Algorithm was the Digital Signature
complete. From the description of the algorithm,
Standard, in which it is incorporated.
calculating ‘T1’ value is the longest path. So carry look
3) The SHA hash functions have been used as the
ahead adder of the parallel structure is used to reduce
basis for the SHACAL block ciphers.
the carry signal delay. The billow table shows the
4) The mega function is suitable for a variety of
results of with carry look ahead adder without carry
application requiring digital signatures or other
look ahead adder. Here one addition performed by one
message authentication or tamper protection,
clock cycle. Another main thing is here we are using
including :
Altera feature that is predefined memory elements
E-commerce
(RAM, ROM).
Data indignity
∑1256(𝐸) E F G 𝑊𝑡 𝐾𝑡256 Bulk encryption
H
High speed networking equipment
Secure wireless applications
∑ 𝑐ℎ(𝐸, 𝐹, 𝐺) Memory Memory

[Link]
In this design, this IP core is described by Verilog HDL
hef wh language and has been implemented to FPGA Altera.
Then it is synthesized and routed on the Quartus II.

∑
Finally it is simulated by ModelSim to test if the IP
core is correct. Table 1 shows the comparison data
whether or not using the carry look ahead adder. In
T
1
Figure 3: The addition structure of ‘T1’ value
which the performance is increased and resource

© 2015 PISER Journal [Link]

PISER 17, Vol.03, Issue: 01/06 January-February; Bimonthly International Journal
Page(s) 001-005
 Progress In Science and Engineering Research Journal ISSN 2347-6680 (E)
consumption is also increased by after using the carry V. CONCLUSION
look ahead adder. Under simulation clock is 390MHz,
In this paper we have implemented SHA-256 algorithm
its simulation waveforms are shown in below figures, in
on stratix II FPGA. We have achieved operating
which the input string is abc the result of SHA-256 is
frequency of 204 MHz at initial stage. Later, the
ba7816bf 8f01cfea 414140de 5dae2223 b00361a3
modified version of above algorithm using carry look
96177a9c b410ff61 f20015ad.
ahead adder and parallel processing architecture
Table 2: Output Parameter Values improves the operating frequency to 390 MHz with a

Previous Without With carry marginal increase in hardware.

Parameters Approach carry look look ahead
[10]
ahead adder adder
REFERENCES
LUT 755 1,088 1,602
[1] FIBS PUB 180-1 Secure Hash Standard
Block ram
16384 bits 4,608 bits 6,656 bits [2] FIBS PUB 180-2 Secure Hash Standard
memory
[3] Understanding Cryptography by Christof Paar Jan Pelzl
Frequency 174 MHz 204 MHz 390 MHz
[4] NETWORK SECURITY ESSENTIALS Applications and
Standards (fourth edition) by WILLIAM STALLINGS
[5] Shambhulingaiah C.M, Ravi simha, Dr. [Link] “FPGA
Implimentatioin of Hybrid Cryptography Engine for
Communication System”, IJAREEIE vol. 2.issue7, July 2013
[6] CAST ALTERA,”SHA-256 secure hash function mega
function”
[7] [Link], prof. S. [Link], “C Implementation of SHA-
2565 Algorithm”, IJETAE (ISSN 2250-2459, ISO 9001:2008
certified journal, volume 3, issue 6, June 2013).
[8] [Link] sai karthik, [Link] Sridhar, “Implementing SHA-
224/256 Algorithm for Secure Commitment Scheme
Applications using FPGA”, (IJESS) ISSN: 2231-5969, VOL-1
ISS-4, 2012.
[9] Thulasimani lakshmanan and madheswaran muthusamy, “A
Novel Secure Hash Algorithm for Public Key Digital
Signature Schemes”, IAJIT, vol. 9, no.3, may 2012.
[10] Ricardo Chaves and Leonel Sousa, “Improving SHA-2
Figure 4: Message Digest Output Hardware Implementations ”, LNCS 4249 pp 298-310, 2006.

Figure 5: Message Digest Output

© 2015 PISER Journal [Link]

PISER 17, Vol.03, Issue: 01/06 January-February; Bimonthly International Journal
Page(s) 001-005