core::arch::riscv64

Function sm3p1

source
pub unsafe fn sm3p1(rs1: u32) -> u32
🔬This is a nightly-only experimental API. (riscv_ext_intrinsics #114544)
Available on RISC-V RV64 and target feature zksh only.
Expand description

Implements the P1 transformation function as used in the SM3 hash function [4, 30].

This instruction is supported for the RV32 and RV64 base architectures. It implements the P1 transform of the SM3 hash function [4, 30]. This instruction must always be implemented such that its execution latency does not depend on the data being operated on.

Source: RISC-V Cryptography Extensions Volume I: Scalar & Entropy Source Instructions

Version: v1.0.1

Section: 3.42

§Safety

This function is safe to use if the zksh target feature is present.

§Details

P1 transformation function as is used in the SM3 hash algorithm

This function is included in Zksh extension. It’s defined as:

P1(X) = X ⊕ (X ≪ 15) ⊕ (X ≪ 23)

where represents 32-bit xor, and ≪ k represents rotate left by k bits.

In the SM3 algorithm, the P1 transformation is used to expand message, where expanded word Wj can be generated from the previous words. The whole process can be described as the following pseudocode:

FOR j=16 TO 67
    Wj ← P1(Wj−16 ⊕ Wj−9 ⊕ (Wj−3 ≪ 15)) ⊕ (Wj−13 ≪ 7) ⊕ Wj−6
ENDFOR