SHA256 Implementation Gate Equivalent

4

I needed help in understanding how to calculate the GE for a SHA256 implementation. I need to calculate the GE of individual functions in the SHA256 hashing algorithm.

Could anyone please direct me to an appropriate paper/book that explains this in detail?

Balthazar2012

Posted 2013-08-01T18:22:45.770

Reputation: 43

Here's the SHA2 spec: http://csrc.nist.gov/publications/fips/fips180-4/fips-180-4.pdf Are you asking about how to implement this in an FPGA, or how many gates it will take to implement it?

– Nick ODell – 2013-08-02T00:34:31.580

1

Don't cross-post

– CodesInChaos – 2013-08-02T13:47:45.000

Answers

2

Well, the answer to this question mostly depends on what kind of implementation you choose for your multiple-input 32-bit wide adders (there are several different solutions to this speed versus gate count trade-off). Usually, when using the term "gate equivalent," engineers are talking about FPGAs, where it is a cool marketing slogan that tries to persuade you that the FPGA is much more powerful that you'd think from its number of logical elements because some of them can implement complicated circuits that would need a high number of gates otherwise. In this case, you will almost certainly use whatever special provisions your FPGA chip has for wide additions (and your GE count will depend on whatever its manufacturer's marketting department believes to get away with for translating that into "typical" gate counts of comparable circuits).

If your goal is to estimate how much of SHA256 you can fit into a given FPGA, you may be even better off comparing with what others have achieved. This may take a bit of digging, but will give you good estimates. The FPGA section of this wiki page for mining hardware comparison could give you initial links. I don't have numbers at the ready, but I remember having concluded ca. 15 month ago that those FPGAs that were mature enough then to have single-unit bare chip retail prices around 100 $ (the most computing per money you could get then) tended to be just about big enough for a fully unrolled and fully pipelined double-SHA256 implementation.

pyramids

Posted 2013-08-01T18:22:45.770

Reputation: 2 988