安全雜湊演算法(secure hash algorithm, SHA)又名安全散列算法，一個密碼雜湊函式家族，是聯邦資訊處理標準(FIPS)所認證的安全雜湊演算法。其中的第二代安全雜湊演算法(secure hash algorithm 2, SHA-2)由美國國家安全局(NSA)所設計，並由美國國家標準與技術研究院（NIST）於2001年發布，現今也大量運用於各類可信賴運算、物聯網以及區塊鏈技術中。
比特幣是現今最流行的加密貨幣，利用了工作量證明(proof-of-work,PoW)技術，每個區塊有效工作驗證碼的產生便是透過反覆計算兩次安全雜湊演算法-256(double SHA-256)來尋找有效的工作證明，反覆大量的計算適合使用客製化的硬體電路來進行，而資料產出速率影響尋找答案的速度，能量消耗則對計算成本有直接的影響，如何實現不提高消耗能量的情況下，提高計算的資料產出速率的硬體電路，為本篇論文的研究目標。
本篇論文藉由將安全雜湊演算法256(SHA-256)迭代回合展開，實現多個迭代回合硬體作為基礎設計，並依據路徑延遲安插暫存器，使得時脈頻率提高。將計算的迭代回合打破，將迭代回合中一開始的計算移動到前一個迭代回合來預先計算，使各階管線的路徑延遲更加平衡，進一步將關鍵路徑延遲縮短至一個加法運算與三個邏輯運算(1XOR+1AND+1OR)。使用TSMC 180nm標準元件庫進行合成，實現的比特幣挖礦之兩次SHA-256硬體電路模擬，時脈頻率為278 MHz，資料產出速率為284.44 Gbps，278Mhash/s。

The algorithm of Bitcoin mining, the core of which is to compute double secure hash algorithm 256 (SHA-256). In Bitcoin mining computing, two most important things are throughput and power consumption. Throughput affects the speed of mining, and the energy consumption has a direct impact on the mining cost. In this paper, we propose a high area efficiency SHA-256 hardware pipelined core, which has almost the same delay in each pipelined stage. In order to increase throughput, we shorten the critical path of the compressor by delay-balanced technology, moving some combinational logic to previous iterative round for pre-computation. The critical path became three logic operations (1XOR+1AND+1OR) plus a 32-bit addition. We apply our SHA-256 core to Bitcoin mining double SHA-256 architecture. Considering the double SHA-256 input data characteristic to reduce the hardware cost and reduce energy consumption indirectly. We use TSMC 180nm standard cell library and the synthesis tool of Synopsys Design Compiler. The clock frequency throughput of the proposed architecture is 278 MHz and the throughput of which is 284.44 Gbps or 278 Mhash/s.

[1] S. Nakamoto, Bitcoin: A Peer-to-Peer Electronic Cash System, Nov. 2019.
[2] Nakajima J., Matsui M. (2002) Performance Analysis and Parallel Implementation of Dedicated Hash Functions. In: Knudsen L.R. (eds) Advances in Cryptology — EUROCRYPT 2002.
[3] J. Docherty and A. Koelmans, "A flexible hardware implementation of SHA-1 and SHA-2 Hash Functions," 2011 IEEE International Symposium of Circuits and Systems (ISCAS), 2011, pp. 1932-1935, doi: 10.1109/ISCAS.2011.5937967.
[4] N. Sklavos and O. Koufopavlou, "On the hardware implementations of the SHA-2 (256 384 512) hash functions", Proc. Int. Symp. Circuits Syst. (ISCAS), pp. 5, Nov. 2003.
[5] A. Mohamed and A. Nadjia, "SHA-2 hardware core for virtex-5 FPGA", Proc. IEEE 12th Int. Multi-Conf. Syst. Signals Devices (SSD), pp. 1-5, Mar. 2015.
[6] M. Mcloone and J. Mccanny, "Efficient single-chip implementation of SHA-384 and SHA-512", Proc. IEEE Int. Conf. Field-Programmable Technol. (FPT), pp. 311-314, Oct. 2003.
[7] M. Kim, J. Ryou and S. Jun, "Efficient hardware architecture of SHA-256 algorithm for trusted mobile computing", Proc. Int. Conf. Inf. Secur. Cryptol. (INSCRYPT), pp. 240-252, 2009.
[8] T. Grembowski, R. Lien, K. Gaj, N. Nguyen, P. Bellows, J. Flidr, et al., "Comparative analysis of the hardware implementations of hash functions SHA-1 and SHA-512", Proc. Int. Conf. Inf. Secur. (ISC), pp. 75-89, 2002.
[9] R. Chaves, G. Kuzmanov, L. Sousa and S. Vassiliadis, "Improving SHA-2 hardware implementations", Proc. 8th Workshop Cryptograph. Hardw. Embedded Syst. (CHES), pp. 298-310, 2006.
[10] I. Algredo-Badillo, C. Feregrino-Uribe, R. Cumplido and M. Morales-Sandoval, "Novel hardware architecture for implementing the inner loop of the SHA-2 algorithms", Proc. 14th Euromicro Conf. Digit. Syst. Design, pp. 543-549, Aug. 2011.
[11] Y. Chen and S. Li, "A High-Throughput Hardware Implementation of SHA-256 Algorithm," 2020 IEEE International Symposium on Circuits and Systems (ISCAS), 2020, pp. 1-4, doi: 10.1109/ISCAS45731.2020.9181065.
[12] R. Lien, T. Grembowski and K. Gaj, "A 1 Gbit/s partially unrolled architecture of hash functions SHA-1 and SHA-512", Proc. Cryptographers’ Track RSA Conf. (CT-RSA), pp. 324-338, 2004.
[13] H. E. Michail, A. P. Karakountas, E. Fotopoulou and C. E. Goutis, "High-speed and low-power implementation of hash message authentication code through partially unrolled techniques", Proc. 5th Int. Conf. Multimedia Internet Video Technol. (MIV), pp. 130-135, 2005.
[14] K. Aisopos, A. Kakarountas, H. Michail and C. Goutis, "High throughput implementation of the new secure hash algorithm through partial unrolling", Proc. IEEE Workshop Signal Process. Syst. Design Implement., pp. 99-103, Jan. 2006.
[15] M. Zeghida, B. Bouallegue, A. Baganne, M. Machhout and R. Tourki, "A reconfigurable implementation of the new secure hash algorithm", Proc. 2nd Int. Conf. Availability Rel. Secur. (ARES), pp. 281-285, Apr. 2007.
[16] M. Zeghid, B. Bouallegue, M. Machhout, A. Baganne and R. Tourki, "Architectural design features of a programmable high throughput reconfigurable SHA-2 Processor", J. Inf. Assurance Secur., vol. 3, pp. 147-158, Jan. 2008.
[17] H. Michail, A. Milidonis, A. Kakarountas and C. Goutis, "Novel high throughput implementation of SHA-256 hash function through pre-computation technique", Proc. 12th IEEE Int. Conf. Electron. Circuits Syst., pp. 1-4, Dec. 2005.
[18] X. Zhang, R. WU, M. Wang and L. Wang, "A High-Performance Parallel Computation Hardware Architecture in ASIC of SHA-256 Hash," 2019 21st International Conference on Advanced Communication Technology (ICACT), 2019, pp. 52-55, doi: 10.23919/ICACT.2019.8701906.
[19] T. H. Tran, H. L. Pham and Y. Nakashima, "A High-Performance Multimem SHA-256 Accelerator for Society 5.0," in IEEE Access, vol. 9, pp. 39182-39192, 2021, doi: 10.1109/ACCESS.2021.3063485.
[20] V. D. Phan, H. L. Pham, T. H. Tran and Y. Nakashima, "High Performance Multicore SHA-256 Accelerator using Fully Parallel Computation and Local Memory," 2021 IEEE Symposium in Low-Power and High-Speed Chips (COOL CHIPS), 2021, pp. 1-3, doi: 10.1109/COOLCHIPS52128.2021.9410349.
[21] H. Michail, A. Kakarountas, A. Milidonis and C. Goutis, "A top-down design methodology for ultrahigh-performance hashing cores", IEEE Trans. Dependable Secure Comput., vol. 6, pp. 255-268, Oct. 2009.
[22] L. Dadda, M. Macchetti and J. Owen, "The design of a high speed ASIC unit for the hash function SHA-256 (384 512)", Proc. Design Autom. Test Eur. Conf. Exhib. (DATE), vol. 3, pp. 70-75, 2004.
[23] L. Dadda, M. Macchetti and J. Owen, "An ASIC design for a high speed implementation of the hash function SHA-256 (384 512)", Proc. 14th ACM Great Lakes Symp. VLSI (GLSVLSI), pp. 421-425, 2004.
[24] K. K. Ting, S. C. L. Yuen, K. H. Lee and P. H. W. Leong, "An FPGA based SHA-256 processor", Proc. 12nd Int. Conf. Field Program. Logic Appl. (FPL), pp. 577-585, 2002.
[25] R. Mcevoy, F. Crowe, C. Murphy and W. Marnane, "Optimisation of the SHA-2 family of hash functions on FPGAs", Proc. IEEE Comput. Soc. Annu. Symp. Emerg. VLSI Technol. Archit. (ISVLSI), pp. 317-322, Mar. 2006.
[26] F. Opritoiu, S. L. Jurj and M. Vladutiu, "Technological solutions for throughput improvement of a secure hash algorithm-256 engine", Proc. IEEE 23rd Int. Symp. Design Technol. Electron. Packag. (SIITME), pp. 159-164, Oct. 2017.
[27] N. T. Courtois, M. Grajek and R. Naik, "Optimizing SHA256 in bitcoin mining", Proc. Int. Conf. Cryptogr. Secur. Syst., pp. 131-144, 2014.
[28] J. Barkatullah and T. Hanke, "Goldstrike 1: CoinTerra’s first-generation cryptocurrency mining processor for bitcoin", IEEE Micro, vol. 35, no. 2, pp. 68-76, Mar. 2015.
[29] "Bitcoin mining hardware accelerator with optimized message digest and message scheduler datapath", Mar. 2018.
[30] V. Suresh, S. Satpathy, R. Kumar, M. Anders, H. Kaul, A. Agarwal, et al., "A 250Mv 0.063J/Ghash bitcoin mining engine in 14nm CMOS featuring dual-vcc Sha256 datapath and 3-Phase latch based clocking", Proc. Symp. VLSI Circuits, pp. C32-C33, Jun. 2019.
[31] H. L. Pham, T. H. Tran, T. D. Phan, V. T. Duong Le, D. K. Lam and Y. Nakashima, "Double SHA-256 Hardware Architecture With Compact Message Expander for Bitcoin Mining," in IEEE Access, vol. 8, pp. 139634-139646, 2020, doi: 10.1109/ACCESS.2020.3012581.
[32] U. R, "Area, Delay and Power Comparison of Adder Topologies", International Journal of VLSI Design & Communication Systems, vol. 3, no. 1, pp. 153–168, 2012.
[33] L. Bai and S. Li, "VLSI implementation of high-speed SHA-256", Proc. IEEE 8th Int. Conf. ASIC, pp. 131-134, Oct. 2009.
[34] S. Tillich, M. Feldhofer, M. Kirschbaum, P. Thomas, S. Jörn-Marc and S. Alexander, "High-speed hardware implementations of BLAKE blue midnight wish CubeHash ECHO Fugue Grøstl Hamsi JH Keccak Luffa Shabal SHAvite-3 SIMD and Skein", IACR Cryptol. ePrint Arch., vol. 510, 2009.