CN101567783B - Elliptical curve encryption and decryption method and device based on II-type Gaussian base field - Google Patents

Elliptical curve encryption and decryption method and device based on II-type Gaussian base field Download PDF

Info

Publication number
CN101567783B
CN101567783B CN2008100670099A CN200810067009A CN101567783B CN 101567783 B CN101567783 B CN 101567783B CN 2008100670099 A CN2008100670099 A CN 2008100670099A CN 200810067009 A CN200810067009 A CN 200810067009A CN 101567783 B CN101567783 B CN 101567783B
Authority
CN
China
Prior art keywords
base field
carry out
elliptic curve
ring shift
computing
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN2008100670099A
Other languages
Chinese (zh)
Other versions
CN101567783A (en
Inventor
李辉亮
田逢春
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Coship Electronics Co Ltd
Original Assignee
Shenzhen Coship Electronics Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Coship Electronics Co Ltd filed Critical Shenzhen Coship Electronics Co Ltd
Priority to CN2008100670099A priority Critical patent/CN101567783B/en
Publication of CN101567783A publication Critical patent/CN101567783A/en
Application granted granted Critical
Publication of CN101567783B publication Critical patent/CN101567783B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Complex Calculations (AREA)

Abstract

The invention is suitable for the field of information security and provides an elliptical curve encryption method based on an II-type Gaussian base field. The method comprises the following steps: inputting a command to acquire a public key Db and a generation element P; generating a random number K1; calculating the value of the K1P and the value of the K1Db; encrypting the plaintext information embedded into an elliptical curve by taking R=K1Db as an encryption key, and sending the K1P and the cipher text obtained by encryption to the decryption part. Because the dot product operation of base field elements with the maximum time consumption is optimized, the elliptical curve encryption method only needs 143.8 milliseconds in one time of the process of ECC encryption and decryption, and compared with the 351 milliseconds required by the one time of the process of ECC encryption and decryption, the speed is increased by more than 2 times.

Description

A kind of ellipse curve encryption and decryption method and device based on II type Gaussian base field
Technical field
The invention belongs to information security field, relate in particular to a kind of ellipse curve encryption and decryption method and device based on II type Gaussian base field.
Background technology
Elliptic curve cipher (Elliptic Curve Cryptography; ECC) encryption principle is based on (the Elliptic Curve Discrete Logarithm Problem of elliptic curve discrete logarithm problem on the finite field; ECDLP) intractability of q, this intractability can be the example explanation with the peculiar elliptic curve of levying on the finite field.
If GF (p) is the peculiar finite field of levying of P ≠ 2,3, is defined in elliptic curve on the GF (p) and is meant and satisfies Weierstrass equation: y 2=x 3+ ax+b (a, b ∈ GF (p), and 4a 3+ 27b 2≠ 0) all are separated, (x, y) nonempty set of ∈ GF (p) * GF (p) and infinite point O formation.If P is that (then the elliptic curve discrete logarithm problem about the user is on elliptic curve E for x, a y) point on (GF (p)): (x, y) (GF (p)) find the solution integer x (x ∈ GF (p)) to given 1 Q ∈ E to elliptic curve E, make xP=Q.If such number exists, and is exactly the elliptic curve discrete logarithm so, that is, choose a some P on this elliptic curve as basic point, a given integer x, it is easy finding the solution xP=Q, but will derive integer x from Q point and P point, then is very difficult.Therefore, in numerous cryptosecurity system technical schemes, ECC is the present known the highest a kind of cryptographic system of fail safe.
According to the difference that finite field is chosen, the ECC system can be divided into based on prime field GF (p) and binary system multinomial territory GF (2 m) two big types (the elliptic curve equation of this moment is for satisfying Weierstrass equation: y 2+ xy=x 3+ ax+b (a, b ∈ GF (2 m), and b ≠ 0)), wherein, binary field comprise general Gaussian base field (Normal gauss Basis, NB) with I, II type Gaussian base field, the back both be classified as again optimal normal bases (Optimal Normal Basis, ONB).Because Gaussian base field has that square operation only need be shifted, multiplying demand mould and be easy to utilize advantage such as hardware realization not; So it is used widely in information privacy systems such as digital signature, smart card, banking secrecy system and government's safety system.
Usually, the ECC that is defined on the Gaussian base field need do three kinds of computings to the base field element: dot product, invert and point adds, and consuming time maximum be point multiplication operation.In the existing ECC system; For point multiplication operation generally is according to ieee standard [IEEE P1363/D13 (Draft Version 13) .StandardSpecifications for Public Key Cryptography Annex A; 1999-12] in the Gaussian base field multiplication realize that its base field multiplication formula is following:
c k = Σ i = 1 p - 2 a F ( i + 1 ) b F ( p - i ) . . . . . . . . . . . . . . . . . . . . ( 1 )
Wherein, 0≤k≤m-1, p=2m+1, m are based on binary system multinomial territory GF (2 m) on elliptic curve key length, F is a Gaussian base field multiplication subscript sequence formula, by F (2 ju iModp)=and i, 0≤i≤m-1, derive 0≤j≤1.
The computational process that provides according to above-mentioned formula (1), Gaussian base field multiplication need be carried out 2m cyclic shift and 2m 2-m time step-by-step distance (XOR) and step-by-step " with " (AND) computing, have o (m 2) complexity.When utilizing computer realization, can obtain following formula through changing by vector:
Figure S2008100670099D00022
According to the vectorization algorithm that formula (2) provides, reduced the complexity of calculating, be beneficial on computers and realize, but Gaussian base field multiplication still need 4m-2 cyclic shift and 2m-1 vectorial distance (XOR) computing and " with " (AND) computing.Therefore, in the prior art, the algorithm that provides according to formula (1) or formula (2); The encryption and decryption process of an ECC also needs 1000 number magnitude Gaussian base field multiplication, when utilizing computer software and hardware to realize; Still consume huge computational resource, be unfavorable for the commercialization application.
Summary of the invention
The purpose of the embodiment of the invention is to provide a kind of ellipse curve encryption and decryption method and device based on II type Gaussian base field, and it is complicated to be intended to solve the point multiplication operation of existing ECC system on Gaussian base field, algorithm too much problem consuming time in the encryption and decryption process.
The embodiment of the invention is achieved in that a kind of elliptic curve cryptography method based on II type Gaussian base field, said method comprising the steps of:
Input instruction obtains PKI D bWith generator P;
Generate random number k 1
Calculate k 1P and k 1D bValue;
With R=k 1D bFor encryption key is encrypted the cleartext information that is embedded on the elliptic curve, and with k 1P sends to deciphering side with encryption gained ciphertext.
Another purpose of the embodiment of the invention is to provide a kind of elliptic curve decryption method based on II type Gaussian base field, said method comprising the steps of:
Input instruction obtains private key D b, and generate random number k b
Receive ciphertext and k that encryption side sends 1P;
Select and the same elliptic curve in encryption side;
Calculate k bk 1P;
With R 2=k bk 1P is a decruption key, and ciphertext is deciphered, and obtains the plaintext of information.
Another purpose of the embodiment of the invention is to provide a kind of elliptic curve cryptography device based on II type Gaussian base field, comprises Montgomery algoritic module and encrypting module, and said Montgomery algoritic module is used to calculate random number k 1PKI D with generator P and encryption side bProduct k 1P and k 1D b, output key R=k 1D bAnd k 1P, said encrypting module are used to receive the cleartext information input, and according to the key R that said Montgomery algoritic module is exported, use aes algorithm to encrypt to cleartext information.
A purpose again of the embodiment of the invention is to provide a kind of elliptic curve decryption device based on II type Gaussian base field, comprises Montgomery algoritic module and deciphering module, and said Montgomery algoritic module is used for according to random number k bK with the transmission of encryption side 1P calculates decruption key R 2=k bk 1P=k 1k bP, said deciphering module is used for R 2Decruption key, the ciphertext that enabling decryption of encrypted side sends.
Beneficial effect of the present invention is: be the key of m for key length; Accomplish base field multiplication only need carry out 2m+1 cyclic shift (comprising circulation move one m+1 time; Circulation moves the k position m time), the vectorial AND operation of nonequivalence operation and m time of 1.5m vector, significantly saved computational resource.Because the point multiplication operation of maximum base field element consuming time is optimized, the present invention carries out an ECC encryption and decryption process only needs 143.8 milliseconds, carries out an ECC encryption and decryption process need with prior art and compares for 351 milliseconds, and speed has improved more than 2 times.
Description of drawings
Fig. 1 is the elliptic curve cryptography method flow diagram based on II type Gaussian base field that the embodiment of the invention provides;
Fig. 2 is the dot product method flow diagram based on element on the II type Gaussian base field that the embodiment of the invention provides;
Fig. 3 is the elliptic curve decryption method figure based on II type Gaussian base field that the embodiment of the invention provides;
Fig. 4 is the elliptic curve cryptography device sketch map based on II type Gaussian base field that the embodiment of the invention provides;
Fig. 5 is the elliptic curve decryption device sketch map based on II type Gaussian base field that the embodiment of the invention provides; And
Fig. 6 is that the II type Gaussian base field dot product module that the embodiment of the invention provides is formed sketch map.
Embodiment
In order to make the object of the invention, technical scheme and advantage clearer,, the present invention is further elaborated below in conjunction with accompanying drawing and embodiment.Should be appreciated that specific embodiment described herein only in order to explanation the present invention, and be not used in qualification the present invention.
See also Fig. 1, the elliptic curve cryptography method that the embodiment of the invention provides based on II type Gaussian base field, details are as follows.
Step S101, input instruction obtains PKI D bWith generator P.
The ECC system belongs to asymmetric encryption, in communication process, and the public key encryption plaintext that requires encryption side's (transmit leg) to utilize deciphering side (recipient) to provide.Therefore, in embodiment provided by the invention, through input instruction, encryption side at first obtains the deciphering side PKI D that is announced by deciphering side or third party b, simultaneously, also should obtain generator P.Generator P is the point on the elliptic curve E in the embodiment of the invention, when the encryption and decryption process begins pretreatment stage before, has announced.
Step S102 generates random number k 1
The generation of key must be at random, and should be equiprobability for various probability that maybe keys, and therefore, every parameter of will the parameter relevant with key doing certain mathematical operation should not possess predictability.In embodiment provided by the invention, can utilize random generator to generate random number k 1, so that with the generator P (k that multiplies each other 1P) back increases its unpredictability.
Step S103 calculates k 1P and k 1D bValue.
k 1D bBe the encryption key R among the embodiment provided by the invention, that is, and R=k 1D bCalculate k 1P and k 1D bValue may further comprise the steps:
S1031, initialization elliptic curve parameter.
As previously mentioned, elliptic curve satisfies Weierstrass equation: y 2+ xy=x 3+ ax+b (a, b ∈ GF (2 m), and b ≠ 0), behind initialization elliptic curve parameter a and the b, confirmed the elliptic curve E in the embodiment of the invention.
S1032, the finite field when selecting Gaussian base field as the elliptic curve point multiplication operation is utilized Montgomery algorithm computation k 1P and k 1D b, wherein, adopt rapid Gauss base field dot product method to calculate the dot product between the element on the Gaussian base field.
Suppose k 1Be converted into binary number, that is, and input k 1=(k T-1..., k 1, k 0) 2, P=(x, y), b (here being the elliptic curve parameter), wherein, k 1<q, q are the exponent number of elliptic curve, k i(i gets 0,1 ..., t-1) be binary number 0 or 1.With the present invention is example, and the Montgomery algorithmic procedure is following:
S1:X 1←x,Z 1←1,X 2←x 4+b,Z 2←x 2.
S2: from t-2 to 0, repeat for i
If k i=1, then
T←Z 1,Z 1←(X 1Z 2+X 2Z 1) 2,X 1←xZ 1+X 1X 2TZ 2
S2.1:
T ← X 2 , X 2 ← X 2 4 + b Z 2 4 , Z 2 ← T 2 Z 2 2
Otherwise,
T←Z 2,Z 2←(X 1Z 2+X 2Z 1) 2,X 2←xZ 2+X 1X 2TZ 1
S2.2:
T ← X 1 , X 1 ← X 1 4 + b Z 1 4 , Z 1 ← T 2 Z 1 2
S3:x 3←X 1/Z 1
S4:y 3←(x+X 1/Z 1)[(X 1+xZ 1)(X 2+xZ 2)+(x 2+y)(Z 1Z 2)](xZ 1Z 2) -1+y
S5: return k 1P=(x 3, y 3).
In the Montgomery algorithm that the embodiment of the invention provides, the point multiplication operation between any two elements, for example, xZ 1, bZ 1 4And x 2(x 2Be regarded as x self and be point multiplication operation xx) etc., all be to be defined on the Gaussian base field.As previously mentioned, the time-consuming of the point multiplication operation in the ECC system between the base field element, the Gaussian base field multiplication that prior art provides according to formula (1) or (2), the point multiplication operation between the base field element is elapsed time too.
In order to save computational resource, the present invention optimizes formula (1), obtains the Gaussian base field element multiplication formula that the embodiment of the invention provides:
c = Σ i = 0 m - 1 a i b i r 2 i + 1 + Σ i = 0 m - 1 Σ j = 1 m / 2 ( a i b i + j + a i + j b i ) ( r 2 i + t j + r 2 i + t ′ j ) . . . . . . . . . ( 3 )
Wherein, sequence subscript t j, t ' j
t j = ( j - F ( k ) ) % m , 0 < k < m t j &prime; = ( j - F ( p - k ) ) % m , m &le; k < p - 2 , u = p - 1 . . . . . . . . . . . ( 3.1 )
Obtain, r is the generator of Gaussian base field, and F is a Gaussian base field multiplication subscript sequence, and m is based on binary system multinomial territory GF (2 m) on elliptic curve key length.
In embodiment provided by the invention; Some P (x on the elliptic curve; Y) coordinate x, y and the elliptic curve parameter etc. of (also being generator P) all are the elements that is defined on the Gaussian base field; Element self or between do a series of computings (comprising that dot product or point add or the like) backs gained the result also be the element that is defined on the Gaussian base field, for example, the x in the above-mentioned Montgomery algorithm 2(be regarded as coordinate x and self be point multiplication operation xx), xZ 1(Z 1Be to obtain xZ after doing a series of computings by coordinate x and parameter b 1Be coordinate x and Z 1Between dot product xZ 1) and bZ 1 4(Z 1 4Be regarded as Z 1The dot product Z of self 1Z 1Z 1Z 1) all be the element that is defined on the Gaussian base field.For the ease of explanation, in embodiment provided by the invention, utilize Montgomery algorithm computation k 1P and k 1D bThe time, the operand on point multiplication operation symbol both sides is unified with being defined in the element a on the Gaussian base field kWith element b kExpression, and with a kAnd b kThe subscript area divide the element after the computing, the final result of point multiplication operation is represented with c.Fig. 2 is the dot product method flow based on element on the II type Gaussian base field that the embodiment of the invention provides, and details are as follows.
Step S201 is according to formula (3.1) sequence of calculation subscript t jAnd t ' jValue.
Step S202 is to element a kWith element b kDo " with " (AND) computing, the gained result temporarily is stored in element c kIn.
Element a kWith element b kBetween " and " (AND) computing be exactly the point multiplication operation between the Gaussian base field element.As previously mentioned, element a kWith element b kThe operand on point multiplication operation symbol both sides in the expression Montgomery algorithm; It can be the some P (x on the elliptic curve; Y) coordinate x, y or the elliptic curve parameter b etc. of (also being generator P), also can be they self or between be the result of a series of computings (comprising that dot product or point add or the like) back gained, for example; In above-mentioned Montgomery algorithm, for x 2Point multiplication operation xx, element a kCan represent x, element b kCan represent x; For xZ 1Point multiplication operation xZ 1, element a kCan represent x, element b kCan represent Z 1For bZ 1 4Or other are analogized.
Step S203 is to step S204, to element c kDo the computing of one of ring shift right, judge that whether (m-1)/2 are greater than k.
M is based on binary system multinomial territory GF (2 m) on elliptic curve key length, k is a variable, for the first time to c kDuring computing that ring shift right is one, its value is 0.According to the magnitude relationship of (m-1)/2 with k, judge whether circulation should finish, if (m-1)/2 greater than k, then changes step S205, otherwise, directly export c kAs element a kWith element b kThe final result c (step S210) of dot product.
Step S205 is to element a kWith element b kDo the computing of one of ring shift left respectively, obtain element a K+1With element b K+1
Step S206 is to a K+1Element and element b kDo " with " (AND) computing, obtain element d kTo element b K+1With element a kDo " with " (AND) computing, obtain element d k'.
Step S207 is to element d kWith element d k' do distance (XOR) computing, obtain element q k
Step S208 is to element q kBe ring shift right t jPosition and ring shift right t ' jBit arithmetic obtains element p respectively kWith element p k'.
The value of j from 0 to (m-1)/2, parametric t jAnd t ' jDetermine by formula (3.1).
Step S209 is to step S210, to element p k, element p k' and element c kDo distance (XOR) computing, and export c as a result.
Element p k, p k' and c kXOR (
Figure S2008100670099D00081
) after the result can use c K+1Expression is done from increasing 1 computing with variations per hour k,, makes k=k+1 that is, and after this, flow process jumps to step S204, and relatively if the magnitude relationship of (m-1)/2 and k (m-1)/2 greater than k, then begins new computing, otherwise, with c K+1Final result c output (step S210) as the element point multiplication operation.
Algorithm flow by Fig. 2 can find out, completing steps S202 need cyclic shift with " with " (AND) computing, completing steps S205 to S209 needs 2m cycle shift operation, 1.5m distance (XOR) computing and m distance (XOR) computing.Like this, accomplish base field multiplication only need carry out 2m+1 cycle shift operation, 1.5m vectorial distance (XOR) and m vector " with " (AND) computing, wherein, comprising circulation move one m+1 time, circulate and move k position (k>1) m time.
Step S104 is with R=k 1D bFor key is encrypted the cleartext information that is embedded on the elliptic curve, and with k 1P sends to deciphering side with encryption gained ciphertext.
As one embodiment of the invention, can be with R=k 1D bBe encryption key, (Advanced Encryption Standard, AES) algorithm is encrypted the cleartext information that is embedded on the elliptic curve to adopt Advanced Encryption Standard.If deciphering side (recipient) is according to the k that receives 1P can calculate a key R 2, R 2Be and the identical PKI in encryption side's (transmit leg), that is, and R 2=R=k 1D b, then deciphering side (recipient) can recover expressly from ciphertext.
See also Fig. 3, the elliptic curve decryption method that the embodiment of the invention provides based on II type Gaussian base field, details are as follows.
Step S301, input instruction obtains private key D b, and generate random number k b
The same with encryption side, in embodiment provided by the invention, random number k bGenerate by a randomizer.To encrypting Fang Eryan, D bIt is PKI; For deciphering Fang Eryan, D bBe private key, and have mathematical relationship D b=k bP.Because k bProduce by deciphering side, therefore, have only deciphering can enough decipher by PKI (private key) D bCiphertext after the encryption.
Step S302 receives ciphertext and k that encryption side sends 1P.
Step S303 selects and the same elliptic curve in encryption side.
Because elliptic curve is by Weierstrass equation: y 2+ xy=x 3+ ax+b (a, b ∈ GF (2 m), and b ≠ 0) decision, therefore, the elliptic curve E same with encryption side just selected as long as confirm and encrypt to put same parameter a and parameter b in deciphering side.
Step S304 calculates k bk 1The value of P.
Calculate k bk 1During P, also relate to the point multiplication operation of base field element.With calculate k among the step S103 1P or k 1D bMethod identical, that is, be finite field with II type Gaussian base field, take the opportunity in that element is done a little, according to the described dot product method of Fig. 2, calculate R based on element on the II type Gaussian base field 2, specifically repeat no more.
Step S305 is with R 2=k bk 1P is a decruption key, and ciphertext is deciphered, and obtains the plaintext of information.
As one embodiment of the invention, deciphering can be deciphered ciphertext with the algorithm for inversion that adopts aes algorithm, and the deciphering principle is: when by k 1P calculates key R 2=k bk 1P=k 1k bDuring P, owing to there is mathematical relationship D b=k bIn fact P then exists mathematical relationship R 2=k 1D b, and, R=k is arranged in encryption side 1D b(step S103) is so R 2=R, that is, deciphering side has the key identical with encryption side, according to aes algorithm rule, ciphertext that can enabling decryption of encrypted side, thus recover cleartext information.
Fig. 4 is the elliptic curve cryptography device based on II type Gaussian base field that the embodiment of the invention provides.For the ease of explanation, the part relevant with the present invention only is shown.Module in the said device can be the functional unit of hardware, software or software and hardware combining, and principle below is detailed.
Parameter acquisition module 401 is used to obtain the PKI D of generator P and encryption side b, random number generation module 402 generates a random number k 1 Montgomery algoritic module 403 comprises an II type Gaussian base field dot product module 4031 at least.The generator P that Montgomery algoritic module 403 obtains according to parameter acquisition module 401 and the PKI D of encryption side bAnd the random number k of random number generation module 402 generations 1, calculate k 1P and k 1D bCalculating k 1P and k 1D bIn the process, II type Gaussian base field dot product module 4031 is accomplished the point multiplication operation of element on the II type Gaussian base field.Encrypting module 404 receives the cleartext informations input, and according to encryption key R (R and the k of Montgomery algoritic module 403 outputs 1D bRelation be R=k 1D b), use aes algorithm to encrypt to cleartext information.Sending module 405 is with the ciphertext of encrypting module 404 outputs and the k of Montgomery algoritic module 403 outputs 1P is sent to deciphering side (recipient).
Fig. 5 is the elliptic curve decryption device based on II type Gaussian base field that the embodiment of the invention provides; Said device comprises private key acquisition module 501, random number generation module 502, Montgomery algoritic module 503 and deciphering module 504; Wherein, Montgomery algoritic module 503 comprises an II type Gaussian base field dot product module 4031 at least.
Private key acquisition module 501 is used to obtain the private key D of deciphering side b(D bTo encrypting Fang Eryan is PKI) and export to Montgomery algoritic module 503.Random number generation module 502 generates a random number k bExport Montgomery algoritic module 503 to so that computation key.The random number k that Montgomery algoritic module 503 generates according to random number generation module 502 bK with the transmission of encryption side 1P calculates decruption key R 2(R 2And k b, k 1The P mathematical relationship is R 2=k bk 1P=k 1k bP).In computational process, the point multiplication operation of element is accomplished by II type Gaussian base field dot product module 4031 on the II type Gaussian base field.Owing to there is mathematical relationship D b=k bP, and R 2=k bk 1P=k 1k bP, then R in fact 2=k 1D b, and, R=k is arranged in encryption side 1D bSo, R 2=R, that is, deciphering side has the key identical with encryption side, and therefore, deciphering module 504 can be with R 2Be decruption key, the algorithm for inversion deciphering of adopting aes algorithm recovers cleartext information by the ciphertext that encryption side sends over.
Fig. 6 is that the II type Gaussian base field dot product module 4031 that the embodiment of the invention provides is formed sketch map, and details are as follows.
Two elements of supposing to do on the II type Gaussian base field of point multiplication operation are a kAnd b k, that is, and II type Gaussian base field dot product module be input as a kAnd b k
When point multiplication operation begins, first " with " 601 couples of element a of logical block kAnd b kCarry out AND operation, its operation result is c k602 pairs first of the first ring shift right unit " with " c as a result of logical block 601 outputs kCarry out the computing of one of ring shift right, let the number of times that should circulate in the judging unit 603 judging point multiplication processes whether reach set point simultaneously, if reach, then output unit 612 is directly exported c kFinal result as point multiplication operation; Otherwise, by the first ring shift left unit 604 and the 606 couples of element a in the second ring shift left unit kWith element b kCarry out one the computing of moving to left respectively, the output operation result is respectively element a K+1With element b K+1Second " with " 605 couples of a of logical block K+1Element and element b kCarry out AND operation, the output operation result is element d kThe 3rd " with " 607 couples of element b of logical block K+1With element a kCarry out AND operation, the output operation result is element d k'.The 608 couples of element d in the first XOR unit kWith element d k' carry out nonequivalence operation, the output operation result is element q kThe 609 couples of element q in the second ring shift right unit kCarry out ring shift right t ' j(t ' jBy formula (3.1) decision) position, the output operation result is element p k'; The 610 couples of element q in the 3rd ring shift right unit kCarry out ring shift right t j(t jBy formula (3.1) decision) position, the output operation result is element p kThe 611 couples of element p in the second XOR unit k, p k' and c kThe execution distance (
Figure S2008100670099D00111
) computing, obtaining operation result is element c K+1Simultaneously, whether the number of times that should circulate in the judging unit 612 judging point multiplication processes reaches set point, if reach, then output unit 612 is directly exported c K+1As element a kWith element b kThe final result c of point multiplication operation; Otherwise the first ring shift left unit 604 and each later unit thereof are handled the output result of each unit once more, and the number of times that in the point multiplication operation process, should circulate reaches set point.
The present invention passes through Gaussian base field multiplication formula in the ieee standard c k = &Sigma; i = 1 p - 2 a F ( i + 1 ) b F ( p - i ) Be optimized for c = &Sigma; i = 0 m - 1 a i b i r 2 i + 1 + &Sigma; i = 0 m - 1 &Sigma; j = 1 m / 2 ( a i b i + j + a i + j b i ) ( r 2 i + t j + r 2 i + t &prime; j ) , When using the ECC system; In the feasible Montgomery algorithm based on II type Gaussian base field; For key length is the key of m; Accomplish base field multiplication only need carry out 2m+1 cyclic shift (comprising circulation move one m+1 time, circulation moves the k position m time), 1.5m vectorial nonequivalence operation and m vectorial AND operation, significantly saved computational resource.Because the point multiplication operation of maximum base field element consuming time is optimized, the present invention carries out an ECC encryption and decryption process only needs 143.8 milliseconds, carries out an ECC encryption and decryption process need with prior art and compares for 351 milliseconds, and speed has improved more than 2 times.
The above is merely preferred embodiment of the present invention, not in order to restriction the present invention, all any modifications of within spirit of the present invention and principle, being done, is equal to and replaces and improvement etc., all should be included within protection scope of the present invention.

Claims (8)

1. the elliptic curve cryptography method based on II type Gaussian base field is characterized in that, said method comprising the steps of:
Input instruction obtains PKI D bWith generator P;
Generate random number k 1
Calculate k 1P and k 1D bValue;
With R=k 1D bFor encryption key is encrypted the cleartext information that is embedded on the elliptic curve, and with k 1P sends to deciphering side with encryption gained ciphertext;
Wherein, said calculating k 1P and k 1D bThe value step comprise:
The said elliptic curve parameter of initialization;
Finite field when selecting Gaussian base field as the elliptic curve point multiplication operation is utilized Montgomery algorithm computation k 1P and k 1D b, wherein, adopt rapid Gauss base field dot product method to calculate the dot product between the element on the Gaussian base field, said rapid Gauss base field dot product method comprises:
Input Gaussian base field element a kWith element b k
To element a kWith element b kCarry out " with " logical operation, the gained operation result temporarily is stored in element c kIn;
To element c kCarry out the computing of one of ring shift right, whether judge (m-1)/2 greater than k, wherein, said m is based on binary system multinomial territory GF (2 m) on elliptic curve key length, k is integer one variable, its initial value is 0;
If (m-1)/2 greater than k, then to element a kWith element b kCarry out the computing of one of ring shift left respectively, obtain element a K+1With element b K+1Otherwise, directly export c kAs element a kWith element b kThe final result c of dot product;
To a K+1Element and element b kCarry out " with " logical operation, obtain element d k, to element b K+1With element a kCarry out " with " logical operation, obtain element d k';
To element d kWith element d k' carry out the XOR computing, obtain element q k
To element q kCarry out ring shift right t jPosition and ring shift right
Figure FSB00000794115400021
Bit arithmetic obtains element p respectively kWith element p k', wherein, said t jWith By formula t j = ( j - F ( k ) ) % m , 0 < k < m t j &prime; = ( j - F ( p - k ) ) % m , m &le; k < p - 2 , 1 &le; j &le; m / 2 , P=2m+1, the u=p-1 decision, F is a Gaussian base field multiplication subscript sequence, m is based on binary system multinomial territory GF (2 m) on elliptic curve key length;
To element p k, element p k' and element c kCarry out the XOR computing, obtain operation result c K+1, simultaneously, variable k does and increases 1 computing certainly, and compares the magnitude relationship of (m-1)/2 and k, if (m-1)/2 greater than k, then begins new computing, otherwise, with c K+1As element a kWith element b kThe final result output of point multiplication operation.
2. the elliptic curve cryptography method based on II type Gaussian base field as claimed in claim 1 is characterized in that, said is with aes algorithm the cleartext information that is embedded on the elliptic curve to be encrypted to being embedded in that cleartext information on the elliptic curve encrypts.
3. the elliptic curve decryption method based on II type Gaussian base field is characterized in that, said method comprising the steps of:
Input instruction obtains private key D b, and generate random number k b
Receive ciphertext and k that encryption side sends 1P, wherein, said k 1Be the random number that the side of encryption generates, the generator that said P obtains for encryption side;
Select and the same elliptic curve in encryption side;
Calculate k bk 1P;
With R 2=k bk 1P is a decruption key, and ciphertext is deciphered, and obtains the plaintext of information;
Wherein, said calculating k bk 1P adopts Montgomery algorithm computation k bk 1P, said Montgomery algorithm comprise the dot product between the element on the employing rapid Gauss base field dot product method calculating Gaussian base field; Wherein, the step of the dot product between the element comprises on the said rapid Gauss base field dot product method calculating Gaussian base field:
Input Gaussian base field element a kWith element b k
To element a kWith element b kCarry out " with " logical operation, the gained operation result temporarily is stored in element c kIn;
To element c kCarry out the computing of one of ring shift right, whether judge (m-1)/2 greater than k, wherein, said m is based on binary system multinomial territory GF (2 m) on elliptic curve key length, k is an integer variable, its initial value is 0;
If (m-1)/2 greater than k, then to element a kWith element b kCarry out the computing of one of ring shift left respectively, obtain element a K+1With element b K+1Otherwise, directly export c kAs element a kWith element b kThe final result c of dot product;
To a K+1Element and element b kCarry out " with " logical operation, obtain element d k, to element b K+1With element a kCarry out " with " logical operation, obtain element d k';
To element d kWith element d k' carry out the XOR computing, obtain element q k
To element q kCarry out ring shift right t jPosition and ring shift right
Figure FSB00000794115400031
Bit arithmetic obtains element p respectively kWith element p k', wherein, said t jWith
Figure FSB00000794115400032
By formula t j = ( j - F ( k ) ) % m , 0 < k < m t j &prime; = ( j - F ( p - k ) ) % m , m &le; k < p - 2 , 1 &le; j &le; m / 2 , P=2m+1, the u=p-1 decision, F is a Gaussian base field multiplication subscript sequence, m is based on binary system multinomial territory GF (2 m) on elliptic curve key length;
To element p k, element p k' and element c kCarry out the XOR computing, obtain operation result c K+1, simultaneously, variable k does and increases 1 computing certainly, and compares the magnitude relationship of (m-1)/2 and k, if (m-1)/2 greater than k, then begins new computing, otherwise, with c K+1As element a kWith element b kThe final result output of point multiplication operation.
4. the elliptic curve decryption method based on II type Gaussian base field as claimed in claim 3 is characterized in that, and is said with R 2=k bk 1P is a decruption key, and it is with R that ciphertext is deciphered 2=k bk 1P is a decruption key, adopts the algorithm for inversion of aes algorithm that ciphertext is deciphered.
5. the elliptic curve cryptography device based on II type Gaussian base field comprises Montgomery algoritic module and encrypting module, it is characterized in that, said Montgomery algoritic module is used to calculate random number k 1PKI D with generator P and encryption side bProduct k 1P and k 1D b, output key R=k 1D bAnd k 1P, said encrypting module are used to receive the cleartext information input, and according to the key R that said Montgomery algoritic module is exported, use aes algorithm to encrypt to cleartext information; Wherein, said Montgomery algoritic module comprises the II type Gaussian base field dot product module that is used for element point multiplication operation on the II type Gaussian base field at least, and said II type Gaussian base field dot product module specifically comprises:
First " with " logical block, be used for II type Gaussian base field element a kAnd b kCarry out AND operation first, obtaining operation result is Gaussian base field element c k
The first ring shift right unit, be used for to said first " with " c of logical block output kCarry out the computing of one of ring shift right;
The first ring shift left unit is used for element a kMove to left one computing of execution, the output operation result is element a K+1
The second ring shift left unit is used for element b kMove to left one computing of execution, the output operation result is element b K+1
Second " with " logical block, be used for element a K+1With element b kCarry out AND operation, the output operation result is element d k
The 3rd " with " logical block, be used for element b K+1With element a kCarry out AND operation, the output operation result is element d k';
The first XOR unit is used for element d kWith element d k' carry out nonequivalence operation, the output operation result is element q k
The second ring shift right unit is used for element q kCarry out ring shift right Bit arithmetic, the output operation result is element p k';
The 3rd ring shift right unit is used for element q kCarry out ring shift right t jBit arithmetic, the output operation result is element p k
The second XOR unit is used for element p k, p k' and c kCarry out distance
Figure FSB00000794115400042
Computing, obtaining operation result is element c K+1
Output unit is used to export element a kWith element b kThe final result of point multiplication operation;
Judging unit is used for the number of times that judging point multiplication process should circulate and whether reaches set point, if reach, then said output unit is directly exported c K+1As element a kWith element b kThe final result c of point multiplication operation; Otherwise the said first ring shift left unit and each later unit thereof are handled the output result of each unit once more, and the number of times that in the point multiplication operation process, should circulate reaches set point;
Wherein, said t jWith By formula t j = ( j - F ( k ) ) % m , 0 < k < m t j &prime; = ( j - F ( p - k ) ) % m , m &le; k < p - 2 , 1 &le; j &le; m / 2 , P=2m+1, the u=p-1 decision, wherein F is a Gaussian base field multiplication subscript sequence, m is based on binary system multinomial territory GF (2 m) on elliptic curve key length.
6. the elliptic curve cryptography device based on II type Gaussian base field as claimed in claim 5 is characterized in that said device further comprises:
Parameter acquisition module is used to obtain the PKI D of generator P and encryption side bAnd export said Montgomery algoritic module to;
The random number generation module is used to generate a random number k 1And export said Montgomery algoritic module to;
Sending module is used for the ciphertext of said encrypting module output and the k of said Montgomery algoritic module output 1P is sent to deciphering side.
7. the elliptic curve decryption device based on II type Gaussian base field comprises Montgomery algoritic module and deciphering module, it is characterized in that, said Montgomery algoritic module is used for according to random number k bK with the transmission of encryption side 1P calculates decruption key R 2=k bk 1P=k 1k bP, wherein, said k 1Be the random number that the side of encryption generates, the generator that said P obtains for encryption side, said deciphering module is used for R 2Be decruption key, the ciphertext that enabling decryption of encrypted side sends; Wherein, said Montgomery algoritic module comprises the II type Gaussian base field dot product module that is used for element point multiplication operation on the II type Gaussian base field at least, and said II type Gaussian base field dot product module specifically comprises:
First " with " logical block, be used for II type Gaussian base field element a kAnd b kCarry out AND operation first, obtaining operation result is Gaussian base field element c k
The first ring shift right unit, be used for to said first " with " c of logical block output kCarry out the computing of one of ring shift right;
The first ring shift left unit is used for element a kMove to left one computing of execution, the output operation result is element a K+1
The second ring shift left unit is used for element b kMove to left one computing of execution, the output operation result is element b K+1
Second " with " logical block, be used for element a K+1With element b kCarry out AND operation, the output operation result is element d k
The 3rd " with " logical block, be used for element b K+1With element a kCarry out AND operation, the output operation result is element d k';
The first XOR unit is used for element d kWith element d k' carry out nonequivalence operation, the output operation result is element q k
The second ring shift right unit is used for element q kCarry out ring shift right
Figure FSB00000794115400061
Bit arithmetic, the output operation result is element p k';
The 3rd ring shift right unit is used for element q kCarry out ring shift right t jBit arithmetic, the output operation result is element p k
The second XOR unit is used for element p k, p k' and c kCarry out distance Computing, obtaining operation result is element c K+1
Output unit is used to export element a kWith element b kThe final result of point multiplication operation;
Judging unit is used for the number of times that judging point multiplication process should circulate and whether reaches set point, if reach, then said output unit is directly exported c K+1As element a kWith element b kThe final result c of point multiplication operation; Otherwise the said first ring shift left unit and each later unit thereof are handled the output result of each unit once more, and the number of times that in the point multiplication operation process, should circulate reaches set point;
Wherein, said t jWith By formula t j = ( j - F ( k ) ) % m , 0 < k < m t j &prime; = ( j - F ( p - k ) ) % m , m &le; k < p - 2 , 1 &le; j &le; m / 2 , P=2m+1, the u=p-1 decision, wherein F is a Gaussian base field multiplication subscript sequence, m is based on binary system multinomial territory GF (2 m) on elliptic curve key length.
8. like the said elliptic curve decryption device of claim 7, it is characterized in that said device further comprises based on II type Gaussian base field:
The private key acquisition module is used to obtain the private key D of deciphering side bAnd export said Montgomery algoritic module to;
The random number generation module is used to generate a random number k bAnd export said Montgomery algoritic module to.
CN2008100670099A 2008-04-24 2008-04-24 Elliptical curve encryption and decryption method and device based on II-type Gaussian base field Expired - Fee Related CN101567783B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN2008100670099A CN101567783B (en) 2008-04-24 2008-04-24 Elliptical curve encryption and decryption method and device based on II-type Gaussian base field

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN2008100670099A CN101567783B (en) 2008-04-24 2008-04-24 Elliptical curve encryption and decryption method and device based on II-type Gaussian base field

Publications (2)

Publication Number Publication Date
CN101567783A CN101567783A (en) 2009-10-28
CN101567783B true CN101567783B (en) 2012-08-22

Family

ID=41283753

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2008100670099A Expired - Fee Related CN101567783B (en) 2008-04-24 2008-04-24 Elliptical curve encryption and decryption method and device based on II-type Gaussian base field

Country Status (1)

Country Link
CN (1) CN101567783B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102306091B (en) * 2011-07-08 2014-04-16 西安电子科技大学 Method for rapidly implementing elliptic curve point multiplication hardware
CN102394747B (en) * 2011-11-23 2015-01-14 上海爱信诺航芯电子科技有限公司 Method for rapidly embedding plaintext on one point of elliptic curve
CN104486074B (en) * 2014-12-12 2017-06-23 湘潭大学 For the elliptic curve cryptography method and decryption method of embedded device
CN104468125A (en) * 2014-12-24 2015-03-25 江西倍康信息技术有限公司 Mobile Internet information communication encryption method based on GMB algorithm

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1885767A (en) * 2006-07-12 2006-12-27 北京华大信安科技有限公司 Safety efficient elliptic curve encryption/decryption parameter
CN1946020A (en) * 2006-10-11 2007-04-11 武汉大学 Safety high efficiency elliptical curve encrypting and de-encrypting parameter
CN101079203A (en) * 2006-05-22 2007-11-28 北京华大信安科技有限公司 Elliptical curve cipher system and method

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101079203A (en) * 2006-05-22 2007-11-28 北京华大信安科技有限公司 Elliptical curve cipher system and method
CN1885767A (en) * 2006-07-12 2006-12-27 北京华大信安科技有限公司 Safety efficient elliptic curve encryption/decryption parameter
CN1946020A (en) * 2006-10-11 2007-04-11 武汉大学 Safety high efficiency elliptical curve encrypting and de-encrypting parameter

Also Published As

Publication number Publication date
CN101567783A (en) 2009-10-28

Similar Documents

Publication Publication Date Title
Singh et al. Implementation of text encryption using elliptic curve cryptography
Khalique et al. Implementation of elliptic curve digital signature algorithm
Amara et al. Elliptic curve cryptography and its applications
Keerthi et al. Elliptic curve cryptography for secured text encryption
CN109039640B (en) Encryption and decryption hardware system and method based on RSA cryptographic algorithm
Abidi et al. Implementation of elliptic curve digital signature algorithm (ECDSA)
Reyad Text message encoding based on elliptic curve cryptography and a mapping methodology
KR20050034238A (en) Security system using RSA algorithm and method thereof
CN105099672A (en) Hybrid encryption method and device for realizing the same
Agrawal et al. Elliptic curve cryptography with hill cipher generation for secure text cryptosystem
CN101567783B (en) Elliptical curve encryption and decryption method and device based on II-type Gaussian base field
Vidhya et al. Hybrid key generation for RSA and ECC
Reyad et al. Image encryption using koblitz’s encoding and new mapping method based on elliptic curve random number generator
Kaleel Rahuman et al. Reconfigurable architecture for elliptic curve cryptography using fpga
KR100457177B1 (en) Serial-Parallel Multiplier to Multiply Two Elements in the Finite Field
Amounas Elliptic curve digital signature algorithm using Boolean permutation based ECC
Vasundhara The advantages of elliptic curve cryptography for security
Jaiswal et al. Hardware implementation of text encryption using elliptic curve cryptography over 192 bit prime field
Tahat et al. Hybrid publicly verifiable authenticated encryption scheme based on chaotic maps and factoring problems
CN109756335A (en) A kind of rank is the public key encryption decryption method of the finite field multiplier group of Mersenne Prime
KR100564599B1 (en) Inverse calculation circuit, inverse calculation method, and storage medium encoded with computer-readable computer program code
Zhang et al. High-Speed and High-Security Hybrid AES-ECC Cryptosystem Based on FPGA
CN104837131A (en) Batch Cramer-Shoup cryptosystem based on batch processing exponential operation product
Saju et al. Design and execution of highly adaptable elliptic curve cryptographic processor and algorithm on FPGA using Verilog HDL
Abdurahmonov et al. Improving Smart Card Security Using Elliptic Curve Cryptography over Prime Field (F p)

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20120822

Termination date: 20150424

EXPY Termination of patent right or utility model