CN102761411A - P element field SM2 elliptic curve key agreement system - Google Patents
P element field SM2 elliptic curve key agreement system Download PDFInfo
- Publication number
- CN102761411A CN102761411A CN2011101075266A CN201110107526A CN102761411A CN 102761411 A CN102761411 A CN 102761411A CN 2011101075266 A CN2011101075266 A CN 2011101075266A CN 201110107526 A CN201110107526 A CN 201110107526A CN 102761411 A CN102761411 A CN 102761411A
- Authority
- CN
- China
- Prior art keywords
- submodule
- territory
- point
- value
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The invention relates to a p element field SM2 elliptic curve key agreement system which comprises an initiator subsystem and a responder subsystem, wherein the initiator subsystem is composed of an initiator control center for controlling the work time sequence and data call of other modules in the subsystem and judging whether key agreement succeeds or not, an initiator random number generation module for generating random numbers, an initiator multiple point operation module for implementing multiple point operation, an initiator point addition module for implementing point addition operation, and an initiator key derivation module with a key derivation function; and the responder subsystem is composed of an responder control center for controlling the work time sequence and data call of other modules in the subsystem and judging whether key agreement succeeds or not, an responder random number generation module for generating random numbers, an responder multiple point operation module for implementing multiple point operation, an responder point addition module for implementing point addition operation, and an responder key derivation module with a key derivation function. By using the p element field SM2 elliptic curve key agreement system provided by the invention, the key exchange protocol in the SM2 elliptic curve public key cryptography algorithm can be implemented with hardware.
Description
Technical field
The present invention relates to field of information security technology, particularly relate to the first territory of a kind of p SM2 elliptic curve key negotiating system.
Background technology
Along with the development of the communication technology and the information processing technology, the fail safe of information in transmission course more and more receives publicity, and need come guarantee information in communication process, not eavesdropped, distort and copy through the information processing technology.Cryptographic technique can solve the requirement of this respect.
Since Diffie in 1976 and Hellmann propose the notion of public-key cryptosystem; 3 types of generally acknowledged common key cryptosystems have safely and effectively appearred; The mathematical problem of its dependence is respectively integer factors resolution problem (IFP), discrete logarithm problem (DLP) and elliptic curve discrete logarithm problem (ECDLP), and corresponding algorithm is RSA Algorithm, DSA Digital Signature Algorithm, elliptic curve (ECC) successively.These three kinds of problems all guarantee the fail safe of key based on the NPC problem (Non-determini stic Polynomial Complete problem) of computational complexity.With respect to other two kinds of algorithms, the security performance of ECC is higher, amount of calculation is littler, and processing speed is faster, needed keys sizes is littler, lower to the requirement of bandwidth under the identical situation of fail safe, and therefore, the ECC system has more wide application prospect.
SM2 ellipse curve public key cipher algorithm is a kind of ECC algorithm of national Password Management office issue; IKE is an important algorithm wherein; It is applicable to the key change in the commercial cipher application; Can satisfy communicating pair through twice or tertiary information transmittance process, calculate and obtain a shared session key of common decision by both party.But what national Password Management office had announced only is the flow process of IKE in the SM2 ellipse curve public key cipher algorithm, does not occur as yet at present any it being used hard-wired hardware device, is difficult to this outstanding algorithm ready for application.
Summary of the invention
Technical problem to be solved by this invention provides the first territory of a kind of p SM2 elliptic curve key negotiating system, can realize the IKE in the SM2 ellipse curve public key cipher algorithm with hardware.
The technical scheme that the present invention solves the problems of the technologies described above is following: the first territory of a kind of p SM2 elliptic curve key negotiating system, and said elliptic curve has basic G and cofactor h, and the rank of G are n; Initiator's Hash Value and response party Hash Value are respectively ZA and ZB; Initiator's PKI and initiator's private key are respectively PA and dA, and response party PKI and response party private key are respectively PB and dB; The length of the session key of initiator and response party agreement is klen; This system comprises: initiator's subsystem and response party subsystem; Said initiator's subsystem comprises: initiator control centre, initiator's random number generation module, initiator's point doubling module, initiator's point add module, initiator's key derivation module; Said response party subsystem comprises: response party control centre, response party random number generation module, response party point doubling module, response party point add module, response party key derivation module; Wherein,
Said initiator control centre is used for, and rA and G are sent to said initiator's point doubling module as one group of point doubling data; RA is sent to said response party control centre; According to x10=2
w+ [x1& (2
w-1)] and x20=2
w+ [x2& (2
w-1)] calculates x10 and x20 respectively; Calculate the scalar product x10rA of x10 and rA, calculate tA according to tA=(dA+x10rA) modn; Judge whether RB is the point on the said elliptic curve; X20 and RB are sent to said initiator's point doubling module as one group of point doubling data; Calculate the scalar product htA of h and tA; PB and [x20] RB are sent to said initiator's point as one group of point add operation data add module; HtA and (PB+ [x20] RB) are sent to said initiator's point doubling module as one group of point doubling data; Judge whether U is infinite point; The Bit String Z that xU, yU, ZA and ZB are spliced into sends to said initiator's key derivation module; The Bit String KA that initiator's key derivation module is returned exports as initiator's session key; When judging RB not for one of the point on the said elliptic curve, situation that U is infinite point, failure is consulted in output;
Said initiator's random number generation module is used for, with generate 1 and (n-1) between random number rA send to said initiator control centre;
Said initiator's point doubling module is used for, and G is carried out the rA point doubling, obtains coordinate and is (x1, some RA y1), and RA sent to said initiator control centre; RB is carried out the x20 point doubling, [x20] RB that obtains is sent to said initiator control centre; (PB+ [x20] RB) carried out the htA point doubling, the some U that obtains sent to said initiator control centre, the coordinate of said some U be (xU, yU);
Said initiator point adds module and is used for, and PB and [x20] RB are carried out point add operation, and (PB+ [x20] RB) that generate sent to said initiator control centre;
Said initiator's key derivation module is used for, and bit string Z carries out the key derivation computing, is that the Bit String KA of klen sends to said initiator control centre with the length that obtains;
Said response party control centre is used for, and rB and G are sent to said response party point doubling module as one group of point doubling data; According to x10=2
w+ [x1& (2
w-1)] and x20=2
w+ [x2& (2
w-1)] calculates x10 and x20 respectively; Calculate the scalar product x20rB of x20 and rB, calculate tB according to tB=(dB+x20rB) modn; Judge whether RA is the point on the said elliptic curve; X10 and RA are sent to said response party point doubling module as one group of point doubling data; Calculate the scalar product htB of h and tB; PA and [x10] RA are sent to said response party point as one group of point add operation data add module; HtB and (PA+ [x10] RA) are sent to said response party point doubling module as one group of point doubling data; Judge whether V is infinite point; The Bit String Z ' that xV, yV, ZA and ZB are spliced into sends to said response party key derivation module; The Bit String KB that response party key derivation module is returned exports as the response party session key; RB is sent to said initiator control centre; When judging RA not for one of the point on the said elliptic curve, situation that V is infinite point, failure is consulted in output;
Said response party random number generation module is used for, with generate 1 and (n-1) between random number rB send to said response party control centre;
Said response party point doubling module is used for, and G is carried out the rB point doubling, obtains coordinate and is (x2, some RB y2), and RB sent to said response party control centre; RA is carried out the x10 point doubling, [x10] RA that obtains is sent to said response party control centre; (PA+ [x10] RA) carried out the htB point doubling, the some V that obtains sent to said response party control centre, the coordinate of said some V be (xV, yV);
Said response party point adds module and is used for, and PA and [x10] RA are carried out point add operation, and (PA+ [x10] RA) that generate sent to said response party control centre;
Said response party key derivation module is used for, and bit string Z ' carries out the key derivation computing, is that the Bit String KB of klen sends to said response party control centre with the length that obtains;
Wherein, w is a parameter, and & is for pressing bit logic and operation symbol, and mod is a modulo operator.
Initiator control centre and response party control centre the invention has the beneficial effects as follows: owing to can arrange corresponding random number generation module, point doubling module, point to add the work schedule of module, key derivation module respectively; Make initiator's random number generation module and response party random number generation module generate at random separately 1 and (n-1) between random number rA and rB; Make initiator's point doubling module and response party point doubling module carry out the point doubling between scalar numeric value and the point respectively; The initiator is put add module and the response party point adds the point add operation that module is carried out two points respectively; Make initiator's key derivation module and response party key derivation module respectively the bit string carry out the key derivation computing, simultaneously, hold consultation the respectively judgement of success or not of initiator control centre and response party control centre; Thereby realize the key agreement between initiator and the response party; Consult when successful both sides, initiator and response party obtain same session key through initiator's key derivation module and response party key derivation module arithmetic respectively, thus the encryption and decryption that communicate; When failing to consultations merit, the information of failure is consulted in output.Therefore; The present invention can utilize initiator control centre, initiator's random number generation module, initiator's point doubling module, initiator's point to add initiator's subsystem of module, initiator's key derivation module composition and the response party subsystem that response party control centre, response party random number generation module, response party point doubling module, response party point add module, response party key derivation module composition, realizes the IKE in the SM2 ellipse curve public key cipher algorithm with hardware.
Description of drawings
Fig. 1 is the flow chart of the IKE in the SM2 ellipse curve public key cipher algorithm of national Password Management office issue;
Fig. 2 is the structure chart of the first territory of p provided by the invention SM2 elliptic curve key negotiating system;
Fig. 3 is the hardware structure diagram that initiator control centre provided by the invention and response party control centre realize scalar multiplication function;
Fig. 4 is the structure chart of point doubling module provided by the invention;
Fig. 5 adds the structure chart of module for point provided by the invention;
Fig. 6 is the structure chart of key derivation module provided by the invention;
Fig. 7 is the structure chart of a specific embodiment of the present invention;
Fig. 8 is the structure chart of another specific embodiment of the present invention.
Embodiment
Below in conjunction with accompanying drawing principle of the present invention and characteristic are described, institute gives an actual example and only is used to explain the present invention, is not to be used to limit scope of the present invention.
Fig. 1 is the flow chart of the IKE in the SM2 ellipse curve public key cipher algorithm of national Password Management office issue.In two users of the related intercommunication mutually of IKE, the user who sends first run exchange message is called the initiator, and another user then is called response party, and this two Fang Jun has public and private key right.Among the present invention, the initiator representes with symbol A, and response party representes with symbol B, thereby initiator's PKI and initiator's private key represent with PA and dA that respectively response party PKI and response party private key are represented with PB and dB respectively.As shown in Figure 1, in this flow process, steps A-101 to steps A-107 is carried out by initiator A, and step B-101 carries out by response party B to step B-106, and under the situation that condition satisfies, but the equal execution in step 108 of initiator A and response party B.
As shown in Figure 1, steps A-101 to steps A-107 is following:
Steps A-101: the given data of confirming initiator A: the session key length klen of the basic G of elliptic curve and the rank n of G, cofactor h, initiator's Hash Value ZA, response party Hash Value ZB, initiator's PKI PA and initiator's private key dA, response party PKI PB, both sides' agreement, parameter w=|| (|| log
2 n||/2) ||-1.
This step is a step of confirming given data, and follow-up steps A-102 to steps A-107 all is basic enterprising row operations of these given datas of confirming in this step.
Elliptic curve described in the present invention is the elliptic curve in the p unit finite field.In the p unit finite field, the equation of elliptic curve is y
2=x
3+ ax+b, the p here are the prime number greater than 3, and a and b are the numerical value in the p unit territory, and satisfy (4a
3+ 27b
2) mod p is not 0, mod is a modulo operator.
Elliptic curve described in the present invention has base, is designated as G, and G is a point on this elliptic curve, and the coordinate of this point is that (xG, yG), and G has rank n.In addition, elliptic curve also has a parameter, is called cofactor, representes with h among the present invention.
Initiator's Hash Value ZA carries out the resulting Hash Value of cryptographic hash computing with the Bit String that obtains behind the sign distinguished of splicing A, abscissa xA and the ordinate yA of parameter a, b, xG, yG, PA in the elliptic curve equation; Equally, response party Hash Value ZB carries out the resulting Hash Value of cryptographic hash computing with the Bit String that obtains behind the abscissa xB of the sign distinguished, a of splicing B, b, xG, yG, PB, the yB.The splicing computing here refers to a Bit String is connected to after the last position bit of last Bit String, and the cryptographic hash computing then is the computing that a kind of Bit String with random length is mapped as the fixed-length bits string, and its output valve is called Hash Value.The cryptographic hash computing has computing irreversibility and input and output correspondence one by one, thereby the Hash Value that utilizes the cryptographic hash computing to obtain can not revealed the information of its input value.
Before IKE was carried out, A and B need arrange the length of shared session key, and the present invention representes this length with klen.
When confirming parameter w, use || X || computing is the computing of confirming more than or equal to the smallest positive integral of X, for example, || 7.2||=8, || 8||=9.Therefore, || log
2 n|| be more than or equal to log
2 nSmallest positive integral, || (|| log
2 n||/2) || be more than or equal to (|| log
2 n||/2) smallest positive integral.
Steps A-102: produce 1 and (n-1) between random number rA, (x1 y1) obtains RA, and RA is sent to response party according to RA=[rA] G=.
Random number rA in this step is a positive integer, and can not surpass (n-1).
Computing formula RA=[rA] G=(x1, the G in y1) is the base of elliptic curve, rA is a random number, [rA] G computing is for to carry out the rA point doubling to G, operation result RA also is a point, its coordinate be (x1, y1).
Steps A-103: calculate tA according to tA=(dA+x10rA) modn, parameter x 10 wherein is according to formula x10=2
w+ [x1& (2
w-1)] calculates.
In this step, the computing of x10rA is the scalar multiplication in the p unit finite field.X10=2
w+ [x1& (2
w-1) &] is for pressing bit logic and operation symbol.
Steps A-104: the RB that receiving step B-106 sends, and judge whether the coordinate of RB satisfies the elliptic curve equation among the present invention, and promptly whether RB is the point on the elliptic curve is execution in step A-105 then, otherwise, execution in step 108.
This step mainly is a determining step, on the basis of step B-106, carries out.
Steps A-105: according to U=[htA] (PB+ [x20] RB)=(xU yU) calculates U, and x20 wherein is according to formula x20=2
w+ [x2& (2
w-1)] calculates.
HtA in this step is the scalar multiplication, obtains the numerical value in the p unit finite field; [x20] RB is for to carry out the x20 point doubling to RB; Result who obtains and PB carry out the point add operation in the p unit finite field again, and operation result still is a point, like this; [htA] (PB+ [x20] RB) carries out the htA point doubling to point (PB+ [x20] RB); Operation result U is the new point of on the elliptic curve, its coordinate be (xU, yU).
Steps A-106: whether the resulting U of determining step A-105 is infinite point, is execution in step 108 then, otherwise execution in step A-107.
Here said infinite point is a particular point on the p unit finite field elliptic curve; The computing that steps A-105 is carried out is a point doubling; Its operation result might be infinite point; And IKE will be used the coordinate of a U when A is in session key after consulting successfully, and the some U that participates in here calculating can not be an infinite point, thereby need judge whether U is infinite point in this step.
Steps A-107: consult successfully, according to KA=KDF (xU-yU-ZA-ZB, klen) session key KA.
Negotiation in this step successfully has two layers of meaning, and the first has realized the key confirmation from B to A, has realized that promptly A be sure of that B has the assurance of session key; In addition; Because because this step is to receive B in steps A-104 on the basis of the RB that step B-106 sends, to carry out, and step B-106 judgement is consulted from A to B successfully, has promptly realized the key confirmation from A to B; B be sure of that A has the assurance of session key; Like this, the negotiation success in this step has just had another layer implication, and promptly AB both sides be sure of that all the other side has had session key; Be IKE the AB both sides' that will carry out negotiation successful fully, A only need calculate session key can finish negotiations process.
Here according to KA=KDF (xU-yU-ZA-ZB; Klen) KA that calculates is that A and B want shared session key among the present invention; From the angle of mathematics, whole IKE is after this step, and the KA that is calculated by this step is identical with the KB that step B-106 calculates; Thereby AB both sides can encrypt with the data that same session key subtend the other side sends, and the enciphered data that the other side sends is deciphered.
The Bit String that the xU-yU-ZA-ZB here is spliced for abscissa xU, ordinate yU, initiator's Hash Value ZA and response party Hash Value ZB by U; KDF (xU-yU-ZA-ZB; Klen) computing is that bit string xU-yU-ZA-ZB carries out the key derivation computing, and generating length is the Bit String of klen, and KDF wherein is the sign of key derivation function; If represent Bit String xU-yU-ZA-ZB with Bit String Z; The counting variable ct of one 32 bit is set, and the length that is located at the Hash Value that the cryptographic hash computing carried out in this key derivation computing generates is the v bit, then the operation rule of this key derivation computing is:
(a) initial value of putting ct for represent with 16 systems 00000001;
(b) determine smallest positive integral more than or equal to (klen/v) || klen/v||, i is increased to from 1 in cyclic variable || and the process of klen/v||, b1 and b2 step are carried out in circulation:
(b1) according to Ha
i=H
v(Z-ct) obtain Ha
iWherein, H
v(Z-ct) be that the Bit String that Z and ct are spliced is carried out the cryptographic hash computing, the length of the Hash Value of generation is the v bit;
(b2) ct increases progressively 00000001 of 16 systems;
(c) if (klen/v) be integer, then put Ha!
|| klen/v||=Ha
|| klen/v||Otherwise, then with Ha!
|| klen/v||Be changed to Bit String Ha
|| klen/v||In from the highest-order bit
Bit, wherein
For being less than or equal to the smallest positive integral of (klen/v);
(d) splice computing KA=Ha
1-Ha
2-...-Ha
(|| klen/v||-1)-Ha!
|| klen/v||, obtain session key KA.
Thus, to step (d), can obtain session key KA from step (a) through the key derivation computing, can find out, in this key derivation calculating process, except Bit String splicing computing, most crucial computing is carried out the cryptographic hash computing for circulation.The purpose of step (c) is, confirm to be used in the step (d) to be spliced into KA last Bit String Ha!
|| klen/v||, make the length of KA meet the length klen that AB makes an appointment.
Step B-101 is following to step B-106:
Step B-101: the given data of confirming response party B: the session key length klen of the basic G of elliptic curve and the rank n of G, cofactor h, initiator's Hash Value ZA, response party Hash Value ZB, response party PKI PB and response party private key dB, initiator's PKI PA, both sides' agreement, parameter w=|| (|| log
2 n||/2) ||-1.
This step is similar with steps A-101, also is a step of confirming given data, and follow-up step B-102 all is basic enterprising row operations of these given datas of confirming in this step to step B-106.
Step B-102: produce 1 and (n-1) between random number rB, (x2 y2) obtains RB, obtains tB according to tB=(dB+x20rB) modn, and parameter x 20 wherein is according to formula x20=2 according to RB=[rB] G=
w+ [x2& (2
w-1)] calculates.
Similar with steps A-102, [rB] G in this step also is the point doubling that G is carried out, the difference be doubly to put the number of times difference, what carry out here is the rB point doubling, operation result RB also is a point, its coordinate be (x2, y2).
Similar with steps A-103, the x20rB in this step also is the scalar multiplication in the p unit finite field.
Step B-103: receiving the RA that A sends, and judge whether the coordinate of RA satisfies the elliptic curve equation, is execution in step B-104 then, otherwise execution in step 108.
The coordinate of the RA that this step the received point that to be A calculate through steps A-102.
Step B-104: according to V=[htB] (PA+ [x10] RA)=(xV yV) calculates V, and x10 wherein can pass through formula x10=2
w+ [x1& (2
w-1)] calculates.
Similar with steps A-105, the htB in this step is the scalar multiplication, obtains the numerical value in the p unit finite field; [x10] RA is for to carry out the x10 point doubling to RA; Result who obtains and PA carry out the point add operation in the p unit finite field again, and operation result still is a point, like this; [htB] (PA+ [x10] RA) carries out the htB point doubling to point (PA+ [x10] RA); Operation result V is the new point of on the elliptic curve, its coordinate be (xV, yV).
Step B-105: whether the V that determining step B-104 obtains is infinite point, is execution in step 108 then, otherwise execution in step B-106.
Step B-106: the negotiation success from A to B, (xV-yV-ZA-ZB klen) calculates KB, and RB is sent to A according to KB=KDF.
In this step, the negotiation success from A to B means and has realized the key confirmation from A to B; Be that B be sure of that A has the assurance of session key, thereby can calculate KB and be used as session key, and finish the negotiations process of response party; Steps A-104 is transferred in the remaining work of IKE, is carried out by initiator A, consults also success if A judges; The then negotiations process of this IKE success fully; And in steps A-107, calculate initiator's session key KA, say that from the angle of mathematics KA that steps A-107 obtains and the KB that this step obtains equate; Be that initiator A and response party B are in communication process after this, with using identical session key to come information encryption and deciphering.
In addition, step 108 is: consult failure.
Here; No matter be that A execution in step A-101 carries out this step to the process of steps A-107; Still B carries out this step at execution in step B-101 to the process of step B-106; Be the negotiations process failure of whole IKE, then AB both sides need open the session key that negotiations process could obtain shared by both parties again.
Fig. 2 is the structure chart of the first territory of p provided by the invention SM2 elliptic curve key negotiating system.Elliptic curve described in the present invention has basic G and cofactor h, and the rank of G are n; Initiator's Hash Value and response party Hash Value are respectively ZA and ZB; Initiator's PKI and initiator's private key are respectively PA and dA, and response party PKI and response party private key are respectively PB and dB; The length of the session key of initiator and response party agreement is klen.This key agreement system is used for realizing from hardware the IKE of p unit territory SM2 ellipse curve public key cipher algorithm; If initiator and response party are consulted successfully; Then the two generates identical session key respectively, and the length of this session key is about measured length klen.
As shown in Figure 2, this system comprises: initiator's subsystem 212 and response party subsystem 213; Initiator's subsystem 212 comprises: initiator control centre 201, initiator's random number generation module 202, initiator's point doubling module 205, initiator's point add module 204, initiator's key derivation module 203; Response party subsystem 213 comprises: response party control centre 206, response party random number generation module 207, response party point doubling module 208, response party point add module 209, response party key derivation module 210; It is thus clear that each module in initiator's subsystem and the response party subsystem is corresponding each other, available same hardware is realized.In this system,
Initiator control centre 201 is used for, and rA and G are sent to initiator's point doubling module 205 as one group of point doubling data; RA is sent to response party control centre 206; According to x10=2
w+ [x1& (2
w-1)] and x20=2
w+ [x2& (2
w-1)] calculates x10 and x20 respectively; Calculate the scalar product x10rA of x10 and rA, calculate tA according to tA=(dA+x10rA) modn; Judge whether RB is the point on the elliptic curve; X20 and RB are sent to initiator's point doubling module 205 as one group of point doubling data; Calculate the scalar product htA of h and tA; PB and [x20] RB are sent to initiator's point as one group of point add operation data add module 204; HtA and (PB+ [x20] RB) are sent to initiator's point doubling module 205 as one group of point doubling data; Judge whether U is infinite point; The Bit String Z that xU, yU, ZA and ZB are spliced into sends to initiator's key derivation module 203; The Bit String KA that initiator's key derivation module 203 is returned exports as initiator's session key; When judging RB not for one of the point on the elliptic curve, situation that U is infinite point, failure is consulted in output;
Initiator's random number generation module 202 is used for, with generate 1 and (n-1) between random number rA send to initiator control centre 201;
Initiator's point doubling module 205 is used for, and G is carried out the rA point doubling, obtains coordinate and is (x1, some RA y1), and RA sent to initiator control centre 201; RB is carried out the x20 point doubling, [x20] RB that obtains is sent to initiator control centre 201; (PB+ [x20] RB) carried out the htA point doubling, the some U that obtains sent to initiator control centre 201, the some U coordinate be (xU, yU);
Initiator's point adds module 204 and is used for, and PB and [x20] RB are carried out point add operation, and (PB+ [x20] RB) that generate sent to initiator control centre 201;
Initiator's key derivation module 203 is used for, and bit string Z carries out the key derivation computing, is that the Bit String KA of klen sends to initiator control centre 201 with the length that obtains;
Response party control centre 206 is used for, and rB and G are sent to response party point doubling module 208 as one group of point doubling data; According to x10=2
w+ [x1& (2
w-1)] and x20=2
w+ [x2& (2
w-1)] calculates x10 and x20 respectively; Calculate the scalar product x20rB of x20 and rB, calculate tB according to tB=(dB+x20rB) modn; Judge whether RA is the point on the elliptic curve; X10 and RA are sent to response party point doubling module 208 as one group of point doubling data; Calculate the scalar product htB of h and tB; PA and [x10] RA are sent to the response party point as one group of point add operation data add module 209; HtB and (PA+ [x10] RA) are sent to response party point doubling module 208 as one group of point doubling data; Judge whether V is infinite point; The Bit String Z ' that xV, yV, ZA and ZB are spliced into sends to response party key derivation module 210; The Bit String KB that response party key derivation module 210 is returned exports as the response party session key; RB is sent to initiator control centre 201; When judging RA not for one of the point on the elliptic curve, situation that V is infinite point, failure is consulted in output;
Response party random number generation module 207 is used for, with generate 1 and (n-1) between random number rB send to response party control centre 206;
Response party point doubling module 208 is used for, and G is carried out the rB point doubling, obtains coordinate and is (x2, some RB y2), and RB sent to response party control centre 206; RA is carried out the x10 point doubling, [x10] RA that obtains is sent to response party control centre 206; (PA+ [x10] RA) carried out the htB point doubling, the some V that obtains sent to response party control centre 206, the some V coordinate be (xV, yV);
The response party point adds module 209 and is used for, and PA and [x10] RA are carried out point add operation, and (PA+ [x10] RA) that generate sent to response party control centre 206;
Response party key derivation module 210 is used for, and bit string Z ' carries out the key derivation computing, is that the Bit String KB of klen sends to response party control centre 206 with the length that obtains;
Wherein, w is a parameter, and & is for pressing bit logic and operation symbol, and mod is a modulo operator.
It is pointed out that the computing of among the present invention point being carried out, all refer to the computing that the coordinate to this point carries out, for example, point add operation is the computing that the coordinate to two points carries out, and point doubling is the computing that the coordinate to a scalar and a point carries out.Therefore, each module mentioned among the present invention or submodule send or acceptance point, and what refer to is exactly the coordinate that sends or receive this point.
Initiator control centre and response party control centre among the present invention are the control centre that belongs to subsystem separately; Be responsible for to arrange the work schedule of each module in the subsystem of place, and with data transmit at each intermodule, computing, send the data to the control centre in another subsystem; Most important; These two control centres are responsible for judging and consult success or not can judge like initiator control centre whether RB is the point on the elliptic curve, if judged result is for denying; Then failure is consulted in output, the negotiation failure of this explanation initiator and response party.Again for example, response party control centre is responsible for judging whether V is infinite point, if then failure is consulted in output, this also explains the negotiation failure of initiator and response party.
Corresponding with the flow chart of Fig. 1 issue, its steps A-101 to steps A-107 is realized that by initiator's subsystem step B-101 is realized by the response party subsystem that to step B-106 step 108 then realizes by both party jointly.Wherein, Steps A-101 is realized by the control centre in the corresponding subsystem with step B-101; Be about to each the given data input in these two steps or be stored in the control centre in the corresponding subsystem, and send to corresponding module, so that in calculating, use by this control centre; Produce in the steps A-101 1 and (n-1) between the step of random number rA realize by initiator's random number generation module; According to RA=[rA] G=(x1; Y1) step that obtains RA realizes that by initiator's point doubling module the step and steps A-103, A-104 and the A-106 that RA are sent to response party are realized by initiator control centre; Scalar multiplication in the steps A-105 between h and the tA is realized by initiator control centre; Between x20 and the RB and the point doubling between htA and (PB+ [x20] RB) realize that by initiator's point doubling module the point add operation between PB and [x20] RB is put by the initiator and added module and realizes; Judge in the steps A-107 that consulting successful step realizes that by initiator control centre (xU-yU-ZA-ZB, klen) step of session key KA is realized by initiator's key derivation module according to KA=KDF.Corresponding with each module of initiator's subsystem; Each module in the response party subsystem also can performing step B-101 to step B-106; Be specially: produce among the step B-102 1 and (n-1) between the step of random number rB realize by response party random number generation module; (x2, the step that y2) obtains RB realizes by response party point doubling module, obtains tB and according to formula x20=2 according to tB=(dB+x20rB) modn according to RB=[rB] G=
w+ [x2& (2
w-1) step and the step B-103 that] calculate x20 are realized by response party control centre; Among the step B-104; Scalar multiplication between h and the tB is realized by response party control centre; Between x10 and the RA and the point doubling between htB and (PA+ [x10] RA) realize by response party point doubling module; Point add operation between PA and [x10] RA adds module by the response party point to be realized; Judge step that negotiation from A to B is successful and the step that RB is sent to initiator A among step B-105 and the B-106 by the realization of response party control centre, (xV-yV-ZA-ZB, the step that klen) calculates KB is realized by response party key derivation module according to KB=KDF.According to situation about judging, step 108 is realized by initiator control centre or response party control centre.
This shows; Because initiator control centre and response party control centre can arrange corresponding random number generation module, point doubling module, point to add the work schedule of module, key derivation module respectively; Make initiator's random number generation module and response party random number generation module generate at random separately 1 and (n-1) between random number rA and rB; Make initiator's point doubling module and response party point doubling module carry out the point doubling between scalar numeric value and the point respectively, the initiator put add module and the response party point adds the point add operation that module is carried out two points respectively, make initiator's key derivation module and response party key derivation module respectively the bit string carry out the key derivation computing; Simultaneously; Hold consultation the respectively judgement of success or not of initiator control centre and response party control centre, thus realize the key agreement between initiator and the response party, consult when successful both sides; Initiator and response party obtain same session key through initiator's key derivation module and response party key derivation module arithmetic respectively; Thereby the encryption and decryption that communicate, when failing to consultations merit, the information of failure is consulted in output.Therefore; The present invention can utilize initiator control centre, initiator's random number generation module, initiator's point doubling module, initiator's point to add initiator's subsystem of module, initiator's key derivation module composition and the response party subsystem that response party control centre, response party random number generation module, response party point doubling module, response party point add module, response party key derivation module composition, realizes the IKE in the SM2 ellipse curve public key cipher algorithm with hardware.
Because the present invention can utilize hardware to realize the IKE in the SM2 ellipse curve public key cipher algorithm, realize that with respect to the software of this IKE arithmetic speed of the present invention is faster, fail safe is also higher.
As shown in Figure 2; This system further comprises w generation module 211; Be used for calculating parameter w, and it is sent to initiator control centre 201 and response party control centre 206 respectively according to
.
Initiator control centre among the present invention and response party control centre all have scalar multiplication function, and this function can realize through identical hardware configuration.Fig. 3 is the hardware structure diagram that initiator control centre provided by the invention and response party control centre realize scalar multiplication function, and this hardware configuration is contained in initiator control centre and response party control centre is inner.As shown in Figure 3, this hardware configuration comprises: control submodule 301, territory conversion submodule 302, territory, Montgomery multiplication submodule 303; Wherein,
Territory, Montgomery multiplication submodule 303 is used for, and the value in m and each territory, comfortable Montgomery of j is carried out the multiplying of territory, Montgomery, and the product mj that obtains is returned control submodule 301; Mj and 1 is carried out the multiplying of territory, Montgomery, obtain m and j scalar product in the value of finite field; M and j are returned control submodule 301 at the scalar product of the value of finite field.
Here related m and j are two scalars that carry out the scalar multiplication; It can represent x10 and the rA that carries out the scalar multiplication through initiator control centre among Fig. 2 201; Or h and tA, also can represent the x20 and the rB that carry out the scalar multiplication through response party control centre 206, or h and tB.
Among the present invention; Initiator control centre and response party control centre are transformed into two data of scalar multiplication in the territory, Montgomery by finite field and carry out; Can reduce the computing difficulty greatly, improve operation efficiency, help further improving the arithmetic speed of IKE.
Certainly, the control submodule among Fig. 3 can also be accomplished other controls, computing, the arbitration functions of the control centre at its place as the control core in initiator control centre or the response party control centre.For example, the control submodule in the initiator control centre can also be used for except the controlled function with the described scalar multiplication of Fig. 3: rA and G are sent to initiator's point doubling module as one group of point doubling data; RA is sent to the control submodule in the response party control centre; According to x10=2
w+ [x1& (2
w-1)] and x20=2
w+ [x2& (2
w-1)] calculates x10 and x20 respectively; Calculate tA according to tA=(dA+x10rA) modn; Judge whether RB is the point on the elliptic curve; X20 and RB are sent to initiator's point doubling module as one group of point doubling data; PB and [x20] RB are sent to initiator's point as one group of point add operation data add module; HtA and (PB+ [x20] RB) are sent to initiator's point doubling module as one group of point doubling data; Judge whether U is infinite point; The Bit String Z that xU, yU, ZA and ZB are spliced into sends to initiator's key derivation module; The Bit String KA that initiator's key derivation module is returned exports as initiator's session key; When judging RB not for one of the point on the elliptic curve, situation that U is infinite point, failure is consulted in output.For another example, the control submodule in the response party control centre can also be used for except the controlled function with the described scalar multiplication of Fig. 3: rB and G are sent to response party point doubling module as one group of point doubling data; According to x10=2
w+ [x1& (2
w-1)] and x20=2
w+ [x2& (2
w-1)] calculates x10 and x20 respectively; Calculate tB according to tB=(dB+x20rB) modn; Judge whether RA is the point on the elliptic curve; X10 and RA are sent to response party point doubling module as one group of point doubling data; PA and [x10] RA are sent to the response party point as one group of point add operation data add module; HtB and (PA+ [x10] RA) are sent to response party point doubling module as one group of point doubling data; Judge whether V is infinite point; The Bit String Z ' that xV, yV, ZA and ZB are spliced into sends to response party key derivation module; The Bit String KB that response party key derivation module is returned exports as the response party session key; RB is sent to the control submodule in the initiator control centre; When judging RA not for one of the point on the elliptic curve, situation that V is infinite point, failure is consulted in output.
Among the present invention; Initiator's point doubling module and response party point doubling module are the module of carrying out point doubling; Its point doubling that carries out is identical, thereby can realize that this hardware mechanism can be referred to as the point doubling module with identical hardware mechanism.Fig. 4 is the structure chart of point doubling module provided by the invention, and this point doubling module can be used as initiator's point doubling module, also can be used as response party point doubling module.
As shown in Figure 4, this point doubling module comprises: invert submodule 402, projection mooring points of point doubling control submodule 401, projective system two point doubling submodules 404, territory conversion submodule 403, territory, Montgomery multiplication submodule 405, finite field adds submodule 406; Wherein,
Point doubling control submodule 401 is used for, and receives one group of point doubling data being made up of numerical value f and some C, with the coordinate (xc of C under affine coordinate system; Yc) convert the coordinate (xc2 of C under projective coordinate system into; Yc2,1), and with xc2, yc2,1 sends to territory conversion submodule 403; Will (zc3) sending to the projection mooring points adds submodule 406 for xc3, yc3, and with its as [f] C the coordinate in territory, Montgomery (xc1, yc1, initial value zc1), [f] C wherein are the result who C is carried out the f point doubling; Confirm the binary bits length L of f; With the initial value of the inferior higher bit position in the binary form of f as its current bit; Inferior higher bit position from the binary form of f begins; Bit of each reduction till its lowest bit position, carries out (L-1) inferior interative computation as current bit; (zc1 in zc1) sends to territory, Montgomery multiplication submodule 405 for xc1, yc1 with the coordinate as a result of (L-1) inferior interative computation; Zc1 is sent to the finite field submodule 402 of inverting in the value of finite field; With zc1
-1Value in finite field sends to territory conversion submodule 403; With the coordinate as a result of (L-1) inferior interative computation (xc1, yc1, xc1, yc1 and zc1 in zc1)
-1Value in the territory, Montgomery sends to territory, Montgomery multiplication submodule 405; 1 xc1 that returns with territory, Montgomery multiplication submodule 405 is sent to territory, Montgomery multiplication submodule 405 in the value of affine coordinate system; 1 yc1 that returns with territory, Montgomery multiplication submodule 405 is sent to territory, Montgomery multiplication submodule 405 in the value of affine coordinate system; With xc1, the two coordinate of forming in the value of finite field of yc1 (xc1, yc1) the operation result output of conduct [f] C; An interative computation wherein comprises: with coordinate (xc1; Yc1; Zc1) currency sends to projective system two point doubling submodules 404, be under the situation of binary one at the current bit of f, the output coordinate that projective system two point doubling submodules 404 are returned sends to the projection mooring points and adds submodule 406;
Projective system two point doubling submodules 404 are used for, and input coordinate is carried out two point doublings, and operation result is back to point doubling control submodule 401 as output coordinate;
The projection mooring points adds submodule 406 and is used for, with input coordinate with (xc3, yc3 zc3) carry out point add operation, and operation result is sent to point doubling control submodule 401;
Territory, Montgomery multiplication submodule 405 is used for, and zc1 is carried out the multiplying of territory, Montgomery in the value and 1 in territory, Montgomery, and the zc1 that obtains is sent to point doubling control submodule 401 in the value of finite field; To xc1 and zc1
-1Value in the territory, Montgomery is carried out the multiplying of territory, Montgomery, to yc1 and zc1
-1Value in the territory, Montgomery is carried out the multiplying of territory, Montgomery, and the two returns point doubling control submodule 401 in the value of affine coordinate system with the xc1 that obtains respectively, yc1; Carry out Montgomery territory multiplying with xc1 in the value of affine coordinate system to 1, yc1 is carried out the multiplying of territory, Montgomery in the value and 1 of affine coordinate system, the xc1 that obtains, the two value in finite field of yc1 are turned back to point doubling control submodule 401;
The finite field submodule 402 of inverting is used for, and zc1 is carried out inversion operation in the value of finite field, with the zc1 that obtains
-1Value in finite field sends to point doubling control submodule 401.
Here the numerical value f that one group of point doubling data comprised that carries out point doubling is received by the control centre of point doubling control submodule from the subsystem at its place with some C; Be arranged in initiator's subsystem like it; Then be received from initiator control centre; Be arranged in the response party subsystem like it, then be received from response party control centre.And f here and C are respectively referring to of the numerical value respectively organized in the point doubling data and point; As, the initiator control centre that f and C can be respectively shown in Figure 2 sends to the rA and the G of initiator's point doubling module, or x20 and RB; Or htA and (PB+ [x20] RB); Also can send to the rB and the G of response party point doubling module for response party control centre, or x10 and RA, or htB and (PA+ [x10] RA).Certainly, above-mentioned xc2, yc2, xc3, yc3, zc3, xc1, yc1, zc1 and zc1
-1Also can be respectively with Fig. 2 in corresponding computing numerical value in the function of initiator's point doubling module 205 or response party point doubling module 208 corresponding one by one.
Point doubling module as shown in Figure 4 provided by the invention; Earlier data are transformed into projective coordinate system by affine coordinate system, again it are transformed into the territory, Montgomery from finite field, so just can carry out corresponding calculated in the territory, Montgomery; After the completion data are transformed into affine coordinate system from projective coordinate system; Be transformed into finite field from the territory, Montgomery again, the result of point doubling output the most at last is with respect to directly calculating at affine coordinate system; Though the present invention has increased between coordinate system and the data conversion process between the territory, the efficient of point doubling still has very big raising.
In the system shown in Figure 2, what initiator point added that module and response party point add that module realizes all is to put to add function, thereby can realize that this hardware is called and a little adds module with identical hardware.Fig. 5 is the structure chart that point provided by the invention adds module, and this point adds module can add module as initiator's point, also can add module as the response party point.
As shown in Figure 5, this point adds module and comprises: point adds control submodule 501, territory conversion submodule 502, projection mooring points and adds submodule 504, territory, Montgomery multiplication submodule 503, the finite field submodule 505 of inverting; Wherein,
Point adds control submodule 501 and is used for, with coordinate under affine coordinate system of the some PP1 that will carry out point add operation that receives and PP2 (x11 ', y11 ') and (x12 '; Y12 ') convert into respectively coordinate under each comfortable projective coordinate system (x11 '; Y11 ', 1) and (x12 ', y12 '; 1), and with x11 ', y11 ', 1 and x12 ', y12 ', 1 send to territory conversion submodule 502; The coordinate that the coordinate that x111 ', y111 ', z111 ' are formed (x111 ', y111 ', z111 ') and x121 ', y121 ', z121 ' form (x121 ', y121 ', z121 ') sends to the projection mooring points and adds submodule 504; The z131 ' that the projection mooring points is added in the coordinate that submodule 504 returns (x131 ', y131 ', z131 ') sends to territory, Montgomery multiplication submodule 503; The z131 ' that territory, Montgomery multiplication submodule 503 is returned sends to the finite field submodule 505 of inverting in the value of finite field; With z131 '
-1Value in finite field sends to territory conversion submodule 502; With x131 ', y131 ' and the z131 ' in the coordinate (x131 ', y131 ', z131 ')
-1Value in the territory, Montgomery sends to territory, Montgomery multiplication submodule 503; With 1 x131 ' that returns with territory, Montgomery multiplication submodule 503 the value of affine coordinate system, 1 and the y131 ' that returns of territory, Montgomery multiplication submodule 503 send to territory, Montgomery multiplication submodule 503 respectively in the value of affine coordinate system; The x131 ' that territory, Montgomery multiplication submodule 503 is returned, the two coordinate of forming in the value of finite field of y131 ' (x131 ', y131 ') export as PP1 and PP2 carry out point add operation under affine coordinate system result;
The projection mooring points adds submodule 504 and is used for, and the coordinate (x111 ', y111 ', z111 ') of input is carried out point add operation with (x121 ', y121 ', z121 '), the coordinate that obtains (x131 ', y131 ', z131 ') reentry point is added control submodule 501;
Territory, Montgomery multiplication submodule 503 is used for, and the z131 ' and 1 of input is carried out the multiplying of territory, Montgomery, the z131 ' that obtains is sent to a little to add in the value of finite field control submodule 501; To x131 ' and z11 '
-1Value, y131 ' and z11 ' in the territory, Montgomery
-1Value in the territory, Montgomery is carried out the multiplying of territory, Montgomery respectively, and the x131 ' that obtains, the two value reentry point at affine coordinate system of y131 ' are added control submodule 501; The two carries out the multiplying of territory, Montgomery with 1 respectively in the value of affine coordinate system to x131 ', y131 ', and the x131 ' that obtains, the two value reentry point in finite field of y131 ' are added control submodule 501;
The finite field submodule 505 of inverting is used for, and the z131 ' of input is carried out inversion operation in the value of finite field, with the z131 ' that obtains
-1Send in the value of finite field and a little to add control submodule 501.
Some PP1 here and PP2 add the data that the control centre of control submodule from the subsystem that self belongs to receives for point; Be arranged in initiator's subsystem like it; Then be received from initiator control centre, be arranged in the response party subsystem, then be received from response party control centre like it.
The some PP1 here and PP2 representative be that the initiator puts and adds the control submodule or the response party point adds the data that the control submodule carries out point add operation; As; On behalf of initiator control centre, PP1 and PP2 can respectively send to point add operation data PB and [x20] RB that initiator's point adds module, also can represent response party control centre to send to point add operation data PA and [x10] RA that the response party point adds module respectively.
Point as shown in Figure 5 provided by the invention adds module; Be that PP1 and the Coordinate Conversion of PP2 under affine coordinate system are arrived projective coordinate system, be transformed into the territory, Montgomery from finite field then and carry out corresponding calculating, be transformed into affine coordinate system from projective coordinate system again after the completion; Be transformed into finite field from the territory, Montgomery; At last with result output, though this process than directly under affine coordinate system computing increased the data transaction step, operation efficiency still has very big raising.
Among the present invention, initiator's key derivation module and response party key derivation module are the module that realizes the key derivation function, can realize that also this hardware configuration is called the key derivation module with identical hardware configuration.Fig. 6 is the structure chart of key derivation module provided by the invention, and this key derivation module can be used as initiator's key derivation module, also can be used as response party key derivation module and uses.
As shown in Figure 6, this key derivation module comprises: the length of the Hash Value of key derivation control submodule 601, output is the cryptographic hash submodule 602 of v bit; Wherein,
Key derivation control submodule 601 is used for, and receives input bit string ZZ; The initial value that the counting variable ct of 32 bits is set be 16 systems represent 00000001; Confirm smallest positive integral ‖ klen/v ‖ more than or equal to (klen/v); Cyclic variable i is incremented to ‖ klen/v ‖ from 1, increases progressively 1 at every turn, carries out ‖ cryptographic hash computing of ‖ klen/v; At (klen/v) is under the situation of integer, put Ha!
|| klen/v||=Ha
|| klen/v||At (klen/v) is not under the situation of integer, with Ha!
|| klen/v||Be changed to Bit String Ha
|| klen/v||In from the highest-order bit
Bit, wherein
For being less than or equal to the smallest positive integral of (klen/v); With i from 1 be incremented to (‖ klen/v||-1) Ha
iAnd Ha!
|| klen/v||Splice in order, the Bit String that with the length that obtains is the klen bit is as result's output of ZZ being carried out the key derivation computing; Wherein, a cryptographic hash computing comprises: currency and the ZZ of ct are spliced into Bit String ZZ-ct; ZZ-ct is sent to cryptographic hash submodule 602; The H that cryptographic hash submodule 602 is returned
v(ZZ-ct) assignment is given the Ha of v bit
iThe value of ct increases by 00000001 of 16 systems;
Cryptographic hash submodule 602 is used for, and ZZ-ct carries out the cryptographic hash computing to the input bit string, with the Hash Value H of the v bit of exporting
v(ZZ-ct) " return " key" derives from control submodule 601.
Here; Bit String ZZ is that the control centre of key derivation control submodule from the subsystem that self belongs to receives, and is arranged in initiator's subsystem like it, then is received from initiator control centre; Be arranged in the response party subsystem like it, then be received from response party control centre.
What Bit String ZZ represented is the Bit String that initiator's key derivation module or response party key derivation module are received; For example; ZZ can presentation graphs 2 in initiator control centre send to the Bit String Z of initiator's key derivation module, can represent that also response party control centre sends to the Bit String Z ' of response party key derivation module.
Can find out that in this system, the part of module of initiator's subsystem and response party subsystem can corresponding have identical structure, can be the random number generation module of same structure like initiator's random number generation module and response party random number generation module; Initiator's point doubling module and response party point doubling module can be the point doubling module of same structure; Initiator point adds module and response party point and adds module and can add module for the point of same structure; Initiator's key derivation module and response party key derivation module can be the key derivation module of same structure, therefore, can carry out corresponding module in two sub-systems multiplexing, thereby the economize on hardware resource improves level of integrated system, reduces chip area.
Fig. 7 is the structure chart of a specific embodiment of the present invention.As shown in Figure 7; This system comprises that initiator control centre 701, response party control centre 702, random number generation module 704, point doubling module 705, point add module 706, key derivation module 707; Compare with Fig. 2 structure, initiator's random number generation module among Fig. 2 and response party random number generation module are realized with same random number generation module 704 in Fig. 7; Initiator's point doubling module and response party point doubling module realize with same point doubling module 705 in Fig. 7; Initiator point adds module and adds module with the response party point and in Fig. 7, add module 706 realizations with same point; Initiator's key derivation module and response party key derivation module realize with same key derivation module 707 in Fig. 7; In addition, this system further comprises on the basis of system shown in Figure 2 structure: upper strata final election module 703;
Initiator control centre 701 is used for, and sends initiator's Seize ACK message to upper strata final election module 703;
Response party control centre 702 is used for, and sends the response party Seize ACK message to upper strata final election module 703;
Upper strata final election module 703 is used for; According to initiator's Seize ACK message; The mode of operation that random number generation module 704, point doubling module 705, point is added module 706, key derivation module 707 is changed to initiator's pattern; Make each module have initiator's random number generation module among Fig. 2, initiator's point doubling module respectively, initiator's point adds the function of module, initiator's key derivation module, and transmit initiator control centre 701 with random number generation module 704, point doubling module 705, put and add the communication data between module 706, the key derivation module 707; According to the response party Seize ACK message mode of operation that random number generation module 704, point doubling module 705, point add module 706, key derivation module 707 is changed to the response party pattern; Make each module have the function that response party random number generation module among Fig. 2, response party point doubling module, response party point add module, response party key derivation module respectively, and transmitted response side control centre and random number generation module 704, point doubling module 705, point add the communication data between module 706, the key derivation module 707.
In addition, can further include w generation module 708 among Fig. 7, to realize generating the function that w sends to initiator control centre 701 and response party control centre 702.
This shows; Among the embodiment shown in Figure 7; Through setting up a upper strata final election module as other module communication forwarding of data modules in initiator control centre and response party control centre and the subsystem separately, initiator control centre and response party control centre only need be through the mode of operations of other modules of upper strata final election module controls, can make the identical module realization of counter structure in two sub-systems multiplexing; Thereby significantly reduced the quantity of module, practiced thrift the resource of hardware.
Further, can know that the initiator control centre among Fig. 7 embodiment, response party control centre, point doubling module, point add submodule multiplexing that module can also further realize identical function through the structure of Fig. 3,4, each module shown in 5.Can obtain the structure chart of another specific embodiment of the present invention shown in Figure 8 thus.
System among Fig. 8 embodiment comprises: by initiator control centre shown in Figure 7, response party control centre, point doubling module, point add module shared territory conversion submodule 810, territory, Montgomery multiplication submodule 811; By point doubling module, point add module shared projection mooring points add submodule 812, the finite field submodule 813 of inverting;
This system further comprises lower floor's final election module 808, to realize above-mentioned territory conversion submodule 810, territory, Montgomery multiplication submodule 811, projection mooring points being added the shared of submodule 813 of inverting of submodule 812, finite field;
Initiator control centre among Fig. 7 can also comprise: the initiator controls submodule 801; Response party control centre also comprises: response party control submodule 802; The point doubling module also comprises: point doubling control submodule 805, projective system two point doubling submodules 809; Point adds module and also comprises: point adds control submodule 806; Random number generation module among Fig. 7, the upper strata label of final election module in Fig. 8 are respectively 804 and 803, identical among its function and Fig. 7.
Initiator among Fig. 8 controls submodule and is used for, and sends the initiator to lower floor's final election module and controls the submodule Seize ACK message; The value of needs being carried out two finite fields of scalar multiplication sends to territory conversion submodule; The value of the territory being changed the territory, two Montgomeries that submodule returns sends to territory, Montgomery multiplication submodule; 1 product that returns with territory, Montgomery multiplication submodule is sent to territory, Montgomery multiplication submodule; Except said scalar multiplication function here; This initiator controls the function that submodule also has other module work schedules of data operation, judgement and control that the initiator center is had among Fig. 2, for example: rA and G are sent to point doubling control submodule as one group of point doubling data; RA is sent to response party control submodule; According to x10=2
w+ [x1& (2
w-1)] and x20=2
w+ [x2& (2
w-1)] calculates x10 and x20 respectively; Calculate tA according to tA=(dA+x10rA) modn; Judge whether RB is the point on the elliptic curve; X20 and RB are sent to point doubling control submodule as one group of point doubling data; PB and [x20] RB sent to as one group of point add operation data a little add the control submodule; HtA and (PB+ [x20] RB) are sent to point doubling control submodule as one group of point doubling data; Judge whether U is infinite point; The Bit String Z that xU, yU, ZA and ZB are spliced into sends to the key derivation module; The Bit String KA that the key derivation module is returned exports as initiator's session key; When judging RB not for one of the point on the elliptic curve, situation that U is infinite point, failure is consulted in output; Thus, this initiator controls submodule through lower floor's final election module, has constituted initiator control centre shown in Figure 3 jointly with territory conversion submodule, territory, Montgomery multiplication submodule, has also had the function of initiator control centre shown in Figure 3.
Response party control submodule among Fig. 8 is used for, and sends response party control submodule Seize ACK message to lower floor's final election module; The value of needs being carried out two finite fields of scalar multiplication sends to territory conversion submodule; The value of the territory being changed the territory, two Montgomeries that submodule returns sends to territory, Montgomery multiplication submodule; 1 product that returns with territory, Montgomery multiplication submodule is sent to territory, Montgomery multiplication submodule; Except said scalar multiplication function here; This response party control submodule also has the function of other module work schedules of data operation, judgement and control that the response party center is had among Fig. 2, for example: rB and G are sent to point doubling control submodule as one group of point doubling data; According to x10=2
w+ [x1& (2
w-1)] and x20=2
w+ [x2& (2
w-1)] calculates x10 and x20 respectively; Calculate tB according to tB=(dB+x20rB) modn; Judge whether RA is the point on the elliptic curve; X10 and RA are sent to point doubling control submodule as one group of point doubling data; PA and [x10] RA sent to as one group of point add operation data a little add the control submodule; HtB and (PA+ [x10] RA) are sent to point doubling control submodule as one group of point doubling data; Judge whether V is infinite point; The Bit String Z ' that xV, yV, ZA and ZB are spliced into sends to the key derivation module; The Bit String KB that the key derivation module is returned exports as the response party session key; RB is sent to the initiator control submodule; When judging RA not for one of the point on the elliptic curve, situation that V is infinite point, failure is consulted in output; Like this, response party control submodule has constituted response party control centre shown in Figure 3 through lower floor's final election module with territory conversion submodule, territory, Montgomery multiplication submodule jointly, has also had the function of response party control centre shown in Figure 3.
Point doubling control submodule among Fig. 8 is used for, and sends point doubling control submodule Seize ACK message to lower floor's final election module; One group of point doubling data that reception is made up of numerical value f and some C, (xc yc) converts the coordinate (xc2, yc2,1) of C under projective coordinate system into, and xc2, yc2,1 are sent to territory conversion submodule with the coordinate of C under affine coordinate system; Will (zc3) sending to the projection mooring points adds submodule for xc3, yc3, and with its as [f] C the coordinate in territory, Montgomery (xc1, yc1, initial value zc1), [f] C wherein are the result who C is carried out the f point doubling; Confirm the binary bits length L of f; With the initial value of the inferior higher bit position in the binary form of f as its current bit; Inferior higher bit position from the binary form of f begins; Bit of each reduction till its lowest bit position, carries out (L-1) inferior interative computation as current bit; (zc1 in zc1) sends to territory, Montgomery multiplication submodule for xc1, yc1 with the coordinate as a result of (L-1) inferior interative computation; Zc1 is sent to the finite field submodule of inverting in the value of finite field; With zc1
-1Value in finite field sends to territory conversion submodule; With the coordinate as a result of (L-1) inferior interative computation (xc1, yc1, xc1, yc1 and zc1 in zc1)
-1Value in the territory, Montgomery sends to territory, Montgomery multiplication submodule; 1 xc1 that returns with territory, Montgomery multiplication submodule is sent to territory, Montgomery multiplication submodule in the value of affine coordinate system; 1 yc1 that returns with territory, Montgomery multiplication submodule is sent to territory, Montgomery multiplication submodule in the value of affine coordinate system; With xc1, the two coordinate of forming in the value of finite field of yc1 (xc1, yc1) the operation result output of conduct [f] C; An interative computation wherein comprises: with coordinate (xc1; Yc1; Zc1) currency sends to projective system two point doubling submodules, be under the situation of binary one at the current bit of f, the output coordinate that projective system two point doubling submodules are returned sends to the projection mooring points and adds submodule;
Projective system two point doubling submodules are used for, and input coordinate is carried out two point doublings, and operation result is back to point doubling control submodule as output coordinate;
This shows; The point doubling control submodule here is through lower floor's final election module; Add submodule, the finite field submodule of inverting with territory conversion submodule, territory, Montgomery multiplication submodule, projective system two point doubling submodules, projection mooring points and constituted the structure of point doubling module shown in Figure 4 jointly, also just had the function of point doubling module shown in Figure 4.
Point among Fig. 8 adds the control submodule and is used for, and sends point to lower floor's final election module and adds control submodule Seize ACK message; With coordinate under affine coordinate system of the some PP1 that will carry out point add operation that receives and PP2 (x11 '; Y11 ') and (x12 ', y12 ') convert into respectively coordinate under each comfortable projective coordinate system (x11 ', y11 '; 1) and (x12 '; Y12 ', 1), and with x11 ', y11 ', 1 and x12 ', y12 ', 1 send to territory conversion submodule; The coordinate that the coordinate that x111 ', y111 ', z111 ' are formed (x111 ', y111 ', z111 ') and x121 ', y121 ', z121 ' form (x121 ', y121 ', z121 ') sends to the projection mooring points and adds submodule; The z131 ' that the projection mooring points is added in the coordinate that submodule returns (x131 ', y131 ', z131 ') sends to territory, Montgomery multiplication submodule; The z131 ' that territory, Montgomery multiplication submodule is returned sends to the finite field submodule of inverting in the value of finite field; With z131 '
-1Value in finite field sends to territory conversion submodule; With x131 ', y131 ' and the z131 ' in the coordinate (x131 ', y131 ', z131 ')
-1Value in the territory, Montgomery sends to territory, Montgomery multiplication submodule; With 1 and x131 ' send to territory, Montgomery multiplication submodule in the value of affine coordinate system; With 1 and y131 ' send to territory, Montgomery multiplication submodule in the value of affine coordinate system; The x131 ' that territory, Montgomery multiplication submodule is returned, the two coordinate of forming in the value of finite field of y131 ' (x131 ', y131 ') export as PP1 and PP2 carry out point add operation under affine coordinate system result; This shows; Point among Fig. 8 adds the data forwarding of control submodule through lower floor's final election module; Add submodule, the finite field submodule of inverting with territory conversion submodule, territory, Montgomery multiplication submodule, projection mooring points and constituted the structure that point shown in Figure 5 adds module jointly, also just had the function that point shown in Figure 5 adds module.
Lower floor's final election module is used for; Control the submodule Seize ACK message according to the initiator; The mode of operation that submodule, territory, Montgomery multiplication submodule are changed in the territory is changed to the initiator and controls submodule and take pattern, and transmits the initiator and control submodule and change the communication data between submodule, territory, the Montgomery multiplication submodule with the territory; According to response party control submodule Seize ACK message; The mode of operation that submodule, territory, Montgomery multiplication submodule are changed in the territory is changed to response party control submodule and takies pattern, and control submodule in transmitted response side's is changed the communication data between submodule, territory, the Montgomery multiplication submodule with the territory; According to point doubling control submodule Seize ACK message; Submodule, territory, Montgomery multiplication submodule, projection mooring points are changed in the territory add the invert mode of operation of submodule of submodule, finite field and be changed to point doubling control submodule and take pattern, and transmit point doubling control submodule and territory and change submodule, territory, Montgomery multiplication submodule, projection mooring points and add submodule, the finite field communication data between the submodule of inverting; Add control submodule Seize ACK message according to point; Submodule, territory, Montgomery multiplication submodule, projection mooring points are changed in the territory add the invert mode of operation of submodule of submodule, finite field and be changed to and a little add the control submodule and take pattern, and transmit point and add control submodule and territory and change submodule, territory, Montgomery multiplication submodule, projection mooring points and add submodule, the finite field communication data between the submodule of inverting;
This shows; This embodiment is through further being provided with lower floor's final election module on the basis of Fig. 7; Being used for that the initiator is controlled submodule, response party control submodule, point doubling control submodule, point adds control submodule and territory and changes submodule, territory, Montgomery multiplication submodule, projection mooring points and add the communication data that submodule, finite field invert between the submodule and transmit; And control domain conversion submodule, territory, Montgomery multiplication submodule, projection mooring points add the invert mode of operation of submodule of submodule, finite field; Thereby realized territory conversion submodule, territory, Montgomery multiplication submodule, projection mooring points are added submodule, finite field the multiplexing of submodule of inverting; On the basis of Fig. 7 embodiment, further practice thrift hardware resource, reduced chip area.
Territory among Fig. 8 conversion submodule is used for, and controls submodule the initiator and takies under the pattern, and the value that the value that the initiator is controlled two finite fields that submodule sends converts each territory, comfortable Montgomery respectively into is returned the initiator and controlled submodule; Take under the pattern at response party control submodule, the value that response party is controlled two finite fields that submodule sends converts the value in each territory, comfortable Montgomery respectively into and returns response party control submodule; Take under the pattern at point doubling control submodule, convert value xc2, the yc2,1 of finite field value xc3, yc3, the zc3 of each territory, comfortable Montgomery into respectively, and it is returned point doubling control submodule; With zc1
-1Value in finite field converts its value in the territory, Montgomery into, and it is returned point doubling control submodule; Adding the control submodule at point takies under the pattern; Respectively with x11 ', y11 ', 1 and x12 ', y12 ', 1 value in finite field convert value x111 ', y111 ', z111 ' and x121 ', y121 ', the z121 ' in each territory, comfortable Montgomery into, and its reentry point is added the control submodule; With z131 '
-1Value in finite field converts z131 ' into
-1Value in the territory, Montgomery, and its reentry point added the control submodule;
Territory, Montgomery multiplication submodule among Fig. 8 is used for; Controlling submodule the initiator takies under the pattern; The initiator is controlled the value in the territory, two Montgomeries of submodule transmission and carry out the multiplying of territory, Montgomery, the product that obtains is returned the initiator control submodule; Control the product that submodule sends to 1 with the initiator and carry out the multiplying of territory, Montgomery, operation result is returned the initiator control submodule; Take under the pattern at response party control submodule, response party is controlled the value in the territory, two Montgomeries of submodule transmission and carried out the multiplying of territory, Montgomery, the product that obtains is returned response party control submodule; The 1 said product that sends with response party control submodule is carried out the multiplying of territory, Montgomery, operation result is returned response party control submodule; Take under the pattern at point doubling control submodule, zc1 is carried out the multiplying of territory, Montgomery in the value and 1 in territory, Montgomery, the zc1 that obtains is sent to point doubling control submodule in the value of finite field; To xc1 and zc1
-1Value in the territory, Montgomery is carried out the multiplying of territory, Montgomery, with yc1 and zc1
-1Value in the territory, Montgomery is carried out the multiplying of territory, Montgomery, and the two returns point doubling control submodule in the value of affine coordinate system with the xc1 that obtains respectively, yc1; Carry out Montgomery territory multiplying with xc1 in the value of affine coordinate system to 1, yc1 is carried out the multiplying of territory, Montgomery in the value and 1 of affine coordinate system, the xc1 that obtains, the two value in finite field of yc1 are turned back to point doubling control submodule; Add the control submodule at point and take under the pattern, the z131 ' and 1 of input is carried out the multiplying of territory, Montgomery, the z131 ' that obtains is sent in the value of finite field a little add the control submodule; To x131 ' and z11 '
-1Value in the territory, Montgomery is carried out the multiplying of territory, Montgomery, with y131 ' and z11 '
-1Value in the territory, Montgomery is carried out the multiplying of territory, Montgomery, and the x131 ' that obtains respectively, the two value reentry point at affine coordinate system of y131 ' are added the control submodule; X131 ' is carried out the multiplying of territory, Montgomery in the value and 1 of affine coordinate system; Y131 ' is carried out the multiplying of territory, Montgomery in the value and 1 of affine coordinate system, the x131 ' that obtains respectively, the two value reentry point in finite field of y131 ' are added the control submodule;
Projection mooring points among Fig. 8 adds submodule and is used for, take under the pattern at point doubling control submodule, with input coordinate with (xc3, yc3 zc3) carry out point add operation, and operation result is sent to point doubling control submodule; Add the control submodule at point and take under the pattern, the coordinate (x111 ', y111 ', z111 ') of input and (x121 ', y121 ', z121 ') are carried out point add operation, the coordinate that obtains (x131 ', y131 ', z131 ') reentry point is added the control submodule;
Finite field among Fig. 8 submodule of inverting is used for, and takies under the pattern at point doubling control submodule, zc1 is carried out inversion operation in the value of finite field, with the zc1 that obtains
-1Value in finite field sends to point doubling control submodule; Add the control submodule at point and take under the pattern, the z131 ' that imports is carried out inversion operation in the value of finite field, the z131 ' that obtains
-1Send in the value of finite field and a little to add the control submodule.
This shows; Territory among Fig. 8 conversion submodule, territory, Montgomery multiplication submodule, projection mooring points add submodule, the finite field submodule of inverting can work under the set mode of operation of lower floor's final election module, thereby accomplishes scalar multiplication, point add operation and point doubling.
In addition, can further include w generation module 814 in the system embodiment shown in Figure 8, be used to generate w and control submodule 801 and response party control submodule 802 to offer the initiator.
This shows that the present invention has the following advantages:
(1) among the present invention; Because initiator control centre and response party control centre can arrange corresponding random number generation module, point doubling module, point to add the work schedule of module, key derivation module respectively; Make initiator's random number generation module and response party random number generation module generate at random separately 1 and (n-1) between random number rA and rB; Make initiator's point doubling module and response party point doubling module carry out the point doubling between scalar numeric value and the point respectively, the initiator put add module and the response party point adds the point add operation that module is carried out two points respectively, make initiator's key derivation module and response party key derivation module respectively the bit string carry out the key derivation computing; Simultaneously; Hold consultation the respectively judgement of success or not of initiator control centre and response party control centre, thus realize the key agreement between initiator and the response party, consult when successful both sides; Initiator and response party obtain same session key through initiator's key derivation module and response party key derivation module arithmetic respectively; Thereby the encryption and decryption that communicate, when failing to consultations merit, the information of failure is consulted in output.Therefore; The present invention can utilize initiator control centre, initiator's random number generation module, initiator's point doubling module, initiator's point to add initiator's subsystem of module, initiator's key derivation module composition and the response party subsystem that response party control centre, response party random number generation module, response party point doubling module, response party point add module, response party key derivation module composition, realizes the IKE in the SM2 ellipse curve public key cipher algorithm with hardware.
(2) because the present invention can utilize hardware to realize the IKE in the SM2 ellipse curve public key cipher algorithm, realize that with respect to the software of this IKE arithmetic speed of the present invention is faster, fail safe is also higher.
(3) among the present invention; Initiator control centre and response party control centre are transformed into two data of scalar multiplication in the territory, Montgomery by finite field and carry out; Can reduce the computing difficulty greatly, improve operation efficiency, help further improving the arithmetic speed of IKE.
(4) point doubling module provided by the invention and point add module; Earlier data are transformed into projective coordinate system by affine coordinate system; Again it is transformed into the territory, Montgomery from finite field, so just can carries out corresponding calculated, after the completion data are transformed into affine coordinate system from projective coordinate system in the territory, Montgomery; Be transformed into finite field from the territory, Montgomery again; The result of point doubling output the most at last, with respect to directly calculating at affine coordinate system, the efficient that the present invention carries out point doubling and point add operation improves a lot.
(5) the present invention carries out multiplexingly to corresponding module and submodule in initiator's subsystem and the response party subsystem, has practiced thrift hardware resource greatly, has improved the integrated level of system, has reduced area of chip.
The above is merely preferred embodiment of the present invention, and is in order to restriction the present invention, not all within spirit of the present invention and principle, any modification of being done, is equal to replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (8)
1. p unit territory SM2 elliptic curve key negotiating system, said elliptic curve has basic G and cofactor h, and the rank of G are n; Initiator's Hash Value and response party Hash Value are respectively ZA and ZB; Initiator's PKI and initiator's private key are respectively PA and dA, and response party PKI and response party private key are respectively PB and dB; The length of the session key of initiator and response party agreement is klen; It is characterized in that this system comprises: initiator's subsystem and response party subsystem; Said initiator's subsystem comprises: initiator control centre, initiator's random number generation module, initiator's point doubling module, initiator's point add module, initiator's key derivation module; Said response party subsystem comprises: response party control centre, response party random number generation module, response party point doubling module, response party point add module, response party key derivation module; Wherein,
Said initiator control centre is used for, and rA and G are sent to said initiator's point doubling module as one group of point doubling data; RA is sent to said response party control centre; According to x10=2
w+ [x1& (2
w-1)] and x20=2
w+ [x2& (2
w-1)] calculates x10 and x20 respectively; Calculate the scalar product x10rA of x10 and rA, calculate tA according to tA=(dA+x10rA) modn; Judge whether RB is the point on the said elliptic curve; X20 and RB are sent to said initiator's point doubling module as one group of point doubling data; Calculate the scalar product htA of h and tA; PB and [x20] RB are sent to said initiator's point as one group of point add operation data add module; HtA and (PB+ [x20] RB) are sent to said initiator's point doubling module as one group of point doubling data; Judge whether U is infinite point; The Bit String Z that xU, yU, ZA and ZB are spliced into sends to said initiator's key derivation module; The Bit String KA that initiator's key derivation module is returned exports as initiator's session key; When judging RB not for one of the point on the said elliptic curve, situation that U is infinite point, failure is consulted in output;
Said initiator's random number generation module is used for, with generate 1 and (n-1) between random number rA send to said initiator control centre;
Said initiator's point doubling module is used for, and G is carried out the rA point doubling, obtains coordinate and is (x1, some RA y1), and RA sent to said initiator control centre; RB is carried out the x20 point doubling, [x20] RB that obtains is sent to said initiator control centre; (PB+ [x20] RB) carried out the htA point doubling, the some U that obtains sent to said initiator control centre, the coordinate of said some U be (xU, yU);
Said initiator point adds module and is used for, and PB and [x20] RB are carried out point add operation, and (PB+ [x20] RB) that generate sent to said initiator control centre;
Said initiator's key derivation module is used for, and bit string Z carries out the key derivation computing, is that the Bit String KA of klen sends to said initiator control centre with the length that obtains;
Said response party control centre is used for, and rB and G are sent to said response party point doubling module as one group of point doubling data; According to x10=2
w+ [x1& (2
w-1)] and x20=2
w+ [x2& (2
w-1)] calculates x10 and x20 respectively; Calculate the scalar product x20rB of x20 and rB, calculate tB according to tB=(dB+x20rB) modn; Judge whether RA is the point on the said elliptic curve; X10 and RA are sent to said response party point doubling module as one group of point doubling data; Calculate the scalar product htB of h and tB; PA and [x10] RA are sent to said response party point as one group of point add operation data add module; HtB and (PA+ [x10] RA) are sent to said response party point doubling module as one group of point doubling data; Judge whether V is infinite point; The Bit String Z ' that xV, yV, ZA and ZB are spliced into sends to said response party key derivation module; The Bit String KB that response party key derivation module is returned exports as the response party session key; RB is sent to said initiator control centre; When judging RA not for one of the point on the said elliptic curve, situation that V is infinite point, failure is consulted in output;
Said response party random number generation module is used for, with generate 1 and (n-1) between random number rB send to said response party control centre;
Said response party point doubling module is used for, and G is carried out the rB point doubling, obtains coordinate and is (x2, some RB y2), and RB sent to said response party control centre; RA is carried out the x10 point doubling, [x10] RA that obtains is sent to said response party control centre; (PA+ [x10] RA) carried out the htB point doubling, the some V that obtains sent to said response party control centre, the coordinate of said some V be (xV, yV);
Said response party point adds module and is used for, and PA and [x10] RA are carried out point add operation, and (PA+ [x10] RA) that generate sent to said response party control centre;
Said response party key derivation module is used for, and bit string Z ' carries out the key derivation computing, is that the Bit String KB of klen sends to said response party control centre with the length that obtains;
Wherein, w is a parameter, and & is for pressing bit logic and operation symbol, and mod is a modulo operator.
2. system according to claim 1; It is characterized in that; This system further comprises the w generation module; Be used for calculating parameter w according to
, and it is sent to said initiator control centre and said response party control centre respectively.
3. system according to claim 1 is characterized in that, said initiator control centre and response party control centre include: control submodule, territory conversion submodule, territory, Montgomery multiplication submodule; Wherein,
Said control submodule is used for, and m and the two value in finite field of j of needs being carried out the scalar multiplication send to said territory conversion submodule; The value in m and each territory, comfortable Montgomery of j is sent to territory, said Montgomery multiplication submodule; 1 mj that returns with territory, said Montgomery multiplication submodule is sent to territory, said Montgomery multiplication submodule;
Said territory conversion submodule is used for, and the value that m and the two value in finite field of j is converted into each territory, comfortable Montgomery is respectively returned said control submodule;
Territory, said Montgomery multiplication submodule is used for, and the value in m and each territory, comfortable Montgomery of j is carried out the multiplying of territory, Montgomery, and the product mj that obtains is returned said control submodule; Mj and 1 is carried out the multiplying of territory, Montgomery, obtain m and j scalar product in the value of finite field; M and j are returned said control submodule at the scalar product of the value of finite field.
4. system according to claim 1; It is characterized in that said initiator's point doubling module and response party point doubling module include: invert submodule, projection mooring points of point doubling control submodule, projective system two point doubling submodules, territory conversion submodule, territory, Montgomery multiplication submodule, finite field adds submodule; Wherein,
Said point doubling control submodule is used for, and receives one group of point doubling data being made up of numerical value f and some C, with the coordinate (xc of C under affine coordinate system; Yc) convert the coordinate (xc2 of C under projective coordinate system into; Yc2,1), and with xc2, yc2,1 sends to said territory conversion submodule; Will (zc3) sending to said projection mooring points adds submodule for xc3, yc3, and with its as [f] C the coordinate in territory, Montgomery (xc1, yc1, initial value zc1), [f] C wherein are the result who C is carried out the f point doubling; Confirm the binary bits length L of f; With the initial value of the inferior higher bit position in the binary form of f as its current bit; Inferior higher bit position from the binary form of said f begins; Bit of each reduction till its lowest bit position, carries out (L-1) inferior interative computation as current bit; (zc1 in zc1) sends to territory, said Montgomery multiplication submodule for xc1, yc1 with the coordinate as a result of said (L-1) inferior interative computation; Zc1 is sent to the said finite field submodule of inverting in the value of finite field; With zc1
-1Value in finite field sends to said territory conversion submodule; With the coordinate as a result of said (L-1) inferior interative computation (xc1, yc1, xc1, yc1 and zc1 in zc1)
-1Value in the territory, Montgomery sends to territory, said Montgomery multiplication submodule; With 1 with xc1 the value of affine coordinate system, 1 and yc1 send to territory, Montgomery multiplication submodule respectively in the value of affine coordinate system; With xc1, the two coordinate of forming in the value of finite field of yc1 (xc1, yc1) the operation result output of conduct [f] C; Once described interative computation wherein comprises: with coordinate (xc1; Yc1; Zc1) currency sends to said projective system two point doubling submodules, be under the situation of binary one at the current bit of f, the output coordinate that said projective system two point doubling submodules are returned sends to said projection mooring points and adds submodule;
Said territory conversion submodule is used for, and converts value xc2, the yc2,1 of finite field value xc3, yc3, the zc3 of each territory, comfortable Montgomery into respectively, and it is returned said point doubling control submodule; With zc1
-1Value in finite field converts its value in the territory, Montgomery into, and it is returned said point doubling control submodule;
Said projective system two point doubling submodules are used for, and input coordinate is carried out two point doublings, and operation result is back to said point doubling control submodule as output coordinate;
Said projection mooring points adds submodule and is used for, with input coordinate with (xc3, yc3 zc3) carry out point add operation, and operation result is sent to said point doubling control submodule;
Territory, said Montgomery multiplication submodule is used for, and zc1 is carried out the multiplying of territory, Montgomery in the value and 1 in territory, Montgomery, and the zc1 that obtains is sent to said point doubling control submodule in the value of finite field; To xc1 and zc1
-1Value, yc1 and zc1 in the territory, Montgomery
-1Value in the territory, Montgomery is carried out the multiplying of territory, Montgomery respectively, and the two returns said point doubling control submodule in the value of affine coordinate system with the xc1 that obtains, yc1; The two carries out the multiplying of territory, Montgomery with 1 respectively in the value of affine coordinate system with said xc1, yc1, and the xc1 that obtains, the two value in finite field of yc1 are turned back to said point doubling control submodule;
The said finite field submodule of inverting is used for, and zc1 is carried out inversion operation in the value of finite field, with the zc1 that obtains
-1Value in finite field sends to said point doubling control submodule.
5. system according to claim 1; It is characterized in that said initiator point adds module and adds module with the response party point and include: point adds control submodule, territory to be changed submodule, projection mooring points and adds submodule, territory, Montgomery multiplication submodule, the finite field submodule of inverting; Wherein,
Said point adds the control submodule and is used for, with coordinate under affine coordinate system of the some PP1 that will carry out point add operation that receives and PP2 (x11 ', y11 ') and (x12 '; Y12 ') convert into respectively coordinate under each comfortable projective coordinate system (x11 '; Y11 ', 1) and (x12 ', y12 '; 1), and with x11 ', y11 ', 1 and x12 ', y12 ', 1 send to said territory conversion submodule; The coordinate that the coordinate that x111 ', y111 ', z111 ' are formed (x111 ', y111 ', z111 ') and x121 ', y121 ', z121 ' form (x121 ', y121 ', z121 ') sends to said projection mooring points and adds submodule; The z131 ' that said projection mooring points is added in the coordinate that submodule returns (x131 ', y131 ', z131 ') sends to territory, said Montgomery multiplication submodule; The z131 ' that territory, said Montgomery multiplication submodule is returned sends to the said finite field submodule of inverting in the value of finite field; Z131 '-1 is sent to said territory conversion submodule in the value of finite field; X131 ', y131 ' and z131 '-1 value in the territory, Montgomery in the coordinate (x131 ', y131 ', z131 ') is sent to territory, said Montgomery multiplication submodule; X131 ' is sent to territory, said Montgomery multiplication submodule at value and 1, the y131 ' of affine coordinate system respectively in the value and 1 of affine coordinate system; The x131 ' that territory, said Montgomery multiplication submodule is returned, the two coordinate of forming in the value of finite field of y131 ' (x131 ', y131 ') export as PP1 and PP2 carry out point add operation under affine coordinate system result;
Said territory conversion submodule is used for; Respectively with x11 ', y11 ', 1 and x12 ', y12 ', 1 value in finite field convert value x111 ', y111 ', z111 ' and x121 ', y121 ', the z121 ' in each territory, comfortable Montgomery into, and it returned said point add the control submodule; With z131 '
-1Value in finite field converts z131 ' into
-1Value in the territory, Montgomery, and it is returned said point add the control submodule;
Said projection mooring points adds submodule and is used for, and the coordinate (x111 ', y111 ', z111 ') of input and (x121 ', y121 ', z121 ') are carried out point add operation, the coordinate that obtains (x131 ', y131 ', z131 ') is returned said point add the control submodule;
Territory, said Montgomery multiplication submodule is used for, and the z131 ' and 1 of input is carried out the multiplying of territory, Montgomery, the z131 ' that obtains is sent to said point in the value of finite field add the control submodule; To x131 ' and z11 '
-1Value, y131 ' and z11 ' in the territory, Montgomery
-1Value in the territory, Montgomery is carried out the multiplying of territory, Montgomery respectively, and the two returns said point in the value of affine coordinate system and adds the control submodule with the x131 ' that obtains, y131 '; The two carries out the multiplying of territory, Montgomery with 1 respectively in the value of affine coordinate system to said x131 ', y131 ', and the two returns said point in the value of finite field and adds the control submodule with the x131 ' that obtains, y131 ';
The said finite field submodule of inverting is used for, and the z131 ' of input is carried out inversion operation in the value of finite field, with the z131 ' that obtains
-1Send to said point in the value of finite field and add the control submodule.
6. system according to claim 1 is characterized in that, said initiator's key derivation module and response party key derivation module include: the length of the Hash Value of key derivation control submodule, output is the cryptographic hash submodule of v bit; Wherein,
Said key derivation control submodule is used for, and receives input bit string ZZ; The initial value that the counting variable ct of 32 bits is set be 16 systems represent 00000001; Confirm smallest positive integral ‖ klen/v ‖ more than or equal to (klen/v); Cyclic variable i is incremented to ‖ klen/v ‖ from 1, increases progressively 1 at every turn, carries out ‖ cryptographic hash computing of ‖ klen/v; At (klen/v) is under the situation of integer, put Ha!
|| klen/v||=Ha
|| klen/v||At (klen/v) is not under the situation of integer, with Ha!
|| klen/v||Be changed to Bit String Ha
|| klen/v||In from the highest-order bit
Bit, wherein
For being less than or equal to the smallest positive integral of (klen/v); With i from 1 be incremented to (|| Ha klen/v||-1)
iAnd Ha!
|| klen/v||Splice in order, the Bit String that with the length that obtains is the klen bit is as result's output of ZZ being carried out the key derivation computing; Wherein, once described cryptographic hash computing comprises: currency and the ZZ of ct are spliced into Bit String ZZ-ct; ZZ-ct is sent to said cryptographic hash submodule; The H that said cryptographic hash submodule is returned
v(ZZ-ct) assignment is given the Ha of v bit
iThe value of ct increases by 00000001 of 16 systems;
Said cryptographic hash submodule is used for, and ZZ-ct carries out the cryptographic hash computing to the input bit string, with the Hash Value H of the v bit of exporting
v(ZZ-ct) return said key derivation control submodule.
7. system according to claim 1 is characterized in that, this system further comprises: upper strata final election module;
Said initiator's random number generation module and said response party random number generation module are same random number generation module; Said initiator's point doubling module and said response party point doubling module are same point doubling module; Said initiator point adds module and said response party point, and to add module be that same point adds module; Said initiator's key derivation module and said response party key derivation module are same key derivation module;
Said initiator control centre is used for, and sends initiator's Seize ACK message to said upper strata final election module;
Said response party control centre is used for, and sends the response party Seize ACK message to said upper strata final election module;
Said upper strata final election module is used for; According to said initiator's Seize ACK message; The mode of operation that said random number generation module, point doubling module, point is added module, key derivation module is changed to initiator's pattern; Make each module have said initiator's random number generation module, said initiator's point doubling module respectively, said initiator point adds the function of module, said initiator's key derivation module, and transmits said initiator control centre and said random number generation module, said point doubling module, said point add the communication data between module, the said key derivation module; According to said response party Seize ACK message the mode of operation that said random number generation module, point doubling module, point add module, key derivation module is changed to the response party pattern; Make each module have said response party random number generation module, said response party point doubling module, said response party point respectively and add the function of module, said response party key derivation module, and transmit said response party control centre and said random number generation module, said point doubling module, said point add the communication data between module, the said key derivation module.
8. system according to claim 7 is characterized in that, this system further comprises lower floor's final election module;
This system comprises: by said initiator control centre, response party control centre, point doubling module, point add module shared territory conversion submodule, territory, Montgomery multiplication submodule; By said point doubling module, point add module shared projection mooring points add submodule, the finite field submodule of inverting;
Said initiator control centre also comprises: the initiator controls submodule; Said response party control centre also comprises: response party control submodule; Said point doubling module also comprises: point doubling control submodule, projective system two point doubling submodules; Said point adds module and also comprises: point adds the control submodule;
Said initiator controls submodule and is used for, and sends the initiator to said lower floor final election module and controls the submodule Seize ACK message; The value of needs being carried out two finite fields of scalar multiplication sends to said territory conversion submodule; The value in the territory, two Montgomeries that said territory conversion submodule is returned sends to territory, said Montgomery multiplication submodule; 1 product that returns with territory, said Montgomery multiplication submodule is sent to territory, said Montgomery multiplication submodule;
Said response party control submodule is used for, and sends response party control submodule Seize ACK message to said lower floor final election module; The value of needs being carried out two finite fields of scalar multiplication sends to said territory conversion submodule; The value in the territory, two Montgomeries that said territory conversion submodule is returned sends to territory, said Montgomery multiplication submodule; 1 product that returns with territory, said Montgomery multiplication submodule is sent to territory, said Montgomery multiplication submodule;
Said point doubling control submodule is used for, and sends point doubling control submodule Seize ACK message to said lower floor final election module; One group of point doubling data that reception is made up of numerical value f and some C, (xc yc) converts the coordinate (xc2, yc2,1) of C under projective coordinate system into, and xc2, yc2,1 are sent to said territory conversion submodule with the coordinate of C under affine coordinate system; Will (zc3) sending to said projection mooring points adds submodule for xc3, yc3, and with its as [f] C the coordinate in territory, Montgomery (xc1, yc1, initial value zc1), [f] C wherein are the result who C is carried out the f point doubling; Confirm the binary bits length L of f; With the initial value of the inferior higher bit position in the binary form of f as its current bit; Inferior higher bit position from the binary form of said f begins; Bit of each reduction till its lowest bit position, carries out (L-1) inferior interative computation as current bit; (zc1 in zc1) sends to territory, said Montgomery multiplication submodule for xc1, yc1 with the coordinate as a result of said (L-1) inferior interative computation; Zc1 is sent to the said finite field submodule of inverting in the value of finite field; With zc1
-1Value in finite field sends to said territory conversion submodule; With the coordinate as a result of said (L-1) inferior interative computation (xc1, yc1, xc1, yc1 and zc1 in zc1)
-1Value in the territory, Montgomery sends to territory, said Montgomery multiplication submodule; With 1 with xc1 the value of affine coordinate system, 1 and yc1 send to territory, said Montgomery multiplication submodule respectively in the value of affine coordinate system; With xc1, the two coordinate of forming in the value of finite field of yc1 (xc1, yc1) the operation result output of conduct [f] C; Once described interative computation wherein comprises: with coordinate (xc1; Yc1; Zc1) currency sends to said projective system two point doubling submodules, be under the situation of binary one at the current bit of f, the output coordinate that said projective system two point doubling submodules are returned sends to said projection mooring points and adds submodule;
Said projective system two point doubling submodules are used for, and input coordinate is carried out two point doublings, and operation result is back to said point doubling control submodule as output coordinate;
Said point adds the control submodule and is used for, and sends point to said lower floor final election module and adds control submodule Seize ACK message; With coordinate under affine coordinate system of the some PP1 that will carry out point add operation that receives and PP2 (x11 '; Y11 ') and (x12 ', y12 ') convert into respectively coordinate under each comfortable projective coordinate system (x11 ', y11 '; 1) and (x12 '; Y12 ', 1), and with x11 ', y11 ', 1 and x12 ', y12 ', 1 send to said territory conversion submodule; The coordinate that the coordinate that x111 ', y111 ', z111 ' are formed (x111 ', y111 ', z111 ') and x121 ', y121 ', z121 ' form (x121 ', y121 ', z121 ') sends to said projection mooring points and adds submodule; The z131 ' that said projection mooring points is added in the coordinate that submodule returns (x131 ', y131 ', z131 ') sends to territory, said Montgomery multiplication submodule; The z131 ' that territory, said Montgomery multiplication submodule is returned sends to the said finite field submodule of inverting in the value of finite field; With z131 '
-1Value in finite field sends to said territory conversion submodule; With x131 ', y131 ' and the z131 ' in the coordinate (x131 ', y131 ', z131 ')
-1Value in the territory, Montgomery sends to territory, said Montgomery multiplication submodule; X131 ' is sent to territory, said Montgomery multiplication submodule at value and 1, the y131 ' of affine coordinate system respectively in the value and 1 of affine coordinate system; The x131 ' that territory, said Montgomery multiplication submodule is returned, the two coordinate of forming in the value of finite field of y131 ' (x131 ', y131 ') export as PP1 and PP2 carry out point add operation under affine coordinate system result;
Said lower floor final election module is used for; Control the submodule Seize ACK message according to said initiator; The mode of operation of said territory conversion submodule, territory, Montgomery multiplication submodule is changed to the initiator controls submodule and take pattern, and transmit said initiator and control submodule and change the communication data between submodule, territory, the Montgomery multiplication submodule with said territory; According to said response party control submodule Seize ACK message; The mode of operation of said territory conversion submodule, territory, Montgomery multiplication submodule is changed to response party control submodule takies pattern, and transmit said response party control submodule and change the communication data between submodule, territory, the Montgomery multiplication submodule with said territory; According to said point doubling control submodule Seize ACK message; Said territory conversion submodule, territory, Montgomery multiplication submodule, projection mooring points are added the invert mode of operation of submodule of submodule, finite field be changed to point doubling control submodule and take pattern, and transmit said point doubling control submodule and said territory and change submodule, territory, Montgomery multiplication submodule, projection mooring points and add submodule, the finite field communication data between the submodule of inverting; Add control submodule Seize ACK message according to said point; Said territory conversion submodule, territory, Montgomery multiplication submodule, projection mooring points are added the invert mode of operation of submodule of submodule, finite field be changed to and a little add the control submodule and take pattern, and transmit said point and add control submodule and said territory and change submodule, territory, Montgomery multiplication submodule, projection mooring points and add submodule, the finite field communication data between the submodule of inverting;
Said territory conversion submodule is used for, and controls submodule said initiator and takies under the pattern, and the value that the value that said initiator is controlled said two finite fields that submodule sends converts each territory, comfortable Montgomery respectively into is returned said initiator and controlled submodule; Take under the pattern at said response party control submodule, the value of said two finite fields that said response party control submodule is sent converts the value in each territory, comfortable Montgomery respectively into and returns said response party control submodule; Take under the pattern at said point doubling control submodule, convert value xc2, the yc2,1 of finite field value xc3, yc3, the zc3 of each territory, comfortable Montgomery into respectively, and it is returned said point doubling control submodule; With zc1
-1Value in finite field converts its value in the territory, Montgomery into, and it is returned said point doubling control submodule; Adding the control submodule at said point takies under the pattern; Respectively with x11 ', y11 ', 1 and x12 ', y12 ', 1 value in finite field convert value x111 ', y111 ', z111 ' and x121 ', y121 ', the z121 ' in each territory, comfortable Montgomery into, and it returned said point add the control submodule; With z131 '
-1Value in finite field converts z131 ' into
-1Value in the territory, Montgomery, and it is returned said point add the control submodule;
Territory, said Montgomery multiplication submodule is used for; Controlling submodule said initiator takies under the pattern; Said initiator is controlled the value in the territory, two Montgomeries of submodule transmission and carry out the multiplying of territory, Montgomery, the product that obtains is returned said initiator control submodule; Control the said product that submodule sends to 1 with the initiator and carry out the multiplying of territory, Montgomery, operation result is returned said initiator control submodule; Take under the pattern at said response party control submodule, said response party is controlled the value in the territory, two Montgomeries of submodule transmission and carried out the multiplying of territory, Montgomery, the product that obtains is returned said response party control submodule; The 1 said product that sends with response party control submodule is carried out the multiplying of territory, Montgomery, operation result is returned said response party control submodule; Take under the pattern at said point doubling control submodule, zc1 is carried out the multiplying of territory, Montgomery in the value and 1 in territory, Montgomery, the zc1 that obtains is sent to said point doubling control submodule in the value of finite field; To xc1 and zc1
-1Value, yc1 and zc1 in the territory, Montgomery
-1Value in the territory, Montgomery is carried out the multiplying of territory, Montgomery respectively, and the two returns said point doubling control submodule in the value of affine coordinate system with the xc1 that obtains, yc1; The two carries out the multiplying of territory, Montgomery with 1 respectively in the value of affine coordinate system with said xc1, yc1, and the xc1 that obtains, the two value in finite field of yc1 are turned back to said point doubling control submodule; Add the control submodule at said point and take under the pattern, the z131 ' and 1 of input is carried out the multiplying of territory, Montgomery, the z131 ' that obtains is sent to said point in the value of finite field add the control submodule; To x131 ' and z11 '
-1Value, y131 ' and z11 ' in the territory, Montgomery
-1Value in the territory, Montgomery is carried out the multiplying of territory, Montgomery respectively, and the two returns said point in the value of affine coordinate system and adds the control submodule with the x131 ' that obtains, y131 '; The two carries out the multiplying of territory, Montgomery with 1 respectively in the value of affine coordinate system to said x131 ', y131 ', and the two returns said point in the value of finite field and adds the control submodule with the x131 ' that obtains, y131 ';
Said projection mooring points adds submodule and is used for, take under the pattern at said point doubling control submodule, with input coordinate with (xc3, yc3 zc3) carry out point add operation, and operation result is sent to said point doubling control submodule; Said point add control submodule take under the pattern, to the input coordinate (x111 ', y111 '; Z111 ') and (x121 ', y121 ', z121 ') carry out point add operation; The coordinate that obtains (x131 ', y131 ', z131 ') is returned said point add the control submodule;
The said finite field submodule of inverting is used for, and takies under the pattern at said point doubling control submodule, zc1 is carried out inversion operation in the value of finite field, with the zc1 that obtains
-1Value in finite field sends to said point doubling control submodule; Add the control submodule at said point and take under the pattern, the z131 ' that imports is carried out inversion operation in the value of finite field, the z131 ' that obtains
-1Send to said point in the value of finite field and add the control submodule.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110107526.6A CN102761411B (en) | 2011-04-27 | 2011-04-27 | P element field SM2 elliptic curve key agreement system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110107526.6A CN102761411B (en) | 2011-04-27 | 2011-04-27 | P element field SM2 elliptic curve key agreement system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102761411A true CN102761411A (en) | 2012-10-31 |
| CN102761411B CN102761411B (en) | 2015-06-10 |
Family
ID=47055738
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201110107526.6A Active CN102761411B (en) | 2011-04-27 | 2011-04-27 | P element field SM2 elliptic curve key agreement system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102761411B (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104601322A (en) * | 2013-10-31 | 2015-05-06 | 上海华虹集成电路有限责任公司 | Montgomery step algorithm for ternary extension field in cryptographic chip |
| CN105337734A (en) * | 2014-08-05 | 2016-02-17 | 英赛瑟库尔公司 | Elliptic curve encryption method comprising error detection |
| CN108270563A (en) * | 2016-12-30 | 2018-07-10 | 航天信息股份有限公司 | A kind of method for interchanging data and system based on SM2 Encryption Algorithm |
| CN113114462A (en) * | 2021-03-31 | 2021-07-13 | 南京航空航天大学 | Small-area scalar multiplication circuit applied to ECC (error correction code) safety hardware circuit |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101296072A (en) * | 2007-04-29 | 2008-10-29 | 四川虹微技术有限公司 | Sharing cryptographic key generation method of elliptic curve |
| CN101610153A (en) * | 2008-06-20 | 2009-12-23 | 航天信息股份有限公司 | Electronic signature authentication method based on ellipse curve signature algorithm |
-
2011
- 2011-04-27 CN CN201110107526.6A patent/CN102761411B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101296072A (en) * | 2007-04-29 | 2008-10-29 | 四川虹微技术有限公司 | Sharing cryptographic key generation method of elliptic curve |
| CN101610153A (en) * | 2008-06-20 | 2009-12-23 | 航天信息股份有限公司 | Electronic signature authentication method based on ellipse curve signature algorithm |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104601322A (en) * | 2013-10-31 | 2015-05-06 | 上海华虹集成电路有限责任公司 | Montgomery step algorithm for ternary extension field in cryptographic chip |
| CN105337734A (en) * | 2014-08-05 | 2016-02-17 | 英赛瑟库尔公司 | Elliptic curve encryption method comprising error detection |
| CN108270563A (en) * | 2016-12-30 | 2018-07-10 | 航天信息股份有限公司 | A kind of method for interchanging data and system based on SM2 Encryption Algorithm |
| CN113114462A (en) * | 2021-03-31 | 2021-07-13 | 南京航空航天大学 | Small-area scalar multiplication circuit applied to ECC (error correction code) safety hardware circuit |
| CN113114462B (en) * | 2021-03-31 | 2022-10-04 | 南京航空航天大学 | Small-area scalar multiplication circuit applied to ECC (error correction code) safety hardware circuit |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102761411B (en) | 2015-06-10 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102761413B (en) | Implementation system of p-element domain SM2 elliptic curve public key cryptographic algorithm | |
| CN102761415B (en) | System for generating, verifying and mixing digital signatures of p-element domain SM2 elliptic curves | |
| Huang et al. | Fast authenticated key establishment protocols for self-organizing sensor networks | |
| Lim et al. | A key recovery attack on discrete log-based schemes using a prime order subgroup | |
| He et al. | A pairing‐free certificateless authenticated key agreement protocol | |
| CN102318260B (en) | The acceleration of key agreement protocol | |
| US6490352B1 (en) | Cryptographic elliptic curve apparatus and method | |
| EP0482233B1 (en) | Cryptographic system allowing encrypted communication between users with a secure mutual cipher key determined without user interaction | |
| CN101079701B (en) | Highly secure ellipse curve encryption and decryption method and device | |
| US20120221858A1 (en) | Accelerated Key Agreement With Assisted Computations | |
| WO2009026771A1 (en) | The method for negotiating the key, encrypting and decrypting the information, signing and authenticating the information | |
| CN102761412A (en) | P-element domain SM2 elliptic curve public key encryption, decryption and encryption-decryption hybrid system | |
| CN102035647A (en) | Asymmetric key agreement method for enhancing protection | |
| Jeng et al. | An ECC-based blind signature scheme | |
| WO2012156254A1 (en) | A method for performing a group digital signature | |
| CN102761411B (en) | P element field SM2 elliptic curve key agreement system | |
| CN102035646A (en) | Mixed key agreement method for enhancing protection | |
| US7248692B2 (en) | Method of and apparatus for determining a key pair and for generating RSA keys | |
| Wahid et al. | Implementation of certificateless signcryption based on elliptic curve using Javascript | |
| EP2493112A1 (en) | Accelerated key agreement with assisted computations | |
| Chauhan | An implemented of hybrid cryptography using elliptic curve cryptosystem (ECC) and MD5 | |
| Manajaih | Modular arithmetic in RSA cryptography | |
| CN100411334C (en) | Method for encrypting and decrypting data | |
| Vasundhara | Elliptic curve cryptography and Diffie-hellman key exchange | |
| Zheng et al. | Security and performance of group key agreement protocols |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |