CN104104504B - RSA decoding method and device - Google Patents

RSA decoding method and device Download PDF

Info

Publication number
CN104104504B
CN104104504B CN201410350403.9A CN201410350403A CN104104504B CN 104104504 B CN104104504 B CN 104104504B CN 201410350403 A CN201410350403 A CN 201410350403A CN 104104504 B CN104104504 B CN 104104504B
Authority
CN
China
Prior art keywords
mould
remainder
rsa
scrambling
business
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201410350403.9A
Other languages
Chinese (zh)
Other versions
CN104104504A (en
Inventor
周兴建
王俊
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Datang Microelectronics Technology Co Ltd
Original Assignee
Datang Microelectronics Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Datang Microelectronics Technology Co Ltd filed Critical Datang Microelectronics Technology Co Ltd
Priority to CN201410350403.9A priority Critical patent/CN104104504B/en
Publication of CN104104504A publication Critical patent/CN104104504A/en
Application granted granted Critical
Publication of CN104104504B publication Critical patent/CN104104504B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Storage Device Security (AREA)

Abstract

The invention provides an RSA decoding method and device. The method includes the steps of obtaining a module width of a module set for an RSA private key object after the module is scrambled in the parameter initializing process of an RSA, obtaining a remainder and a quotient after the module set for the RSA private key object is divided by the square of a power with 2 as a base number and the module width as an exponent; storing the remainder and the quotient; obtaining the square of a Montgomery constant obtained after the module is scrambled by means of the remainder and the quotient in the process that RSA operations are carried out on a decoded object, and carrying out decoding processing by means of the square of the obtained Montgomery constant. By means of the RSA decoding method and device, the efficiency of RSA operations carried out through the RSA private key can be improved.

Description

A kind of method and device of RSA decryption
Technical field
The present invention relates to the communications field, more particularly to a kind of method and device of RSA decryption.
Background technology
RSA is RSA Algorithm.RSA public key encryption algorithms be 1977 by Peter Lonard Lee Vista (Ron Rivest), Ah What enlightening Shamir (Adi Shamir) and Leonard A Deman (Leonard Adleman) were proposed together.At that time they three People works in the Massachusetts Institute of Technology.RSA is exactly that their three people's surnames start the alphabetical composition that is stitched together.
RSA Algorithm is a kind of asymmetric cryptographic algorithm, so-called asymmetric, just refers to that the algorithm needs a pair of secret keys, is used One of encryption, then need to be decrypted with another.
The algorithm of RSA is related to three parameters, N, e, d.
Wherein, N is the product of two big prime number p, q, and the digit shared by the binary representation of N is exactly that so-called key is long Degree.Key length is 32 multiple, and existing frequently-used is 1024,1480,2048 etc., and highest bit for typically requiring N is 1, now The corresponding RSA of custom is called 1024 RSA, the RSA of 1480,2048 RSA etc..
E is a pair related values to d, and e can arbitrarily take, but requires that e is relatively prime with (p-1) * (q-1);Reselection d, it is desirable to (e*d) mod ((p-1) * (q-1))=1.
(N, e), (N d) is exactly key pair.Wherein (N, e) is public key, and (N d) is private key.The value of e does not typically surpass 4 Byte, Jing it is conventional for 3 (i.e. 0x00000003), 17 (i.e. 0x00000011), 257 (i.e. 0x00000101), 65537 (i.e. 0x00010001)。
The algorithm of RSA encryption and decryption is identical, if m is in plain text, c is ciphertext, then:M=cdmodN;C=meModN (public keys In encryption system, typically with public key encryption, private key decryption).
E and d can be with used interchangeably, i.e.,:
C=mdmodN;M=cemod N。
Montgomery (Montgomery) theorem:N and R are integers, meet gcd (N, R)=1, the i.e. highest common divisor of N, R Number is 1, and N, R are relatively prime.Make N'=-N-1ModR, T are the positive integers of satisfaction 0≤T < NR, if U=TN'modR, (T+UN)/R is Integer, and (T+UN)/R ≡ TR-1(modN)。
According to Montgomery theorem, b=232If all integers are all expressed as b systems, and R=bn, then gcd is met (N, R)=1.If T=A*B, then TR-1(modN) just can according to theorem calculate (T+UN)/R, and in formula divided by R, can Directly to utilize shift operation, low level can directly be taken to R deliverys, it is to avoid division arithmetic, improve speed.Generally i.e. Above-mentioned modular multiplication is montgomery modulo multiplication, and symbol is MM (A, B, N)=A*B*R-1modN.According to theorem 0≤(T+UN)/R < 2R.
RSA Algorithm is exactly to calculate mdModN, its step is generally:
Step 101, calculating Montgomery constant square C=R2ModN, wherein R=2k, k=(log2N)+1, i.e. k are moulds The digit of number N, generally 32 multiple.
Step 102, Montgomery modular multiplication operators are called, multiplier is transformed into into Montgomery domains, i.e. m from common domain1 =MM (m, C, N)=(m*R) modN,
Step 103, by Montgomery modular multiplications operator calculate MM (m1,m1, N) and=(m2* R) modN, continuously calls Montgomery modular multiplication operators are obtained intermediate result t=(md*R)modN。
Step 104, constant 1 is taken, call Montgomery modular multiplication operator S=MM (t, 1, N)=mdModN, if S >=N, S= S-N, returns S.
In the application of RSA, private key is need to be to be protected, and the attack method of RSA has SPA (Simple power Analysis, simple energy analysis), DPA (Differential Power Analysis, differential power analysis), FA (Fault Attack, fault analysis) etc..In order to prevent DPA, in addition to needing to scramble index, in addition it is also necessary to which mould N is scrambled. The mode of scrambling is the random odd number r that a 32bits is multiplied by N, and now modulus is changed into rN.When N is not scrambled, public key is such as used When computing, can in precomputation directly calculate Montgomery constant square C=R2ModN is preserved, then straight when calling every time Connect and use C.After N is scrambled, this stylish C is accomplished by recalculating, and r when calling every time is randomly generated, thus C is to become Change, existing calculating is that, using big number division calculation C, efficiency is very low.
Another kind of private key form of RSA is RSA_CRT (Chinese remainder theorem), its private key object for (p, q, dp, dq, Qinv), wherein, dp=dmod (p-1), dq=dmod (q-1), qinv=q-1Modp, which halves modulus width, such as The RSA of 1024bits, its corresponding p, q are respectively 512bits width.Respectively with (p, dp), (q, dq) is carried out commonly RSA_CRT RSA calculate, computing is then combined again.Mould scrambling is that N is scrambled for common RSA, for RSA_CRT Mould scrambling is that the carrying out to p, q scrambles.
RSA JavaCard application flows following (only considering the situation of private key):
RSA parameter initializations:
1st, a RSA cipher (ciphertext) or signature (signature) object are created;
2nd, creating RSAPrivateKey objects according to the width of mould N (if CRT patterns, is then RSAPrivateCrtKey objects);
3rd, to RSAPrivateKey (if CRT patterns, then be RSAPrivateCrtKey) object arrange mould N (if Then it is p, q) for CRT patterns;
4th, private key d (if CRT patterns, then be dp, dq) is arranged to RSAPrivateKey objects;
5th, cipher objects utilize RSAPrivateKey (if CRT patterns, then be RSAPrivateCrtKey) object Initialized.
RSA operation:
1st, ciphertext or signed data are obtained;
2nd, call encrypted object to be decrypted ciphertext or signed data is carried out to call encryption after hash (Hash) is processed Object is decrypted;
3rd, encrypted object calls native (local) interface to carry out RSA operation;
4th, returning result.
The method of existing calculating Montgomery constant square is to count division greatly, has the disadvantage that efficiency is low, and to hardware Dependence is very strong.In cpu frequency 3.8M, figure calculate on the card of sub- 30M (that mainly calls hardware figures greatly son) one greatly The Montgomery constant square of the N of 512bits width needs more than 20 milliseconds, even if CPU speed brings up to 30M, to speed Improve also less, only shorten 1 millisecond or so.
When carrying out RSA operation using RSA private keys, in order to protect private key, need to scramble RSA moduluses, after scrambling Mould is change, and when carrying out RSA operation every time, need to be originally inputted square carries out Yi Meng Gema with Montgomery constant Sharp modular multiplication, and Montgomery constant square, prior art is calculated using big number except big counting method, and efficiency is very low.
The content of the invention
The technical problem to be solved in the present invention is to provide a kind of method and device of RSA decryption, to improve using RSA private keys Carry out the efficiency of RSA operation.
In order to solve above-mentioned technical problem, the invention provides a kind of method of RSA decryption, including:
During RSA parameter initializations, the modulus width after the mould scrambling arranged to RSA private keys object is obtained, obtained Take with 2 as bottom, power of the modulus width as index square divided by it is described to RSA private keys object arrange mould obtained by more than Number and business;
Store the remainder and business;
During RSA operation is carried out to encrypted object, the Meng Gema after mould scrambling is obtained by the remainder and business Sharp constant square, square be decrypted process using acquired Montgomery constant.
Further, said method also has following feature:The acquisition is with 2 as bottom, the modulus width is as index Power square divided by it is described to RSA private keys object arrange mould obtained by remainder and business, by following formula realize:
RemainderBusinessWherein, N is the mould arranged to RSA private keys object, after scrambling Modulus width be k+32, R1=2k+32, k is the bit width of N.
Further, said method also has following feature:It is described that the illiteracy after mould scrambling is obtained by the remainder and business Montgomery constant square, including:
Randomly generate a 32 bit width odd number r;
Square C of the Montgomery constant after mould scrambling is obtained by following formula3
C2=K1Modr, wherein C2≤r-1;
C3=C2*N+C1
Further, said method also has following feature:The acquisition is with 2 as bottom, the modulus width is as index Power square divided by it is described to RSA private keys object arrange mould obtained by remainder and business, by following formula realize:
RemainderBusiness
RemainderBusiness
Wherein, the modulus width after scrambling is k+32, R1=2k+32, p, q are the moulds arranged to RSA private keys object, and k is right The bit width of the mould p that RSA private keys object is arranged.
Further, said method also has following feature:Meng Gema after mould scrambling is obtained by the remainder and business Sharp constant square, including:
Randomly generate a 32 bit width odd number rp
Square C of the Montgomery constant after mould scrambling is obtained by following formulap3
Cp2=Kp1modrp, wherein Cp2≤rp-1;
Cp3=Cp2*p+Cp1
Randomly generate a 32 bit width odd number rq
Square C of the Montgomery constant after mould scrambling is obtained by following formulaq3
Cq2=Kq1modrq, wherein Cq2≤rq-1;
Cq3=Cq2*q+Cq1
In order to solve the above problems, present invention also offers a kind of device of RSA decryption, wherein, including:
Acquisition module, after the mould for during RSA parameter initializations, obtaining to the setting of RSA private keys object is scrambled Modulus width, obtain with 2 as bottom, power of the modulus width as index square divided by it is described to RSA private keys object arrange Mould obtained by remainder and business;
Memory module, for storing the remainder and business;
Processing module, for during RSA operation is carried out to encrypted object, obtaining mould by the remainder and business and adding Montgomery constant after disturbing square, square be decrypted process using acquired Montgomery constant.
Further, said apparatus also have following feature:
The acquisition module, obtain with 2 as bottom, power of the modulus width as index square divided by described private to RSA Remainder and business obtained by the mould that key object is arranged, is realized by following formula:RemainderBusiness Wherein, N is the mould arranged to RSA private keys object, and the modulus width after scrambling is k+32, R1=2k+32, k is the bit width of N.
Further, said apparatus also have following feature:
The processing module, by the remainder and business obtain the Montgomery constant after mould scrambling square, including:With Machine produces a 32 bit width odd number r;Square C of the Montgomery constant after mould scrambling is obtained by following formula3:C2= K1Modr, wherein C2≤r-1;C3=C2*N+C1
Further, said apparatus also have following feature:
The acquisition module, obtain with 2 as bottom, power of the modulus width as index square divided by described private to RSA Remainder and business obtained by the mould that key object is arranged, is realized by following formula:RemainderBusiness RemainderBusinessWherein, the modulus width after scrambling is k+32, R1=2k+32, p, q are right The mould that RSA private keys object is arranged, k is the bit width of the mould p arranged to RSA private keys object.
Further, said apparatus also have following feature:
The processing module, by the remainder and business obtain the Montgomery constant after mould scrambling square, including:With Machine produces a 32 bit width odd number rp, square C of the Montgomery constant after mould scrambling is obtained by following formulap3:Cp2= Kp1modrp, wherein Cp2≤rp- 1, Cp3=Cp2*p+Cp1;Randomly generate a 32 bit width odd number rq, mould is obtained by following formula Square C of the Montgomery constant after scramblingq3:Cq2=Kq1modrq, wherein, Cq2≤rq-1;Cq3=Cq2*q+Cq1
To sum up, the present invention provides a kind of method and device of RSA decryption, and can improve carries out RSA operation using RSA private keys Efficiency.
Description of the drawings
The flow chart of the method that Fig. 1 is decrypted for a kind of RSA of the embodiment of the present invention;
The schematic diagram of the device that Fig. 2 is decrypted for a kind of RSA of the embodiment of the present invention.
Specific embodiment
To make the object, technical solutions and advantages of the present invention become more apparent, below in conjunction with accompanying drawing to the present invention Embodiment be described in detail.It should be noted that in the case where not conflicting, in the embodiment and embodiment in the application Feature can mutually be combined.
In practice, the JAVA applications of a RSA, only carry out a RSA parameter initialization flow process, then can arbitrarily adjust Use RSA operation.And the initialization of RSA is typically completed when application is installed, for such case, can be initial in RSA parameters During change, some time-consuming precomputations are carried out, without affecting user to run the speed of RSA operation.
The flow chart of the method that Fig. 1 is decrypted for a kind of RSA of the embodiment of the present invention, as shown in figure 1, the method for the present embodiment Including:
Step 11, the modulus during RSA parameter initializations, after the mould scrambling that acquisition is arranged to RSA private keys object Width, obtain with 2 as bottom, power of the width as index square divided by it is described to RSA private keys object arrange mould obtained by Remainder and business;
Step 12, the storage remainder and business;
Step 13, during RSA operation is carried out to encrypted object, obtained after mould scrambling by the remainder and business Montgomery constant square, square be decrypted process using acquired Montgomery constant.
Hereinafter the method for the present invention is described in detail with two specific embodiments.
The scheme of embodiment one, common RSA private keys:
It is N to N scrambling ordinary circumstances1=N*r, wherein r are the random odd numbers of a 32bits width.This stylish modulus Width increased 32bits, R1=2k+32, k is the bits width of N.Step is as follows:
RSA parameter initializations, comprise the following steps:
Step 101, one RSA cipher or signature object of establishment;
Step 102, according to the width of mould N create RSAPrivateKey objects;
Step 103, to RSAPrivateKey objects arrange mould N;
Precomputation (i.e. C1It is remainder, C1< N, K1It is business), preserve remainder C1And business Number K1
Step 104, to RSAPrivateKey objects arrange private key d;
Step 105, cipher objects or signature objects are initialized using RSAPrivateKey objects.
RSA operation, comprises the following steps:
Step 201, acquisition ciphertext or signed data;
Step 202, call encrypted object to be decrypted ciphertext or signed data is carried out to call encryption after hash process Object is decrypted;
Step 203, encrypted object call native interfaces to carry out RSA operation:
Step 203.1, randomly generate a 32bits width odd number r;
Step 203.2, calculating C2=K1modr(C2≤ r-1, here r is the number of a 32bits width, can be quick Calculate C2)
Step 203.3, calculating C3=C2*N+C1, C3Montgomery constants as after mould scrambling square (proof is shown in Afterwards)
Step 203.4, ciphertext is transferred to Montgomery domain, i.e., c is calculated by montgomery modulo multiplication1=MM (c, C3, r*N);If signature, then c carries out the value after hash computings for signed data.
Step 203.5, calculating
Step 203.6, calculating S=S1modN;
Step 204, return decryption (signature) result.
New budget method is proved:
Because C3=C2*N+C1<=(r-1) * N+C1< (r-1) * N+N=r*N
That is C3< r*N
So
The scheme of embodiment two, RSA_CRT private keys:
It is p to p, q scrambling ordinary circumstance1=p*rp、q1=q*rq, wherein, rp, rqIt is the random strange of 32bits width Number.This stylish modulus width increased 32bits, R1=2k+32, k for p, q bits width, the one of the bits width of as N Half.
RSA_CRT parameter initializations, comprise the following steps:
Step 301, one RSA cipher or signature object of establishment;
Step 302, call encrypted object to be decrypted ciphertext or signed data is carried out to call encryption after hash process Object is decrypted;
Step 303, to RSAPrivateCrtKey objects arrange mould p, q;
Precomputation (i.e. Cp1It is remainder, Cp1< p, Kp1It is business), preserve remainder Cp1 With quotient Kp1
Precomputation (i.e. Cq1It is remainder, Cq1< q, Kq1It is business), preserve remainder Cq1 With quotient Kq1
Step 304, to RSAPrivateCrtKey objects arrange private key in dp, dq, qinv;
Step 305, cipher objects or signature objects are initialized using RSAPrivateKey objects.
RSA_CRT computings, comprise the following steps:
Step 401, acquisition ciphertext or signed data;
Step 402, call encrypted object to be decrypted ciphertext or signed data is carried out to call encryption after hash process Object is decrypted;
Step 403, encrypted object call native interfaces to carry out RSA_CRT computings:
Step 403.1, common RSA calculating is carried out to p, dp, c:
A, randomly generate a 32bits width odd number rp
B, calculating Cp2=Kp1modrp(Cp2≤rp- 1, r herepIt is the number of a 32bits width, can quickly calculates Cp2);
C, calculating Cp3=Cp2*p+Cp1, Cp3Montgomery constants after as mould p scramblings square (are proved with common RSA);
D, ciphertext is transferred to Montgomery domain, i.e., c is calculated by montgomery modulo multiplicationp1=MM (c, Cp3,rp* p), such as Fruit is signature, then c carries out the value after hash computings for signed data.
E, calculating
F, calculating sp=sp1modp。
Step 403.2, common RSA calculating is carried out to q, dq, c;
A, randomly generate a 32bits width odd number rq
B, calculating Cq2=Kq1modrq(Cq2≤rq- 1, r hereqIt is the number of a 32bits width, can quickly calculates Cp2)
C, calculating Cq3=Cq2*q+Cq1, Cq3Montgomery constants after as mould q scramblings square (are proved with common RSA)
D, ciphertext is transferred to Montgomery domain, i.e., c is calculated by montgomery modulo multiplicationq1=MM (c, Cq3,rq* q), such as Fruit is signature, then c carries out the value after hash computings for signed data.
E, calculating
F, calculating sq=sq1modq
Step 403.3, final result is obtained according to Chinese remainder theorem:
S=[sq+q.(((sp-sq).qinv)modp)]modN。
The embodiment of the present invention is including RSA private keys and RSA_CRT private keys based on JavaCard RSA private key applications, is carried A kind of method that mould scrambling Montgomery constant square is quickly calculated by precomputation is supplied.
The schematic diagram of the device that Fig. 2 is decrypted for a kind of RSA of the embodiment of the present invention, as shown in Fig. 2 the device of the present embodiment Including:
Acquisition module, after the mould for during RSA parameter initializations, obtaining to the setting of RSA private keys object is scrambled Modulus width, obtain with 2 as bottom, power of the modulus width as index square divided by it is described to RSA private keys object arrange Mould obtained by remainder and business;
Memory module, for storing the remainder and business;
Processing module, for during RSA operation is carried out to encrypted object, obtaining mould by the remainder and business and adding Montgomery constant after disturbing square, square be decrypted process using acquired Montgomery constant.
In a preferred embodiment, the acquisition module, obtain with 2 as bottom, power of the modulus width as index it is flat The square remainder C with the mould N arranged to RSA private keys object1With business K1, can be realized by following formula: Wherein, N is the mould arranged to RSA private keys object, and the modulus width after scrambling is k+ 32, R1=2k+32, k is the bit width of N.
In a preferred embodiment, the processing module, by the remainder C1With business K1Obtain the Meng Gema after mould scrambling Square C of sharp constant3, including:Randomly generate a 32 bit width odd number r;Meng Gema after mould scrambling is obtained by following formula Square C of sharp constant3:C2=K1Modr, wherein C2≤r-1;C3=C2*N+C1
In a preferred embodiment, the acquisition module, obtain with 2 as bottom, power of the modulus width as index it is flat The square remainder C with described mould p, q arranged to RSA private keys objectp1、Cq1With business Kp1、Kq1, realized by following formula: Wherein, the modulus width after scrambling is k+ 32, R1=2k+32, k is the bit width of p.
In a preferred embodiment, the processing module, by the remainder and business the Montgomery after mould scrambling is obtained Constant square, including:Randomly generate a 32 bit width odd number rp, the Montgomery after mould scrambling is obtained by following formula normal Several square Cp3:Cp2=Kp1modrp, wherein Cp2≤rp- 1, Cp3=Cp2*p+Cp1;Randomly generate a 32 bit width odd numbers rq, square C of the Montgomery constant after mould scrambling is obtained by following formulaq3:Cq2=Kq1modrq, wherein, Cq2≤rq-1;Cq3= Cq2*q+Cq1
Traditional calculating is using big number divisions carrying out computing, and efficiency is very low, and is highly dependent on and does Large-number operation Hardware operator, this method by it is big number divisions have been moved to private key initialization in.The embodiment of the present invention is for answering with RSA private keys With, when private key is initialized, once long-time (tens milliseconds) precomputation is carried out, and preserve the remainder C after precomputation1(or Cp1、Cq1) and quotient K1(or Kp1、Kq1), when carrying out RSA operation every time later, use quotient K1(or Cp1、Cq1) to random number r (or rp、rq) delivery, recycle once it is multiply-add operate complete Montgomery constant square calculating.The cost of the present invention is very It is low, only need to consume at most less than the E2P spaces of 600 bytes, efficiency is very high, on the card of 30MCPU, only need to be less than 1 millisecond.
One of ordinary skill in the art will appreciate that all or part of step in said method can be instructed by program Related hardware is completed, and described program can be stored in computer-readable recording medium, such as read-only storage, disk or CD Deng.Alternatively, all or part of step of above-described embodiment can also be realized using one or more integrated circuits.Accordingly Ground, each module/unit in above-described embodiment can be realized in the form of hardware, it would however also be possible to employ the shape of software function module Formula is realized.The present invention is not restricted to the combination of the hardware and software of any particular form.
The preferred embodiments of the present invention are these are only, certainly, the present invention can also there are other various embodiments, without departing substantially from this In the case of spirit and its essence, those of ordinary skill in the art work as can make various corresponding changes according to the present invention And deformation, but these corresponding changes and deformation should all belong to the protection domain of appended claims of the invention.

Claims (10)

1. a kind of method that RSA is decrypted, including:
During RSA parameter initializations, the modulus width after the mould scrambling arranged to RSA private keys object is obtained, obtained with 2 For bottom, the modulus width for index power square divided by it is described to RSA private keys object arrange mould obtained by remainder and Business;
Store the remainder and business;
During RSA operation is carried out to encrypted object, the Montgomery after mould scrambling is obtained by the remainder and business normal Several squares, square process is decrypted using the Montgomery constant after acquired mould scrambling;
Wherein, it is described that square including for the Montgomery constant after mould scrambling is obtained by the remainder and business:
Computing is taken the remainder using the business and the odd number of 32 bit widths for randomly generating of the storage, using described fortune is taken the remainder The result of calculation does product calculation with the mould of RSA private key objects, is asked using the result and the remainder of the storage of the product calculation With the result of, the summation be the Montgomery constant after the mould scrambling square.
2. the method for claim 1, it is characterised in that:The acquisition is with 2 as bottom, power of the modulus width as index Square divided by it is described to RSA private keys object arrange mould obtained by remainder and business, by following formula realize:
RemainderBusinessWherein, N be to RSA private keys object arrange mould, the mould after scrambling SerComm degree is k+32, R1=2k+32, k is the bit width of N.
3. method as claimed in claim 2, it is characterised in that:It is described that the illiteracy brother after mould scrambling is obtained by the remainder and business Horse profit constant square, including:
Randomly generate a 32 bit width odd number r;
Square C of the Montgomery constant after mould scrambling is obtained by following formula3
C2=K1Mod r, wherein C2≤r-1;
C3=C2*N+C1
4. the method for claim 1, it is characterised in that:The acquisition is with 2 as bottom, power of the modulus width as index Square divided by it is described to RSA private keys object arrange mould obtained by remainder and business, by following formula realize:
RemainderBusiness
RemainderBusiness
Wherein, the modulus width after scrambling is k+32, R1=2k+32, p, q are the moulds arranged to RSA private keys object, and k is private to RSA The bit width of mould p, q that key object is arranged.
5. method as claimed in claim 4, it is characterised in that:Montgomery after mould scrambling is obtained by the remainder and business Constant square, including:
Randomly generate a 32 bit width odd number rp
Square C of the Montgomery constant after mould scrambling is obtained by following formulap3
Cp2=Kp1mod rp, wherein Cp2≤rp-1;
Cp3=Cp2*p+Cp1
Randomly generate a 32 bit width odd number rq
Square C of the Montgomery constant after mould scrambling is obtained by following formulaq3
Cq2=Kq1modrq, wherein Cq2≤rq-1;
Cq3=Cq2*q+Cq1
6. the device that a kind of RSA is decrypted, it is characterised in that include:
Acquisition module, for during RSA parameter initializations, obtaining the mould after scrambling to the mould that RSA private keys object is arranged SerComm degree, obtain with 2 as bottom, power of the modulus width as index square divided by it is described to RSA private keys object arrange mould Resulting remainder and business;
Memory module, for storing the remainder and business;
Processing module, for during RSA operation is carried out to encrypted object, in the following way by the remainder and business Obtain mould scrambling after Montgomery constant square, including:
Computing is taken the remainder using the business and the odd number of 32 bit widths for randomly generating of the storage, using described fortune is taken the remainder The result of calculation does product calculation with the mould of RSA private key objects, is asked using the result and the remainder of the storage of the product calculation With the result of, the summation be the Montgomery constant after the mould scrambling square;
Square process is decrypted using the Montgomery constant after acquired mould scrambling.
7. device as claimed in claim 6, it is characterised in that:
The acquisition module, obtain with 2 as bottom, power of the modulus width as index square divided by described to RSA private keys pair As the remainder obtained by the mould of setting and business, realized by following formula:RemainderBusinessWherein, N is the mould arranged to RSA private keys object, and the modulus width after scrambling is k+32, R1=2k+32, k is the bit width of N.
8. device as claimed in claim 7, it is characterised in that:
The processing module, by the remainder and business obtain the Montgomery constant after mould scrambling square, including:It is random to produce A raw 32 bit width odd number r;Square C of the Montgomery constant after mould scrambling is obtained by following formula3:C2=K1Mod r, Wherein C2≤r-1;C3=C2*N+C1
9. device as claimed in claim 6, it is characterised in that:
The acquisition module, obtain with 2 as bottom, power of the modulus width as index square divided by described to RSA private keys pair As the remainder obtained by the mould of setting and business, realized by following formula:RemainderBusinessRemainderBusinessWherein, the modulus width after scrambling is k+32, R1=2k+32, p, q are to RSA private keys The mould that object is arranged, k is the bit width of mould p, q for arranging to RSA private keys object.
10. device as claimed in claim 9, it is characterised in that:
The processing module, by the remainder and business obtain the Montgomery constant after mould scrambling square, including:It is random to produce A raw 32 bit width odd number rp, square C of the Montgomery constant after mould scrambling is obtained by following formulap3:Cp2=Kp1mod rp, wherein Cp2≤rp- 1, Cp3=Cp2*p+Cp1;Randomly generate a 32 bit width odd number rq, obtained after mould scrambling by following formula Montgomery constant square Cq3:Cq2=Kq1modrq, wherein, Cq2≤rq-1;Cq3=Cq2*q+Cq1
CN201410350403.9A 2014-07-22 2014-07-22 RSA decoding method and device Active CN104104504B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201410350403.9A CN104104504B (en) 2014-07-22 2014-07-22 RSA decoding method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201410350403.9A CN104104504B (en) 2014-07-22 2014-07-22 RSA decoding method and device

Publications (2)

Publication Number Publication Date
CN104104504A CN104104504A (en) 2014-10-15
CN104104504B true CN104104504B (en) 2017-05-10

Family

ID=51672333

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410350403.9A Active CN104104504B (en) 2014-07-22 2014-07-22 RSA decoding method and device

Country Status (1)

Country Link
CN (1) CN104104504B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104767622B (en) * 2015-04-20 2018-08-14 努比亚技术有限公司 Encryption method and device
TWI602119B (en) * 2015-07-22 2017-10-11 華邦電子股份有限公司 Computational method, computational device andcomputer software product for montgomery domain
CN107196764A (en) * 2017-07-19 2017-09-22 龙迅半导体(合肥)股份有限公司 A kind of RSA encrypting and deciphering processing methods and device

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1379375A (en) * 2001-04-11 2002-11-13 北京国芯安集成电路设计有限公司 Full-hardware intelligent RSA encrypt/decrypt processor
CN1650254A (en) * 2002-04-29 2005-08-03 因芬尼昂技术股份公司 Apparatus and method for calculating a result of a modular multiplication
CN101834723A (en) * 2009-03-10 2010-09-15 上海爱信诺航芯电子科技有限公司 RSA (Rivest-Shamirh-Adleman) algorithm and IP core
CN103294448A (en) * 2013-05-28 2013-09-11 福建升腾资讯有限公司 Large numbers modular calculation method for implementing RSA cryptosystem

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2004226674A (en) * 2003-01-23 2004-08-12 Renesas Technology Corp Information processing method
JP4351987B2 (en) * 2004-11-19 2009-10-28 株式会社東芝 Montgomery conversion device, arithmetic device, IC card, encryption device, decryption device, and program

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1379375A (en) * 2001-04-11 2002-11-13 北京国芯安集成电路设计有限公司 Full-hardware intelligent RSA encrypt/decrypt processor
CN1650254A (en) * 2002-04-29 2005-08-03 因芬尼昂技术股份公司 Apparatus and method for calculating a result of a modular multiplication
CN101834723A (en) * 2009-03-10 2010-09-15 上海爱信诺航芯电子科技有限公司 RSA (Rivest-Shamirh-Adleman) algorithm and IP core
CN103294448A (en) * 2013-05-28 2013-09-11 福建升腾资讯有限公司 Large numbers modular calculation method for implementing RSA cryptosystem

Also Published As

Publication number Publication date
CN104104504A (en) 2014-10-15

Similar Documents

Publication Publication Date Title
US9772821B2 (en) Cryptography method comprising an operation of multiplication by a scalar or an exponentiation
US9152383B2 (en) Method for encrypting a message through the computation of mathematical functions comprising modular multiplications
CN109039640B (en) Encryption and decryption hardware system and method based on RSA cryptographic algorithm
US20080240443A1 (en) Method and apparatus for securely processing secret data
EP3596876B1 (en) Elliptic curve point multiplication device and method for signing a message in a white-box context
TW200844847A (en) Chinese remainder theorem-based computation method for cryptosystems
CN104104504B (en) RSA decoding method and device
US7286666B1 (en) Countermeasure method in an electric component implementing an elliptical curve type public key cryptography algorithm
CN103067164A (en) Anti-attack method for electronic components using RSA public key encryption algorithm
US7903814B2 (en) Enhancing the security of public key cryptosystem implementations
EP3698262B1 (en) Protecting modular inversion operation from external monitoring attacks
EP1443699A1 (en) Information processing means and IC card
EP2738973A1 (en) System and method for cryptography using multiplicative masking using simultaneous exponentiation techniques
US7974409B2 (en) Changing the order of public key cryptographic computations
Chiou Parallel implementation of the RSA public-key cryptosystem
KR100330510B1 (en) Apparatus for high speed modular power exponentiation unit
US20090003607A1 (en) Altering the size of windows in public key cryptographic computations
Mahanta et al. A randomization based computation of RSA to resist power analysis attacks
Khairina et al. Secure data encryption through combination of RSA cryptography random key algorithm and quadratic congruential generator
Sani et al. RSA cryptography and multi prime RSA cryptography
Ristiana et al. Hybrid algorithm of RSA and one time pad cryptography
KR100550015B1 (en) Infinite field multiplying apparatus adapted for multiplying operation of GF3^m infinite field, mod 3 bit-stream adder therefor, and mod3 bit-stream adder therefor
JP2012242539A (en) Security system and microcomputer
KR102348797B1 (en) RSA circuit module of RSA encryption system
CN107196764A (en) A kind of RSA encrypting and deciphering processing methods and device

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant