CN104104504B - RSA decoding method and device - Google Patents
RSA decoding method and device Download PDFInfo
- Publication number
- CN104104504B CN104104504B CN201410350403.9A CN201410350403A CN104104504B CN 104104504 B CN104104504 B CN 104104504B CN 201410350403 A CN201410350403 A CN 201410350403A CN 104104504 B CN104104504 B CN 104104504B
- Authority
- CN
- China
- Prior art keywords
- mould
- remainder
- rsa
- scrambling
- business
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Storage Device Security (AREA)
Abstract
The invention provides an RSA decoding method and device. The method includes the steps of obtaining a module width of a module set for an RSA private key object after the module is scrambled in the parameter initializing process of an RSA, obtaining a remainder and a quotient after the module set for the RSA private key object is divided by the square of a power with 2 as a base number and the module width as an exponent; storing the remainder and the quotient; obtaining the square of a Montgomery constant obtained after the module is scrambled by means of the remainder and the quotient in the process that RSA operations are carried out on a decoded object, and carrying out decoding processing by means of the square of the obtained Montgomery constant. By means of the RSA decoding method and device, the efficiency of RSA operations carried out through the RSA private key can be improved.
Description
Technical field
The present invention relates to the communications field, more particularly to a kind of method and device of RSA decryption.
Background technology
RSA is RSA Algorithm.RSA public key encryption algorithms be 1977 by Peter Lonard Lee Vista (Ron Rivest), Ah
What enlightening Shamir (Adi Shamir) and Leonard A Deman (Leonard Adleman) were proposed together.At that time they three
People works in the Massachusetts Institute of Technology.RSA is exactly that their three people's surnames start the alphabetical composition that is stitched together.
RSA Algorithm is a kind of asymmetric cryptographic algorithm, so-called asymmetric, just refers to that the algorithm needs a pair of secret keys, is used
One of encryption, then need to be decrypted with another.
The algorithm of RSA is related to three parameters, N, e, d.
Wherein, N is the product of two big prime number p, q, and the digit shared by the binary representation of N is exactly that so-called key is long
Degree.Key length is 32 multiple, and existing frequently-used is 1024,1480,2048 etc., and highest bit for typically requiring N is 1, now
The corresponding RSA of custom is called 1024 RSA, the RSA of 1480,2048 RSA etc..
E is a pair related values to d, and e can arbitrarily take, but requires that e is relatively prime with (p-1) * (q-1);Reselection d, it is desirable to
(e*d) mod ((p-1) * (q-1))=1.
(N, e), (N d) is exactly key pair.Wherein (N, e) is public key, and (N d) is private key.The value of e does not typically surpass 4
Byte, Jing it is conventional for 3 (i.e. 0x00000003), 17 (i.e. 0x00000011), 257 (i.e. 0x00000101), 65537 (i.e.
0x00010001)。
The algorithm of RSA encryption and decryption is identical, if m is in plain text, c is ciphertext, then:M=cdmodN;C=meModN (public keys
In encryption system, typically with public key encryption, private key decryption).
E and d can be with used interchangeably, i.e.,:
C=mdmodN;M=cemod N。
Montgomery (Montgomery) theorem:N and R are integers, meet gcd (N, R)=1, the i.e. highest common divisor of N, R
Number is 1, and N, R are relatively prime.Make N'=-N-1ModR, T are the positive integers of satisfaction 0≤T < NR, if U=TN'modR, (T+UN)/R is
Integer, and (T+UN)/R ≡ TR-1(modN)。
According to Montgomery theorem, b=232If all integers are all expressed as b systems, and R=bn, then gcd is met
(N, R)=1.If T=A*B, then TR-1(modN) just can according to theorem calculate (T+UN)/R, and in formula divided by R, can
Directly to utilize shift operation, low level can directly be taken to R deliverys, it is to avoid division arithmetic, improve speed.Generally i.e.
Above-mentioned modular multiplication is montgomery modulo multiplication, and symbol is MM (A, B, N)=A*B*R-1modN.According to theorem 0≤(T+UN)/R < 2R.
RSA Algorithm is exactly to calculate mdModN, its step is generally:
Step 101, calculating Montgomery constant square C=R2ModN, wherein R=2k, k=(log2N)+1, i.e. k are moulds
The digit of number N, generally 32 multiple.
Step 102, Montgomery modular multiplication operators are called, multiplier is transformed into into Montgomery domains, i.e. m from common domain1
=MM (m, C, N)=(m*R) modN,
Step 103, by Montgomery modular multiplications operator calculate MM (m1,m1, N) and=(m2* R) modN, continuously calls
Montgomery modular multiplication operators are obtained intermediate result t=(md*R)modN。
Step 104, constant 1 is taken, call Montgomery modular multiplication operator S=MM (t, 1, N)=mdModN, if S >=N, S=
S-N, returns S.
In the application of RSA, private key is need to be to be protected, and the attack method of RSA has SPA (Simple power
Analysis, simple energy analysis), DPA (Differential Power Analysis, differential power analysis), FA (Fault
Attack, fault analysis) etc..In order to prevent DPA, in addition to needing to scramble index, in addition it is also necessary to which mould N is scrambled.
The mode of scrambling is the random odd number r that a 32bits is multiplied by N, and now modulus is changed into rN.When N is not scrambled, public key is such as used
When computing, can in precomputation directly calculate Montgomery constant square C=R2ModN is preserved, then straight when calling every time
Connect and use C.After N is scrambled, this stylish C is accomplished by recalculating, and r when calling every time is randomly generated, thus C is to become
Change, existing calculating is that, using big number division calculation C, efficiency is very low.
Another kind of private key form of RSA is RSA_CRT (Chinese remainder theorem), its private key object for (p, q, dp, dq,
Qinv), wherein, dp=dmod (p-1), dq=dmod (q-1), qinv=q-1Modp, which halves modulus width, such as
The RSA of 1024bits, its corresponding p, q are respectively 512bits width.Respectively with (p, dp), (q, dq) is carried out commonly RSA_CRT
RSA calculate, computing is then combined again.Mould scrambling is that N is scrambled for common RSA, for RSA_CRT
Mould scrambling is that the carrying out to p, q scrambles.
RSA JavaCard application flows following (only considering the situation of private key):
RSA parameter initializations:
1st, a RSA cipher (ciphertext) or signature (signature) object are created;
2nd, creating RSAPrivateKey objects according to the width of mould N (if CRT patterns, is then
RSAPrivateCrtKey objects);
3rd, to RSAPrivateKey (if CRT patterns, then be RSAPrivateCrtKey) object arrange mould N (if
Then it is p, q) for CRT patterns;
4th, private key d (if CRT patterns, then be dp, dq) is arranged to RSAPrivateKey objects;
5th, cipher objects utilize RSAPrivateKey (if CRT patterns, then be RSAPrivateCrtKey) object
Initialized.
RSA operation:
1st, ciphertext or signed data are obtained;
2nd, call encrypted object to be decrypted ciphertext or signed data is carried out to call encryption after hash (Hash) is processed
Object is decrypted;
3rd, encrypted object calls native (local) interface to carry out RSA operation;
4th, returning result.
The method of existing calculating Montgomery constant square is to count division greatly, has the disadvantage that efficiency is low, and to hardware
Dependence is very strong.In cpu frequency 3.8M, figure calculate on the card of sub- 30M (that mainly calls hardware figures greatly son) one greatly
The Montgomery constant square of the N of 512bits width needs more than 20 milliseconds, even if CPU speed brings up to 30M, to speed
Improve also less, only shorten 1 millisecond or so.
When carrying out RSA operation using RSA private keys, in order to protect private key, need to scramble RSA moduluses, after scrambling
Mould is change, and when carrying out RSA operation every time, need to be originally inputted square carries out Yi Meng Gema with Montgomery constant
Sharp modular multiplication, and Montgomery constant square, prior art is calculated using big number except big counting method, and efficiency is very low.
The content of the invention
The technical problem to be solved in the present invention is to provide a kind of method and device of RSA decryption, to improve using RSA private keys
Carry out the efficiency of RSA operation.
In order to solve above-mentioned technical problem, the invention provides a kind of method of RSA decryption, including:
During RSA parameter initializations, the modulus width after the mould scrambling arranged to RSA private keys object is obtained, obtained
Take with 2 as bottom, power of the modulus width as index square divided by it is described to RSA private keys object arrange mould obtained by more than
Number and business;
Store the remainder and business;
During RSA operation is carried out to encrypted object, the Meng Gema after mould scrambling is obtained by the remainder and business
Sharp constant square, square be decrypted process using acquired Montgomery constant.
Further, said method also has following feature:The acquisition is with 2 as bottom, the modulus width is as index
Power square divided by it is described to RSA private keys object arrange mould obtained by remainder and business, by following formula realize:
RemainderBusinessWherein, N is the mould arranged to RSA private keys object, after scrambling
Modulus width be k+32, R1=2k+32, k is the bit width of N.
Further, said method also has following feature:It is described that the illiteracy after mould scrambling is obtained by the remainder and business
Montgomery constant square, including:
Randomly generate a 32 bit width odd number r;
Square C of the Montgomery constant after mould scrambling is obtained by following formula3:
C2=K1Modr, wherein C2≤r-1;
C3=C2*N+C1。
Further, said method also has following feature:The acquisition is with 2 as bottom, the modulus width is as index
Power square divided by it is described to RSA private keys object arrange mould obtained by remainder and business, by following formula realize:
RemainderBusiness
RemainderBusiness
Wherein, the modulus width after scrambling is k+32, R1=2k+32, p, q are the moulds arranged to RSA private keys object, and k is right
The bit width of the mould p that RSA private keys object is arranged.
Further, said method also has following feature:Meng Gema after mould scrambling is obtained by the remainder and business
Sharp constant square, including:
Randomly generate a 32 bit width odd number rp;
Square C of the Montgomery constant after mould scrambling is obtained by following formulap3:
Cp2=Kp1modrp, wherein Cp2≤rp-1;
Cp3=Cp2*p+Cp1;
Randomly generate a 32 bit width odd number rq;
Square C of the Montgomery constant after mould scrambling is obtained by following formulaq3:
Cq2=Kq1modrq, wherein Cq2≤rq-1;
Cq3=Cq2*q+Cq1。
In order to solve the above problems, present invention also offers a kind of device of RSA decryption, wherein, including:
Acquisition module, after the mould for during RSA parameter initializations, obtaining to the setting of RSA private keys object is scrambled
Modulus width, obtain with 2 as bottom, power of the modulus width as index square divided by it is described to RSA private keys object arrange
Mould obtained by remainder and business;
Memory module, for storing the remainder and business;
Processing module, for during RSA operation is carried out to encrypted object, obtaining mould by the remainder and business and adding
Montgomery constant after disturbing square, square be decrypted process using acquired Montgomery constant.
Further, said apparatus also have following feature:
The acquisition module, obtain with 2 as bottom, power of the modulus width as index square divided by described private to RSA
Remainder and business obtained by the mould that key object is arranged, is realized by following formula:RemainderBusiness
Wherein, N is the mould arranged to RSA private keys object, and the modulus width after scrambling is k+32, R1=2k+32, k is the bit width of N.
Further, said apparatus also have following feature:
The processing module, by the remainder and business obtain the Montgomery constant after mould scrambling square, including:With
Machine produces a 32 bit width odd number r;Square C of the Montgomery constant after mould scrambling is obtained by following formula3:C2=
K1Modr, wherein C2≤r-1;C3=C2*N+C1。
Further, said apparatus also have following feature:
The acquisition module, obtain with 2 as bottom, power of the modulus width as index square divided by described private to RSA
Remainder and business obtained by the mould that key object is arranged, is realized by following formula:RemainderBusiness
RemainderBusinessWherein, the modulus width after scrambling is k+32, R1=2k+32, p, q are right
The mould that RSA private keys object is arranged, k is the bit width of the mould p arranged to RSA private keys object.
Further, said apparatus also have following feature:
The processing module, by the remainder and business obtain the Montgomery constant after mould scrambling square, including:With
Machine produces a 32 bit width odd number rp, square C of the Montgomery constant after mould scrambling is obtained by following formulap3:Cp2=
Kp1modrp, wherein Cp2≤rp- 1, Cp3=Cp2*p+Cp1;Randomly generate a 32 bit width odd number rq, mould is obtained by following formula
Square C of the Montgomery constant after scramblingq3:Cq2=Kq1modrq, wherein, Cq2≤rq-1;Cq3=Cq2*q+Cq1。
To sum up, the present invention provides a kind of method and device of RSA decryption, and can improve carries out RSA operation using RSA private keys
Efficiency.
Description of the drawings
The flow chart of the method that Fig. 1 is decrypted for a kind of RSA of the embodiment of the present invention;
The schematic diagram of the device that Fig. 2 is decrypted for a kind of RSA of the embodiment of the present invention.
Specific embodiment
To make the object, technical solutions and advantages of the present invention become more apparent, below in conjunction with accompanying drawing to the present invention
Embodiment be described in detail.It should be noted that in the case where not conflicting, in the embodiment and embodiment in the application
Feature can mutually be combined.
In practice, the JAVA applications of a RSA, only carry out a RSA parameter initialization flow process, then can arbitrarily adjust
Use RSA operation.And the initialization of RSA is typically completed when application is installed, for such case, can be initial in RSA parameters
During change, some time-consuming precomputations are carried out, without affecting user to run the speed of RSA operation.
The flow chart of the method that Fig. 1 is decrypted for a kind of RSA of the embodiment of the present invention, as shown in figure 1, the method for the present embodiment
Including:
Step 11, the modulus during RSA parameter initializations, after the mould scrambling that acquisition is arranged to RSA private keys object
Width, obtain with 2 as bottom, power of the width as index square divided by it is described to RSA private keys object arrange mould obtained by
Remainder and business;
Step 12, the storage remainder and business;
Step 13, during RSA operation is carried out to encrypted object, obtained after mould scrambling by the remainder and business
Montgomery constant square, square be decrypted process using acquired Montgomery constant.
Hereinafter the method for the present invention is described in detail with two specific embodiments.
The scheme of embodiment one, common RSA private keys:
It is N to N scrambling ordinary circumstances1=N*r, wherein r are the random odd numbers of a 32bits width.This stylish modulus
Width increased 32bits, R1=2k+32, k is the bits width of N.Step is as follows:
RSA parameter initializations, comprise the following steps:
Step 101, one RSA cipher or signature object of establishment;
Step 102, according to the width of mould N create RSAPrivateKey objects;
Step 103, to RSAPrivateKey objects arrange mould N;
Precomputation (i.e. C1It is remainder, C1< N, K1It is business), preserve remainder C1And business
Number K1;
Step 104, to RSAPrivateKey objects arrange private key d;
Step 105, cipher objects or signature objects are initialized using RSAPrivateKey objects.
RSA operation, comprises the following steps:
Step 201, acquisition ciphertext or signed data;
Step 202, call encrypted object to be decrypted ciphertext or signed data is carried out to call encryption after hash process
Object is decrypted;
Step 203, encrypted object call native interfaces to carry out RSA operation:
Step 203.1, randomly generate a 32bits width odd number r;
Step 203.2, calculating C2=K1modr(C2≤ r-1, here r is the number of a 32bits width, can be quick
Calculate C2)
Step 203.3, calculating C3=C2*N+C1, C3Montgomery constants as after mould scrambling square (proof is shown in
Afterwards)
Step 203.4, ciphertext is transferred to Montgomery domain, i.e., c is calculated by montgomery modulo multiplication1=MM (c, C3,
r*N);If signature, then c carries out the value after hash computings for signed data.
Step 203.5, calculating
Step 203.6, calculating S=S1modN;
Step 204, return decryption (signature) result.
New budget method is proved:
Because C3=C2*N+C1<=(r-1) * N+C1< (r-1) * N+N=r*N
That is C3< r*N
So
The scheme of embodiment two, RSA_CRT private keys:
It is p to p, q scrambling ordinary circumstance1=p*rp、q1=q*rq, wherein, rp, rqIt is the random strange of 32bits width
Number.This stylish modulus width increased 32bits, R1=2k+32, k for p, q bits width, the one of the bits width of as N
Half.
RSA_CRT parameter initializations, comprise the following steps:
Step 301, one RSA cipher or signature object of establishment;
Step 302, call encrypted object to be decrypted ciphertext or signed data is carried out to call encryption after hash process
Object is decrypted;
Step 303, to RSAPrivateCrtKey objects arrange mould p, q;
Precomputation (i.e. Cp1It is remainder, Cp1< p, Kp1It is business), preserve remainder Cp1
With quotient Kp1;
Precomputation (i.e. Cq1It is remainder, Cq1< q, Kq1It is business), preserve remainder Cq1
With quotient Kq1;
Step 304, to RSAPrivateCrtKey objects arrange private key in dp, dq, qinv;
Step 305, cipher objects or signature objects are initialized using RSAPrivateKey objects.
RSA_CRT computings, comprise the following steps:
Step 401, acquisition ciphertext or signed data;
Step 402, call encrypted object to be decrypted ciphertext or signed data is carried out to call encryption after hash process
Object is decrypted;
Step 403, encrypted object call native interfaces to carry out RSA_CRT computings:
Step 403.1, common RSA calculating is carried out to p, dp, c:
A, randomly generate a 32bits width odd number rp;
B, calculating Cp2=Kp1modrp(Cp2≤rp- 1, r herepIt is the number of a 32bits width, can quickly calculates
Cp2);
C, calculating Cp3=Cp2*p+Cp1, Cp3Montgomery constants after as mould p scramblings square (are proved with common
RSA);
D, ciphertext is transferred to Montgomery domain, i.e., c is calculated by montgomery modulo multiplicationp1=MM (c, Cp3,rp* p), such as
Fruit is signature, then c carries out the value after hash computings for signed data.
E, calculating
F, calculating sp=sp1modp。
Step 403.2, common RSA calculating is carried out to q, dq, c;
A, randomly generate a 32bits width odd number rq;
B, calculating Cq2=Kq1modrq(Cq2≤rq- 1, r hereqIt is the number of a 32bits width, can quickly calculates
Cp2)
C, calculating Cq3=Cq2*q+Cq1, Cq3Montgomery constants after as mould q scramblings square (are proved with common
RSA)
D, ciphertext is transferred to Montgomery domain, i.e., c is calculated by montgomery modulo multiplicationq1=MM (c, Cq3,rq* q), such as
Fruit is signature, then c carries out the value after hash computings for signed data.
E, calculating
F, calculating sq=sq1modq
Step 403.3, final result is obtained according to Chinese remainder theorem:
S=[sq+q.(((sp-sq).qinv)modp)]modN。
The embodiment of the present invention is including RSA private keys and RSA_CRT private keys based on JavaCard RSA private key applications, is carried
A kind of method that mould scrambling Montgomery constant square is quickly calculated by precomputation is supplied.
The schematic diagram of the device that Fig. 2 is decrypted for a kind of RSA of the embodiment of the present invention, as shown in Fig. 2 the device of the present embodiment
Including:
Acquisition module, after the mould for during RSA parameter initializations, obtaining to the setting of RSA private keys object is scrambled
Modulus width, obtain with 2 as bottom, power of the modulus width as index square divided by it is described to RSA private keys object arrange
Mould obtained by remainder and business;
Memory module, for storing the remainder and business;
Processing module, for during RSA operation is carried out to encrypted object, obtaining mould by the remainder and business and adding
Montgomery constant after disturbing square, square be decrypted process using acquired Montgomery constant.
In a preferred embodiment, the acquisition module, obtain with 2 as bottom, power of the modulus width as index it is flat
The square remainder C with the mould N arranged to RSA private keys object1With business K1, can be realized by following formula: Wherein, N is the mould arranged to RSA private keys object, and the modulus width after scrambling is k+
32, R1=2k+32, k is the bit width of N.
In a preferred embodiment, the processing module, by the remainder C1With business K1Obtain the Meng Gema after mould scrambling
Square C of sharp constant3, including:Randomly generate a 32 bit width odd number r;Meng Gema after mould scrambling is obtained by following formula
Square C of sharp constant3:C2=K1Modr, wherein C2≤r-1;C3=C2*N+C1。
In a preferred embodiment, the acquisition module, obtain with 2 as bottom, power of the modulus width as index it is flat
The square remainder C with described mould p, q arranged to RSA private keys objectp1、Cq1With business Kp1、Kq1, realized by following formula: Wherein, the modulus width after scrambling is k+
32, R1=2k+32, k is the bit width of p.
In a preferred embodiment, the processing module, by the remainder and business the Montgomery after mould scrambling is obtained
Constant square, including:Randomly generate a 32 bit width odd number rp, the Montgomery after mould scrambling is obtained by following formula normal
Several square Cp3:Cp2=Kp1modrp, wherein Cp2≤rp- 1, Cp3=Cp2*p+Cp1;Randomly generate a 32 bit width odd numbers
rq, square C of the Montgomery constant after mould scrambling is obtained by following formulaq3:Cq2=Kq1modrq, wherein, Cq2≤rq-1;Cq3=
Cq2*q+Cq1。
Traditional calculating is using big number divisions carrying out computing, and efficiency is very low, and is highly dependent on and does Large-number operation
Hardware operator, this method by it is big number divisions have been moved to private key initialization in.The embodiment of the present invention is for answering with RSA private keys
With, when private key is initialized, once long-time (tens milliseconds) precomputation is carried out, and preserve the remainder C after precomputation1(or
Cp1、Cq1) and quotient K1(or Kp1、Kq1), when carrying out RSA operation every time later, use quotient K1(or Cp1、Cq1) to random number r (or
rp、rq) delivery, recycle once it is multiply-add operate complete Montgomery constant square calculating.The cost of the present invention is very
It is low, only need to consume at most less than the E2P spaces of 600 bytes, efficiency is very high, on the card of 30MCPU, only need to be less than 1 millisecond.
One of ordinary skill in the art will appreciate that all or part of step in said method can be instructed by program
Related hardware is completed, and described program can be stored in computer-readable recording medium, such as read-only storage, disk or CD
Deng.Alternatively, all or part of step of above-described embodiment can also be realized using one or more integrated circuits.Accordingly
Ground, each module/unit in above-described embodiment can be realized in the form of hardware, it would however also be possible to employ the shape of software function module
Formula is realized.The present invention is not restricted to the combination of the hardware and software of any particular form.
The preferred embodiments of the present invention are these are only, certainly, the present invention can also there are other various embodiments, without departing substantially from this
In the case of spirit and its essence, those of ordinary skill in the art work as can make various corresponding changes according to the present invention
And deformation, but these corresponding changes and deformation should all belong to the protection domain of appended claims of the invention.
Claims (10)
1. a kind of method that RSA is decrypted, including:
During RSA parameter initializations, the modulus width after the mould scrambling arranged to RSA private keys object is obtained, obtained with 2
For bottom, the modulus width for index power square divided by it is described to RSA private keys object arrange mould obtained by remainder and
Business;
Store the remainder and business;
During RSA operation is carried out to encrypted object, the Montgomery after mould scrambling is obtained by the remainder and business normal
Several squares, square process is decrypted using the Montgomery constant after acquired mould scrambling;
Wherein, it is described that square including for the Montgomery constant after mould scrambling is obtained by the remainder and business:
Computing is taken the remainder using the business and the odd number of 32 bit widths for randomly generating of the storage, using described fortune is taken the remainder
The result of calculation does product calculation with the mould of RSA private key objects, is asked using the result and the remainder of the storage of the product calculation
With the result of, the summation be the Montgomery constant after the mould scrambling square.
2. the method for claim 1, it is characterised in that:The acquisition is with 2 as bottom, power of the modulus width as index
Square divided by it is described to RSA private keys object arrange mould obtained by remainder and business, by following formula realize:
RemainderBusinessWherein, N be to RSA private keys object arrange mould, the mould after scrambling
SerComm degree is k+32, R1=2k+32, k is the bit width of N.
3. method as claimed in claim 2, it is characterised in that:It is described that the illiteracy brother after mould scrambling is obtained by the remainder and business
Horse profit constant square, including:
Randomly generate a 32 bit width odd number r;
Square C of the Montgomery constant after mould scrambling is obtained by following formula3:
C2=K1Mod r, wherein C2≤r-1;
C3=C2*N+C1。
4. the method for claim 1, it is characterised in that:The acquisition is with 2 as bottom, power of the modulus width as index
Square divided by it is described to RSA private keys object arrange mould obtained by remainder and business, by following formula realize:
RemainderBusiness
RemainderBusiness
Wherein, the modulus width after scrambling is k+32, R1=2k+32, p, q are the moulds arranged to RSA private keys object, and k is private to RSA
The bit width of mould p, q that key object is arranged.
5. method as claimed in claim 4, it is characterised in that:Montgomery after mould scrambling is obtained by the remainder and business
Constant square, including:
Randomly generate a 32 bit width odd number rp;
Square C of the Montgomery constant after mould scrambling is obtained by following formulap3:
Cp2=Kp1mod rp, wherein Cp2≤rp-1;
Cp3=Cp2*p+Cp1;
Randomly generate a 32 bit width odd number rq;
Square C of the Montgomery constant after mould scrambling is obtained by following formulaq3:
Cq2=Kq1modrq, wherein Cq2≤rq-1;
Cq3=Cq2*q+Cq1。
6. the device that a kind of RSA is decrypted, it is characterised in that include:
Acquisition module, for during RSA parameter initializations, obtaining the mould after scrambling to the mould that RSA private keys object is arranged
SerComm degree, obtain with 2 as bottom, power of the modulus width as index square divided by it is described to RSA private keys object arrange mould
Resulting remainder and business;
Memory module, for storing the remainder and business;
Processing module, for during RSA operation is carried out to encrypted object, in the following way by the remainder and business
Obtain mould scrambling after Montgomery constant square, including:
Computing is taken the remainder using the business and the odd number of 32 bit widths for randomly generating of the storage, using described fortune is taken the remainder
The result of calculation does product calculation with the mould of RSA private key objects, is asked using the result and the remainder of the storage of the product calculation
With the result of, the summation be the Montgomery constant after the mould scrambling square;
Square process is decrypted using the Montgomery constant after acquired mould scrambling.
7. device as claimed in claim 6, it is characterised in that:
The acquisition module, obtain with 2 as bottom, power of the modulus width as index square divided by described to RSA private keys pair
As the remainder obtained by the mould of setting and business, realized by following formula:RemainderBusinessWherein,
N is the mould arranged to RSA private keys object, and the modulus width after scrambling is k+32, R1=2k+32, k is the bit width of N.
8. device as claimed in claim 7, it is characterised in that:
The processing module, by the remainder and business obtain the Montgomery constant after mould scrambling square, including:It is random to produce
A raw 32 bit width odd number r;Square C of the Montgomery constant after mould scrambling is obtained by following formula3:C2=K1Mod r,
Wherein C2≤r-1;C3=C2*N+C1。
9. device as claimed in claim 6, it is characterised in that:
The acquisition module, obtain with 2 as bottom, power of the modulus width as index square divided by described to RSA private keys pair
As the remainder obtained by the mould of setting and business, realized by following formula:RemainderBusinessRemainderBusinessWherein, the modulus width after scrambling is k+32, R1=2k+32, p, q are to RSA private keys
The mould that object is arranged, k is the bit width of mould p, q for arranging to RSA private keys object.
10. device as claimed in claim 9, it is characterised in that:
The processing module, by the remainder and business obtain the Montgomery constant after mould scrambling square, including:It is random to produce
A raw 32 bit width odd number rp, square C of the Montgomery constant after mould scrambling is obtained by following formulap3:Cp2=Kp1mod
rp, wherein Cp2≤rp- 1, Cp3=Cp2*p+Cp1;Randomly generate a 32 bit width odd number rq, obtained after mould scrambling by following formula
Montgomery constant square Cq3:Cq2=Kq1modrq, wherein, Cq2≤rq-1;Cq3=Cq2*q+Cq1。
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410350403.9A CN104104504B (en) | 2014-07-22 | 2014-07-22 | RSA decoding method and device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410350403.9A CN104104504B (en) | 2014-07-22 | 2014-07-22 | RSA decoding method and device |
Publications (2)
Publication Number | Publication Date |
---|---|
CN104104504A CN104104504A (en) | 2014-10-15 |
CN104104504B true CN104104504B (en) | 2017-05-10 |
Family
ID=51672333
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201410350403.9A Active CN104104504B (en) | 2014-07-22 | 2014-07-22 | RSA decoding method and device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN104104504B (en) |
Families Citing this family (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104767622B (en) * | 2015-04-20 | 2018-08-14 | 努比亚技术有限公司 | Encryption method and device |
TWI602119B (en) * | 2015-07-22 | 2017-10-11 | 華邦電子股份有限公司 | Computational method, computational device andcomputer software product for montgomery domain |
CN107196764A (en) * | 2017-07-19 | 2017-09-22 | 龙迅半导体(合肥)股份有限公司 | A kind of RSA encrypting and deciphering processing methods and device |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1379375A (en) * | 2001-04-11 | 2002-11-13 | 北京国芯安集成电路设计有限公司 | Full-hardware intelligent RSA encrypt/decrypt processor |
CN1650254A (en) * | 2002-04-29 | 2005-08-03 | 因芬尼昂技术股份公司 | Apparatus and method for calculating a result of a modular multiplication |
CN101834723A (en) * | 2009-03-10 | 2010-09-15 | 上海爱信诺航芯电子科技有限公司 | RSA (Rivest-Shamirh-Adleman) algorithm and IP core |
CN103294448A (en) * | 2013-05-28 | 2013-09-11 | 福建升腾资讯有限公司 | Large numbers modular calculation method for implementing RSA cryptosystem |
Family Cites Families (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2004226674A (en) * | 2003-01-23 | 2004-08-12 | Renesas Technology Corp | Information processing method |
JP4351987B2 (en) * | 2004-11-19 | 2009-10-28 | 株式会社東芝 | Montgomery conversion device, arithmetic device, IC card, encryption device, decryption device, and program |
-
2014
- 2014-07-22 CN CN201410350403.9A patent/CN104104504B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1379375A (en) * | 2001-04-11 | 2002-11-13 | 北京国芯安集成电路设计有限公司 | Full-hardware intelligent RSA encrypt/decrypt processor |
CN1650254A (en) * | 2002-04-29 | 2005-08-03 | 因芬尼昂技术股份公司 | Apparatus and method for calculating a result of a modular multiplication |
CN101834723A (en) * | 2009-03-10 | 2010-09-15 | 上海爱信诺航芯电子科技有限公司 | RSA (Rivest-Shamirh-Adleman) algorithm and IP core |
CN103294448A (en) * | 2013-05-28 | 2013-09-11 | 福建升腾资讯有限公司 | Large numbers modular calculation method for implementing RSA cryptosystem |
Also Published As
Publication number | Publication date |
---|---|
CN104104504A (en) | 2014-10-15 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US9772821B2 (en) | Cryptography method comprising an operation of multiplication by a scalar or an exponentiation | |
US9152383B2 (en) | Method for encrypting a message through the computation of mathematical functions comprising modular multiplications | |
CN109039640B (en) | Encryption and decryption hardware system and method based on RSA cryptographic algorithm | |
US20080240443A1 (en) | Method and apparatus for securely processing secret data | |
EP3596876B1 (en) | Elliptic curve point multiplication device and method for signing a message in a white-box context | |
TW200844847A (en) | Chinese remainder theorem-based computation method for cryptosystems | |
CN104104504B (en) | RSA decoding method and device | |
US7286666B1 (en) | Countermeasure method in an electric component implementing an elliptical curve type public key cryptography algorithm | |
CN103067164A (en) | Anti-attack method for electronic components using RSA public key encryption algorithm | |
US7903814B2 (en) | Enhancing the security of public key cryptosystem implementations | |
EP3698262B1 (en) | Protecting modular inversion operation from external monitoring attacks | |
EP1443699A1 (en) | Information processing means and IC card | |
EP2738973A1 (en) | System and method for cryptography using multiplicative masking using simultaneous exponentiation techniques | |
US7974409B2 (en) | Changing the order of public key cryptographic computations | |
Chiou | Parallel implementation of the RSA public-key cryptosystem | |
KR100330510B1 (en) | Apparatus for high speed modular power exponentiation unit | |
US20090003607A1 (en) | Altering the size of windows in public key cryptographic computations | |
Mahanta et al. | A randomization based computation of RSA to resist power analysis attacks | |
Khairina et al. | Secure data encryption through combination of RSA cryptography random key algorithm and quadratic congruential generator | |
Sani et al. | RSA cryptography and multi prime RSA cryptography | |
Ristiana et al. | Hybrid algorithm of RSA and one time pad cryptography | |
KR100550015B1 (en) | Infinite field multiplying apparatus adapted for multiplying operation of GF3^m infinite field, mod 3 bit-stream adder therefor, and mod3 bit-stream adder therefor | |
JP2012242539A (en) | Security system and microcomputer | |
KR102348797B1 (en) | RSA circuit module of RSA encryption system | |
CN107196764A (en) | A kind of RSA encrypting and deciphering processing methods and device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |