CN100536390C - A novel elliptic curve password coprocessor - Google Patents

A novel elliptic curve password coprocessor Download PDF

Info

Publication number
CN100536390C
CN100536390C CNB200510025913XA CN200510025913A CN100536390C CN 100536390 C CN100536390 C CN 100536390C CN B200510025913X A CNB200510025913X A CN B200510025913XA CN 200510025913 A CN200510025913 A CN 200510025913A CN 100536390 C CN100536390 C CN 100536390C
Authority
CN
China
Prior art keywords
register
coprocessor
mux
elliptic curve
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CNB200510025913XA
Other languages
Chinese (zh)
Other versions
CN1700637A (en
Inventor
曾晓洋
顾震宇
章倩苓
陈超
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Dishen Electronic Sci & Tech Shanghai LLC
Original Assignee
Dishen Electronic Sci & Tech Shanghai LLC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Dishen Electronic Sci & Tech Shanghai LLC filed Critical Dishen Electronic Sci & Tech Shanghai LLC
Priority to CNB200510025913XA priority Critical patent/CN100536390C/en
Publication of CN1700637A publication Critical patent/CN1700637A/en
Application granted granted Critical
Publication of CN100536390C publication Critical patent/CN100536390C/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Abstract

This invention relates to new ellipse curve code processor applied in main processor and assistant processor to form ECC public keys codes system, which is characterized by the following: the main processor is composed of imbedded microprocessor and point timing controller and communication controller through bus and assistant processor special interface and ellipse curve codes processor, wherein, the assistant processor is of hardware controller with circuit bus status tracer, coding control circuit and data path to execute status tracing of main processor and to judge whether the orders are given to the main processor interfacing handing signals.

Description

A kind of elliptic curve password coprocessor
Technical field
The present invention is mainly used in information security field, confidentiality, integrality and the non repudiation etc. of, sensitive information important in order to guarantee.
Background technology
Elliptic curve is as the existing 100 years of researches history of the major issue in the algebraic geometry, but just be incorporated in the cryptography up to 1986, the early stage efficient algorithm that produces the basic application parameter of elliptic curve owing to shortage in its proposition, do not cause people's attention always, just made this cryptographic system be able to effective realization up to 1993.Elliptic curve cryptosystem (Elliptic Curve Cryptosystem ECC) is a kind of public-key cryptosystem, and its fail safe is based on the difficulty of asking discrete logarithm on the elliptic curve.Why the ECC cryptographic algorithm causes people's extensive concern, is because it except theoretic meaning, also has key length short, the advantage that the selection of parameter of encryption system is flexible.
ECC compares with RSA (the Rivest Shauir Adleuan) cryptographic algorithm of extensive use at present, and a lot of technological merits are arranged:
(1) security performance is higher.Encrypting the security performance of calculating generally reflects by the anti-attack strength of this algorithm.ECC compares with other several public key cryptosysts, and its anti-aggressiveness has absolute advantage.The discrete logarithm dyscalculia of elliptic curve is exponential fully at present on computation complexity, and RSA is the subset index level.It is higher than every bit security performance of RSA that this embodies ECC.
(2) amount of calculation is little fast with processing speed.Under certain identical computational resource condition, with ECC comparativity is arranged though on RSA public-key process speed, (encrypt and signature verification), on the processing speed of private key (deciphering and signature), ECC is faster more than RSA.Therefore the total speed of ECC is more faster than RSA.Simultaneously the key formation speed of ECC system is than RSA more than fast hundred times.Therefore under the same conditions, ECC then has higher encryption performance.
(3) memory space takies little.The keys sizes of ECC is compared much smaller with system parameters with RSA.160 ECC have identical security intensity with 1024 RSA, and 210 ECC then have identical security intensity with 2048 RSA.Mean that its shared memory space is much smaller.Application of (as smart card etc.) on resource-constrained environment has the meaning of particular importance for cryptographic algorithm for this.
(4) bandwidth requirement is low.When long message was carried out encryption and decryption, three class cryptographic systems had identical bandwidth requirement, but the ECC bandwidth requirement is much lower when being applied to short message.And public key encryp is used for short message more, for example is used for digital signature and the session key transmission that is used for symmetrical system.Bandwidth requirement is low to make ECC be with a wide range of applications in field of wireless.
These characteristics of ECC make it, and the application of (as mobile phone, smart card) will replace RSA in some field, and become general public key encryption algorithm.Many International Standards Organization (government, industrial quarters, financial quarters, business circles etc.) issue as its levels of standards various elliptic curve cryptosystems to the whole world.The ECC standard substantially can be divided into two kinds of forms: a class is a technical standard, promptly describes the ECC system based on technical support, standard the selection of various parameters of ECC, and provided one group of ECC parameter under the security intensities at different levels.Another kind of is application standard, and promptly the ECC technology is used in suggestion in concrete applied environment.In the standardized while, soft, the hardware of some various elliptic curve cryptographies based on standard (or draft), signature, cipher key change are also come out one after another.
Hardware encipher is compared with software cryptography, because advantage such as it is fast to have an enciphering rate, and performance is good, and hardware is convenient to physical protection, and fail safe is good, and characteristic easy to loading and unloading is subjected to the attention of safety limit always deeply.The development of very large scale integration technology meanwhile makes and to design cheaply that hardware encryption chip becomes possibility.
In a word, ECC is a PKI system algorithm that is better than RSA, and the needs of modern high bandwidth, Embedded Application make its efficient VLSI of research realize having very strong realistic meaning.In addition, because the particularity of cryptographic technique, password product (particularly hardware product) is the import and export restriction product, and a country considers also not allow to adopt other nation's security product to keep " gate " from security standpoint.So study the hardware-based cryptographic of the autonomous property right particular importance that just seems.Can believe that the application meeting of ECC technology in information security field is more and more wider.
But, in elliptic curve cryptosystem (ECC), about the optimization of elliptic curve cryptography, the system architecture of elliptic curve password coprocessor, and the data path of elliptic curve password coprocessor also exists and improves part not to the utmost, needs to do further to improve.
Summary of the invention
In sum, how improving elliptic curve cryptography in the optimization to the dot product scheduling scheme, is a technical problem to be solved by this invention; How overcoming the shortcoming that present popular data path adds the State Control machine, is another technical problem to be solved by this invention; How improving the high data throughput of data path of elliptic curve password coprocessor and suitable hardware complexity then is another technical problem to be solved by this invention.
Therefore, the object of the present invention is to provide a kind of elliptic curve password coprocessor.
Technical thought of the present invention:
The implementation of elliptic curve cryptography coprocessor has two kinds at present: state machine implementation and instruction implementation.This programme has compared the quality of two kinds of implementations from the angle analysis of implementation complexity and performance, has finally selected the instruction implementation.
In order to improve the reusability of coprocessor, the form that the instruction set design adopts novel coprocessor extended instruction and microcode instruction to combine.The form of " getting/deposit " is adopted in the design of microcode instruction collection, can improve the code density of instruction set on the one hand, the reduction system is to the requirement of memory capacity, can reduce the complexity of decoding unit on the other hand, reduce the addressing mode of coprocessor, can improve the performance of wide Bit data path thus.
By in data path, increasing the specified register group,, thereby improve systematic function simultaneously, reduce the power consumption of circuit to a certain extent with the number of times of exchanges data between minimizing data path and the general purpose register set.
Key modules in the data path---Galois field multiplier adopts scalable grouping parallel organization, to improve data throughput.In addition, the design of finite field squarer is by multiplexing scalable grouping parallel multiplier circuit, to reduce the area of data path.
Cryptographic system adopts the system realization scheme by master controller (Main Controller Unit MCU)+coprocessor (Coprocessor), so that as master controller, and on the basis of its coprocessor extended instruction and corresponding coprocessor interface, develop elliptic curve password coprocessor in order to embedded microprocessor.
As mentioned above, technical scheme of the present invention is as follows:
According to a kind of elliptic curve password coprocessor of the present invention, be used for the ECC common key cryptosystem that constitutes by primary processor and coprocessor, characteristics are: the master controller of this primary processor for being made of flush bonding processor, and this coprocessor is a hardware control, the elliptic curve cipher system that is fit to the embedded type CPU structure of present main flow, wherein, primary processor comprises dot product controller and communication controler, realizes being connected with elliptic curve password coprocessor by bus and coprocessor special purpose interface; This coprocessor contains bus state follower, decoding control circuit and the data path that becomes circuit to connect successively, wherein, the bus state follower contains pipeline follower and the operand state cell that is connected with this pipeline follower, and it is accepted the coprocessor extended instruction sent from primary processor and carries out mutual handshake from coprocessor special purpose interface inlet flow waterline status signal and with main the processing; This decoding control circuit is dual decoding circuit, and the coprocessor extended instruction that primary processor is sent here is translated into microcode, again microcode is translated into control signal, in order to the finite field operations and the exchanges data of being carried out in the control data path; Described data are carried out exchanges data by the register file and the data-path elements of double-way connection by the memory in register file and the common key cryptosystem.
Further, described primary processor is 32 embedded type CPUs, develops this elliptic curve password coprocessor based on the coprocessor interface of coprocessor extended instruction and corresponding (promptly special-purpose).
Described decoding control circuit comprises first command register, first decoder, pointer set, microcode group, second MUX, second command register and second decoder that becomes circuit to connect successively.
Described data-path elements comprises digital serial squarer, numerical digit serial multiplier, finite field add circuit and complete zero testing circuit that becomes circuit to connect successively.
Be provided with two register RC, RD that import the register RA and the register RB of data and be provided with two input data of two described finite field add circuits of storage of the described multiplier of storage in the described data path.
Elliptic curve password coprocessor according to this programme design has the following advantages:
Password coprocessor has adopted the dedicated coprocessor interface, can match with the embedded type CPU of present main flow, realizes whole elliptic curve cipher system;
Adopted the two-stage decoding system, i.e. coprocessor extended instruction and coprocessor microcode instruction two-stage decoding can realize reshuffling of system very flexibly.When the algorithm of protocol layer changes, need not to change the hardware structure of coprocessor, get final product and only need change microcode routine.If using the control unit of finite state machine form just can't realize.The heavy cost of developing of so obviously reduction system of solution, the accelerating system Time To Market wins economic benefit simultaneously;
Coprocessor has designed a data path based on scalable grouping concurrent technique, the data path structure of this sample plan can be under the condition that systematic function allows, from hard-wired speed, area and power consumption three aspects, find the preferred plan of realization.
Description of drawings
Fig. 1 is the structural representation that primary processor of the present invention, coprocessor constitute cryptographic system;
Fig. 2 is an elliptic curve password coprocessor system architecture schematic diagram of the present invention;
Fig. 3 is the data path structural representation of elliptic curve password coprocessor of the present invention.
Embodiment
Providing a preferred embodiment of the present invention according to Fig. 1 to Fig. 3 below, so that architectural feature of the present invention and functional characteristics are described better, but is not to be used for limiting scope of the present invention.
Consult shown in Figure 1, in the ECC common key cryptosystem that elliptic curve password coprocessor of the present invention system is applied to be made of primary processor, coprocessor.
Primary processor among Fig. 1 (MCU) is mainly finished two tasks, comprise at the dot product in elliptic curve cryptography scheduling and with the Communication Control of coprocessor.It mainly plays the effect of software controller, and the present invention is primarily aimed at and uses Embedded 32 RISC CPU.The coprocessor device is finished complex calculation---the core component of point multiplication operation in the elliptic curve cryptography exactly, it is that devices at full hardware realizes, comprise finite state machine, microcode and data path etc., they again primary processor control down and complicated point multiplication operation is finished in collaborative work.
The system architecture of elliptic curve password coprocessor of the present invention as shown in Figure 2.It is three parts that this coprocessor 2 is divided into, i.e. bus state follower 21, decoding control circuit 22 and the data path 23 that connects with circuit successively.
Wherein, bus state follower 21 mainly is that the state of primary processor 1 is followed the tracks of, and judges whether current primary processor 1 fetched instruction is the coprocessor extended instruction, and is responsible for sending and receive corresponding handshake to primary processor 1; Decoding control circuit 22 main being responsible for are converted to basic finite field operations with the scheduling of group operatione layer, are about to coprocessor extended instruction 11 and are translated into corresponding microcode instruction, again microcode instruction are translated into control signal corresponding; The computing that data path 23 mainly carries out finite field basic operation layer realizes.
In Fig. 2, bus state follower 21 comprises the operand state cell 212 of pipeline follower 211 and 211 work of control flows pipeline follower, this pipeline follower 211 is accepted to follow signal, coprocessor extended instruction from clock and clock control signal, the pipeline state of primary processor 1, and primary processor 1 and coprocessor 2 mutual handshake.Described clock and clock control signal are imported by interface CLK, NRESET; Described pipeline state is followed signal by interface CPnMREQ, CPnOPC, CPTBIT input; Described mutual handshake is then exported from interface CPnCPI input with by interface CPA, CPB.
This decoding control circuit 22 comprises the instruction of accepting primary processor 1 and connects alternately with pipeline follower 211, comprise first command register 221, first decoder 222, pointer unit group 223, microcode group 224, second MUX 225, second command register 226 and second decoder 227 that connect with circuit successively, and first MUX 228, wherein, first command register 221 is subjected to the control of pipeline follower 211 to be connected primary processor 1 with data/address bus; 227 outputs of second decoder connect register file 232 and data path 231, and first MUX, 228 difference attended operation number state unit 212, first decoder 222 and second MUX 225, this data path 23 comprises into data path logic module 231 and the register file 232 that two-way circuit connects, and is connected with 13 one-tenth two-way circuits of memory of ECC common key cryptosystem by register file 232.
The interface signal of described coprocessor 2 is defined as follows table 1:
Table 1
Figure C20051002591300091
Figure C20051002591300101
Figure C20051002591300111
Instruction set design about elliptic curve password coprocessor 2
The instruction set design of elliptic curve password coprocessor 2 comprises two parts: the design of the design of coprocessor expansion instruction set and coprocessor microcode instruction collection.The former is used for realizing the scheduling of point multiplication operation group operatione layer, and the latter is used for realizing the basic operation of point multiplication operation finite field, as finite field multiplication, finite field square operation etc.
1) coprocessor expansion instruction set design
Because present embodiment adopts the implementation of " general master controller (MCU)+coprocessor (Coprocessor) ", wherein master controller 1 adopts 32 embedded microprocessors, and develops elliptic curve password coprocessor 2 on the basis of its coprocessor extended instruction and corresponding coprocessor interface.Can expand 16 coprocessors altogether, wherein 12 have fixed-purpose, all the other four exploitations that can be used for embedded system.
The instruction that is used for the coprocessor expansion in 32 embedded microprocessors is divided three classes: the instruction of coprocessor data operation, coprocessor data movement instruction and coprocessor register move instruction.According to the requirement of dot product dispatching algorithm, present embodiment has defined 12 coprocessor extended instructions, and is as shown in table 2 below:
Table 2
Figure C20051002591300121
2) coprocessor microcode instruction collection design
Adopt state machine to control the finite field operations of dispatching in the coprocessor.Since finish once add or the step of point doubling quite a lot of, can cause state machine too huge thus, control logic is too complicated, has increased the design and the validation difficulty of coprocessor, the while has also been reduced the extensibility of coprocessor.Therefore, present embodiment employing microcode instruction is controlled the finite field operations in the coprocessor, has reduced the complexity of state machine, is easy to design and checking, has also improved the extensibility of coprocessor simultaneously.
When definition coprocessor microcode instruction collection, mainly consider following principle: 1) reduce the memory access number of times as far as possible.2) extensibility of enhancing coprocessor comprises two layers of meaning.The one, for the requirement of different Cipher Strengths, can select different finite fields to realize, need not to change instruction set this moment, only need expand getting final product the data path accordingly; The 2nd, realize for different dispatching algorithms, also need not to change instruction set, only need write corresponding microcode routine again and get final product.
Based on mentioned above principle, present embodiment has defined 10 microcode instructions, and instruction word length is 8 bits, is divided into the instruction of finite field data operation, the instruction of finite field register transfer and finite field data movement instruction, and is as shown in table 3 below:
Table 3
Figure C20051002591300131
Rs represents source operand in the table, and Rd represents destination operand.
Structure about the data path 23 of elliptic curve password coprocessor 2
Because the arithmetic speed of serial multiplier is slower, its data throughput is not high.Therefore, under high data throughput application scenario, often adopt scalable grouping parallel multiplier based on polynomial basis.Scalable grouping concurrent technique is the algorithm of a kind of string and combination, and it is divided into m/D group (D is called scalable grouping coefficient) with original m bit data, calculates one group of data in a clock cycle, so just can finish in m/D clock cycle.So this structure can from hard-wired speed, area and power consumption three aspects, find the preferred plan of realization under the condition that systematic function allows.
Suppose W, A, B ∈ GF (2 m), A = Σ j = 0 m - 1 a j α j ,
Figure C20051002591300133
Wherein B i = Σ j = 0 D - 1 b D i + j α j , 0 ≤ i ≤ d - 2 Σ j = 0 m - 1 - D ( d - 1 ) b D i + j α j , i = d - 1
Finite field multiplier computing thus: W = AB mod p ( x ) = A Σ i = 0 d - 1 B i α D i mod p ( x )
W=([([...([([AB d-1?mod?p(x)]α D+AB d-2)modp(x)]α D+...]α D+AB 1)modp(x)]α D+AB 0)modp(x)
The numerical digit serial multiplier of high priority:
1, beginningization: make W (0)=0
2, when 1≤i≤d
W (i)=(W (i-1)(m:m+D-1)modp(x))α D+W (i-1)(0:m-1)α D+AB d-i
Wherein W ( i ) = Σ j = 0 m + D - 2 w j ( i ) α j , W ( i ) ( 0 : m - 1 ) = Σ j = 0 m - 1 w j ( i ) α j , W ( i ) ( m : m + D - 1 ) = Σ j = m m + D - 1 w j ( i ) α j
3, result: W=W (d)Mod p (x)
Based on above-mentioned multiplication algorithm, the structure of the data path 23 of an elliptic curve password coprocessor of present embodiment design as shown in Figure 3.Wherein, most crucial part is the design of the parallel Galois field multiplier 2312 of grouping in data path logic module (unit) 231 designs in the data path 23, the characteristics of this multiplier 2312 are under the situation that area allows, improve the disposal ability of multiplier 2312 by the mode of the parallel input of dividing into groups, simultaneously because multiplier adopts polynomial basis to represent, improved the autgmentability of multiplier, be fit to VLSI and realize.
On this basis, by multiplier unit is carried out easy configuration, make squarer 2311 after the configuration also have the characteristic identical with multiplier 2312, simultaneously since multiplier 2312 realize on identical hardware circuit with squarer 2311, reduce chip area, improved the utilance of circuit.
Finite field add circuit 2313 and complete zero testing circuit 2314 have also been designed on the data path logic module 231,4 groups of specified registers have been adopted in the data path logic module 231, every group of register width is m (m is the width of finite field), wherein register RA and register RB are used to store two input data of multiplier, and register RC and register RD are used to store two input data of adder.Adopt the purpose of specified register can be expressed as following 2 points: 1) to reduce because the power consumption that the mistake upset of combinational circuit is brought; 2) by improving algorithmic dispatching, can leave the intermediate object program in the computational process in the specified register in as far as possible, and directly in the computing of back, use, reduce owing to intermediate object program being write and reads time and the energy consumption that general-purpose register is brought.This shows,, reduced the number of times of number of instructions and visit general-purpose register by in data path logic module 231, increasing the specified register group.
As shown in Figure 3, squarer 2311 is a numerical digit serial squarer, and it comprises two groups of MUX 23111 or the 4th selector 23111 and register RA 23112 of be arrangeding in parallel and connecting successively respectively; MUX 23113 or the 5th MUX 23113 and register RB 23114, wherein, the input of the 4th MUX 23111 connects the output of MUX 2310 or the 3rd MUX 2310, the output of four input: ADD (output of adder 2313) of the 3rd MUX 2310, the output of register file module 232, MOD P (X) 23123, the output of register RC23132 connect, and register RA 23112 is deposited input data of multiplier 2312; Two inputs of the 5th MUX 23113: be connected with input from register file with P (X) (multiplier generator polynomial) respectively, register RB23114 deposits another input data of multiplier 2312.
Multiplier 2312 is the numerical digit serial multiplier, it comprise the finite state machine 23121 that becomes circuit to connect successively, with an XOR array 23122 and delivery MOD P (X) 23123, wherein, finite state machine 23121 is accepted the limited multiplying order that primary processor 1 is sent here, accept two multiplication data sending from squarer 2311 with an XOR array 23122, delivery MOD P (X) 23123 outputs connect the input of register file 232 and adder 2313, complete zero testing circuit 2314 respectively.
Adder circuit 2313 comprises and becomes MUX 23131 that circuit connects or the 6th MUX 23131, register RC 23132, limited adder 23133 successively that complete zero testing circuit 2314 comprises MUX 23141 or the 7th MUX 23141, register RD23142 and or the array 23143 that becomes circuit to connect successively.Wherein, the 6th with the input of the 7th MUX 23131,23141: be connected the output of delivery MOD P (X) 23123 and be connected respectively with output from register file module 232; Another input of finite field adder 23133 connects the output of register RD.
" GFMUL_rst " signal is the Galois field multiplier reset signal, as the input of finite state machine 23121.
Dot product scheduling scheme about elliptic curve cryptography
At present, Montgomery (Montgomery) some multiplication algorithm is more excellent so far point multiplication operation hardware implementation algorithm, and its basic ideas are as follows:
Make Q 1=(x 1, y 1), Q 2=(x 2, y 2), and Q 1≠ ± Q 2With seasonal Q 1+ Q 2=(x 3, y 3), Q 1-Q 2=(x 4, y 4), then:
x 3=x 4+x 1/(x 1+x 2)+(x 1/(x 1+x 2)) 2
Therefore, Q 1+ Q 2X axial coordinate component can be from 1Q 1, Q 2And Q 1-Q 2X axial coordinate component in obtain, and
Q 1+ Q 2Y axial coordinate component can from its x axial coordinate component, conversion obtain, specific algorithm is expressed as follows:
Input: k 〉=0 and some p=(x, y) ∈ E
Output: Q=kP
1) if but k=0 or x=0, output (0,0) so
2) make k ← (k L-1..., k 1k 0) 2, i=l-2
3) make X 1← x, Z 1← 1, X 2← x 4+ b, Z 2← x 2
4) for 0≤i≤l-2 (i successively decreases)
If k i=1, Madd (X so 1, Z 1, X 2, Z 2), Mdouble (X 2, Z 2)
Otherwise Madd (X 2, Z 2, X 1, Z 1), Mdouble (X 1, Z 1)
5) calculate (Q=Mxy (X 1, Z 1, X 2, Z 2))
The function Madd that uses in the algorithm, Mdouble are respectively that elliptic curve point on the number field of Montgomery adds, times point, and Mxy is the number field transfer function.

Claims (5)

1. elliptic curve password coprocessor is used for the curve public key system cryptographic system that is made of primary processor and coprocessor,
A. this master place a kind of jade device is the master controller that is made of embedded microprocessor, and it comprises dot product controller and communication controler, send the coprocessor extended instruction and carry out exchanges data to coprocessor respectively,
B. this elliptic curve password coprocessor is a hardware control, and mainly by the bus state follower, decoding control circuit and data path constitute, and is provided with the dedicated coprocessor interface and is connected with primary processor via bus, wherein,
The bus state follower contains pipeline follower and the operand state cell that is connected with this pipeline follower, it is accepted the coprocessor extended instruction sent from primary processor and carries out mutual handshake from coprocessor interface inlet flow waterline status signal and with primary processor;
Decoding control circuit receives the command signal from primary processor, its contain command register and after connect coprocessor extended instruction and coprocessor microcode instruction two-stage decoder, and form control signal respectively to bus state follower and data path; It is characterized in that:
Data path comprises into register file and the data-path elements that bidirectional traffic connects, carry out exchanges data by register file and common key cryptosystem memory, described data-path elements comprises: squarer, the parallel Galois field multiplier of grouping that has the parallel input of grouping and adopt polynomial basis to represent, finite field add circuit, complete zero testing circuit, 4 groups of special register RA-RD, every group of register width is m, m is the width of finite field, and the 3rd MUX;
Described squarer is a numerical digit serial squarer, comprises two groups of the 4th MUX and register RA that be arranged in parallel and connect successively respectively; The 5th MUX and register RB, wherein, the input of the 4th MUX connects the output of the 3rd MUX, four input: ADD of the 3rd MUX, be connected with the output of adder, the output of register file module, the output of MOD P (X), the output of register RC, register RA is deposited input data of multiplier; Two inputs of the 5th MUX: be connected with input from register file with P (X)-multiplier generator polynomial respectively, register RB deposits another input data of multiplier;
Described multiplier is the numerical digit serial multiplier, it comprise the finite state machine that becomes circuit to connect successively, with an XOR array and delivery MOD P (X), wherein, finite state machine is accepted the limited multiplying order that primary processor is sent here, accept two multiplication data sending from squarer with an XOR array, delivery MOD P (X) output connects the input of register file and adder, complete zero testing circuit respectively;
Described adder circuit comprises the 6th MUX, register RC, the limited adder that becomes circuit to connect successively;
Described complete zero testing circuit comprise the 7th MUX that becomes circuit to connect successively, register RD and or array, wherein, the input of the 6th and the 7th MUX, the output of connection delivery MOD P (X) is connected respectively with the output from the register file module; Another input of finite field adder connects the output of register RD.
2. elliptic curve password coprocessor according to claim 1 is characterized in that: described primary processor is 32 embedded microprocessors, and develops this elliptic curve password coprocessor based on coprocessor extended instruction and corresponding coprocessor interface.
3. elliptic curve password coprocessor according to claim 1 and 2 is characterized in that: described decoding control circuit comprises first command register, first decoder, pointer set, microcode group, second MUX, second command register and second decoder that becomes circuit to connect successively.
4. elliptic curve password coprocessor according to claim 1 is characterized in that: register RA and register RB are provided with two of multiplier inputs of storage data in described data path.
5. elliptic curve password coprocessor according to claim 1 is characterized in that: register RC and register RD are provided with store the confinement add circuit two input data in described data path.
CNB200510025913XA 2005-05-18 2005-05-18 A novel elliptic curve password coprocessor Expired - Fee Related CN100536390C (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CNB200510025913XA CN100536390C (en) 2005-05-18 2005-05-18 A novel elliptic curve password coprocessor

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CNB200510025913XA CN100536390C (en) 2005-05-18 2005-05-18 A novel elliptic curve password coprocessor

Publications (2)

Publication Number Publication Date
CN1700637A CN1700637A (en) 2005-11-23
CN100536390C true CN100536390C (en) 2009-09-02

Family

ID=35476517

Family Applications (1)

Application Number Title Priority Date Filing Date
CNB200510025913XA Expired - Fee Related CN100536390C (en) 2005-05-18 2005-05-18 A novel elliptic curve password coprocessor

Country Status (1)

Country Link
CN (1) CN100536390C (en)

Families Citing this family (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7602655B2 (en) 2006-01-12 2009-10-13 Mediatek Inc. Embedded system
DE102006014353B4 (en) * 2006-03-28 2007-11-22 Siemens Ag Method for the reliable determination of data
CN101170406B (en) * 2006-10-27 2010-10-06 北京中电华大电子设计有限责任公司 A realization method for calculation coprocessor based on dual core public key password algorithm
CN100428140C (en) * 2007-01-05 2008-10-22 东南大学 Implement method of elliptic curve cipher system coprocessor
CN101547089B (en) * 2008-03-28 2012-07-25 上海爱信诺航芯电子科技有限公司 Method for realizing elliptic curve cryptosystem algorithm over prime field in integrated circuit
CN101826142B (en) * 2010-04-19 2011-11-09 中国人民解放军信息工程大学 Reconfigurable elliptic curve cipher processor
CN102043916B (en) * 2010-12-01 2012-10-03 戴葵 High-performance extensible public key password coprocessor structure
CN102156836A (en) * 2011-04-25 2011-08-17 天津大学 Elliptic curve cipher processor
CN102307090B (en) * 2011-06-21 2014-04-02 西安电子科技大学 Elliptic curve password coprocessor based on optimal normal basis of II-type
CN103023659B (en) * 2013-01-08 2015-06-10 武汉大学 ECC (elliptic curve cryptosystem) encryption hardware device with expandable parameter bit width
CN104267926B (en) * 2014-09-29 2018-03-09 北京宏思电子技术有限责任公司 The method and apparatus for obtaining elliptic curve cipher data
US10320565B2 (en) * 2017-02-28 2019-06-11 Certicom Corp. Generating an elliptic curve point in an elliptic curve cryptographic system
CN108667623B (en) * 2018-05-28 2021-10-19 广东工业大学 SM2 elliptic curve signature verification algorithm

Non-Patent Citations (4)

* Cited by examiner, † Cited by third party
Title
一种新型硬件可配置公钥制密码协处理器的VLSI实现. 陈超,曾晓洋,章倩苓.通信学报,第26卷第1期. 2005
一种新型硬件可配置公钥制密码协处理器的VLSI实现. 陈超,曾晓洋,章倩苓.通信学报,第26卷第1期. 2005 *
可重构的椭圆曲线密码系统及其VLSI设计. 曾晓洋,顾震宇,周晓方,章倩苓.小型微型计算机系统,第25卷第7期. 2004
可重构的椭圆曲线密码系统及其VLSI设计. 曾晓洋,顾震宇,周晓方,章倩苓.小型微型计算机系统,第25卷第7期. 2004 *

Also Published As

Publication number Publication date
CN1700637A (en) 2005-11-23

Similar Documents

Publication Publication Date Title
CN100536390C (en) A novel elliptic curve password coprocessor
EP1711887B1 (en) Protection against power analysis attacks
CN100470464C (en) Multiplier based on improved Montgomey's algorithm
CN106100844B (en) Optimized automatic bilinear pairing encryption method and device based on point blinding method
CN105335331B (en) A kind of SHA256 realization method and systems based on extensive coarseness reconfigurable processor
CN105912501A (en) SM4-128 encryption algorithm implementation method and system based on large-scale coarseness reconfigurable processor
CN104579656A (en) Hardware acceleration coprocessor for elliptic curve public key cryptosystem SM2 algorithm
CN103903047B (en) Elliptic curve encryption coprocessor suitable for RFID security communication
CN112202547B (en) Lightweight block cipher GFCS (generic fragment signature Circuit) implementation method and device and readable storage medium
CN100428140C (en) Implement method of elliptic curve cipher system coprocessor
CN100583757C (en) ECC/RSA encryption/decryption coprocessor
CN103761068A (en) Optimized Montgomery modular multiplication method, optimized modular square method and optimized modular multiplication hardware
CN110059493B (en) SKINNY-128-128 encryption algorithm implementation method and system based on coarse-grained reconfigurable computing unit
CN101021777B (en) Efficient mod operation based on divisor (2n-1)
WO2023160399A1 (en) Accelerator, acceleration method, and electronic device
Tan et al. An energy-efficient ECC processor of UHF RFID tag for banknote anti-counterfeiting
CN109144472B (en) Scalar multiplication of binary extended field elliptic curve and implementation circuit thereof
CN106021171A (en) An SM4-128 secret key extension realization method and system based on a large-scale coarseness reconfigurable processor
CN101183945A (en) Bypass operator based elliptical curve anti-bypass attack method
JP2004054128A (en) Encrypting system
Park et al. A survey of polynomial multiplication with RSA-ECC coprocessors and implementations of NIST PQC round3 kem algorithms in Exynos2100
CN101819519B (en) Multifunctional digital signing circuit
Kiningham et al. Cipher Implementation for CESEL
Bouesse et al. Asynchronous AES crypto-processor including secured and optimized blocks
Azzouzi et al. Novel area-efficient and flexible architectures for optimal Ate pairing on FPGA

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20090902

Termination date: 20190518