CN101378321B - Safety processing method and apparatus - Google Patents

Safety processing method and apparatus Download PDF

Info

Publication number
CN101378321B
CN101378321B CN2008102233693A CN200810223369A CN101378321B CN 101378321 B CN101378321 B CN 101378321B CN 2008102233693 A CN2008102233693 A CN 2008102233693A CN 200810223369 A CN200810223369 A CN 200810223369A CN 101378321 B CN101378321 B CN 101378321B
Authority
CN
China
Prior art keywords
parameter
value
subelement
elliptic curve
determined
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN2008102233693A
Other languages
Chinese (zh)
Other versions
CN101378321A (en
Inventor
王兴军
陈晨
雷大明
闫峰冰
胡坚珉
梅红兵
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
BEIJING UNITEND TECHNOLOGIES Inc
Original Assignee
BEIJING UNITEND TECHNOLOGIES Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by BEIJING UNITEND TECHNOLOGIES Inc filed Critical BEIJING UNITEND TECHNOLOGIES Inc
Priority to CN2008102233693A priority Critical patent/CN101378321B/en
Publication of CN101378321A publication Critical patent/CN101378321A/en
Application granted granted Critical
Publication of CN101378321B publication Critical patent/CN101378321B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Abstract

The invention provides a method for safe processing and a device, wherein, the method comprises the steps: A. in the limited area of an elliptical curve, a prime number which meets a polynomial as the formula is determined as a parameter p, wherein, h is the processing digit of a safe processing system, hm meets the encryption digit requirement of safe processing, m is more than n, simultaneously, m, n, and k are all integral numbers, ak belongs to the set comprising -1, 0, and 1; B. the parameters of a and b in the elliptical curve y<2> = x<3>+ax+bmod p are determined by the determined parameter p; and C. data safe processing is carried out by utilizing the determined elliptical curve. By adopting the method and the device provided by the invention, the elliptical curve meeting the requirements of encryption digit and safety can be obtained, the efficiency is improved, the occupied system resource is reduced, and the safe processing based on the elliptical curve parameters can be more effective.

Description

A kind of method and apparatus of safe handling
Technical field
The present invention relates to network security technology, particularly a kind of method and apparatus of password authentification.
Background technology
Along with the continuous development of network technology, how to improve internet security and become the problem of more and more paying close attention to, various key algorithms arise at the historic moment.Key algorithm mainly is divided into: symmetry algorithm (symmetric algorithm) and public key algorithm (public-key algorithm), in public key algorithm, using at present is the higher algorithm based on the elliptic curve parameter of fail safe more widely, promptly all carry out based on elliptic curve such as the safe handling modes such as checking of encrypting and decrypting, digital signature, the elliptic curve parameter chooses for guaranteeing the safe and efficient extremely important of password authentification processing in this algorithm.
Elliptic curve form on the finite field that adopts in the algorithm based on the elliptic curve parameter is: y 2=x 3+ ax+b mod p, wherein, choosing of parameter mainly is choosing at parameter p, a and b.The selection of parameter method of prior art is mainly: picked at random satisfies the value of the prime number of encryption figure place requirement as parameter p, choosing on the basis of parameter p and be that picked at random makes elliptic curve satisfy the value of the parameter b of security requirement under-3 the prerequisite in fixing parameter a value.Because the value of parameter p is a picked at random in this algorithm, therefore, be merely able to use division arithmetic when in subsequent treatment, parameter p being carried out modulo operation, obviously take very much the resource of safe processing system, and efficient is all lower on software still is the realization of hardware.
Summary of the invention
In view of this, the embodiment of the invention provides a kind of method and apparatus of safe handling, so that make more efficient based on the safe handling process of elliptic curve parameter.
A kind of method of safe handling, this method comprises:
A, in the finite field of elliptic curve, determine to satisfy multinomial Prime number as the value of parameter p, wherein, h is the processing figure place of safe processing system, hm satisfies the encryption figure place requirement of safe handling, m>n, and m, n and k be integer, a k∈ 1,0,1};
B1, determine that the value of parameter a is-3, and integer of picked at random is as the value of parameter b;
The value of parameter a, parameter b and parameter p that B2, utilization are determined is to the Elliptic Curve y of correspondence 2=x 3+ ax+bmodp carries out fail safe and detects, and judges whether to detect by fail safe, if, execution in step B4 then, otherwise, execution in step B3;
B3, choose the value of another one integer, go to execution in step B2 as parameter b;
The value of elliptic curve parameter a, parameter b and parameter p that B4, storage are determined;
The value of elliptic curve parameter a, parameter b and parameter p that C, utilization are determined is carried out data safe processing.
A kind of device of safe handling, this device comprises:
The first parameter determining unit is used for determining to satisfy multinomial in the finite field of elliptic curve
Figure DEST_PATH_GSB00000379672300012
Prime number as the value of parameter p, wherein, h is the processing figure place of safe processing system, hm satisfies the encryption figure place requirement of safe handling, m>n, and m, n and k be integer, a k∈ 1,0,1};
Comprise the 3rd parameter and determine the second parameter determining unit of subelement and safety detection subelement, wherein,
Described the 3rd parameter is determined subelement, be used for determining that the value of parameter a is-3, and integer of picked at random is as the value of parameter b; After receiving the gravity treatment notice, choose the value of another integer as parameter b;
Described safety detection subelement is used to utilize described first parameter determining unit and the 3rd parameter to determine the Elliptic Curve y of the value of parameter a, parameter b and parameter p that subelement is determined to correspondence 2=x 3+ ax+bmodp carries out fail safe and detects, and judges whether to detect by fail safe, if then the value with parameter a, parameter b and the parameter p determined sends to parameter storage unit, otherwise, send the gravity treatment notice to described the 3rd selection of parameter subelement;
Parameter storage unit is used to store the value of parameter a, parameter b and parameter p that described safety detection subelement sends;
Secure processing units is used for getting parms the value of a, parameter b and parameter p to carry out data safe processing from described parameter storage unit.
As can be seen from the above technical solutions, in method and apparatus provided by the invention, in the finite field of elliptic curve, determine to satisfy multinomial
Figure GSB00000306618300031
Prime number as the value of parameter p, wherein, h is the processing figure place of safe processing system, hm satisfies the encryption figure place requirement of safe handling, m>n, and m, n and k be integer, a k∈ 1,0,1}; Utilize the value of the parameter p of determining to determine Elliptic Curve y 2=x 3The parameter a among the+ax+b mod p and the value of parameter b; The elliptic curve parameter that utilization is determined is carried out data safe processing.Adopt method and apparatus provided by the invention to get access to and satisfy the elliptic curve parameter of encrypting figure place requirement and security requirement, and the mode of choosing of elliptic curve parameter p can make only just can be finished by displacement and signed magnitude arithmetic(al) the modulo operation of parameter p, thereby improved efficient, reduced the system resource that takies, made more efficient based on the safe handling process of elliptic curve parameter.
Description of drawings
The method flow diagram that Fig. 1 provides for the embodiment of the invention;
The structure drawing of device that Fig. 2 provides for the embodiment of the invention;
The application system figure that Fig. 3 provides for the embodiment of the invention
The Another application system diagram that Fig. 4 provides for the embodiment of the invention.
Embodiment
In order to make the purpose, technical solutions and advantages of the present invention clearer, describe the present invention below in conjunction with the drawings and specific embodiments.
Method provided by the invention mainly comprises: determine to satisfy in the finite field of elliptic curve
Figure GSB00000306618300041
Prime number as the value of parameter p; Wherein, h is the processing figure place of safe processing system, and hm satisfies safety system and encrypts the figure place requirement, m>n, and m and n be integer, a k∈ 1,0,1}; Utilize the parameter p of determining to determine other elliptic curve parameter, and utilize the elliptic curve parameter of determining to carry out data safe processing.
Below in conjunction with specific embodiment said method is described in detail, the method flow diagram that Fig. 1 provides for the embodiment of the invention, as shown in Figure 1, this method can may further comprise the steps:
Step 101: require and system processing power according to encrypting figure place, determine to satisfy
Figure GSB00000306618300042
Prime number as the value of parameter p, wherein, m>n, and m and n be integer, a k∈ 1,0,1}.
Among this embodiment, the disposal ability of system be with 32 be the description that example is carried out, every in the above-mentioned equation is 2 32Integer power, this software and hardware that helps computing on elliptic curve is realized, because the disposal ability of system all is 32, the disposal ability that is software and hardware all is 32, therefore, in this case, follow-up modulo operation for parameter p only needs addition and subtraction and shift operation just can finish, quicken processing speed, also saved the resource that takies.Carry out following simple analysis at this:
With p=2 256-2 224-2 96+ 2 64-1 is example, the modulo operation that this p is carried out.
Definition operational criterion (x k, x K-1..., x K-n)=x k(2 32) n+ x K-1(2 32) N-1+ ... + x K-n, be that one 512 number is an example with x, according to the criterion of above-mentioned definition, this x of 512 can be expressed as x=(x 15, x 14..., x 1, x 0)=x 15* (2 32) 15+ x 14* (2 32) 14+ ... + x 1* 2 32+ x 0, x wherein kWord length be 32.
Then x mod p computing exists following fast algorithm:
Because p=2 256-2 224-2 96+ 2 64Had 2 at-1 o'clock 256=(2 224+ 2 96-2 64+ 1) mod p, therefore
x?mod?p=[(x 7,x 6,x 5,x 4,x 3,x 2,x 1,x 0)+2 256×(x 15,x 14,x 13,x 12,x 11,x 10,x 9,x 8)]mod?p=[(x 7,x 6,x 5,x 4,x 3,x 2,x 1,x 0)+(2 224+2 96-2 64+1)(x 15,x 14,x 13,x 12,x 11,x 10,x 9,x 8)]mod?p={(x 7,x 6,x 5,x 4,x 3,x 2,x 1,x 0)+(x 15,x 14,x 13,x 12,x 11,x 10,x 9,x 8)-(x 13,x 12,x 11,x 10,x 9,x 8,0,0)+(x 12,x 11,x 10,x 9,x 8,0,0,0)+(x 8,0,0,0,0,0,0,0)+2 256×[(0,x 15,x 14,x 13,x 12,x 11,x 10,x 9)+(0,0,0,0,0,x 15,x 14,x 13)-(0,0,0,0,0,0,x 15,x 14)]}mod?p
Further, 2 256Can be with 2 256=(2 224+ 2 96-2 64+ 1) mod p continues replacement, and follow-up computing no longer continues to give unnecessary details, and when as seen having adopted mode provided by the invention to determine parameter p thus, modulo operation only just can be finished by displacement and signed magnitude arithmetic(al).
In definite process of parameter p, specifically choosing and encrypting figure place and require relevantly of m value requires to be the Q position if encrypt figure place, then needs to guarantee 32m=Q, and, because second in the above-mentioned equation is 2 32 (m-n)Coefficient be-1, this just can guarantee that the length of parameter p is 32m, thereby guarantee to encrypt the figure place requirement.
More preferably, when determining parameter p, except the condition that satisfies above-mentioned equation, Hamming weight minimum during the Hamming that can also further make it to satisfy this parameter p is represented is about to satisfy the value of the parameter p that the conduct of the Hamming weight minimum that its Hamming is represented in each parameter p of above-mentioned equation determines.Wherein, the Hamming of parameter p is expressed as:, for example, if the value of p gets 2 256-2 224+ 2 192+ 2 96-1, then its Hamming is expressed as (1,1,1,0,0,1,0,0,1), wherein each be worth in the corresponding multinomial this whether be nonzero term, 1 is represented as nonzero term, 0 is represented as zero.The Hamming weight that this Hamming is represented is 5, promptly is somebody's turn to do the number of nonzero term in the multinomial of representing p.Get the value of the value of Hamming weight minimum, can reduce follow-up shift count when carrying out modulo operation as much as possible as parameter p.
Step 102: the value of getting parameter a is-3, and integer of picked at random is as the value of parameter b.
According to experience in the past, the value of getting parameter a can be so that there be fast algorithm in the point doubling on the elliptic curve for-3, and this of parameter a kind of selection has been a prior art, at this, no longer the selection of parameter a is discussed in detail.
Step 103: utilize parameter a, parameter b and the definite parameter p chosen that the elliptic curve that obtains is carried out fail safe and detect, and judge whether to detect by fail safe, if then execution in step 105, otherwise, execution in step 104.
In above-mentioned steps, determined parameter p, and chosen parameter a and parameter b that at this moment, these parameters are just corresponding elliptic curve carries out fail safe with this elliptic curve and detects to determine whether this elliptic curve meets security requirement.Whether the fail safe detection to elliptic curve is exactly to detect elliptic curve to meet the following conditions:
1) this elliptic curve is not unusual elliptic curve;
2) this elliptic curve is not an anomalous curve;
3) this elliptic curve is not lopsided curve, that is to say, the some number (be expressed as #E) of this elliptic curve on finite field is unequal with the value of parameter p, attacks otherwise can not resist Smart.
4) this elliptic curve is not super unusual elliptic curve;
5) the aliquant p of #E q-1, wherein, 1≤q≤20, and q is an integer;
6) prime factor of #E is greater than 2 160, and greater than
Figure GSB00000306618300061
Thereby guarantee to resist the attack of Pollard ρ method.
The elliptic curve that satisfies above condition can think to meet the elliptic curve of security requirement, and it has been the technology of comparative maturity in the prior art that the fail safe of elliptic curve detects, and therefore, also repeats no more at this.
Step 104: the value of the parameter b chosen is added the value of 1 back as new parameter b, go to execution in step 103.
If in step 103, elliptic curve detects by fail safe, then can choose the value of a new value as parameter b around the parameter b of choosing, and the new elliptic curve of correspondence is carried out fail safe detect.Except the value of the parameter b that will choose adds 1, also the value of the parameter b chosen can be subtracted 1 value as new parameter b.In addition, in this step, also again value of picked at random as the value of parameter b.But the picked at random of comparing, with the value of parameter b add 1 or subtract after 1 value as the value of new parameter b to choose mode more efficient.
Step 105: the value of parameter a, parameter b and parameter p that storage is chosen, to be used for the application of follow-up safe handlings such as encryption and decryption processing, digital signature authentication processing or authentication processing.
After step 105, system has selected one group of elliptic curve parameter that satisfies security requirement, and system can process ends; Because the parameter p of determining in the step 101 may be a plurality of, also can continue in the basic enterprising line parameter a of other parameter p and choosing of parameter b; In addition, on the basis of a parameter p, corresponding parameter a that meets the demands and parameter b also may exist a plurality of, therefore, also can continue to go to step 102 or step 104 is carried out further selection of parameter.
Require with 256 encryption figure place below and system processing power to be 32 be example, said process is described for example.
Require 256 of positions owing to encrypt figure place, and system processing power is 32, therefore, can determines that the m value is:
Figure GSB00000306618300071
The n value can be arbitrarily less than the integer value of m in the equation described in the step 101, and at this, choosing n is 1.At this moment, can according to
Figure GSB00000306618300072
A wherein k{ 1,0,1} chooses ∈, and therefrom chooses the value of the prime number value of the Hamming weight minimum that Hamming represents as parameter p.According to this method, there are two in the value of the parameter p that finally meets the demands: p=2 256-2 224+ 2 192+ 2 96-1 and p=2 256-2 224-2 96+ 2 64-1.
The value of further choosing parameter a on the basis of the parameter p of choosing is-3, and integer of picked at random is as the value of parameter b, then the elliptic curve that obtains being carried out fail safe detects, promptly carry out according to step 102 in the flow process shown in Figure 1 to the described operation of step 105, finally can obtain many group parameter values, enumerate several groups at this.Need to prove the #E in the following parameter, G xAnd G yAll be on the basis of parameter p, parameter a and the parameter b determined, to get, wherein, G xAnd G yBe respectively horizontal stroke, the ordinate value of the basic point on the corresponding elliptic curve, #E, G xAnd G yComputational methods be prior art, do not repeat them here.
Work as p=2 256-2 224-2 96+ 2 64-1 o'clock, the elliptic curve parameter that we choose can be following several groups:
p=115792089210356248756420345214020892766250353991924191454421193933289684991999
a=-3
b=62148697711494225890670819214606983410203336937531108316279262101408615441021
#E=115792089210356248756420345214020892766586961072552897551656756075618900407137
G x=90150180924342647790750288240744553775029541059704552657351444941562691379423
G y=85704740710572492387764853628292639699112535949245443428371871029450182923972
p=115792089210356248756420345214020892766250353991924191454421193933289684991999
a=-3
b=93469559495587287444789581298551360895116744317324091400888664318241005538868
#E=115792089210356248756420345214020892765686754506447415350799819999715725159131
G x=85757383017772612969782507429874252553704333635160328385886132040311954803134
G y=92170989630638550563097604593449294025489832167290985164508454670388820761112
p=115792089210356248756420345214020892766250353991924191454421193933289684991999
a=-3
b=8998332042364153575337358373807830526760167031476510446040482527160265997156
#E=115792089210356248756420345214020892766614775051908157136101097434689505646099
G x=61112240065385634179670615558906495955523319133743960811377170190862583609922
G y=105995965558166045091836999291500142884959377069604204901600760453755993756384
p=115792089210356248756420345214020892766250353991924191454421193933289684991999
a=-3
b=40319193826457215129456120457752208011673574411269493530649884743992656094542
#E=115792089210356248756420345214020892766212830436916773612131468495287048051349
G x=4726662658208973393268585229408980871732397873560684451748261553567658246742
G y=111448915448966333129032900838505556194682206910935932078041957844355893985580
p=115792089210356248756420345214020892766250353991924191454421193933289684991999
a=-3
b=71640055610550276683574882541696585496586981791062476615259286960825046193023
#E=115792089210356248756420345214020892766503333385906536064152590988844290767511
G x=79100669128038990215717705122435275106896485099559482383723013293363308332303
G y=1348259460503904960285509601872161344965366082738629399360734635398402020140
p=115792089210356248756420345214020892766250353991924191454421193933289684991999
a=-3
b=102960917394643338237693644625640962981500389170855459699868?689177657436290198
#E=115792089210356248756420345214020892766084401374970251279270662117337817911483
G x=81695500457571986963013265788160149703094545340747851055773285725159788098365
G y=71955392163809874706547068756317182236715487114502243908418291379435304405380
p=115792089210356248756420345214020892766250353991924191454421193933289684991999
a=-3
b=18489689941420204368241421700897432613143811885007878745020507386576696749736
#E=115792089210356248756420345214020892766222933306354881707312363823511507927469
G x=67134630147762612959728495718457344312267068242611025377021915149081883772756
G y=91132882667282454912682238421530748743164368535842684897777563504136038289748
p=115792089210356248756420345214020892766250353991924191454421193933289684991999
a=-3
b=49810551725513265922360183784841810098057219264800861829629909603409086846204
#E=115792089210356248756420345214020892765669903697194503425100413006455082155737
G x=101661859670472652361535601547246421746902387671658406194347123916048941686180
G y=46394182724907460408641588822826241743845515005453559282609500645542343140236
Work as p=2 256-2 224+ 2 192+ 2 96-1 o'clock, the elliptic curve parameter that we choose can be:
p=115792089210356248762697446949407573530086143415290314195533631308867097853951
a=-3
b=62148697711494225890670819214606983410203336937531108316279262101408615441488
#E=115792089210356248762697446949407573530297753646123853618424884315889978215497
G x=29228980221929098506224220471102024821619128167421919689628877610908402650679
G y=110802172795301017213387446639134051301675617763924293646591211193869147579430
p=115792089210356248762697446949407573530086143415290314195533631308867097853951
a=-3
b=93469559495587287444789581298551360895116744317324091400888664318241005539228
#E=115792089210356248762697446949407573530411263594470720541127676614245247239099
G x=96016753007042803511730586949686347251628744401858686115411038818431013835510
G y=11206776493290233388367329037620233992254568702133952468632229215588603225632
p=11579208921035624876269744694940757353008614341529031419553?3631308867097853951
a=-3
b=8998332042364153575337358373807830526760167031476510446040482527160265996713
#E=115792089210356248762697446949407573530304343635415117555606614100682374823421
G x=2093479961856164743429327729884521699518124804063126081942904095497486781689
G y=879898496106619088070359240927321106027245653682687782799290368735624133548
p=115792089210356248762697446949407573530086143415290314195533631308867097853951
a=-3
b=40319193826457215129456120457752208011673574411269493530649884743992656094647
#E=115792089210356248762697446949407573529852763915810427836528657985747475327707
G x=20170526057273077806392706069727317140544267161463891660993636405865492397414
G y=58376576542545060471950803148659109007415952864596546998720219468516365937330
p=115792089210356248762697446949407573530086143415290314195533631308867097853951
a=-3
b=71640055610550276683574882541696585496586981791062476615259286960825046192900
#E=1157920892103562487626974469494075735302782440666302680448?36950598887242797029
G x=104464939538175521160742528702222727983856254572911970028463297942562989413865
G y=41571967263163112873390245640895162451034274154715647533154405775494050000162
p=115792089210356248762697446949407573530086143415290314195533631308867097853951
a=-3
b=102960917394643338237693644625640962981500389170855459699868689177657436291010
#E=115792089210356248762697446949407573530235262124232599715685225316166656224233
G x=60324055842611589035324258032719970255959019661932612194050338358652486818255
G y=59789957327665548569469896777434623465035462094078504862924896631339070976960
As can be seen, adopt method provided by the invention to get access to and satisfy the elliptic curve parameter of encrypting figure place requirement and security requirement, and confirm that through overtesting the efficient that adopts method provided by the present invention to obtain the elliptic curve parameter is higher, occupying system resources still less.
More than be the description that method provided by the present invention is carried out, the device to safe handling provided by the invention is described in detail below.The structure drawing of device that Fig. 2 provides for the embodiment of the invention, as shown in Figure 2, this device can comprise: the first parameter determining unit 200, the second parameter determining unit 210 and secure processing units 220.
The first parameter determining unit 200 is used for determining to satisfy multinomial in the finite field of elliptic curve
Figure GSB00000306618300131
Prime number as the value of parameter p, wherein, h is the processing figure place of safe processing system, hm satisfies the encryption figure place requirement of safe handling, m>n, and m, n and k be integer, a k∈ 1,0,1}.
The second parameter determining unit 210, the parameter p that is used to utilize the first parameter determining unit 200 to determine is determined Elliptic Curve y 2=x 3The parameter a among the+ax+b mod p and the value of parameter b.
Secure processing units 220 is used to utilize the value of elliptic curve parameter a, parameter b and parameter p that the first parameter determining unit 200 and the second parameter determining unit 210 determine to carry out data safe processing.
Wherein, the first parameter determining unit 200 specifically can comprise: first parameter determines that the subelement 201 and second parameter determine subelement 202.
First parameter is determined subelement 201, is used to determine to satisfy multinomial
Figure GSB00000306618300141
Prime number.
Second parameter is determined subelement 202, is used for determining that in first parameter prime numbers that subelement 201 is determined select to make the value of the minimum prime number of nonzero term in the multinomial as the parameter p of determining.
The second parameter determining unit 210 in this device can specifically comprise: the 3rd parameter is determined subelement 211 and safety detection subelement 212.
The 3rd parameter is determined subelement 211, be used for determining that the value of parameter a is-3, and integer of picked at random is as the value of parameter b; After receiving the gravity treatment notice, choose the value of another integer as parameter b.
Safety detection subelement 212, being used to utilize value that the first parameter determining unit 200 and the 3rd parameter determine parameter a, parameter b and parameter p that subelement 211 is determined that the elliptic curve of correspondence is carried out fail safe detects, and judge whether to detect by fail safe, if, then the value with definite parameter a, parameter b and parameter p sends to parameter storage unit 230, otherwise, send the gravity treatment notice to the 3rd selection of parameter subelement 211.
Above-mentioned the 3rd parameter is determined subelement 211 when choosing the another one integer as parameter b, can picked at random another one integer as parameter b, perhaps, the value of parameter b is added 1 or subtract 1 and handle the value of back as parameter current b.
In addition, when safety detection subelement 212 sends to parameter storage unit 230 in the value of parameter a, parameter b and the parameter p that will determine, can also further send the gravity treatment notice, proceed choosing of other group parameter to the 3rd selection of parameter subelement 211.
This device can also comprise: parameter storage unit 230 is used for the value of parameter a, parameter b and parameter p that the storage security detection sub-unit sends.
Secure processing units 220 is used for getting parms a, parameter b and parameter p to carry out the operation of data safe processing from parameter storing sub-units 213.
In addition, secure processing units 220 can specifically comprise: encrypt a kind of or combination in any in subelement, deciphering subelement, digital signature authentication subelement and the data authentication subelement.
Fig. 3 and Fig. 4 are two application system figure that the embodiment of the invention provides, as shown in Figure 3, the elliptic curve parameter of utilizing method and apparatus of the present invention to determine can be stored in the drawings the device 1 and the elliptic curve parameter register of device 2, this elliptic curve parameter register is equivalent to the parameter storage unit 230 in the device shown in Figure 2, the device 1 and install 2 between when carrying out transfer of data, can from the elliptic curve parameter register, obtain one group of identical elliptic curve parameter and be used to carry out the encryption and decryption processing of data, suppose to transmit data to device 2 from installing 1, then install 1 controller and from the elliptic curve parameter register, obtain one group of elliptic curve parameter, and control encrypting module and carry out the encryption of data based on this group elliptic curve parameter, data encrypted is transferred to device 2; Install 2 middle controllers and from the elliptic curve parameter register, obtain same group elliptic curve parameter, and the control deciphering module is decrypted the data that receive based on this group elliptic curve parameter.Vice versa, repeats no more from the transfer of data of installing 2 auto levelizers 1.Can store the available elliptic curve parameter of many groups in the elliptic curve parameter register, in use, as long as the device that guarantees two ends is based on identical elliptic curve parameter, certainly, also can only store same group of elliptic curve parameter in the elliptic curve parameter register at two ends, the device at two ends only carries out encryption and decryption based on this group elliptic curve parameter to be handled.
Fig. 4 is the system diagram that carries out digital signature authentication, as shown in Figure 4, the elliptic curve parameter that method and apparatus of the present invention is determined can be stored in the drawings the device 1 and the elliptic curve parameter register of device 2, and this elliptic curve parameter register is equivalent to the parameter storage unit 230 in the device shown in Figure 2.Suppose device 1 is a signer, and device 2 be an authentication, and the controller in the device 1 obtains one group of elliptic curve parameter from the elliptic curve parameter register, and the control signature blocks sends to device 2 after based on this group elliptic curve parameter formation digital signature; Controller in the device 2 obtains same group of elliptic curve parameter from the elliptic curve parameter register, and the control authentication module is verified the digital signature that receives based on this group elliptic curve parameter.Equally, can store the available elliptic curve parameter of many groups in the elliptic curve parameter register, in use, as long as the device that guarantees two ends is based on identical elliptic curve parameter, certainly, also can only store same group of elliptic curve parameter in the elliptic curve parameter register at two ends, the device at two ends only forms signature and certifying signature based on this group elliptic curve parameter.
By above description as can be seen, in method and apparatus provided by the invention, in the finite field of elliptic curve, determine to satisfy multinomial
Figure GSB00000306618300161
Prime number as the value of parameter p, wherein, h is the processing figure place of safe processing system, hm satisfies the encryption figure place requirement of safe handling, m>n, and m, n and k be integer, a k∈ 1,0,1}; Utilize the parameter p of determining to determine Elliptic Curve y 2=x 3The parameter a among the+ax+b mod p and the value of parameter b; The elliptic curve parameter that utilization is determined is carried out data safe processing.Adopt method and apparatus provided by the invention to get access to and satisfy the elliptic curve parameter of encrypting figure place requirement and security requirement, and the mode of choosing of elliptic curve parameter p can make only just can be finished by displacement and signed magnitude arithmetic(al) the modulo operation of parameter p, thereby improved efficient, reduced the system resource that takies, made more efficient based on the safe handling process of elliptic curve parameter.
The above only is preferred embodiment of the present invention, and is in order to restriction the present invention, within the spirit and principles in the present invention not all, any modification of being made, is equal to replacement, improvement etc., all should be included within the scope of protection of the invention.

Claims (7)

1. the method for a safe handling is characterized in that, this method comprises:
A, in the finite field of elliptic curve, determine to satisfy multinomial
Figure FSB00000541604200011
Prime number as the value of parameter p, wherein, h is the processing figure place of safe processing system, hm satisfies the encryption figure place requirement of safe handling, m>n, and m, n and k be integer, a k∈ 1,0,1};
B1, determine that the value of parameter a is-3, and integer of picked at random is as the value of parameter b;
The value of parameter a, parameter b and parameter p that B2, utilization are determined is to the Elliptic Curve y of correspondence 2=x 3+ ax+b mod p carries out fail safe and detects, and judges whether to detect by fail safe, if, execution in step B4 then, otherwise, execution in step B3;
B3, choose the value of another one integer, go to execution in step B2 as parameter b;
The value of elliptic curve parameter a, parameter b and parameter p that B4, storage are determined;
The value of elliptic curve parameter a, parameter b and parameter p that C, utilization are determined is carried out data safe processing.
2. method according to claim 1 is characterized in that, determines to satisfy multinomial described in the steps A
Figure FSB00000541604200012
Prime number comprise as the value of parameter p: determining to satisfy multinomial
Figure FSB00000541604200013
Prime number in, select to make the value of the minimum prime number of nonzero term in the described multinomial as the parameter p of determining.
3. method according to claim 1 is characterized in that, chooses the another one integer described in the step B3 and specifically comprises as parameter b: picked at random another one integer is as the value of parameter b; Perhaps, the value of parameter b is added 1 or subtract 1 and handle the value of back as parameter current b.
4. method according to claim 1 is characterized in that, described data safe processing specifically comprises: data encrypting and deciphering processing, digital signature authentication processing or data authentication are handled.
5. the device of a safe handling is characterized in that, this device comprises:
The first parameter determining unit is used for determining to satisfy multinomial in the finite field of elliptic curve
Figure FSB00000541604200021
Prime number as the value of parameter p, wherein, h is the processing figure place of safe processing system, hm satisfies the encryption figure place requirement of safe handling, m>n, and m, n and k be integer, a k∈ 1,0,1};
Comprise the 3rd parameter and determine the second parameter determining unit of subelement and safety detection subelement, wherein,
Described the 3rd parameter is determined subelement, be used for determining that the value of parameter a is-3, and integer of picked at random is as the value of parameter b; After receiving the gravity treatment notice, choose the value of another integer as parameter b;
Described safety detection subelement is used to utilize described first parameter determining unit and the 3rd parameter to determine the Elliptic Curve y of the value of parameter a, parameter b and parameter p that subelement is determined to correspondence 2=x 3+ ax+b mod p carries out fail safe and detects, and judges whether to detect by fail safe, if then the value with parameter a, parameter b and the parameter p determined sends to parameter storage unit, otherwise, send the gravity treatment notice to described the 3rd selection of parameter subelement;
Parameter storage unit is used to store the value of parameter a, parameter b and parameter p that described safety detection subelement sends;
Secure processing units is used for getting parms the value of a, parameter b and parameter p to carry out data safe processing from described parameter storage unit.
6. device according to claim 5 is characterized in that, the described first parameter determining unit comprises:
First parameter is determined subelement, is used to determine to satisfy described multinomial
Figure FSB00000541604200022
Prime number;
Second parameter is determined subelement, is used for determining that in described first parameter prime number that subelement is determined selects to make the value of the minimum prime number of nonzero term in the described multinomial as the parameter p of determining.
7. device according to claim 5 is characterized in that, described secure processing units comprises: encrypt a kind of or combination in any in subelement, deciphering subelement, digital signature authentication subelement and the data authentication subelement.
CN2008102233693A 2008-09-26 2008-09-26 Safety processing method and apparatus Active CN101378321B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN2008102233693A CN101378321B (en) 2008-09-26 2008-09-26 Safety processing method and apparatus

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN2008102233693A CN101378321B (en) 2008-09-26 2008-09-26 Safety processing method and apparatus

Publications (2)

Publication Number Publication Date
CN101378321A CN101378321A (en) 2009-03-04
CN101378321B true CN101378321B (en) 2011-09-28

Family

ID=40421682

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2008102233693A Active CN101378321B (en) 2008-09-26 2008-09-26 Safety processing method and apparatus

Country Status (1)

Country Link
CN (1) CN101378321B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102546162A (en) * 2010-12-29 2012-07-04 北京数字太和科技有限责任公司 Data safety processing method
CN107181587A (en) * 2017-07-17 2017-09-19 合肥左成传媒科技有限公司 A kind of information encryption system

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1297635A (en) * 1998-02-18 2001-05-30 西门子公司 Elliptic curve cryptographic process and device for computer
CN1885767A (en) * 2006-07-12 2006-12-27 北京华大信安科技有限公司 Safety efficient elliptic curve encryption/decryption parameter

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1297635A (en) * 1998-02-18 2001-05-30 西门子公司 Elliptic curve cryptographic process and device for computer
CN1885767A (en) * 2006-07-12 2006-12-27 北京华大信安科技有限公司 Safety efficient elliptic curve encryption/decryption parameter

Also Published As

Publication number Publication date
CN101378321A (en) 2009-03-04

Similar Documents

Publication Publication Date Title
CN108683493B (en) Data aggregation method for providing privacy protection in smart power grid
CN104509024B (en) For the method and system for being randomized input homomorphism
US10027481B2 (en) Management of cryptographic keys
US8422671B2 (en) Methods of encryption and decryption using operand ordering and encryption systems using the same
CN105099672A (en) Hybrid encryption method and device for realizing the same
EP2180631A1 (en) Cryptographic algorithm fault protections
WO2003036856A1 (en) Method and system for secure key exchange
CN102761415A (en) System for generating, verifying and mixing digital signatures of p-element domain SM2 elliptic curves
Alkady et al. A new security protocol using hybrid cryptography algorithms
CN1592190B (en) Hardware cryptographic engine and encryption method
Tian et al. Novel secure outsourcing of modular inversion for arbitrary and variable modulus
US8407248B2 (en) System and method for authentication using a shared table and sorting exponentiation
CN113221184A (en) Internet of things system and device based on block chain network
US20050132190A1 (en) Methods for supplying cryptographic algorithm constants to a storage-constrained target
CN112865973A (en) Method for generating encryption key and digital signature based on lattice
WO2009115824A1 (en) Encryption method
US20220085999A1 (en) System and method to optimize decryption operations in cryptographic applications
CN1543725A (en) Method for producing encrypt unit with dissymmetry encrypt system by discrete logarithm function
CN101378321B (en) Safety processing method and apparatus
CN113098675B (en) Binary data encryption system and method based on polynomial complete homomorphism
CN105409159A (en) Key storage device, key storage method, and program therefor
Kumar et al. Use of Hybrid ECC to enhance Security and Privacy with Data Deduplication
Rawal et al. Comparative Study of Sha-256 Optimization Techniques
WO2021165962A1 (en) System and method for generation of a disposable software module for cryptographic material protection
CN111506295A (en) Data processing method, system and related equipment

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant