CN102104482A - Method for infinity point representation under affine coordinate system in elliptic curve cryptosystem - Google Patents
Method for infinity point representation under affine coordinate system in elliptic curve cryptosystem Download PDFInfo
- Publication number
- CN102104482A CN102104482A CN2009102020047A CN200910202004A CN102104482A CN 102104482 A CN102104482 A CN 102104482A CN 2009102020047 A CN2009102020047 A CN 2009102020047A CN 200910202004 A CN200910202004 A CN 200910202004A CN 102104482 A CN102104482 A CN 102104482A
- Authority
- CN
- China
- Prior art keywords
- point
- coordinate system
- affine coordinate
- under
- affine
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Image Analysis (AREA)
Abstract
The present invention discloses a method for infinity point representation under an affine coordinate system in an elliptic curve cryptosystem, including the step of adding a component z' in an existing affine coordinate system having two components, x and y, to form a new affine coordinate system. An ordinary point on an elliptical curve is represented as (x, y, 1) in the new affine coordinate system, i.e., coordinate point z'=1, wherein the ordinary point is represented as (x, y) in the existing affine coordinate system; and an infinity point on the elliptic curve is represented as (0, 0, 0) in the new affine coordinate system, i.e., coordinate point z'=0. The method for infinity point representation under the affine coordinate system in the elliptic curve cryptosystem enables an infinity point originally unable to be represented in the affine coordinate system, to be represented in the improved affine coordinate system, thereby being capable of distinguishing the infinity point from the ordinary point in the affine coordinate system, and enables the point operation of addition and multiplication relating to the affine coordinate system to be correctly realized.
Description
Technical field
The present invention relates to elliptic curve cryptosystem (ECC, Elliptic Curve Cryptosystem) field, particularly relate to the method for expressing of infinite point under affine coordinate system in a kind of elliptic curve cryptosystem.
Background technology
1985, Neil Koblitz, people such as Victor Muller are applied to elliptic curve in the cryptography, have obtained important breakthrough in public-key cryptosystem research, cryptographic system---the ECC on Here it is the elliptic curve.Its fail safe is based upon on the difficulty of elliptic curve discrete logarithm problem (ECDLP).Elliptic curve cryptosystem can provide and rsa cryptosystem system identical functions, but because its powerful " short key " advantage becomes the developing direction of public-key cryptographic keys system.
The main computing of ECC is dot product (Scalar Multiplication), promptly calculates kP, and wherein P is on the elliptic curve a bit, and k is a positive integer.Point multiplication operation mainly is made up of point add operation and point doubling again, and point adds the computing that is two different some additions, and doubly point is the computing that a point is added itself.
Point in the elliptic curve comprises usual point and infinite point.Usual point is for can fasten the point of expression in affine coordinate, and infinite point then can't be fastened expression in affine coordinate, and it is defined as the intersection point of two parallel lines.Add and doubly in the flow process of point, at point for the computing of infinite point and the computing of usual point, its step difference.Therefore need just judge before computing whether this point is infinite point.
According to definition, infinite point can be expressed as (X:Y:O) in projected coordinate system, and promptly the Z coordinate equals 0.But in affine coordinate, because the representation of affine coordinate is that (x y), do not have the z component, so infinite point can't be represented in affine coordinate.This will make the point that relates to affine coordinate add and doubly put flow process and can't realize or mistake in computation.
Summary of the invention
The technical problem to be solved in the present invention provides the method for expressing of infinite point under affine coordinate system in a kind of elliptic curve cryptosystem, the feasible infinite point that originally can't in affine coordinate system, represent, also can in improved affine coordinate system, represent, thereby can in affine coordinate system, distinguish infinite point and usual point.
For solving the problems of the technologies described above, the method for expressing of infinite point under affine coordinate system is to adopt following technical scheme to realize in the elliptic curve cryptosystem of the present invention:
In existing affine coordinate system with x and two components of y, increase a z ' component, form new affine coordinate system; Under existing affine coordinate system, be expressed as on the elliptic curve (x, usual some y) is expressed as (x, y, 1) under new affine coordinate system; Infinite point on the elliptic curve is expressed as (0,0,0) under new affine coordinate system.
When carrying out point doubling, the point that will carry out point doubling is expressed as the point under the new affine coordinate system, and described point doubling comprises:
(i) judge whether the point that carries out point doubling is infinite point, and promptly whether z ' the coordinate of this point is 0, if be 0, the result of point doubling is an infinite point so;
(ii) calculate tangent slope through the elliptic curve of the point that carries out point doubling, if its value for infinitely great, the result of point doubling is an infinite point so;
If the point that (iii) carries out point doubling is not infinite point, and be infinity yet, carry out calculating more doubly so through the tangent slope of the elliptic curve of this point.
When carrying out point add operation,, will carry out two points of point add operation or one of them point and be expressed as point under the improved affine coordinate system, point add operation will be divided into following several situation according to the difference of point add operation algorithm:
(i) judge whether 2 of carrying out point add operation are infinite point, promptly judge this z ' coordinate under the new affine coordinate system whether be 0 or projected coordinate system under the Z coordinate whether be 0, if one of them point is infinite point, adds the result so and be another point;
(ii) calculate the slope of 2 the line that carries out point add operation, if its value is infinity, the result of point add operation is an infinite point so;
Be not infinite point if (iii) carry out 2 of point add operation, and the slope of 2 lines be infinity yet, put the calculating that adds so.
In the ECC algorithm, all point multiplication operations all can relate to the judgement and the calculating of infinite point, and infinite point can't be represented in common affine coordinate system.The present invention is by transforming existing common affine coordinate system, and the form of expression of new affine coordinate is (x, y, z '), in initial assignment or by the judgement in the calculating process, z ' coordinate is carried out assignment, and then the value that can pass through z ' is distinguished infinite point and usual point; Infinite point can be represented in common affine coordinate system, thereby can in affine coordinate system, distinguish infinite point and usual point.
Add and doubly in the calculating process of point at point, in adding by calculation level the slope of 2 lines or doubly in through the value of the tangent slope of the elliptic curve of this point, come judging point to add or whether result doubly is infinite point, thereby make the point that relates to affine coordinate system add with point doubling and can correctly realize.
Description of drawings
The present invention is further detailed explanation below in conjunction with accompanying drawing and embodiment:
Accompanying drawing is to adopt method of the present invention to realize binary point multiplication algorithm control flow chart from left to right.
Embodiment
Existing common affine coordinate has only two component x and y, can't represent infinite point.Increase one-component z ' in the new affine coordinate system after improvement, and distinguish usual point and infinite point by this component.Z ' the coordinate of usual point is 1, and the z ' coordinate of infinite point is 0.Add or during point doubling, the point of input is judged its z ' coordinate at point, can determine whether this point is infinite point, and then carry out different processing.
In the dot product process, the generation of infinite point is divided into two kinds of situations:
1, initializaing variable assignment; Generally before the dot product major cycle is calculated, all need certain point is made as infinite point, and then this point is put the cycling that adds and doubly put.
2, add and calculating process doubly in.In the point add operation process, the value of the slope by 2 lines during point is added is judged, if its value is for infinitely great, represent that 2 lines and elliptic curve are except these two intersection points, another intersection point is an infinite point, according to the addition rule on the elliptic curve, the result that point adds is infinite point.In the point doubling process, by the value of the tangent slope of the elliptic curve of this point of process in times point is judged, if its value is for infinitely great, expression tangent line and elliptic curve are except this intersection point, another intersection point is an infinite point, according to the addition rule on the elliptic curve, doubly the result of point is infinite point.
In the following embodiments, the some multiplication algorithm adopts binary approach from left to right, and its coordinate is all realized with affine coordinate system.In conjunction with the accompanying drawings, the concrete following description of dot product control flow:
Step 1, the scalar (the binary system length that is k is t) of input dot product, and some P.
Step 2, the form of the new affine coordinate after a P is expressed as improving is to be expressed as in original affine coordinate system that (x, usual some y) are being expressed as (x, y, 1) in new affine coordinate system as fruit dot P promptly; As fruit dot P is infinite point, is expressed as (0,0,0) in new affine coordinate is new.
Step 3 is expressed as infinite point in the new affine coordinate with a Q, promptly is expressed as (0,0,0).
Step 4 adopts binary approach from left to right to carry out point multiplication operation,, repeats from t-1 to 0 for i.Wherein,
Step 4.1 is carried out point doubling Q=2Q, and point doubling can be divided into following situation:
Judge whether the z ' coordinate that Q is ordered is 0, if be 0, the result of point doubling is infinite point (0,0,0) so.
Calculate the tangent slope through the elliptic curve of some Q, if its value is infinitely great, the result of point doubling is infinite point (0,0,0) so.
If the Q point is not an infinite point, and be infinity yet, carry out calculating Q=2Q more doubly so through the tangent slope of elliptic curve of some Q.
Described point doubling comprises and obtains point under the affine coordinate system by the some addition under the affine coordinate system (point doubling of 2A → A), wherein, A represents affine coordinate system.
Described point doubling comprise by the some addition under the affine coordinate system obtain under the Jacobi coordinate system point (point doubling of 2A → J), wherein, A represents affine coordinate system, J represents the Jacobi coordinate system.
Step 4.2, if, carrying out point add operation Q=Q+P, point add operation can be divided into following situation:
Judge whether the z ' coordinate that P point and Q are ordered is 0, if the z ' coordinate that P is ordered is 0, the result of point add operation is the Q point so; If the z ' coordinate that Q is ordered is 0, the result of point add operation is the P point so.
Calculate the slope of P point and two lines of Q point, if its value is infinity, the result of point add operation is infinite point (0,0,0) so.
If P point and Q point are not infinite point, and the slope of 2 lines is not infinitely great yet, puts the calculating Q=Q+P that adds so.
Described point add operation comprises and obtains point under the affine coordinate system by the some addition under the affine coordinate system (point add operation of A+A → A), wherein, A represents affine coordinate system.
Described point add operation comprise by point under the affine coordinate system and the some addition under the Jacobi coordinate system obtain under the Jacobi coordinate system point (point add operation of J+A → J), wherein, A represents affine coordinate system, J represents the Jacobi coordinate system.
Step 5 obtains the kP as a result of dot product.
More than by embodiment the present invention is had been described in detail, but these are not to be construed as limiting the invention.Under the situation that does not break away from the principle of the invention, those skilled in the art also can make many distortion and improvement, and these also should be considered as protection scope of the present invention.
Claims (7)
1. the method for expressing of infinite point under affine coordinate system in the elliptic curve cryptosystem is characterized in that:
In existing affine coordinate system with x and two components of y, increase a z ' component, form new affine coordinate system; Under existing affine coordinate system, be expressed as on the elliptic curve (x, usual some y) is expressed as (x, y, 1), i.e. coordinate points z '=1 under new affine coordinate system; Infinite point on the elliptic curve is expressed as (0,0,0), i.e. coordinate points z '=0 under new affine coordinate system.
2. the method for claim 1 is characterized in that: when carrying out point doubling, the point that will carry out point doubling is expressed as the point under the new affine coordinate system, and described point doubling comprises:
(i) judge whether the point that carries out point doubling is infinite point, and promptly whether z ' the coordinate of this point is 0, if be 0, the result of point doubling is an infinite point so;
(ii) calculating is through the tangent slope of the elliptic curve of the point of point doubling, if its value is infinity, the result of point doubling is an infinite point so;
If the point that (iii) carries out point doubling is not infinite point, and be infinity yet, carry out calculating more doubly so through the tangent slope of the elliptic curve of this point.
3. method as claimed in claim 2 is characterized in that: described point doubling comprises and obtains point under the affine coordinate system by the some addition under the affine coordinate system (point doubling of 2A → A), wherein, A represents affine coordinate system.
4. method as claimed in claim 2 is characterized in that: described point doubling comprise by the some addition under the affine coordinate system obtain under the Jacobi coordinate system point (point doubling of 2A → J), wherein, A represents affine coordinate system, J represents the Jacobi coordinate system.
5. the method for claim 1 is characterized in that: when carrying out point add operation, according to the difference of point add operation algorithm, will carry out two points of point add operation or one of them point and be expressed as point under the new affine coordinate system, described point add operation comprises:
(i) judge whether 2 of carrying out point add operation are infinite point, promptly judge this z ' coordinate under the new affine coordinate system whether be 0 or projected coordinate system under the Z coordinate whether be 0, if one of them point is infinite point, adds the result so and be another point;
(ii) calculate the slope of 2 the line that carries out point add operation, if its value is infinity, the result of point add operation is an infinite point so;
Be not infinite point if (iii) carry out 2 of point add operation, and the slope of 2 lines be infinity yet, put the calculating that adds so.
6. method as claimed in claim 4 is characterized in that: described point add operation comprises and obtains point under the affine coordinate system by the some addition under the affine coordinate system (point add operation of A+A → A), wherein, A represents affine coordinate system.
7. method as claimed in claim 4, it is characterized in that: described point add operation comprises the point add operation that is obtained the point (J+A → J)) under the Jacobi coordinate system by point under the affine coordinate system and the some addition under the Jacobi coordinate system, wherein, A represents affine coordinate system, and J represents the Jacobi coordinate system.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009102020047A CN102104482A (en) | 2009-12-21 | 2009-12-21 | Method for infinity point representation under affine coordinate system in elliptic curve cryptosystem |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009102020047A CN102104482A (en) | 2009-12-21 | 2009-12-21 | Method for infinity point representation under affine coordinate system in elliptic curve cryptosystem |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN102104482A true CN102104482A (en) | 2011-06-22 |
Family
ID=44157030
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2009102020047A Pending CN102104482A (en) | 2009-12-21 | 2009-12-21 | Method for infinity point representation under affine coordinate system in elliptic curve cryptosystem |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102104482A (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102902897A (en) * | 2011-07-25 | 2013-01-30 | 上海华虹集成电路有限责任公司 | Infinity point attack resisting method applicable to ECC (elliptic curve cryptography) point multiplication algorithm |
| CN103049710B (en) * | 2012-12-13 | 2017-02-08 | 国家广播电影电视总局广播科学研究院 | Field-programmable gate array (FPGA) chip for SM2 digital signature verification algorithm |
| CN109117677A (en) * | 2018-09-21 | 2019-01-01 | 阿里巴巴集团控股有限公司 | A kind of circuit for elliptic curve multi point arithmetic |
| CN112134704A (en) * | 2020-09-21 | 2020-12-25 | 中国电子科技网络信息安全有限公司 | Sm2 performance optimization implementing method |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101000538A (en) * | 2007-01-05 | 2007-07-18 | 东南大学 | Implement method of elliptic curve cipher system coprocessor |
| CN101221491A (en) * | 2008-01-04 | 2008-07-16 | 清华大学 | Point addition system of elliptic curve cipher system |
| CN101296072A (en) * | 2007-04-29 | 2008-10-29 | 四川虹微技术有限公司 | Sharing cryptographic key generation method of elliptic curve |
| CN101547089A (en) * | 2008-03-28 | 2009-09-30 | 上海爱信诺航芯电子科技有限公司 | Method for realizing elliptic curve cryptosystem algorithm over prime field in integrated circuit |
-
2009
- 2009-12-21 CN CN2009102020047A patent/CN102104482A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101000538A (en) * | 2007-01-05 | 2007-07-18 | 东南大学 | Implement method of elliptic curve cipher system coprocessor |
| CN101296072A (en) * | 2007-04-29 | 2008-10-29 | 四川虹微技术有限公司 | Sharing cryptographic key generation method of elliptic curve |
| CN101221491A (en) * | 2008-01-04 | 2008-07-16 | 清华大学 | Point addition system of elliptic curve cipher system |
| CN101547089A (en) * | 2008-03-28 | 2009-09-30 | 上海爱信诺航芯电子科技有限公司 | Method for realizing elliptic curve cryptosystem algorithm over prime field in integrated circuit |
Non-Patent Citations (1)
| Title |
|---|
| 卢忱等: "基于二进制扩域的椭圆曲线密码快速算法", 《计算机工程》 * |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102902897A (en) * | 2011-07-25 | 2013-01-30 | 上海华虹集成电路有限责任公司 | Infinity point attack resisting method applicable to ECC (elliptic curve cryptography) point multiplication algorithm |
| CN102902897B (en) * | 2011-07-25 | 2016-08-24 | 上海华虹集成电路有限责任公司 | It is applicable to the method that the anti-infinite point of ECC Algorithm for Scalar Multiplication is attacked |
| CN103049710B (en) * | 2012-12-13 | 2017-02-08 | 国家广播电影电视总局广播科学研究院 | Field-programmable gate array (FPGA) chip for SM2 digital signature verification algorithm |
| CN109117677A (en) * | 2018-09-21 | 2019-01-01 | 阿里巴巴集团控股有限公司 | A kind of circuit for elliptic curve multi point arithmetic |
| CN112134704A (en) * | 2020-09-21 | 2020-12-25 | 中国电子科技网络信息安全有限公司 | Sm2 performance optimization implementing method |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101782845B (en) | High speed arithmetic device and method of elliptic curve code | |
| EP1306750A2 (en) | Multi-scalar multiplication computation in elliptic curve signature verification | |
| US8085931B2 (en) | Computation method, computing device and computer program | |
| CN103942031A (en) | Elliptic domain curve operational method and elliptic domain curve arithmetic unit | |
| CN101371285B (en) | Encryption processing device, encryption processing method | |
| KR20130089653A (en) | Arithmetical device, arithmetical device elliptical scalar multiplication method and elliptical scalar multiplication program, arithmetical device multiplicative operation method and multiplicative operation program, as well as arithmetical device zero determination method and zero determination program | |
| CN102104482A (en) | Method for infinity point representation under affine coordinate system in elliptic curve cryptosystem | |
| EP0952697B1 (en) | Elliptic curve encryption method and system | |
| KR20150114104A (en) | Method and apparatus for computing montgomery multiplication performing final reduction wihhout comparator | |
| JP2002207424A (en) | Eliptic curve scalar multiple calculation method and device, and storage medium | |
| US8023645B2 (en) | Circuit arrangement for and method of performing an inversion operation in a cryptographic calculation | |
| CN101971138A (en) | An apparatus and a method for calculating a multiple of a point on an elliptic curve | |
| US20030026419A1 (en) | Elliptic curve encryption processing method, elliptic curve encryption processing apparatus, and program | |
| CN112118103A (en) | Hardware implementation system for fast point multiplication of elliptic curve under prime field Fp | |
| KR20080055378A (en) | Method for generating public key in elliptic curve cryptography and system for executing the method | |
| CN102646033A (en) | Modular multiplication operation realizing method and device | |
| Al Saffar et al. | High performance methods of elliptic curve scalar multiplication | |
| Seo et al. | MoTE-ECC based encryption on MSP430 | |
| Venkatasubramani et al. | Fast computation of scalar multiplication over binary edwards curve processor against side channel attack | |
| Sung et al. | A Public-key Cryptography Processor supporting P-224 ECC and 2048-bit RSA | |
| Futa et al. | Efficient scalar multiplication on Montgomery-form elliptic curves | |
| CN107239258A (en) | A kind of modular inversion method and arithmetic unit | |
| Youssef et al. | A low-resource 32-bit datapath ECDSA design for embedded applications | |
| Wang et al. | Speeding up scalar multiplication using a new signed binary representation for integers | |
| Chen et al. | Fast algorithm and hardware architecture for modular inversion in GF (p) |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20110622 |