CN102291240A - Method and system for authenticating SM2 (Smart Media 2) signature - Google Patents

Abstract

The invention discloses a method and system for authenticating an SM2 (Smart Media 2) signature, relating to the technical fields of digital signature and authentication technology. The method for authenticating the SM2 signature is implemented through an ASIC (Application Specific Integrated Circuit) chip in which an ECDSA (Elliptic Curve Digital Signature Algorithm) is adopted. The method comprises the following steps of: 1, converting an SM2 signature waiting to be authenticated into a corresponding ECDSA signature; 2, authenticating the ECDSA signature obtained by conversion by using the ASIC chip in which the ECDSA is adopted; and 3, performing out-chip modular addition operation on an authentication result of the ECDSA signature, authenticating a modular addition operation result to obtain an authentication result of the SM2 signature, and returning a result indicating whether the signature is received. In the method, the SM2 signature is converted into the ECDSA signature, and ECDSA authentication is performed on the ECDSA signature to obtain the authentication result of the SM2 signature, so that an SM2 algorithm can be directly realized by using the conventional ASIC chip for realizing ECDSA signature authentication, a chip design special for SM2 signature authentication is not required, and the developing period is shortened.

Description

The authentication method and the system of SM2 signature

Technical field

The present invention relates to digital signature and authentication techniques field, particularly a kind of authentication method and system of SM2 signature.

Background technology

Cryptographic system can be divided into tradition (or symmetry) encryption system and PKI (or asymmetric) encryption system two classes.W.Diffie in 1976 and M.E.Hellman have proposed the notion of public key cryptography, and whole cryptography development has been caused far-reaching influence.The common key cryptosystem of current extensive use is RSA, and its advantage is that principle is simple, and is easy to use.But along with updating and the continuous lifting of computing power of big integer factor decomposition method, guarantee that the needed key figure place of fail safe of RSA constantly increases, it is generally acknowledged that at present the figure place of RSA key just has safety guarantee more than 1024bit.The increase of key figure place has directly caused the increasing of declining to a great extent of encryption/decryption speed and hardware spending.

Elliptic curve cipher (ECC) is to be proposed by N.Koblitz and V.Miller in 1985, and it is to utilize elliptic curve finite group on the finite field to replace a class cryptographic system that obtains behind the finite cyclic group in the discrete logarithm problem.Because elliptic curve cipher has the security performance height, processing speed is fast, and bandwidth requirement hangs down and characteristics such as memory space is little, compares with RSA, and ECC has superiority on key length and arithmetic speed.

Elliptic curve E (F on the prime field _p) define by the Weierstrass equation:

E：y ²＝x ³+ax+b(mod?p) (1)

Wherein p is a prime number, a, b be two nonnegative integers less than p (0＜a, b＜∞), and satisfying:

4a ³+27b ²(mod?p)≠0 (2)

Equation (2) is based on set E _p(a, b) limited Abe1 group of definable.

Ellipse curve signature algorithm (ECDSA) is the elliptic curve version of Digital Signature Algorithm (DSA).The most extensive standardized signature scheme based on elliptic curve comprises ANSIX9.62, FIPS186-2, IEEE 1363-2000 and ISO/IEC 15946-2 standard, and the draft of some standards.

Though equally based on the elliptic curve discrete logarithm problem, the SM2 algorithm is different with the ECDSA algorithm of standard in detail.Can't directly realize the SM2 algorithm according to the asic chip of realizing the ECDSA algorithm, this becomes the obstacle that the SM2 algorithm is promoted the use of.

Summary of the invention

(1) technical problem that will solve

The technical problem to be solved in the present invention is: how directly to realize the SM2 algorithm according to the asic chip of realizing the ECDSA algorithm.

(2) technical scheme

For solving the problems of the technologies described above, the invention provides a kind of authentication method of SM2 signature, realize the authentication method that SM2 signs by the asic chip of ECDSA algorithm, said method comprising the steps of:

S1: SM2 signature to be certified is converted into corresponding ECDSA signature;

S2: the asic chip by described ECDSA algorithm carries out authentication operation to the ECDSA signature that conversion obtains;

S3: the authentication result of ECDSA signature through the outer mould add operation of sheet, and is authenticated the result of mould add operation, obtaining the authentication result of SM2 signature, and return and whether accept signature.

Preferably, among the step S1 by the conversion of signing of following formula:

$\left\{\begin{array}{c}s={\mathrm{es}}^{\′-1}\mathrm{mod}n\\ r=(r^{\′}+s^{\′}){\mathrm{es}}^{\′-1}\mathrm{mod}n\end{array}\right.$

Wherein, s and r are ECDSA signature, and s ' and r ' are that SM2 signs, and e acts on the output valve of message for the cryptographic Hash function, and n is the rank of a basic point on the elliptic curve, and mod is modular arithmetic.

Preferably, the ECDSA signature that by following formula conversion is obtained among the step S2:

$\left\{\begin{array}{c}{u}_1={\mathrm{es}}^{-1}\mathrm{mod}n=s^{\′}\mathrm{mod}n\\ u_2={\mathrm{rs}}^{-1}\mathrm{mod}n=(r^{\′}+s^{\′})\mathrm{mod}n\\ X=u_{1}P+u_{2}Q=(x_1,y_1)\end{array}\right.$

Wherein, u ₁, u ₂, X is median, (x ₁, y ₁) be the point on the described elliptic curve.Preferably, step S3 carries out the mould add operation by following formula:

R＝(e+x ₁)modn

Wherein, R is mould add operation result.

The invention also discloses a kind of Verification System of SM2 signature, realize the Verification System that SM2 signs by the asic chip of ECDSA algorithm, described system comprises:

Conversion module is used for SM2 signature to be certified is converted into corresponding ECDSA signature;

The authentication operation module is used for by the asic chip of described ECDSA algorithm the ECDSA signature that conversion obtains being carried out authentication operation;

The authentication acquisition module is used for the outer mould add operation of authentication result process sheet with the ECDSA signature, and the result of mould add operation is authenticated, and with the authentication result of acquisition SM2 signature, and returns and whether accepts signature.

Preferably, in the described conversion module by the conversion of signing of following formula:

$\left\{\begin{array}{c}s={\mathrm{es}}^{\′-1}\mathrm{mod}n\\ r=(r^{\′}+s^{\′}){\mathrm{es}}^{\′-1}\mathrm{mod}n\end{array}\right.$

Wherein, s and r are ECDSA signature, and s ' and r ' are that SM2 signs, and e acts on the output valve of message for the cryptographic Hash function, and n is the rank of a basic point on the elliptic curve, and mod is modular arithmetic.

Preferably, the ECDSA signature that by following formula conversion is obtained in the described authentication operation module:

$\left\{\begin{array}{c}{u}_1={\mathrm{es}}^{-1}\mathrm{mod}n=s^{\′}\mathrm{mod}n\\ u_2={\mathrm{rs}}^{-1}\mathrm{mod}n=(r^{\′}+s^{\′})\mathrm{mod}n\\ X=u_{1}P+u_{2}Q=(x_1,y_1)\end{array}\right.$

Wherein, u ₁, u ₂, X is median, (x ₁, y ₁) be the point on the described elliptic curve.Preferably, described authentication acquisition module carries out the mould add operation by following formula:

R＝(e+x ₁)modn

Wherein, R is mould add operation result.

(3) beneficial effect

The present invention is by being converted into the ECDSA signature with the SM2 signature, and ECDSA signature carried out the ECDSA authentication, to obtain the authentication result of SM2 signature, make and directly to realize the SM2 algorithm with the asic chip of existing realization ECDSA signature authentication, and need not to come design chips for the SM2 signature authentication specially, reduced the construction cycle.

Description of drawings

Fig. 1 is the flow chart according to the authentication method of the SM2 signature of one embodiment of the present invention.

Embodiment

Below in conjunction with drawings and Examples, the specific embodiment of the present invention is described in further detail.Following examples are used to illustrate the present invention, but are not used for limiting the scope of the invention.

Distinguishing feature of the present invention is application-specific integrated circuit (ASIC) (the Application Specific Integrated Circuit with existing realization ECDSA signature authentication, ASIC) chip is realized the operation of SM2 signature authentication, and need not to come design chips for the SM2 signature authentication specially, reduced the construction cycle, can avoid outside sheet, carrying out the elliptic curve dot product again and put add operation, promptly reduced the expense of sheet external system, the performance of guaranteeing system again depends on the performance of asic chip.

Another characteristics of the present invention are, proposed a kind of SM2 signature to be converted into the changing method of ECDSA signature, the ECDSA signature authentication operation that makes asic chip carry out is equivalent to twice dot product operation having finished in the operation of SM2 signature authentication and once puts add operation.Thereby make each SM2 signature authentication operation only need to transfer the asic chip of once realizing the ECDSA signature authentication, reduced the time that transfer of data consumes, improved the efficient of SM2 signature authentication.

The 3rd characteristics of the present invention are, a kind of system configuration of branch three steps processing has been proposed, separate between every section, constitute the structure of similar three class pipeline, the performance of system is by the performance decision of ECDSA signature, be of the throughput decision of the throughput of system, can realize not second to being the performance of the custom-designed asic chip of SM2 signature authentication by the asic chip of realizing the ECDSA signature authentication.

Introduce the detailed process that realizes the SM2 signature authentication according to signature authentication flow process shown in Figure 1 below:

S1: SM2 signature to be certified is converted into corresponding ECDSA signature;

Because the core operation of the identifying algorithm of ECDSA signature is as follows:

(1) calculates u ₁=es ^-1Modn

(2) calculate u ₂=rs ^-1Modn

(3) calculate X=u ₁P+u ₂Q=(x ₁, y ₁)

Wherein, s and r are the ECDSA signature, and e is the signature information Hash Value, u ₁, u ₂, X is median, (x ₁, y ₁) be the point on the elliptic curve, Q is disclosed key, promptly on the elliptic curve a bit, P is the basic point of elliptic curve, n is the rank of a basic point on the elliptic curve, mod is modular arithmetic.

And the core operation of the identifying algorithm of SM2 signature is as follows:

(1) calculates t=(r '+s ') modn

(2) calculate X=s ' P+tQ=(x ₁, y ₁)

Wherein, s ' and r ' are the SM2 signature, and e is the signature information Hash Value, and t, X are median, (x ₁, y ₁) be the point on the elliptic curve, Q is disclosed key, promptly on the elliptic curve a bit, P is the basic point of elliptic curve, n is the rank of a basic point on the elliptic curve, mod is modular arithmetic.

The identifying algorithm of employing ECDSA algorithm is realized the identifying algorithm of SM2 algorithm, needs to satisfy:

u ₁=es ^-1Mod n=s ' and u ₂=rs ^-1Modn=t

Therefore, preferably, among the step S1 by the conversion of signing of following formula:

$\left\{\begin{array}{c}s={\mathrm{es}}^{\′-1}\mathrm{mod}n\\ r=(r^{\′}+s^{\′}){\mathrm{es}}^{\′-1}\mathrm{mod}n\end{array}\right.$

Wherein, s and r are the ECDSA signature, and s ' and r ' are the SM2 signature, and e is the signature information Hash Value, and n is the rank of a basic point on the elliptic curve, and mod is modular arithmetic.Above-mentioned formula is taken advantage of device by mould, and first outer module that mould adds device and the contrary device of mould and four data registers (be shown reg1, reg2, reg3 respectively, reach reg4) composition realizes.The concrete operation process is as follows:

1) SM2 is signed result, mould and signing messages input register:

Reg1 ← s ', reg2 ← n, reg3 ← r ', reg4 ← e (in the formula, " ← " expression assignment symbol, for example, reg1 ← s ' represents that promptly value assignment with s ' is to data register reg1)

2) realize s ' ^-1The mould inverse operation of modn,, when carrying out the mould inverse operation, can finish the mould add operation of (r '+s ') modn because the time that the mould inverse operation needs is longer:

reg1←s′ ^-1mod?n，reg3←(r′+s′)modn，reg4←e

3) after the mould inverse operation is finished, realize es ' again ^-1Modn and (r '+s ') es ' ^-1The modular multiplication of modn, finish the conversion of SM2 signature:

reg3←(r′+s′)es′ ^-1modn，reg4←es′ ^-1modn

S2: described ECDSA signature is carried out authentication operation; This step operation is finished by the asic chip of realizing the ECDSA signature authentication, is equivalent to two dot products having finished in the SM2 signature authentication in fact and operates and the add operation of a point;

Preferably, the ECDSA signature that by following formula conversion is obtained among the step S2:

$\left\{\begin{array}{c}{u}_1={\mathrm{es}}^{-1}\mathrm{mod}n=s^{\′}\mathrm{mod}n\\ u_2={\mathrm{rs}}^{-1}\mathrm{mod}n=(r^{\′}+s^{\′})\mathrm{mod}n\\ X=u_{1}P+u_{2}Q=(x_1,y_1)\end{array}\right.$

Wherein, u ₁, u ₂, X is median, (x ₁, y ₁) be the point on the described elliptic curve.

S3: the result to authentication operation carries out the mould add operation, obtains SM2 signature authentication result, and returns and whether accept signature; This step need be carried out the conversion of SM2 authentication result, only need finish the one-off pattern add operation, and the second outer module that is become with two data registers group by an adder realizes that the data input sequence is x ₁, e, n, r ', arithmetic operation can be finished in the data input process, and concrete place to go process is as follows:

1) with ECDSA signature authentication result and signing messages input register:

reg1←x ₁，reg2←e

2) finish x ₁+ e operation, and with the mould input register:

reg1←x ₁+e，reg2←n

3) finish (x ₁+ e) modn operation, and with the SM2 r ' input register as a result of signing:

reg1←(x ₁+e)modn，reg2←r′

4) finish (x ₁+ e) modn-r ' operation if the result who finishes behind the last subtraction is 0, is then accepted signature, otherwise the refusal signature:

reg1←(x ₁+e)modn-r′

The design carries out behavioral scaling with Verilog, RTL level coding and functional simulation, the correctness of verification system function.Taking advantage of device and adopt the contrary device of mould of Euclidean algorithm with the FIPS algorithm mould that adopts 64 multipliers to realize is example, and based on SMIC0.18 micron technology library, the area of first outer module is 1.04 square millimeters, and the critical path time delay was 5.5 nanoseconds; The area of second outer module is 0.11 square millimeter, and the critical path time delay was 3.7 nanoseconds.The conversion that first outer module finished a SM2 signature on average needs about 1200 cycles, about 6.6 microseconds consuming time; Second outer module finished conversion (comprising the data input and output) 42 cycles of needs of a SM2 authentication, about 155 nanoseconds consuming time.Carry out comprehensively based on Altera FPGA Cyclone III Series FPGA, first outer module takies 11910 arithmetic elements, and the critical path time delay was 30.147 nanoseconds; Second outer module takies 954 arithmetic elements, and the critical path time delay was 12.103 nanoseconds.The conversion that first outer module finished a SM2 signature on average needs about 1200 cycles, about 36.2 microseconds consuming time; Second outer module finished conversion (comprising the data input and output) 42 cycles of needs of a SM2 authentication, about 508.3 nanoseconds consuming time.When the signature authentication speed of the asic chip of the realization ECDSA signature authentication that uses was not higher than 27600 times/second, the speed of this system depended on the speed of asic chip.For the asic chip of low performance, the hardware consumption of the outer module of sheet can further reduce in the system.

Above execution mode only is used to illustrate the present invention; and be not limitation of the present invention; the those of ordinary skill in relevant technologies field; under the situation that does not break away from the spirit and scope of the present invention; can also make various variations and modification; therefore all technical schemes that are equal to also belong to category of the present invention, and scope of patent protection of the present invention should be defined by the claims.

Claims (8)

1. the authentication method of a SM2 signature is characterized in that, realizes the authentication method that SM2 signs by the asic chip of ECDSA algorithm, said method comprising the steps of:

S1: SM2 signature to be certified is converted into corresponding ECDSA signature;

S2: the asic chip by described ECDSA algorithm carries out authentication operation to the ECDSA signature that conversion obtains;

S3: the authentication result of ECDSA signature through the outer mould add operation of sheet, and is authenticated the result of mould add operation, obtaining the authentication result of SM2 signature, and return and whether accept signature.

2. the method for claim 1 is characterized in that, among the step S1 by the conversion of signing of following formula:

$\left\{\begin{array}{c}s={\mathrm{es}}^{\′-1}\mathrm{mod}n\\ r=(r^{\′}+s^{\′}){\mathrm{es}}^{\′-1}\mathrm{mod}n\end{array}\right.$

Wherein, s and r are the ECDSA signature, and s ' and r ' are the SM2 signature, and e is the signature information Hash Value, and n is the rank of a basic point on the elliptic curve, and mod is modular arithmetic.

3. method as claimed in claim 2 is characterized in that, the ECDSA signature that by following formula conversion is obtained among the step S2:

$\left\{\begin{array}{c}{u}_1={\mathrm{es}}^{-1}\mathrm{mod}n=s^{\′}\mathrm{mod}n\\ u_2={\mathrm{rs}}^{-1}\mathrm{mod}n=(r^{\′}+s^{\′})\mathrm{mod}n\\ X=u_{1}P+u_{2}Q=(x_1,y_1)\end{array}\right.$

Wherein, u ₁, u ₂, X is median, (x ₁, y ₁) be the point on the described elliptic curve.

4. method as claimed in claim 3 is characterized in that, step S3 carries out the mould add operation by following formula:

R＝(e+x ₁)modn

Wherein, R is mould add operation result.

5. the Verification System of a SM2 signature is characterized in that, realizes the Verification System that SM2 signs by the asic chip of ECDSA algorithm, and described system comprises:

Conversion module is used for SM2 signature to be certified is converted into corresponding ECDSA signature;

The authentication operation module is used for by the asic chip of described ECDSA algorithm the ECDSA signature that conversion obtains being carried out authentication operation;

The authentication acquisition module is used for the outer mould add operation of authentication result process sheet with the ECDSA signature, and the result of mould add operation is authenticated, and with the authentication result of acquisition SM2 signature, and returns and whether accepts signature.

6. system as claimed in claim 5 is characterized in that, in the described conversion module by the conversion of signing of following formula:

$\left\{\begin{array}{c}s={\mathrm{es}}^{\′-1}\mathrm{mod}n\\ r=(r^{\′}+s^{\′}){\mathrm{es}}^{\′-1}\mathrm{mod}n\end{array}\right.$

Wherein, s and r are the ECDSA signature, and s ' and r ' are the SM2 signature, and e is the signature information Hash Value, and n is the rank of a basic point on the elliptic curve, and mod is modular arithmetic.

7. system as claimed in claim 6 is characterized in that, the ECDSA signature that by following formula conversion is obtained in the described authentication operation module:

$\left\{\begin{array}{c}{u}_1={\mathrm{es}}^{-1}\mathrm{mod}n=s^{\′}\mathrm{mod}n\\ u_2={\mathrm{rs}}^{-1}\mathrm{mod}n=(r^{\′}+s^{\′})\mathrm{mod}n\\ X=u_{1}P+u_{2}Q=(x_1,y_1)\end{array}\right.$

Wherein, u ₁, u ₂, X is median, (x ₁, y ₁) be the point on the described elliptic curve.

8. system as claimed in claim 7 is characterized in that, described authentication acquisition module carries out the mould add operation by following formula:

R＝(e+x ₁)modn

Wherein, R is mould add operation result.