CN102446088A - Method and system for parallel processing of elliptic curve scalar multiplication - Google Patents

Abstract

A method for parallel processing of elliptic curve scalar multiplication includes the following steps: dividing a scalar to sub scalars with equal length, distributing the sub scalars obtained by dividing to a processor, performing parallel calculation on the distributed sub scalars and an elliptic curve in the processor to obtain corresponding sub scalar multiplication, and integrating the sub scalar multiplication obtained through parallel calculation. The method and a system for parallel processing of elliptic curve scalar multiplication divide a task to a plurality of sub tasks after dividing the scalar to the plurality of sub scalars, so that parallel processing of the scalar multiplication is led to be flexible. The method and the system are based on parallelization of task levels so as to adapt to large-scale parallel processing processes. The divided sub scalars and the elliptic curve are performed with parallel calculation in the processor so that speed of parallel processing is improved and consumed time is effectively reduced.

Description

Method for parallel processing that the elliptic curve scalar is taken advantage of and system

[technical field]

The present invention relates to data encryption technology, particularly relate to method for parallel processing and system that a kind of elliptic curve scalar is taken advantage of.

[background technology]

Along with 1980 mid-nineties 90 Miller and Koblitz have proposed elliptic curve cryptosystem (elliptic curve cryptosystems respectively independently; Be called for short ECC); With respect to other public-key cryptosystem; Elliptic curve cipher only needs short private key can reach higher level of security, therefore receives much concern in recent years.

In the elliptic curve cryptosystem; The calculating that scalar is taken advantage of will be the most key processing procedure; Usually scalar is taken advantage of and can be calculated through the binary approach by bit; Be a given scalar sum elliptic curve point, it is that point by a series of elliptic curve point adds and puts doubly operation and accomplish that scalar is taken advantage of, and the track of its operation depends on the binary bits expression formula of scalar.

Yet; This scalar by bit takes advantage of computing method can not adapt to the concurrent computational system of popularizing day by day; To optimize the computation process that scalar is taken advantage of, therefore, parallel scalar is taken advantage of to calculate and is suggested and is applied in the concurrent computational system; For example, Aoki, Lzu and Takagi have introduced the efficient parallel point operation based on the SIMD processor structure; Lzu has proposed the expression formula of dual processor framework; Aoki etc. have introduced the parallel processing process based on 2 or 3 processors, adopt improved Jacobi's coordinate to develop fast parallel expression formula; The replacement of Longa and Miri takes advantage of method to allow the exploitation of preferred parallel work-flow more efficiently; Thereby the fast parallel expression formula that can in 3 or 4 processors, carry out has been proposed; But above-mentioned parallel scalar takes advantage of calculating only to be confined to the parallelization of instruction-level, can not be based on the parallel computation of carrying out of task rank; This will cause above-mentioned parallel scalar to take advantage of calculating in a spot of processor, to carry out, and can not adapt to fairly large parallel processing process.

[summary of the invention]

Based on this, be necessary the method for parallel processing that provides a kind of elliptic curve scalar that can adapt to large-scale parallel processing process to take advantage of.

In addition, the parallel processing system (PPS) that also is necessary to provide a kind of elliptic curve scalar that can adapt to large-scale parallel processing process to take advantage of.

The method for parallel processing that a kind of elliptic curve scalar is taken advantage of comprises the steps:

Scalar is divided into isometric sub-scalar;

The sub-scalar that the said division that distributes obtains is to processor;

In said processor, the sub-scalar sum elliptic curve of said distribution being carried out parallel computation obtains corresponding sub-scalar and takes advantage of;

Integrating the sub-scalar that said parallel computation obtains takes advantage of.

Preferably, the said step that scalar is divided into isometric sub-scalar is:

Confirm the recurrence number of times that said scalar is corresponding according to the quantity of said processor;

According to said recurrence number of times said scalar is carried out recurrence and obtain isometric sub-scalar by half.

Preferably, said quantity according to said processor confirms that the step of the recurrence number of times that said scalar is corresponding is:

2 being the end, be that antilog calculates the recurrence number of times with the quantity of processor.

Preferably, said 2 being the end, be also to comprise before antilog calculates the step of recurrence number of times with the quantity of processor:

Obtain the bit length of scalar;

Bit length according to said scalar calculates the corresponding optimum recurrence number of times of said scalar, and calculates the amount threshold of processor by said optimum recurrence number of times;

Whether the quantity of judging said processor if not, then with said recurrence number of times is made as optimum recurrence number of times less than said amount threshold, if, then

Entering is the end with 2, is the step that antilog calculates the recurrence number of times with the quantity of processor.

Preferably, the step taken advantage of of the sub-scalar that obtains of the said parallel computation of said integration carries out in twos for said sub-scalar is taken advantage of that recursive point adds calculating.

The parallel processing system (PPS) that a kind of elliptic curve scalar is taken advantage of comprises:

Classification apparatus is used for scalar is divided into isometric sub-scalar;

Distribution apparatus, the sub-scalar that the said division that is used for distributing obtains is to processor;

Processor is used for sub-scalar sum elliptic curve to said distribution and carries out parallel computation and obtain corresponding sub-scalar and take advantage of;

Processor also is used to integrate the sub-scalar that said parallel computation obtains to be taken advantage of.

Preferably, said classification apparatus comprises:

The number of times determination module is used for confirming the recurrence number of times that said scalar is corresponding according to the quantity of said processor;

Module is used for according to said recurrence number of times said scalar being carried out recurrence and obtains isometric sub-scalar by half by half.

Preferably, said number of times determination module also is used for 2 being the end, is that antilog calculates the recurrence number of times with the quantity of processor.

Preferably, said number of times determination module comprises:

The length acquiring unit is used to obtain the bit length of scalar;

Arithmetic element is used for calculating the corresponding optimum recurrence number of times of said scalar according to the bit length of said scalar, and calculates the amount threshold of processor by said optimum recurrence number of times;

Whether judging unit, the quantity that is used to judge said processor if not, then with said recurrence number of times are made as optimum recurrence number of times, if then notify arithmetic element less than said amount threshold;

Said arithmetic element also is used for 2 being the end, is that antilog calculates the recurrence number of times with the quantity of processor.

Preferably, said processor also is used for said sub-scalar taken advantage of and carries out in twos that recursive point adds calculating.

Method for parallel processing that above-mentioned elliptic curve scalar is taken advantage of and system are after being divided into scalar a plurality of sub-scalars; Realized a division of tasks is become a plurality of subtasks, this parallel processing that makes scalar take advantage of is flexibly, based on the parallelization of task rank; To adapt to large-scale parallel processing process; In processor, the sub-scalar sum elliptic curve of dividing is carried out parallel computation, improved the speed of parallel processing, and reduced consumed time effectively.

[description of drawings]

Fig. 1 is the process flow diagram of the method for parallel processing that the elliptic curve scalar is taken advantage of among the embodiment;

Fig. 2 is the method flow diagram that among the embodiment scalar is divided into isometric sub-scalar;

Fig. 3 is the synoptic diagram of model by half among the embodiment;

Fig. 4 is for being divided into scalar among another embodiment the method flow diagram of isometric sub-scalar;

Fig. 5 is the synoptic diagram of integration process among the embodiment;

Fig. 6 is the structural representation of the parallel processing system (PPS) that the elliptic curve scalar is taken advantage of among the embodiment;

Fig. 7 is the structural representation of classification apparatus among Fig. 6;

Fig. 8 is the structural representation of number of times determination module among Fig. 7;

Fig. 9 is that scalar carries out the model synoptic diagram by half of recurrence by half 2 times among the embodiment;

Figure 10 is the synoptic diagram of parallel integration process among the embodiment.

[embodiment]

Fig. 1 shows the parallel processing method flow process that the elliptic curve scalar is taken advantage of among the embodiment, comprises the steps:

Step S110 is divided into isometric sub-scalar with scalar.

In the present embodiment; The task division that to carry out in the parallel processing process is the subtask of several same type; And carry out parallel processing through a plurality of processors; Based on the thought of this parallel processing, will be divided into isometric sub-scalar with the scalar that binary bits is expressed, obtain a series of isometric Bit Strings.

In one embodiment, as shown in Figure 2, the detailed process of above-mentioned steps S110 is:

Step S111 confirms the recurrence number of times that scalar is corresponding according to the quantity of processor.

In the present embodiment, it is that quantity by available processor in the parallel processing system (PPS) determines that scalar is divided related recurrence number of times.Particularly, among the embodiment, confirm that according to the quantity of processor the step of the recurrence number of times that scalar is corresponding is: 2 being the end, be that antilog calculates the recurrence number of times with the quantity of processor, that is:

Wherein, n is the recurrence number of times, and p is the quantity of processor.

Step S113 carries out recurrence according to the recurrence number of times to scalar and obtains isometric sub-scalar by half.

In the present embodiment, scalar is carried out recurrence by half, be divided into 2 according to the recurrence frequency n ⁿIndividual isometric sub-scalar, promptly bit length is that the scalar of k obtains 2 after reducing by half through n time ⁿIndividual bit length is k/2 ⁿBit String.Each sub-scalar of scalar d is designated as J=1 wherein, 2 ..., 2 ⁿ-1,2 ⁿ, partition process is shown in following formula:

Wherein, || be the Bit String connector, Bit length be k/2 ⁿ

In the processing procedure of reality,, before highest significant position, mend " 0 " if scalar d length is not enough.The model by half of scalar d is seen shown in Figure 3.The scalar model that reduces by half is a full binary tree, and the degree of depth of tree is the recurrence frequency n, and the quantity of leaf promptly is the quantity 2 of dividing the Bit String that obtains ⁿ

In another embodiment, as shown in Figure 4, the detailed process of step S110 is:

Step S401 obtains the bit length of scalar.

Step S403 calculates the corresponding optimum recurrence number of times of scalar according to the bit length of scalar, and calculates the amount threshold of processor by optimum recurrence number of times.

In the present embodiment, minimum for time complexity in the parallel processing process that makes scalar, obtain optimum recurrence number of times through following formula:

In a preferred embodiment, in order to simplify computation process, getting optimum recurrence number of times is n _Opt=log ₂K-2.

When the quantity of available processor is no less than

The time, can obtain optimum recurrence frequency n _Opt=log ₂K-2, so the amount threshold of processor does

Be used for confirming that scalar carries out recurrence number of times by half.

Step S405, whether the quantity of decision processor if not, then gets into step S407 less than amount threshold, if then get into step S409.

In the present embodiment, if the quantity of processor is less than amount threshold

Then the recurrence number of times is log ₂P; If the quantity of processor is greater than or equal to amount threshold

Then the recurrence number of times is optimum recurrence number of times, and the time complexity in the parallel processing this moment process is minimum.

For example, if the bit length k=256 of scalar, so optimum recurrence frequency n=log ₂256-2=6; Quantity p＜2 when processor ⁶The time, the recurrence number of times is log ₂P time, to obtain optimum time complexity t _Pmin=(256/2p+log ₂P) A+256D; Quantity p>=2 when processor ⁶The time, the recurrence number of times is 6 times, obtains optimum time complexity t _Pmin=8A+256D.

Step S407 is made as optimum recurrence number of times with the recurrence number of times.

Step S409 2 being the end, is that antilog calculates the recurrence number of times with the quantity of processor.

In the present embodiment, 2 being the end, be that antilog calculates the recurrence number of times through following formula with the quantity of processor, promptly

n＝log ₂p

Wherein, p is available processor quantity.

Step S130, the sub-scalar that the division that distributes obtains is to processor.

In the present embodiment, ready-portioned sub-scalar is assigned in a plurality of processors, a plurality of sub-scalars are carried out parallel computation through a plurality of processors.

Step S150 carries out parallel computation to the sub-scalar sum elliptic curve that distributes and obtains corresponding sub-scalar and take advantage of in processor.

In the present embodiment, be divided into 2 based on scalar ⁿThe thought of individual sub-scalar, scalar are taken advantage of and also have been divided into 2 ⁿIndividual sub-scalar is taken advantage of.Particularly, carry out parallel computation through a plurality of processor antithetical phrase scalar sum elliptic curves and obtain corresponding sub-scalar and take advantage of, promptly

$Q_j^n=B_j^n\·P$

Wherein,

is that j the sub-scalar on n rank taken advantage of;

is j the sub-scalar on n rank, and P is an elliptic curve.

At this moment, scalar is taken advantage of and has been divided into 2 ⁿThe process that individual sub-scalar is taken advantage of obtains through following formula:

$\mathrm{dP}=\left(B_{2^n}^n\right|\left|B_{2^n-1}^n\right||......|\left|B_2^n\right|\left|B_1^n\right)\·P$

$\⇒(B_{2^n}^n\·P),(B_{2^n-1}^n\·P),......,(B_2^n\·P),\left(B_1^{n\·}P\right)$

$\⇒Q_{2^n}^n,Q_{2^n-1}^n,......,Q_2^n,Q_1^n,$

Wherein, d is a scalar, and P is an elliptic curve.

In a plurality of processors, obtained 2 through parallel computation ⁿIndividual sub-scalar is taken advantage of, with and line output, get into the integration that sub-scalar is taken advantage of.

Step S170, the sub-scalar that the integration parallel computation obtains is taken advantage of.

In the present embodiment, the step that the sub-scalar that above-mentioned integration parallel computation obtains is taken advantage of is specially: the antithetical phrase scalar is taken advantage of and is carried out in twos that recursive point adds calculating.As shown in Figure 5, recursively calculate in twos this 2 ⁿThe point that individual sub-scalar is taken advantage of adds, and the point of taking advantage of until last two the sub-scalars of calculating adds, and concrete integration process is shown in following formula:

$\mathrm{dP}=Q_{2^n}^n\left|\right|Q_{2^n-1}^n\left|\right|......\left|\right|Q_2^n\left|\right|Q_1^n$

$=f(Q_{2^n}^n,Q_{2^n-1}^n)\left|\right|......\left|\right|f(Q_2^n,Q_1^n)$

$=Q_{2^{n-1}}^{n-1}\left|\right|......\left|\right|Q_1^{n-1}$

$......$

$=f(Q_4^2,Q_3^2)\left|\right|f({\mathrm{<figure-callout\; id="2"\; label="Q"\; filenames="HDA0000092818950000021.png,HDA0000092818950000031.png"\; state="\{\{state\}\}">Q</figure-callout>}}_2^2,{\mathrm{<figure-callout\; id="1"\; label="Q"\; filenames="HDA0000092818950000021.png,HDA0000092818950000031.png"\; state="\{\{state\}\}">Q</figure-callout>}}_1^2)$

$={\mathrm{<figure-callout\; id="2"\; label="Q"\; filenames="HDA0000092818950000021.png,HDA0000092818950000031.png"\; state="\{\{state\}\}">Q</figure-callout>}}_2^1\left|\right|{\mathrm{<figure-callout\; id="1"\; label="Q"\; filenames="HDA0000092818950000021.png,HDA0000092818950000031.png"\; state="\{\{state\}\}">Q</figure-callout>}}_1^1$

$=f({\mathrm{<figure-callout\; id="2"\; label="Q"\; filenames="HDA0000092818950000021.png,HDA0000092818950000031.png"\; state="\{\{state\}\}">Q</figure-callout>}}_2^1,{\mathrm{<figure-callout\; id="1"\; label="Q"\; filenames="HDA0000092818950000021.png,HDA0000092818950000031.png"\; state="\{\{state\}\}">Q</figure-callout>}}_1^1)$

$={\mathrm{<figure-callout\; id="1"\; label="Q"\; filenames="HDA0000092818950000021.png,HDA0000092818950000031.png"\; state="\{\{state\}\}">Q</figure-callout>}}_1^0=\mathrm{dP}$

Fig. 6 shows the parallel processing system (PPS) that the elliptic curve scalar is taken advantage of among the embodiment, comprises classification apparatus 10, distribution apparatus 30 and processor 50.

Classification apparatus 10 is used for scalar is divided into isometric sub-scalar.

In the present embodiment; The task division that to carry out in the parallel processing process is the subtask of several same type; And carry out parallel processing through a plurality of processors; Based on the thought of this parallel processing, classification apparatus 10 will be divided into isometric sub-scalar with the scalar that binary bits is expressed, and obtain a series of isometric Bit Strings.

In one embodiment, as shown in Figure 7, above-mentioned classification apparatus 10 comprises number of times determination module 110 and the module 130 of reducing by half.

Number of times determination module 110 is used for confirming the recurrence number of times that scalar is corresponding according to the quantity of processor.

In the present embodiment, in the present embodiment, it is that quantity by available processor in the parallel processing system (PPS) determines that scalar is divided related recurrence number of times.Particularly, among the embodiment, number of times determination module 110 also is used for 2 being the end, is that antilog calculates the recurrence number of times with the quantity of processor, that is:

Wherein, n is the recurrence number of times, and p is the quantity of processor.

In another embodiment, as shown in Figure 8, above-mentioned number of times determination module 110 comprises length acquiring unit 111, arithmetic element 113 and judging unit 115.

Length acquiring unit 111 is used to obtain the bit length of scalar.

Arithmetic element 113 is used for calculating the corresponding optimum recurrence number of times of scalar according to the bit length of scalar, and calculates the amount threshold of processor by optimum recurrence number of times.

In the present embodiment, minimum for time complexity in the parallel processing process that makes scalar, arithmetic element 113 obtains optimum recurrence number of times through following formula:

In a preferred embodiment, in order to simplify computation process, it is n that arithmetic element 113 is got optimum recurrence number of times _Opt=log ₂K-2.

When the quantity of available processor is no less than

The time, can obtain optimum recurrence frequency n _Opt=log ₂K-2, so the amount threshold of the processor that calculates of arithmetic element 113 does

Be used for confirming that scalar carries out recurrence number of times by half.

Whether judging unit 115, the quantity that is used for decision processor if not, then with recurrence number of times are made as optimum recurrence number of times, if then notify arithmetic element 113 less than amount threshold.

In the present embodiment, if the quantity that judging unit 115 determines processor is less than amount threshold

Then the recurrence number of times is log ₂P; Be greater than or equal to amount threshold if determine the quantity of processor

Then the recurrence number of times is optimum recurrence number of times, and the time complexity in the parallel processing this moment process is minimum.

Arithmetic element 113 also is used for 2 being the end, is that antilog calculates the recurrence number of times with the quantity of processor.

In the present embodiment, arithmetic element 113 is the end with 2, is that antilog calculates the recurrence number of times through following formula with the quantity of processor, promptly

n＝log ₂p

Wherein, p is available processor quantity.

Module 130 is used for according to the recurrence number of times scalar being carried out recurrence and obtains isometric sub-scalar by half by half.

In the present embodiment, module 130 is carried out recurrence by half according to the recurrence frequency n to scalar by half, is divided into 2 ⁿIndividual isometric sub-scalar, promptly bit length is that the scalar of k obtains 2 after reducing by half through n time ⁿIndividual bit length is k/2 ⁿBit String.Each sub-scalar of scalar d is designated as J=1 wherein, 2 ..., 2 ⁿ-1,2 ⁿ, partition process is shown in following formula:

Wherein, || be the Bit String connector,

Bit length be k/2 ⁿ

In the processing procedure of reality,, before highest significant position, mend " 0 " if scalar d length is not enough.

Distribution apparatus 30 is used for distributing and divides the sub-scalar that obtains to processor.

In the present embodiment, distribution apparatus 30 is assigned to ready-portioned sub-scalar in a plurality of processors, through a plurality of processors a plurality of sub-scalars are carried out parallel computation.

Processor 50 is used for that the sub-scalar sum elliptic curve that distributes is carried out parallel computation and obtains corresponding sub-scalar and take advantage of.

In the present embodiment, be divided into 2 based on scalar ⁿThe thought of individual sub-scalar, scalar are taken advantage of and also have been divided into 2 ⁿIndividual sub-scalar is taken advantage of.Particularly, carry out parallel computation through a plurality of processor 50 antithetical phrase scalar sum elliptic curves and obtain corresponding sub-scalar and take advantage of, promptly

$Q_j^n=B_j^n\&CenterDot;P$

Wherein,

is that j the sub-scalar on n rank taken advantage of;

is j the sub-scalar on n rank, and P is an elliptic curve.

Processor 50 has obtained 2 through parallel computation ⁿIndividual sub-scalar is taken advantage of, with and line output, get into the integration that sub-scalar is taken advantage of.

Processor 50 also is used to integrate the sub-scalar that parallel computation obtains to be taken advantage of.

In the present embodiment, processor 50 also is used for the antithetical phrase scalar to be taken advantage of and carries out in twos that recursive point adds calculating.Processor 50 recursively calculate in twos this 2 ⁿThe point that individual sub-scalar is taken advantage of adds, and the point of taking advantage of until last two the sub-scalars of calculating adds, and concrete integration process is shown in following formula:

$\mathrm{dP}=Q_{2^n}^n\left|\right|Q_{2^n-1}^n\left|\right|......\left|\right|Q_2^n\left|\right|Q_1^n$

$=f(Q_{2^n}^n,Q_{2^n-1}^n)\left|\right|......\left|\right|f(Q_2^n,Q_1^n)$

$=Q_{2^{n-1}}^{n-1}\left|\right|......\left|\right|Q_1^{n-1}$

$......$

$=f(Q_4^2,Q_3^2)\left|\right|f({\mathrm{<figure-callout\; id="2"\; label="Q"\; filenames="HDA0000092818950000021.png,HDA0000092818950000031.png"\; state="\{\{state\}\}">Q</figure-callout>}}_2^2,{\mathrm{<figure-callout\; id="1"\; label="Q"\; filenames="HDA0000092818950000021.png,HDA0000092818950000031.png"\; state="\{\{state\}\}">Q</figure-callout>}}_1^2)$

$={\mathrm{<figure-callout\; id="2"\; label="Q"\; filenames="HDA0000092818950000021.png,HDA0000092818950000031.png"\; state="\{\{state\}\}">Q</figure-callout>}}_2^1\left|\right|{\mathrm{<figure-callout\; id="1"\; label="Q"\; filenames="HDA0000092818950000021.png,HDA0000092818950000031.png"\; state="\{\{state\}\}">Q</figure-callout>}}_1^1$

$=f({\mathrm{<figure-callout\; id="2"\; label="Q"\; filenames="HDA0000092818950000021.png,HDA0000092818950000031.png"\; state="\{\{state\}\}">Q</figure-callout>}}_2^1,{\mathrm{<figure-callout\; id="1"\; label="Q"\; filenames="HDA0000092818950000021.png,HDA0000092818950000031.png"\; state="\{\{state\}\}">Q</figure-callout>}}_1^1)$

$={\mathrm{<figure-callout\; id="1"\; label="Q"\; filenames="HDA0000092818950000021.png,HDA0000092818950000031.png"\; state="\{\{state\}\}">Q</figure-callout>}}_1^0=\mathrm{dP}$

In parallel processing method and system that above-mentioned elliptic curve scalar is taken advantage of; Come to have calculated concurrently a plurality of sub-scalars through binary approach and take advantage of, below through the parallel processing efficient of first of declared amount of having calculated time complexity spent in the parallel processing process.

In the process of calculating this a little scalar concurrently, the time complexity that the pairing calculating scalar of each sub-scalar is taken advantage of

is:

$t_{B_j}=\frac{1}{2}\&CenterDot;\frac{k}{2^n}\&CenterDot;A+\frac{k}{2^n}\&CenterDot;D$

Wherein, A is that the point of elliptic curve point adds, D be elliptic curve point point doubly.

At this moment, establish x, y is a positive integer, | y| representes the bit length of the binary representation of y, then defines like minor function:

f(x，y)＝2 ^(|y|)·x+y

If

With

Expression representes that respectively sub-scalar takes advantage of With

The result, wherein i ∈ 0,1 ..., n-1}, j ∈ { 2 ^I+1, 2 ^I+1-2 ..., 4,2} claims With

For the sub-scalar in (i+1) rank is taken advantage of, so will

With

The result that the sub-scalar in resulting i rank was taken advantage of after the sub-scalar in rank was taken advantage of and integrated is following:

$Q_{j/2}^i=f(Q_j^{i+1},Q_{j-1}^{i+1})$

This specifies is the corresponding sub-scalar

the bit length.Equally; The also available function of above-mentioned equality is explained, promptly

$f_{j/2}^i\&DoubleLeftRightArrow;f(Q_j^{i+1},Q_{j-1}^{i+1})$

Take advantage of the process of integrating at the antithetical phrase scalar, for the integration of taking advantage of with the sub-scalar of single order, function

The time complexity of required cost is A+ (k/2 ^I+1) D.

And the integration of taking advantage of for all sub-scalars, the time corresponding complexity is:

$t_p=t_{B_j}+(\frac{k}{2^n}+\frac{k}{2^{n-1}}+...+\frac{k}{2})D+\mathrm{nA}=(\frac{k}{2^{n+1}}+n)A+\mathrm{kD}$

If the bit length k of scalar does not change in an encrypting and decrypting environment, so t _pMinimum value will in depend on the recurrence frequency n of scalar, this moment is according to the item (k/2 in the above-mentioned equality ^N+1+ n), define like minor function:

$g\left(x\right)=(\frac{k}{2^{x+1}}+x)$

Ask g (x) partial derivative following to x:

$g^{\&prime;}\left(x\right)={(\frac{k}{2^{x+1}}+x)}^{\&prime;}=1-\frac{\mathrm{<figure-callout\; id="2"\; label="k\; ln"\; filenames="HDA0000092818950000021.png,HDA0000092818950000031.png"\; state="\{\{state\}\}">k</figure-callout>}\ln 2}{2^{x+1}}$

When g ' (x)=0, promptly x=logk+log (ln2)-1 o'clock, g (x) got minimum value, therefore, when x＜logk+log (ln2)-1, function g (x) successively decreases; When x＞logk+log (ln2)-1, function g (x) increases progressively, and therefore can derive optimum recurrence number of times:

For simplifying computation process, get optimum recurrence frequency n _Opt=log ₂K-2, promptly the quantity when available processor is no less than Corresponding optimum recurrence number of times is n _Opt=log ₂K-2.

This moment, time complexity was shown in following formula:

$t_p=\left\{\begin{array}{c}(\frac{k}{2p}+\log p)A+\mathrm{kD},\mathrm{whenp}<k/4,\\ \left(\log k\right)A+\mathrm{kD},\mathrm{whenp}>=k/4,\end{array}\right.$

Wherein p is the quantity of available processor, when the quantity of processor more for a long time, the time complexity of this algorithm is much smaller than (k/2) A+kD of traditional binary approach.

Computation process by above-mentioned time complexity can be clear that the spent time complexity of application process of the parallel processing that above-mentioned elliptic curve scalar is taken advantage of is far smaller than the computation process consumed time complexity that traditional oval title is taken advantage of.

The application process of the parallel processing that the above-mentioned elliptic curve scalar of detailed elaboration is taken advantage of with a concrete embodiment below.Among this embodiment, scalar d=(38749) ₁₀=(1001011101011101) ₂, then the bit length of scalar d is k=16.

As shown in Figure 9, classification apparatus 10 calculates optimum recurrence frequency n _Opt=log ₂16-2=2 carries out by half recurrence 2 times with scalar, and at this moment, scalar is taken advantage of dP=38749P to be divided into 4 sub-scalars and taken advantage of, and in a plurality of processors 50, calls binary approach concurrently and calculates 4 sub-scalars and take advantage of, and is shown below:

$38749P=\left(1001\right|\left|0111\right|\left|0101\right|\left|1101\right)P$

$\&DoubleRightArrow;\left(1001\right)P,\left(0111\right)P,\left(0101\right)P,\left(1101\right)P.$

50 pairs of 4 sub-scalars of processor are taken advantage of to put in twos and are added; Shown in figure 10; Take advantage of 1001P for 4 sub-scalars; 0111P; 0101P and 1101P; Respectively preceding two the sub-scalars of call function

and

are taken advantage of to take advantage of with latter two sub-scalar and are integrated into a 151P and some 93P respectively concurrently in two processors, and call function

will be put 151P and put 93P and be integrated into 38749P in a processor 50 then.

At this moment, optimum time complexity is t _p=16D+4A, and traditional go here and there the time complexity of binary approach reached t _s=16D+8A.

Scalar takes advantage of structure to comprise three operation ranks, i.e. algorithm rank, the arithmetic rank of point and the arithmetic ranks in territory taken advantage of of scalar.Traditional scalar takes advantage of parallel calculating method all to be based on a little or the operation rank in territory; Thereby only be applicable to the processor of a small amount of several fixed qties; Be generally 2,3 or 4 processors, and method for parallel processing that above-mentioned elliptic curve scalar is taken advantage of and system are other parallelizations of scalar multiplication algorithm level, to adapt to concurrent computational system with flexible number processor; As shown in the table; Scalar with respect to traditional is taken advantage of parallel calculating method, and the method for parallel processing that last elliptic curve scalar is taken advantage of and system's tool better flexibility can adapt to large-scale parallel processing process.

Can find out very significantly through last table; The method for parallel processing that elliptic curve scalar among the present invention is taken advantage of is used for the scalar that the processor quantity of carrying out parallel processing is far longer than other and takes advantage of method; Can be applicable to the parallel computation processing procedure of various scales neatly; And then traditional scalar is taken advantage of method is compatible, makes existing scalar take advantage of method also can be integrated in the method for parallel processing that the elliptic curve scalar takes advantage of and further accelerates the computing velocity that scalar is taken advantage of.

Method for parallel processing that above-mentioned elliptic curve scalar is taken advantage of and system can be applicable to symmetric multiprocessor, large-scale parallel processor, distributed shared memory multiprocessor, cluster of workstation, grid computing environment and cloud computing environment etc.

Method for parallel processing that above-mentioned elliptic curve scalar is taken advantage of and system are after being divided into scalar a plurality of sub-scalars; Realized a division of tasks is become a plurality of subtasks, this parallel processing that makes scalar take advantage of is flexibly, based on the parallelization of task rank; To adapt to large-scale parallel processing process; In processor, the sub-scalar sum elliptic curve of dividing is carried out parallel computation, improved the speed of parallel processing, and reduced consumed time effectively.

The above embodiment has only expressed several kinds of embodiments of the present invention, and it describes comparatively concrete and detailed, but can not therefore be interpreted as the restriction to claim of the present invention.Should be pointed out that for the person of ordinary skill of the art under the prerequisite that does not break away from the present invention's design, can also make some distortion and improvement, these all belong to protection scope of the present invention.Therefore, the protection domain of patent of the present invention should be as the criterion with accompanying claims.

Claims (10)

1. the method for parallel processing that the elliptic curve scalar is taken advantage of comprises the steps:

Scalar is divided into isometric sub-scalar;

The sub-scalar that the said division that distributes obtains is to processor;

In said processor, the sub-scalar sum elliptic curve of said distribution being carried out parallel computation obtains corresponding sub-scalar and takes advantage of;

Integrating the sub-scalar that said parallel computation obtains takes advantage of.

2. the method for parallel processing that elliptic curve scalar according to claim 1 is taken advantage of is characterized in that, the said step that scalar is divided into isometric sub-scalar is:

Confirm the recurrence number of times that said scalar is corresponding according to the quantity of said processor;

According to said recurrence number of times said scalar is carried out recurrence and obtain isometric sub-scalar by half.

3. the method for parallel processing that elliptic curve scalar according to claim 2 is taken advantage of is characterized in that, said quantity according to said processor confirms that the step of the recurrence number of times that said scalar is corresponding is:

2 being the end, be that antilog calculates the recurrence number of times with the quantity of processor.

4. the method for parallel processing of wanting elliptic curve scalar according to claim 3 to take advantage of is characterized in that, and is said 2 being the end, is also to comprise before antilog calculates the step of recurrence number of times with the quantity of processor:

Obtain the bit length of scalar;

Bit length according to said scalar calculates the corresponding optimum recurrence number of times of said scalar, and calculates the amount threshold of processor by said optimum recurrence number of times;

Whether the quantity of judging said processor if not, then with said recurrence number of times is made as optimum recurrence number of times less than said amount threshold, if, then

Entering is the end with 2, is the step that antilog calculates the recurrence number of times with the quantity of processor.

5. the method for parallel processing that elliptic curve scalar according to claim 1 is taken advantage of is characterized in that, the step that the sub-scalar that the said parallel computation of said integration obtains is taken advantage of carries out in twos for said sub-scalar is taken advantage of that recursive point adds calculating.

6. the parallel processing system (PPS) that the elliptic curve scalar is taken advantage of is characterized in that, comprising:

Classification apparatus is used for scalar is divided into isometric sub-scalar;

Distribution apparatus, the sub-scalar that the said division that is used for distributing obtains is to processor;

Processor is used for sub-scalar sum elliptic curve to said distribution and carries out parallel computation and obtain corresponding sub-scalar and take advantage of;

Processor also is used to integrate the sub-scalar that said parallel computation obtains to be taken advantage of.

7. the parallel processing system (PPS) that elliptic curve scalar according to claim 6 is taken advantage of is characterized in that, said classification apparatus comprises:

The number of times determination module is used for confirming the recurrence number of times that said scalar is corresponding according to the quantity of said processor;

Module is used for according to said recurrence number of times said scalar being carried out recurrence and obtains isometric sub-scalar by half by half.

8. the parallel processing system (PPS) that elliptic curve scalar according to claim 7 is taken advantage of is characterized in that, said number of times determination module also is used for 2 being the end, is that antilog calculates the recurrence number of times with the quantity of processor.

9. the parallel processing system (PPS) that elliptic curve scalar according to claim 8 is taken advantage of is characterized in that, said number of times determination module comprises:

The length acquiring unit is used to obtain the bit length of scalar;

Arithmetic element is used for calculating the corresponding optimum recurrence number of times of said scalar according to the bit length of said scalar, and calculates the amount threshold of processor by said optimum recurrence number of times;

Whether judging unit, the quantity that is used to judge said processor if not, then with said recurrence number of times are made as optimum recurrence number of times, if then notify arithmetic element less than said amount threshold;

Said arithmetic element also is used for 2 being the end, is that antilog calculates the recurrence number of times with the quantity of processor.

10. the parallel processing system (PPS) that elliptic curve scalar according to claim 6 is taken advantage of is characterized in that, said processor also is used for said sub-scalar taken advantage of and carries out in twos that recursive point adds calculating.

Images