CN103049710A - Field-programmable gate array (FPGA) chip for SM2 digital signature verification algorithm - Google Patents

Field-programmable gate array (FPGA) chip for SM2 digital signature verification algorithm Download PDF

Info

Publication number
CN103049710A
CN103049710A CN 201210540967 CN201210540967A CN103049710A CN 103049710 A CN103049710 A CN 103049710A CN 201210540967 CN201210540967 CN 201210540967 CN 201210540967 A CN201210540967 A CN 201210540967A CN 103049710 A CN103049710 A CN 103049710A
Authority
CN
China
Prior art keywords
digital signature
point
controller
arithmetic element
elliptic curve
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN 201210540967
Other languages
Chinese (zh)
Other versions
CN103049710B (en
Inventor
沈阳
郭沛宇
王磊
宫铭豪
丁森华
梁晋春
马艳
姚颖颖
张乃光
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Academy of Broadcasting Science of SAPPRFT
Original Assignee
Academy of Broadcasting Science of SAPPRFT
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Academy of Broadcasting Science of SAPPRFT filed Critical Academy of Broadcasting Science of SAPPRFT
Priority to CN201210540967.XA priority Critical patent/CN103049710B/en
Publication of CN103049710A publication Critical patent/CN103049710A/en
Application granted granted Critical
Publication of CN103049710B publication Critical patent/CN103049710B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Abstract

The invention discloses a field-programmable gate array (FPGA) chip for an SM2 digital signature verification algorithm. The FPGA chip comprises a system bus interface, an SM2 controller and an SM2 operation unit, and the system bus interface is used for communicating with an external system of the FPGA chip, acquiring parameters and data which are required by SM2 digital signature verification from the external system , writing the parameters and the data in the SM2 controller, receiving a control message, a work state query message and an operation result query message which are sent by the external system and sending the control message, the work state query message and the operation result query message to the SM2 controller; the SM2 controller is used for triggering the SM2 operation unit according to the control message and sending a work state and a verification result of the SM2 operation unit to the external system through the system bus interface after the SM2 controller receives the work state query message and the operation result query message; and the SM2 operation unit is used for reading the parameters and the data which are required by SM2 digital signature verification for this time from the SM2 controller under the triggering of the SM2 controller, finishing verification calculation according to the SM2 digital signature verification algorithm and sending a verification result to the SM2 controller.

Description

The fpga chip that is used for the SM2 digital signature verification algorithm
Technical field
The present invention relates to field of computer technology, particularly relate to a kind of fpga chip for the SM2 digital signature verification algorithm.
Background technology
Password Management office of country will propose the relevant cryptographic algorithm standard of China the end of the year 2010, comprise: SM2 standard, SM3 standard, SM7 standard.Wherein the SM2 standard is: based on the mathematical problem of Elliptic Curve Discrete Logarithm basis, the relevant ECC(elliptic curve cipher in the world) relevant criterion algorithm basis develops and the domestic standard that comes.
Main or the RSA Algorithm of asymmetric cryptographic algorithm that present domestic and international application is more.But from theoretical analysis and application demand angle, the security intensity of ECC algorithm (comprising the SM2 canonical algorithm) will be higher than RSA Algorithm, and key length is shorter simultaneously, and application prospect is better.But the system that is based on the SM2 algorithm realizes, even product is few aspect the terminal chip research and development.
On the other hand, national Password Management office require domestic all use system and the terminal of asymmetric cryptographic algorithms, before 2015, must use domestic standard, comprise the SM2 algorithm standard rules.Therefore, aspect SM2 research and development of products and system schema, can carry out systematic study.
Summary of the invention
In order to solve the aforementioned problems in the prior, the invention provides a kind of fpga chip for the SM2 digital signature verification algorithm.
The invention provides a kind of fpga chip for the SM2 digital signature verification algorithm, comprise: system bus interface, be used for communicating with the external system of fpga chip, obtain the required parameter of SM2 digital signature authentication and data from external system, and write the SM2 controller, receive control message, duty query messages and operation result query messages that external system sends, and send to the SM2 controller; The SM2 controller, be connected with the SM2 arithmetic element with system bus interface, be used for triggering the SM2 arithmetic element according to control message, after receiving duty query messages and operation result query messages, send duty and the result of SM2 arithmetic element to external system by system bus interface; The SM2 arithmetic element is used for reading the required parameter of this SM2 digital signature authentication and data from the SM2 controller under the triggering of SM2 controller, carries out verifying calculating according to the SM2 digital signature verification algorithm, and the result is sent to the SM2 controller.
Preferably, system bus interface comprises: meet the universal industrial bus standard system bus interface or, meet the system bus interface of User Defined bus inferface protocol.
Preferably, the SM2 controller specifically comprises: control register, be used in the situation of the control message that receives the external system transmission by system bus interface, according to control message, trigger the SM2 arithmetic element by the SM2 enabling signal and start, trigger the SM2 arithmetic element by the SM2 reset signal and reset; Data register, be used for receiving required parameter and the data of this SM2 digital signature authentication that external system sends by system bus interface, and store, after control register resets the SM2 arithmetic element, empty the required parameter of this SM2 digital signature authentication and data; Status register is used for inquiring about the duty of SM2 arithmetic element in the situation that receives the duty query messages, and by system bus interface duty is sent to external system; Proactive notification external system SM2 arithmetic element has been finished this SM2 digital signature authentication; In the situation that receives the operation result query messages, send the result of this SM2 digital signature authentication to external system by system bus interface.
Preferably, the SM2 arithmetic element specifically comprises: the first state machine module is used for carrying out the control of SM2 digital signature authentication computing flow process, and communicates with the SM2 controller; The first mould adds computing module, is used for finishing under affine coordinate system the calculating of t=(r '+s ') modn of SM2 digital signature verification algorithm, and R=(e '+x 1') calculating of modn, wherein, (r '+s ') be the signature code word, calculate the digest value of message
Figure BDA00002581944200021
H v() is the digest calculations function, " " represents the splicing of former and later two character strings, and n is the rank of elliptic curve, x 1' be one of elliptic curve point (x ', y ') coordinate element; The first point doubling module is used under the support of the signed magnitude arithmetic(al) of bottom prime field, prime field multiplying and prime field division arithmetic, calculates [s '] G and [t '] P in the SM2 digital signature verification algorithm under affine coordinate system A, wherein, G is the basic point of elliptic curve, G=(x G, y G) (G ≠ O), x GAnd y GF pIn two elements, elliptic curve E (F q) two element a, the b ∈ F of equation q, P ABeing client public key, also is a point on the elliptic curve, and [s '] G refers to s ' times of point of G, [t '] P ARefer to P AT ' times of point; The first point add operation module is used under the support of the signed magnitude arithmetic(al) of bottom prime field, prime field multiplying and prime field division arithmetic, finishes [s '] G and [t '] P in the SM2 digital signature verification algorithm under affine coordinate system AThe point add operation of two points, that is, (x ', y ')=[s '] G+[t '] P A, wherein, (x ', y ') be the point on the elliptic curve.
Preferably, the first state machine module specifically is used for: read this SM2 digital signature authentication of SM2 controller required parameter and data; Receive the SM2 enabling signal that the SM2 controller sends, start the SM2 arithmetic element; Computing process invocation the first point doubling module, the first point add operation module, the first mould according to the SM2 digital signature verification algorithm add computing module, and verify calculating according to this SM2 digital signature authentication required parameter and data; After this SM2 digital signature authentication is finished, obtain the result, the result and complement mark are returned to the SM2 controller; Receive the SM2 reset signal that the SM2 controller sends, the SM2 arithmetic element resets.
Preferably, the first state machine module specifically is used for: call the first mould and add computing module and calculate t=(r '+s ') modn; Call the first point doubling module and calculate [s '] G and [t '] P ACall the first point add operation module and calculate (x ', y ')=[s '] G+[t '] P ACall the first mould add computing module calculate R=(e '+x 1') modn, whether checking R=r ' sets up, and pass through if set up then checking, otherwise checking is not passed through.
Preferably, the SM2 arithmetic element specifically comprises: coordinate transferring is used for the point coordinate data on the elliptic curve is changed to Jacobi Coordinate system by affine coordinate system; The second state machine module is used for carrying out the control of SM2 digital signature authentication computing flow process, and communicates with the SM2 controller; The second mould adds computing module, is used for finishing under Jacobi Coordinate system the calculating of t=(r '+s ') modn of SM2 digital signature verification algorithm, and R=(e '+x 1') calculating of modn, wherein, (r '+s ') be the signature code word, calculate the digest value of message
Figure BDA00002581944200041
H v() is the digest calculations function,
Figure BDA00002581944200042
" " represents the splicing of former and later two character strings, and n is the rank of elliptic curve, x 1' be one of elliptic curve point (x ', y ') coordinate element; The second point doubling module is used under the support of the signed magnitude arithmetic(al) of bottom prime field, prime field multiplying and prime field division arithmetic, calculates [s '] G and [t '] P in the SM2 digital signature verification algorithm under Jacobi Coordinate system A, wherein, G is the basic point of elliptic curve, G=(x G, y G) (G ≠ O), x GAnd y GF pIn two elements, elliptic curve E (F q) two element a, the b ∈ F of equation q, P ABeing client public key, also is a point on the elliptic curve, and [s '] G refers to s ' times of point of G, [t '] P ARefer to P AT ' times of point; Second point adds computing module, is used under the support of the signed magnitude arithmetic(al) of bottom prime field, prime field multiplying and prime field division arithmetic, finishes [s '] G and [t '] P in the SM2 digital signature verification algorithm under Jacobi Coordinate system AThe point add operation of two points, that is, (x ', y ')=[s '] G+[t '] P A, wherein, (x ', y ') be the point on the elliptic curve.
Preferably, the prime field multiplying is replaced with the Montgomery multiplying.
Preferably, replace the required multiplier of Montgomery multiplying by the digital signal processor DSP resource in the fpga chip.
Preferably, the second state machine module specifically is used for: read this SM2 digital signature authentication of SM2 controller required parameter and data; Receive the SM2 enabling signal that the SM2 controller sends, start the SM2 arithmetic element; Calling the second mould adds computing module and calculates t=(r '+s ') modn; Call the second point doubling module and calculate [s '] G and [t '] P ACalling second point adds computing module and calculates (x ', y ')=[s '] G+[t '] P ACall the second mould add computing module calculate R=(e '+x 1') modn, whether checking R=r ' sets up, and pass through if set up then checking, otherwise checking is not passed through; After this SM2 digital signature authentication is finished, obtain the result, the result and complement mark are returned to the SM2 controller; Receive the SM2 reset signal that the SM2 controller sends, the SM2 arithmetic element resets.
Beneficial effect of the present invention is as follows:
By means of the technical scheme of the embodiment of the invention, take full advantage of the fpga chip resource, can effectively promote the arithmetic speed of SM2 algorithm; The technical scheme of the embodiment of the invention can be applied to all kinds of safety certifications field, simultaneously according to concrete application scenarios and technical need, takes the flexible configuration mode, realizes the reasonable distribution of system resource and operation efficiency.
Above-mentioned explanation only is the general introduction of technical solution of the present invention, for can clearer understanding technological means of the present invention, and can be implemented according to the content of instructions, and for above and other objects of the present invention, feature and advantage can be become apparent, below especially exemplified by the specific embodiment of the present invention.
Description of drawings
By reading hereinafter detailed description of the preferred embodiment, various other advantage and benefits will become cheer and bright for those of ordinary skills.Accompanying drawing only is used for the purpose of preferred implementation is shown, and does not think limitation of the present invention.And in whole accompanying drawing, represent identical parts with identical reference symbol.In the accompanying drawings:
Fig. 1 is the SM2 digital signature verification algorithm process flow diagram of the embodiment of the invention;
Fig. 2 is the structural representation of the fpga chip that is used for the SM2 digital signature verification algorithm of the embodiment of the invention;
Fig. 3 is the synoptic diagram of the SM2 signature verification fpga chip inner structure of the embodiment of the invention;
Fig. 4 is that SM2 signature verification arithmetic element realizes synoptic diagram under the affine coordinate system of the embodiment of the invention;
Fig. 5 is that the lower SM2 signature verification arithmetic element of the Jacobi Coordinate system of the embodiment of the invention realizes synoptic diagram.
Embodiment
Exemplary embodiment of the present disclosure is described below with reference to accompanying drawings in more detail.Although shown exemplary embodiment of the present disclosure in the accompanying drawing, yet should be appreciated that and to realize the disclosure and the embodiment that should do not set forth limits here with various forms.On the contrary, it is in order to understand the disclosure more thoroughly that these embodiment are provided, and can with the scope of the present disclosure complete convey to those skilled in the art.
The invention provides a kind of fpga chip for the SM2 digital signature verification algorithm, realize the checking computing of digital signature in the SM2 country password standard based on fpga chip.Application scenarios or application demand are all kinds of safe terminal systems.The embodiment of the invention realizes that at fpga chip the prime field algorithm calculates based on digital signature verification algorithm in the national Password Management SM2 of the office standard.By the data-switching of affine coordinate system and Jacobi Coordinate system, can be optimized design to the SM2 algorithm in addition, can improve thus the operation efficiency of fpga chip.Simultaneously, have programmable features and configurable characteristic by fpga chip, the chip bus interface can be researched and developed design according to concrete system requirements, reduces cost, raises the efficiency.
As mentioned above, the FPGA of SM2 signature algorithm is implemented in the calculation function aspect and is equal to existing Special safety chip.But because fpga chip has the characteristics such as configurable, able to programme, scalable, so that the FPGA of SM2 Digital Signature Algorithm realizes and can according to concrete application scenarios and application demand, carry out the selection that flexible implementation algorithm counting yield and system realize cost.Namely under the not high application demand environment of algorithm requirement of real-time, the fpga chip that can select internal resource comparatively to save carries out realizing based on the algorithm of affine coordinate system; On the other hand, for the higher application demand environment of requirement of real-time, can select internal resource than the fpga chip of horn of plenty, and can adopt algorithm optimization, perhaps improve the technological means such as chip clock, further improve arithmetic speed and system effectiveness.Simultaneously, again can be according to concrete system bus type, the external system bus of flexible configuration chip, the system self-adaptability of raising chip also is that FPGA realizes another advantage than the Special safety chip.Below in conjunction with accompanying drawing and embodiment, the present invention is further elaborated.Should be appreciated that specific embodiment described herein only in order to explain the present invention, does not limit the present invention.
Before the technical scheme to the embodiment of the invention is elaborated, at first SM2 national standard digital signature verification algorithm is described in detail.
" SM2 ellipse curve public key cipher algorithm " national standard is divided into four parts, comprising: general provisions, Digital Signature Algorithm, Internet Key Exchange Protocol, public key encryption algorithm.Digital Signature Algorithm comprises again: elliptic curve systematic parameter, user key are to the verification algorithm of the generating algorithm of, auxiliary function, user's out of Memory, digital signature and flow process, digital signature and flow process etc.
The FPGA that the embodiment of the invention is mainly finished digital signature verification algorithm realizes and effectiveness of performance optimization.Below the main SM2 digital signature verification algorithm basic condition of setting forth, follow-uply again FPGA is realized and optimizes and make an explanation.
The SM2 digital signature verification algorithm, specific as follows:
Input:
1, elliptic curve parameter: include confinement F pScale q, definition elliptic curve E (F q) two element a, the b ∈ F of equation q, E (F q) on basic point G=(x G, y G) (G ≠ O), wherein x GAnd y GF pIn two elements, elliptic curve basic point E (F q) on the rank n of G and other option (such as complementary divisor h of n etc.);
2, Z A: the Hash Value of user's the sign distinguished, part elliptic curve systematic parameter and user A PKI;
3, P A: user's PKI;
4, M': message to be verified;
5, (r', s'): the signature code word that system is received.
Output: the result: verify by or verify and do not pass through.
Step: Fig. 1 is the SM2 digital signature verification algorithm process flow diagram of the embodiment of the invention, as shown in Figure 1, in order to check message M' and the digital signature (r', s') thereof of receiving, need to realize following calculation step as verifier's user:
Step 1, whether check r' ∈ [1, n-1] sets up, if be false, then checking is not passed through, wherein n is the rank of elliptic curve;
Step 2, whether check s' ∈ [1, n-1] sets up, if be false, then checking is not passed through, wherein n is the rank of elliptic curve;
Step 3 is put
Figure BDA00002581944200071
The wherein splicing of former and later two character strings of " " operator representation;
Step 4 is calculated Namely calculate the digest value of message, wherein H v() is the digest calculations function;
Step 5 is integer with signed codevector digital data type conversion, calculating t=(r '+s ') modn, if t=0, then checking is not passed through;
Step 6, the calculating elliptic curve point (x ', y ')=[s '] G+[t '] P A, wherein (x ', y ') be the point on the elliptic curve, [s '] G and [t '] P ABe point doubling [s '] G+[t '] P ABe point add operation;
Step 7, calculating R=(e '+x 1') modn, whether checking R=r ' sets up, and passes through if set up then checking; Otherwise checking is not passed through, wherein x 1One of ' elliptic curve point (x ', y ') coordinate element of calculating for above-mentioned steps 6.
Below the technical scheme of the embodiment of the invention is elaborated.
According to embodiments of the invention, a kind of fpga chip for the SM2 digital signature verification algorithm is provided, Fig. 2 is the structural representation of the fpga chip that is used for the SM2 digital signature verification algorithm of the embodiment of the invention, as shown in Figure 2, the fpga chip that is used for the SM2 digital signature verification algorithm according to the embodiment of the invention comprises: system bus interface 20, SM2 controller 22 and SM2 arithmetic element 24 below are described in detail the modules of the embodiment of the invention.
System bus interface 20, be used for communicating with the external system of fpga chip, obtain the required parameter of SM2 digital signature authentication and data from external system, and write SM2 controller 22, receive control message, duty query messages and operation result query messages that external system sends, and send to SM2 controller 22;
Wherein, system bus interface 20 comprises: meet the universal industrial bus standard system bus interface 20 or, meet the system bus interface 20 of User Defined bus inferface protocol.
SM2 controller 22, are connected with the SM2 arithmetic element with system bus interface 20 and are connected, be used for triggering SM2 arithmetic element 24 according to control message, after receiving duty query messages and operation result query messages, send duty and the result of SM2 arithmetic element 24 to external system by system bus interface 20;
SM2 controller 22 specifically comprises:
Control register, be used in the situation of the control message that receives the external system transmission by system bus interface 20, according to control message, trigger SM2 arithmetic element 24 by the SM2 enabling signal and start, trigger SM2 arithmetic element 24 by the SM2 reset signal and reset;
Data register, be used for receiving required parameter and the data of this SM2 digital signature authentication that external system sends by system bus interface 20, and store, after control register resets SM2 arithmetic element 24, empty the required parameter of this SM2 digital signature authentication and data;
Status register is used in the situation that receives the duty query messages, the duty of inquiry SM2 arithmetic element 24, and by system bus interface 20 duty is sent to external system; Proactive notification external system SM2 arithmetic element 24 has been finished this SM2 digital signature authentication; In the situation that receives the operation result query messages, send the result of this SM2 digital signature authentication to external system by system bus interface 20.
SM2 arithmetic element 24, be used under the triggering of SM2 controller 22, from SM2 controller 22, read the required parameter of this SM2 digital signature authentication and data, carry out verifying calculating according to the SM2 digital signature verification algorithm, the result is sent to SM2 controller 22.The below will describe with the structure of 2 examples to SM2 arithmetic element 24.
Example 1
SM2 arithmetic element 24 specifically comprises:
The first state machine module is used for carrying out the control of SM2 digital signature authentication computing flow process, and communicates with SM2 controller 22;
The first state machine module specifically is used for: read required parameter and the data of SM2 controller 22 these SM2 digital signature authentications; Receive the SM2 enabling signal that SM2 controller 22 sends, start SM2 arithmetic element 24; Computing process invocation the first point doubling module, the first point add operation module, the first mould according to the SM2 digital signature verification algorithm add computing module, and verify calculating according to this SM2 digital signature authentication required parameter and data; After this SM2 digital signature authentication is finished, obtain the result, the result and complement mark are returned to SM2 controller 22; Receive the SM2 reset signal that SM2 controller 22 sends, SM2 arithmetic element 24 resets.
Wherein, computing process invocation the first point doubling module, the first point add operation module, the first mould according to the SM2 digital signature verification algorithm add computing module, and verify that according to this SM2 digital signature authentication required parameter and data calculating specifically comprises following processing:
Calling the first mould adds computing module and calculates t=(r '+s ') modn; Call the first point doubling module and calculate [s '] G and [t '] P ACall the first point add operation module and calculate (x ', y ')=[s '] G+[t '] P ACall the first mould add computing module calculate R=(e '+x 1') modn, whether checking R=r ' sets up, and pass through if set up then checking, otherwise checking is not passed through.
The first mould adds computing module, is used for finishing under affine coordinate system the calculating of t=(r '+s ') modn of SM2 digital signature verification algorithm, and R=(e '+x 1') calculating of modn, wherein, (r '+s ') be the signature code word, calculate the digest value of message
Figure BDA00002581944200101
H v() is the digest calculations function,
Figure BDA00002581944200102
" " represents the splicing of former and later two character strings, and n is the rank of elliptic curve, x 1' be one of elliptic curve point (x ', y ') coordinate element;
The first point doubling module is used under the support of the signed magnitude arithmetic(al) of bottom prime field, prime field multiplying and prime field division arithmetic, calculates [s '] G and [t '] P in the SM2 digital signature verification algorithm under affine coordinate system A, wherein, G is the basic point of elliptic curve, G=(x G, y G) (G ≠ O), x GAnd y GF pIn two elements, elliptic curve E (F q) two element a, the b ∈ F of equation q, P ABeing client public key, also is a point on the elliptic curve, and [s '] G refers to s ' times of point of G, [t '] P ARefer to P AT ' times of point;
The first point add operation module is used under the support of the signed magnitude arithmetic(al) of bottom prime field, prime field multiplying and prime field division arithmetic, finishes [s '] G and [t '] P in the SM2 digital signature verification algorithm under affine coordinate system AThe point add operation of two points, that is, (x ', y ')=[s '] G+[t '] P A, wherein, (x ', y ') be the point on the elliptic curve.
Example 2:
SM2 arithmetic element 24 specifically comprises:
Coordinate transferring is used for the point coordinate data on the elliptic curve is changed to Jacobi Coordinate system by affine coordinate system;
The second state machine module is used for carrying out the control of SM2 digital signature authentication computing flow process, and communicates with SM2 controller 22;
The second state machine module specifically is used for: read required parameter and the data of SM2 controller 22 these SM2 digital signature authentications; Receive the SM2 enabling signal that SM2 controller 22 sends, start SM2 arithmetic element 24; Calling the second mould adds computing module and calculates t=(r '+s ') modn; Call the second point doubling module and calculate [s '] G and [t '] P ACalling second point adds computing module and calculates (x ', y ')=[s '] G+[t '] P ACall the second mould add computing module calculate R=(e '+x 1') modn, whether checking R=r ' sets up, and pass through if set up then checking, otherwise checking is not passed through; After this SM2 digital signature authentication is finished, obtain the result, the result and complement mark are returned to SM2 controller 22; Receive the SM2 reset signal that SM2 controller 22 sends, SM2 arithmetic element 24 resets.
The second mould adds computing module, is used for finishing under Jacobi Coordinate system the calculating of t=(r '+s ') modn of SM2 digital signature verification algorithm, and R=(e '+x 1') calculating of modn, wherein, (r '+s ') be the signature code word, calculate the digest value of message
Figure BDA00002581944200111
H v() is the digest calculations function,
Figure BDA00002581944200112
" " represents the splicing of former and later two character strings, and n is the rank of elliptic curve, x 1' be one of elliptic curve point (x ', y ') coordinate element;
The second point doubling module is used under the support of the signed magnitude arithmetic(al) of bottom prime field, prime field multiplying and prime field division arithmetic, calculates [s '] G and [t '] P in the SM2 digital signature verification algorithm under Jacobi Coordinate system A, wherein, G is the basic point of elliptic curve, G=(x G, y G) (G ≠ O), x GAnd y GF pIn two elements, elliptic curve E (F q) two element a, the b ∈ F of equation q, P ABeing client public key, also is a point on the elliptic curve, and [s '] G refers to s ' times of point of G, [t '] P ARefer to P AT ' times of point;
Second point adds computing module, is used under the support of the signed magnitude arithmetic(al) of bottom prime field, prime field multiplying and prime field division arithmetic, finishes [s '] G and [t '] P in the SM2 digital signature verification algorithm under Jacobi Coordinate system AThe point add operation of two points, that is, (x ', y ')=[s '] G+[t '] P A, wherein, (x ', y ') be the point on the elliptic curve.
Need to prove, in above-mentioned example 1 and example 2, the prime field multiplying can be replaced with the Montgomery multiplying.In addition, can also replace the required multiplier of Montgomery multiplying by the digital signal processor DSP resource in the fpga chip.
Below in conjunction with accompanying drawing, the technique scheme of the embodiment of the invention is elaborated.
Fig. 3 is the synoptic diagram of the SM2 signature verification fpga chip inner structure of the embodiment of the invention, as shown in Figure 3, finish the SM2 digital signature authentication based on fpga chip, the whole realization of chip comprises three parts: system bus interface 20, SM2 controller 22 and SM2 arithmetic element 24.
The below describes system bus interface 20, SM2 controller 22 and SM2 arithmetic element 24 respectively.
1, system bus interface 20
System bus interface 20 is realized comparatively flexible, can be general industrial bus standard, also can be the User Defined bus inferface protocol, need to design and develop according to concrete system requirements.The effect of system bus interface 20 mainly is: SM2 signature verification chip and chip exterior system based on FPGA communicate, and comprise control and chip status inquiry and the operation result inquiry of the writing of signature verification desired parameters and data, SM2 chip.
2, the SM2 controller 22
The realization of SM2 controller 22 is mainly the register group.Divide from function, mainly comprise: control register, data register, status register.The register group of SM2 controller 22 can be regarded middle bridge or the intermediate link of bus interface and SM2 arithmetic element 24 as, can realize that by SM2 controller 22 external system is to control or the access of SM2 arithmetic element 24.
Control register
Control register has two signal bits, is divided into from function: SM2 enabling signal and SM2 reset signal.The SM2 enabling signal is mainly used in the computing start-up performance of SM2 chip, and this control function is finished by a trigger pip, can be level triggers, also can for along triggering, weigh according to design requirement; External system writes to the control register of SM2 controller 22 by bus interface and triggers this signal.The SM2 reset signal is mainly used in resetting of SM2 arithmetic element 24, this reset signal is Low level effective, external system writes to the control register of SM2 controller 22 by bus interface and triggers this signal, this signal is generally finished a SM2 signature verification computing in SM2 arithmetic element 24, external system and the result taken away after, carry out set, by set, the SM2 arithmetic element 24 that can reset is calculated in order to a new SM2 signature verification.
Data register
Data register is mainly used in storing SM2 arithmetic element 24 and calculates required data, and these data comprise: the rank n of the required elliptic curve parameter of SM2 digital signature verification algorithm (two element a and b, the basic point G(of scale q, elliptic curve equation are mainly basic point coordinate element), basic point G and other option etc.), be used for the client public key P that checking is calculated A, message to be verified summary
Figure BDA00002581944200131
Be used for the signed codevector (r' that checking is calculated, s') word etc. (is noted, chip design of the present invention is mainly finished SM2 digital signature verification algorithm step 5 to step 7, because the operand of the several steps in front is very little, can in the fpga chip external system, finish, chip internal is finished the large step of back operand, can save like this area and the cost of chip); Wherein, the elliptic curve parameter can with reference to the reference parameter that provides in the SM2 standard, also can be verified the elliptic curve parameter that calculating draws voluntarily by the user in earlier stage.Data register with DSR, therefore before SM2 arithmetic element 24 starts, needs external system by external bus interface above-mentioned data to be write as data buffer storage before SM2 arithmetic element 24 triggers startup calculating; After SM2 arithmetic element 24 started computing, SM2 arithmetic element 24 was with above-mentioned data reading; Behind the data reading, this data register can treat that this SM2 signature verification is calculated and finish, and empties after SM2 arithmetic element 24 resetted, and newer data write before waiting for a new SM2 computing.
Status register
Status register can be used for the duty of inquiry chip SM2 arithmetic element 24, comprising: idle, calculate in, calculate and finish.In addition, status register can comprise a computing complement mark position, is used for providing the interrupt identification of external system, can proactive notification external system SM2 calculating finish by this sign.Simultaneously, status register also has a zone bit, is called as a result zone bit, is used for the expression the result, and comprise two classes: be proved to be successful and authentication failed, external system can read this zone bit, obtains operation result.
3, the SM2 arithmetic element 24
The embodiment of the invention mainly designs realization based on above-mentioned SM2 signature verification fpga chip inner structure, and groundwork concentrates on SM2 arithmetic element 24.At first under affine coordinate system, design, realize, verify; Then under the Jacobi coordinate system, to the related algorithm of SM2 arithmetic element 24, the optimization that computation structure is carried out, thereby improved SM2 signature verification computing velocity.This invention is carried out chip design based on FPGA, and basic structure is as shown in Figure 3 three major parts still, and difference is that the realization of SM2 arithmetic element 24 is different.Need to prove that the realization of the SM2 arithmetic element 24 of Fig. 3 is based on affine coordinate system.Two classes of SM2 arithmetic element 24 realize: under affine coordinate system, the checking arithmetic element of SM2 signature is embodied as basic realization; Jacobi Coordinate system is lower, and the checking arithmetic element of SM2 signature realizes, is a kind of Optimized Implementation Method that can improve arithmetic speed, but can takies more fpga chip resource.Concrete condition is with reference to following explanation.
The realization of SM2 signature verification arithmetic element under the affine coordinate system
Fig. 4 is that SM2 signature verification arithmetic element realizes synoptic diagram under the affine coordinate system of the embodiment of the invention, as shown in Figure 4, SM2 arithmetic element 24 communicates with SM2 controller 22, signal type comprises: control signal writes, data write, state and result read, and its semiotic function is the function of control register, data register and status register in the corresponding SM2 controller 22 respectively.
It needs to be noted that this SM2 arithmetic element 24 is mainly finished the step 5 of SM2 digital signature verification algorithm to the calculating process of step 7.A few step calculating process calculated amount are little because sign, and can finish in chip exterior.
According to shown in Figure 4, the inner structure of SM2 arithmetic element 24 comprises: (point adds the point add operation that refers to Point on Elliptic Curve for state machine module, point doubling module, point add operation module, need bottom prime field computing support, comprise prime field multiplication, prime field division and prime field plus-minus method), mould adds computing module.
1, state machine module
According to fpga chip state machine design characteristics, the state machine major function in the SM2 arithmetic element 24 is: SM2 computing flow process control, and with the communication function of SM2 controller 22.The state controls metastasis flow process of state machine is: the enabling signal---〉of control register is carried out SM2 and is calculated in the data that read data register in the SM2 controller 22---〉the responses SM2 controller 22---〉and SM2 calculates and finishes, obtain operation result, result and complement mark return to the status register of SM2 control register---〉wait for the reset signal of SM2 controller 22.
The function of state machine is specific as follows:
(1) the SM2 data read, and mainly read the data of data register in the SM2 controller 22, this be state machine before complete S M2 computing, the work that at first will finish.
(2) SM2 control signal response: mainly respond enabling signal and reset signal that SM2 controller 22 provides.The response enabling signal, beginning SM2 calculates; The response reset signal resets to SM2 arithmetic element 24, prepares once new calculating.
(3) control SM2 computation process according to the calculation requirement of SM2 digital signature verification algorithm step 5 to step 7, is dispatched each computing module once respectively in order, is specially:
Mould adds computing, mainly finishes t=(r '+s ') modn and calculates;
Point doubling successively each once, [s '] G and [t '] P A
Point add operation, [s '] G+[t '] P A
Mould adds computing, R=(e '+x 1') modn.
(4) provide checking SM2 signature verification result, and to status register return state and the result of SM2 controller 22.
2, point add operation module
This module is mainly finished [s '] G and [t '] P of SM2 digital signature verification algorithm step 6 AThe point add operation of two points, namely (x ', y ')=[s '] G+[t '] P A
The below lists the point add operation rule, and is as follows:
(1) establishes two some P 1=(x 1, y 1) and P 2=(x 2, y 2), ask P 3=(x 3, y 3)=P 1+ P 2
(2) then x 3 = ( y 2 - y 1 x 2 - x 1 ) 2 - x 1 - x 2 With y 3 = ( y 2 - y 1 x 2 - x 1 ) ( x 1 - x 3 ) - y 1 .
According to above-mentioned operation rule as can be known, the elliptic curve point add operation needs the support of the signed magnitude arithmetic(al) of bottom prime field, prime field multiplying and prime field division arithmetic.
3, point doubling module
The point doubling module mainly is responsible for finishing [s '] G and [t '] P in the SM2 digital signature verification algorithm step 6 ATwice computing.
In the embodiment of the invention, [s '] G is the point doubling of at first finishing, [t '] P AIt is the point doubling that to finish subsequently.G is the basic point of elliptic curve, P ABeing client public key, also is a point on the elliptic curve.[s '] G refers to s ' times of point of G, [t '] P ARefer to P AT ' times of point.According to the correlation theories knowledge of elliptic curve as can be known, the point on the elliptic curve is finished the point after point doubling becomes, and still on this elliptic curve, also namely this point also is the point of elliptic curve, therefore [s '] G and [t '] P ATwo points on the elliptic curve.The result that these two points carry out point add operation also is the point on the elliptic curve.
From computation process, the essence of point doubling can be regarded point add operation repeatedly as, so point doubling still needs to call prime field signed magnitude arithmetic(al), prime field multiplying and the prime field division arithmetic module of bottom.
4, mould adds computing module
It is comparatively simple that mould adds computing, i.e. after the data summation, ask modular arithmetic again.T=(r '+s ') modn that mainly is responsible for finishing SM2 digital signature verification algorithm step 5 calculates, and the R=of step 7 (e '+x 1') modn calculating.
Above-mentioned under affine coordinate system, based on the SM2 signature verification arithmetic element that fpga chip is realized, finish the computing of a SM2 signature, generally need additional calculation more than 500 time, corresponding division calculation then needs more than 20,000 time.For example, according to the computation rule of SM2 point add operation, need 1 division calculation and three multiplication to calculate, but the division calculation amount on the prime field is about 50 times of multiplication, therefore can be clear and definite be: maximum Calculation bottleneck is exactly a large amount of division arithmetic.
At this, in order to reduce the division arithmetic amount under the affine coordinate system, can introduce Jacobi Coordinate system.Coordinate under Jacobi Coordinate system can be expressed as, and its correspondence affine coordinates, therefore coordinate vector in the Jacobi coordinate system can be considered as intermediate variable, and utilization can be finished the mutual conversion of affine coordinate system and Jacobi Coordinate system.
Mutual conversion by affine coordinate system and Jacobi Coordinate system realizes so that the SM2 signature verification is calculated under Jacobi Coordinate system, can effectively avoid a large amount of division calculation, has obviously reduced calculated amount.And in the process of finishing a SM2 computing, the mutual conversion of affine coordinate system and Jacobi Coordinate system only needs 1 time.Even if the computing of a SM2 signature also only needs twice or thrice division arithmetic, can greatly optimize arithmetic element and arithmetic speed.From in essence, by the conversion of affine coordinate system and Jacobi Coordinate system, effectively eliminate division calculation amount call number, be mainly reflected in effective reduced more doubly and put add computation process to the call number of prime field division.
The front knows that the mutual conversion by affine coordinate system and Jacobi Coordinate system can effectively reduce division arithmetic.Therefore, after division arithmetic optimization realized, main Calculation bottleneck then was multiplying.
Multiplying on the prime field all is modular multiplication, i.e. c=a * bmodp.Traditional multiplying or need to come the remainder number by division, or realize by the subtraction of low rate.The multiplication that the present invention adopts Montgomery multiplication (montgomery multiplication) then can effectively optimize prime field calculates, and the multiplying that complex calculations is changed into simple low precision realizes.The Montgomery multiplying is as follows:
Algorithm: Montgomery Multiplication(montgomery multiplication calculates)
Input:
1, territory F p, mould p, order
Figure BDA00002581944200171
P=n 12 D+ n 0, n 0 ′ = - n 0 - 1 mod 2 D ;
2, integer a, b ∈ [0, p-1], a=a 12 D+ a 0, b=b 12 D+ b 0
3, integer T = Σ i = 0 2 2 iD t i , Integer m.
Output: c=a b * R -1Modp
Step:
Step 1, T=a 0b 0
Step 2, m=(t 0N ' 0) mod2 D
Step 3, T=(T+mn 0The D of)>>;
Step 4, T=T+a 0b 1+ a 1b 0+ mn 1
Step 5, m=(t 0N ' 0) mod2 D
Step 6, T=(T+mn 0The D of)>>;
Step 7, c=(T+a 1b 1+ mn 1) modp.
By the performing step in the description of above-mentioned algorithm as can be known, originally finish the one-off pattern multiplication in prime field, can be converted into the multiplying of the simply low precision of several times.Therefore can effectively reduce the execution cycle of original prime field multiplying, improve the arithmetic speed of SM2 digital signature authentication computing.But be based on above-mentioned Montgomery multiplying, the present invention realizes by the FPGA programming, need to take more fpga logic resource.Therefore under the Jacobi coordinate system, realize SM2 digital signature authentication computing, the fpga chip area wants large than the realization under the affine coordinate system.The below is under the Jacobi coordinate system, and the realization situation of SM2 digital signature authentication arithmetic element describes.
The realization of the lower SM2 signature verification arithmetic element of Jacobi Coordinate system
Fig. 5 is that the lower SM2 signature verification arithmetic element of the Jacobi Coordinate system of the embodiment of the invention realizes synoptic diagram, and as shown in Figure 5, with Fig. 4 contrast, the key distinction is:
1, increased coordinate transferring, be used for the conversion that the point coordinate data on the elliptic curve by affine coordinate system to Jacobi Coordinate is, mainly be the some data of data register in the SM2 controller, after finishing conversion by coordinate transferring first, write again the SM2 arithmetic element, be used for doubly some calculating and point and add calculating;
2, among Fig. 5 doubly point calculate and point adds calculating and all finishes under Jacobi Coordinate system, its call number to the bottom arithmetic element obviously reduces, particularly calling prime field division and multiplying;
3, among Fig. 5, replace original prime field multiplying with Montgomery multiplying module, can Effective Raise system arithmetic speed.
Each several part shown in Figure 5, its function and module realization, substantially same as shown in Figure 4, do not repeat them here.
Need to prove, the fpga chip inside of certain model comprises the DSP resource, and these DSP resources are through the multiplication accumulator module of optimizing, under the condition that DSP quantity allows, adopt DSP to realize the multiplying of simple low precision, be better than the inner general multiplier of fpga chip.
Therefore by utilizing the inner abundant DSP resource of fpga chip, can calculate low precision multiplication in the Montgomery multiplying and make further hardware optimization.Namely utilize the required multiplier of the original Montgomery computing of the inner DSP substitution of resources of fpga chip.Then the counting yield of Montgomery multiplication can improve nearly one times, and this also is a kind of optimization means under concrete application demand and system cost enabled condition.
Table 1 is that M2 algorithm FPGA realizes and optimization resource efficiency comparison situation that as shown in table 1, listed FPGA implementation is mainly: affine coordinate system and Jacobi Coordinate system are lower, on average finish the comparing result that a SM2 signature verification is calculated.Comprising: affine coordinate system realize, Jacobi Coordinate system realizes that (adopting 1 times of DSP resource to replace general multipliers), Jacobi Coordinate system realize and prioritization scheme 1(adopts 1 times of DSP resource to replace general multipliers, and synthesis tool carried out totalizer optimization), Jacobi Coordinate system realizes and prioritization scheme 2(adopts 2 times of DSP resources replacement general multipliers).
Table 1
Figure BDA00002581944200191
In sum, by means of the technical scheme of the embodiment of the invention, adopt the mutually method of conversion of affine coordinate system coordinate system and Jacobi Coordinate system, and take full advantage of the fpga chip resource, can effectively promote the arithmetic speed of SM2 algorithm.Implementation method of the present invention and optimization method can be applied to all kinds of safety certifications field, simultaneously according to concrete application scenarios and technical need, take the flexible configuration mode, realize the reasonable distribution of system resource and operation efficiency.
Intrinsic not relevant with any certain computer, virtual system or miscellaneous equipment with demonstration at this algorithm that provides.Various general-purpose systems also can be with using based on the teaching at this.According to top description, it is apparent constructing the desired structure of this type systematic.In addition, the present invention is not also for any certain programmed language.Should be understood that and to utilize various programming languages to realize content of the present invention described here, and the top description that language-specific is done is in order to disclose preferred forms of the present invention.
In the instructions that provides herein, a large amount of details have been described.Yet, can understand, embodiments of the invention can be put into practice in the situation of these details not having.In some instances, be not shown specifically known method, structure and technology, so that not fuzzy understanding of this description.
Similarly, be to be understood that, in order to simplify the disclosure and to help to understand one or more in each inventive aspect, in the description to exemplary embodiment of the present invention, each feature of the present invention is grouped together in single embodiment, figure or the description to it sometimes in the above.Yet the method for the disclosure should be construed to the following intention of reflection: namely the present invention for required protection requires the more feature of feature clearly put down in writing than institute in each claim.Or rather, as following claims reflected, inventive aspect was to be less than all features of the disclosed single embodiment in front.Therefore, follow claims of embodiment and incorporate clearly thus this embodiment into, wherein each claim itself is as independent embodiment of the present invention.
Those skilled in the art are appreciated that and can adaptively change and they are arranged in one or more equipment different from this embodiment the module in the equipment among the embodiment.Can be combined into a module or unit or assembly to the module among the embodiment or unit or assembly, and can be divided into a plurality of submodules or subelement or sub-component to them in addition.In such feature and/or process or unit at least some are mutually repelling, and can adopt any combination to disclosed all features in this instructions (comprising claim, summary and the accompanying drawing followed) and so all processes or the unit of disclosed any method or equipment make up.Unless in addition clearly statement, disclosed each feature can be by providing identical, being equal to or the alternative features of similar purpose replaces in this instructions (comprising claim, summary and the accompanying drawing followed).
In addition, those skilled in the art can understand, although embodiment more described herein comprise some feature rather than further feature included among other embodiment, the combination of the feature of different embodiment means and is within the scope of the present invention and forms different embodiment.For example, in the following claims, the one of any of embodiment required for protection can be used with array mode arbitrarily.
All parts embodiment of the present invention can realize with hardware, perhaps realizes with the software module of moving at one or more processor, and perhaps the combination with them realizes.It will be understood by those of skill in the art that and to use in practice microprocessor or digital signal processor (DSP) to realize according to some of the fpga chip that is used for the SM2 digital signature verification algorithm of the embodiment of the invention or all some or repertoire of parts.The present invention can also be embodied as be used to part or all equipment or the device program (for example, computer program and computer program) of carrying out method as described herein.Such realization program of the present invention can be stored on the computer-readable medium, perhaps can have the form of one or more signal.Such signal can be downloaded from internet website and obtain, and perhaps provides at carrier signal, perhaps provides with any other form.
It should be noted above-described embodiment the present invention will be described rather than limit the invention, and those skilled in the art can design alternative embodiment in the situation of the scope that does not break away from claims.In the claims, any reference symbol between bracket should be configured to limitations on claims.Word " comprises " not to be got rid of existence and is not listed in element or step in the claim.Being positioned at word " " before the element or " one " does not get rid of and has a plurality of such elements.The present invention can realize by means of the hardware that includes some different elements and by means of the computing machine of suitably programming.In having enumerated the unit claim of some devices, several in these devices can be to come imbody by same hardware branch.The use of word first, second and C grade does not represent any order.Can be title with these word explanations.

Claims (10)

1. a fpga chip that is used for the SM2 digital signature verification algorithm is characterized in that, comprising:
System bus interface, be used for communicating with the external system of described fpga chip, obtain the required parameter of SM2 digital signature authentication and data from described external system, and write described SM2 controller, receive control message, duty query messages and operation result query messages that described external system sends, and send to described SM2 controller;
The SM2 controller, with described system bus interface be connected the SM2 arithmetic element and be connected, be used for triggering described SM2 arithmetic element according to described control message, after receiving described duty query messages and described operation result query messages, send duty and the result of described SM2 arithmetic element to described external system by described system bus interface;
The SM2 arithmetic element, be used under the triggering of described SM2 controller, from described SM2 controller, read the required parameter of this SM2 digital signature authentication and data, carry out verifying calculating according to described SM2 digital signature verification algorithm, the result is sent to described SM2 controller.
2. fpga chip as claimed in claim 1 is characterized in that, described system bus interface comprises: the system bus interface that meets the universal industrial bus standard; The system bus interface that perhaps meets the User Defined bus inferface protocol.
3. fpga chip as claimed in claim 1 is characterized in that, described SM2 controller specifically comprises:
Control register, be used in the situation of the described control message that receives described external system transmission by described system bus interface, according to described control message, trigger described SM2 arithmetic element by the SM2 enabling signal and start, trigger described SM2 arithmetic element by the SM2 reset signal and reset;
Data register, be used for receiving required parameter and the data of this SM2 digital signature authentication that described external system sends by described system bus interface, and store, after described control register resets described SM2 arithmetic element, empty the required parameter of this SM2 digital signature authentication and data;
Status register is used for inquiring about the duty of described SM2 arithmetic element, and by described system bus interface described duty being sent to described external system in the situation that receives described duty query messages; The described SM2 arithmetic element of the described external system of proactive notification has been finished this SM2 digital signature authentication; In the situation that receives described operation result query messages, send the result of this SM2 digital signature authentication to described external system by described system bus interface.
4. fpga chip as claimed in claim 1 is characterized in that, described SM2 arithmetic element specifically comprises:
The first state machine module is used for carrying out the control of SM2 digital signature authentication computing flow process, and communicates with described SM2 controller;
The first mould adds computing module, is used for finishing under affine coordinate system the calculating of t=(r '+s ') modn of SM2 digital signature verification algorithm, and R=(e '+x 1') calculating of modn, wherein, (r '+s ') be the signature code word, calculate the digest value of message
Figure FDA00002581944100021
H v() is the digest calculations function,
Figure FDA00002581944100022
" " represents the splicing of former and later two character strings, and n is the rank of elliptic curve, x 1' be one of elliptic curve point (x ', y ') coordinate element;
The first point doubling module is used under the support of the signed magnitude arithmetic(al) of bottom prime field, prime field multiplying and prime field division arithmetic, calculates [s '] G and [t '] P in the SM2 digital signature verification algorithm under affine coordinate system A, wherein, G is the basic point of elliptic curve, G=(x G, y G) (G ≠ O), x GAnd y GF pIn two elements, elliptic curve E (F q) two element a, the b ∈ F of equation q, P ABeing client public key, also is a point on the elliptic curve, and [s '] G refers to s ' times of point of G, [t '] P ARefer to P AT ' times of point;
The first point add operation module is used under the support of the signed magnitude arithmetic(al) of bottom prime field, prime field multiplying and prime field division arithmetic, finishes [s '] G and [t '] P in the SM2 digital signature verification algorithm under affine coordinate system AThe point add operation of two points, that is, (x ', y ')=[s '] G+[t '] P A, wherein, (x ', y ') be the point on the elliptic curve.
5. fpga chip as claimed in claim 4 is characterized in that, described the first state machine module specifically is used for:
Read required parameter and the data of this SM2 digital signature authentication in the described SM2 controller;
Receive the described SM2 enabling signal that described SM2 controller sends, start described SM2 arithmetic element;
Add computing module according to described the first point doubling module of the computing process invocation of SM2 digital signature verification algorithm, described the first point add operation module, described the first mould, and verify calculating according to this SM2 digital signature authentication required parameter and data;
After this SM2 digital signature authentication is finished, obtain the result, described the result and complement mark are returned to described SM2 controller;
Receive the described SM2 reset signal that described SM2 controller sends, described SM2 arithmetic element resets.
6. fpga chip as claimed in claim 5 is characterized in that, described the first state machine module specifically is used for:
Calling described the first mould adds computing module and calculates t=(r '+s ') modn;
Call described the first point doubling module and calculate [s '] G and [t '] P A
Call described the first point add operation module and calculate (x ', y ')=[s '] G+[t '] P A
Call described the first mould add computing module calculate R=(e '+x 1') modn, whether checking R=r ' sets up, and pass through if set up then checking, otherwise checking is not passed through.
7. fpga chip as claimed in claim 1 is characterized in that, described SM2 arithmetic element specifically comprises:
Coordinate transferring is used for the point coordinate data on the elliptic curve is changed to Jacobi Coordinate system by affine coordinate system;
The second state machine module is used for carrying out the control of SM2 digital signature authentication computing flow process, and communicates with described SM2 controller;
The second mould adds computing module, is used for finishing under Jacobi Coordinate system the calculating of t=(r '+s ') modn of SM2 digital signature verification algorithm, and R=(e '+x 1') calculating of modn, wherein, (r '+s ') be the signature code word, calculate the digest value of message
Figure FDA00002581944100031
H v() is the digest calculations function, " " represents the splicing of former and later two character strings, and n is the rank of elliptic curve, x 1' be one of elliptic curve point (x ', y ') coordinate element;
The second point doubling module is used under the support of the signed magnitude arithmetic(al) of bottom prime field, prime field multiplying and prime field division arithmetic, calculates [s '] G and [t '] P in the SM2 digital signature verification algorithm under Jacobi Coordinate system A, wherein, G is the basic point of elliptic curve, G=(x G, y G) (G ≠ O), x GAnd y GF pIn two elements, elliptic curve E (F q) two element a, the b ∈ F of equation q, P ABeing client public key, also is a point on the elliptic curve, and [s '] G refers to s ' times of point of G, [t '] P ARefer to P AT ' times of point;
Second point adds computing module, is used under the support of the signed magnitude arithmetic(al) of bottom prime field, prime field multiplying and prime field division arithmetic, finishes [s '] G and [t '] P in the SM2 digital signature verification algorithm under Jacobi Coordinate system AThe point add operation of two points, that is, (x ', y ')=[s '] G+[t '] P A, wherein, (x ', y ') be the point on the elliptic curve.
8. such as claim 7 or 4 described fpga chips, it is characterized in that, described prime field multiplying is replaced with Montgomery Montgomery multiplying.
9. fpga chip as claimed in claim 8 is characterized in that, replaces the required multiplier of described Montgomery multiplying by the digital signal processor DSP resource in the described fpga chip.
10. fpga chip as claimed in claim 7 is characterized in that, described the second state machine module specifically is used for:
Read required parameter and the data of this SM2 digital signature authentication in the described SM2 controller;
Receive the described SM2 enabling signal that described SM2 controller sends, start described SM2 arithmetic element;
Calling described the second mould adds computing module and calculates t=(r '+s ') modn;
Call described the second point doubling module and calculate [s '] G and [t '] P A
Calling described second point adds computing module and calculates (x ', y ')=[s '] G+[t '] P A
Call described the second film add computing module calculate R=(e '+x 1') modn, whether checking R=r ' sets up, and pass through if set up then checking, otherwise checking is not passed through;
After this SM2 digital signature authentication is finished, obtain the result, described the result and complement mark are returned to described SM2 controller;
Receive the described SM2 reset signal that described SM2 controller sends, described SM2 arithmetic element resets.
CN201210540967.XA 2012-12-13 2012-12-13 Field-programmable gate array (FPGA) chip for SM2 digital signature verification algorithm Active CN103049710B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201210540967.XA CN103049710B (en) 2012-12-13 2012-12-13 Field-programmable gate array (FPGA) chip for SM2 digital signature verification algorithm

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201210540967.XA CN103049710B (en) 2012-12-13 2012-12-13 Field-programmable gate array (FPGA) chip for SM2 digital signature verification algorithm

Publications (2)

Publication Number Publication Date
CN103049710A true CN103049710A (en) 2013-04-17
CN103049710B CN103049710B (en) 2017-02-08

Family

ID=48062343

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201210540967.XA Active CN103049710B (en) 2012-12-13 2012-12-13 Field-programmable gate array (FPGA) chip for SM2 digital signature verification algorithm

Country Status (1)

Country Link
CN (1) CN103049710B (en)

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103888246A (en) * 2014-03-10 2014-06-25 深圳华视微电子有限公司 Low-energy-consumption small-area data processing method and data processing device thereof
CN106789078A (en) * 2016-12-29 2017-05-31 记忆科技(深圳)有限公司 A kind of digital signature identification system based on ahb bus
CN107026859A (en) * 2017-03-31 2017-08-08 西安电子科技大学 A kind of safe transmission method of privacy cloud medical data
CN108322308A (en) * 2017-12-14 2018-07-24 天津津航计算技术研究所 A kind of system for implementing hardware of Digital Signature Algorithm for authentication
CN109218023A (en) * 2017-06-29 2019-01-15 英特尔公司 Technology for robust calculation digital signature of elliptic curve
CN109977702A (en) * 2019-04-08 2019-07-05 成都靖尧通信技术有限公司 A kind of FPGA device encrypted authentication system and method based on DS2432 chip
CN113055189A (en) * 2021-06-02 2021-06-29 工业信息安全(四川)创新中心有限公司 SM2 digital signature verification failure reason judgment method, device, equipment and medium
US11323268B2 (en) * 2019-06-28 2022-05-03 Intel Corporation Digital signature verification engine for reconfigurable circuit devices

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP4509611B2 (en) * 2004-03-18 2010-07-21 東芝ソリューション株式会社 Electronic signature assurance system, program and apparatus
CN102104482A (en) * 2009-12-21 2011-06-22 上海华虹集成电路有限责任公司 Method for infinity point representation under affine coordinate system in elliptic curve cryptosystem
CN102737270B (en) * 2011-04-15 2015-11-18 航天信息股份有限公司 A kind of bank intelligent card chip secure coprocessor based on domestic algorithm
CN102761413B (en) * 2011-04-27 2015-06-10 航天信息股份有限公司 Implementation system of p-element domain SM2 elliptic curve public key cryptographic algorithm

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103888246A (en) * 2014-03-10 2014-06-25 深圳华视微电子有限公司 Low-energy-consumption small-area data processing method and data processing device thereof
CN106789078A (en) * 2016-12-29 2017-05-31 记忆科技(深圳)有限公司 A kind of digital signature identification system based on ahb bus
CN107026859A (en) * 2017-03-31 2017-08-08 西安电子科技大学 A kind of safe transmission method of privacy cloud medical data
CN109218023A (en) * 2017-06-29 2019-01-15 英特尔公司 Technology for robust calculation digital signature of elliptic curve
CN108322308A (en) * 2017-12-14 2018-07-24 天津津航计算技术研究所 A kind of system for implementing hardware of Digital Signature Algorithm for authentication
CN108322308B (en) * 2017-12-14 2021-01-12 天津津航计算技术研究所 Hardware implementation system of digital signature algorithm for identity authentication
CN109977702A (en) * 2019-04-08 2019-07-05 成都靖尧通信技术有限公司 A kind of FPGA device encrypted authentication system and method based on DS2432 chip
CN109977702B (en) * 2019-04-08 2023-08-04 成都靖尧通信技术有限公司 FPGA equipment encryption authentication system based on DS2432 chip
US11323268B2 (en) * 2019-06-28 2022-05-03 Intel Corporation Digital signature verification engine for reconfigurable circuit devices
US20220255757A1 (en) * 2019-06-28 2022-08-11 Intel Corporation Digital signature verification engine for reconfigurable circuit devices
CN113055189A (en) * 2021-06-02 2021-06-29 工业信息安全(四川)创新中心有限公司 SM2 digital signature verification failure reason judgment method, device, equipment and medium
CN113055189B (en) * 2021-06-02 2021-08-10 工业信息安全(四川)创新中心有限公司 SM2 digital signature verification failure reason judgment method, device, equipment and medium

Also Published As

Publication number Publication date
CN103049710B (en) 2017-02-08

Similar Documents

Publication Publication Date Title
CN103049710A (en) Field-programmable gate array (FPGA) chip for SM2 digital signature verification algorithm
CN103942031B (en) Elliptic domain curve operations method
CN101826142B (en) Reconfigurable elliptic curve cipher processor
CN102609239A (en) ECC (elliptic curve cryptography) coprocessor
CN106487512A (en) A kind of RSA key is to quick-speed generation system and method
EP3859585A1 (en) Block chain intelligent contract execution method, device and electronic apparatus
CN102222017A (en) Methods and systems to implement non-ABI conforming features across unseen interfaces
CN103838626A (en) Data processing device and method for processing serial tasks
CN101021777B (en) Efficient mod operation based on divisor (2n-1)
CN103984677A (en) Embedded reconfigurable system based on large-scale coarseness and processing method thereof
CN100375011C (en) Arithmetic unit of arbitrary precision, operation method for processing data of arbitrary precision and electronic equipment
Wenger et al. Harder, better, faster, stronger: elliptic curve discrete logarithm computations on FPGAs
CN108446989B (en) Method for determining commission charge and terminal equipment
Wenger et al. Solving the discrete logarithm of a 113-bit Koblitz curve with an FPGA cluster
CN104503730A (en) Instruction-based large-number point addition and point multiplication operation circuit and realization method
CN103761213A (en) On-chip array system based on circulating pipeline computation
Kim et al. High‐speed parallel implementations of the rainbow method based on perfect tables in a heterogeneous system
CN104298897A (en) Embedded copyright authentication method based on chaos technology and special processor
EP3758288B1 (en) Digital signature verification engine for reconfigurable circuit devices
Akeela et al. Efficient HW/SW partitioning of Halo: FPGA-accelerated recursive proof composition in blockchain
Nedjah et al. Four hardware implementations for the m-ary modular exponentiation
CN112328960B (en) Optimization method and device for data operation, electronic equipment and storage medium
Farias et al. Cryptographic architecture for co-process on consumer electronics devices
Andrzejczak An Improved Architecture of a Hardware Accelerator for Factoring Integers with Elliptic Curve Method
CN115801228B (en) Interactive information encryption method and device, electronic equipment and storage medium

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant