CN103049710B - Field-programmable gate array (FPGA) chip for SM2 digital signature verification algorithm - Google Patents

Field-programmable gate array (FPGA) chip for SM2 digital signature verification algorithm Download PDF

Info

Publication number
CN103049710B
CN103049710B CN201210540967.XA CN201210540967A CN103049710B CN 103049710 B CN103049710 B CN 103049710B CN 201210540967 A CN201210540967 A CN 201210540967A CN 103049710 B CN103049710 B CN 103049710B
Authority
CN
China
Prior art keywords
digital signature
point
controller
signature verification
module
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201210540967.XA
Other languages
Chinese (zh)
Other versions
CN103049710A (en
Inventor
沈阳
郭沛宇
王磊
宫铭豪
丁森华
梁晋春
马艳
姚颖颖
张乃光
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Academy of Broadcasting Science Research Institute
Original Assignee
Academy of Broadcasting Science Research Institute
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Academy of Broadcasting Science Research Institute filed Critical Academy of Broadcasting Science Research Institute
Priority to CN201210540967.XA priority Critical patent/CN103049710B/en
Publication of CN103049710A publication Critical patent/CN103049710A/en
Application granted granted Critical
Publication of CN103049710B publication Critical patent/CN103049710B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Storage Device Security (AREA)

Abstract

本发明公开了一种用于SM2数字签名验证算法的FPGA芯片。该FPGA芯片包括:系统总线接口,用于与FPGA芯片的外部系统进行通信,从外部系统获取SM2数字签名验证所需的参数和数据,并写入SM2控制器,接收外部系统发送的控制消息、工作状态查询消息、以及运算结果查询消息,并发送到SM2控制器;SM2控制器,用于根据控制消息触发SM2运算单元,在接收到工作状态查询消息和运算结果查询消息后,通过系统总线接口向外部系统发送SM2运算单元的工作状态和验证结果;SM2运算单元,用于在SM2控制器的触发下,从SM2控制器中读取本次SM2数字签名验证所需的参数和数据,进行根据SM2数字签名验证算法完成验证计算,将验证结果发送到SM2控制器。

The invention discloses an FPGA chip used for SM2 digital signature verification algorithm. The FPGA chip includes: a system bus interface, which is used to communicate with the external system of the FPGA chip, obtain the parameters and data required for SM2 digital signature verification from the external system, write them into the SM2 controller, and receive control messages sent by the external system, The working state query message and the operation result query message are sent to the SM2 controller; the SM2 controller is used to trigger the SM2 operation unit according to the control message, and after receiving the working state query message and the operation result query message, through the system bus interface Send the working status and verification results of the SM2 computing unit to the external system; the SM2 computing unit is used to read the parameters and data required for this SM2 digital signature verification from the SM2 controller under the trigger of the SM2 controller, and perform the verification based on the SM2 controller. The SM2 digital signature verification algorithm completes the verification calculation and sends the verification result to the SM2 controller.

Description

用于SM2数字签名验证算法的FPGA芯片FPGA chip for SM2 digital signature verification algorithm

技术领域technical field

本发明涉及计算机技术领域,特别是涉及一种用于SM2数字签名验证算法的FPGA芯片。The invention relates to the technical field of computers, in particular to an FPGA chip used for SM2 digital signature verification algorithm.

背景技术Background technique

国家密码管理局于2010年底提出我国相关的密码学算法标准,包括:SM2标准、SM3标准、SM7标准。其中SM2标准是:基于椭圆曲线离散对数的数学问题基础,在国际相关ECC(椭圆曲线密码)相关标准算法基础上演化而来的国内标准。At the end of 2010, the State Encryption Administration put forward the relevant cryptography algorithm standards in my country, including: SM2 standard, SM3 standard, and SM7 standard. Among them, the SM2 standard is: based on the mathematical problem basis of elliptic curve discrete logarithm, it is a domestic standard evolved on the basis of international related ECC (elliptic curve cryptography) related standard algorithms.

目前国内外应用较多的非对称密码算法主要还是RSA算法。但是从理论分析和应用需求角度看,ECC算法(包含SM2标准算法)的安全强度要高于RSA算法,同时密钥长度更短,应用前景较好。但是基于SM2算法的系统实现,甚至在终端芯片研发方面产品不多。At present, the asymmetric cryptographic algorithm widely used at home and abroad is mainly the RSA algorithm. However, from the perspective of theoretical analysis and application requirements, the security strength of the ECC algorithm (including the SM2 standard algorithm) is higher than that of the RSA algorithm, and the key length is shorter, so the application prospect is better. However, based on the SM2 algorithm, there are not many products in the development of terminal chips.

另一方面,国家密码管理局要求国内所有应用非对称密码算法的系统和终端,于2015年前必须使用国内标准,包括SM2算法标准。因此,在SM2产品研发和系统方案方面可以进行系统研究。On the other hand, the State Cryptography Administration requires all domestic systems and terminals using asymmetric cryptographic algorithms to use domestic standards, including SM2 algorithm standards, before 2015. Therefore, systematic research can be carried out in SM2 product development and system solutions.

发明内容Contents of the invention

为了解决现有技术中的上述问题,本发明提供一种用于SM2数字签名验证算法的FPGA芯片。In order to solve the above-mentioned problems in the prior art, the present invention provides an FPGA chip for SM2 digital signature verification algorithm.

本发明提供一种用于SM2数字签名验证算法的FPGA芯片,包括:系统总线接口,用于与FPGA芯片的外部系统进行通信,从外部系统获取SM2数字签名验证所需的参数和数据,并写入SM2控制器,接收外部系统发送的控制消息、工作状态查询消息、以及运算结果查询消息,并发送到SM2控制器;SM2控制器,与系统总线接口和SM2运算单元连接,用于根据控制消息触发SM2运算单元,在接收到工作状态查询消息和运算结果查询消息后,通过系统总线接口向外部系统发送SM2运算单元的工作状态和验证结果;SM2运算单元,用于在SM2控制器的触发下,从SM2控制器中读取本次SM2数字签名验证所需的参数和数据,进行根据SM2数字签名验证算法进行验证计算,将验证结果发送到SM2控制器。The present invention provides a kind of FPGA chip that is used for SM2 digital signature verification algorithm, comprises: system bus interface, is used for communicating with the external system of FPGA chip, obtains the required parameter and data of SM2 digital signature verification from external system, and writes Enter the SM2 controller to receive control messages, working status query messages, and operation result query messages sent by the external system, and send them to the SM2 controller; the SM2 controller is connected to the system bus interface and the SM2 computing unit to Trigger the SM2 computing unit, and after receiving the working status query message and the computing result query message, send the working status and verification results of the SM2 computing unit to the external system through the system bus interface; the SM2 computing unit is used for triggering by the SM2 controller , read the parameters and data required for this SM2 digital signature verification from the SM2 controller, perform verification calculation according to the SM2 digital signature verification algorithm, and send the verification result to the SM2 controller.

优选地,系统总线接口包括:符合通用工业总线标准的系统总线接口、或者,符合用户自定义总线接口协议的系统总线接口。Preferably, the system bus interface includes: a system bus interface conforming to a general industrial bus standard, or a system bus interface conforming to a user-defined bus interface protocol.

优选地,SM2控制器具体包括:控制寄存器,用于在通过系统总线接口接收到外部系统发送的控制消息的情况下,根据控制消息,通过SM2启动信号触发SM2运算单元启动,通过SM2复位信号触发SM2运算单元复位;数据寄存器,用于通过系统总线接口接收外部系统发送的本次SM2数字签名验证所需的参数和数据,并进行存储,在控制寄存器复位SM2运算单元后,清空本次SM2数字签名验证所需的参数和数据;状态寄存器,用于在接收到工作状态查询消息的情况下,查询SM2运算单元的工作状态,并通过系统总线接口将工作状态发送到外部系统;主动通知外部系统SM2运算单元已完成本次SM2数字签名验证;在接收到运算结果查询消息的情况下,通过系统总线接口向外部系统发送本次SM2数字签名验证的验证结果。Preferably, the SM2 controller specifically includes: a control register, which is used to trigger the start of the SM2 arithmetic unit through the SM2 start signal according to the control message when receiving a control message sent by the external system through the system bus interface, and trigger the start of the SM2 operation unit through the SM2 reset signal. Reset the SM2 operation unit; the data register is used to receive the parameters and data required for this SM2 digital signature verification sent by the external system through the system bus interface, and store them. After the control register resets the SM2 operation unit, clear the current SM2 digital signature The parameters and data required for signature verification; the status register is used to query the working status of the SM2 arithmetic unit when receiving the working status query message, and send the working status to the external system through the system bus interface; actively notify the external system The SM2 computing unit has completed this verification of the SM2 digital signature; upon receiving the computation result query message, it sends the verification result of this SM2 digital signature verification to the external system through the system bus interface.

优选地,SM2运算单元具体包括:第一状态机模块,用于进行SM2数字签名验证运算流程控制,并与SM2控制器进行通信;第一模加运算模块,用于在仿射坐标系下完成SM2数字签名验证算法中的t=(r′+s′)modn的计算,以及R=(e′+x1′)modn的计算,其中,(r′+s′)为签名码字,计算消息的摘要值Hv()为摘要计算函数,“□”表示前后两个字符串的拼接,n为椭圆曲线的阶,x1′为椭圆曲线点(x′,y′)坐标元素之一;第一倍点运算模块,用于在底层素数域加减法运算、素数域乘法运算、以及素数域除法运算的支持下,在仿射坐标系下计算SM2数字签名验证算法中的[s′]G和[t′]PA,其中,G是椭圆曲线的基点,G=(xG,yG)(G≠O),xG和yG是Fp中的两个元素,椭圆曲线E(Fq)方程的两个元素a、b∈Fq、PA是用户公钥,也是椭圆曲线上的一个点,[s′]G是指G的s′倍点,[t′]PA是指PA的t′倍点;第一点加运算模块,用于在底层素数域加减法运算、素数域乘法运算、以及素数域除法运算的支持下,在仿射坐标系下完成SM2数字签名验证算法中的[s′]G和[t′]PA两个点的点加运算,即,(x′,y′)=[s′]G+[t′]PA,其中,(x′,y′)为椭圆曲线上的点。Preferably, the SM2 computing unit specifically includes: a first state machine module, used to control the SM2 digital signature verification operation process, and communicate with the SM2 controller; a first modular addition operation module, used to complete The calculation of t=(r'+s') modn in the SM2 digital signature verification algorithm, and the calculation of R=(e'+x 1 ') modn, where (r'+s') is the signature codeword, and the calculation Digest value of the message H v () is the summary calculation function, "□" indicates the splicing of two character strings before and after, n is the order of the elliptic curve, x 1 ' is one of the coordinate elements of the elliptic curve point (x', y'); the first doubling point operation module is used to With the support of field addition and subtraction operations, prime number field multiplication operations, and prime number field division operations, [s′]G and [t′]PA in the SM2 digital signature verification algorithm are calculated in the affine coordinate system, where G is the base point of the elliptic curve, G=(x G ,y G )(G≠O), x G and y G are two elements in F p , and the two elements a and b of the elliptic curve E(F q ) equation ∈F q , PA is the user public key, and also a point on the elliptic curve, [s′] G refers to the s′ times point of G , [t′]PA refers to the t′ times point of PA; One-point addition operation module, used to complete the [s′]G in the SM2 digital signature verification algorithm in the affine coordinate system with the support of the underlying prime number field addition and subtraction operations, prime number field multiplication operations, and prime number field division operations Point addition operation of two points and [t′]PA, that is, (x′,y′) = [s′] G +[t′]PA, where (x′,y′) is point.

优选地,第一状态机模块具体用于:读取SM2控制器中本次SM2数字签名验证所需的参数和数据;接收SM2控制器发送的SM2启动信号,启动SM2运算单元;根据SM2数字签名验证算法的运算流程调用第一倍点运算模块、第一点加运算模块、第一模加运算模块,并根据本次SM2数字签名验证所需的参数和数据进行验证计算;在本次SM2数字签名验证完成后,获取验证结果,将验证结果和完成标志返回给SM2控制器;接收SM2控制器发送的SM2复位信号,复位SM2运算单元。Preferably, the first state machine module is specifically used to: read the parameters and data required for this SM2 digital signature verification in the SM2 controller; receive the SM2 start signal sent by the SM2 controller, and start the SM2 computing unit; according to the SM2 digital signature The operation process of the verification algorithm calls the first multiplication point operation module, the first point addition operation module, and the first modulo addition operation module, and performs verification calculations according to the parameters and data required for this SM2 digital signature verification; After the signature verification is completed, obtain the verification result, and return the verification result and completion flag to the SM2 controller; receive the SM2 reset signal sent by the SM2 controller, and reset the SM2 arithmetic unit.

优选地,第一状态机模块具体用于:调用第一模加运算模块计算t=(r′+s′)modn;调用第一倍点运算模块计算[s′]G和[t′]PA;调用第一点加运算模块计算(x′,y′)=[s′]G+[t′]PA;调用第一模加运算模块计算R=(e′+x1′)modn,检验R=r′是否成立,若成立则验证通过,否则验证不通过。Preferably, the first state machine module is specifically used to: call the first modular addition operation module to calculate t=(r'+s') modn; call the first multiplication point operation module to calculate [s']G and [t']P A ; call the first point addition operation module to calculate (x', y')=[s'] G +[t']PA; call the first modular addition operation module to calculate R=(e'+x 1 ') modn, Check whether R=r' is true, if true, the verification is passed, otherwise the verification is not passed.

优选地,SM2运算单元具体包括:坐标转换模块,用于对椭圆曲线上的点坐标数据由仿射坐标系向雅可比坐标系进行转换;第二状态机模块,用于进行SM2数字签名验证运算流程控制,并与SM2控制器进行通信;第二模加运算模块,用于在雅可比坐标系下完成SM2数字签名验证算法中的t=(r′+s′)modn的计算,以及R=(e′+x1′)modn的计算,其中,(r′+s′)为签名码字,计算消息的摘要值Hv()为摘要计算函数,“□”表示前后两个字符串的拼接,n为椭圆曲线的阶,x1′为椭圆曲线点(x′,y′)坐标元素之一;第二倍点运算模块,用于在底层素数域加减法运算、素数域乘法运算、以及素数域除法运算的支持下,在雅可比坐标系下计算SM2数字签名验证算法中的[s′]G和[t′]PA,其中,G是椭圆曲线的基点,G=(xG,yG)(G≠O),xG和yG是Fp中的两个元素,椭圆曲线E(Fq)方程的两个元素a、b∈Fq、PA是用户公钥,也是椭圆曲线上的一个点,[s′]G是指G的s′倍点,[t′]PA是指PA的t′倍点;第二点加运算模块,用于在底层素数域加减法运算、素数域乘法运算、以及素数域除法运算的支持下,在雅可比坐标系下完成SM2数字签名验证算法中的[s′]G和[t′]PA两个点的点加运算,即,(x′,y′)=[s′]G+[t′]PA,其中,(x′,y′)为椭圆曲线上的点。Preferably, the SM2 computing unit specifically includes: a coordinate transformation module, which is used to convert point coordinate data on the elliptic curve from an affine coordinate system to a Jacobian coordinate system; a second state machine module, which is used to perform SM2 digital signature verification operations Process control, and communicate with the SM2 controller; The second modulus addition operation module is used to complete the calculation of t=(r'+s') modn in the SM2 digital signature verification algorithm under the Jacobian coordinate system, and R= Calculation of (e′+x 1 ′)modn, where (r′+s′) is the signature codeword, and calculates the digest value of the message H v () is the summary calculation function, "□" indicates the splicing of two character strings before and after, n is the order of the elliptic curve, x 1 ' is one of the coordinate elements of the elliptic curve point (x', y'); the second doubling point operation module is used to With the support of field addition and subtraction operations, prime number field multiplication operations, and prime number field division operations, [s′]G and [t′]PA in the SM2 digital signature verification algorithm are calculated in the Jacobian coordinate system, where G is the base point of the elliptic curve, G=(x G ,y G )(G≠O), x G and y G are two elements in F p , and the two elements a and b of the elliptic curve E(F q ) equation ∈F q , PA is the user public key, and also a point on the elliptic curve, [s′] G refers to the s′ times point of G , [t′]PA refers to the t′ times point of PA; The two-point addition operation module is used to complete [s′]G in the SM2 digital signature verification algorithm in the Jacobian coordinate system with the support of addition and subtraction operations in the underlying prime number field, multiplication operations in the prime number field, and division operations in the prime number field Point addition operation of two points and [t′]PA, that is, (x′,y′) = [s′] G +[t′]PA, where (x′,y′) is point.

优选地,将素数域乘法运算替换为Montgomery乘法运算。Preferably, the prime field multiplication is replaced by a Montgomery multiplication.

优选地,通过FPGA芯片中的数字信号处理器DSP资源代替Montgomery乘法运算所需的乘法器。Preferably, the multiplier required by the Montgomery multiplication operation is replaced by a digital signal processor DSP resource in the FPGA chip.

优选地,第二状态机模块具体用于:读取SM2控制器中本次SM2数字签名验证所需的参数和数据;接收SM2控制器发送的SM2启动信号,启动SM2运算单元;调用第二模加运算模块计算t=(r′+s′)modn;调用第二倍点运算模块计算[s′]G和[t′]PA;调用第二点加运算模块计算(x′,y′)=[s′]G+[t′]PA;调用第二模加运算模块计算R=(e′+x1′)modn,检验R=r′是否成立,若成立则验证通过,否则验证不通过;在本次SM2数字签名验证完成后,获取验证结果,将验证结果和完成标志返回给SM2控制器;接收SM2控制器发送的SM2复位信号,复位SM2运算单元。Preferably, the second state machine module is specifically used to: read the parameters and data required for this SM2 digital signature verification in the SM2 controller; receive the SM2 start signal sent by the SM2 controller, start the SM2 computing unit; call the second module The addition operation module calculates t=(r'+s') modn; Call the second doubling point operation module to calculate [s'] G and [t']PA; Call the second point addition operation module to calculate (x', y' )=[s′] G +[t′]PA; call the second modulo addition operation module to calculate R=(e′+x 1 ′)modn, check whether R=r′ holds true, if true, pass the verification, otherwise verify Failed; after the SM2 digital signature verification is completed, obtain the verification result, and return the verification result and completion flag to the SM2 controller; receive the SM2 reset signal sent by the SM2 controller, and reset the SM2 arithmetic unit.

本发明有益效果如下:The beneficial effects of the present invention are as follows:

借助于本发明实施例的技术方案,充分利用了FPGA芯片资源,可以有效提升SM2算法的运算速度;本发明实施例的技术方案可以应用于各类安全认证领域,同时根据具体的应用场景和技术需求,采取灵活配置方式,实现系统资源和运算效率的合理分配。With the help of the technical solutions of the embodiments of the present invention, FPGA chip resources are fully utilized, and the computing speed of the SM2 algorithm can be effectively improved; the technical solutions of the embodiments of the present invention can be applied to various security certification fields, and at the same time, according to specific application scenarios and technologies According to the requirements, a flexible configuration method is adopted to achieve a reasonable allocation of system resources and computing efficiency.

上述说明仅是本发明技术方案的概述,为了能够更清楚了解本发明的技术手段,而可依照说明书的内容予以实施,并且为了让本发明的上述和其它目的、特征和优点能够更明显易懂,以下特举本发明的具体实施方式。The above description is only an overview of the technical solution of the present invention. In order to better understand the technical means of the present invention, it can be implemented according to the contents of the description, and in order to make the above and other purposes, features and advantages of the present invention more obvious and understandable , the specific embodiments of the present invention are enumerated below.

附图说明Description of drawings

通过阅读下文优选实施方式的详细描述,各种其他的优点和益处对于本领域普通技术人员将变得清楚明了。附图仅用于示出优选实施方式的目的,而并不认为是对本发明的限制。而且在整个附图中,用相同的参考符号表示相同的部件。在附图中:Various other advantages and benefits will become apparent to those of ordinary skill in the art upon reading the following detailed description of the preferred embodiment. The drawings are only for the purpose of illustrating a preferred embodiment and are not to be considered as limiting the invention. Also throughout the drawings, the same reference numerals are used to designate the same parts. In the attached picture:

图1是本发明实施例的SM2数字签名验证算法流程图;Fig. 1 is the SM2 digital signature verification algorithm flowchart of the embodiment of the present invention;

图2是本发明实施例的用于SM2数字签名验证算法的FPGA芯片的结构示意图;Fig. 2 is the structural representation of the FPGA chip that is used for SM2 digital signature verification algorithm of the embodiment of the present invention;

图3是本发明实施例的SM2签名验证FPGA芯片内部结构的示意图;Fig. 3 is the schematic diagram of SM2 signature verification FPGA chip internal structure of the embodiment of the present invention;

图4是本发明实施例的仿射坐标系下SM2签名验证运算单元实现示意图;Fig. 4 is a schematic diagram of the realization of the SM2 signature verification operation unit under the affine coordinate system of the embodiment of the present invention;

图5是本发明实施例的雅可比坐标系下SM2签名验证运算单元实现示意图。Fig. 5 is a schematic diagram of the implementation of the SM2 signature verification operation unit in the Jacobian coordinate system according to the embodiment of the present invention.

具体实施方式detailed description

下面将参照附图更详细地描述本公开的示例性实施例。虽然附图中显示了本公开的示例性实施例,然而应当理解,可以以各种形式实现本公开而不应被这里阐述的实施例所限制。相反,提供这些实施例是为了能够更透彻地理解本公开,并且能够将本公开的范围完整的传达给本领域的技术人员。Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. Although exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided for more thorough understanding of the present disclosure and to fully convey the scope of the present disclosure to those skilled in the art.

本发明提供了一种用于SM2数字签名验证算法的FPGA芯片,基于FPGA芯片实现SM2国家密码标准中数字签名的验证运算。应用场景或者应用需求为各类安全终端系统。本发明实施例基于国家密码管理局SM2标准中数字签名验证算法,在FPGA芯片上实现素数域算法计算。此外通过仿射坐标系与雅可比坐标系的数据转换,可以对SM2算法进行优化设计,由此可以提高FPGA芯片的运算效率。同时,由FPGA芯片具有可编程特性与可配置特性,芯片总线接口可以根据具体系统需求进行研发设计,降低成本,提高效率。The invention provides an FPGA chip used for the SM2 digital signature verification algorithm, and realizes the verification operation of the digital signature in the SM2 national encryption standard based on the FPGA chip. The application scenarios or application requirements are various security terminal systems. The embodiment of the present invention is based on the digital signature verification algorithm in the SM2 standard of the State Cryptography Administration, and realizes the calculation of the prime number field algorithm on the FPGA chip. In addition, through the data conversion between the affine coordinate system and the Jacobian coordinate system, the SM2 algorithm can be optimized and designed, thereby improving the computing efficiency of the FPGA chip. At the same time, since the FPGA chip has programmable and configurable features, the chip bus interface can be developed and designed according to specific system requirements, reducing costs and improving efficiency.

如上所述,SM2签名算法的FPGA实现在运算功能方面等同于现有专用安全芯片。但是由于FPGA芯片具有可配置、可编程、可升级等特性,使得SM2数字签名算法的FPGA实现可以根据具体的应用场景和应用需求,进行灵活实现算法计算效率与系统实现成本的选择。即在算法实时性要求不高的应用需求环境下,可以选择内部资源较为节省的FPGA芯片,进行基于仿射坐标系的算法实现;另一方面,针对实时性要求较高的应用需求环境,可以选择内部资源较为丰富的FPGA芯片,并且可以采用算法优化,或者提高芯片时钟等技术手段,来进一步提高运算速度和系统效率。同时,又可以按照具体的系统总线类型,灵活配置芯片对外系统总线,提高芯片的系统自适应性,也是FPGA实现相比于专用安全芯片的另一个优势。以下结合附图以及实施例,对本发明进行进一步详细说明。应当理解,此处所描述的具体实施例仅仅用以解释本发明,并不限定本发明。As mentioned above, the FPGA implementation of the SM2 signature algorithm is equivalent to the existing dedicated security chip in terms of computing functions. However, due to the configurable, programmable, and upgradeable characteristics of the FPGA chip, the FPGA implementation of the SM2 digital signature algorithm can be flexibly selected according to specific application scenarios and application requirements for algorithm calculation efficiency and system implementation cost. That is, in the application environment with low real-time requirements of the algorithm, the FPGA chip with relatively low internal resources can be selected to implement the algorithm based on the affine coordinate system; on the other hand, for the application environment with high real-time requirements, you can Choose an FPGA chip with relatively rich internal resources, and use technical means such as algorithm optimization or increase the chip clock to further improve the computing speed and system efficiency. At the same time, according to the specific system bus type, the external system bus of the chip can be flexibly configured to improve the system adaptability of the chip, which is another advantage of FPGA implementation compared with dedicated security chips. The present invention will be described in further detail below in conjunction with the accompanying drawings and embodiments. It should be understood that the specific embodiments described here are only used to explain the present invention, not to limit the present invention.

在对本发明实施例的技术方案进行详细说明之前,首先对SM2国家标准数字签名验证算法进行详细的说明。Before the technical solution of the embodiment of the present invention is described in detail, the SM2 national standard digital signature verification algorithm is firstly described in detail.

《SM2椭圆曲线公钥密码算法》国家标准分为四个部分,包括:总则、数字签名算法、密钥交换协议、公钥加密算法。数字签名算法又包括:椭圆曲线系统参数、用户密钥对、辅助函数、用户其它信息、数字签名的生成算法及流程、数字签名的验证算法及流程等。The national standard "SM2 Elliptic Curve Public Key Cryptography Algorithm" is divided into four parts, including: General Provisions, Digital Signature Algorithm, Key Exchange Protocol, and Public Key Encryption Algorithm. The digital signature algorithm also includes: elliptic curve system parameters, user key pair, auxiliary functions, other user information, digital signature generation algorithm and process, digital signature verification algorithm and process, etc.

本发明实施例主要完成数字签名验证算法的FPGA实现及性能效率优化。下面主要阐述SM2数字签名验证算法基本情况,后续再对FPGA实现及优化作出说明。The embodiment of the present invention mainly completes the FPGA implementation and performance efficiency optimization of the digital signature verification algorithm. The following mainly describes the basic situation of the SM2 digital signature verification algorithm, and then explains the FPGA implementation and optimization later.

SM2数字签名验证算法,具体如下:SM2 digital signature verification algorithm, as follows:

输入:enter:

1、椭圆曲线参数:包括有限域Fp的规模q、定义椭圆曲线E(Fq)方程的两个元素a、b∈Fq、E(Fq)上的基点G=(xG,yG)(G≠O),其中xG和yG是Fp中的两个元素、椭圆曲线基点E(Fq)上的G的阶n、以及其它可选项(如n的余因子h等);1. Elliptic curve parameters: including the scale q of the finite field F p , the two elements a, b∈F q , and the base point on E(F q ) defining the elliptic curve E(F q ) equation G=(x G ,y G )(G≠O), where x G and y G are two elements in F p , the order n of G on the base point E(F q ) of the elliptic curve, and other optional items (such as the cofactor h of n, etc. );

2、ZA:用户的可辨别标识、部分椭圆曲线系统参数和用户A公钥的杂凑值;2. Z A : the user's identifiable identifier, some elliptic curve system parameters and the hash value of user A's public key;

3、PA:用户的公钥;3. PA : user's public key;

4、M':待验证消息;4. M': message to be verified;

5、(r',s'):系统收到的签名码字。5. (r', s'): the signature code word received by the system.

输出:验证结果:验证通过或者验证不通过。Output: verification result: verification passed or verification failed.

步骤:图1是本发明实施例的SM2数字签名验证算法流程图,如图1所示,为了检验收到的消息M'及其数字签名(r',s'),作为验证者的用户需要实现以下运算步骤:Step: Fig. 1 is the SM2 digital signature verification algorithm flow chart of the embodiment of the present invention, as shown in Fig. 1, in order to check the received message M' and its digital signature (r', s'), the user as verifier needs Carry out the following operation steps:

步骤1,检验r'∈[1,n-1]是否成立,若不成立,则验证不通过,其中n为椭圆曲线的阶;Step 1, check whether r'∈[1,n-1] is true, if not, the verification fails, where n is the order of the elliptic curve;

步骤2,检验s'∈[1,n-1]是否成立,若不成立,则验证不通过,其中n为椭圆曲线的阶;Step 2, check whether s'∈[1,n-1] is true, if not, the verification fails, where n is the order of the elliptic curve;

步骤3,置其中“□”运算符表示前后两个字符串的拼接;Step 3, set The "□" operator represents the splicing of the two strings before and after;

步骤4,计算即计算消息的摘要值,其中Hv()为摘要计算函数;Step 4, calculate That is to calculate the digest value of the message, where H v () is a digest calculation function;

步骤5,将签名码字数据类型转换为整数,计算t=(r′+s′)modn,若t=0,则验证不通过;Step 5, convert the signature codeword data type into an integer, calculate t=(r'+s') modn, if t=0, then the verification fails;

步骤6,计算椭圆曲线点(x′,y′)=[s′]G+[t′]PA,其中(x′,y′)为椭圆曲线上的点,[s′]G和[t′]PA为倍点运算[s′]G+[t′]PA为点加运算;Step 6, calculate the elliptic curve point (x', y')=[s'] G +[t']PA, where (x', y') is the point on the elliptic curve, [s']G and [t ′]PA is point doubling operation [s′] G +[t′] PA is point addition operation;

步骤7,计算R=(e′+x1′)modn,检验R=r′是否成立,若成立则验证通过;否则验证不通过,其中x1′为上述步骤6计算得到的椭圆曲线点(x′,y′)坐标元素之一。Step 7, calculate R=(e′+x 1 ′) modn, check whether R=r′ holds true, if true, the verification is passed; otherwise, the verification fails, where x 1 ′ is the elliptic curve point calculated in the above step 6 ( x', y') coordinate element.

以下对本发明实施例的技术方案进行详细说明。The technical solutions of the embodiments of the present invention will be described in detail below.

根据本发明的实施例,提供了一种用于SM2数字签名验证算法的FPGA芯片,图2是本发明实施例的用于SM2数字签名验证算法的FPGA芯片的结构示意图,如图2所示,根据本发明实施例的用于SM2数字签名验证算法的FPGA芯片包括:系统总线接口20、SM2控制器22、以及SM2运算单元24,以下对本发明实施例的各个模块进行详细的说明。According to an embodiment of the present invention, a kind of FPGA chip that is used for SM2 digital signature verification algorithm is provided, and Fig. 2 is the structural representation of the FPGA chip that is used for SM2 digital signature verification algorithm of the embodiment of the present invention, as shown in Fig. 2, According to the embodiment of the present invention, the FPGA chip for SM2 digital signature verification algorithm includes: system bus interface 20, SM2 controller 22, and SM2 computing unit 24, and each module of the embodiment of the present invention will be described in detail below.

系统总线接口20,用于与FPGA芯片的外部系统进行通信,从外部系统获取SM2数字签名验证所需的参数和数据,并写入SM2控制器22,接收外部系统发送的控制消息、工作状态查询消息、以及运算结果查询消息,并发送到SM2控制器22;The system bus interface 20 is used to communicate with the external system of the FPGA chip, obtain the parameters and data required for SM2 digital signature verification from the external system, and write them into the SM2 controller 22, and receive control messages and work status inquiries sent by the external system Message, and operation result query message, and send to SM2 controller 22;

其中,系统总线接口20包括:符合通用工业总线标准的系统总线接口20、或者,符合用户自定义总线接口协议的系统总线接口20。Wherein, the system bus interface 20 includes: a system bus interface 20 conforming to a general industrial bus standard, or a system bus interface 20 conforming to a user-defined bus interface protocol.

SM2控制器22,与系统总线接口20和SM2运算单元24连接,用于根据控制消息触发SM2运算单元24,在接收到工作状态查询消息和运算结果查询消息后,通过系统总线接口20向外部系统发送SM2运算单元24的工作状态和验证结果;The SM2 controller 22 is connected with the system bus interface 20 and the SM2 computing unit 24, and is used to trigger the SM2 computing unit 24 according to the control message. Send the working status and verification results of the SM2 arithmetic unit 24;

SM2控制器22具体包括:The SM2 controller 22 specifically includes:

控制寄存器,用于在通过系统总线接口20接收到外部系统发送的控制消息的情况下,根据控制消息,通过SM2启动信号触发SM2运算单元24启动,通过SM2复位信号触发SM2运算单元24复位;The control register is used to trigger the start of the SM2 computing unit 24 through the SM2 start signal, and trigger the SM2 computing unit 24 to reset through the SM2 reset signal according to the control message when receiving the control message sent by the external system through the system bus interface 20;

数据寄存器,用于通过系统总线接口20接收外部系统发送的本次SM2数字签名验证所需的参数和数据,并进行存储,在控制寄存器复位SM2运算单元24后,清空本次SM2数字签名验证所需的参数和数据;The data register is used to receive the parameters and data required for this SM2 digital signature verification sent by the external system through the system bus interface 20, and store them. After the control register resets the SM2 arithmetic unit 24, the SM2 digital signature verification place is cleared. required parameters and data;

状态寄存器,用于在接收到工作状态查询消息的情况下,查询SM2运算单元24的工作状态,并通过系统总线接口20将工作状态发送到外部系统;主动通知外部系统SM2运算单元24已完成本次SM2数字签名验证;在接收到运算结果查询消息的情况下,通过系统总线接口20向外部系统发送本次SM2数字签名验证的验证结果。The state register is used to inquire about the working status of the SM2 computing unit 24 when receiving the working status query message, and sends the working status to the external system through the system bus interface 20; actively inform the external system that the SM2 computing unit 24 has completed this Secondary SM2 digital signature verification; in the case of receiving the operation result query message, send the verification result of this SM2 digital signature verification to the external system through the system bus interface 20 .

SM2运算单元24,用于在SM2控制器22的触发下,从SM2控制器22中读取本次SM2数字签名验证所需的参数和数据,进行根据SM2数字签名验证算法进行验证计算,将验证结果发送到SM2控制器22。下面将以2个实例对SM2运算单元24的结构进行说明。The SM2 computing unit 24 is used to read the parameters and data required for this SM2 digital signature verification from the SM2 controller 22 under the trigger of the SM2 controller 22, and perform verification calculation according to the SM2 digital signature verification algorithm. The results are sent to the SM2 controller 22 . The structure of the SM2 arithmetic unit 24 will be described below with two examples.

实例1Example 1

SM2运算单元24具体包括:The SM2 computing unit 24 specifically includes:

第一状态机模块,用于进行SM2数字签名验证运算流程控制,并与SM2控制器22进行通信;The first state machine module is used to perform SM2 digital signature verification operation flow control, and communicate with the SM2 controller 22;

第一状态机模块具体用于:读取SM2控制器22中本次SM2数字签名验证所需的参数和数据;接收SM2控制器22发送的SM2启动信号,启动SM2运算单元24;根据SM2数字签名验证算法的运算流程调用第一倍点运算模块、第一点加运算模块、第一模加运算模块,并根据本次SM2数字签名验证所需的参数和数据进行验证计算;在本次SM2数字签名验证完成后,获取验证结果,将验证结果和完成标志返回给SM2控制器22;接收SM2控制器22发送的SM2复位信号,复位SM2运算单元24。The first state machine module is specifically used to: read the parameters and data required for this SM2 digital signature verification in the SM2 controller 22; receive the SM2 start signal sent by the SM2 controller 22, start the SM2 computing unit 24; according to the SM2 digital signature The operation process of the verification algorithm calls the first multiplication point operation module, the first point addition operation module, and the first modulo addition operation module, and performs verification calculations according to the parameters and data required for this SM2 digital signature verification; After the signature verification is completed, the verification result is obtained, and the verification result and completion flag are returned to the SM2 controller 22; the SM2 reset signal sent by the SM2 controller 22 is received, and the SM2 computing unit 24 is reset.

其中,据SM2数字签名验证算法的运算流程调用第一倍点运算模块、第一点加运算模块、第一模加运算模块,并根据本次SM2数字签名验证所需的参数和数据进行验证计算具体包括如下处理:Among them, according to the operation process of the SM2 digital signature verification algorithm, the first multiplication point operation module, the first point addition operation module, and the first model addition operation module are called, and the verification calculation is performed according to the parameters and data required for this SM2 digital signature verification. Specifically include the following processing:

调用第一模加运算模块计算t=(r′+s′)modn;调用第一倍点运算模块计算[s′]G和[t′]PA;调用第一点加运算模块计算(x′,y′)=[s′]G+[t′]PA;调用第一模加运算模块计算R=(e′+x1′)modn,检验R=r′是否成立,若成立则验证通过,否则验证不通过。Call the first modular addition operation module to calculate t=(r'+s') modn; Call the first doubling point operation module to calculate [s'] G and [t']PA; Call the first point addition operation module to calculate (x ',y')=[s'] G +[t']PA; call the first modulo addition operation module to calculate R=(e'+x 1 ')modn, check whether R=r' is true, and verify if it is true pass, otherwise the verification fails.

第一模加运算模块,用于在仿射坐标系下完成SM2数字签名验证算法中的t=(r′+s′)modn的计算,以及R=(e′+x1′)modn的计算,其中,(r′+s′)为签名码字,计算消息的摘要值Hv()为摘要计算函数,“□”表示前后两个字符串的拼接,n为椭圆曲线的阶,x1′为椭圆曲线点(x′,y′)坐标元素之一;The first modular addition operation module is used to complete the calculation of t=(r'+s') modn in the SM2 digital signature verification algorithm under the affine coordinate system, and the calculation of R=(e'+x 1 ') modn , where (r'+s') is the signature codeword, and the digest value of the message is calculated H v () is the summary calculation function, "□" indicates the concatenation of the two character strings before and after, n is the order of the elliptic curve, and x 1 ' is one of the coordinate elements of the elliptic curve point (x', y');

第一倍点运算模块,用于在底层素数域加减法运算、素数域乘法运算、以及素数域除法运算的支持下,在仿射坐标系下计算SM2数字签名验证算法中的[s′]G和[t′]PA,其中,G是椭圆曲线的基点,G=(xG,yG)(G≠O),xG和yG是Fp中的两个元素,椭圆曲线E(Fq)方程的两个元素a、b∈Fq、PA是用户公钥,也是椭圆曲线上的一个点,[s′]G是指G的s′倍点,[t′]PA是指PA的t′倍点;The first multiplication point calculation module is used to calculate [s′] in the SM2 digital signature verification algorithm in the affine coordinate system with the support of the addition and subtraction operation of the underlying prime number field, the multiplication operation of the prime number field, and the division operation of the prime number field G and [t′]PA, where G is the base point of the elliptic curve, G=(x G ,y G )( G ≠O), x G and y G are two elements in F p , the elliptic curve E The two elements a, b∈F q , P A of the (F q ) equation are the user public key and a point on the elliptic curve, [s′]G refers to the s′ times point of G, [t′]P A refers to the t′ times point of P A ;

第一点加运算模块,用于在底层素数域加减法运算、素数域乘法运算、以及素数域除法运算的支持下,在仿射坐标系下完成SM2数字签名验证算法中的[s′]G和[t′]PA两个点的点加运算,即,(x′,y′)=[s′]G+[t′]PA,其中,(x′,y′)为椭圆曲线上的点。The first point addition operation module is used to complete [s′] in the SM2 digital signature verification algorithm in the affine coordinate system with the support of addition and subtraction operations in the underlying prime number field, multiplication operations in the prime number field, and division operations in the prime number field Point addition operation of two points G and [t′]PA, that is, (x′,y′)=[s′] G +[t′]PA, where (x′,y′) is an elliptic curve on point.

实例2:Example 2:

SM2运算单元24具体包括:The SM2 computing unit 24 specifically includes:

坐标转换模块,用于对椭圆曲线上的点坐标数据由仿射坐标系向雅可比坐标系进行转换;Coordinate conversion module, used for converting the point coordinate data on the elliptic curve from the affine coordinate system to the Jacobian coordinate system;

第二状态机模块,用于进行SM2数字签名验证运算流程控制,并与SM2控制器22进行通信;The second state machine module is used for performing SM2 digital signature verification operation process control, and communicates with the SM2 controller 22;

第二状态机模块具体用于:读取SM2控制器22中本次SM2数字签名验证所需的参数和数据;接收SM2控制器22发送的SM2启动信号,启动SM2运算单元24;调用第二模加运算模块计算t=(r′+s′)modn;调用第二倍点运算模块计算[s′]G和[t′]PA;调用第二点加运算模块计算(x′,y′)=[s′]G+[t′]PA;调用第二模加运算模块计算R=(e′+x1′)modn,检验R=r′是否成立,若成立则验证通过,否则验证不通过;在本次SM2数字签名验证完成后,获取验证结果,将验证结果和完成标志返回给SM2控制器22;接收SM2控制器22发送的SM2复位信号,复位SM2运算单元24。The second state machine module is specifically used to: read the parameters and data required for this SM2 digital signature verification in the SM2 controller 22; receive the SM2 start signal sent by the SM2 controller 22, start the SM2 computing unit 24; call the second module The addition operation module calculates t=(r'+s') modn; Call the second doubling point operation module to calculate [s'] G and [t']PA; Call the second point addition operation module to calculate (x', y' )=[s′] G +[t′]PA; call the second modulo addition operation module to calculate R=(e′+x 1 ′)modn, check whether R=r′ holds true, if true, pass the verification, otherwise verify Not through; after this SM2 digital signature verification is completed, obtain the verification result, and return the verification result and completion flag to the SM2 controller 22; receive the SM2 reset signal sent by the SM2 controller 22, and reset the SM2 computing unit 24.

第二模加运算模块,用于在雅可比坐标系下完成SM2数字签名验证算法中的t=(r′+s′)modn的计算,以及R=(e′+x1′)modn的计算,其中,(r′+s′)为签名码字,计算消息的摘要值Hv()为摘要计算函数,“□”表示前后两个字符串的拼接,n为椭圆曲线的阶,x1′为椭圆曲线点(x′,y′)坐标元素之一;The second modular addition operation module is used to complete the calculation of t=(r'+s') modn in the SM2 digital signature verification algorithm under the Jacobian coordinate system, and the calculation of R=(e'+x 1 ') modn , where (r'+s') is the signature codeword, and the digest value of the message is calculated H v () is the summary calculation function, "□" indicates the concatenation of the two character strings before and after, n is the order of the elliptic curve, and x 1 ' is one of the coordinate elements of the elliptic curve point (x', y');

第二倍点运算模块,用于在底层素数域加减法运算、素数域乘法运算、以及素数域除法运算的支持下,在雅可比坐标系下计算SM2数字签名验证算法中的[s′]G和[t′]PA,其中,G是椭圆曲线的基点,G=(xG,yG)(G≠O),xG和yG是Fp中的两个元素,椭圆曲线E(Fq)方程的两个元素a、b∈Fq、PA是用户公钥,也是椭圆曲线上的一个点,[s′]G是指G的s′倍点,[t′]PA是指PA的t′倍点;The second doubling point calculation module is used to calculate [s′] in the SM2 digital signature verification algorithm in the Jacobian coordinate system with the support of addition and subtraction operations in the underlying prime number field, multiplication operations in the prime number field, and division operations in the prime number field G and [t′]PA, where G is the base point of the elliptic curve, G=(x G ,y G )( G ≠O), x G and y G are two elements in F p , the elliptic curve E The two elements a, b∈F q , P A of the (F q ) equation are the user public key and a point on the elliptic curve, [s′]G refers to the s′ times point of G, [t′]P A refers to the t′ times point of P A ;

第二点加运算模块,用于在底层素数域加减法运算、素数域乘法运算、以及素数域除法运算的支持下,在雅可比坐标系下完成SM2数字签名验证算法中的[s′]G和[t′]PA两个点的点加运算,即,(x′,y′)=[s′]G+[t′]PA,其中,(x′,y′)为椭圆曲线上的点。The second point addition operation module is used to complete [s′] in the SM2 digital signature verification algorithm in the Jacobian coordinate system with the support of addition and subtraction operations in the underlying prime number field, multiplication operations in the prime number field, and division operations in the prime number field Point addition operation of two points G and [t′]PA, that is, (x′,y′)=[s′] G +[t′]PA, where (x′,y′) is an elliptic curve on point.

需要说明的是,在上述实例1和实例2中,可以将素数域乘法运算替换为Montgomery乘法运算。此外,还可以通过FPGA芯片中的数字信号处理器DSP资源代替Montgomery乘法运算所需的乘法器。It should be noted that, in the above-mentioned example 1 and example 2, the multiplication operation of the prime field can be replaced by the multiplication operation of Montgomery. In addition, the multiplier required by the Montgomery multiplication operation can also be replaced by the digital signal processor DSP resource in the FPGA chip.

以下结合附图,对本发明实施例的上述技术方案进行详细说明。The technical solutions of the embodiments of the present invention will be described in detail below in conjunction with the accompanying drawings.

图3是本发明实施例的SM2签名验证FPGA芯片内部结构的示意图,如图3所示,基于FPGA芯片完成SM2数字签名验证,芯片整体实现包括三个部分:系统总线接口20、SM2控制器22、以及SM2运算单元24。Fig. 3 is the schematic diagram of the internal structure of the SM2 signature verification FPGA chip of the embodiment of the present invention, as shown in Fig. 3, completes SM2 digital signature verification based on the FPGA chip, the overall implementation of the chip includes three parts: system bus interface 20, SM2 controller 22 , and the SM2 arithmetic unit 24.

下面分别对系统总线接口20、SM2控制器22、以及SM2运算单元24进行说明。The system bus interface 20, the SM2 controller 22, and the SM2 computing unit 24 will be described respectively below.

1、系统总线接口201. System bus interface 20

系统总线接口20实现较为灵活,可以是通用的工业总线标准,也可以是用户自定义总线接口协议,需要根据具体的系统需求进行设计开发。系统总线接口20的作用主要是:基于FPGA的SM2签名验证芯片与芯片外部系统进行通信,包括签名验证所需参数和数据的写入、SM2芯片的控制、以及芯片状态查询、以及运算结果查询。The implementation of the system bus interface 20 is relatively flexible. It can be a general industrial bus standard or a user-defined bus interface protocol, which needs to be designed and developed according to specific system requirements. The function of the system bus interface 20 is mainly to communicate between the FPGA-based SM2 signature verification chip and the external system of the chip, including writing of parameters and data required for signature verification, control of the SM2 chip, and query of chip status and calculation results.

2、SM2控制器222. SM2 controller 22

SM2控制器22的实现主要为寄存器组。从功能上分,主要包括:控制寄存器、数据寄存器、状态寄存器。SM2控制器22的寄存器组可以看做总线接口和SM2运算单元24的中间桥梁或者中间环节,通过SM2控制器22可以实现外部系统对SM2运算单元24的控制或者访问。The implementation of the SM2 controller 22 is mainly a register set. In terms of functions, it mainly includes: control registers, data registers, and status registers. The register set of the SM2 controller 22 can be regarded as an intermediate bridge or intermediate link between the bus interface and the SM2 arithmetic unit 24 , and the SM2 arithmetic unit 24 can be controlled or accessed by an external system through the SM2 controller 22 .

控制寄存器control register

控制寄存器具有两个信号位,从功能上分为:SM2启动信号和SM2复位信号。SM2启动信号主要用于SM2芯片的运算启动功能,该控制功能通过一个触发信号完成,可以为电平触发,也可以为沿触发,根据设计需求进行衡量;外部系统通过总线接口向SM2控制器22的控制寄存器写入触发该信号。SM2复位信号主要用于SM2运算单元24的复位,该复位信号为低电平有效,外部系统通过总线接口向SM2控制器22的控制寄存器写入触发该信号,该信号一般在SM2运算单元24完成一次SM2签名验证运算,外部系统并将验证结果取走后,进行置位,通过置位,可以复位SM2运算单元24,以备新的一次SM2签名验证计算。The control register has two signal bits, which are functionally divided into: SM2 start signal and SM2 reset signal. The SM2 start signal is mainly used for the calculation start function of the SM2 chip. This control function is completed by a trigger signal, which can be level triggered or edge triggered, and it can be measured according to the design requirements; the external system communicates to the SM2 controller 22 through the bus interface. A write to the control register triggers this signal. The SM2 reset signal is mainly used for the reset of the SM2 arithmetic unit 24. This reset signal is active at low level. The external system writes the trigger signal to the control register of the SM2 controller 22 through the bus interface. This signal is generally completed in the SM2 arithmetic unit 24. For an SM2 signature verification operation, the external system takes the verification result and sets the bit. By setting the bit, the SM2 computing unit 24 can be reset to prepare for a new SM2 signature verification calculation.

数据寄存器data register

数据寄存器主要用于存储SM2运算单元24计算所需的数据,这些数据包括:SM2数字签名验证算法所需的椭圆曲线参数(规模q、椭圆曲线方程的两个元素a和b、基点G(主要为基点坐标元素)、基点G的阶n、以及其它可选项等)、用于验证计算的用户公钥PA、待验证消息的摘要用于验证计算的签名码(r',s')字等(注意,本发明芯片设计主要完成SM2数字签名验证算法步骤5至步骤7,由于前面几个步骤的运算量很小,可以在FPGA芯片外部系统中完成,芯片内部完成后面运算量大的步骤,这样可以节约芯片的面积和成本);其中,椭圆曲线参数可以参考SM2标准中给出的参考参数,也可以通过用户前期验证计算自行得出的椭圆曲线参数。数据寄存器作为数据缓存,在SM2运算单元24触发启动计算前将数据准备好,因此在SM2运算单元24启动前,需要外部系统通过外部总线接口将上述数据写入;在SM2运算单元24启动运算后,SM2运算单元24将上述数据读出;数据读出后,该数据寄存器可以待本次SM2签名验证计算结束,并对SM2运算单元24复位后清空,等待新的一次SM2运算前再将新的数据写入。The data register is mainly used to store the data required by the calculation of the SM2 arithmetic unit 24, and these data include: the required elliptic curve parameters (scale q, two elements a and b of the elliptic curve equation, base point G (main is the coordinate element of the base point), the order n of the base point G , and other optional items, etc.), the user public key PA for verification calculation, and the digest of the message to be verified Signature codes (r', s') words etc. used for verification calculation (note that the chip design of the present invention mainly completes steps 5 to 7 of the SM2 digital signature verification algorithm. The external system of the chip is completed, and the following steps with large amount of calculation are completed inside the chip, which can save the area and cost of the chip); among them, the parameters of the elliptic curve can refer to the reference parameters given in the SM2 standard, or can be calculated by the user through the previous verification The resulting elliptic curve parameters. The data register is used as a data cache, and the data is ready before the SM2 computing unit 24 is triggered to start computing, so before the SM2 computing unit 24 starts, an external system is required to write the above-mentioned data through the external bus interface; after the SM2 computing unit 24 starts computing , the SM2 computing unit 24 reads the above data; after the data is read, the data register can wait for the completion of the SM2 signature verification calculation, and clear the SM2 computing unit 24 after resetting, and wait for a new SM2 computing before the new Data is written.

状态寄存器status register

状态寄存器可以用于查询芯片SM2运算单元24的工作状态,包括:空闲、计算中、计算完成。此外,状态寄存器可以包含一个运算完成标志位,用于给出外部系统的中断标志,通过该标志可以主动通知外部系统SM2计算完成。同时,状态寄存器还有一个标志位,称为结果标志位,用于表示验证结果,包括两类:验证成功和验证失败,外部系统可以读取该标志位,获取运算结果。The status register can be used to query the working status of the arithmetic unit 24 of the chip SM2, including: idle, computing, and computing completed. In addition, the status register may include an operation completion flag bit, which is used to give an interrupt flag of the external system, through which the external system SM2 can be proactively notified that the computation is completed. At the same time, the status register also has a flag bit, called the result flag bit, which is used to indicate the verification result, including two types: verification success and verification failure. The external system can read the flag bit to obtain the operation result.

3、SM2运算单元243. SM2 computing unit 24

本发明实施例主要基于上述SM2签名验证FPGA芯片内部结构进行设计实现,主要工作集中在SM2运算单元24。首先在仿射坐标系下进行设计、实现、验证;然后在雅克比坐标系下,对SM2运算单元24的相关算法、计算结构进行的优化,从而提高了SM2签名验证计算速度。本次发明基于FPGA进行芯片设计,基本结构仍然如图3所示的三个主要部分,区别在于SM2运算单元24的实现不同。需要说明的是,图3的SM2运算单元24的实现是基于仿射坐标系的。SM2运算单元24的两类实现:在仿射坐标系下,SM2签名的验证运算单元实现为基本实现;雅可比坐标系下,SM2签名的验证运算单元实现,是一种可以提高运算速度的优化实现方案,但会占用更多的FPGA芯片资源。具体情况参考下面的说明。The embodiment of the present invention is mainly designed and implemented based on the internal structure of the above-mentioned SM2 signature verification FPGA chip, and the main work is concentrated on the SM2 computing unit 24 . First, design, implement, and verify in the affine coordinate system; then, in the Jacobian coordinate system, optimize the relevant algorithm and calculation structure of the SM2 operation unit 24, thereby improving the calculation speed of SM2 signature verification. This invention is based on FPGA for chip design, the basic structure is still three main parts as shown in Figure 3, the difference lies in the implementation of SM2 arithmetic unit 24 is different. It should be noted that the implementation of the SM2 operation unit 24 in FIG. 3 is based on an affine coordinate system. Two types of realization of the SM2 operation unit 24: in the affine coordinate system, the verification operation unit of the SM2 signature is realized as a basic implementation; in the Jacobian coordinate system, the verification operation unit of the SM2 signature is realized, which is an optimization that can improve the operation speed Implementation scheme, but it will take up more FPGA chip resources. For details, refer to the description below.

仿射坐标系下SM2签名验证运算单元的实现Realization of SM2 Signature Verification Operation Unit in Affine Coordinate System

图4是本发明实施例的仿射坐标系下SM2签名验证运算单元实现示意图,如图4所示,SM2运算单元24与SM2控制器22进行通信,信号类型包括:控制信号写入、数据写入、状态及结果读出,其信号功能分别对应SM2控制器22中控制寄存器、数据寄存器、以及状态寄存器的功能。Fig. 4 is a schematic diagram of the implementation of the SM2 signature verification operation unit under the affine coordinate system of the embodiment of the present invention. As shown in Fig. 4, the SM2 operation unit 24 communicates with the SM2 controller 22, and the signal types include: control signal writing, data writing input, status and result readout, and its signal functions correspond to the functions of the control register, data register and status register in the SM2 controller 22 respectively.

需要特别指出的是,该SM2运算单元24,主要完成SM2数字签名验证算法的步骤5至步骤7的运算过程。因为签名几步运算过程计算量小,可以在芯片外部完成。It should be pointed out that the SM2 operation unit 24 mainly completes the operation process of step 5 to step 7 of the SM2 digital signature verification algorithm. Because the calculation of the signature steps is small, it can be completed outside the chip.

按照图4所示,SM2运算单元24的内部结构包括:状态机模块、倍点运算模块、点加运算模块(点加指的是椭圆曲线上点的点加运算,需要底层素数域运算支持,包括素数域乘法、素数域除法、以及素数域加减法)、模加运算模块。As shown in Fig. 4, the internal structure of SM2 operation unit 24 includes: a state machine module, a doubling point operation module, and a point addition operation module (the point addition refers to the point addition operation of points on the elliptic curve, which requires the underlying prime number domain operation support, Including prime number field multiplication, prime number field division, and prime number field addition and subtraction), modulo addition operation module.

1、状态机模块1. State machine module

依照FPGA芯片状态机设计特点,SM2运算单元24中的状态机主要功能为:SM2运算流程控制,以及与SM2控制器22的通信功能。状态机的状态控制转移流程为:读取SM2控制器22中数据寄存器的数据——>响应SM2控制器22中控制寄存器的启动信号——>进行SM2计算——>SM2计算完成,得到运算结果,结果和完成标志返回给SM2控制寄存器的状态寄存器——>等待SM2控制器22的复位信号。According to the design characteristics of the FPGA chip state machine, the main functions of the state machine in the SM2 operation unit 24 are: SM2 operation flow control, and the communication function with the SM2 controller 22 . The state control transfer process of the state machine is: read the data of the data register in the SM2 controller 22 --> respond to the start signal of the control register in the SM2 controller 22 --> perform SM2 calculation --> SM2 calculation is completed, and the calculation result is obtained , the result and the completion flag are returned to the status register of the SM2 control register—>wait for the reset signal of the SM2 controller 22.

状态机的功能具体如下:The functions of the state machine are as follows:

(1)SM2数据读取,主要读取SM2控制器22中数据寄存器的数据,这是状态机在一次完整SM2运算前,首先要完成的工作。(1) SM2 data reading mainly reads the data of the data register in the SM2 controller 22, which is the first work to be completed by the state machine before a complete SM2 operation.

(2)SM2控制信号响应:主要响应SM2控制器22给出的启动信号和复位信号。响应启动信号,开始SM2计算;响应复位信号,对SM2运算单元24进行复位,准备一次新的计算。(2) SM2 control signal response: mainly responds to the start signal and reset signal given by the SM2 controller 22 . In response to the start signal, the SM2 calculation is started; in response to the reset signal, the SM2 computing unit 24 is reset to prepare for a new calculation.

(3)控制SM2计算过程,按照SM2数字签名验证算法步骤5至步骤7的计算要求,分别按照顺序调度各个运算模块一次,具体为:(3) Control the SM2 calculation process, according to the calculation requirements of steps 5 to 7 of the SM2 digital signature verification algorithm, schedule each calculation module once in order, specifically:

模加运算,主要完成t=(r′+s′)modn计算;Modular addition operation mainly completes t=(r'+s') modn calculation;

倍点运算先后各一次,[s′]G和[t′]PADoubling point operation successively once, [s′] G and [t′]PA;

点加运算,[s′]G+[t′]PAPoint addition operation, [s′] G +[t′]PA;

模加运算,R=(e′+x1′)modn。Modulo addition operation, R=(e'+x 1 ')modn.

(4)给出验证SM2签名验证结果,并向SM2控制器22的状态寄存器返回状态及验证结果。(4) Give and verify the SM2 signature verification result, and return the status and verification result to the status register of the SM2 controller 22 .

2、点加运算模块2. Point addition operation module

该模块主要完成SM2数字签名验证算法步骤6的[s′]G和[t′]PA两个点的点加运算,即(x′,y′)=[s′]G+[t′]PAThis module mainly completes the point addition operation of the two points [s′]G and [t′]PA in step 6 of the SM2 digital signature verification algorithm, that is, (x′,y′) = [s′]G+[t′] P A .

下面列出点加运算规则,如下:The dot addition operation rules are listed below, as follows:

(1)设两个点P1=(x1,y1)和P2=(x2,y2),求P3=(x3,y3)=P1+P2(1) Assuming two points P 1 =(x 1 ,y 1 ) and P 2 =(x 2 ,y 2 ), calculate P 3 =(x 3 ,y 3 )=P 1 +P 2 ;

(2)则 x 3 = ( y 2 - y 1 x 2 - x 1 ) 2 - x 1 - x 2 y 3 = ( y 2 - y 1 x 2 - x 1 ) ( x 1 - x 3 ) - y 1 . (2) then x 3 = ( the y 2 - the y 1 x 2 - x 1 ) 2 - x 1 - x 2 and the y 3 = ( the y 2 - the y 1 x 2 - x 1 ) ( x 1 - x 3 ) - the y 1 .

根据上述运算规则可知,椭圆曲线点加运算,需要底层素数域加减法运算、素数域乘法运算、以及素数域除法运算的支持。According to the above operation rules, it can be seen that the elliptic curve point addition operation requires the support of addition and subtraction operations in the underlying prime number field, multiplication operations in the prime number field, and division operations in the prime number field.

3、倍点运算模块3. Multiplier calculation module

倍点运算模块主要负责完成SM2数字签名验证算法步骤6中的[s′]G和[t′]PA两次运算。The doubling point calculation module is mainly responsible for completing the two calculations of [s′] G and [t′]PA in step 6 of the SM2 digital signature verification algorithm.

本发明实施例中,[s′]G是首先完成的倍点运算,[t′]PA是随后要完成的倍点运算。G是椭圆曲线的基点,PA是用户公钥,也是椭圆曲线上的一个点。[s′]G是指G的s′倍点,[t′]PA是指PA的t′倍点。按照椭圆曲线的相关理论知识可知,椭圆曲线上的点完成倍点运算成后的点,仍然在该椭圆曲线上,也即该点也是椭圆曲线的点,因此[s′]G和[t′]PA是椭圆曲线上的两个点。这两个点进行点加运算的结果也是椭圆曲线上的点。In the embodiment of the present invention, [s′] G is the point multiplication operation completed first, and [t′]PA is the point multiplication operation to be completed later. G is the base point of the elliptic curve, and PA is the user's public key, which is also a point on the elliptic curve. [s'] G refers to the s'time point of G , and [t']PA refers to the t'time point of PA. According to the relevant theoretical knowledge of the elliptic curve, the point on the elliptic curve is still on the elliptic curve, that is, the point is also a point of the elliptic curve, so [s′]G and [t′ ]P A are two points on the elliptic curve. The result of the point addition of these two points is also a point on the elliptic curve.

从计算过程看,倍点运算的本质可以看成多次的点加运算,因此倍点运算仍然需要调用底层的素数域加减法运算、素数域乘法运算、以及素数域除法运算模块。From the perspective of the calculation process, the essence of doubling operation can be regarded as multiple point addition operations, so the doubling operation still needs to call the underlying prime number field addition and subtraction operations, prime number field multiplication operations, and prime number field division operation modules.

4、模加运算模块4. Modular addition operation module

模加运算较为简单,即数据求和后,再进行求模运算。主要负责完成SM2数字签名验证算法步骤5的t=(r′+s′)modn计算,以及步骤7的R=(e′+x1′)modn计算。The modulo addition operation is relatively simple, that is, after the data is summed, the modulo operation is performed. Mainly responsible for completing the calculation of t=(r'+s') modn in step 5 of the SM2 digital signature verification algorithm, and the calculation of R=(e'+x 1 ') modn in step 7.

上述在仿射坐标系下,基于FPGA芯片实现的SM2签名验证运算单元,完成一次SM2签名运算,一般需要500多次加法计算,对应的除法计算则需要两万多次。例如,依照SM2点加运算的计算规则,需要1次除法计算和三次乘法计算,但是素数域上的除法计算量是乘法50倍左右,因此可以明确的是:最大的计算瓶颈就是大量的除法运算。In the above-mentioned affine coordinate system, the SM2 signature verification operation unit implemented based on the FPGA chip generally requires more than 500 addition calculations to complete an SM2 signature operation, and the corresponding division calculation requires more than 20,000 times. For example, according to the calculation rule of SM2 point addition operation, one division calculation and three multiplication calculations are required, but the calculation amount of division on the prime number field is about 50 times that of multiplication, so it can be clearly stated that the biggest calculation bottleneck is a large number of division operations .

在此,为了降低仿射坐标系下的除法运算量,可以引入雅可比坐标系。在雅可比坐标系下的坐标可以表示为,其对应着仿射坐标,因此可以将雅克比坐标系中坐标向量视为中间变量,利用可以完成仿射坐标系和雅可比坐标系的相互转换。Here, in order to reduce the amount of division in the affine coordinate system, the Jacobian coordinate system can be introduced. The coordinates in the Jacobian coordinate system can be expressed as, which corresponds to the affine coordinates, so the coordinate vector in the Jacobian coordinate system can be regarded as an intermediate variable, and the mutual conversion between the affine coordinate system and the Jacobian coordinate system can be completed by using it.

通过仿射坐标系与雅可比坐标系的相互转换,使得SM2签名验证计算在雅可比坐标系下实现,可以有效避免大量的除法计算,明显降低了计算量。并且在完成一次SM2运算的过程中,仿射坐标系与雅可比坐标系的相互转化仅需1次。即便是一次SM2签名运算,也仅需要两三次除法运算,可以极大优化运算单元和运算速度。从本质上看,通过仿射坐标系与雅可比坐标系的转换,有效消除除法计算量调用次数,主要体现在有效减少了倍点和点加计算过程对素数域除法的调用次数。Through the mutual conversion between the affine coordinate system and the Jacobian coordinate system, the SM2 signature verification calculation is realized in the Jacobian coordinate system, which can effectively avoid a large number of division calculations and significantly reduce the amount of calculation. And in the process of completing one SM2 operation, only one conversion between the affine coordinate system and the Jacobian coordinate system is required. Even one SM2 signature operation only needs two or three division operations, which can greatly optimize the operation unit and operation speed. In essence, through the transformation of the affine coordinate system and the Jacobian coordinate system, the number of calls to the division calculation amount is effectively eliminated, which is mainly reflected in the effective reduction of the number of calls to the prime field division during the doubling point and point addition calculation process.

前面知道,通过仿射坐标系与雅可比坐标系的相互转化,能够有效减少除法运算。因此,在除法运算优化实现后,主要的计算瓶颈则在于乘法运算。As we know before, the division operation can be effectively reduced through the mutual conversion between the affine coordinate system and the Jacobian coordinate system. Therefore, after the optimization of the division operation is implemented, the main computational bottleneck lies in the multiplication operation.

素数域上的乘法运算都是模乘运算,即c=a×bmodp。传统的乘法运算要么需要借助除法来取余数,要么通过低速率的减法运算来实现。本发明采用Montgomery乘法(蒙哥马利乘法)则能够有效的优化素数域的乘法计算,将复杂的运算转化成简单的低精度的乘法运算来实现。Montgomery乘法运算如下:The multiplication operation on the prime number field is a modular multiplication operation, that is, c=a×bmodp. Traditional multiplication either requires division to take the remainder, or a low-rate subtraction. The invention adopts Montgomery multiplication (Montgomery multiplication) to effectively optimize the multiplication calculation of the prime number field, and realizes by converting complex operations into simple low-precision multiplication operations. Montgomery multiplication works as follows:

算法:Montgomery Multiplication(蒙哥马利乘法计算)Algorithm: Montgomery Multiplication (Montgomery multiplication calculation)

输入:enter:

1、域Fp,模p,令p=n1□2D+n0 n 0 ′ = - n 0 - 1 mod 2 D ; 1. Field F p , modulo p, let p=n 1 2 D +n 0 , no 0 ′ = - no 0 - 1 mod 2 D. ;

2、整数a,b∈[0,p-1],a=a1□2D+a0,b=b1□2D+b02. Integer a,b∈[0,p-1], a=a 1 □2 D +a 0 , b=b 1 □2 D +b 0 ;

3、整数 T = Σ i = 0 2 2 iD t i , 整数m。3. Integer T = Σ i = 0 2 2 iD t i , integer m.

输出:c=a□b×R-1modpOutput: c=a b×R -1 modp

步骤:step:

步骤1,T=a0b0 Step 1, T = a 0 b 0

步骤2,m=(t0n′0)mod2DStep 2, m=(t 0 n' 0 ) mod2 D ;

步骤3,T=(T+mn0)>>D;Step 3, T=(T+mn 0 )>>D;

步骤4,T=T+a0b1+a1b0+mn1Step 4, T=T+a 0 b 1 +a 1 b 0 +mn 1 ;

步骤5,m=(t0n′0)mod2DStep 5, m=(t 0 n' 0 ) mod2 D ;

步骤6,T=(T+mn0)>>D;Step 6, T=(T+mn 0 )>>D;

步骤7,c=(T+a1b1+mn1)modp。Step 7, c=(T+a 1 b 1 +mn 1 ) modp.

通过上述算法的描述中的实现步骤可知,原先在素数域上完成一次模乘运算,可以转化为若干次简单低精度的乘法运算。因此可以有效减少原先素数域乘法运算的运算周期,提高SM2数字签名验证运算的运算速度。但是基于上述Montgomery乘法运算,本发明是通过FPGA编程实现,需要占用更多的FPGA逻辑资源。因此在雅克比坐标系下,实现SM2数字签名验证运算,FPGA芯片面积较仿射坐标系下的实现要大。下面对雅克比坐标系下,SM2数字签名验证运算单元的实现情况进行说明。From the implementation steps in the description of the above algorithm, it can be seen that the original modular multiplication operation completed on the prime number field can be converted into several simple low-precision multiplication operations. Therefore, the operation cycle of the original prime number field multiplication operation can be effectively reduced, and the operation speed of the SM2 digital signature verification operation can be improved. However, based on the above-mentioned Montgomery multiplication operation, the present invention is realized through FPGA programming, which needs to occupy more FPGA logic resources. Therefore, in the Jacobian coordinate system, to realize the SM2 digital signature verification operation, the FPGA chip area is larger than that in the affine coordinate system. The implementation of the SM2 digital signature verification operation unit under the Jacobian coordinate system will be described below.

雅可比坐标系下SM2签名验证运算单元的实现Realization of SM2 Signature Verification Operation Unit in Jacobian Coordinate System

图5是本发明实施例的雅可比坐标系下SM2签名验证运算单元实现示意图,如图5所示,与图4对比,主要区别为:Fig. 5 is a schematic diagram of the implementation of the SM2 signature verification operation unit in the Jacobian coordinate system of the embodiment of the present invention, as shown in Fig. 5, compared with Fig. 4, the main differences are:

1、增加了坐标转换模块,用于椭圆曲线上的点坐标数据由仿射坐标系向雅可比坐标系的转换,主要是SM2控制器中数据寄存器的点数据,先由坐标转换模块做完转换后,再写入SM2运算单元,用于倍点计算和点加计算;1. The coordinate conversion module is added, which is used to convert the point coordinate data on the elliptic curve from the affine coordinate system to the Jacobian coordinate system. It is mainly the point data of the data register in the SM2 controller, and the conversion is completed by the coordinate conversion module first After that, it is written into the SM2 arithmetic unit for doubling point calculation and point addition calculation;

2、图5中倍点计算和点加计算都是在雅可比坐标系下完成的,其对底层运算单元的调用次数明显减少,特别是对素数域除法和乘法运算的调用;2. The doubling point calculation and point addition calculation in Figure 5 are all completed in the Jacobian coordinate system, and the number of calls to the underlying arithmetic unit is significantly reduced, especially the calls to the division and multiplication operations of the prime number field;

3、图5中,用Montgomery乘法运算模块代替原先的素数域乘法运算,可以有效提高系统运算速度。3. In Figure 5, using the Montgomery multiplication module to replace the original prime field multiplication operation can effectively improve the system operation speed.

图5所示各部分,其功能和模块实现,基本与图4所示相同,在此不再赘述。The functions and module realization of each part shown in FIG. 5 are basically the same as those shown in FIG. 4 , and will not be repeated here.

需要说明的是,某些型号的FPGA芯片内部包含DSP资源,这些DSP资源是经过优化的乘法累加模块,在DSP数量允许的条件下,采用DSP实现简单的低精度的乘法运算,要好于FPGA芯片内部一般性的乘法器。It should be noted that some types of FPGA chips contain DSP resources inside. These DSP resources are optimized multiplication and accumulation modules. Under the condition that the number of DSPs is allowed, it is better to use DSP to realize simple low-precision multiplication operations than FPGA chips. internal general multiplier.

因此通过利用FPGA芯片内部丰富的DSP资源,可以对Montgomery乘法运算中低精度乘法计算作进一步的硬件优化。即利用FPGA芯片内部DSP资源替代原先Montgomery运算的所需乘法器。则Montgomery乘法的计算效率可以提高近一倍,这也是在具体应用需求和系统成本允许条件下一种优化手段。Therefore, by using the rich DSP resources inside the FPGA chip, further hardware optimization can be done for the low-precision multiplication calculation in the Montgomery multiplication operation. That is to use the internal DSP resources of the FPGA chip to replace the required multiplier for the original Montgomery operation. Then the calculation efficiency of Montgomery multiplication can be nearly doubled, which is also an optimization method under the condition of specific application requirements and system cost.

表1为M2算法FPGA实现及其优化资源效率比对情况,如表1所示,所列的FPGA实现方式主要为:仿射坐标系与雅可比坐标系下,平均完成一次SM2签名验证计算的对比结果。其中包括:仿射坐标系实现、雅可比坐标系实现(采用1倍DSP资源代替普通乘法器)、雅可比坐标系实现并优化方案1(采用1倍DSP资源代替普通乘法器,并对综合工具进行加法器优化)、雅可比坐标系实现并优化方案2(采用2倍DSP资源代替普通乘法器)。Table 1 shows the comparison of M2 algorithm FPGA implementation and its optimized resource efficiency. As shown in Table 1, the listed FPGA implementation methods are mainly: under the affine coordinate system and the Jacobian coordinate system, the average SM2 signature verification calculation is completed once. compare results. These include: affine coordinate system implementation, Jacobian coordinate system implementation (using 1 times DSP resources instead of ordinary multipliers), Jacobi coordinate system implementation and optimization scheme 1 (using 1 times DSP resources instead of ordinary multipliers, and comprehensive tool Adder optimization), Jacobian coordinate system implementation and optimization scheme 2 (using 2 times DSP resources instead of ordinary multipliers).

表1Table 1

综上所述,借助于本发明实施例的技术方案,采用仿射坐标系坐标系与雅可比坐标系相互转换的方法,并且充分利用FPGA芯片资源,可以有效提升SM2算法的运算速度。本发明的实现方法和优化方法,可以应用于各类安全认证领域,同时根据具体的应用场景和技术需求,采取灵活配置方式,实现系统资源和运算效率的合理分配。To sum up, with the help of the technical solution of the embodiment of the present invention, the method of mutual conversion between the affine coordinate system and the Jacobian coordinate system is adopted, and the FPGA chip resources are fully utilized, which can effectively improve the operation speed of the SM2 algorithm. The implementation method and optimization method of the present invention can be applied to various security authentication fields, and at the same time, according to specific application scenarios and technical requirements, a flexible configuration method is adopted to realize reasonable allocation of system resources and computing efficiency.

在此提供的算法和显示不与任何特定计算机、虚拟系统或者其它设备固有相关。各种通用系统也可以与基于在此的示教一起使用。根据上面的描述,构造这类系统所要求的结构是显而易见的。此外,本发明也不针对任何特定编程语言。应当明白,可以利用各种编程语言实现在此描述的本发明的内容,并且上面对特定语言所做的描述是为了披露本发明的最佳实施方式。The algorithms and displays presented herein are not inherently related to any particular computer, virtual system, or other device. Various generic systems can also be used with the teachings based on this. The structure required to construct such a system is apparent from the above description. Furthermore, the present invention is not specific to any particular programming language. It should be understood that various programming languages can be used to implement the content of the present invention described herein, and the above description of specific languages is for disclosing the best mode of the present invention.

在此处所提供的说明书中,说明了大量具体细节。然而,能够理解,本发明的实施例可以在没有这些具体细节的情况下实践。在一些实例中,并未详细示出公知的方法、结构和技术,以便不模糊对本说明书的理解。In the description provided herein, numerous specific details are set forth. However, it is understood that embodiments of the invention may be practiced without these specific details. In some instances, well-known methods, structures and techniques have not been shown in detail in order not to obscure the understanding of this description.

类似地,应当理解,为了精简本公开并帮助理解各个发明方面中的一个或多个,在上面对本发明的示例性实施例的描述中,本发明的各个特征有时被一起分组到单个实施例、图、或者对其的描述中。然而,并不应将该公开的方法解释成反映如下意图:即所要求保护的本发明要求比在每个权利要求中所明确记载的特征更多的特征。更确切地说,如下面的权利要求书所反映的那样,发明方面在于少于前面公开的单个实施例的所有特征。因此,遵循具体实施方式的权利要求书由此明确地并入该具体实施方式,其中每个权利要求本身都作为本发明的单独实施例。Similarly, it should be appreciated that in the foregoing description of exemplary embodiments of the invention, in order to streamline this disclosure and to facilitate an understanding of one or more of the various inventive aspects, various features of the invention are sometimes grouped together in a single embodiment, figure, or its description. This method of disclosure, however, is not to be interpreted as reflecting an intention that the claimed invention requires more features than are expressly recited in each claim. Rather, as the following claims reflect, inventive aspects lie in less than all features of a single foregoing disclosed embodiment. Thus, the claims following the Detailed Description are hereby expressly incorporated into this Detailed Description, with each claim standing on its own as a separate embodiment of this invention.

本领域那些技术人员可以理解,可以对实施例中的设备中的模块进行自适应性地改变并且把它们设置在与该实施例不同的一个或多个设备中。可以把实施例中的模块或单元或组件组合成一个模块或单元或组件,以及此外可以把它们分成多个子模块或子单元或子组件。除了这样的特征和/或过程或者单元中的至少一些是相互排斥之外,可以采用任何组合对本说明书(包括伴随的权利要求、摘要和附图)中公开的所有特征以及如此公开的任何方法或者设备的所有过程或单元进行组合。除非另外明确陈述,本说明书(包括伴随的权利要求、摘要和附图)中公开的每个特征可以由提供相同、等同或相似目的的替代特征来代替。Those skilled in the art can understand that the modules in the device in the embodiment can be adaptively changed and arranged in one or more devices different from the embodiment. Modules or units or components in the embodiments may be combined into one module or unit or component, and furthermore may be divided into a plurality of sub-modules or sub-units or sub-assemblies. All features disclosed in this specification (including accompanying claims, abstract and drawings), as well as any method or method so disclosed, may be used in any combination, except that at least some of such features and/or processes or units are mutually exclusive. All processes or units of equipment are combined. Each feature disclosed in this specification (including accompanying claims, abstract and drawings) may be replaced by alternative features serving the same, equivalent or similar purpose, unless expressly stated otherwise.

此外,本领域的技术人员能够理解,尽管在此所述的一些实施例包括其它实施例中所包括的某些特征而不是其它特征,但是不同实施例的特征的组合意味着处于本发明的范围之内并且形成不同的实施例。例如,在下面的权利要求书中,所要求保护的实施例的任意之一都可以以任意的组合方式来使用。Furthermore, those skilled in the art will understand that although some embodiments described herein include some features included in other embodiments but not others, combinations of features from different embodiments are meant to be within the scope of the invention. and form different embodiments. For example, in the following claims, any of the claimed embodiments may be used in any combination.

本发明的各个部件实施例可以以硬件实现,或者以在一个或者多个处理器上运行的软件模块实现,或者以它们的组合实现。本领域的技术人员应当理解,可以在实践中使用微处理器或者数字信号处理器(DSP)来实现根据本发明实施例的用于SM2数字签名验证算法的FPGA芯片中的一些或者全部部件的一些或者全部功能。本发明还可以实现为用于执行这里所描述的方法的一部分或者全部的设备或者装置程序(例如,计算机程序和计算机程序产品)。这样的实现本发明的程序可以存储在计算机可读介质上,或者可以具有一个或者多个信号的形式。这样的信号可以从因特网网站上下载得到,或者在载体信号上提供,或者以任何其他形式提供。The various component embodiments of the present invention may be implemented in hardware, or in software modules running on one or more processors, or in a combination thereof. Those skilled in the art should understand that a microprocessor or a digital signal processor (DSP) can be used in practice to implement some or all of the components in the FPGA chip used for the SM2 digital signature verification algorithm according to the embodiment of the present invention Or full functionality. The present invention can also be implemented as an apparatus or an apparatus program (for example, a computer program and a computer program product) for performing a part or all of the methods described herein. Such a program for realizing the present invention may be stored on a computer-readable medium, or may be in the form of one or more signals. Such a signal may be downloaded from an Internet site, or provided on a carrier signal, or provided in any other form.

应该注意的是上述实施例对本发明进行说明而不是对本发明进行限制,并且本领域技术人员在不脱离所附权利要求的范围的情况下可设计出替换实施例。在权利要求中,不应将位于括号之间的任何参考符号构造成对权利要求的限制。单词“包含”不排除存在未列在权利要求中的元件或步骤。位于元件之前的单词“一”或“一个”不排除存在多个这样的元件。本发明可以借助于包括有若干不同元件的硬件以及借助于适当编程的计算机来实现。在列举了若干装置的单元权利要求中,这些装置中的若干个可以是通过同一个硬件项来具体体现。单词第一、第二、以及第三等的使用不表示任何顺序。可将这些单词解释为名称。It should be noted that the above-mentioned embodiments illustrate rather than limit the invention, and that those skilled in the art will be able to design alternative embodiments without departing from the scope of the appended claims. In the claims, any reference signs placed between parentheses shall not be construed as limiting the claim. The word "comprising" does not exclude the presence of elements or steps not listed in a claim. The word "a" or "an" preceding an element does not exclude the presence of a plurality of such elements. The invention can be implemented by means of hardware comprising several distinct elements, and by means of a suitably programmed computer. In a unit claim enumerating several means, several of these means can be embodied by one and the same item of hardware. The use of the words first, second, and third, etc. does not indicate any order. These words can be interpreted as names.

Claims (9)

1. a kind of fpga chip for SM2 digital signature verification algorithm is it is characterised in that include:
System bus interface, for being communicated with the external system of described fpga chip, obtains SM2 number from described external system Parameter data needed for word signature verification, and write described SM2 controller, the control receiving described external system transmission disappears Breath, working condition query messages and operation result query messages, and it is sent to described SM2 controller;
SM2 controller, is connected with described system bus interface and described SM2 arithmetic element, for being touched according to described control message Send out SM2 arithmetic element described, after receiving described working condition query messages and described operation result query messages, by institute State working condition and the result that system bus interface sends described SM2 arithmetic element to described external system;
SM2 arithmetic element, under the triggering of described SM2 controller, reading this SM2 numeral from described SM2 controller Parameter data needed for signature verification, carries out carrying out checking calculating according to described SM2 digital signature verification algorithm, will checking knot Fruit is sent to described SM2 controller;
Described SM2 arithmetic element specifically includes:
Coordinate transferring, for being carried out turning to Jacobi Coordinate system from affine coordinate system to the point coordinate data on elliptic curve Change;
Second state machine module, is used for carrying out SM2 digital signature authentication computing Row control, and is carried out with described SM2 controller Communication;
Second mould adds computing module, for complete under Jacobi Coordinate system the t=in SM2 digital signature verification algorithm (r '+ S ') modn calculating, and R=(e '+x1') calculating of modn, wherein, (r '+s ') is signature code word, calculates the summary of message ValueHv() is digest calculations function,Represent the splicing of former and later two character strings, n is The rank of elliptic curve, x1' it is one of elliptic curve point (x ', y ') coordinate element;
Second point doubling module, in bottom prime field signed magnitude arithmetic(al), prime field multiplying and prime field division Under the support of computing, calculate [s '] G and [t '] P in SM2 digital signature verification algorithm under Jacobi Coordinate systemA, wherein, G It is the basic point of elliptic curve, G=(xG,yG) (G ≠ O), xGAnd yGIt is FpIn two elements, elliptic curve E (Fq) equation two Individual element a, b ∈ Fq、PAIt is client public key, is also a point on elliptic curve, [s '] G refers to s ' times of point of G, [t '] PAIt is Refer to PAT ' times of point;
Second point adds computing module, in bottom prime field signed magnitude arithmetic(al), prime field multiplying and prime field division Under the support of computing, complete [s '] G in SM2 digital signature verification algorithm and [t '] P under Jacobi Coordinate systemATwo points Point add operation, i.e. (x ', y ')=[s '] G+ [t '] PA, wherein, (x ', y ') is the point on elliptic curve.
2. fpga chip as claimed in claim 1 is it is characterised in that described system bus interface includes:Meet universal industrial The system bus interface of bus standard;Or meet the system bus interface of User Defined bus inferface protocol.
3. fpga chip as claimed in claim 1 is it is characterised in that described SM2 controller specifically includes:
Control register, for receiving, by described system bus interface, the described control message that described external system sends In the case of, according to described control message, started by the described SM2 arithmetic element of SM2 enabling signal triggering, resetted by SM2 The described SM2 arithmetic element of signal triggering resets;
Data register, for receiving, by described system bus interface, this SM2 digital signature that described external system sends The required parameter data of checking, and stored, after described control register resets described SM2 arithmetic element, empty this Parameter data needed for secondary SM2 digital signature authentication;
Status register, for, in the case of receiving described working condition query messages, inquiring about described SM2 arithmetic element Working condition, and described working condition is sent to by described external system by described system bus interface;Described in proactive notification SM2 arithmetic element described in external system has completed this SM2 digital signature authentication;Receiving described operation result query messages In the case of, send the result of this SM2 digital signature authentication to described external system by described system bus interface.
4. fpga chip as claimed in claim 1 it is characterised in that or, described SM2 arithmetic element specifically includes:
First state machine module, is used for carrying out SM2 digital signature authentication computing Row control, and is carried out with described SM2 controller Communication;
First mould adds computing module, for completing the t=(r '+s ') in SM2 digital signature verification algorithm under affine coordinate system The calculating of modn, and R=(e '+x1') calculating of modn, wherein, (r '+s ') is signature code word, calculates the digest value of messageHv() is digest calculations function," | | " represents the splicing of former and later two character strings, and n is ellipse The rank of circular curve, x1' it is one of elliptic curve point (x ', y ') coordinate element;
First point doubling module, in bottom prime field signed magnitude arithmetic(al), prime field multiplying and prime field division Under the support of computing, calculate [s '] G and [t '] P in SM2 digital signature verification algorithm under affine coordinate systemA, wherein, G is The basic point of elliptic curve, G=(xG,yG) (G ≠ O), xGAnd yGIt is FpIn two elements, elliptic curve E (Fq) two of equation Element a, b ∈ Fq、PAIt is client public key, is also a point on elliptic curve, [s '] G refers to s ' times of point of G, [t '] PARefer to PAT ' times of point;
First point add operation module, in bottom prime field signed magnitude arithmetic(al), prime field multiplying and prime field division Under the support of computing, complete [s '] G in SM2 digital signature verification algorithm and [t '] P under affine coordinate systemAThe point of two points Plus computing, i.e. (x ', y ')=[s '] G+ [t '] PA, wherein, (x ', y ') is the point on elliptic curve.
5. fpga chip as claimed in claim 4 it is characterised in that described first state machine module specifically for:
Read this parameter data needed for SM2 digital signature authentication in described SM2 controller;
Receive the described SM2 enabling signal that described SM2 controller sends, start described SM2 arithmetic element;
According to the computing process invocation of SM2 digital signature verification algorithm the first point doubling module, described first point add fortune Calculate module, described first mould adds computing module, and the parameter data according to needed for this SM2 digital signature authentication is verified Calculate;
After the completion of this SM2 digital signature authentication, obtain the result, described the result and complement mark are returned to institute State SM2 controller;
Receive the described SM2 reset signal that described SM2 controller sends, reset described SM2 arithmetic element.
6. fpga chip as claimed in claim 5 it is characterised in that described first state machine module specifically for:
Call described first mould to add computing module and calculate t=(r '+s ') modn;
Described first point doubling module is called to calculate [s '] G and [t '] PA
Described first point add operation module is called to calculate (x ', y ')=[s '] G+ [t '] PA
Call described first mould to add computing module and calculate R=(e '+x1') modn, whether checking R=r ' sets up, if setting up, verifies Pass through, otherwise verify and do not pass through.
7. the fpga chip as described in claim 1 or 4 is it is characterised in that replace with illiteracy brother by described prime field multiplying Horse profit Montgomery multiplying.
8. fpga chip as claimed in claim 7 is it is characterised in that pass through the digital signal processor in described fpga chip DSP resource replaces the multiplier needed for described Montgomery multiplying.
9. fpga chip as claimed in claim 1 it is characterised in that described second state machine module specifically for:
Read this parameter data needed for SM2 digital signature authentication in described SM2 controller;
Receive the described SM2 enabling signal that described SM2 controller sends, start described SM2 arithmetic element;
Call described second mould to add computing module and calculate t=(r '+s ') modn;
Described second point doubling module is called to calculate [s '] G and [t '] PA
Call described second point to add computing module and calculate (x ', y ')=[s '] G+ [t '] PA
Call described second mould to add computing module and calculate R=(e '+x1') modn, whether checking R=r ' sets up, if setting up, verifies Pass through, otherwise verify and do not pass through;
After the completion of this SM2 digital signature authentication, obtain the result, described the result and complement mark are returned to institute State SM2 controller;
Receive the described SM2 reset signal that described SM2 controller sends, reset described SM2 arithmetic element.
CN201210540967.XA 2012-12-13 2012-12-13 Field-programmable gate array (FPGA) chip for SM2 digital signature verification algorithm Active CN103049710B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201210540967.XA CN103049710B (en) 2012-12-13 2012-12-13 Field-programmable gate array (FPGA) chip for SM2 digital signature verification algorithm

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201210540967.XA CN103049710B (en) 2012-12-13 2012-12-13 Field-programmable gate array (FPGA) chip for SM2 digital signature verification algorithm

Publications (2)

Publication Number Publication Date
CN103049710A CN103049710A (en) 2013-04-17
CN103049710B true CN103049710B (en) 2017-02-08

Family

ID=48062343

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201210540967.XA Active CN103049710B (en) 2012-12-13 2012-12-13 Field-programmable gate array (FPGA) chip for SM2 digital signature verification algorithm

Country Status (1)

Country Link
CN (1) CN103049710B (en)

Families Citing this family (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103888246A (en) * 2014-03-10 2014-06-25 深圳华视微电子有限公司 Low-energy-consumption small-area data processing method and data processing device thereof
CN106789078A (en) * 2016-12-29 2017-05-31 记忆科技(深圳)有限公司 A kind of digital signature identification system based on ahb bus
CN107026859A (en) * 2017-03-31 2017-08-08 西安电子科技大学 A kind of safe transmission method of privacy cloud medical data
US10505744B2 (en) * 2017-06-29 2019-12-10 Intel Corporation Technologies for robust computation of elliptic curve digital signatures
CN108322308B (en) * 2017-12-14 2021-01-12 天津津航计算技术研究所 Hardware implementation system of digital signature algorithm for identity authentication
CN109977702B (en) * 2019-04-08 2023-08-04 成都靖尧通信技术有限公司 FPGA equipment encryption authentication system based on DS2432 chip
US11323268B2 (en) * 2019-06-28 2022-05-03 Intel Corporation Digital signature verification engine for reconfigurable circuit devices
CN113055189B (en) * 2021-06-02 2021-08-10 工业信息安全(四川)创新中心有限公司 SM2 digital signature verification failure reason judgment method, device, equipment and medium
CN116028993A (en) * 2022-12-30 2023-04-28 中国人民解放军战略支援部队信息工程大学 Digital signature verification optimization method and system based on FPGA

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1700641A (en) * 2004-03-18 2005-11-23 株式会社东芝 Digital signature guarantee system, method and device
CN102104482A (en) * 2009-12-21 2011-06-22 上海华虹集成电路有限责任公司 Method for infinity point representation under affine coordinate system in elliptic curve cryptosystem
CN102737270A (en) * 2011-04-15 2012-10-17 航天信息股份有限公司 Security co-processor of bank smart card chip based on domestic algorithms
CN102761413A (en) * 2011-04-27 2012-10-31 航天信息股份有限公司 Implementation system of p-element domain SM2 elliptic curve public key cryptographic algorithm

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1700641A (en) * 2004-03-18 2005-11-23 株式会社东芝 Digital signature guarantee system, method and device
CN102104482A (en) * 2009-12-21 2011-06-22 上海华虹集成电路有限责任公司 Method for infinity point representation under affine coordinate system in elliptic curve cryptosystem
CN102737270A (en) * 2011-04-15 2012-10-17 航天信息股份有限公司 Security co-processor of bank smart card chip based on domestic algorithms
CN102761413A (en) * 2011-04-27 2012-10-31 航天信息股份有限公司 Implementation system of p-element domain SM2 elliptic curve public key cryptographic algorithm

Also Published As

Publication number Publication date
CN103049710A (en) 2013-04-17

Similar Documents

Publication Publication Date Title
CN103049710B (en) Field-programmable gate array (FPGA) chip for SM2 digital signature verification algorithm
CN103942031B (en) Elliptic domain curve operations method
Afreen et al. A review on elliptic curve cryptography for embedded systems
CN102306091B (en) Method for rapidly implementing elliptic curve point multiplication hardware
Kudithi An efficient hardware implementation of the elliptic curve cryptographic processor over prime field
CN102043916A (en) High-performance extensible public key password coprocessor structure
CN104753684B (en) A kind of method for realizing digital signature and sign test
CN103903047B (en) Elliptic curve encryption coprocessor suitable for RFID security communication
CN113193962B (en) SM2 digital signature generation and verifier based on lightweight modular multiplication
CN108306735A (en) The hardware implementation method and its system of elliptic curve point multiplication operation
CN100428140C (en) Implementation Method of Elliptic Curve Cryptosystem Coprocessor
CN113114462A (en) Small-area scalar multiplication circuit applied to ECC (error correction code) safety hardware circuit
CN110704109B (en) An Elliptic Curve Cryptographic Coprocessor
CN100536390C (en) A novel elliptic curve password coprocessor
CN115936133A (en) Post-combination quantum security using redefined polynomial operations
CN114553425A (en) High-performance modular inversion-based hardware implementation method and system for elliptic digital signature curve
CN105790939A (en) Prime number field elliptic curve cryptography system of VLSI realization accelerator
CN106371808B (en) A kind of method and terminal of parallel computation
CN116668008A (en) Cooperative exchange method and device of secret keys, electronic equipment and medium
WO2017177686A1 (en) Device for simultaneously achieving rsa/ecc encryption and decryption algorithms
CN109144472B (en) Scalar multiplication of binary extended field elliptic curve and implementation circuit thereof
CN104750455A (en) Method and device for processing data on basis of Montgomery modular multiplication
CN109284082A (en) A general point operation method and device for ECC and SM2
CN106126193A (en) Elliptic curve point based on Zynq adds arithmetic accelerator and accelerated method
CN109460535B (en) Finite field matrix inversion device and inversion method based on cloud

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant