CN103077005B - A kind ofly to go here and there and the large number modular multiplier circuit of the prime field GF (p) combined - Google Patents

A kind ofly to go here and there and the large number modular multiplier circuit of the prime field GF (p) combined Download PDF

Info

Publication number
CN103077005B
CN103077005B CN201310006085.XA CN201310006085A CN103077005B CN 103077005 B CN103077005 B CN 103077005B CN 201310006085 A CN201310006085 A CN 201310006085A CN 103077005 B CN103077005 B CN 103077005B
Authority
CN
China
Prior art keywords
comparer
subtracter
several
large number
module
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN201310006085.XA
Other languages
Chinese (zh)
Other versions
CN103077005A (en
Inventor
江先阳
周正
李彬
唐从学
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Wuhan University WHU
Original Assignee
Wuhan University WHU
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Wuhan University WHU filed Critical Wuhan University WHU
Priority to CN201310006085.XA priority Critical patent/CN103077005B/en
Publication of CN103077005A publication Critical patent/CN103077005A/en
Application granted granted Critical
Publication of CN103077005B publication Critical patent/CN103077005B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Complex Calculations (AREA)

Abstract

The invention discloses a kind of of elliptic curve cryptography (ECC) algorithm field to go here and there and the large number modular multiplier circuit of the prime field GF (p) combined, comprise: data move to left a module, data shift right module, an alternative selector switch, four comparers, a large number totalizer and two large number subtracters.The corresponding hardware circuit that the present invention is directed to the large number modular multiplier of one of the basic computational ele-ment of conventional encryption algorithm particularly in prime field cryptographic algorithm is all serial structure, calculates shortcoming consuming time, provides and goes here and there and the hardware circuit combined.The present invention can accelerate arithmetic speed that the large digital-to-analogue of prime field takes advantage of and resource consumption is relatively less, and realize hardware logic structure simple, can be used for design elliptic curve cryptography (ECC), the cryptographic algorithm processors such as RSA, are applicable to realize in FPGA and ASIC.

Description

A kind ofly to go here and there and the large number modular multiplier circuit of the prime field GF (p) combined
Technical field
The present invention relates to cryptographic hardware algorithm and realize field, particularly relate to the critical function parts in a kind of encryption-decryption algorithm---prime field GF (p) is large, and digital-to-analogue takes advantage of circuit.
Background technology
If F is at least containing the set of 2 elements, two kinds of computings are defined to F, "+" and "×", as algebra system <F, +, when × > meets closure, associativity, identical element, inverse element and commutativity results, <F, +, × > is called as a territory.When the element of F is limited, be called Galois field.When p is prime number, F={0,1,2 ... p-1} is at mod(p) under form a finite group about the addition of modular arithmetic and multiplication, this group is just designated as GF(p).
Along with the application of elliptic curve in public-key cryptosystem is more and more extensive, people also get more and more for the research of elliptic curve encryption algorithm, and specifically, from algorithm to software, the realization of hardware all achieves breakthrough in various degree.Elliptic curve encryption algorithm is compared with RSA cryptographic algorithms, elliptic curve encryption algorithm has more technological merit, such as when reaching equal level of confidentiality, key is less etc., therefore elliptic curve encryption algorithm some field (as fast encrypt, key change, authentication, digital signature, mobile communication safe and secret) application have the trend progressively replacing the type of encryption algorithms such as RSA.
Elliptic curve cipher (ECC) is proposed by N.Koblitz and V.Miller for 1985.Elliptic curve cipher belongs to public-key cryptosystem, the function that it can provide same rsa cryptosystem system same, with rsa cryptosystem system unlike, its security is based upon on the difficulty of elliptic curves discrete logarithm problem (ECDLP).Solving now the best algorithm of ECDLP and have total index number time complexity, this means the safe coefficient for reaching expectation, elliptic curve cipher can use the key shorter compared with rsa cryptosystem.Because advantage that key is short makes ellipse curve encryption and decryption, not only speed is fast, and can also save the energy, communication bandwidth and storage space.
Large module multiplication is one of fundamental operation functional unit in ECC cryptographic algorithm, repeatedly called in ECC cryptographic algorithm, it is one of essential elements, its speed and efficiency directly affect the speed of whole ECC processor, area and power consumption, so seem particularly important to the design of modular multiplier circuit hardware structure.
During prime field GF (p) large number modular multiplier circuit employing traditional B lakley algorithm, all operations is all serial, and along with security requirement raising, the wide m of large numerical digit is linearly increased, and the serial operation of Blakley algorithm causes its circuit delay linearly to increase so that can not meet the real-time encrypted deciphering demand of a lot of application.
Summary of the invention
The technical problem to be solved in the present invention is to provide a kind of string and the large number modular multiplier circuit of the prime field GF (p) combined, and can accelerate arithmetic speed and save logical resource.
For solving the problems of the technologies described above, of the present inventionly a kind ofly to go here and there and the large number modular multiplier circuit of the prime field GF (p) combined, for calculating large digital-to-analogue multiplier c=(ab) modp, wherein 0≤a, b<p, a, b, p are bit wides is that the scale-of-two of m is without the large number of symbol; Comprise the first comparer, count totalizer greatly, alternative selector switch, the second comparer, first several subtracter, data move to left a module, the 3rd comparer, second largest several subtracter, data shift right module and the 4th comparer; Move to left modular concurrent of first several subtracter and data performs, and second largest several subtracter and data shift right modular concurrent perform,
The m+1 position result that the b that described large several totalizer calculates c and the m bit wide of m bit wide is added also is set to c, and output terminal is connected to an input end of alternative selector switch;
The c of another input end input m bit wide of described alternative selector switch, first comparer judge the lowest order of a be whether 1 result be input as the control end of alternative selector switch, export large number totalizer when the lowest order of a is 1 and be added the c of gained m+1 bit wide to the second comparer, otherwise the c of output m bit wide is to the second comparer;
Described second comparer compares the size of the output c of alternative selector switch and the value of prime number p, and output terminal is received first several subtracter and data and to be moved to left a module;
Described first several subtracter, when c >=p, calculates c=c-p;
B moves to left one by the described data module that moves to left, and output terminal is connected to the 3rd comparer;
Described 3rd comparer compares data and to move to left the size of the output b of a module and the value of prime number p, and output terminal receives second largest several subtracter and data shift right module;
Described second largest several subtracter, when b >=p, calculates b=b-p;
A moves to right one by described data shift right module, and output terminal receives the 4th comparer;
A and 0 value compare by described 4th comparer, if both are equal, export the result c of m position at output terminal, otherwise output a control signal to the first comparer and continue to judge whether the lowest order of a is 1.
And, perform flow process and adopt state machine to realize controlling.
The large number modular multiplier circuit of prime field GF (p) is all the full serial hardware circuit adopted traditionally, the large number modular multiplier circuit of prime field GF (p) of the present invention adopts goes here and there and the mode combined, travelling speed can be improved, and it is few to realize logical resource, is applicable in FPGA or ASIC and realizes.
Accompanying drawing explanation
Fig. 1 is the string of the embodiment of the present invention and the process flow diagram of the prime field large module multiplication combined;
Fig. 2 is the constitutional diagram of the state machine control prime field large module multiplication of the embodiment of the present invention;
Fig. 3 is the string of the embodiment of the present invention and the numerical digit change schematic diagram of the prime field large module multiplication combined.
Embodiment
Below in conjunction with accompanying drawing and embodiment, the present invention is described in further detail:
The basic circuit of the large number modular multiplier that embodiment provides comprises the first comparer, counts totalizer greatly, alternative selector switch, the second comparer, first several subtracter, data move to left a module, the 3rd comparer, second largest several subtracter, data shift right module and the 4th comparer.
Move to left modular concurrent of first several subtracter and data performs, and second largest several subtracter and data shift right modular concurrent perform,
The m+1 position result that the b that described large several totalizer calculates c and the m bit wide of m bit wide is added also is set to c, and output terminal is connected to an input end of alternative selector switch;
The c of another input end input m bit wide of described alternative selector switch, first comparer judge the lowest order of a be whether 1 result be input as the control end of alternative selector switch, export large number totalizer when the lowest order of a is 1 and be added the c of gained m+1 bit wide to the second comparer, otherwise the c of output m bit wide is to the second comparer;
Described second comparer compares the size of the output c of alternative selector switch and the value of prime number p, and output terminal is received first several subtracter and data and to be moved to left a module, can transmit control signal to first several subtracter and the data module that moves to left;
Described first several subtracter, when c >=p, calculates c=c-p;
B moves to left one by the described data module that moves to left, and output terminal is connected to the 3rd comparer;
Described 3rd comparer compares data and to move to left the size of the output b of a module and the value of prime number p, and output terminal receives second largest several subtracter and data shift right module, can transmit control signal to second largest several subtracter and data shift right module;
Described second largest several subtracter, when b >=p, calculates b=b-p;
A moves to right one by described data shift right module, and output terminal receives the 4th comparer;
A and 0 value compare by described 4th comparer, if both are equal, export the result c of m position at output terminal, otherwise output a control signal to the first comparer and continue to judge whether the lowest order of a is 1.
During concrete enforcement, the auxiliary operation of corresponding registers can be set, as arranged register ain1_reg, ain2_reg and yout_r of storing a, b and c, can call when participating in corresponding computing, also can store corresponding result of calculation.Process flow diagram shown in Fig. 1 state machine as shown in Figure 2 controls, and this state machine realizes by hardware circuit.The process that state machine controls prime field modular multiplication is divided into 6 states, first, enters S0 state after system reset, and register ain1_reg, ain2_reg and yout_r of storing a, b and c are designated as in 0(figure! Rst_n/ain1_reg=0, ain2_reg=0, yout_r=0).After enabling signal starts, the value of a to S1 state, and is put into register ain1_reg by state transition, the value of b is expanded one to put into register ain2_reg (figure is designated as load/ain1_reg=a, ain2_reg={1 ' b0, b}, 1 ' b0 represents the binary number 0 of 1).The value of a, b, c being carried out expanding position process is facilitate follow-up shift left operation.When judging ain1_reg 0(ain1_reg when=1 0represent the 0th of register ain1_reg), just jump to S2 state, and the register yout_r of m+1 position and the register ain2_reg of m+1 position is done additive operation give register yout_r(and yout_r=yout_r+ain2_reg).Compare the register yout_r of m+1 position and the size of m position prime number p afterwards, if yout_r >=p(and c >=p), then jump to S3 state, and perform subtraction operation (i.e. yout_r=yout_r-p) of yout_r and the m position prime number p of m+1 position and the shift left operation (i.e. ain2_reg=ain2_reg<<1) of ain2_reg simultaneously.Then the register ain2_reg of m+1 position and the size of m position prime number p is compared, if ain2_reg >=p(and b >=p), then jump to S4 state, and the execution register ain2_reg of m+1 position and the subtraction of m position prime number p operate the right-shift operation (ain1_reg=ain1_reg>>1) of (i.e. ain2_reg=ain2_reg-p) and m bit register ain1_reg simultaneously.Finally judging whether ain1_reg is worth is 0, if, then jump to S5 state, and the result (i.e. yout [m-1:0]=yout_r [m:0]) removing the register yout_r of most significant digit is given in m bit register yout as final Output rusults, otherwise (i.e. ain1_reg ≠ 0), S1 state can be jumped to again, repeat above-mentioned step and continue to perform.
Large digital-to-analogue takes advantage of representation to be generally:
C=(ab) modp wherein 0≤a, b<p;
Wherein a, b, p are bit wides is that the scale-of-two of m is without the large number of symbol.The m position of a, b, p is designated as a respectively m-1, a m-2a 1, a 0, b m-1, b m-2b 1, b 0, p m-1, p m-2p 1, p 0.Modular multiplier is made up of two parts computing, first does multiplying to a and b, and then p on mould.
Nineteen eighty-three Blakley proposes a kind of addition pattern multiplication algorithm based on this calculation expression, and its design philosophy is taken advantage of by mould to be converted into a series of additive operation, and for making net result c be less than p, each intermediate result calculated all needs to do modulo operation.
Blakley algorithm is as follows:
Input: a={a m-1, a m-2a 1, a 0}
b={b m-1,b m-2…b 1,b 0}
p={p m-1,p m-2…p 1,p 0}
c=0
Export: c=(ab) modp
Wherein, c={c m-1, c m-2c 1, c 0}
Calculating process is as follows:
1、c=0;
2、Fori=0to(N-1);
3、{
4、c=2c+a*b N-1-i
5、if(c≥p);
6、c=c-p;
7、if(c≥p);
8、c=c-p;
9、}
10、Returnc。
From Blakley algorithm, its all computing is all serial, and speed has very large restriction.The present invention propose to go here and there and the mode combined to improve speed.
Algorithm of the present invention is as follows:
Input: a={a m-1, a m-2a 1, a 0}
b={b m-1,b m-2…b 1,b 0}
p={p m-1,p m-2…p 1,p 0}
c=0
Export: c=(ab) modp
Wherein, c={c m-1, c m-2c 1, c 0}
Calculating process is as follows:
1、c=0;
If 2 a ≠ 0, repeated execution of steps 3 to step 7;
If 3 a 0=1, then c=c+b, then enters step 4, otherwise directly enters step 4;
If 4 c >=p, then c=c-p, then enter step 5, otherwise directly enter step 5;
5, b=b < < 1, b < < 1 represents b is moved to left one;
If 6 b >=p, then b=b-p, then enter step 7, otherwise directly enter step 7;
7, a=a > > 1, a > > 1 represents a is moved to right one;
If 8 a=0, then perform step 9, otherwise return step 3;
9, (c) is returned.
In above algorithm, in the 3rd step, need the totalizer of a m+1 position, all need to compare operation in the 4th step and the 6th step, need the comparer of two m+1 positions, also need the subtracter of two m+1 positions simultaneously.4th step and the 5th step, the execution number of times of the 6th step and the 7th step is once all, and does not mutually have an impact between every two steps, and hardware configuration of the present invention is by these 4 step concurrent operations.
See Fig. 3, described string the computing flow process of modular multiplier circuit combined are: go here and there and the modular multiplier circuit initializes combined time a={a [m-1] ... a [1], a [0] }, b={b [m-1] ... b [1], b [0] }, p={p [m-1], p [1], p [0] }, i.e. a, b, the m position of p is designated as a [m-1] respectively ... a [1], a [0], b [m-1] ... b [1], b [0], p [m-1] ... p [1], p [0].Export the number that c is also a m bit wide, value is zero.During first time computing, be designated as c [m-1:0] in the c(figure of m bit wide) and m bit wide b(figure in be designated as b [m-1:0]) c of the m+1 position result (being designated as c+b [m:0] in figure) that is added and m position is as the input of alternative selector switch (MUX), then the judgement being whether 1 according to the lowest order a [0] of a selects (SEL) to export, if the lowest order of a is 1, the result that the b then exporting c and the m position of m position is added also correspondingly is stored in m+1 bit register yout_r and (is designated as yout_r [m:0] in figure), otherwise the c value exporting m position is stored in m+1 bit register yout_r, the most significant digit of register yout_r, i.e. m position, can automatic makeup 0 in hardware implementing.Then the prime number p (being designated as p [m-1:0] in figure) of the register yout_r of m+1 position and m position is compared, if the former is larger than the latter, then perform subtraction and shift left operation, subtraction is exactly be designated as c [m:0] in the c(figure of m+1 position) subtract each other with the prime number p of m position, move to left and exactly the b of m position is moved to left one.Because subtraction and each Exactly-once of shift operation, and both are independent of each other, so can perform two these two steps computings simultaneously, have just absolutely proved this concurrency feature of inventing here.Be designated as b [m-1:0] by the b(figure of m position) carry out moving to left obtain m+1 position output b(figure in be designated as b [m:0]), then the prime number p of m+1 position b continuation and m position is compared, if the former is larger than the latter, then perform subtraction and shift right operation, subtraction is exactly that the prime number p of b and the m-1 position of m+1 position is subtracted each other, and moves to right and is designated as a [m-1:0] by the a(figure of m position exactly) move to right one.Subtraction and each also Exactly-once of shift operation, and both are independent of each other, so also can perform two these two steps computings simultaneously, have also absolutely proved this concurrency feature of inventing here.Finally be designated as a [m-1:0] by the a(figure of m position) carry out moving to right (after moving to right, the m position of definition before the bit wide of a still keeps, high-order zero padding) output valve that obtains and 0 value compare, if both are equal, then export in the result yout(figure of m position and be designated as yout [m-1:0]).Arrive this, modular multiplication terminates.
Specific embodiment described herein is only to the explanation for example of the present invention's spirit.Those skilled in the art can make various amendment or supplement or adopt similar mode to substitute to described specific embodiment, but can't depart from spirit of the present invention or surmount the scope that appended claims defines.

Claims (2)

1. go here and there and the large number modular multiplier circuit of the prime field GF (p) combined, for calculating large digital-to-analogue multiplier c=(ab) modp, wherein 0≤a, b<p, a, b, p are bit wides is that the scale-of-two of m is without the large number of symbol; It is characterized in that: comprise the first comparer, count totalizer greatly, alternative selector switch, the second comparer, first several subtracter, data move to left a module, the 3rd comparer, second largest several subtracter, data shift right module and the 4th comparer; Move to left modular concurrent of first several subtracter and data performs, and second largest several subtracter and data shift right modular concurrent perform, and during initialization, export the number that c is a m bit wide, value is zero;
The m+1 position result that the b that described large several totalizer calculates c and the m bit wide of m bit wide is added also is set to c, and output terminal is connected to an input end of alternative selector switch;
The c of another input end input m bit wide of described alternative selector switch, first comparer judges whether the lowest order of a is 1, judge that the result of gained is input to the control end of alternative selector switch, alternative selector switch exports large number totalizer and is added the c of gained m+1 bit wide to the second comparer when the lowest order of a is 1, otherwise the c of output m bit wide is to the second comparer;
Described second comparer compares the size of the c of the value of m position prime number p and the output m+1 bit wide of alternative selector switch, and output terminal is received first several subtracter and data and to be moved to left a module;
Described first several subtracter is when c >=p, and calculate c=c-p, the prime number p comprising c and the m position of m+1 position is subtracted each other;
B moves to left one by the described data module that moves to left, and comprising moves to left the b of m position one obtains the output b of m+1 position, and output terminal is connected to the 3rd comparer;
Described 3rd comparer compares the value of prime number p and data and to move to left the size of output b of a module, and output terminal receives second largest several subtracter and data shift right module;
Described second largest several subtracter, when b >=p, calculates b=b-p;
A moves to right one by described data shift right module, and output terminal receives the 4th comparer; After moving to right, the m position of definition before the bit wide of a still keeps, high-order zero padding;
A and 0 value compare by described 4th comparer, if both are equal, are exported as a result by the corresponding m position c of alternative selector switch, otherwise output a control signal to whether the lowest order that the first comparer continues to judge a is 1.
2. go here and there as claimed in claim 1 and the large number modular multiplier circuit of the prime field GF (p) combined, it is characterized in that: perform flow process and adopt state machine to realize controlling.
CN201310006085.XA 2013-01-08 2013-01-08 A kind ofly to go here and there and the large number modular multiplier circuit of the prime field GF (p) combined Expired - Fee Related CN103077005B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201310006085.XA CN103077005B (en) 2013-01-08 2013-01-08 A kind ofly to go here and there and the large number modular multiplier circuit of the prime field GF (p) combined

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201310006085.XA CN103077005B (en) 2013-01-08 2013-01-08 A kind ofly to go here and there and the large number modular multiplier circuit of the prime field GF (p) combined

Publications (2)

Publication Number Publication Date
CN103077005A CN103077005A (en) 2013-05-01
CN103077005B true CN103077005B (en) 2016-04-13

Family

ID=48153544

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201310006085.XA Expired - Fee Related CN103077005B (en) 2013-01-08 2013-01-08 A kind ofly to go here and there and the large number modular multiplier circuit of the prime field GF (p) combined

Country Status (1)

Country Link
CN (1) CN103077005B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104699452A (en) * 2015-03-10 2015-06-10 东南大学 Modular multiplier for realizing variable bit wide under prime field GF (P)

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7702105B1 (en) * 2004-04-23 2010-04-20 Oracle America, Inc. Accelerating elliptic curve point multiplication through batched inversions
US7986779B2 (en) * 2007-06-30 2011-07-26 Intel Corporation Efficient elliptic-curve cryptography based on primality of the order of the ECC-group
CN101840327A (en) * 2010-05-06 2010-09-22 清华大学 Dual-domain unified arithmetic operational circuit applied to ECC

Also Published As

Publication number Publication date
CN103077005A (en) 2013-05-01

Similar Documents

Publication Publication Date Title
Kumar et al. Optimum digit serial GF (2^ m) multipliers for curve-based cryptography
CN103078732B (en) A kind of dot product accelerating circuit of prime field elliptic curve cryptography
CN101521504B (en) Implementation method for reversible logic unit used for low power consumption encryption system
CN100470464C (en) Multiplier based on improved Montgomey&#39;s algorithm
Rashidi et al. High-speed hardware architecture of scalar multiplication for binary elliptic curve cryptosystems
CN103793199B (en) A kind of fast rsa password coprocessor supporting dual domain
CN104679474A (en) Multiplying unit on finite field GF (2 227) and modular multiplication algorithm
CN100583757C (en) ECC/RSA encryption/decryption coprocessor
CN104090737B (en) A kind of modified model part parallel framework multiplier and its processing method
Roy et al. Theoretical modeling of the Itoh-Tsujii inversion algorithm for enhanced performance on k-LUT based FPGAs
CN104184578A (en) FPGA-based elliptic curve scalar multiplication accelerating circuit and algorithm thereof
Abd-Elkader et al. Efficient implementation of Montgomery modular multiplier on FPGA
CN113794572A (en) Hardware implementation system and method for high-performance elliptic curve digital signature and signature verification
CN101630244B (en) System and method of double-scalar multiplication of streamlined elliptic curve
CN102117195B (en) Large-number modular multiplier circuit
CN100527073C (en) High efficiency modular multiplication method and device
CN103077005B (en) A kind ofly to go here and there and the large number modular multiplier circuit of the prime field GF (p) combined
CN103023659B (en) ECC (elliptic curve cryptosystem) encryption hardware device with expandable parameter bit width
Wang et al. TCPM: A reconfigurable and efficient Toom-Cook-based polynomial multiplier over rings using a novel compressed postprocessing algorithm
CN109271137A (en) A kind of modular multiplication device and coprocessor based on public key encryption algorithm
KR100478974B1 (en) Serial finite-field multiplier
CN104699452A (en) Modular multiplier for realizing variable bit wide under prime field GF (P)
CN117472329A (en) Method and system for improving Montgomery modular multiplication throughput by using DSP cascade structure
VR et al. An improved quad Itoh-Tsujii algorithm for FPGAs
Jung et al. A reconfigurable coprocessor for finite field multiplication in GF (2n)

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20160413

Termination date: 20170108

CF01 Termination of patent right due to non-payment of annual fee