CN103546288B - SM2 (streaming multiprocessor 2) digital signature generating algorithm realizing method and device - Google Patents

SM2 (streaming multiprocessor 2) digital signature generating algorithm realizing method and device Download PDF

Info

Publication number
CN103546288B
CN103546288B CN201310445395.1A CN201310445395A CN103546288B CN 103546288 B CN103546288 B CN 103546288B CN 201310445395 A CN201310445395 A CN 201310445395A CN 103546288 B CN103546288 B CN 103546288B
Authority
CN
China
Prior art keywords
private key
user
digital signature
cpu
generating algorithm
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201310445395.1A
Other languages
Chinese (zh)
Other versions
CN103546288A (en
Inventor
林璟锵
潘无穷
余幸杰
王琼霄
荆继武
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Data Assurance and Communication Security Research Center of CAS
Original Assignee
Data Assurance and Communication Security Research Center of CAS
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Data Assurance and Communication Security Research Center of CAS filed Critical Data Assurance and Communication Security Research Center of CAS
Priority to CN201310445395.1A priority Critical patent/CN103546288B/en
Publication of CN103546288A publication Critical patent/CN103546288A/en
Application granted granted Critical
Publication of CN103546288B publication Critical patent/CN103546288B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Abstract

The invention relates to an SM2 (streaming multiprocessor 2) digital signature generating algorithm realizing method and device. The method includes calculating an SM2 digital signature generating algorithm by coordination of a CPU (central processing unit) and a GPU (graphics processing unit), pre-calculating elliptical curve dots in the SM2 digital signature generating algorithm in the GPU to obtain a result and storing the result in a storage unit, pre-calculating one-added inverse calculation of a user private key in the CPU to obtain a result and storing the result in the storage unit, calling the results obtained by pre-calculation and stored in the storage unit when the CPU calculates a to-be-signed message sequence according to the SM2 digital signature generating algorithm calculating step. Accordingly, digital signature calculation time for to-be-signed messages is shortened, and calculation efficiency of the SM2 digital signature generating algorithm is improved. Further, the CPU can perform one-added inverse calculation on different private keys and store results in the storage unit, and calculation efficiency is further improved.

Description

The implementation method of sm2 digital signature generating algorithm and device
Technical field
The present invention relates to public key algorithm technology, combine central processing unit (cpu) and graphics process particularly to a kind of The implementation method of sm2 digital signature generating algorithm of device (gpu, graphics processing unit) and device.
Background technology
The important way being an up processor performance is calculated using multi-core parallel concurrent, therefore occurs in that including massively parallel architecture The gpu of arithmetic element, gpu have developed into for degree of parallelism height, multithreading, calculate high-performance quick and that memory bandwidth is big and lead to Use processor.Gpu architecture is divided into three layers in composition: ground floor is by several thread processors cluster (tpc, thread Preocessing cluster) composition, the second layer is by multiple streams multiprocessor (sm, streaming multiprocessor) Composition, third layer is the stream handle (sp, stream processor) constituting sm it is also possible to referred to as thread processor.Sm makees A tasks carrying for gpu and scheduling unit, are mainly responsible for the thread instruction of execution gpu distribution, and sp are most basic in gpu Instruction execution unit, the operation of its execution controls by affiliated sm.
Nvidia company is proposed computer equipment integrating structure (cuda, compute unified device within 2006 Architecture) programmable platform, it is possible to achieve the scheduling of gpu thread.Under cuda programmable platform framework, gpu executes Least unit be thread (thread), several threads (thread) can form a thread block (block).One block In thread can access same shared drive and synchronization.The thread of execution same program, composition grid (grid), different Grid can execute different programs.
With respect to central processing unit (cpu), gpu has powerful data-handling capacity, in floating-point operation and parallel computation Etc. aspect, improve tens times even performance of hundreds of times of cpu.Gpu has thousand of cores, has very high concurrency, but often It is weaker that individual sm compares cpu disposal ability.Cpu computing capability is strong, but check figure is fewer.Therefore, using which kind of cpu and gpu Cooperation mode carries out framework, completes various calculating, to improve system overall calculation ability, is a problem demanding prompt solution.
Ellipse curve public key cipher algorithm (sm2), is the cryptographic algorithm that China national Password Management office issues.Sm2 is clear and definite Define Digital Signature Algorithm, public key encryption algorithm and the IKE of sm2 algorithm.Wherein, the digital signature of sm2 algorithm Algorithm includes generating algorithm and verification algorithm, applies the message of reliability in message transmitting procedure to transmit and the conjunction using message Method person verifies.In the Digital Signature Algorithm of sm2, including one-to-one public key and private key, wherein, private key is used for be signed disappearing Breath generates digital signature, and public key is used for digital signature is verified.Signer carries out the numeral of message m to be signed using private key Signature generating algorithm calculates, and obtains the digital signature of message m to be signed;Verifier adopts public key to the message m to be signed receiving It is digitally signed checking to calculate, verifies whether the digital signature of message m to be signed mates, if it does, confirming that receive treats Signature information m is correct.
The digital signature generating algorithm detailed process of sm2 algorithm is as follows.
If message to be signed is m, in order to obtain the digital signature (r, s) of message m to be signed, as the user a of signer Should realize following calculation step:
A1: putza‖ m represents zaSplicing with m;
A2: calculateThe data type conversion of e is integer;
A3: produce random number k ∈ [1, n-1];
A4: calculate elliptic curve point (x, y)=[k] g;
A5: calculate r=(e+x) mod n, if r=0 or r+k=n, return a3;
A6: calculate s=((1+da)-1·(k-r·da)) mod n, if s=0, return a3;
A7: the data type conversion of r, s is byte serial, the signature of message m to be signed is (r, s).
Wherein: za: with regard to the hash of the distinguished mark of user a, part elliptical curve systematic parameter and client public key a Value;hv(): eap-message digest length is the cryptographic Hash function of v bit;G a: basic point on elliptic curve, its rank is prime number; N: the rank of basic point g;da: the private key of user a;[k] g: Point on Elliptic Curve g k times of point, i.e. [k] g=g+g ...+g, represents k G is added on elliptic curve domain.
At present, when realizing sm2 digital signature generating algorithm, it is to be calculated according to above-mentioned steps order by cpu, finally gives The digital signature of message m to be signed, because in calculating process, amount of calculation ratio is larger, relatively time-consuming, obtain the effect of digital signature Rate is than relatively low.
Content of the invention
In view of this, the present invention provides a kind of implementation method of the sm2 digital signature generating algorithm of combination cpu and gpu, should Method can improve the computational efficiency of sm2 digital signature generating algorithm.
The present invention also provides a kind of sm2 digital signature generating algorithm of combination cpu and gpu to realize device, and this device can Improve the computational efficiency of sm2 digital signature generating algorithm.
For reaching above-mentioned purpose, the technical scheme that the present invention is implemented specifically is achieved in that
A kind of implementation method of sm2 digital signature generating algorithm, the method includes:
Calculating elliptic curve point step in sm2 digital signature generating algorithm is precalculated by graphic process unit gpu, obtains To elliptic curve point and corresponding random number, and it is stored in the memorizer of setting;
In sm2 digital signature generating algorithm, 1 inversion calculation step will be increased by central processing unit cpu in advance to private key for user Calculate, increasing 1 reciprocal value obtaining private key for user is stored in the memorizer of setting;
When cpu treats signature information order calculating according to sm2 digital signature generating algorithm calculation procedure, memorizer is called to deposit The elliptic curve point of storage and corresponding random number, and increasing 1 reciprocal value of private key for user, complete to treat the numeral label of signature information Name.
The cpu thread to private key for user increasing 1 inversion calculation in described sm2 digital signature generating algorithm and described basis The cpu thread that sm2 digital signature generating algorithm calculation procedure treats signature information order calculating is identical or different.
Private key for user increasing 1 inversion calculation step is precalculated in cpu in the described digital signature generating algorithm by sm2 For:
For the signature request having prestored private key for user, before receiving the generation request of sm2 digital signature, pre- advanced Row private key for user increases 1 inversion calculation, and private key for user is expressed as da, private key for user increases 1 and inverts and be expressed as (1+da)-1Mod n, wherein N is the rank of elliptic curve basic point g.
Private key for user increasing 1 inversion calculation step is precalculated in cpu in the described digital signature generating algorithm by sm2 For:
For the signature request not prestoring private key for user, after cpu receives the generation request of sm2 digital signature, Before cpu treats signature information order calculating according to sm2 digital signature generating algorithm calculation procedure, get private key for user laggard Row increases 1 inversion calculation;
The cpu thread of described inversion calculation is with to treat signature information according to sm2 digital signature generating algorithm calculation procedure suitable The cpu thread that sequence calculates is different.
Described get private key for user and carry out increasing 1 inversion calculation be:
Set the private key for user threshold number of inversion calculation or set the interval moment simultaneously, when reaching inversion calculation simultaneously During the interval moment of private key for user threshold number or setting, acquired multiple different user private keys are carried out increasing 1 simultaneously and inverts Increasing 1 reciprocal value of the different user private key obtaining after operation.
Described acquired multiple different user private keys are carried out increasing the different user private key obtaining after 1 inversion operation simultaneously Increasing 1 reciprocal value is:
Calculate d1=1+da1, d2=1+da2..., di=1+dai
Calculate d1'=d1,d2'=d1*d2,…,di'=d1*d2*…*di
Calculate h=(di’)-1mod n;
Calculate (d1)-1=h*d2*…*di, (d2)-1=h*d1*d3* ... * di ..., (di)-1=h*d1*d2*…*di-1
Wherein, daiFor private key for user, (di)-1Inverse for private key for user, n is the rank of elliptic curve basic point g.
The calculating of the calculating elliptic curve point step in described sm2 digital signature generating algorithm is by a gpu thread order Complete, or multiple gpu thread calculates for different randoms number simultaneously and completes.
A kind of sm2 digital signature generating algorithm realize device, this device includes: gpu computing unit, cpu computing unit And memorizer, wherein,
Gpu computing unit, for executing the calculating elliptic curve point step in sm2 digital signature generating algorithm, and will count The elliptic curve point obtaining and corresponding random number store in memory;
Cpu computing unit, for execute in sm2 digital signature generating algorithm to private key for user increase 1 inversion calculation step, Increasing 1 reciprocal value obtaining private key for user stores in memory;Disappeared to be signed according to sm2 digital signature generating algorithm calculation procedure When breath order calculates, call the elliptic curve point prestoring of memory storage and corresponding random number, and private key for user Increasing 1 reciprocal value, complete to treat the digital signature of signature information.
Memorizer, for storing elliptic curve point and corresponding random number, and increasing 1 reciprocal value of private key for user.
Described cpu computing unit, was additionally operable to before receiving the generation request of sm2 digital signature, be stored with private key for user, Carry out private key for user in advance to increase 1 inversion calculation and store in memory.
Described cpu computing unit includes multiple cpu computing units, wherein,
One cpu computing unit, is additionally operable to after cpu receives the generation request of sm2 digital signature, cpu is according to sm2 number Before word signature generating algorithm step treats signature information order calculating, get private key for user increasing 1 and carry out inversion calculation and deposit Storage is in memory;
Other cpu computing units, are additionally operable to treat signature information order calculating according to sm2 digital signature generating algorithm step When, call the elliptic curve point prestoring of memory storage and corresponding random number, and increasing 1 reciprocal value of private key for user, Complete to treat the digital signature of signature information.
Described gpu computing unit is one or more, by sequentially executing based in sm2 digital signature generating algorithm Calculate elliptic curve point step, or the calculating simultaneously executing for different randoms number in sm2 digital signature generating algorithm is oval Curve point step.
As can be seen from the above scheme, the present invention carries out sm2 digital signature generating algorithm using cpu and gpu cooperation mode Calculate, the calculating elliptic curve point step in sm2 digital signature generating algorithm is carried out precalculating obtaining result simultaneously in gpu It is stored in the memorizer of setting, private key for user will be increased with 1 inversion calculation and carry out precalculating in cpu obtaining result and storing In the memorizer of setting, then signature information order is treated according to sm2 digital signature generating algorithm calculation procedure by cpu and calculate When, that calls memory storage precalculates the result obtaining, thus save treating the meter that signature information is digitally signed Evaluation time, improves the computational efficiency of sm2 digital signature generating algorithm.Further, can be simultaneously to multiple differences in cpu Private key for user carries out private key for user increasing 1 respectively and inverts and store in memory, improves computational efficiency further.
Brief description
The realization of the sm2 digital signature generating algorithm of combination cpu and gpu that Fig. 1 provides for embodiment of the present invention embodiment Method flow diagram;
Fig. 2 is that the sm2 digital signature generating algorithm of combination cpu and gpu provided in an embodiment of the present invention realizes apparatus structure Schematic diagram;
Fig. 3 is elliptic curve point provided in an embodiment of the present invention and the schematic diagram of corresponding random number precomputation and access;
Fig. 4 is a cpu computing unit provided in an embodiment of the present invention to different user private key daIncreasing 1 inversion calculation stream Cheng Tu.
Specific embodiment
For making the objects, technical solutions and advantages of the present invention become more apparent, develop simultaneously embodiment referring to the drawings, right The present invention is described in further detail.
The reason background technology computational efficiency when realizing sm2 digital signature generating algorithm is high is: by cpu according to sm2 Digital signature generating algorithm calculation procedure order executes, and 1 inversion calculation that increases therein is complicated with the calculating of elliptic curve point calculating Property is all higher, than relatively time-consuming.In order to overcome this problem, the present invention carries out sm2 numeral using cpu and gpu cooperation mode and signs Name generating algorithm calculates, and the calculating elliptic curve point step in sm2 digital signature generating algorithm is precalculated in gpu Obtain result and be stored in the memorizer of setting, private key for user will be increased with 1 inversion calculation and carry out precalculating obtaining in cpu Result is simultaneously stored in the memorizer of setting, is then disappeared to be signed according to sm2 digital signature generating algorithm calculation procedure by cpu When breath order calculates, that calls memory storage precalculates the result obtaining, and enters line number thus saving and treating signature information The calculating time of word signature, improve the computational efficiency of sm2 digital signature generating algorithm.Further, can be same in cpu When multiple different user private keys are carried out respectively with private key for user increase 1 inversion calculation and store in memory, improve meter further Calculate efficiency.
As can be seen that step a3 and step a4 calculate elliptic curve from the sm2 digital signature generating algorithm of background technology The data that point is related to is unrelated with message to be signed.Therefore, the present invention is using before carrying out sm2 digital signature generating algorithm, by Gpu execution step a3 and step a4 in advance, is stored in after obtaining result in the memorizer of setting, when cpu signs according to sm2 numeral When name generating algorithm step is treated signature information and calculated according to sequence of steps, when order execution step a3 and step a4, directly Read from the memorizer of setting.
It can also be seen that carry out in step a6 is private to user from the sm2 digital signature generating algorithm of background technology Key increases 1 inversion operation (1+da)-1Computation complexity is larger, and the present invention is then precalculated in this step a6 to private key for user by cpu Increase 1 inversion process and store result, when cpu disappears to be signed according to sm2 digital signature generating algorithm step in memory When breath calculates according to sequence of steps, when order execution step a6, from the memorizer of setting, directly read this private key for user increase 1 Result of inverting, then again in execution step a6 other calculating.Being precalculated by cpu in this step a6, private key for user is increased When 1 inversion process in memory storage result, cpu can obtain multiple different use by executing an inversion calculation The increasing 1 of family private key is inverse, and stores in memory.
Fig. 1 be provided in an embodiment of the present invention a kind of based on the digital signature generating algorithm realization side in the sm2 algorithm of gpu Method flow chart, it concretely comprises the following steps:
Step 101, the calculating elliptic curve point step in sm2 digital signature generating algorithm is precalculated by gpu obtain Result is simultaneously stored in the memorizer of setting;
In this step, result is elliptic curve point and corresponding random number;
Step 102, will in sm2 digital signature generating algorithm to private key for user increase 1 inversion calculation step counted in advance by cpu Calculate and obtain result and be stored in the memorizer of setting;
In this step, result is inverse for private key for user increasing 1;
When step 103, cpu treat signature information order calculating according to sm2 digital signature generating algorithm calculation procedure, call The elliptic curve point of memory storage and corresponding random number, and increasing 1 reciprocal value of private key for user, complete to treat signature information Digital signature.
In FIG, step 101 and step 102 are executed by gpu and cpu respectively, and execution can not be order execution.
In FIG, step 102 and step 103 are all completed by cpu thread, can be same cpu thread it is also possible to It is different cpu threads.
In FIG, when gpu executes the calculating elliptic curve point step in sm2 digital signature generating algorithm, can be by one Gpu thread completes to complete it is also possible to be calculated for different randoms number by multiple gpu threads simultaneously.
In step 102 in FIG, two ways is had to carry out:
First kind of way, if having prestored private key for user, generates request receiving sm2 digital signature Before, increase 1 inversion calculation and store with regard to carrying out private key for user in advance;
The second way, without storage private key for user, then after cpu receives the generation request of sm2 digital signature, Cpu collects multiple computation requests, before treat signature information order calculating according to sm2 digital signature generating algorithm step, obtains Get private key for user to carry out increasing 1 inversion calculation and storing.When executing the second way, can be simultaneously to different sm2 numerals Signature generates the required different user private key increasing 1 of request and carries out inversion calculation simultaneously, such as sets the user of inversion calculation simultaneously Private key threshold number or setting interval moment, when reaching the interval of the private key for user threshold number of inversion calculation or setting simultaneously During quarter, acquired multiple different user private keys are carried out different user private key simultaneously and increases the difference use obtaining after 1 inversion operation The inverse storage of family private key, when invoked, increasing 1 reciprocal value choosing corresponding private key for user calls.
Can be seen that according to known to the private key for user signed or unknown from both the above mode, computational methods are different 's.
Fig. 2 is provided in an embodiment of the present invention one logical to realize dress based on the digital signature generating algorithm in the sm2 algorithm of gpu Put structural representation, including gpu computing unit, cpu computing unit and memorizer, wherein,
Gpu computing unit, for executing the calculating elliptic curve point step in sm2 digital signature generating algorithm, and will count The elliptic curve point obtaining and corresponding random number store in memory;
Cpu computing unit, for execute in sm2 digital signature generating algorithm to private key for user increase 1 inversion calculation step, Increasing 1 reciprocal value obtaining private key for user stores in memory;Disappeared to be signed according to sm2 digital signature generating algorithm calculation procedure When breath order calculates, call the elliptic curve point prestoring of memory storage and corresponding random number, and private key for user Increasing 1 reciprocal value, complete to treat the digital signature of signature information.
Memorizer, for storing elliptic curve point and corresponding random number, and increasing 1 reciprocal value of private key for user.
In the present invention, described gpu computing unit can include multiple, for sequentially execute sm2 digital signature generate calculate Calculating elliptic curve point step in method, or execute in sm2 digital signature generating algorithm for different randoms number simultaneously Calculate elliptic curve point step.
In the present invention, described cpu computing unit, is additionally operable to before receiving the generation request of sm2 digital signature, storage There is private key for user, carry out private key for user in advance and increase 1 inversion calculation and store in memory.
In the present invention, described cpu computing unit includes multiple cpu computing units, wherein,
One cpu computing unit, is additionally operable to after cpu receives the generation request of sm2 digital signature, cpu is according to sm2 number Before word signature generating algorithm step treats signature information order calculating, get private key for user and carry out increasing 1 inversion calculation and depositing Storage is in memory;
Cpu computing unit, this cpu computing unit can also be able to be other for carrying out the cpu computing unit of inversion calculation Computing unit, when being additionally operable to treat signature information order calculating according to sm2 digital signature generating algorithm step, calls memorizer to deposit The elliptic curve point prestoring of storage and corresponding random number, and increasing 1 reciprocal value of private key for user, complete to treat signature information Digital signature.
Hereinafter the sm2 digital signature generating algorithm with reference to cpu and gpu is described in detail.
When not receiving the generation request of sm2 digital signature, at least one gpu computing unit, this gpu computing unit runs Gpu thread, execution is following to be operated: obtains random number k ∈ [1, n-1], calculates elliptic curve point (x, y)=[k] g, by k and calculating Result [k] g accordingly stores in memory.
In this embodiment it is possible to there be multiple gpu computing units to calculate elliptic curve point (x simultaneouslyi,yi)=[k] g (i= 1,2 ..., n), that is, there are multiple gpu computing unit execute instructions identical, the calculating of the different elliptic curve point of operand, improves The computational efficiency of gpu.
On the premise of gpu precomputation elliptic curve point [k] g, cpu computing unit directly reads oval bent from memorizer Line point and corresponding random number, execute sm2 digital signature generating algorithm.In sm2 digital signature generating algorithm implementation procedure, cpu According to the sequence of steps execution of sm2 digital signature generating algorithm, need to calculate s=((1+da)-1·(k-r·da)) mod n, this Inventive embodiments can be to increasing therein 1 inversion operation (1+da)-1It is optimized.
If before receiving the generation request of sm2 digital signature, having stored private key for user da, then at least one cpu Computing unit, before receiving the generation request of sm2 digital signature, calculates s '=(1+da)-1, by result of calculation s ' and it is stored in storage In device.
In this case, the process that at least one cpu computing unit carries out sm2 digital signature generating algorithm is as follows:
A1: putRepresent zaSplicing with m;
A2: calculateThe data type conversion of e is integer;
A3: read elliptic curve point (x, y)=[k] g and k of gpu precomputation storage from memorizer, as shown in figure 3, figure 3 is the elliptic curve point of the embodiment of the present invention and the schematic diagram of corresponding random number precomputation and access;
A4: calculate r=(e+x) mod n, if r=0 or r+k=n, again read elliptic curve point from memorizer;
A5: read (1+d from memorizera)-1Result of calculation s ', and calculate s=(s ' (k-r da)) mod n, if S=0 then returns a3;
A6: the data type conversion of r, s is byte serial, the signature of message m to be signed is (r, s).
In above-mentioned sm2 digital signature generating algorithm implementation procedure, before receiving the generation request of sm2 digital signature, in advance First calculate increasing 1 inversion operation (1+da)-1, therefore, from memorizer, directly read (1+da)-1Operation result, it is to avoid consumption When inversion operation, improve computational efficiency.
If before receiving the generation request of sm2 digital signature, not storing private key for user daIt is impossible to precalculate (1+ da)-1, then can be by receiving multiple different user private key daSm2 signature generating algorithm computation requests, realize simultaneously to multiple Different user private key daIncrease the optimization of 1 inversion operation.
Specifically, when receiving multiple daDuring different sm2 signature generating algorithm computation requests, a cpu computing unit pair Different user private key daIncrease 1 inversion calculation flow chart as shown in figure 4, it concretely comprises the following steps:
Step 401, i different sm2 digital signature of reception generate request, its private key for user daIt is respectively da1, da2..., dai
In this step, the private key for user threshold number of inversion calculation simultaneously can be set or set the interval moment, when arriving When reaching threshold number or setting time, confirm the private key for user d obtaininga, execution step 402;
Step 402, calculating d1=1+da1, d2=1+da2..., di=1+dai
Step 403, calculating d1'=d1,d2'=d1*d2,…,di'=d1*d2*…*di
Step 404, calculating h=(di’)-1mod n;
Step 405, calculating (d1)-1=h*d2*…*di, (d2)-1=h*d1*d3* ... * di ..., (di)-1=h*d1* d2*…*di-1;And by (d1)-1,(d2)-1..., (di)-1Storage is on a memory.
In this step, it is possible to use following algorithm is realized:
h’←h
for k from i downto 2do
1.dk -1←h’*dk-1
2.h’←h’*dk
d1 -1←h’.
In the diagram, step 401 and step 402 can also be replaced with following operation:
Receive i different sm2 digital signature and generate request, its private key for user daIt is respectively da1, da2..., dai;Often receive To a private key for user dam, just calculate and store corresponding dm=1+dam(m=1,2 ..., i), when m=i, execution step 403.
In this case, for other cpu computing units, the process carrying out sm2 digital signature generating algorithm is as follows:
A1: putRepresent zaSplicing with m;
A2: calculateThe data type conversion of e is integer;
A3: read elliptic curve point (x, y)=[k] g and k of gpu precomputation storage from memorizer;
A4: calculate r=(e+x) mod n, if r=0 or r+k=n, again read elliptic curve point from memorizer;
A5: read d from memorizerm -1, s=(dm -1·(k-r·da)) mod n, if s=0, return a3;
A6: the data type conversion of r, s is byte serial, the signature of message m to be signed is (r, s).
If as can be seen that generating request for i sm2 digital signature, if each request is calculated once inverted Computing (1+dak)-1(k=1,2 ..., i), then having executed i sm2 digital signature generation request needs to carry out i inversion operation. And the embodiment of the present invention, when executing i, only need to carry out an inversion operation h=(d ')-1, shorten i sm2 digital signature life Become request averagely realizes the time, improves computational efficiency.
The present invention is described in detail to lift a specific embodiment
In this specific embodiment, selected the cpu of the model e2 1230 v2 and gpu of model gtx 680.
When not receiving the generation request of sm2 digital signature, start 100 gpu thread loops ground execution and operate as follows: obtain Take random number k ∈ [1, n-1], calculate elliptic curve point (x, y)=[k] g, and { k, (x, y) } is stored in memory.
Before receiving the generation request of sm2 digital signature, be stored with private key for user daWhen, cpu thread carries out increasing 1 to be asked Inverse operation s '=(1+da)-1, s ' is preserved in memory.
When receiving the generation request of sm2 digital signature, a cpu thread, this cpu thread can be to private key for user daIncrease The cpu thread that 1 inverts is not it is also possible to be to private key for user daIncrease the 1 cpu thread inverted.Execution is following to be operated:
A1: putRepresent zaSplicing with m;
A2: calculateThe data type conversion of e is integer;
A3: read elliptic curve point (x, y)=[k] g and k of gpu precomputation storage from memorizer;
A4: calculate r=(e+x) mod n, if r=0 or r+k=n, again read elliptic curve point from memorizer;
A5: read (1+d from memorizera)-1Result of calculation s ', and calculate s=(s ' (k-r da)) mod n, if S=0 then returns a3;
A6: the data type conversion of r, s is byte serial, the signature of message m to be signed is (r, s).
If before receiving the generation request of sm2 digital signature, not storing private key for user da, receiving multiple differences When sm2 digital signature generates request, first to corresponding private key for user daCollect, collect 1000 different private key for user da Afterwards, a cpu thread following algorithm of execution:
Input: the rank n of elliptic curve basic point, private key for user da1, da2..., da1000.
Output: (1+da1) -1, (1+da2)-1..., (1+da1000)-1
for i from 1to 1000do:ai←dai+1.
c1←a1.
for i from 2to 1000do:ci←ci-1*aimod n.
u←c1000 -1mod n.
for i from 1000downto 2do
{ai -1←u*ci-1mod n.
u←u*aimod n.}
a1 -1←u.
return(a1 -1,a2 -1,…,a1000 -1).
The output result of above-mentioned algorithm preserves in memory.
The process that other cpu threads carry out sm2 digital signature generating algorithm is as follows:
A1: putRepresent zaSplicing with m;
A2: calculateThe data type conversion of e is integer;
A3: read elliptic curve point (x, y)=[k] g and k of gpu precomputation storage from memorizer;
A4: calculate r=(e+x) mod n, if r=0 or r+k=n, again read elliptic curve point from memorizer;
A5: read a from memorizeri -1, s=(ai -1·(k-r·da)) mod n, if s=0, return a3;
A6: the data type conversion of r, s is byte serial, the signature of message m to be signed is (r, s).
The sm2 digital signature generating algorithm that the present invention provides can apply in the message transmission field of reliability it is ensured that The transmission that signature information cannot be treated is distorted, and is that the unique digital signature of message generation to be signed is used for verifying.
The object, technical solutions and advantages of the present invention are further described, institute by above act preferred embodiment It should be understood that the foregoing is only presently preferred embodiments of the present invention, not in order to limit the present invention, all the present invention's Spirit and principle within, any modification, equivalent and improvement of being made etc., should be included in protection scope of the present invention it Interior.

Claims (9)

1. a kind of implementation method of sm2 digital signature generating algorithm is it is characterised in that the method includes:
Calculating elliptic curve point step in sm2 digital signature generating algorithm is precalculated by gpu, obtain elliptic curve point and Corresponding random number, and be stored in the memorizer of setting;
Precalculated 1 inversion calculation step being increased to private key for user in sm2 digital signature generating algorithm by cpu, obtain user Private key increasing 1 is inverse to be stored in the memorizer of setting;
When cpu treats signature information order calculating according to sm2 digital signature generating algorithm calculation procedure, call memory storage Elliptic curve point and corresponding random number, and private key for user increasing 1 is inverse, completes to treat the digital signature of signature information;
Private key for user increasing 1 inversion calculation step is pre-computed as in cpu in the described digital signature generating algorithm by sm2:
For the signature request not prestoring private key for user, after cpu receives the generation request of sm2 digital signature, cpu root Treat before signature information order calculates according to sm2 digital signature generating algorithm calculation procedure, get private key for user and carry out increasing 1 and ask Inverse calculating;The described cpu thread carrying out increasing 1 inversion calculation with according to sm2 digital signature generating algorithm calculation procedure to be signed The cpu thread that message sequence calculates is different;
Described get private key for user and carry out increasing 1 inversion calculation be:
Set the private key for user threshold number simultaneously increasing 1 inversion calculation or set the interval moment, increase 1 inversion calculation when reaching simultaneously Private key for user threshold number or setting the interval moment when, acquired multiple different user private keys are carried out increasing 1 simultaneously and ask The increasing 1 of the different user private key obtaining after inverse operation is inverse.
2. implementation method as claimed in claim 1 it is characterised in that in described sm2 digital signature generating algorithm to user The cpu thread that private key increases 1 inversion calculation treats signature information order with described according to sm2 digital signature generating algorithm calculation procedure The cpu thread calculating is identical or different.
3. implementation method as claimed in claim 1 it is characterised in that in the described digital signature generating algorithm by sm2 to Family private key increases 1 inversion calculation step and is pre-computed as in cpu:
For the signature request having prestored private key for user, before receiving the generation request of sm2 digital signature, used in advance Family private key increases 1 inversion calculation, and private key for user is expressed as da, it is (1+d that private key for user increases 1 reciprocal representationa)-1Mod n, wherein n are ellipse The rank of circular curve basic point g.
4. implementation method as claimed in claim 3 it is characterised in that described by acquired multiple different user private keys simultaneously The different user private key that obtains after carrying out increasing 1 inversion operation increases 1:
Calculate d1=1+da1, d2=1+da2..., di=1+dai
Calculate d1'=d1,d2'=d1*d2,…,di'=d1*d2*…*di
Calculate h=(di’)-1mod n;
Calculate (d1)-1=h*d2*…*di, (d2)-1=h*d1*d3* ... * di ..., (di)-1=h*d1*d2*…*di-1
Wherein, daiFor private key for user, (di)-1Inverse for the increasing 1 of private key for user, n is the rank of elliptic curve basic point g.
5. implementation method as claimed in claim 1 is it is characterised in that the calculating in described sm2 digital signature generating algorithm is ellipse The calculating of circular curve point step is completed by a gpu thread order, or multiple gpu thread calculates for different randoms number simultaneously Complete.
6. a kind of sm2 digital signature generating algorithm realize device it is characterised in that this device includes: gpu computing unit, cpu Computing unit and memorizer, wherein,
Gpu computing unit, for executing the calculating elliptic curve point step in sm2 digital signature generating algorithm, and will calculate The elliptic curve point arriving and corresponding random number store in memory;
Cpu computing unit, for execute in sm2 digital signature generating algorithm to private key for user increase 1 inversion calculation step, obtain Increasing 1 reciprocal value of private key for user stores in memory;Signature information is treated according to sm2 digital signature generating algorithm calculation procedure suitable When sequence calculates, call the elliptic curve point prestoring of memory storage and corresponding random number, and private key for user increasing 1 is inverse Value, completes to treat the digital signature of signature information;
Memorizer, for storing elliptic curve point and corresponding random number, and the increasing 1 of private key for user is inverse;
Private key for user increasing 1 inversion calculation step is calculated as in the described digital signature generating algorithm by sm2:
For the signature request not prestoring private key for user, after cpu receives the generation request of sm2 digital signature, cpu root Treat before signature information order calculates according to sm2 digital signature generating algorithm calculation procedure, get private key for user and carry out increasing 1 and ask Inverse calculating;The described cpu thread carrying out increasing 1 inversion calculation with according to sm2 digital signature generating algorithm calculation procedure to be signed The cpu thread that message sequence calculates is different;
Described get private key for user and carry out increasing 1 inversion calculation be:
Set the private key for user threshold number simultaneously increasing 1 inversion calculation or set the interval moment, increase 1 inversion calculation when reaching simultaneously Private key for user threshold number or setting the interval moment when, acquired multiple different user private keys are carried out increasing 1 simultaneously and ask The increasing 1 of the different user private key obtaining after inverse operation is inverse.
7. realize device as claimed in claim 6 it is characterised in that described cpu computing unit, be additionally operable to receiving sm2 Before digital signature generates request, be stored with private key for user, carries out private key for user in advance and increases 1 inversion calculation and be stored in memorizer In.
8. realize device as claimed in claim 6 it is characterised in that described cpu computing unit includes multiple cpu calculates list Unit, wherein,
One cpu computing unit, is additionally operable to after cpu receives the generation request of sm2 digital signature, cpu signs according to sm2 numeral Before name generating algorithm step treats signature information order calculating, get private key for user increasing 1 and carry out inversion calculation and be stored in In memorizer;
Other cpu computing units, when being additionally operable to treat signature information order calculating according to sm2 digital signature generating algorithm step, Call the elliptic curve point prestoring of memory storage and corresponding random number, and increasing 1 reciprocal value of private key for user, complete Treat the digital signature of signature information;
In the described digital signature generating algorithm by sm2 to private key for user increase 1 inversion calculation step be:
For the signature request not prestoring private key for user, after cpu receives the generation request of sm2 digital signature, cpu root Treat before signature information order calculates according to sm2 digital signature generating algorithm calculation procedure, get private key for user and carry out increasing 1 and ask Inverse calculating;The described cpu thread carrying out increasing 1 inversion calculation with according to sm2 digital signature generating algorithm calculation procedure to be signed The cpu thread that message sequence calculates is different;
Described get private key for user and carry out increasing 1 inversion calculation be:
Set the private key for user threshold number simultaneously increasing 1 inversion calculation or set the interval moment, increase 1 inversion calculation when reaching simultaneously Private key for user threshold number or setting the interval moment when, acquired multiple different user private keys are carried out increasing 1 simultaneously and ask The increasing 1 of the different user private key obtaining after inverse operation is inverse
9. realize device as claimed in claim 6 it is characterised in that described gpu computing unit is one or more, use Calculating elliptic curve point step in order execution sm2 digital signature generating algorithm, or for different randoms number simultaneously Calculating elliptic curve point step in execution sm2 digital signature generating algorithm.
CN201310445395.1A 2013-09-25 2013-09-25 SM2 (streaming multiprocessor 2) digital signature generating algorithm realizing method and device Active CN103546288B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201310445395.1A CN103546288B (en) 2013-09-25 2013-09-25 SM2 (streaming multiprocessor 2) digital signature generating algorithm realizing method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201310445395.1A CN103546288B (en) 2013-09-25 2013-09-25 SM2 (streaming multiprocessor 2) digital signature generating algorithm realizing method and device

Publications (2)

Publication Number Publication Date
CN103546288A CN103546288A (en) 2014-01-29
CN103546288B true CN103546288B (en) 2017-02-01

Family

ID=49969368

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201310445395.1A Active CN103546288B (en) 2013-09-25 2013-09-25 SM2 (streaming multiprocessor 2) digital signature generating algorithm realizing method and device

Country Status (1)

Country Link
CN (1) CN103546288B (en)

Families Citing this family (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104243456B (en) * 2014-08-29 2017-11-03 中国科学院信息工程研究所 Suitable for signature of the cloud computing based on SM2 algorithms and decryption method and system
CN104461469A (en) * 2014-11-14 2015-03-25 成都卫士通信息产业股份有限公司 Method for achieving SM2 algorithm through GPU in parallelization mode
CN105391736A (en) * 2015-12-11 2016-03-09 捷德(中国)信息科技有限公司 Transaction dynamic data authentication method and system
CN106712942B (en) * 2017-01-10 2019-08-23 武汉理工大学 SM2 digital signature generation method and system based on privacy sharing
CN106549770B (en) * 2017-01-13 2019-07-12 武汉理工大学 SM2 digital signature generation method and system
CN107104793B (en) * 2017-04-12 2019-10-25 武汉理工大学 A kind of digital signature generation method and system
CN108259184B (en) * 2018-01-16 2021-06-08 飞天诚信科技股份有限公司 Digital signature and signature verification method and device based on user identification
CN109145644B (en) * 2018-08-28 2021-03-19 北京云测信息技术有限公司 Private key confusion and digital signature generation method and device and intelligent device
CN109245903B (en) * 2018-09-29 2021-10-01 北京信安世纪科技股份有限公司 Signature method and device for cooperatively generating SM2 algorithm by two parties and storage medium
CN109660351B (en) * 2018-11-08 2020-09-08 北京大学 Rapid digital signature generation method for SM2 public key password
CN111917548B (en) * 2019-05-07 2021-06-04 北京大学 Elliptic curve digital signature method based on GPU and CPU heterogeneous structure
CN111538480B (en) * 2020-03-26 2022-02-11 郑州信大捷安信息技术股份有限公司 Doubling point operation method and system for elliptic curve password
CN112367175B (en) * 2020-11-12 2021-07-06 西安电子科技大学 Implicit certificate key generation method based on SM2 digital signature
CN113055189B (en) * 2021-06-02 2021-08-10 工业信息安全(四川)创新中心有限公司 SM2 digital signature verification failure reason judgment method, device, equipment and medium
JPWO2023275947A1 (en) * 2021-06-28 2023-01-05
CN114257380A (en) * 2021-12-20 2022-03-29 湖南国科微电子股份有限公司 Digital signature method, system and equipment
CN115766006A (en) * 2022-11-17 2023-03-07 上海芷锐电子科技有限公司 Key agreement method, device, electronic equipment and computer readable storage medium
CN116980129B (en) * 2023-09-22 2024-03-26 深圳市纽创信安科技开发有限公司 Digital signature generation method, device, electronic equipment and readable storage medium

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102064940A (en) * 2009-11-13 2011-05-18 赵运磊 High-efficiency on-line/off-line digital signature method

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7991162B2 (en) * 2007-09-14 2011-08-02 University Of Ottawa Accelerating scalar multiplication on elliptic curve cryptosystems over prime fields
CN102446088A (en) * 2011-09-20 2012-05-09 中国科学院深圳先进技术研究院 Method and system for parallel processing of elliptic curve scalar multiplication

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102064940A (en) * 2009-11-13 2011-05-18 赵运磊 High-efficiency on-line/off-line digital signature method

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
《CUDA平台上的CPU/GPU异步计算模式》;姚平;《中国优秀硕士学位论文全文数据库 信息科技辑》;20110115(第01期);第25-34页 *
基于GPU的椭圆曲线相关算法并行化效率分析;王雷;《中国优秀硕士学位论文全文数据库》;20120315;第46-51页 *

Also Published As

Publication number Publication date
CN103546288A (en) 2014-01-29

Similar Documents

Publication Publication Date Title
CN103546288B (en) SM2 (streaming multiprocessor 2) digital signature generating algorithm realizing method and device
CN103475469A (en) Method and device for achieving SM2 algorithm with combination of CPU and GPU
KR20200086281A (en) Distributed computing system and method
CN111008863B (en) Lottery drawing method and system based on block chain
Jung et al. Accelerating fully homomorphic encryption through architecture-centric analysis and optimization
Frederiksen et al. Fast and maliciously secure two-party computation using the GPU
CN103631660A (en) Method and device for distributing storage resources in GPU in big integer calculating process
CN113628094B (en) High-throughput SM2 digital signature computing system and method based on GPU
Nagendra et al. Performance improvement of advanced encryption algorithm using parallel computation
Fadhil et al. Parallelizing RSA algorithm on multicore CPU and GPU
Gueron et al. Speeding up R-LWE post-quantum key exchange
Fan et al. Parallelization of RSA algorithm based on compute unified device architecture
Sun et al. Efficient parallelism of post-quantum signature scheme SPHINCS
Patel et al. Blockchain-envisioned trusted random oracles for IoT-enabled probabilistic smart contracts
CN112286752A (en) Algorithm verification method and system for federated learning heterogeneous processing system
CN113055431A (en) Block chain-based industrial big data file efficient chaining method and device
Zheng et al. Parallel small polynomial multiplication for dilithium: A faster design and implementation
Pu et al. Fastplay-a parallelization model and implementation of smc on cuda based gpu cluster architecture
Wang et al. Efficient implementation of Dilithium signature scheme on FPGA SoC platform
CN105119929A (en) Safe mode index outsourcing method and system under single malicious cloud server
Park et al. Pipsea: A practical ipsec gateway on embedded apus
Pu et al. EAGL: An elliptic curve arithmetic GPU-based library for bilinear pairing
CN111917548B (en) Elliptic curve digital signature method based on GPU and CPU heterogeneous structure
Wang et al. Efficient GPU implementations of post-quantum signature XMSS
Ono et al. Automatic parallelism tuning for module learning with errors based post-quantum key exchanges on GPUs

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant