CN103701588A - Secret sharing hardware realization method and device - Google Patents
Secret sharing hardware realization method and device Download PDFInfo
- Publication number
- CN103701588A CN103701588A CN201310698820.8A CN201310698820A CN103701588A CN 103701588 A CN103701588 A CN 103701588A CN 201310698820 A CN201310698820 A CN 201310698820A CN 103701588 A CN103701588 A CN 103701588A
- Authority
- CN
- China
- Prior art keywords
- secret
- analogue
- module
- unit
- microprocessor
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
The invention relates to a secret sharing hardware realization method and a secret sharing hardware realization device. A microprocessor is respectively connected with a secret sharing module, a flash module and an intelligent card module through AHBs (advanced high-performance buses), the microprocessor is used for coordinating and controlling the secret sharing module, the flash module and the intelligent card module, the secret sharing module is used for realizing the secret splitting and combination according to the commands of the microprocessor, the flash module is used for storing threshold (k, n) parameters of different applications, and the intelligent card module is used for realizing the reading and writing on an intelligent card according to the commands of the microprocessor. The method and the device provided by the invention have the advantages that the pure hardware is adopted for realizing the secret sharing based on Shamir at low-cost expenditure, the secret sharing safety is ensured, and in addition, good flexibility and expansibility are realized.
Description
Technical field
The present invention relates to information security technology and integrated circuit (IC) design field.Relate in particular to a kind of secret and share Hardware Implementation and device.
Background technology
As the important means of information security and data confidentiality, secret sharing is just being widely used and all departments such as economic, military, administrative, and it plays key effect in safe preservation, transmission and the legal utilization of important information and secret data.
(k, n) threshold secret sharing Objective Concept Shamir and Blakley propose, and its basic thought is that a secret is shared by n people, and meets: only having k or more participant to combine just can this secret of reconstruct; Be less than arbitrarily any information that k participant can not obtain this secret.This (k, n) threshold secret sharing not only can be applicable to the contour safety requirements of Password Management, military secrecy of financial sector, is also applicable to the information sharings such as testament, business information.
Yet secret sharing mainly adopts software to realize in the market.These method safety degree are low, are easily broken, and are not suitable for very much the user that the safety requirements such as finance, concerning security matters mechanism are high and use.For this reason, develop a kind ofly expand, secret shared Hardware Implementation and device seem very important cheaply.
Summary of the invention
Technical problem to be solved by this invention is for the deficiencies in the prior art, and the secret of provide a kind of and expand, low-cost, degree of safety is high is shared Hardware Implementation and device.
The technical scheme that the present invention solves the problems of the technologies described above is as follows: a kind of secret is shared hardware and realized the secret method splitting, and comprises the steps:
Steps A 1: secret information, thresholding (k, n) parameter and operation information are set in microprocessor according to application type, and microprocessor is n sub-key distribution identify label to be divided into according to operation information;
Steps A 2: microprocessor is packaged into secret information, thresholding (k, n) parameter and identify label to split operational data bag according to predetermined format, sends to secret sharing module, and by described thresholding (k, n) Parameter storage in Flash module;
Steps A 3: secret sharing module, according to operation information, splits into n son according to thresholding (k, n) parameter by secret secret;
Steps A 4: microprocessor writes n the secret and corresponding identify label of son in n corresponding smart card by smart card module successively.
On the basis of technique scheme, the present invention can also do following improvement.
Further, in steps A 3, secret sharing module is according to operation information, and the concrete steps that secret split into n son secret according to threshold parameter are:
Steps A 3.1: bus interface is resolved described packet automatically, deposits the operation information in packet in control unit, deposits secret information and parameter information in memory;
Steps A 3.2: control unit starts internal state machine according to operation information, internal state machine is controlled large digital-to-analogue and is taken advantage of unit and large digital-to-analogue to add the calculating process of unit;
Steps A 3.3: large digital-to-analogue is taken advantage of unit and large digital-to-analogue to add unit and obtained desired data according to the control of internal state machine from memory and carry out computing, and secret is split into n son secret;
Steps A 3.4: operation result is deposited in memory, and control unit produces and interrupts sending to microprocessor by bus interface simultaneously, and prompting computing completes.
The scheme that the present invention solves the problems of the technologies described above: a kind of secret is shared the method that hardware is realized secret combination, comprises the steps:
Step B1: will be at least k smart card insert successively smart card module, son secret and respective identity that microprocessor reads in k smart card at least by smart card module identify, the microprocessor while is also read thresholding (k, n) parameter from Flash module;
Step B2: microprocessor at least k secret, identify label and thresholding (k, n) parameter is packaged into combinatorial operation packet, and sends to secret sharing module;
Step B3: secret sharing module at least k sub-secret is combined into secret;
Step B4: microprocessor reads the secret of combination from secret sharing module.
Further, in step B3, secret sharing module is combined into secret concrete steps by k at least sub-secret and is:
Step B3.1: bus interface is resolved described packet automatically, deposits the operation information in packet in control unit, deposits sub-secret information and parameter information in memory;
Step B3.2: control unit starts internal state machine according to operation information, internal state machine is controlled large digital-to-analogue and is taken advantage of unit and large digital-to-analogue to add the calculating process of unit;
Step B3.3: large digital-to-analogue is taken advantage of unit and large digital-to-analogue to add unit and obtained desired data according to the control of internal state machine from memory and carry out computing, and at least k sub-secret is combined into secret;
Step B3.4: operation result is deposited in memory, and control unit produces and interrupts sending to microprocessor by bus interface simultaneously, and prompting computing completes.
The technical scheme that the present invention solves the problems of the technologies described above is as follows: a kind of secret is shared hardware realization apparatus, comprises microprocessor, secret sharing module, Flash module and smart card module;
Described microprocessor is connected with smart card module with secret sharing module, Flash module respectively by ahb bus;
Described microprocessor, it is for coordinating and control secret sharing module, Flash module and smart card module;
Described secret sharing module, it is for realizing secret fractionation and combination according to the order of microprocessor;
Described Flash module, it is for depositing thresholding (k, the n) parameter of different application;
Described smart card module, it is for realizing the read-write to smart card according to the order of microprocessor.
On the basis of technique scheme, the present invention can also do following improvement.
Further, described secret sharing module comprises bus interface, control unit, memory, digital-to-analogue takes advantage of unit and large digital-to-analogue to add unit greatly,
One end of described bus interface is connected with microprocessor by outside ahb bus, and its other end is connected with memory with control unit respectively; The other end of described control unit and memory all takes advantage of unit to be connected with the input that large digital-to-analogue adds unit with large digital-to-analogue; Described large digital-to-analogue takes advantage of the output of unit to be connected with the input that large digital-to-analogue adds unit; The output that described large digital-to-analogue adds unit is connected with memory;
Described bus interface is resolved automatically to the packet receiving, and deposits the operation information in described packet in control unit, deposits secret information and operation information in memory; Control unit starts internal state machine according to operation information, and internal state machine is controlled large digital-to-analogue and taken advantage of unit and large digital-to-analogue to add the calculating process of unit; Large digital-to-analogue is taken advantage of unit and large digital-to-analogue to add unit and according to the control of internal state machine, is obtained desired data from memory and carry out computing, and secret is split into n son secret; Operation result is deposited in memory, and control unit produces and interrupts sending to microprocessor by bus interface simultaneously, and prompting computing completes.
Further, described memory adopts static random access memory SRAM.
Further, in described Flash module, be provided with encrypting module and deciphering module, for the data of storage are encrypted and are deciphered.
The invention has the beneficial effects as follows: the shared realization of secret of the present invention adopts pure hardware to realize, there is good flexibility and autgmentability, the secret having realized based on Shamir with low-down area overhead and cost expense is shared, and has guaranteed secret shared fail safe.
Accompanying drawing explanation
Fig. 1 is that a kind of secret of the present invention is shared hardware realization apparatus structure chart;
Fig. 2 is secret sharing module internal structure block diagram of the present invention;
Fig. 3 is that the shared hardware of a kind of secret of the present invention is realized secret method for splitting flow chart;
Fig. 4 is that the shared hardware of a kind of secret of the present invention is realized secret combined method flow chart;
Fig. 5 is the specific implementation flow chart of steps A 3 of the present invention;
Fig. 6 is the specific implementation flow chart of step B3 of the present invention.
In accompanying drawing, the list of parts of each label representative is as follows:
1, microprocessor, 2, secret sharing module, 3, Flash module, 4, smart card module, 201, bus interface, 202, control unit, 203, SRAM, 204, large digital-to-analogue takes advantage of unit, 205, large digital-to-analogue adds unit.
Embodiment
Below in conjunction with accompanying drawing, principle of the present invention and feature are described, example, only for explaining the present invention, is not intended to limit scope of the present invention.
As shown in Figure 1, a kind of secret is shared hardware realization apparatus, comprises microprocessor 1, secret sharing module 2, Flash module 3 and smart card module 4;
Described microprocessor 1 is connected with secret sharing module 2, Flash module 3 and smart card module 4 respectively by ahb bus;
Described microprocessor 2, it is for coordinating and control secret sharing module 2, Flash module 3 and smart card module 4;
Described secret sharing module 2, it is for realizing secret fractionation and combination according to the order of microprocessor 1;
Described Flash module 3, it is for depositing thresholding (k, the n) parameter of different application;
Described smart card module 4, it is for realizing the read-write to smart card according to the order of microprocessor.
Wherein, in described Flash module 3, be provided with encrypting module and deciphering module, for the data of storage are encrypted and are deciphered, further improve the fail safe of the content of storing.
As shown in Figure 2, described secret sharing module comprises bus interface 201, control unit 202, SRAM(memory) 203, large digital-to-analogue takes advantage of unit 204 and large digital-to-analogue to add unit 205,
One end of described bus interface 201 is connected with microprocessor 1 by outside ahb bus, and its other end is connected with memory 203 with control unit 202 respectively; The other end of described control unit 202 and memory 203 all takes advantage of unit 204 to be connected with the input that large digital-to-analogue adds unit 205 with large digital-to-analogue; Described large digital-to-analogue takes advantage of the output of unit 204 to be connected with the input that large digital-to-analogue adds unit 205; The output that described large digital-to-analogue adds unit 205 is connected with memory 203;
The packet of 201 pairs of receptions of described bus interface is resolved automatically, deposits the operation information in described packet in control unit 202, deposits secret information and operation information in memory 203; Control unit 202 starts internal state machine according to operation information, and internal state machine is controlled large digital-to-analogue and taken advantage of unit 204 and large digital-to-analogue to add the calculating process of unit 205; Large digital-to-analogue is taken advantage of unit 204 and large digital-to-analogue to add unit 205 and according to the control of internal state machine, from memory 203, is obtained desired data and carry out computing, and secret is split into n son secret; Operation result is deposited in memory 203, and control unit 202 produces and interrupts sending to microprocessor 1 by bus interface 201 simultaneously, and prompting computing completes.
Wherein, described memory 203 adopts static random access memory SRAM.
As shown in Figure 3, plant the secret hardware of sharing and realize the secret method splitting, comprise the steps:
Steps A 1: secret information, thresholding (k, n) parameter and operation information are set in microprocessor according to application type, and microprocessor is n sub-key distribution identify label to be divided into according to operation information;
Steps A 2: microprocessor is packaged into secret information, thresholding (k, n) parameter and identify label to split operational data bag according to predetermined format, sends to secret sharing module, and by described thresholding (k, n) Parameter storage in Flash module;
Steps A 3: secret sharing module, according to operation information, splits into n son according to thresholding (k, n) parameter by secret secret;
Steps A 4: microprocessor writes n the secret and corresponding identify label of son in n corresponding smart card by smart card module successively.
As shown in Figure 4, a kind of secret is shared the method that hardware is realized secret combination, comprises the steps:
Step B1: will be at least k smart card insert successively smart card module, son secret and respective identity that microprocessor reads in k smart card at least by smart card module identify, the microprocessor while is also read thresholding (k, n) parameter from Flash module;
Step B2: microprocessor at least k secret, identify label and thresholding (k, n) parameter is packaged into combinatorial operation packet, and sends to secret sharing module;
Step B3: secret sharing module at least k sub-secret is combined into secret;
Step B4: microprocessor reads the secret of combination from secret sharing module.
As shown in Figure 5, in steps A 3, secret sharing module is according to operation information, and the concrete steps that secret split into n son secret according to threshold parameter are:
Steps A 3.1: bus interface is resolved described packet automatically, deposits the operation information in packet in control unit, deposits secret information and parameter information in memory;
Steps A 3.2: control unit starts internal state machine according to operation information, internal state machine is controlled large digital-to-analogue and is taken advantage of unit and large digital-to-analogue to add the calculating process of unit;
Steps A 3.3: large digital-to-analogue is taken advantage of unit and large digital-to-analogue to add unit and obtained desired data according to the control of internal state machine from memory and carry out computing, and secret is split into n son secret;
Steps A 3.4: operation result is deposited in memory, and control unit produces and interrupts sending to microprocessor by bus interface simultaneously, and prompting computing completes.
As shown in Figure 6, in step B3, secret sharing module is combined into secret concrete steps by k at least sub-secret and is:
Step B3.1: bus interface is resolved described packet automatically, deposits the operation information in packet in control unit, deposits sub-secret information and parameter information in memory;
Step B3.2: control unit starts internal state machine according to operation information, internal state machine is controlled large digital-to-analogue and is taken advantage of unit and large digital-to-analogue to add the calculating process of unit;
Step B3.3: large digital-to-analogue is taken advantage of unit and large digital-to-analogue to add unit and obtained desired data according to the control of internal state machine from memory and carry out computing, and at least k sub-secret is combined into secret;
Step B3.4: operation result is deposited in memory, and control unit produces and interrupts sending to microprocessor by bus interface simultaneously, and prompting computing completes.
Wherein, while carrying out secret fractionation and secret combination, it is secret or when k sub-secret is at least combined into secret operation and completes that secret sharing module splits into n son by secret, to microprocessor, sends interrupting information, prompting fractionation or combined.
The foregoing is only preferred embodiment of the present invention, in order to limit the present invention, within the spirit and principles in the present invention not all, any modification of doing, be equal to replacement, improvement etc., within all should being included in protection scope of the present invention.
Claims (9)
1. secret is shared the method that hardware is realized secret fractionation, it is characterized in that, comprises the steps:
Steps A 1: secret information, thresholding (k, n) parameter and operation information are set in microprocessor according to application type, and microprocessor is n sub-key distribution identify label to be divided into according to operation information;
Steps A 2: microprocessor is packaged into secret information, thresholding (k, n) parameter and identify label to split operational data bag according to predetermined format, sends to secret sharing module, and by described thresholding (k, n) Parameter storage in Flash module;
Steps A 3: secret sharing module, according to operation information, splits into n son according to thresholding (k, n) parameter by secret secret;
Steps A 4: microprocessor writes n the secret and corresponding identify label of son in n corresponding smart card by smart card module successively.
2. a kind of secret is shared Hardware Implementation according to claim 1, it is characterized in that, in steps A 3, secret sharing module is according to operation information, and the concrete steps that secret split into n son secret according to threshold parameter are:
Steps A 3.1: bus interface is resolved described packet automatically, deposits the operation information in packet in control unit, deposits secret information and parameter information in memory;
Steps A 3.2: control unit starts internal state machine according to operation information, internal state machine is controlled large digital-to-analogue and is taken advantage of unit and large digital-to-analogue to add the calculating process of unit;
Steps A 3.3: large digital-to-analogue is taken advantage of unit and large digital-to-analogue to add unit and obtained desired data according to the control of internal state machine from memory and carry out computing, and secret is split into n son secret;
Steps A 3.4: operation result is deposited in memory, and control unit produces and interrupts sending to microprocessor by bus interface simultaneously, and prompting computing completes.
3. secret is shared the method that hardware is realized secret combination, it is characterized in that, comprises the steps:
Step B1: will be at least k smart card insert successively smart card module, son secret and respective identity that microprocessor reads in k smart card at least by smart card module identify, the microprocessor while is also read thresholding (k, n) parameter from Flash module;
Step B2: microprocessor at least k secret, identify label and thresholding (k, n) parameter is packaged into combinatorial operation packet, and sends to secret sharing module;
Step B3: secret sharing module at least k sub-secret is combined into secret;
Step B4: microprocessor reads the secret of combination from secret sharing module.
4. a kind of secret is shared Hardware Implementation according to claim 3, it is characterized in that, in step B3, secret sharing module is combined into secret concrete steps by k sub-secret at least and is:
Step B3.1: bus interface is resolved described packet automatically, deposits the operation information in packet in control unit, deposits sub-secret information and parameter information in memory;
Step B3.2: control unit starts internal state machine according to operation information, internal state machine is controlled large digital-to-analogue and is taken advantage of unit and large digital-to-analogue to add the calculating process of unit;
Step B3.3: large digital-to-analogue is taken advantage of unit and large digital-to-analogue to add unit and obtained desired data according to the control of internal state machine from memory and carry out computing, and at least k sub-secret is combined into secret;
Step B3.4: operation result is deposited in memory, and control unit produces and interrupts sending to microprocessor by bus interface simultaneously, and prompting computing completes.
5. secret is shared a hardware realization apparatus, it is characterized in that, comprises microprocessor, secret sharing module, Flash module and smart card module;
Described microprocessor is connected with smart card module with secret sharing module, Flash module respectively by ahb bus;
Described microprocessor, it is for coordinating and control secret sharing module, Flash module and smart card module;
Described secret sharing module, it is for realizing secret fractionation and combination according to the order of microprocessor;
Described Flash module, it is for depositing thresholding (k, the n) parameter of different application;
Described smart card module, it is for realizing the read-write to smart card according to the order of microprocessor.
6. a kind of secret is shared hardware realization apparatus according to claim 5, it is characterized in that, described secret sharing module comprises bus interface, control unit, memory, digital-to-analogue takes advantage of unit and large digital-to-analogue to add unit greatly,
One end of described bus interface is connected with microprocessor by outside ahb bus, and its other end is connected with memory with control unit respectively; The other end of described control unit and memory all takes advantage of unit to be connected with the input that large digital-to-analogue adds unit with large digital-to-analogue; Described large digital-to-analogue takes advantage of the output of unit to be connected with the input that large digital-to-analogue adds unit; The output that described large digital-to-analogue adds unit is connected with memory;
Described bus interface is resolved automatically to the packet receiving, and deposits the operation information in described packet in control unit, deposits secret information and operation information in memory; Control unit starts internal state machine according to operation information, and internal state machine is controlled large digital-to-analogue and taken advantage of unit and large digital-to-analogue to add the calculating process of unit; Large digital-to-analogue is taken advantage of unit and large digital-to-analogue to add unit and according to the control of internal state machine, is obtained desired data from memory and carry out computing, and secret is split into n son secret; Operation result is deposited in memory, and control unit produces and interrupts sending to microprocessor by bus interface simultaneously, and prompting computing completes.
7. a kind of secret is shared hardware realization apparatus according to claim 5, it is characterized in that, described memory adopts static random access memory SRAM.
8. a kind of secret is shared hardware realization apparatus according to claim 5, it is characterized in that, in described Flash module, is provided with encrypting module and deciphering module, for the data of storage are encrypted and are deciphered.
9. a kind of secret is shared hardware realization apparatus according to claim 5, it is characterized in that, it is to realize based on 16 multipliers that described large digital-to-analogue is taken advantage of unit, and described large digital-to-analogue adds unit for realizing based on 32 adders.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310698820.8A CN103701588A (en) | 2013-12-18 | 2013-12-18 | Secret sharing hardware realization method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310698820.8A CN103701588A (en) | 2013-12-18 | 2013-12-18 | Secret sharing hardware realization method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103701588A true CN103701588A (en) | 2014-04-02 |
Family
ID=50362994
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310698820.8A Pending CN103701588A (en) | 2013-12-18 | 2013-12-18 | Secret sharing hardware realization method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103701588A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106161034A (en) * | 2015-05-08 | 2016-11-23 | 恩智浦有限公司 | Use the RSA deciphering of multiplication privacy share |
| CN108683509A (en) * | 2018-05-15 | 2018-10-19 | 北京创世智链信息技术研究院 | A kind of method for secure transactions, apparatus and system based on block chain |
| CN111162906A (en) * | 2019-12-27 | 2020-05-15 | 上海市数字证书认证中心有限公司 | Collaborative secret sharing method, device, system and medium based on vast transmission algorithm |
-
2013
- 2013-12-18 CN CN201310698820.8A patent/CN103701588A/en active Pending
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106161034A (en) * | 2015-05-08 | 2016-11-23 | 恩智浦有限公司 | Use the RSA deciphering of multiplication privacy share |
| CN108683509A (en) * | 2018-05-15 | 2018-10-19 | 北京创世智链信息技术研究院 | A kind of method for secure transactions, apparatus and system based on block chain |
| CN108683509B (en) * | 2018-05-15 | 2021-12-28 | 北京创世智链信息技术研究院 | Block chain-based secure transaction method, device and system |
| CN111162906A (en) * | 2019-12-27 | 2020-05-15 | 上海市数字证书认证中心有限公司 | Collaborative secret sharing method, device, system and medium based on vast transmission algorithm |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102737270B (en) | A kind of bank intelligent card chip secure coprocessor based on domestic algorithm | |
| CN102138300B (en) | Message authentication code pre-computation with applications to secure memory | |
| CN100454321C (en) | USB device with data memory and intelligent secret key and control method thereof | |
| CN103688269A (en) | Cryptographic information association to memory regions | |
| CN107590402A (en) | A kind of data storage ciphering and deciphering device and method | |
| CN103294958B (en) | Kernel-level virtual polymerization and parallel encryption method for class-oriented Linux system | |
| CN102073808B (en) | Method for encrypting and storing information through SATA interface and encryption card | |
| CN107256363A (en) | A kind of high-speed encryption and decryption device being made up of encryption/decryption module array | |
| CN101582109A (en) | Data encryption method and device, data decryption method and device and solid state disk | |
| CN102932140A (en) | Key backup method for enhancing safety of cipher machine | |
| CN104834873A (en) | U disk for cloud data information encryption and decryption, and realization method | |
| CN102063587A (en) | Cloud storage data storage and retrieval method, device and system | |
| CN105095945A (en) | SD card capable of securely storing data | |
| CN107154843A (en) | A kind of system for implementing hardware of the SM4 algorithms of anti-power consumption attack | |
| CN104463020B (en) | The method of memory data integrity protection | |
| CN103701588A (en) | Secret sharing hardware realization method and device | |
| CN204669402U (en) | A kind of cloud data message encrypting and decrypting system based on USB flash disk | |
| CN103336920B (en) | Security system for wireless sensor network SOC chip | |
| CN105205416A (en) | Mobile hard disk password module | |
| CN201984486U (en) | Security chip, encryption box and USB interface identification and data storage equipment | |
| CN101739593B (en) | Safety certification method of medium access control codes of integrated circuit cards | |
| CN109379177A (en) | A kind of homomorphism cryptogram computation acceleration logic system and implementation method | |
| CN106612247A (en) | A data processing method and a storage gateway | |
| CN102567689A (en) | Phase-change storage unit based non-volatile internal storage data confidentiality protecting method | |
| Hu | Study of file encryption and decryption system using security key |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| AD01 | Patent right deemed abandoned | ||
| AD01 | Patent right deemed abandoned |
Effective date of abandoning: 20170419 |