CN104506316A - Point multiplication operation method based on SM2 base points - Google Patents
Point multiplication operation method based on SM2 base points Download PDFInfo
- Publication number
- CN104506316A CN104506316A CN201410681320.8A CN201410681320A CN104506316A CN 104506316 A CN104506316 A CN 104506316A CN 201410681320 A CN201410681320 A CN 201410681320A CN 104506316 A CN104506316 A CN 104506316A
- Authority
- CN
- China
- Prior art keywords
- point
- value
- result
- double
- operation result
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Abstract
The invention discloses a point multiplication operation method based on SM2 base points, relating to the field of cryptographic algorithm implementation. The point multiplication operation method comprises the technical points of obtaining and storing a point double operation result of the SM2 base points; judging whether the zero bit of k value is one, if yes, adding SM2 base points and zero so as to obtain a point add operation result corresponding to the zero bit of the k value, if not, taking zero as the point add operation result corresponding to the zero bit of the k value; judging whether the next bit of the k value is one, if yes, taking an additive result of a point add operation result of former bit of the k value and a point double operation result of former bit of the k value as a point add operation result corresponding to current bit of the k value, if not, taking the point add operation result of former bit of the k value as the point add operation result of current bit of the k value; and doing like this till obtaining a point add operation result of the 255th bit of the k value.
Description
Technical field
The present invention relates to cryptographic algorithms' implementation field.
Background technology
Elliptic Curve Public Key Cryptosystems (Elliptic Curve Cryptosystem, be called for short ECC), namely based on the various public-key cryptosystems of elliptic curves discrete logarithm problem, proposed independently of one another by N.Koblitz and V.Miller early than 1985.Its basic ideas utilize the elliptic curve finite group in finite field to replace the class cryptographic system obtained based on the finite cyclic group of discrete logarithm problem.
When identical security intensity, the key length of ECC only has 1/6 of RSA key length even less, and arithmetic speed is faster than RSA, and choosing multiple parameter of curve.ECC, with its high efficiency, high security intensity advantage, has huge market development space in information security application.
SM2 algorithm be by China national Password Management office take the lead formulate commercial cipher algorithm, SM2 algorithm based on ECC algorithm transformation form, comprise one group recommend parameter of curve, the key length of SM2 algorithm is 256.At present, China is just wideling popularize application SM2 series commercial cipher algorithm in commercial cipher field.
Point multiplication operation is its main operational realizing SM2 algorithm.Namely the Algorithm for Scalar Multiplication of SM2 algorithm calculates kP, and wherein, k is a large positive integer of random selecting, and P is a point on elliptic curve.One time the point multiplication operation point that can be analyzed to repeatedly adds (Point Add) computing and double point (Point Double) computing.
The decomposition of existing point multiplication operation is as mistake! Do not find Reference source.Shown in, no matter whether P point is basic point, comprises 256 and take turns computing in a point multiplication operation, and each is taken turns different according to each value of k and performs different computings, and wherein Point Double computing is except last is taken turns and does not perform, and other are often taken turns and all will perform.That is comprise 255 in a point multiplication operation and take turns double point processing, specific practice is using the result of computing P dot product 2 as the double point processing corresponding with k value the 0th, the double point processing result corresponding with the last position of k value is taken advantage of 2 as the double point processing result corresponding with the worthwhile anteposition of k, obtain the double point processing result corresponding with k value the 254th by that analogy.
Point Add computing then only just performs when the present bit of k is 1, does not then perform, the input of the Point Add that the operation result of previous round Point Add and the operation result of Point Double can be taken turns as rear a when being 0.
Visible in point multiplication operation, the Point Double computing often taken turns is relevant with last round of PointDouble operation result, and have nothing to do with the result of last round of Point Add, if P is a specific point, then can be optimized the Point Double computing of this specified point P.
Summary of the invention
Technical problem to be solved by this invention is: for above-mentioned Problems existing, a kind of point multiplication operation method based on SM2 basic point, is effectively promoted the performance of SM2 algorithm by the computation complexity reduced in point multiplication operation.
The technical solution used in the present invention is as follows: first the double point processing result of SM2 basic point calculated and stored: carrying out double point processing to SM2 basic point, by corresponding for operation result and k value the 0th and store; Double point processing is carried out to the result of the double point processing corresponding with the last position of k value, operation result is stored as the result of the double point processing corresponding with the worthwhile anteposition of k; The like until obtain the result of the double point processing corresponding with k value the 254th and store.
Then following computing is performed:
Judge whether the 0th of k value is 1, if then SM2 basic point and zero point to be added the result obtained with k value the 0th corresponding point add operation, if the 0th of k value the is not 1, using zero point as the result with k value the 0th corresponding point add operation;
Whether the next bit judging k value is 1, if then using the result of double point processing results added corresponding to the result of the point add operation corresponding with the last position of k value and the last position of k value as the point add operation result corresponding with the worthwhile anteposition of k, otherwise using the point add operation result corresponding with the last position of k value as the point add operation result corresponding with the worthwhile anteposition of k; The like until obtain the point add operation result corresponding with k value the 255th.
Because SM2 algorithm contains one group of parameter of curve of recommending, contain a fixing basic point coordinate figure in this parameter of curve and be also called SM2 basic point.SM2 algorithm, signing, in sign test computing, all will use this basic point and k to carry out computing.The present invention precomputes the value that 255 of SM2 algorithm basic point takes turns Point Double.When P point is SM2 basic point, then can save the computing that 255 take turns Point Double, from precalculated Point Double operation result, directly carry out copying getting final product (as mistake! Do not find Reference source.Shown in).
Single Point Double fewer than the operand of Point Add 20%, but in each point multiplication operation, more than Point Add about one times of the number of times of Point Double computing, therefore, by pre-computation methods provided by the invention, can by the point multiplication operation performance boost more than one times of SM2 algorithm basic point.SM2 to sign in computing for once point multiplication operation, and be exactly the point multiplication operation of basic point, SM2 signature verification computing and cryptographic calculation have twice point multiplication operation, are once wherein the point multiplication operations of basic point.Therefore, the invention has the beneficial effects as follows: the performance promoting SM2 algorithm signature, signature verification, cryptographic calculation significantly.
Accompanying drawing explanation
Examples of the present invention will be described by way of reference to the accompanying drawings, wherein:
Fig. 1 is existing point multiplication operation exploded view.
Fig. 2 is the point multiplication operation exploded view based on basic point in the present invention.
Embodiment
All features disclosed in this specification, or the step in disclosed all methods or process, except mutually exclusive feature and/or step, all can combine by any way.
Arbitrary feature disclosed in this specification, unless specifically stated otherwise, all can be replaced by other equivalences or the alternative features with similar object.That is, unless specifically stated otherwise, each feature is an example in a series of equivalence or similar characteristics.
The present invention is only the point multiplication operation of SM2 basic point for P point.
As Fig. 2, first the double point processing result of SM2 basic point is calculated and stored.Specific practice carries out double point processing to SM2 basic point, by corresponding for operation result and k value the 0th and store; Again double point processing is carried out to the result of the double point processing corresponding with k value the 0th, operation result is stored as the result of the double point processing corresponding with k value the 1st; After this, double point processing is carried out to the result of the double point processing corresponding with the last position of k value, operation result is stored as the result of the double point processing corresponding with the worthwhile anteposition of k; The like until obtain the result of the double point processing corresponding with k value the 254th and store.
Then, when performing the point multiplication operation of basic point, computing is carried out according to following steps:
Judge whether the 0th of k value is 1, if then SM2 basic point and zero point to be added the result obtained with k value the 0th corresponding point add operation, if the 0th of k value the is not 1, using zero point as the result with k value the 0th corresponding point add operation.
Judge whether the 1st of k value is 1, if then using the result of the point add operation result corresponding with k value the 0th and the double point processing results added corresponding with k value the 0th as the point add operation result corresponding with k value the 1st, if the 1st of k value the is not 1, using the point add operation result corresponding with k value the 0th as the result with k value the 1st corresponding point add operation.
After this, whether the next bit judging k value is 1, if then using the result of double point processing results added corresponding to the result of the point add operation corresponding with the last position of k value and the last position of k value as the point add operation result corresponding with the worthwhile anteposition of k, otherwise using the point add operation result corresponding with the last position of k value as the point add operation result corresponding with the worthwhile anteposition of k; The like until obtain the point add operation result corresponding with k value the 255th.
Wherein be the point that coordinate is full 0 zero point.
The present invention is not limited to aforesaid embodiment.The present invention expands to any new feature of disclosing in this manual or any combination newly, and the step of the arbitrary new method disclosed or process or any combination newly.
Claims (1)
1., based on a point multiplication operation method for SM2 basic point, it is characterized in that,
First the double point processing result of SM2 basic point is calculated and stored: double point processing is carried out to SM2 basic point, operation result and k value the 0th are carried out corresponding and stored; Double point processing is carried out to the result of the double point processing corresponding with the last position of k value, operation result is stored as the result of the double point processing corresponding with the worthwhile anteposition of k; The like until obtain the result of the double point processing corresponding with k value the 254th and store;
Then following computing is performed:
Judge whether the 0th of k value is 1, if then SM2 basic point and zero point to be added the result obtained with k value the 0th corresponding point add operation, if the 0th of k value the is not 1, using zero point as the result with k value the 0th corresponding point add operation;
Whether the next bit judging k value is 1, if then using the result of double point processing results added corresponding to the result of the point add operation corresponding with the last position of k value and the last position of k value as the point add operation result corresponding with the worthwhile anteposition of k, otherwise using the point add operation result corresponding with the last position of k value as the point add operation result corresponding with the worthwhile anteposition of k; The like until obtain the point add operation result corresponding with k value the 255th.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410681320.8A CN104506316A (en) | 2014-11-24 | 2014-11-24 | Point multiplication operation method based on SM2 base points |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410681320.8A CN104506316A (en) | 2014-11-24 | 2014-11-24 | Point multiplication operation method based on SM2 base points |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN104506316A true CN104506316A (en) | 2015-04-08 |
Family
ID=52948032
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410681320.8A Pending CN104506316A (en) | 2014-11-24 | 2014-11-24 | Point multiplication operation method based on SM2 base points |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104506316A (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105391736A (en) * | 2015-12-11 | 2016-03-09 | 捷德(中国)信息科技有限公司 | Transaction dynamic data authentication method and system |
| CN108650087A (en) * | 2018-05-16 | 2018-10-12 | 广东工业大学 | A kind of SM2 ellipse curve signature dot product encryption methods under binary field F2m |
| CN109379191A (en) * | 2018-09-07 | 2019-02-22 | 阿里巴巴集团控股有限公司 | A kind of point multiplication operation circuit and method based on elliptic curve basic point |
| CN113014388A (en) * | 2021-03-30 | 2021-06-22 | 浙江萤火虫区块链科技有限公司 | Scalar multiplication acceleration system in elliptic curve cryptographic algorithm |
-
2014
- 2014-11-24 CN CN201410681320.8A patent/CN104506316A/en active Pending
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105391736A (en) * | 2015-12-11 | 2016-03-09 | 捷德(中国)信息科技有限公司 | Transaction dynamic data authentication method and system |
| CN108650087A (en) * | 2018-05-16 | 2018-10-12 | 广东工业大学 | A kind of SM2 ellipse curve signature dot product encryption methods under binary field F2m |
| CN109379191A (en) * | 2018-09-07 | 2019-02-22 | 阿里巴巴集团控股有限公司 | A kind of point multiplication operation circuit and method based on elliptic curve basic point |
| CN113014388A (en) * | 2021-03-30 | 2021-06-22 | 浙江萤火虫区块链科技有限公司 | Scalar multiplication acceleration system in elliptic curve cryptographic algorithm |
| CN113014388B (en) * | 2021-03-30 | 2022-06-28 | 浙江萤火虫区块链科技有限公司 | Scalar multiplication acceleration system in elliptic curve cryptographic algorithm |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Azarderakhsh et al. | High-performance implementation of point multiplication on Koblitz curves | |
| ATE466329T1 (en) | METHOD FOR SCALARM MULTIPLICATION IN GROUPS OF ELLIPTIC CURVES OVER BINARY POLYNOMIC BODIES FOR SIDE-CHANNEL ATTACK-RESISTANT CRYPTOSYSTEMS | |
| CN104184578B (en) | A kind of Elliptic Curve Scalar Multiplication method accelerating circuit and its algorithm based on FPGA | |
| CN103942031A (en) | Elliptic domain curve operational method and elliptic domain curve arithmetic unit | |
| Liu et al. | High performance FPGA implementation of elliptic curve cryptography over binary fields | |
| CN104506316A (en) | Point multiplication operation method based on SM2 base points | |
| CN101371285B (en) | Encryption processing device, encryption processing method | |
| WO2019242562A1 (en) | Elliptic curve point multiplication operation method and apparatus | |
| Loi et al. | FPGA implementation of low latency scalable Elliptic Curve Cryptosystem processor in GF (2 m) | |
| Rashidi | Efficient hardware implementations of point multiplication for binary Edwards curves | |
| CN106371803B (en) | Calculation method and computing device for Montgomery domain | |
| Wu et al. | On the improvement of wiener attack on rsa with small private exponent | |
| Jahani et al. | Efficient big integer multiplication and squaring algorithms for cryptographic applications | |
| JP5816383B2 (en) | Interleaver index generation apparatus and method | |
| Meurice de Dormale et al. | Collision search for elliptic curve discrete logarithm over GF (2 m) with FPGA | |
| Chavan et al. | A review on solving ECDLP over large finite field using parallel Pollard’s rho (ρ) method | |
| KR102132935B1 (en) | Method and apparatus for finite field multiplication | |
| Lim et al. | Elliptic curve digital signature algorithm over GF (p) on a residue number system enabled microprocessor | |
| Leelavathi et al. | Elliptic Curve Crypto Processor on FPGA using Montgomery Multiplication with Vedic and Encoded Multiplier over GF (2 m) for Nodes in Wireless Sensor Networks | |
| Eghdamian et al. | A modified left-to-right radix-r representation | |
| KR101423947B1 (en) | Modular multiplication and modular exponentiation using extended NIST prime | |
| Youssef et al. | A low-resource 32-bit datapath ECDSA design for embedded applications | |
| LAI | Algorithm for directly computing 7p elliptic curves and its application | |
| Nguyen et al. | High-speed low-complexity elliptic curve cryptographic processor | |
| Rezai et al. | An Efficient Scalar Multiplication Algorithm for Elliptic Curve Cryptography Using a New Signed-Digit Representation |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20150408 |
|
| RJ01 | Rejection of invention patent application after publication |