CN104579648A - Ternary-domain anti-error-attack Tate bilinear pairing computation method - Google Patents
Ternary-domain anti-error-attack Tate bilinear pairing computation method Download PDFInfo
- Publication number
- CN104579648A CN104579648A CN201310484893.7A CN201310484893A CN104579648A CN 104579648 A CN104579648 A CN 104579648A CN 201310484893 A CN201310484893 A CN 201310484893A CN 104579648 A CN104579648 A CN 104579648A
- Authority
- CN
- China
- Prior art keywords
- tate
- ternary
- random number
- bilinear map
- territory
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Abstract
The invention discloses a ternary-domain anti-error-attack Tate bilinear pairing computation method. The method comprises steps as follows: an original Tate bilinear pairing computation process is modified, and factors of random numbers are added to resist error attacks; the factors of the random numbers cannot affect a final result when a ternary-domain Tate bilinear pairing is not attacked; a result acquired by an attacker finally can be mixed with the factors of the random numbers when computation errors appear due to the fact that the ternary-domain Tate bilinear pairing is attacked. The attacker cannot know concrete values of the random numbers, so that a secret key cannot be calculated with effective information due to the fact that the factors of the random numbers cannot be removed from the final result. Thus, with the adoption of the method, the error attacks on the ternary-domain Tate bilinear pairing can be effectively resisted.
Description
Technical field
The present invention relates to a kind of public key cryptography application process, particularly relate to a kind of ternary territory anti-fault analysis Tate Bilinear map computational methods.
Background technology
In recent years, Bilinear map obtains investigation and application widely because it has bilinearity character, non degenerate character and computability matter.Cryptographic system based on Bilinear map obtains attention and research with its distinctive advantage, and also progressively applies in industrial quarters.Many normal structures are also in the standard formulating Bilinear map in the world, such as ISO/IEC14888-3, IEEE P1363.3 etc.Researcher proposes many cryptography schemes based on Bilinear map, such as Identity based encryption scheme (identity-basedencryption schemes), short signature scheme (short signature schemes), the key agreement scheme (identity-based authenticated key agreement schemes) etc. of identity-based.
Calculate Bilinear map and have algorithm in two kinds of polynomial times, the Weil namely on algebraic curve to Tate couple.Concerning the curve of same security level, the computational efficiency that the computational efficiency that Tate is right is more right than Weil is much higher.The calculating of Bilinear map is very complicated, and the friendly curve of Bilinear map can realize Bilinear map comparatively fast.Mainly contain following three class curves:
For
on some P (α, β) and Q (x, y), the computing formula of the Tate Bilinear map under ternary territory is as follows:
Wherein,
turning round of some Q (x, y) maps ψ (Q)=(ρ-x, y σ), ρ and σ is
in element, meet equation ρ
3-ρ-b=0 and σ
2+ 1=0.For
on institute have a V (x
v, y
v), definition
on rational function g
v(X, Y), it removes son is (g
v)=3 (V)+([-3] V)-4 (O).G can be eliminated owing to turning round mapping ψ (Q)
vin (X, Y), the computing of denominator, therefore puts the rational function g of V
v(X, Y) is the tangent line of a V.For all
can obtain
g
V(x,y)=l
V,V=y
V 3y-(x
V 3-x+b)
2。
Finally can obtain rational function f
p(ψ (Q)) is:
Wherein use x
(j)represent
Owing to calculating [3
i] in P, need to carry out a large amount of cubic root computings, and cubic root computing on ternary territory is very complicated, its operation efficiency is very low.If Tate Bilinear map on ternary territory therefore will be realized fast to be calculated, can some mathematic(al) manipulations be passed through, cubic root computing formula as above be converted to and following goes cubic root Tate Bilinear map computing formula:
A
i=λ-μρ-ρ
2
Wherein μ=α
(2i)+ x
(1)+ (m+1-i) b, λ=(-1)
(i+1)σ β
(2i)y
(1)-μ
2.
Cubic root Tate Bilinear map computational methods are gone to convert cubic root computing to a cube computing, and cube computing on ternary territory is very simple and quick, therefore goes cubic root Tate Bilinear map implementation method to be Tate Bilinear map implementation method the most fast and effectively on ternary territory.What above-mentioned Tate Bilinear map formula i.e. correspondence was following goes cubic root Tate Bilinear map implementation method.
tate Bilinear map implementation method: ternary territory
in curve
Input P=(α, β), Q=(x, y)
Export
1.C=1
2.x=x
3,y=y
3,d=mb
3.For i=1to m do
3.1.α=α
9,β=β
9
3.2.μ=α+x+d,λ=σβy-μ
2
3.3.A=λ-μρ-ρ
2
3.4.C=C
3·A
3.5.y=-y,d=d-b
4. return
Page and Vercauteren first proposed the fault analysis for Tate Bilinear map.When assailant has the ability to import provisional or permanent mistake thus changes the cycle-index m of Tate Bilinear map, assailant just can backstepping private key point P=(α, β).
For Tate Bilinear map implementation method, its concrete fault analysis method is as follows: postulated point P=(α, β) is private key, and some Q=(x, y) is for expressly being chosen by assailant.First do not consider the final Montgomery Algorithm of the 4th step, namely hypothesize attack person can skip final mould power.When fault analysis causes cycle-index to become Δ from m, use
represent the error result of the 3.4th step, use
represent the correct result of the 3.4th step.The simplest challenge model is hypothesize attack, and person can make Δ=m ± 1.For Δ=m+1, can obtain:
When obtaining once correct result
the once result of mistake
just can calculate the intermediate object program A of (m+1) step
m+1, and reckoning obtains private key cc and β thus.
Owing to making the possibility of Δ=m ± 1 less, and the possibility making Δ=m ± r is larger, and therefore also can be found by multiple attack a pair can attack result:
Namely when the result obtaining twice mistake
with
just can calculate the intermediate object program A of (m ± r+1) step
m ± r+1, and reckoning obtains private key cc and β thus.Because the time of implementation of circulating is identical at every turn, the value of r can obtain by observing the time calculating operation.
And final mould power can prove by solving the method for equivalent matrice to eliminate its factor.Therefore the fault analysis of the Tate Bilinear map of Page and Vercauteren proposition effectively can obtain private key point.
For the fault analysis method of Page and Vercauteren, the people such as Ghosh propose a kind of method of anti-fault analysis, resist fault analysis by the method blinding cycle-index.Its concrete methods of realizing is as follows.
the Tate Bilinear map implementation method that Ghosh proposes: ternary territory
in curve
Input P=(α, β), Q=(x, y)
Export
1. produce random number
produce random positive integer r
2≤ m
2.C
0=r
1,C
1=1
3.m'=m+r
2
4.x=x
3,y=y
3,d=mb
5.For i=1to m’do
5.1.α=α
9,β=β
9
5.2.μ=α+x+d,λ=σβy-μ
2
5.3.A=λ-μρ-ρ
2
5.4.C
1=C
1 3·A
5.5j=(i==m)
5.6C
0=C
j
5.7.y=-y,d=d-b
6. return
When assailant changes m ', due to the assignment of 5.5 steps and 5.6 steps, if attack when making m ' be greater than m, attacking the final result obtained is still correct result; If when attack makes m ' be less than m, attacking the final result obtained is that the 2nd step is assigned to C
0random number, therefore which kind of situation fault analysis is all invalid.When assailant changes m, change m ± r into by m.Now calculate loop computation (m ± r+r
2) wheel, and by error result R that (m ± r) of significance arithmetic takes turns
m ± rexport.Although the people such as Ghosh analyze assailant can obtain final error result R
m ± rbut if by analyzing operation time or power consumption profile analysis, assailant can only obtain the cycle-index m ' after blinding, m ' equals (m ± r+r
2).Due to r
2for random number, therefore assailant cannot learn effective error loop number of times m ± r, and the fault analysis method of Page and Vercauteren again refinement really learn effective error loop number of times, therefore assailant cannot implementation mistake attack.
But it is not this analysis is not too correct, although this defence method can increase the attack cost of assailant, thorough.The fault analysis method that Page and Vercauteren proposes can by once correct result
the once result of mistake
attack.Assailant can carry out analytic operation result by the method for exhaustive attack completely.First assailant can obtain the cycle-index m ' after blinding by power consumption profile and (equal (m ± r+r
2)), due to r
2≤ m, get rid of the situation as (m '-m>m+1), significant cyclic number is become m+1 by m by remaining situation all hypothesize attack, then will calculate that the private key result obtained checks again, until find the situation meeting and attack hypothesis.Calculate that the computational complexity obtaining private key cc and β is polynomial time due to each by error result, even if therefore need multiple attack significant cyclic number could be become m+1 by m, its total time cost also very little.
In addition, author does not consider the threat of provisional mistake to this implementation method yet.Which proceeds to take turns because assailant can carry out analysis cycle computing by power consumption profile, therefore just can control the moment of provisional mistake to be imported comparatively accurately.Assailant can control to attack 5.5 steps at (m+1) wheel accurately, make variable j=0, this can preserve the value in the memory of variable j by attacking directly change, or to judging that the judged result of statement (i==m) is attacked.This all will make variable C
0the error result that middle preservation (m+1) is taken turns, thus victim obtains finally available error result.This shows that the defence method blinding cycle-index is completely invalid to this kind of attack.
In addition, this defence method is except thoroughly resisting fault analysis, and its operation efficiency is also very low.Due to r
2for being less than the random number of m, the mean value of the cycle-index m ' after therefore blinding is 1.5m, this means that the average calculating operation time of the Tate Bilinear map that the people such as Ghosh realize adds 50%.
Summary of the invention
The technical problem to be solved in the present invention is to provide a kind of ternary territory anti-fault analysis Tate Bilinear map computational methods, effectively can resist the fault analysis for ternary territory Tate Bilinear map.
For solving the problems of the technologies described above, ternary territory of the present invention anti-fault analysis Tate Bilinear map computational methods adopt following technical scheme to realize:
Ternary territory
lower super singular curve
Upper 2 P (α, β) and Q (x, y), Tate Bilinear map go cubic root computing formula as follows:
Wherein A
i=λ-μ ρ-ρ
2, μ=α
(2i)+ x
(1)+ (m+1-i) b, λ=(-1)
(i+1)σ β
(2i)y
(1)-μ
2; ρ and σ is
in element, meet equation ρ
3-ρ-b=0 and σ
2+ 1=0;
Above-mentioned Tate Bilinear map go add in the calculation process of cubic root computing formula random number because usually resisting fault analysis; If circulation wheel number m is not changed, so the factor of random number can be eliminated after final mould power; If circulation wheel number m is changed by fault analysis, the result that so assailant finally obtains will mix the factor of random number, because assailant cannot learn the occurrence of random number, thus the factor cannot removing random number from final result obtains effective information to calculate private key; Concrete steps are as follows:
Step one, chooses random number
Step 2, calculates rational function
Step 3, calculates Tate Bilinear map
The territory of ternary described in step one
in super singular curve, comprise y
2=x
3-x+1 and y
2=x
3-x-1.
The present invention transforms original Tate Bilinear map calculation process, add random number because usually resisting fault analysis.When ternary territory, Tate Bilinear map is not attacked, and so the factor of random number can not affect final result.When ternary territory Tate Bilinear map causes mistake in computation owing to attacking, the result that so assailant finally obtains will mix the factor of random number.Because assailant cannot learn the occurrence of random number, thus the factor cannot removing random number from final result obtains effective information to calculate key.Therefore the present invention effectively can resist the fault analysis for ternary territory Tate Bilinear map.
The time cost that the present invention increases is very few; Can when increasing time cost hardly, the ternary territory anti-fault analysis Tate Bilinear map that realizes fast and safely calculates.
Embodiment
Below the principle of ternary territory anti-fault analysis Tate Bilinear map computational methods is once illustrated.First ternary territory anti-fault analysis Tate Bilinear map computational methods are provided under cycle-index does not have vicious situation, the correctness proof of its operation result:
Original ternary territory Tate Bilinear map calculates rational function f
pthe formula of (ψ (Q)) is as follows:
F
1=f
P(ψ(Q))=(…(((A
1)
3A
2)
3A
3)
3…)
3A
m
Ternary territory anti-fault analysis Tate Bilinear map calculates rational function f
pthe formula of (ψ (Q)) is as follows:
When cycle-index m is not changed, take turns after computing through m, can obtain
due to finite field
in element R meet
character, can obtain
thus reckoning obtains
Therefore through final Montgomery Algorithm
Afterwards, namely the factor of random number R is eliminated, the correct result of the Bilinear map after can casting off illiteracy.
Lower surface analysis once the anti-fault analysis Tate in ternary territory Bilinear map computational methods for the defensive ability/resistance ability of fault analysis:
When cycle-index victim changes, namely change cycle-index into m ± Δ by attacking.After m ± Δ wheel computing, note does not add the rational function f of anti-fault analysis measure
pthe operation result of (ψ (Q)) is
note adds the rational function f of anti-fault analysis measure
pthe operation result of (ψ (Q)) is
then
after final Montgomery Algorithm, final result is
Assailant wishes that the effective error result obtained is
And after adding anti-fault analysis measure, assailant can only obtain the error result after blinding
due to random number
when
when being not equal to 1, assailant cannot obtain effective error result from final blinding after error result removes random number factor, thus cannot calculate real error result
in addition, most values of Δ all will cause terminal error result still to be blinded, and only have when meeting Δ %6m=0,
now assailant just can obtain the error result after casting off illiteracy.
When first proving that and if only if below and meet Δ %6m=0,
If
So can obtain
Character according to finite field: and if only if, and Δ=6mn(n is nonnegative integer), finite field
in element x meet x=x
3 Δs, finally can obtain Δ %6m=0.This just illustrates to only have when Δ accurately to be changed into the multiple of 6m or 6m by assailant, could remove the random number factor blinded, and obtains the error result after casting off illiteracy required for attack analysis.
But Δ accurately cannot be changed into the multiple of 6m or 6m by existing fault analysis level.Attack cycle-index by fault analysis method, the most frequently used method has two kinds: first method imports mistake in loop computation process, make to circulate terminate to judge to produce provisional wrong time, cycle-index may be made to be less than m or to equal m+1; Or skip cyclic variable increment operator, cycle-index may be made to equal m+1.But it is even larger that cycle-index can not be become 7m by these class methods, and therefore this attack method does not produce threat to the method that the present invention proposes.Second method makes the memory of preservation variable m or register produce permanent mistake by attack, but in general this method can only change single bit(bit of variable), if variable m be changed accurately into m+6nm(n is positive integer), and in general m is 0 and 1 number be evenly distributed, existing attacking ability almost can not complete.In addition, accurate multiple Δ being changed into 6m or 6m even if assailant in future has the ability, the method for this kind of fault analysis still to proposed by the invention is invalid.Because the fault analysis method that Page and Vercauteren proposes needs a pair Bilinear map operation result
with
and according to analysis before, only have
do not blinded.Assailant can not obtain a pair cycle-index adjacent do not blind result to calculate private key, therefore the fault analysis method that proposes of Page and Vercauteren is invalid to method proposed by the invention.
Can obtain through above-mentioned analysis, if there occurs fault analysis, after final Montgomery Algorithm, the factor of random number R cannot be eliminated, and assailant can only obtain the error result after blinding
because random number R is unknowable, assailant cannot obtain effective error result from final blinding after error result removes random number factor.
Can obtain thus, the implementation method that the present invention proposes effectively can resist fault analysis.
In addition, its time cost increased of the computational methods that the present invention proposes is also very little, and the calculating comparing increase with original calculation method has two.Section 1 is initial random number computing
wherein calculate
can map with Frobenius and realize, increase time cost hardly; And ternary subsequently expands territory
under cube computing, only need 6 finite fields
under mould cube computing can complete.Section 2 is final iteration result
territory is expanded in ternary with random number R
under modular multiplication, only need 15 finite fields
under modular multiplication can complete.Therefore the time cost that computational methods of the present invention increase compares the total time of original calculation method, almost negligible.
Below be ternary territory anti-fault analysis Tate Bilinear map computational methods realize example.
Concrete ternary territory anti-fault analysis Tate Bilinear map implementation method flow process describes as follows:
anti-fault analysis Tate Bilinear map implementation method: ternary territory
in curve
Input P=(α, β), Q=(x, y)
Export
1. produce
r=r
0+ r
1σ+r
2ρ+r
3σ ρ+r
4ρ
2+ r
5σ ρ
2,
Meet r
i(0≤i≤5) ≠ 0.
Produce
r'=r
0'+r
1' σ+r
2' ρ+r'
3σ ρ+r
4' ρ
2+ r
5' σ ρ
2,
Meet r'
i(0≤i≤5) ≠ 0.
Produce
r''=r
0' '+r
1' ' σ+r
2' ' ρ+r
3' ' σ ρ+r
4' ' ρ
2+ r
5' ' σ ρ
2,
Meet r
i' ' (0≤i≤5) ≠ 0.
2.C=R'
3.F=R''
4.
5.x=x
3,y=y
3,d=mb
6.For i=1to m do
6.1.α=α
9,β=β
9
6.2.μ=α+x+d,λ=σβy-μ
2
6.3.A=λ-μρ-ρ
2
6.4.C=C
3·A
6.5.y=-y,d=d-b
7.F=C·R
8. return
Following table 1 is that the method for Ghosh method and the present invention's proposition is in ternary territory
the increase time cost of lower Tate Bilinear map and error resilience by mistake attack effect compare that (wherein M represents that binary expands territory
under modular multiplication, C represent binary expand territory
under mould cube computing):
The time cost increased | Resist DFA effect | |
Ghosh method | m(7M+5C) | Cannot resist |
The inventive method | 15M+6C | Can resist |
Table 1
The time cost that wherein Ghosh method increases is mean value, changes according to the difference blinding random number.The time cost that the present invention increases is fixed value.As can be seen from the above table, be no matter the time cost from increasing, still resist the effect of DFA, Ghosh method is all not so good as the method proposed in the present invention.
The increase time cost of method under several typical finite field that Ghosh method and the present invention propose is compared as follows shown in table 2:
Table 2
Can find out, method proposed by the invention increases running time hardly, and its time cost increased is far smaller than Ghosh method.
Above by embodiment to invention has been detailed description, but these are not construed as limiting the invention.Without departing from the principles of the present invention, those skilled in the art also can make many distortion and improvement, and these also should be considered as protection scope of the present invention.
Claims (2)
1. the anti-fault analysis Tate in ternary territory Bilinear map computational methods,
Ternary territory
lower super singular curve
the computing formula of upper 2 P (α, β) and Q (x, y), Tate Bilinear map is as follows:
Wherein A
i=λ-μ ρ-ρ
2, μ=α
(2i)+ x
(1)+ (m+1-i) b, λ=(-1)
(i+1)σ β
(2i)y
(1)-μ
2; ρ and σ is
in element, meet equation ρ
3-ρ-b=0 and σ
2+ 1=0; It is characterized in that:
Above-mentioned Tate Bilinear map go add in the calculation process of cubic root computing formula random number because usually resisting fault analysis; If circulation wheel number m is not changed, so the factor of random number can be eliminated after final mould power; If circulation wheel number m is changed by fault analysis, the result that so assailant finally obtains will mix the factor of random number, because assailant cannot learn the occurrence of random number, thus the factor cannot removing random number from final result obtains effective information to calculate private key; Concrete steps are as follows:
Step one, chooses random number
Step 2, calculates rational function
Step 3, calculates Tate Bilinear map
2. the method for claim 1, is characterized in that: the territory of ternary described in step one
in super singular curve, comprise y
2=x
3-x+1 and y
2=x
3-x-1.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310484893.7A CN104579648B (en) | 2013-10-16 | 2013-10-16 | A kind of anti-fault analysis Tate Bilinear map computational methods in ternary domain |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310484893.7A CN104579648B (en) | 2013-10-16 | 2013-10-16 | A kind of anti-fault analysis Tate Bilinear map computational methods in ternary domain |
Publications (2)
Publication Number | Publication Date |
---|---|
CN104579648A true CN104579648A (en) | 2015-04-29 |
CN104579648B CN104579648B (en) | 2018-06-05 |
Family
ID=53094935
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201310484893.7A Active CN104579648B (en) | 2013-10-16 | 2013-10-16 | A kind of anti-fault analysis Tate Bilinear map computational methods in ternary domain |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN104579648B (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106100844A (en) * | 2016-05-24 | 2016-11-09 | 天津大学 | Optimization automatic Bilinear map encryption method and the device of method is blinded based on point |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8023647B2 (en) * | 2008-05-29 | 2011-09-20 | Cheman Shaik | Password self encryption method and system and encryption by keys generated from personal secret information |
CN102355353A (en) * | 2011-08-12 | 2012-02-15 | 无锡城市云计算中心有限公司 | Encrypted input method and encrypted communication method and device |
-
2013
- 2013-10-16 CN CN201310484893.7A patent/CN104579648B/en active Active
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8023647B2 (en) * | 2008-05-29 | 2011-09-20 | Cheman Shaik | Password self encryption method and system and encryption by keys generated from personal secret information |
CN102355353A (en) * | 2011-08-12 | 2012-02-15 | 无锡城市云计算中心有限公司 | Encrypted input method and encrypted communication method and device |
Non-Patent Citations (1)
Title |
---|
柴佳晶、顾海华、包斯刚: "《密码芯片中二院扩域ETa双线性对安全算法》", 《计算机应用》 * |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106100844A (en) * | 2016-05-24 | 2016-11-09 | 天津大学 | Optimization automatic Bilinear map encryption method and the device of method is blinded based on point |
CN106100844B (en) * | 2016-05-24 | 2020-08-18 | 天津大学 | Optimized automatic bilinear pairing encryption method and device based on point blinding method |
Also Published As
Publication number | Publication date |
---|---|
CN104579648B (en) | 2018-06-05 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
DE102012202015B4 (en) | Apparatus and method for protecting a reference number against differential power analysis attacks and template attacks | |
DE102018108313A1 (en) | A method and processing apparatus for performing a grid-based cryptographic operation | |
Ding et al. | Cryptanalysis of HFEv and internal perturbation of HFE | |
CN102970132B (en) | Protection method for preventing power analysis and electromagnetic radiation analysis on grouping algorithm | |
CN107508678A (en) | The side-channel attack method of RSA masks defence algorithm based on machine learning | |
CN103427980B (en) | A kind of ofdm system safety of physical layer algorithm based on two-matrix transformation | |
Zhang et al. | Privacy security in control systems | |
CN104836808A (en) | Method for verifying safety of SM2 signature algorithm based on improved difference error attack | |
Pokorný et al. | Side-channel attack on Rainbow post-quantum signature | |
CN104579648A (en) | Ternary-domain anti-error-attack Tate bilinear pairing computation method | |
Aulbach et al. | Separating Oil and Vinegar with a Single Trace: Side-Channel Assisted Kipnis-Shamir Attack on UOV | |
CN103516526B (en) | A kind of TTS method of improvement | |
Yehezkel et al. | Degree-based attacks and defense strategies in complex networks | |
CN105740730A (en) | Method for realizing secure point multiplication in chips | |
CN105119929A (en) | Safe mode index outsourcing method and system under single malicious cloud server | |
CN103441846A (en) | Chosen plaintext side channel energy analysis method for ECC algorithm of P domain | |
CN104717060B (en) | A kind of method for attacking elliptic curve encryption algorithm and attack equipment | |
Zhang et al. | On the immunity of rotation symmetric Boolean functions against fast algebraic attacks | |
Herbst et al. | Using templates to attack masked montgomery ladder implementations of modular exponentiation | |
CN107017987A (en) | The elliptic curve method of Bilinear map is selected in a kind of security password technology | |
Weng et al. | Fault attacks against the miller algorithm in hessian coordinates | |
CN106100843B (en) | The generation of multivariable public key, encryption and decryption approaches | |
CN101436929B (en) | Dot computation method capable of resisting simple current drain aggression | |
CN114465728A (en) | Method, device, equipment and storage medium for attacking elliptic curve signature algorithm | |
CN105721150B (en) | A kind of mask encryption method of multivariate quadratic equation |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |