CN107040380A - A kind of improvement mould of the elliptic curve cryptosystem based on binary field removes method - Google Patents

A kind of improvement mould of the elliptic curve cryptosystem based on binary field removes method Download PDF

Info

Publication number
CN107040380A
CN107040380A CN201710443912.XA CN201710443912A CN107040380A CN 107040380 A CN107040380 A CN 107040380A CN 201710443912 A CN201710443912 A CN 201710443912A CN 107040380 A CN107040380 A CN 107040380A
Authority
CN
China
Prior art keywords
register
value
twice
minimum
mod
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710443912.XA
Other languages
Chinese (zh)
Inventor
郭东辉
林思远
郭鑫
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xiamen University
Original Assignee
Xiamen University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xiamen University filed Critical Xiamen University
Priority to CN201710443912.XA priority Critical patent/CN107040380A/en
Publication of CN107040380A publication Critical patent/CN107040380A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3006Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters
    • H04L9/3033Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters details relating to pseudo-prime or prime number generation, e.g. primality test
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/12Details relating to cryptographic hardware or logic circuitry

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • Algebra (AREA)
  • General Physics & Mathematics (AREA)
  • Mathematical Analysis (AREA)
  • Mathematical Optimization (AREA)
  • Mathematical Physics (AREA)
  • Pure & Applied Mathematics (AREA)
  • Error Detection And Correction (AREA)

Abstract

A kind of improvement mould of the elliptic curve cryptosystem based on binary field removes method, is related to domain operation method.A kind of improvement mould for about subtracting the fast elliptic curve cryptosystem based on binary field of efficiency high, arithmetic speed is provided and removes algorithm.According to r (t)=y (t)/x (t) mod F (t), register A, B, U, V are first assigned correspondence initial value by algorithm, again by disposably judging the value of minimum two bit binary data in register, realize correspondence about reducing, it is mould division result r (t) until the numerical value stored in register A is reduced to the numerical value stored in 1, register U.Algorithm is realized by Verilog language and emulated, contrast improved Euclidean algorithm and fermat's little theorem algorithm, the algorithm has advantage in terms of time loss, mould is effectively accelerated except calculating, available in ECC encryption and decryption IP kernels.

Description

一种基于二进制域的椭圆曲线密码体制的改进模除方法An Improved Modulus Method for Elliptic Curve Cryptosystem Based on Binary Field

技术领域technical field

本发明涉及域运算方法,尤其是涉及一种基于二进制域的椭圆曲线密码体制的改进模除方法。The invention relates to a field operation method, in particular to an improved modulo division method of an elliptic curve cryptosystem based on a binary field.

背景技术Background technique

随着科学技术的发展,我们的生活质量得到了巨大的改善,与此同时,信息安全问题也日趋严峻,无时无刻不威胁着我们的财产安全及个人隐私。由于不同场景有着不同的需求,所运用的加密体系与加密算法也因此有所不同,目前的加密体系主要有对称加密与非对称加密两种。With the development of science and technology, our quality of life has been greatly improved. At the same time, the problem of information security has become increasingly serious, threatening our property security and personal privacy all the time. Since different scenarios have different requirements, the encryption systems and encryption algorithms used are also different. The current encryption systems mainly include symmetric encryption and asymmetric encryption.

自Diffie.W和Hellman.M于1976年共同提出了公钥加密体系,其便成为密码学研究领域的重要课题,且始终在信息安全方面发挥重要作用。与对称加密不同,非对称加密的通信双方分别有自己的公钥和私钥。目前对于公钥加密体系构建是基于三大数学难题,一是大数因子分解难解性,二是离散对数难解性,三是椭圆曲线离散对数难解性。椭圆曲线密码体制的安全基础便是椭圆曲线离散对数难解性,该体制由Miller([1]V.S.Miller,“Useof elliptic curves in cryptography,”Advances in Cryptology-CRYPTO’85Proceedings.Springer,1986,pp.417–426)与Koblitz([2]N.Koblitz,“Elliptic curvecryptosystems,”Mathematics of computation,vol.48,no.177,pp.203–209,1987)所提出。椭圆曲线一般表示为y2+axy+by=x3+cx2+dx+e,这类曲线称为Weierstrass方程,曲线由所有满足该方程的点(x,y)共同组成,在硬件设计中,通常采用其特殊形式y2+xy=x3+ax2+1,其中a的值为0或,1,该形式的曲线称为Koblitz椭圆曲线。Since Diffie.W and Hellman.M jointly proposed the public key encryption system in 1976, it has become an important topic in the field of cryptography research and has always played an important role in information security. Different from symmetric encryption, the communication parties of asymmetric encryption have their own public key and private key respectively. At present, the construction of the public key encryption system is based on three major mathematical problems, one is the difficulty of factoring large numbers, the other is the difficulty of discrete logarithms, and the third is the difficulty of discrete logarithms of elliptic curves. The security basis of the elliptic curve cryptosystem is the discrete logarithm incomprehensibility of the elliptic curve, which was developed by Miller ([1] VSMiller, "Use of elliptic curves in cryptography," Advances in Cryptology-CRYPTO'85 Proceedings. Springer, 1986, pp. 417–426) and Koblitz ([2] N. Koblitz, “Elliptic curve cryptosystems,” Mathematics of computation, vol.48, no.177, pp.203–209, 1987). The elliptic curve is generally expressed as y 2 +axy+by=x 3 +cx 2 +dx+e. This type of curve is called the Weierstrass equation. The curve is composed of all points (x, y) that satisfy the equation. In hardware design , usually adopts its special form y 2 +xy=x 3 +ax 2 +1, where the value of a is 0 or 1, the curve of this form is called Koblitz elliptic curve.

椭圆曲线密码体制是在有限域上计算实现的,有限域分为二进制域GF(2m)与素数域GF(p),其中二进制域适合硬件实现,椭圆曲线密码体制的主要运算有点运算和域运算,点运算由点加和点倍所组成的点乘所构成。域运算由模加、模平方、模乘、模逆所构成。其中,模逆的时间消耗是最多的,目前研究模逆运算的算法有以下几类代表:一是扩展欧几里得相关算法([3]J.H.Guo,C.L.Wang,”Systolic array implementation of Euclid'salgorithm for inversion and division in GF(2m)”.IEEE Transactions onComputers.1998,47(10):1161-1167),二是扩展欧几里得改进算法([4]S.C.Shantz,“FromEuclid’s GCD to Montgomery multiplication to the great divide,”Tech.Rep.TR-2001-95,Sun Microsystems,1995),三是基于费马小定理的求逆算法([5]T.Itoh,S.Tsujii,“A Fast Algorithm for Computing Multiplicative Inverses in GF(2m)Using Normal Bases,”IECE,Japan,1986,pp.31–36Paper of Technical Group,TGIT86-44.),改进费马小定理算法(M.J.Zhi,“Design and Implementation of Elliptic CurveCryptography over GF(2m)”,Dissertation of Shanghai Jiao Tong University,2007)。The elliptic curve cryptosystem is calculated and realized on the finite field. The finite field is divided into binary field GF(2 m ) and prime number field GF(p). The binary field is suitable for hardware implementation. The main operation of the elliptic curve cryptosystem is a bit operation and field Operation, point operation consists of dot multiplication and dot addition. Field operations consist of modular addition, modular squaring, modular multiplication, and modular inverse. Among them, the time consumption of the modular inversion is the most, and the current research algorithms of the modular inverse operation have the following types of representatives: one is the extended Euclidean correlation algorithm ([3] JHGuo, CLWang, "Systolic array implementation of Euclid's algorithm for inversion and division in GF(2 m )".IEEE Transactions on Computers.1998,47(10):1161-1167), the second is the extended Euclidean improved algorithm ([4]SC Shantz, "From Euclid's GCD to Montgomery multiplication to the great divide, "Tech.Rep.TR-2001-95, Sun Microsystems, 1995), and the third is an inversion algorithm based on Fermat's little theorem ([5] T.Itoh, S.Tsujii, "A Fast Algorithm for Computing Multiplicative Inverses in GF(2 m ) Using Normal Bases,"IECE,Japan,1986,pp.31–36Paper of Technical Group,TGIT86-44.), improved Fermat's little theorem algorithm (MJZhi, "Design and Implementation of Elliptic CurveCryptography over GF(2 m )”, Dissertation of Shanghai Jiao Tong University, 2007).

发明内容Contents of the invention

本发明的目的在于提供可验证的、运算速度快,通过一次性检验数据最低两位的奇偶性,减少时间消耗,以实现约减效率高、运算速度快的域运算的一种基于二进制域的椭圆曲线密码体制的改进模除方法。The purpose of the present invention is to provide verifiable, fast operation speed, by checking the parity of the lowest two bits of data at one time, reducing time consumption, and realizing a binary domain-based domain operation with high reduction efficiency and fast operation speed. Improved Modulus Method for Elliptic Curve Cryptosystem.

本发明基于二进制域的椭圆曲线密码体制的改进模除方法之一,包括以下步骤:One of the improved modulo removal method of the elliptic curve cryptosystem based on the binary field of the present invention comprises the following steps:

1)根据椭圆曲线密码体制的相关原理,设在二进制域GF(2m)中,已知两个阶数小于阈值m的元素x(t)和y(t),分别作为两个输入元素,同时根据NIST(美国国家标准与技术研究院)所推荐的Koblitz椭圆曲线参数,选择一个已知的阶数等于阈值m的既约多项式F(t);根据模除公式r(t)=y(t)/x(t)mod F(t),得到模除结果r(t),或表示为y(t)≡r(t)x(t)mod F(t);将使用四个寄存器A、B、U、V存储算法中所需要的中间数据,达到对模除公式r(t)=y(t)/x(t)mod F(t),或y(t)≡r(t)x(t)mod F(t)进行迭代约减计算的目的,首先,依次对所述四个寄存器A、B、U、V进行初始化赋值;1) According to the relevant principles of elliptic curve cryptosystem, in the binary field GF(2 m ), two known elements x(t) and y(t) whose order is smaller than the threshold m are used as two input elements respectively, At the same time, according to the Koblitz elliptic curve parameters recommended by NIST (National Institute of Standards and Technology), select a known polynomial F(t) whose order is equal to the threshold m; according to the modulus division formula r(t)=y( t)/x(t)mod F(t), get the modulo division result r(t), or expressed as y(t)≡r(t)x(t)mod F(t); four registers A will be used , B, U, V store the required intermediate data in the algorithm, and reach the modulo division formula r(t)=y(t)/x(t)mod F(t), or y(t)≡r(t) x(t) mod F(t) carries out the purpose of iterative reduction calculation, at first, carry out initialization assignment to described four registers A, B, U, V in turn;

2)在对四个寄存器A、B、U、V完成初始赋值之后,算法开始对寄存器A、B中所存储的数值进行迭代约减,在约减的过程中,四个寄存器A、B、U、V需要始终维持A×y(t)≡U×x(t)mod F(t)及B×y(t)≡V×x(t)mod F(t)两个公式的恒等性,从A×y(t)≡U×x(t)mod F(t)及B×y(t)≡V×x(t)mod F(t)两个公式观察到,当寄存器A、B中所存储的数值的发生变化之后,寄存器U、V中所存储的数值也会随之发生变化;2) After completing the initial assignment of the four registers A, B, U, V, the algorithm starts to iteratively reduce the values stored in the registers A and B. During the reduction process, the four registers A, B, U and V need to always maintain the identity of the two formulas A×y(t)≡U×x(t) mod F(t) and B×y(t)≡V×x(t) mod F(t) , from the two formulas of A×y(t)≡U×x(t)mod F(t) and B×y(t)≡V×x(t)mod F(t), when registers A and B After the value stored in registers U and V changes, the values stored in registers U and V will also change accordingly;

3)算法通过判断寄存器中所存储的中间数值的低位奇偶性,使用硬件操作中的移位和异或完成迭代与约减计算;3) The algorithm judges the low-order parity of the intermediate value stored in the register, and uses the shift and XOR in the hardware operation to complete the iteration and reduction calculation;

4)经过一定轮次的迭代与约减计算,寄存器A中所存储的数值将会降为1,整个除法运算的过程终止,设此时的U为UA=1,则此时的恒等式将变为y(t)≡UA=1x(t)mod F(t),即UA=1的值与公式r(t)=y(t)/x(t)mod F(t)中的r(t)相同,此时,寄存器U存储的数值为模除结果r(t)。4) After a certain number of iterations and reduction calculations, the value stored in register A will be reduced to 1, and the entire division operation process will be terminated. Let U at this time be U A=1 , then the identity at this time will be Become y(t)≡U A=1 x(t)mod F(t), that is, the value of U A=1 and the formula r(t)=y(t)/x(t)mod F(t) r(t) is the same, at this time, the value stored in register U is the modulus result r(t).

本发明基于二进制域的椭圆曲线密码体制的改进模除方法之二,包括以下步骤:The present invention is based on the second improved modulus method of the elliptic curve cryptosystem of the binary domain, comprising the following steps:

1)当寄存器A的最低两位为00,寄存器A将连续进行两次左移;接着判断寄存器U的数值,如果寄存器U的最低两位为00,寄存器U将连续进行两次左移;如果寄存器U的最低两位为10,寄存器U的值将变为寄存器U连续左移两次与F(t)左移一次的数据之和;如果寄存器U的最低两位为01,寄存器U的值将变为寄存器U连续左移两次与F(t)左移两次的数据之和;如果寄存器U的最低两位为11,寄存器U的值将变为寄存器U连续左移两次与F(t)左移两次的数据与F(t)左移一次的数据之和;1) When the lowest two bits of register A are 00, register A will continuously shift left twice; then judge the value of register U, if the lowest two bits of register U are 00, register U will continuously shift left twice; if The lowest two bits of register U are 10, and the value of register U will become the sum of the data of register U shifted left twice and F(t) shifted left once; if the lowest two bits of register U are 01, the value of register U It will become the sum of register U shifted left twice continuously and F(t) shifted left twice; if the lowest two bits of register U are 11, the value of register U will become register U shifted left twice consecutively and F (t) The sum of the data shifted to the left twice and the data of F(t) shifted to the left once;

2)当寄存器A的最低两位为10,寄存器A将进行一次左移;接着判断寄存器U的数值,如果寄存器U为偶数,那么寄存器U将进行一次左移;如果寄存器U为奇数,寄存器U的值将变为寄存器U与F(t)之和的二分之一;2) When the lowest two bits of register A are 10, register A will perform a left shift; then judge the value of register U, if register U is even, then register U will perform a left shift; if register U is odd, register U The value of will become half of the sum of register U and F(t);

3)当寄存器B的最低两位为00,寄存器B将连续进行两次左移;接着判断寄存器V的数值,如果寄存器V的最低两位为00,寄存器V将连续进行两次左移;如果寄存器V的最低两位为10,寄存器V的值将变为寄存器V连续左移两次与F(t)左移一次的数据之和;如果寄存器V的最低两位为01,寄存器V的值将变为寄存器V连续左移两次与F(t)左移两次的数据之和;如果寄存器V的最低两位为11,寄存器V的值将变为寄存器V连续左移两次与F(t)左移两次的数据与F(t)左移一次的数据之和;3) When the lowest two bits of register B are 00, register B will continuously shift left twice; then judge the value of register V, if the lowest two bits of register V are 00, register V will continuously shift left twice; if The lowest two bits of register V are 10, the value of register V will become the sum of the data of register V left shifted twice and F(t) left shifted once; if the lowest two bits of register V are 01, the value of register V It will become the sum of register V left shifted twice and F(t) shifted left twice; if the lowest two bits of register V are 11, the value of register V will become the value of register V shifted left twice and F (t) The sum of the data shifted to the left twice and the data of F(t) shifted to the left once;

4)当寄存器B的最低两位为10,寄存器B将进行一次左移;接着判断寄存器V的数值,如果寄存器V为偶数,那么寄存器V将进行一次左移;如果寄存器V为奇数,寄存器V的值将变为寄存器V与F(t)之和的二分之一;4) When the lowest two bits of register B are 10, register B will perform a left shift; then judge the value of register V, if register V is even, then register V will perform a left shift; if register V is odd, register V The value of will become half of the sum of register V and F(t);

5)当寄存器A大于寄存器B时,首先完成A=(A+B)/2和U=U+V操作;然后判断寄存器U的值,如果寄存器U为偶数,那么寄存器U将进行一次左移,如果寄存器U为奇数,那么寄存器U的值将变为寄存器U与F(t)之和的二分之一;5) When the register A is greater than the register B, first complete the A=(A+B)/2 and U=U+V operations; then judge the value of the register U, if the register U is an even number, then the register U will perform a left shift , if the register U is an odd number, then the value of the register U will become half of the sum of the register U and F(t);

6)其余情况时,首先完成B=(A+B)/2和V=U+V操作;然后判断寄存器V的值,如果寄存器V为偶数,那么寄存器V将进行一次左移,如果寄存器V为奇数,寄存器V的值将变为寄存器V与F(t)之和的二分之一;6) During all the other cases, first complete the B=(A+B)/2 and V=U+V operations; then judge the value of register V, if register V is an even number, then register V will carry out a left shift, if register V is an odd number, the value of register V will become half of the sum of register V and F(t);

7)最后返回寄存器U的值,其存储的值即为模除结果r(t)。7) Return the value of the register U at last, and the stored value is the modulus result r(t).

本发明所设计的一种基于二进制域的椭圆曲线密码体制的改进模除算法,对shantz模除算法进行了改进,具体的改进方式为,对算法进行迭代约减的过程中,每次将判断寄存器中所存储的数值的最低两位数值的奇偶性,在增加不是很多硬件资源的前提下,加快了计算过程。A kind of improved modulus division algorithm based on binary domain elliptic curve cryptosystem designed by the present invention improves the shantz modulus division algorithm, and the specific improvement method is that in the process of iterative reduction of the algorithm, each time the judgment The parity of the lowest two digits of the value stored in the register speeds up the calculation process without adding a lot of hardware resources.

本发明也是基于二进制域进行的设计。The present invention is also designed based on the binary field.

为了满足各个领域对于实时安全通信的需求,既要增强加密算法的安全性,又要提高加密算法的运算速度。In order to meet the needs of various fields for real-time secure communication, it is necessary to enhance the security of the encryption algorithm and improve the operation speed of the encryption algorithm.

附图说明Description of drawings

图1为本发明算法的寄存器A、U操作框图。Fig. 1 is the register A, U operation block diagram of algorithm of the present invention.

图2为本发明算法的寄存器B、V操作框图。Fig. 2 is the operation block diagram of the registers B and V of the algorithm of the present invention.

图3为本发明算法在50MHz时钟下与其他模逆算法消耗时钟数的仿真比较结果。Fig. 3 is the simulation comparison result of the number of clocks consumed by the algorithm of the present invention and other modular inverse algorithms under the 50MHz clock.

图4为本发明算法在50MHz时钟下与其他模逆算法吞吐率的仿真比较结果。Fig. 4 is the simulation comparison result of the throughput of the algorithm of the present invention and other modular inverse algorithms under the 50MHz clock.

具体实施方式detailed description

以下将结合说明书附图对本发明的实施方式做进一步的说明。The embodiments of the present invention will be further described below in conjunction with the accompanying drawings.

本发明是一种基于二进制域的椭圆曲线密码体制的改进模除算法,利用本发明进行模除运算的算法结构框图参考图1和图2,算法包括以下过程:The present invention is a kind of improved modular division algorithm based on the elliptic curve cryptosystem of binary field, utilizes the present invention to carry out the algorithm structural block diagram of modular division operation with reference to Fig. 1 and Fig. 2, and algorithm comprises following process:

1.初始化参数:本发明算法设计与验证实施基于的是二进制域GF(2m),用户根据NIST推荐的Koblitz椭圆曲线参数,设定两个阶数小于阈值m的元素x(t)和y(t),分别作为输入的分子分母,接着,设定一个阶数等于阈值m的既约多项式F(t)。1. Initialization parameters: the algorithm design and verification implementation of the present invention is based on the binary field GF(2 m ), and the user sets two elements x(t) and y whose order is smaller than the threshold m according to the Koblitz elliptic curve parameters recommended by NIST (t), respectively, as the input numerator and denominator, and then set a reduced polynomial F(t) whose order is equal to the threshold value m.

2.初始化寄存器:本发明中将使用四个寄存器A、B、U、V,分别进行如下初始化赋值:A←x(t),B←F(t),U←y(t),V←0。2. Initialization registers: In the present invention, four registers A, B, U, and V will be used to perform the following initialization assignments respectively: A←x(t), B←F(t), U←y(t), V← 0.

3.迭代约减:3. Iterative reduction:

完成初始赋值后,算法开始对输入进行迭代约减,约减过程通过判断寄存器中所存储的数值的低位奇偶性,来完成对应的移位和异或操作,具体表示为:After completing the initial assignment, the algorithm starts to iteratively reduce the input. The reduction process completes the corresponding shift and XOR operations by judging the low parity of the values stored in the register, specifically expressed as:

1)当A[1:0]==00,A=A/4。再判断U的值,若U[1:0]==00,U=U/4;若U[1:0]==10,U=U/4+F(t)/2;若U[1:0]==01,U=U/4+F(t)/4;若U[1:0]==11,U=U/4+F(t)/4+F(t)/2。1) When A[1:0]==00, A=A/4. Then judge the value of U, if U[1:0]==00, U=U/4; if U[1:0]==10, U=U/4+F(t)/2; if U[ 1:0]==01, U=U/4+F(t)/4; if U[1:0]==11, U=U/4+F(t)/4+F(t)/ 2.

2)当A[1:0]==10,A=A/2。再判断U的值,若U为偶数,U=U/2;若U为奇数,U=(U+F(t))/2。2) When A[1:0]==10, A=A/2. Then judge the value of U, if U is an even number, U=U/2; if U is an odd number, U=(U+F(t))/2.

3)当B[1:0]==00,B=B/4。再判断V的值,若V[1:0]==00,V=V/4;若V[1:0]==10,V=V/4+F(t)/2;若V[1:0]==01,V=V/4+F(t)/4;若V[1:0]==11,V=V/4+F(t)/4+F(t)/2。3) When B[1:0]==00, B=B/4. Then judge the value of V, if V[1:0]==00, V=V/4; if V[1:0]==10, V=V/4+F(t)/2; if V[ 1:0]==01, V=V/4+F(t)/4; if V[1:0]==11, V=V/4+F(t)/4+F(t)/ 2.

4)当B[1:0]==10,B=B/2。再判断V的值,若V为偶数,V=V/2;若V为奇数,V=(V+F(t))/2。4) When B[1:0]==10, B=B/2. Then judge the value of V, if V is an even number, V=V/2; if V is an odd number, V=(V+F(t))/2.

5)当A>B,A=(A+B)/2和U=U+V。再判断U的值,若U为偶数,则U=U/2,若U为奇数,U=(U+F(t))/2。5) When A>B, A=(A+B)/2 and U=U+V. Then judge the value of U, if U is an even number, then U=U/2, if U is an odd number, U=(U+F(t))/2.

6)其余情况下,B=(A+B)/2,V=U+V操作。再判断V的值,若V为偶数,则V=V/2,如果V为奇数,V=(V+F(t))/2。6) In other cases, B=(A+B)/2, V=U+V operation. Then judge the value of V, if V is an even number, then V=V/2, if V is an odd number, V=(V+F(t))/2.

4.输出结果:经过一定轮次的迭代约减,寄存器A的数值降为1,设此时U为UA=1,则有y(t)≡UA=1x(t)mod F(t),即UA=1与r(t)=y(t)/x(t)mod F(t)中的r(t)相等,故寄存器U存储的数值为模除结果r(t)。其中本发明算法对寄存器A、U进行最低两位奇偶性判定的相关操作(寄存器B、V同理),可参见表1。4. Output result: After a certain round of iterative reduction, the value of register A is reduced to 1, and if U is U A=1 at this time, then y(t)≡U A=1 x(t)mod F( t), that is, U A=1 is equal to r(t) in r(t)=y(t)/x(t)mod F(t), so the value stored in register U is the modulus result r(t) . Wherein, the algorithm of the present invention performs related operations on registers A and U to determine the parity of the lowest two digits (the same applies to registers B and V), see Table 1.

表1Table 1

表2Table 2

FrequencyFrequency AreaArea Critical Path DelayCritical Path Delay CellCell 250MHz250MHz 0.253mm2 0.253mm 2 3.78ns3.78ns 1186411864

表3table 3

Degree(m)Degree(m) 163163 233233 283283 409409 Time(ns)Time(ns) 44804480 62406240 75807580 1132011320 ClockClock 224224 312312 379379 566566

5.仿真结果:参考图3,可看出本发明算法在50MHz时钟下,与其他模逆算法消耗时钟5. Simulation results: with reference to Fig. 3, it can be seen that the algorithm of the present invention consumes clock less than other modular inverse algorithms under the 50MHz clock

数的对比结果。参考图4,可看出本发明算法在50MHz时钟下,与其它模逆算法吞吐率的对比结果。Number comparison results. Referring to FIG. 4 , it can be seen that the algorithm of the present invention compares the throughput of other modular inverse algorithms with a clock speed of 50 MHz.

本发明算法在0.18CMOS工艺下的综合结果,参见表2,本发明算法在在50MHz时钟下的不同阈值时所消耗时钟数,参见表3。可看出本发明算法在0.18CMOS工艺下的综合结果。可看出本发明算法在在50MHz时钟,不同阈值下所消耗时钟数。See Table 2 for the comprehensive results of the algorithm of the present invention under the 0.18CMOS process, and see Table 3 for the number of clocks consumed by the algorithm of the present invention at different thresholds under the 50MHz clock. It can be seen that the comprehensive result of the algorithm of the present invention under the 0.18CMOS process. It can be seen that the number of clocks consumed by the algorithm of the present invention is 50MHz clock and different thresholds.

本发明根据r(t)=y(t)/x(t)mod F(t),算法先将寄存器A、B、U、V赋予对应初始值,再通过一次性判断寄存器中最低两位二进制数据的值,实现对应约减操作,直到寄存器A中存储的数值降为1,寄存器U中存储的数值即为模除结果r(t)。通过Verilog语言实现算法并仿真,对比改进的欧几里得算法及费马小定理算法,该算法在时间消耗方面存在优势,有效加速了模除计算,可用于ECC加解密IP核中。According to the present invention r(t)=y(t)/x(t)mod F(t), the algorithm first assigns the registers A, B, U, and V the corresponding initial values, and then judges the lowest two binary digits in the registers at one time. The value of the data, implements the corresponding reduction operation until the value stored in register A is reduced to 1, and the value stored in register U is the result of modulo division r(t). The algorithm is realized and simulated by Verilog language. Compared with the improved Euclidean algorithm and Fermat's little theorem algorithm, the algorithm has advantages in time consumption, effectively accelerates the modulo division calculation, and can be used in the ECC encryption and decryption IP core.

Claims (2)

1. a kind of improvement mould of the elliptic curve cryptosystem based on binary field removes method, it is characterised in that including following step Suddenly:
1) according to the relative theory of elliptic curve cryptosystem, it is located at binary field GF (2m) in, it is known that two exponent numbers are less than threshold value M element x (t) and y (t), respectively as two input elements, while according to NIST (National Institute of Standards and Technology) The Koblitz elliptic curve parameters recommended, one known exponent number of selection is equal to threshold value m irreducible polynomial F (t);According to Mould removes formula r (t)=y (t)/x (t) mod F (t), obtains mould division result r (t), or be expressed as y (t) ≡ r (t) x (t) mod F (t);By using intermediate data required in four register A, B, U, V storage algorithms, reach and formula r (t)=y is removed to mould (t)/x (t) mod F (t), or y (t) ≡ r (t) x (t) mod F (t) are iterated the purpose for about subtracting calculating, first, successively to institute State four registers A, B, U, V and carry out initialization assignment;
2) after four registers A, B, U, V are completed with initial assignment, algorithm starts the numerical value to being stored in register A, B It is iterated and about subtracts, during about subtracting, four registers A, B, U, V needs to maintain A × y (t) ≡ U × x (t) mod all the time The identity of F (t) and B × y (t) ≡ V × two formula of x (t) mod F (t), from A × y (t) ≡ U × x (t) mod F (t) and B × y (t) ≡ V × formula of x (t) mod F (t) two are observed, it is changed when the numerical value stored in register A, B Afterwards, the numerical value stored in register U, V can also change therewith;
3) algorithm is by the low level parity for the intermediate value for judging to be stored in register, using the displacement in hardware operation and XOR completes iteration and about subtracts calculating;
4) iteration Jing Guo certain round will be reduced to 1, whole division fortune with about subtracting the numerical value stored in calculating, register A The process of calculation is terminated, if U now is UA=1, then identity now will be changed into y (t) ≡ UA=1X (t) mod F (t), i.e. UA=1 Value it is identical with the r (t) in formula r (t)=y (t)/x (t) mod F (t), now, register U storage numerical value for mould except knot Fruit r (t).
2. a kind of improvement mould of the elliptic curve cryptosystem based on binary field removes method, it is characterised in that including following step Suddenly:
1) when minimum two of register A are 00, register A will be carried out continuously and move to left twice;Then register U number is judged Value, if minimum two of register U are 00, register U will be carried out continuously and move to left twice;If minimum two of register U For 10, register U value will be changed into register U and continuously move to left the data sum moved to left twice with F (t) once;If register U Minimum two be 01, register U value will be changed into register U and continuously move to left the data sum moved to left twice with F (t) twice; If minimum two of register U are 11, register U value will be changed into register U and continuously move to left to move to left twice with F (t) twice Data and F (t) move to left data sum once;
2) when minimum two of register A are 10, register A will be moved to left once;Then register U numerical value is judged, such as Fruit register U is even number, then register U will be moved to left once;If register U is odd number, register U value will be changed into Register U and 1/2nd of F (t) sums;
3) when minimum two of register B are 00, register B will be carried out continuously and move to left twice;Then register V number is judged Value, if minimum two of register V are 00, register V will be carried out continuously and move to left twice;If minimum two of register V For 10, register V value will be changed into register V and continuously move to left the data sum moved to left twice with F (t) once;If register V Minimum two be 01, register V value will be changed into register V and continuously move to left the data sum moved to left twice with F (t) twice; If minimum two of register V are 11, register V value will be changed into register V and continuously move to left to move to left twice with F (t) twice Data and F (t) move to left data sum once;
4) when minimum two of register B are 10, register B will be moved to left once;Then register V numerical value is judged, such as Fruit register V is even number, then register V will be moved to left once;If register V is odd number, register V value will be changed into Register V and 1/2nd of F (t) sums;
5) when register A is more than register B, A=(A+B)/2 and U=U+V operations are completed first;Then judge register U's Value, if register U is even number, then register U will be moved to left once, if register U is odd number, then register U Value will be changed into 1/2nd of register U and F (t) sums;
6) during remaining situation, B=(A+B)/2 and V=U+V operations are completed first;Then register V value is judged, if deposit Device V is even number, then register V will be moved to left once, if register V is odd number, register V value will be changed into register V and 1/2nd of F (t) sums;
7) register U value is finally returned to, its value stored is mould division result r (t).
CN201710443912.XA 2017-06-13 2017-06-13 A kind of improvement mould of the elliptic curve cryptosystem based on binary field removes method Pending CN107040380A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710443912.XA CN107040380A (en) 2017-06-13 2017-06-13 A kind of improvement mould of the elliptic curve cryptosystem based on binary field removes method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710443912.XA CN107040380A (en) 2017-06-13 2017-06-13 A kind of improvement mould of the elliptic curve cryptosystem based on binary field removes method

Publications (1)

Publication Number Publication Date
CN107040380A true CN107040380A (en) 2017-08-11

Family

ID=59542099

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710443912.XA Pending CN107040380A (en) 2017-06-13 2017-06-13 A kind of improvement mould of the elliptic curve cryptosystem based on binary field removes method

Country Status (1)

Country Link
CN (1) CN107040380A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2019120066A1 (en) * 2017-12-20 2019-06-27 云图有限公司 Fast mode reduction method and medium suitable for sm2 algorithm
CN110999207A (en) * 2017-08-15 2020-04-10 区块链控股有限公司 Computer-implemented method of generating a threshold library

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110999207A (en) * 2017-08-15 2020-04-10 区块链控股有限公司 Computer-implemented method of generating a threshold library
CN110999207B (en) * 2017-08-15 2024-05-31 区块链控股有限公司 Computer-implemented method of generating a threshold library
WO2019120066A1 (en) * 2017-12-20 2019-06-27 云图有限公司 Fast mode reduction method and medium suitable for sm2 algorithm

Similar Documents

Publication Publication Date Title
Öztürk et al. Low-power elliptic curve cryptography using scaled modular arithmetic
US8422685B2 (en) Method for elliptic curve scalar multiplication
WO2015164996A1 (en) Elliptic domain curve operational method and elliptic domain curve operational unit
CN109145616B (en) SM2 encryption, signature and key exchange implementation method and system based on efficient modular multiplication
Jafri et al. Towards an optimized architecture for unified binary huff curves
Putranto et al. Another concrete quantum cryptanalysis of binary elliptic curves
Koppermann et al. 18 seconds to key exchange: Limitations of supersingular isogeny Diffie-Hellman on embedded devices
Nair et al. Analysis of ECC for application specific WSN security
Sakiyama et al. Reconfigurable modular arithmetic logic unit for high-performance public-key cryptosystems
CN107040380A (en) A kind of improvement mould of the elliptic curve cryptosystem based on binary field removes method
Sutikno et al. An implementation of ElGamal elliptic curves cryptosystems
Bai et al. On the Efficiency of Pollard's Rho Method for Discrete Logarithms.
CN101971138A (en) An apparatus and a method for calculating a multiple of a point on an elliptic curve
US8804952B2 (en) System and method for securing scalar multiplication against differential power attacks
Gutub et al. Serial vs. parallel elliptic curve crypto processor designs
Pillutla et al. A high-throughput fully digit-serial polynomial basis finite field $\text {GF}(2^{m}) $ multiplier for IoT applications
Mohamed et al. Improved fixed-base comb method for fast scalar multiplication
Reyes et al. A performance comparison of elliptic curve scalar multiplication algorithms on smartphones
WO2015199675A1 (en) System and method for securing scalar multiplication against differential power attacks
Thomas et al. Embedment of montgomery algorithm on elliptic curve cryptography over RSA public key cryptography
Clancy Analysis of FPGA-based hyperelliptic curve cryptosystems
Guo et al. An Efficient Hardware Design of Prime Field Modular Inversion/Division for Public Key Cryptography
Maleszewski Analysis of the certain cryptographic problems in protocols of certyfing the nodes in IOT infrastructure
CN115276960B (en) A device and method for implementing fast modular inversion chip on SM2 Montgomery domain
Yang An FPGA based processor for elliptic curve cryptography

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20170811

RJ01 Rejection of invention patent application after publication