CN108322308A - A kind of system for implementing hardware of Digital Signature Algorithm for authentication - Google Patents
A kind of system for implementing hardware of Digital Signature Algorithm for authentication Download PDFInfo
- Publication number
- CN108322308A CN108322308A CN201711335280.1A CN201711335280A CN108322308A CN 108322308 A CN108322308 A CN 108322308A CN 201711335280 A CN201711335280 A CN 201711335280A CN 108322308 A CN108322308 A CN 108322308A
- Authority
- CN
- China
- Prior art keywords
- module
- algorithm
- control module
- data storage
- result
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a kind of system for implementing hardware of the Digital Signature Algorithm for authentication, including bus input interface, bus output interface, MIM message input module, algorithm supplementary module, hash computing module, algorithm control module, point doubling control module, Montgomery Algorithm control module, result to check module, control register module, state-query module and data storage space module;Bus input interface is connect with MIM message input module and control register module respectively;MIM message input module is connect with algorithm supplementary module;Algorithm supplementary module is connect with hash computing module;Hash computing module is connect with algorithm control module;Algorithm control module is connect with point doubling control module and Montgomery Algorithm control module respectively;Point doubling control module is connect with Montgomery Algorithm control module;Montgomery Algorithm control module checks that module is connect with result;Bus output interface checks that module and state-query module are connect with result respectively.
Description
Technical field
The invention belongs to information security field, the hardware realization of specifically a kind of Digital Signature Algorithm for authentication
System.
Background technology
Continuous with the Internet, applications is popularized so that the importance of information security increasingly improves, especially daily life
In the every aspects such as mobile payment, Web bank, shopping online, cell phone mailbox, mobile phone stock market all refer to the peace of identification
Full processing procedure, identity identifying technology become core and the basis of information security field.
The Digital Signature Algorithm of public-key cryptosystem is as one of known safest authentication processing mode at present,
It is widely used in the identification in each field.In December, 2010, national Password Management office has issued independently to be known with country
Know property right《SM2 ellipse curve public key cipher algorithms》(hereinafter referred to as《Algorithm》), the digital signature of specification complete set is calculated
Method meets the needs of the authentication scene in a variety of cipher applications.
Invention content
In view of the deficiencies of the prior art, the technical issues of present invention intends to solve is to provide a kind of number for authentication
The system for implementing hardware of word signature algorithm.
The technical solution that the present invention solves the technical problem is to provide a kind of Digital Signature Algorithm for authentication
System for implementing hardware, it is characterised in that the system includes bus input interface, bus output interface, MIM message input module, calculation
Method supplementary module, hash computing module, algorithm control module, point doubling control module, Montgomery Algorithm control module, result inspection
Look into module, control register module, state-query module and data storage space module;
The bus input interface is connect with MIM message input module and control register module respectively;Described information inputs mould
Block is connect with algorithm supplementary module;The algorithm supplementary module is connect with hash computing module;The hash computing module and calculation
Method control module connects;The algorithm control module is connect with point doubling control module and Montgomery Algorithm control module respectively;
The point doubling control module is connect with Montgomery Algorithm control module;The Montgomery Algorithm control module checks module with result
Connection;The bus output interface checks that module and state-query module are connect with result respectively;The data storage spatial mode
Block is controlled with MIM message input module, algorithm supplementary module, hash computing module, point doubling control module and Montgomery Algorithm respectively
Module connects.
Compared with prior art, advantageous effect of the present invention is:
1. this system can complete identity authentication function, meet《Algorithm》The digital signature systematic function and digital signature of specification
Authentication function, can meet the application demand of authentication, and realization (is up to 2 to identity information63- 1 bit) it is digitally signed
And signing messages is verified, while this system is had more using the mode that devices at full hardware is realized than other software realization modes
Safety, arithmetic speed is faster;
2. this system incorporates《Algorithm》Digital signature generation and digital signature verification algorithm in specification, will《Algorithm》Specification
In two independent algorithms carry out that hardware logics are shared to be integrated with scheduling flow, maximized common hardware logic effectively reduces
Hardware consumption, unified operation flow, the hardware resource and time loss of saving-algorithm reduce cost of implementation;
3. this system supports ahb bus agreement, the SoC frameworks of security system are supported.The ahb bus interface of standard can make this
Form of the system as the soft cores of number IP, is flexibly integrated in all kinds of SoC chips or FPGA design, while this system is to sensitive number
According to actively read and write mechanism, this system can be enabled to support the security architecture system similar to Trust Zone technologies, had extensive
Application.
4. the hardware configuration of the present invention meets《Algorithm》In 2.6 section with 2.7 section Digital Signature Algorithm specification.Identity information
Or signing messages saves defined cryptographic Hash function by 2.5.4.2 and is handled, and regulation randomizer life is saved by 2.5.4.3
At random number, defined elliptic curve multi point arithmetic formation curve point is saved using 1.A.3, is saved in finite field using 1.B.1.1
Exponent arithmetic and 1.B.1.2 section finite field in inverse operation complete modular inversion, and using as defined in 1.A.2.2.3.2 sections
Jacobian aggravates projective coordinate system and optimizes calculating process, realizes the signature to identity information and the certification to signing messages.This
The hardware configuration of invention optimizes《Algorithm》The Digital Signature Algorithm specification of middle 2.6.1 sections and 2.7.1 sections, digital signature is generated
Operation is converted with the cryptographic Hash operation in digital signature verification algorithm, multi point arithmetic, exponent arithmetic, inverse operation, coordinate system
It is extracted as common logic, the call flow of Optimal State machine etc. shared subalgorithm, so that two kinds of algorithms is maximized and share one
Arithmetic logic is covered, hardware consumption is effectively reduced.
Description of the drawings
Fig. 1 is whole knot of the present invention for a kind of embodiment of system for implementing hardware of the Digital Signature Algorithm of authentication
Structure connection signal block diagram;
Specific implementation mode
Specific embodiments of the present invention are given below.Specific embodiment is only used for that present invention be described in more detail, unlimited
The application scope of the claims processed.
The present invention provides a kind of system for implementing hardware of the Digital Signature Algorithm for authentication (referring to Fig. 1, referred to as
System), it is characterised in that the system includes bus input interface, bus output interface, MIM message input module 1, algorithm auxiliary mould
Block 2, hash computing module 3, algorithm control module 4, point doubling control module 5, Montgomery Algorithm control module 6, result inspection
Module 7, control register module 8, state-query module 9 and data storage space module 10;
The bus input interface is connect with MIM message input module 1 and control register module 8 respectively;Described information inputs
Module 1 is connect with algorithm supplementary module 2;The algorithm supplementary module 2 is connect with hash computing module 3;The hash operation mould
Block 3 is connect with algorithm control module 4;The algorithm control module 4 is controlled with point doubling control module 5 and Montgomery Algorithm respectively
Module 6 connects;The point doubling control module 5 is connect with Montgomery Algorithm control module 6;The Montgomery Algorithm control module 6
Check that module 7 is connect with result;The bus output interface checks that module 7 and state-query module 9 are connect with result respectively;Institute
State data storage space module 10 respectively with MIM message input module 1, algorithm supplementary module 2, hash computing module 3, point doubling
Control module 5 and Montgomery Algorithm control module 6 connect.
Described information input module 1 by bus input interface active obtaining sign generating algorithm in identity information or
Signing messages in signature verification algorithm, and the information of acquisition is stored in data storage space module 10;
The algorithm supplementary module 2 generates random number in generating algorithm of signing, and the random number of generation is stored in data
Storage space module 10;The bounds checking of signing messages is carried out in signature verification algorithm;
The hash computing module 3 enter information into the acquisition of module 1 information be extended with hash operation, and by operation
As a result in deposit data storage space module 10;
The algorithm control module 4 is for managing point doubling control module 5, Montgomery Algorithm control module 6, result inspection
The scheduling of 7 three modules of module realizes that signature generating algorithm is utmostly multiplexed arithmetic logic with signature verification algorithm;
The point doubling control module 5 is pressed《Algorithm》In point doubling regulation with Jacobian coordinate systems regulation realize
Point doubling, the big number addition in basis, by self-defined realization, operation are called by basic operations control unit with large number multiplication operation
And data storage space is written with operation result by data cached;
The Montgomery Algorithm control module 6 is pressed《Algorithm》Finite field in exponent arithmetic and finite field in inverse operation,
And using Montgomery power mould computational methods (including Montgomery into domain, montgomery modulo multiplication, Montgomery modular power, cover brother
Ma Li moves back four part subalgorithm operation of domain) it realizes, and data storage space module 10 is written with operation result by data cached;
The result checks that module 7 checks whether the signing messages of generation is legal in generating algorithm of signing;It is tested in signature
Check whether the check information of generation is legal in card algorithm;And legal operation result is exported to bus.
Control register module 8 is responsible for carrying out instruction interaction with external with state-query module 9.State-query module 9 can
The real-time status of system is supplied to external system by bus output interface.
The data storage space module 10 is internal system separate space, external inaccessible.
The present invention is used for the operation principle of the system for implementing hardware of the Digital Signature Algorithm of authentication and workflow:
Signature generating algorithm process:
Step 1, control register module 8 are received generates task by the signature that bus input interface configures, and is then turned on label
Name generates operation;
Step 2, MIM message input module 1 are by bus input interface active obtaining identity information to be signed, and by acquisition
Information is stored in data storage space module 10;
Step 3, algorithm supplementary module 2 generate random number, and the random number of generation is stored in data storage space module 10;
Step 4, hash computing module 3 read the identity information in data storage space module 10, and carry out hash operation,
It then again will be in operation result deposit data storage space module 10;
Step 5, algorithm control module 4 check mould according to point doubling control module 5, Montgomery Algorithm control module 6, result
Block 7, Montgomery Algorithm control module 6 and result check that the sequence of module 7 is scheduled successively;Point doubling control module 5 and mould
The data that power operation control module 6 will store in calculating process in data storage space module 10 in read step 2-4, and will
Result of calculation is stored to data storage space module 10;As a result check that module 7 will check whether the signing messages generated is legal, such as
Fruit is legal, and result data is sent out by bus output interface, otherwise algorithm control module 4 is notified to proceed by weight from step 3
It is new to calculate.
Signature verification algorithmic procedure:
Step 1, control register module 8 receive the signature verification task configured by bus input interface, are then turned on label
Name verification operation;
Step 2, MIM message input module 1 are by bus input interface active obtaining signing messages to be verified, and by acquisition
Information is stored in data storage space module 10;
Step 3, algorithm supplementary module 2 read the signing messages in data storage space module 10, and to it into row bound
It checks;
Step 4, hash computing module 3 read the identity information in data storage space module 10, and carry out hash operation,
It then again will be in operation result deposit data storage space module 10;
Step 5, algorithm control module 4 check that module 7, point doubling control mould according to Montgomery Algorithm control module 6, result
Block 5, operation control module 6 and result check that the sequence of module 7 is scheduled successively;Point doubling control module 5 is transported with mould power
The data that control module 6 will store in calculating process in data storage space module 10 in read step 2-4 are calculated, and will be calculated
As a result it stores to data storage space module 10;As a result check that module 7 will check whether the check information generated is legal, if closed
Rule sends out signature verification result by bus output interface, and signature verification failure signal is otherwise passed through bus output interface
It sends out.
The present invention does not address place and is suitable for the prior art.
Claims (3)
1. a kind of system for implementing hardware of Digital Signature Algorithm for authentication, it is characterised in that the system includes that bus is defeated
Incoming interface, bus output interface, MIM message input module, algorithm supplementary module, hash computing module, algorithm control module, times point
Operation control module, Montgomery Algorithm control module, result check module, control register module, state-query module and data
Storage space module;
The bus input interface is connect with MIM message input module and control register module respectively;Described information input module with
Algorithm supplementary module connects;The algorithm supplementary module is connect with hash computing module;The hash computing module and algorithm control
Molding block connects;The algorithm control module is connect with point doubling control module and Montgomery Algorithm control module respectively;It is described
Point doubling control module is connect with Montgomery Algorithm control module;The Montgomery Algorithm control module checks that module connects with result
It connects;The bus output interface checks that module and state-query module are connect with result respectively;The data storage space module
Respectively mould is controlled with MIM message input module, algorithm supplementary module, hash computing module, point doubling control module and Montgomery Algorithm
Block connects.
2. the system for implementing hardware of the Digital Signature Algorithm according to claim 1 for authentication, it is characterised in that
The system carry out signature generating algorithm process be:
Step 1, control register module are received generates task by the signature that bus input interface configures, and is then turned on signature and generates
Operation;
Step 2, MIM message input module are deposited the information of acquisition by bus input interface active obtaining identity information to be signed
Enter data storage space module;
Step 3, algorithm supplementary module generate random number, and the random number of generation is stored in data storage space module;
Step 4, hash computing module read data storage spatial mode identity information in the block, and carry out hash operation, then again
Operation result is stored in data storage space module;
Step 5, algorithm control module check module, mould power according to point doubling control module, Montgomery Algorithm control module, result
Operation control module and result check that the sequence of module is scheduled successively;Point doubling control module controls mould with Montgomery Algorithm
The data that block will store in calculating process in data storage space module in read step 2-4, and by result of calculation store to
Data storage space module;As a result check that module will check whether the signing messages generated is legal, by number of results if legal
It is sent out according to by bus output interface, otherwise notifies algorithm control module is proceeded by from step 3 to recalculate.
3. the system for implementing hardware of the Digital Signature Algorithm according to claim 1 for authentication, it is characterised in that
The process that the system carries out signature verification algorithm is:
Step 1, control register module receive the signature verification task configured by bus input interface, are then turned on signature verification
Operation;
Step 2, MIM message input module are deposited the information of acquisition by bus input interface active obtaining signing messages to be verified
Enter data storage space module;
Step 3, algorithm supplementary module read data storage spatial mode signing messages in the block, and carry out bounds checking to it;
Step 4, hash computing module read data storage spatial mode identity information in the block, and carry out hash operation, then again
Operation result is stored in data storage space module;
Step 5, algorithm control module check module, point doubling control module, operation according to Montgomery Algorithm control module, result
Control module and result check that the sequence of module is scheduled successively;Point doubling control module exists with Montgomery Algorithm control module
The data that will be stored in data storage space module in read step 2-4 in calculating process, and result of calculation is stored to data
Storage space module;As a result check that module will check whether the check information generated is legal, by signature verification knot if legal
Fruit is sent out by bus output interface, otherwise sends out signature verification failure signal by bus output interface.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711335280.1A CN108322308B (en) | 2017-12-14 | 2017-12-14 | Hardware implementation system of digital signature algorithm for identity authentication |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711335280.1A CN108322308B (en) | 2017-12-14 | 2017-12-14 | Hardware implementation system of digital signature algorithm for identity authentication |
Publications (2)
Publication Number | Publication Date |
---|---|
CN108322308A true CN108322308A (en) | 2018-07-24 |
CN108322308B CN108322308B (en) | 2021-01-12 |
Family
ID=62892486
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201711335280.1A Active CN108322308B (en) | 2017-12-14 | 2017-12-14 | Hardware implementation system of digital signature algorithm for identity authentication |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108322308B (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113193962A (en) * | 2021-04-30 | 2021-07-30 | 安徽师范大学 | SM2 digital signature generation and verifier based on lightweight modular multiplication |
Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7685436B2 (en) * | 2003-10-02 | 2010-03-23 | Itt Manufacturing Enterprises, Inc. | System and method for a secure I/O interface |
CN102737270A (en) * | 2011-04-15 | 2012-10-17 | 航天信息股份有限公司 | Security co-processor of bank smart card chip based on domestic algorithms |
CN102761413A (en) * | 2011-04-27 | 2012-10-31 | 航天信息股份有限公司 | Implementation system of p-element domain SM2 elliptic curve public key cryptographic algorithm |
CN103049710A (en) * | 2012-12-13 | 2013-04-17 | 国家广播电影电视总局广播科学研究院 | Field-programmable gate array (FPGA) chip for SM2 digital signature verification algorithm |
US20140143522A1 (en) * | 2012-11-20 | 2014-05-22 | The Regents Of The University Of Michigan | Prefetching based upon return addresses |
CN104202161A (en) * | 2014-08-06 | 2014-12-10 | 广东电网公司电力科学研究院 | An SoC cryptographic chip |
CN104503730A (en) * | 2014-10-24 | 2015-04-08 | 山东华芯半导体有限公司 | Instruction-based large-number point addition and point multiplication operation circuit and realization method |
CN106549769A (en) * | 2016-12-08 | 2017-03-29 | 广东工业大学 | SM2 ellipse curve signatures system under a kind of prime field Fp |
-
2017
- 2017-12-14 CN CN201711335280.1A patent/CN108322308B/en active Active
Patent Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7685436B2 (en) * | 2003-10-02 | 2010-03-23 | Itt Manufacturing Enterprises, Inc. | System and method for a secure I/O interface |
CN102737270A (en) * | 2011-04-15 | 2012-10-17 | 航天信息股份有限公司 | Security co-processor of bank smart card chip based on domestic algorithms |
CN102761413A (en) * | 2011-04-27 | 2012-10-31 | 航天信息股份有限公司 | Implementation system of p-element domain SM2 elliptic curve public key cryptographic algorithm |
US20140143522A1 (en) * | 2012-11-20 | 2014-05-22 | The Regents Of The University Of Michigan | Prefetching based upon return addresses |
CN103049710A (en) * | 2012-12-13 | 2013-04-17 | 国家广播电影电视总局广播科学研究院 | Field-programmable gate array (FPGA) chip for SM2 digital signature verification algorithm |
CN104202161A (en) * | 2014-08-06 | 2014-12-10 | 广东电网公司电力科学研究院 | An SoC cryptographic chip |
CN104503730A (en) * | 2014-10-24 | 2015-04-08 | 山东华芯半导体有限公司 | Instruction-based large-number point addition and point multiplication operation circuit and realization method |
CN106549769A (en) * | 2016-12-08 | 2017-03-29 | 广东工业大学 | SM2 ellipse curve signatures system under a kind of prime field Fp |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113193962A (en) * | 2021-04-30 | 2021-07-30 | 安徽师范大学 | SM2 digital signature generation and verifier based on lightweight modular multiplication |
Also Published As
Publication number | Publication date |
---|---|
CN108322308B (en) | 2021-01-12 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107566117B (en) | A kind of block chain key management system and method | |
CN109726598A (en) | Embedded-type security encryption chip based on Cloud Server | |
US20200228547A1 (en) | Security monitoring information-based provisioning of digital certificates in software defined data centers | |
CN110100422B (en) | Data writing method and device based on block chain intelligent contract and storage medium | |
CN108345806A (en) | A kind of hardware encryption card and encryption method | |
CN102737270B (en) | A kind of bank intelligent card chip secure coprocessor based on domestic algorithm | |
TW202001657A (en) | Integrated-chip -based data processing method, computing device, and storage media | |
US11375369B2 (en) | Message authentication method and communication method of communication network system, and communication network system | |
CN111125781B (en) | File signature method and device and file signature verification method and device | |
CN112732297B (en) | Method and device for updating federal learning model, electronic equipment and storage medium | |
CN112883408B (en) | Encryption and decryption system and chip for private calculation | |
CN111131412A (en) | Method and system for computing nodes by 5G mobile terminal, mobile terminal and cloud server | |
CN114826733B (en) | File transmission method, device, system, equipment, medium and program product | |
CN109697370A (en) | Database data encipher-decipher method, device, computer equipment and storage medium | |
CN112100673A (en) | Federal learning accelerator and RSA intersection calculation method for privacy calculation | |
CN102088349A (en) | Personalized method and system of intelligent card | |
CN113422683B (en) | Edge cloud cooperative data transmission method, system, storage medium and terminal | |
EP4082154A1 (en) | System and method of management of a shared cryptographic account | |
CN113422686A (en) | Gateway layer authentication method, system, electronic device and storage medium | |
Zhao et al. | Fuzzy identity-based dynamic auditing of big data on cloud storage | |
CN110716724B (en) | Method and device for realizing privacy block chain based on FPGA | |
CN114417374A (en) | Intelligent contract business card method, device, equipment and storage medium based on block chain | |
CN105337731B (en) | Method of data synchronization and system after a kind of improvement of encryption device | |
CN110598416A (en) | Transaction scheduling method and device | |
CN108322308A (en) | A kind of system for implementing hardware of Digital Signature Algorithm for authentication |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |