CN108322308A - A kind of system for implementing hardware of Digital Signature Algorithm for authentication - Google Patents

A kind of system for implementing hardware of Digital Signature Algorithm for authentication Download PDF

Info

Publication number
CN108322308A
CN108322308A CN201711335280.1A CN201711335280A CN108322308A CN 108322308 A CN108322308 A CN 108322308A CN 201711335280 A CN201711335280 A CN 201711335280A CN 108322308 A CN108322308 A CN 108322308A
Authority
CN
China
Prior art keywords
module
algorithm
control module
data storage
result
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201711335280.1A
Other languages
Chinese (zh)
Other versions
CN108322308B (en
Inventor
付彦淇
何全
鲁毅
王晓璐
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tianjin Jinhang Computing Technology Research Institute
Original Assignee
Tianjin Jinhang Computing Technology Research Institute
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tianjin Jinhang Computing Technology Research Institute filed Critical Tianjin Jinhang Computing Technology Research Institute
Priority to CN201711335280.1A priority Critical patent/CN108322308B/en
Publication of CN108322308A publication Critical patent/CN108322308A/en
Application granted granted Critical
Publication of CN108322308B publication Critical patent/CN108322308B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a kind of system for implementing hardware of the Digital Signature Algorithm for authentication, including bus input interface, bus output interface, MIM message input module, algorithm supplementary module, hash computing module, algorithm control module, point doubling control module, Montgomery Algorithm control module, result to check module, control register module, state-query module and data storage space module;Bus input interface is connect with MIM message input module and control register module respectively;MIM message input module is connect with algorithm supplementary module;Algorithm supplementary module is connect with hash computing module;Hash computing module is connect with algorithm control module;Algorithm control module is connect with point doubling control module and Montgomery Algorithm control module respectively;Point doubling control module is connect with Montgomery Algorithm control module;Montgomery Algorithm control module checks that module is connect with result;Bus output interface checks that module and state-query module are connect with result respectively.

Description

A kind of system for implementing hardware of Digital Signature Algorithm for authentication
Technical field
The invention belongs to information security field, the hardware realization of specifically a kind of Digital Signature Algorithm for authentication System.
Background technology
Continuous with the Internet, applications is popularized so that the importance of information security increasingly improves, especially daily life In the every aspects such as mobile payment, Web bank, shopping online, cell phone mailbox, mobile phone stock market all refer to the peace of identification Full processing procedure, identity identifying technology become core and the basis of information security field.
The Digital Signature Algorithm of public-key cryptosystem is as one of known safest authentication processing mode at present, It is widely used in the identification in each field.In December, 2010, national Password Management office has issued independently to be known with country Know property right《SM2 ellipse curve public key cipher algorithms》(hereinafter referred to as《Algorithm》), the digital signature of specification complete set is calculated Method meets the needs of the authentication scene in a variety of cipher applications.
Invention content
In view of the deficiencies of the prior art, the technical issues of present invention intends to solve is to provide a kind of number for authentication The system for implementing hardware of word signature algorithm.
The technical solution that the present invention solves the technical problem is to provide a kind of Digital Signature Algorithm for authentication System for implementing hardware, it is characterised in that the system includes bus input interface, bus output interface, MIM message input module, calculation Method supplementary module, hash computing module, algorithm control module, point doubling control module, Montgomery Algorithm control module, result inspection Look into module, control register module, state-query module and data storage space module;
The bus input interface is connect with MIM message input module and control register module respectively;Described information inputs mould Block is connect with algorithm supplementary module;The algorithm supplementary module is connect with hash computing module;The hash computing module and calculation Method control module connects;The algorithm control module is connect with point doubling control module and Montgomery Algorithm control module respectively; The point doubling control module is connect with Montgomery Algorithm control module;The Montgomery Algorithm control module checks module with result Connection;The bus output interface checks that module and state-query module are connect with result respectively;The data storage spatial mode Block is controlled with MIM message input module, algorithm supplementary module, hash computing module, point doubling control module and Montgomery Algorithm respectively Module connects.
Compared with prior art, advantageous effect of the present invention is:
1. this system can complete identity authentication function, meet《Algorithm》The digital signature systematic function and digital signature of specification Authentication function, can meet the application demand of authentication, and realization (is up to 2 to identity information63- 1 bit) it is digitally signed And signing messages is verified, while this system is had more using the mode that devices at full hardware is realized than other software realization modes Safety, arithmetic speed is faster;
2. this system incorporates《Algorithm》Digital signature generation and digital signature verification algorithm in specification, will《Algorithm》Specification In two independent algorithms carry out that hardware logics are shared to be integrated with scheduling flow, maximized common hardware logic effectively reduces Hardware consumption, unified operation flow, the hardware resource and time loss of saving-algorithm reduce cost of implementation;
3. this system supports ahb bus agreement, the SoC frameworks of security system are supported.The ahb bus interface of standard can make this Form of the system as the soft cores of number IP, is flexibly integrated in all kinds of SoC chips or FPGA design, while this system is to sensitive number According to actively read and write mechanism, this system can be enabled to support the security architecture system similar to Trust Zone technologies, had extensive Application.
4. the hardware configuration of the present invention meets《Algorithm》In 2.6 section with 2.7 section Digital Signature Algorithm specification.Identity information Or signing messages saves defined cryptographic Hash function by 2.5.4.2 and is handled, and regulation randomizer life is saved by 2.5.4.3 At random number, defined elliptic curve multi point arithmetic formation curve point is saved using 1.A.3, is saved in finite field using 1.B.1.1 Exponent arithmetic and 1.B.1.2 section finite field in inverse operation complete modular inversion, and using as defined in 1.A.2.2.3.2 sections Jacobian aggravates projective coordinate system and optimizes calculating process, realizes the signature to identity information and the certification to signing messages.This The hardware configuration of invention optimizes《Algorithm》The Digital Signature Algorithm specification of middle 2.6.1 sections and 2.7.1 sections, digital signature is generated Operation is converted with the cryptographic Hash operation in digital signature verification algorithm, multi point arithmetic, exponent arithmetic, inverse operation, coordinate system It is extracted as common logic, the call flow of Optimal State machine etc. shared subalgorithm, so that two kinds of algorithms is maximized and share one Arithmetic logic is covered, hardware consumption is effectively reduced.
Description of the drawings
Fig. 1 is whole knot of the present invention for a kind of embodiment of system for implementing hardware of the Digital Signature Algorithm of authentication Structure connection signal block diagram;
Specific implementation mode
Specific embodiments of the present invention are given below.Specific embodiment is only used for that present invention be described in more detail, unlimited The application scope of the claims processed.
The present invention provides a kind of system for implementing hardware of the Digital Signature Algorithm for authentication (referring to Fig. 1, referred to as System), it is characterised in that the system includes bus input interface, bus output interface, MIM message input module 1, algorithm auxiliary mould Block 2, hash computing module 3, algorithm control module 4, point doubling control module 5, Montgomery Algorithm control module 6, result inspection Module 7, control register module 8, state-query module 9 and data storage space module 10;
The bus input interface is connect with MIM message input module 1 and control register module 8 respectively;Described information inputs Module 1 is connect with algorithm supplementary module 2;The algorithm supplementary module 2 is connect with hash computing module 3;The hash operation mould Block 3 is connect with algorithm control module 4;The algorithm control module 4 is controlled with point doubling control module 5 and Montgomery Algorithm respectively Module 6 connects;The point doubling control module 5 is connect with Montgomery Algorithm control module 6;The Montgomery Algorithm control module 6 Check that module 7 is connect with result;The bus output interface checks that module 7 and state-query module 9 are connect with result respectively;Institute State data storage space module 10 respectively with MIM message input module 1, algorithm supplementary module 2, hash computing module 3, point doubling Control module 5 and Montgomery Algorithm control module 6 connect.
Described information input module 1 by bus input interface active obtaining sign generating algorithm in identity information or Signing messages in signature verification algorithm, and the information of acquisition is stored in data storage space module 10;
The algorithm supplementary module 2 generates random number in generating algorithm of signing, and the random number of generation is stored in data Storage space module 10;The bounds checking of signing messages is carried out in signature verification algorithm;
The hash computing module 3 enter information into the acquisition of module 1 information be extended with hash operation, and by operation As a result in deposit data storage space module 10;
The algorithm control module 4 is for managing point doubling control module 5, Montgomery Algorithm control module 6, result inspection The scheduling of 7 three modules of module realizes that signature generating algorithm is utmostly multiplexed arithmetic logic with signature verification algorithm;
The point doubling control module 5 is pressed《Algorithm》In point doubling regulation with Jacobian coordinate systems regulation realize Point doubling, the big number addition in basis, by self-defined realization, operation are called by basic operations control unit with large number multiplication operation And data storage space is written with operation result by data cached;
The Montgomery Algorithm control module 6 is pressed《Algorithm》Finite field in exponent arithmetic and finite field in inverse operation, And using Montgomery power mould computational methods (including Montgomery into domain, montgomery modulo multiplication, Montgomery modular power, cover brother Ma Li moves back four part subalgorithm operation of domain) it realizes, and data storage space module 10 is written with operation result by data cached;
The result checks that module 7 checks whether the signing messages of generation is legal in generating algorithm of signing;It is tested in signature Check whether the check information of generation is legal in card algorithm;And legal operation result is exported to bus.
Control register module 8 is responsible for carrying out instruction interaction with external with state-query module 9.State-query module 9 can The real-time status of system is supplied to external system by bus output interface.
The data storage space module 10 is internal system separate space, external inaccessible.
The present invention is used for the operation principle of the system for implementing hardware of the Digital Signature Algorithm of authentication and workflow:
Signature generating algorithm process:
Step 1, control register module 8 are received generates task by the signature that bus input interface configures, and is then turned on label Name generates operation;
Step 2, MIM message input module 1 are by bus input interface active obtaining identity information to be signed, and by acquisition Information is stored in data storage space module 10;
Step 3, algorithm supplementary module 2 generate random number, and the random number of generation is stored in data storage space module 10;
Step 4, hash computing module 3 read the identity information in data storage space module 10, and carry out hash operation, It then again will be in operation result deposit data storage space module 10;
Step 5, algorithm control module 4 check mould according to point doubling control module 5, Montgomery Algorithm control module 6, result Block 7, Montgomery Algorithm control module 6 and result check that the sequence of module 7 is scheduled successively;Point doubling control module 5 and mould The data that power operation control module 6 will store in calculating process in data storage space module 10 in read step 2-4, and will Result of calculation is stored to data storage space module 10;As a result check that module 7 will check whether the signing messages generated is legal, such as Fruit is legal, and result data is sent out by bus output interface, otherwise algorithm control module 4 is notified to proceed by weight from step 3 It is new to calculate.
Signature verification algorithmic procedure:
Step 1, control register module 8 receive the signature verification task configured by bus input interface, are then turned on label Name verification operation;
Step 2, MIM message input module 1 are by bus input interface active obtaining signing messages to be verified, and by acquisition Information is stored in data storage space module 10;
Step 3, algorithm supplementary module 2 read the signing messages in data storage space module 10, and to it into row bound It checks;
Step 4, hash computing module 3 read the identity information in data storage space module 10, and carry out hash operation, It then again will be in operation result deposit data storage space module 10;
Step 5, algorithm control module 4 check that module 7, point doubling control mould according to Montgomery Algorithm control module 6, result Block 5, operation control module 6 and result check that the sequence of module 7 is scheduled successively;Point doubling control module 5 is transported with mould power The data that control module 6 will store in calculating process in data storage space module 10 in read step 2-4 are calculated, and will be calculated As a result it stores to data storage space module 10;As a result check that module 7 will check whether the check information generated is legal, if closed Rule sends out signature verification result by bus output interface, and signature verification failure signal is otherwise passed through bus output interface It sends out.
The present invention does not address place and is suitable for the prior art.

Claims (3)

1. a kind of system for implementing hardware of Digital Signature Algorithm for authentication, it is characterised in that the system includes that bus is defeated Incoming interface, bus output interface, MIM message input module, algorithm supplementary module, hash computing module, algorithm control module, times point Operation control module, Montgomery Algorithm control module, result check module, control register module, state-query module and data Storage space module;
The bus input interface is connect with MIM message input module and control register module respectively;Described information input module with Algorithm supplementary module connects;The algorithm supplementary module is connect with hash computing module;The hash computing module and algorithm control Molding block connects;The algorithm control module is connect with point doubling control module and Montgomery Algorithm control module respectively;It is described Point doubling control module is connect with Montgomery Algorithm control module;The Montgomery Algorithm control module checks that module connects with result It connects;The bus output interface checks that module and state-query module are connect with result respectively;The data storage space module Respectively mould is controlled with MIM message input module, algorithm supplementary module, hash computing module, point doubling control module and Montgomery Algorithm Block connects.
2. the system for implementing hardware of the Digital Signature Algorithm according to claim 1 for authentication, it is characterised in that The system carry out signature generating algorithm process be:
Step 1, control register module are received generates task by the signature that bus input interface configures, and is then turned on signature and generates Operation;
Step 2, MIM message input module are deposited the information of acquisition by bus input interface active obtaining identity information to be signed Enter data storage space module;
Step 3, algorithm supplementary module generate random number, and the random number of generation is stored in data storage space module;
Step 4, hash computing module read data storage spatial mode identity information in the block, and carry out hash operation, then again Operation result is stored in data storage space module;
Step 5, algorithm control module check module, mould power according to point doubling control module, Montgomery Algorithm control module, result Operation control module and result check that the sequence of module is scheduled successively;Point doubling control module controls mould with Montgomery Algorithm The data that block will store in calculating process in data storage space module in read step 2-4, and by result of calculation store to Data storage space module;As a result check that module will check whether the signing messages generated is legal, by number of results if legal It is sent out according to by bus output interface, otherwise notifies algorithm control module is proceeded by from step 3 to recalculate.
3. the system for implementing hardware of the Digital Signature Algorithm according to claim 1 for authentication, it is characterised in that The process that the system carries out signature verification algorithm is:
Step 1, control register module receive the signature verification task configured by bus input interface, are then turned on signature verification Operation;
Step 2, MIM message input module are deposited the information of acquisition by bus input interface active obtaining signing messages to be verified Enter data storage space module;
Step 3, algorithm supplementary module read data storage spatial mode signing messages in the block, and carry out bounds checking to it;
Step 4, hash computing module read data storage spatial mode identity information in the block, and carry out hash operation, then again Operation result is stored in data storage space module;
Step 5, algorithm control module check module, point doubling control module, operation according to Montgomery Algorithm control module, result Control module and result check that the sequence of module is scheduled successively;Point doubling control module exists with Montgomery Algorithm control module The data that will be stored in data storage space module in read step 2-4 in calculating process, and result of calculation is stored to data Storage space module;As a result check that module will check whether the check information generated is legal, by signature verification knot if legal Fruit is sent out by bus output interface, otherwise sends out signature verification failure signal by bus output interface.
CN201711335280.1A 2017-12-14 2017-12-14 Hardware implementation system of digital signature algorithm for identity authentication Active CN108322308B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201711335280.1A CN108322308B (en) 2017-12-14 2017-12-14 Hardware implementation system of digital signature algorithm for identity authentication

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711335280.1A CN108322308B (en) 2017-12-14 2017-12-14 Hardware implementation system of digital signature algorithm for identity authentication

Publications (2)

Publication Number Publication Date
CN108322308A true CN108322308A (en) 2018-07-24
CN108322308B CN108322308B (en) 2021-01-12

Family

ID=62892486

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711335280.1A Active CN108322308B (en) 2017-12-14 2017-12-14 Hardware implementation system of digital signature algorithm for identity authentication

Country Status (1)

Country Link
CN (1) CN108322308B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113193962A (en) * 2021-04-30 2021-07-30 安徽师范大学 SM2 digital signature generation and verifier based on lightweight modular multiplication

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7685436B2 (en) * 2003-10-02 2010-03-23 Itt Manufacturing Enterprises, Inc. System and method for a secure I/O interface
CN102737270A (en) * 2011-04-15 2012-10-17 航天信息股份有限公司 Security co-processor of bank smart card chip based on domestic algorithms
CN102761413A (en) * 2011-04-27 2012-10-31 航天信息股份有限公司 Implementation system of p-element domain SM2 elliptic curve public key cryptographic algorithm
CN103049710A (en) * 2012-12-13 2013-04-17 国家广播电影电视总局广播科学研究院 Field-programmable gate array (FPGA) chip for SM2 digital signature verification algorithm
US20140143522A1 (en) * 2012-11-20 2014-05-22 The Regents Of The University Of Michigan Prefetching based upon return addresses
CN104202161A (en) * 2014-08-06 2014-12-10 广东电网公司电力科学研究院 An SoC cryptographic chip
CN104503730A (en) * 2014-10-24 2015-04-08 山东华芯半导体有限公司 Instruction-based large-number point addition and point multiplication operation circuit and realization method
CN106549769A (en) * 2016-12-08 2017-03-29 广东工业大学 SM2 ellipse curve signatures system under a kind of prime field Fp

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7685436B2 (en) * 2003-10-02 2010-03-23 Itt Manufacturing Enterprises, Inc. System and method for a secure I/O interface
CN102737270A (en) * 2011-04-15 2012-10-17 航天信息股份有限公司 Security co-processor of bank smart card chip based on domestic algorithms
CN102761413A (en) * 2011-04-27 2012-10-31 航天信息股份有限公司 Implementation system of p-element domain SM2 elliptic curve public key cryptographic algorithm
US20140143522A1 (en) * 2012-11-20 2014-05-22 The Regents Of The University Of Michigan Prefetching based upon return addresses
CN103049710A (en) * 2012-12-13 2013-04-17 国家广播电影电视总局广播科学研究院 Field-programmable gate array (FPGA) chip for SM2 digital signature verification algorithm
CN104202161A (en) * 2014-08-06 2014-12-10 广东电网公司电力科学研究院 An SoC cryptographic chip
CN104503730A (en) * 2014-10-24 2015-04-08 山东华芯半导体有限公司 Instruction-based large-number point addition and point multiplication operation circuit and realization method
CN106549769A (en) * 2016-12-08 2017-03-29 广东工业大学 SM2 ellipse curve signatures system under a kind of prime field Fp

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113193962A (en) * 2021-04-30 2021-07-30 安徽师范大学 SM2 digital signature generation and verifier based on lightweight modular multiplication

Also Published As

Publication number Publication date
CN108322308B (en) 2021-01-12

Similar Documents

Publication Publication Date Title
CN107566117B (en) A kind of block chain key management system and method
CN109726598A (en) Embedded-type security encryption chip based on Cloud Server
US20200228547A1 (en) Security monitoring information-based provisioning of digital certificates in software defined data centers
CN110100422B (en) Data writing method and device based on block chain intelligent contract and storage medium
CN108345806A (en) A kind of hardware encryption card and encryption method
CN102737270B (en) A kind of bank intelligent card chip secure coprocessor based on domestic algorithm
TW202001657A (en) Integrated-chip -based data processing method, computing device, and storage media
US11375369B2 (en) Message authentication method and communication method of communication network system, and communication network system
CN111125781B (en) File signature method and device and file signature verification method and device
CN112732297B (en) Method and device for updating federal learning model, electronic equipment and storage medium
CN112883408B (en) Encryption and decryption system and chip for private calculation
CN111131412A (en) Method and system for computing nodes by 5G mobile terminal, mobile terminal and cloud server
CN114826733B (en) File transmission method, device, system, equipment, medium and program product
CN109697370A (en) Database data encipher-decipher method, device, computer equipment and storage medium
CN112100673A (en) Federal learning accelerator and RSA intersection calculation method for privacy calculation
CN102088349A (en) Personalized method and system of intelligent card
CN113422683B (en) Edge cloud cooperative data transmission method, system, storage medium and terminal
EP4082154A1 (en) System and method of management of a shared cryptographic account
CN113422686A (en) Gateway layer authentication method, system, electronic device and storage medium
Zhao et al. Fuzzy identity-based dynamic auditing of big data on cloud storage
CN110716724B (en) Method and device for realizing privacy block chain based on FPGA
CN114417374A (en) Intelligent contract business card method, device, equipment and storage medium based on block chain
CN105337731B (en) Method of data synchronization and system after a kind of improvement of encryption device
CN110598416A (en) Transaction scheduling method and device
CN108322308A (en) A kind of system for implementing hardware of Digital Signature Algorithm for authentication

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant