CN108390761B - Hardware implementation method of dual-domain modular inversion - Google Patents

Hardware implementation method of dual-domain modular inversion Download PDF

Info

Publication number
CN108390761B
CN108390761B CN201810135926.XA CN201810135926A CN108390761B CN 108390761 B CN108390761 B CN 108390761B CN 201810135926 A CN201810135926 A CN 201810135926A CN 108390761 B CN108390761 B CN 108390761B
Authority
CN
China
Prior art keywords
domain
operation unit
bits
shift
bit
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201810135926.XA
Other languages
Chinese (zh)
Other versions
CN108390761A (en
Inventor
李艳华
张玉禄
律博
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
WISE SECURITY TECHNOLOGY (BEIJING) CO LTD
Original Assignee
WISE SECURITY TECHNOLOGY (BEIJING) CO LTD
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by WISE SECURITY TECHNOLOGY (BEIJING) CO LTD filed Critical WISE SECURITY TECHNOLOGY (BEIJING) CO LTD
Priority to CN201810135926.XA priority Critical patent/CN108390761B/en
Publication of CN108390761A publication Critical patent/CN108390761A/en
Application granted granted Critical
Publication of CN108390761B publication Critical patent/CN108390761B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Algebra (AREA)
  • Mathematical Analysis (AREA)
  • Mathematical Optimization (AREA)
  • Mathematical Physics (AREA)
  • Pure & Applied Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Devices For Executing Special Programs (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention discloses a hardware implementation method of dual-domain modular inversion, and relates to the technical field of information security. The method adopts hardware description language to construct a modular inverse control state machine and modular addition, modular subtraction and shift operation units of two finite fields, and calls the modular addition, modular subtraction and shift operation units of the two finite fields through the modular inverse control state machine, and hardware realizes double-field modular inverse operation of two finite fields of a prime field and a binary field.

Description

Hardware implementation method of dual-domain modular inversion
Technical Field
The invention relates to the technical field of information security, in particular to a hardware implementation method of dual-domain modular inversion.
Background
With the development of computer networks and information technologies, information security plays an increasingly important role in various fields, wherein cryptography becomes the core of the information security technology, and Elliptic Curve Cryptography (ECC) is an emerging public key cryptosystem. Compared with the traditional RSA algorithm, the ECC has the advantages of shorter key length, less storage and quicker calculation under the condition of keeping the same security strength. The technical advantage of ECC is widely concerned by the cryptographic field and the information security industry, and has good application prospect.
At present, the domestic ECC algorithm is an SM2 algorithm, the main operation of the ECC (SM2) algorithm is finite field arithmetic operation, and the related finite field operation comprises two types: prime and binary domains. In the existing application-specific integrated circuit related to the ECC (SM2) algorithm, the finite field modular inversion operation is a relatively important step in the ECC (SM2) algorithm, and the hardware modular inversion can greatly improve the speed of implementing the ECC (SM2) algorithm, but the chip for implementing the hardware finite field modular inversion is fewer, especially the dual-field modular inversion including two finite fields, namely a prime field and a binary field.
Disclosure of Invention
The present invention is directed to a hardware implementation method of dual-domain modular inversion, so as to solve the foregoing problems in the prior art.
In order to achieve the purpose, the technical scheme adopted by the invention is as follows:
a hardware implementation method of dual-domain modular inversion comprises the following steps:
s1, modeling an inverse control state machine and a basic operation unit by adopting a hardware description language structure, wherein the basic operation unit comprises: the device comprises a shift operation unit, a modulo addition operation unit of a prime field and a binary field, and a modulo subtraction operation unit of the prime field and the binary field;
and S2, the modular inversion control state machine realizes the dual-domain modular inversion operation of two finite domains of the prime domain and the binary domain by calling modular addition, modular subtraction and shift operation units of the prime domain and the binary domain according to the modular inversion algorithm flow of the prime domain and the binary domain through hardware.
Preferably, in S1, the hardware description language is verilog.
Preferably, the prime domain and binary domain modular inversion algorithm flow is implemented according to the following two stages:
the first stage is as follows: approximate modular inversion phase with element a2 in the Montgomery domainmThe sum modulus p is input, and an intermediate result is obtained as a-12k-mmod p and a parameter k, which is implemented in hardware by a modulo inverse control state machine by invoking modulo addition, modulo subtraction and shift arithmetic units of a prime field and a binary field, where a2mIs an element in the Montgomery domain, p is a modulus, m is a digit number, n is the most significant bit of p, m ≧ n (2)n-1≤p≤2n);
And a second stage:a correction stage for outputting the intermediate result a-12k-mmod p to the final result a-12mmod p, this stage can be implemented in hardware or in software calling modular multiplication.
More preferably, the first stage is carried out as follows:
s201, taking the variables u, v, x1, x2 and k, wherein the initial value of the variable u is a2mThe initial value of the variable v is p, the initial value of x1 is 1, the initial value of x2 is 0, and the initial value of k is 0;
s202, judging the lower three bits of the variable v:
if the lowest bit of v is 0, calling a shift operation unit to shift v by one bit to the right, shift x1 by one bit to the left, and k is k + 1;
if the lowest two bits of v are 0, calling a shift operation unit to shift v by two bits to the right, shift x1 by two bits to the left, and shift k to k + 2;
if the lowest three bits of v are 0, calling a shift operation unit to shift v to the right by three bits, x1 to the left by three bits, and k is k + 3;
s203, judging the lower three bits of u:
if the lowest bit of u is 0, calling a shift operation unit to shift u by one bit to the right, x2 by one bit to the left, and k is k + 1;
if the lowest two bits of u are 0, calling a shift operation unit, shifting u by two bits to the right, shifting x2 by two bits to the left, and setting k as k + 2;
if the lowest three bits of u are 0, calling a shift operation unit to shift u to the right by three bits, x2 to the left by three bits, and k is k + 3;
s204, judging the current domain,
if the current domain is the prime domain, the modulo addition of the prime domain is called, and the modulo reduction operation unit calculates an intermediate variable: x-v-u, y-u-v, z-x 1+ x2, and judges u, v: if v > u, calling a shift operation unit to perform shift operation, wherein v is shifted to the right by one bit, x1 is shifted to the left by one bit, x1 is shifted to the left by one bit, x2 is z, and k is k + 1; if u > v, calling a shift operation unit to perform shift operation, wherein u is right shifted by one, x1 is z, x2 is x2 is left shifted by one, and k is k + 1;
if the current domain is a binary domain, calling a modular addition and modular subtraction operation unit of the binary domain to calculate an intermediate variable: x ^ v ^ u, z ^ x1^ x2, and determining deg (v) and deg (u), where deg (u), deg (v) represent u, v degrees: if deg (v) deg (u), calling the shift operation unit to perform shift operation, wherein v is shifted right by one bit, x1 is shifted left by one bit, x2 is shifted left by one bit, and k is shifted k + 1; if deg (u) deg (v), calling the shift operation unit to perform shift operation, where u equals x shifts right by one bit, x1 equals z, x2 equals x2 shifts left by one bit, and k equals k + 1;
s205, if v is not equal to 0, returning to S202;
s206, judging the current domain,
if the current domain is a prime domain, outputting an operation result of the prime domain modulo inversion and a parameter k: if x1> p, result is x 1-p; if x1< p, result ═ x 1;
if the current domain is a binary domain, calling a binary domain modulo addition, modulo subtraction and shift operation unit, and calculating an intermediate variable: x is p ^ x1, y is 1 and is left shifted by m bits, z is (2 ^ p) ^ x 1; and outputting a binary domain modulo inverse operation result and a parameter k: if y is more than or equal to x, result is x; if y is more than or equal to z, result is z; if none of the above conditions is met, result is x 1.
The invention has the beneficial effects that: the embodiment of the invention provides a hardware realization method of double-domain modular inversion, which adopts a hardware description language to construct a modular inversion control state machine and modular addition, modular subtraction and shift operation units of two finite domains, and the modular addition, modular subtraction and shift operation units of the two finite domains are called by the modular inversion control state machine, so that the hardware realizes the double-domain modular inversion operation of two finite domains of a prime domain and a binary domain.
Drawings
FIG. 1 is a diagram of a hardware architecture for implementing a dual-domain modular inverse operation;
fig. 2 is a basic flow chart of the implementation of the dual-domain modulo inverse control state machine.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is further described in detail below with reference to the accompanying drawings. It should be understood that the detailed description and specific examples, while indicating the invention, are intended for purposes of illustration only and are not intended to limit the scope of the invention.
As shown in fig. 1, an embodiment of the present invention provides a hardware implementation method for dual-domain modular inversion, including the following steps:
s1, modeling an inverse control state machine and a basic operation unit by adopting a hardware description language structure, wherein the basic operation unit comprises: the device comprises a shift operation unit, a modulo addition operation unit of a prime field and a binary field, and a modulo subtraction operation unit of the prime field and the binary field;
and S2, the modular inversion control state machine realizes the dual-domain modular inversion operation of two finite domains of the prime domain and the binary domain by calling modular addition, modular subtraction and shift operation units of the prime domain and the binary domain according to the modular inversion algorithm flow of the prime domain and the binary domain through hardware.
Because the basic operation unit called by the algorithm of the binary domain and the prime domain modular inversion is a basic unit which can be realized by hardware such as modular addition, modular subtraction and shifting, and the main flow of the algorithm of the prime domain and the binary domain modular inversion is basically consistent, in the embodiment of the invention, the modular inversion of the two finite domains of the prime domain and the binary domain is realized by the hardware by constructing a control state machine and the basic operation unit of the prime domain and the binary domain and calling the modular addition, modular subtraction and shifting operation units of the prime domain and the binary domain according to the main flow of the algorithm of the two finite domains of the prime domain and the binary domain by the control state machine, so that the speed of realizing the algorithm can be greatly improved, logic resources can be saved, and the area can be saved.
In a preferred embodiment of the present invention, in S1, the hardware description language may be verilog.
Since Verilog is a basic language for hardware design and can meet the design requirements of mainstream hardware at present, the hardware description language is adopted in the embodiment of the present invention.
Other description languages may also be used for hardware design, as will be appreciated by those skilled in the art.
In another preferred embodiment of the present invention, the modular inversion algorithm flow of the prime domain and the binary domain can be implemented in two stages as follows:
the first stage is as follows: approximate modular inversion phase with element a2 in the Montgomery domainmThe sum modulus p is input, and an intermediate result is obtained as a-12k-mmod p and a parameter k, which is implemented in hardware by a modulo inverse control state machine by invoking modulo addition, modulo subtraction and shift arithmetic units of a prime field and a binary field, where a2mIs an element in the Montgomery domain, p is a modulus, m is a digit number, n is the most significant bit of p, m ≧ n (2)n-1≤p≤2n);
And a second stage: a correction stage for outputting the intermediate result a-12k-mmod p to the final result a-12mmod p, this stage can be implemented in hardware or in software calling modular multiplication.
In the first stage of the two finite field modular inversion algorithms, a multi-bit shifting Montgomery modular inversion algorithm is adopted, the algorithm is evolved from an extended Euclidean algorithm, a multi-bit shifting technology for shifting three bits at most once is adopted, the basic operation called in the technology is only modular addition, modular subtraction and shifting of two finite fields, and the three hardware basic operation units can be realized by hardware.
In a preferred embodiment of the present invention, the first stage may be specifically implemented according to the following steps:
s201, taking the variables u, v, x1, x2 and k, wherein the initial value of the variable u is a2mThe initial value of the variable v is p, the initial value of x1 is 1, the initial value of x2 is 0, and the initial value of k is 0;
s202, judging the lower three bits of the variable v:
if the lowest bit of v is 0, calling a shift operation unit to shift v by one bit to the right, shift x1 by one bit to the left, and k is k + 1;
if the lowest two bits of v are 0, calling a shift operation unit to shift v by two bits to the right, shift x1 by two bits to the left, and shift k to k + 2;
if the lowest three bits of v are 0, calling a shift operation unit to shift v to the right by three bits, x1 to the left by three bits, and k is k + 3;
s203, judging the lower three bits of u:
if the lowest bit of u is 0, calling a shift operation unit to shift u by one bit to the right, x2 by one bit to the left, and k is k + 1;
if the lowest two bits of u are 0, calling a shift operation unit, shifting u by two bits to the right, shifting x2 by two bits to the left, and setting k as k + 2;
if the lowest three bits of u are 0, calling a shift operation unit to shift u to the right by three bits, x2 to the left by three bits, and k is k + 3;
s204, judging the current domain,
if the current domain is the prime domain, calling a modular addition and modular subtraction operation unit of the prime domain to calculate an intermediate variable: x-v-u, y-u-v, z-x 1+ x2, and judges u, v: if v > u, calling a shift operation unit to perform shift operation, wherein v is shifted to the right by one bit, x1 is shifted to the left by one bit, x1 is shifted to the left by one bit, x2 is z, and k is k + 1; if u > v, calling a shift operation unit to perform shift operation, wherein u is right shifted by one, x1 is z, x2 is x2 is left shifted by one, and k is k + 1;
if the current domain is a binary domain, calling a modular addition and modular subtraction operation unit of the binary domain to calculate an intermediate variable: x ^ v ^ u, z ^ x1^ x2, and determining deg (v) and deg (u), where deg (u), deg (v) represent u, v degrees: if deg (v) deg (u), calling the shift operation unit to perform shift operation, wherein v is shifted right by one bit, x1 is shifted left by one bit, x2 is shifted left by one bit, and k is shifted k + 1; if deg (u) deg (v), calling the shift operation unit to perform shift operation, where u equals x shifts right by one bit, x1 equals z, x2 equals x2 shifts left by one bit, and k equals k + 1;
s205, if v is not equal to 0, returning to S202;
s206, judging the current domain,
if the current domain is a prime domain, outputting an operation result of the prime domain modulo inversion and a parameter k: if x1> p, result is x 1-p; if x1< p, result ═ x 1;
if the current domain is a binary domain, calling a binary domain modulo addition, modulo subtraction and shift operation unit, and calculating an intermediate variable: x is p ^ x1, y is 1 and is left shifted by m bits, z is (2 ^ p) ^ x 1; and outputting a binary domain modulo inverse operation result and a parameter k: if y is more than or equal to x, result is x; if y is more than or equal to z, result is z; if none of the above conditions is met, result is x 1.
In a specific implementation process of the method provided by the embodiment of the present invention, a basic flow of a modular inverse control state machine may be as shown in fig. 2, and an explanation of each state in fig. 2 may be as follows:
Figure BDA0001576284180000061
Figure BDA0001576284180000071
Figure BDA0001576284180000081
Figure BDA0001576284180000091
Figure BDA0001576284180000101
Figure BDA0001576284180000111
as can be understood by those skilled in the art, in the specific implementation process of the method provided in the embodiment of the present invention, the modulo inversion control state machine may also adopt other basic flows.
By adopting the technical scheme disclosed by the invention, the following beneficial effects are obtained: the embodiment of the invention provides a hardware realization method of double-domain modular inversion, which adopts a hardware description language to construct a modular inversion control state machine and modular addition, modular subtraction and shift operation units of two finite domains, and the modular addition, modular subtraction and shift operation units of the two finite domains are called by the modular inversion control state machine, so that the hardware realizes the double-domain modular inversion operation of two finite domains of a prime domain and a binary domain.
The embodiments in the present specification are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other.
It should be understood by those skilled in the art that the timing sequence of the method steps provided in the above embodiments may be adaptively adjusted according to actual situations, or may be concurrently performed according to actual situations.
All or part of the steps in the methods according to the above embodiments may be implemented by a program instructing related hardware, where the program may be stored in a storage medium readable by a computer device and used to execute all or part of the steps in the methods according to the above embodiments. The computer device, for example: personal computer, server, network equipment, intelligent mobile terminal, intelligent home equipment, wearable intelligent equipment, vehicle-mounted intelligent equipment and the like; the storage medium, for example: RAM, ROM, magnetic disk, magnetic tape, optical disk, flash memory, U disk, removable hard disk, memory card, memory stick, network server storage, network cloud storage, etc.
Finally, it should also be noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
The foregoing is only a preferred embodiment of the present invention, and it should be noted that, for those skilled in the art, various modifications and improvements can be made without departing from the principle of the present invention, and such modifications and improvements should also be considered within the scope of the present invention.

Claims (2)

1. A hardware implementation method of dual-domain modular inversion is characterized by comprising the following steps:
s1, modeling an inverse control state machine and a basic operation unit by adopting a hardware description language structure, wherein the basic operation unit comprises: the device comprises a shift operation unit, a modulo addition operation unit of a prime field and a binary field, and a modulo subtraction operation unit of the prime field and the binary field;
s2, the module inverse control state machine realizes the dual-domain module inverse operation of two finite domains of the prime domain and the binary domain by calling module adding, module subtracting and shifting operation units of the prime domain and the binary domain according to the module inverse algorithm flow of the prime domain and the binary domain;
the prime domain and binary domain modular inverse algorithm flow is implemented according to the following two stages:
the first stage is as follows: approximate modular inversion phase with element a2 in the Montgomery domainmThe sum modulus p is input, and an intermediate result is obtained as a-12k-mmod p and a parameter k, which is implemented in hardware by a modulo inverse control state machine by invoking modulo addition, modulo subtraction and shift arithmetic units of a prime field and a binary field, where a2mIs an element in the Montgomery domain, p is a modulus, m is a digit number, n is the most significant bit of p, m ≧ n (2)n-1≤p≤2n);
The first stage is carried out according to the following steps:
s201, taking the variables u, v, x1, x2 and k, wherein the initial value of the variable u is a2mThe initial value of the variable v is p, the initial value of x1 is 1, the initial value of x2 is 0, and the initial value of k is 0;
s202, judging the lower three bits of the variable v:
if the lowest bit of v is 0, calling a shift operation unit to shift v by one bit to the right, shift x1 by one bit to the left, and k is k + 1;
if the lowest two bits of v are 0, calling a shift operation unit to shift v by two bits to the right, shift x1 by two bits to the left, and shift k to k + 2;
if the lowest three bits of v are 0, calling a shift operation unit to shift v to the right by three bits, x1 to the left by three bits, and k is k + 3;
s203, judging the lower three bits of u:
if the lowest bit of u is 0, calling a shift operation unit to shift u by one bit to the right, x2 by one bit to the left, and k is k + 1;
if the lowest two bits of u are 0, calling a shift operation unit, shifting u by two bits to the right, shifting x2 by two bits to the left, and setting k as k + 2;
if the lowest three bits of u are 0, calling a shift operation unit to shift u to the right by three bits, x2 to the left by three bits, and k is k + 3;
s204, judging the current domain,
if the current domain is the prime domain, the modulo addition of the prime domain is called, and the modulo reduction operation unit calculates an intermediate variable: x-v-u, y-u-v, z-x 1+ x2, and judges u, v: if v > u, calling a shift operation unit to perform shift operation, wherein v is shifted to the right by one bit, x1 is shifted to the left by one bit, x1 is shifted to the left by one bit, x2 is z, and k is k + 1; if u > v, calling a shift operation unit to perform shift operation, wherein u is right shifted by one, x1 is z, x2 is x2 is left shifted by one, and k is k + 1;
if the current domain is a binary domain, calling a modular addition and modular subtraction operation unit of the binary domain to calculate an intermediate variable: x ^ v ^ u, z ^ x1^ x2, and determining deg (v) and deg (u), where deg (u), deg (v) represent u, v degrees: if deg (v) deg (u), calling the shift operation unit to perform shift operation, wherein v is shifted right by one bit, x1 is shifted left by one bit, x2 is shifted left by one bit, and k is shifted k + 1; if deg (u) deg (v), calling the shift operation unit to perform shift operation, where u equals x shifts right by one bit, x1 equals z, x2 equals x2 shifts left by one bit, and k equals k + 1;
s205, if v is not equal to 0, returning to S202;
s206, judging the current domain,
if the current domain is a prime domain, outputting an operation result of the prime domain modulo inversion and a parameter k: if x1> p, result is x 1-p; if x1< p, result ═ x 1;
if the current domain is a binary domain, calling a binary domain modulo addition, modulo subtraction and shift operation unit, and calculating an intermediate variable: x is p ^ x1, y is 1 and is left shifted by m bits, z is (2 ^ p) ^ x 1; and outputting a binary domain modulo inverse operation result and a parameter k: if y is more than or equal to x, result is x; if y is more than or equal to z, result is z; if the conditions y is larger than or equal to x and y is larger than or equal to z, then result is x 1;
and a second stage: a correction stage for outputting the intermediate result a-12k-mmod p to the final result a-12mmod p, this stage can be implemented in hardware or in software calling modular multiplication.
2. The hardware implementation method of the dual-domain modular inversion of claim 1, wherein in S1, the hardware description language is verilog.
CN201810135926.XA 2018-02-09 2018-02-09 Hardware implementation method of dual-domain modular inversion Active CN108390761B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810135926.XA CN108390761B (en) 2018-02-09 2018-02-09 Hardware implementation method of dual-domain modular inversion

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810135926.XA CN108390761B (en) 2018-02-09 2018-02-09 Hardware implementation method of dual-domain modular inversion

Publications (2)

Publication Number Publication Date
CN108390761A CN108390761A (en) 2018-08-10
CN108390761B true CN108390761B (en) 2021-03-05

Family

ID=63075681

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810135926.XA Active CN108390761B (en) 2018-02-09 2018-02-09 Hardware implementation method of dual-domain modular inversion

Country Status (1)

Country Link
CN (1) CN108390761B (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101572602A (en) * 2008-04-28 2009-11-04 陈婧 Finite field inversion method based on hardware design and device thereof
CN105068784A (en) * 2015-07-16 2015-11-18 清华大学 Montgomery modular multiplication based Tate pairing algorithm and hardware structure therefor
CN105094746A (en) * 2014-05-07 2015-11-25 北京万协通信息技术有限公司 Method for achieving point addition/point doubling of elliptic curve cryptography

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101572602A (en) * 2008-04-28 2009-11-04 陈婧 Finite field inversion method based on hardware design and device thereof
CN105094746A (en) * 2014-05-07 2015-11-25 北京万协通信息技术有限公司 Method for achieving point addition/point doubling of elliptic curve cryptography
CN105068784A (en) * 2015-07-16 2015-11-18 清华大学 Montgomery modular multiplication based Tate pairing algorithm and hardware structure therefor

Non-Patent Citations (6)

* Cited by examiner, † Cited by third party
Title
"双有限域模乘和模逆算法及其硬件实现";陈光化等;《电子与信息学报》;20100915 *
"同时支持两种有限域的模逆算法及其硬件实现";王健、蒋安平、盛世敏;《北京大学学报(自然科学版)》;20060630 *
"椭圆曲线密码快速硬件实现算法研究与设计";孙万忠;《中国知网》;20090420 *
"高速双域求逆单元的设计与实现";蔡亮、戴紫彬、陈璐;《电子技术应用》;20080806 *
Research and Hardware Design of Scalable Dual-Field Montgomery Modular Inversion Algorithm;Chen Lin ect.;《www.scientific.net》;20110610 *
陈光化等."双有限域模乘和模逆算法及其硬件实现".《电子与信息学报》.2010, *

Also Published As

Publication number Publication date
CN108390761A (en) 2018-08-10

Similar Documents

Publication Publication Date Title
JP5116770B2 (en) Module reduction using folding
US8862651B2 (en) Method and apparatus for modulus reduction
CN109814838B (en) Method, hardware device and system for obtaining intermediate result set in encryption and decryption operation
CN101122850A (en) Large number multiplier based on secondary Booth coding
CN109933304B (en) Rapid Montgomery modular multiplier operation optimization method suitable for national secret sm2p256v1 algorithm
Chang Fast parallel DNA-based algorithms for molecular computation: Quadratic congruence and factoring integers
CN111740821B (en) Method and device for establishing shared secret key
CN107885486B (en) Composite finite field inversion device based on search tree
CN108390761B (en) Hardware implementation method of dual-domain modular inversion
US8527570B1 (en) Low cost and high speed architecture of montgomery multiplier
CN104123431B (en) A kind of mould of element is against computational methods and device
CN108228138B (en) Method for rapid modular multiplication of special domain in SIDH
CN114527956B (en) Calculation method for non-fixed point scalar multiplication in SM2 algorithm for resisting SPA attack
WO2019120066A1 (en) Fast mode reduction method and medium suitable for sm2 algorithm
CN207115387U (en) XIU accumulator registers, XIU accumulator registers circuit and electronic equipment
CN113467752B (en) Division operation device, data processing system and method for private calculation
CN115270155A (en) Method for obtaining maximum common divisor of big number expansion and hardware architecture
CN113190211A (en) Four-input FIOS modular multiplication algorithm and architecture design for bilinear pairings
Kim Efficient Algorithm for Multi-Bit Montgomery Inverse Using Refined Multiplicative Inverse Modular $2^ K$
Ma et al. Fast implementation for modular inversion and scalar multiplication in the elliptic curve cryptography
CN111722833A (en) SM2 algorithm parallel modular multiplier
Vergos et al. Fast modulo 2n+ 1 multi-operand adders and residue generators
CN110233727A (en) A kind of SM2 operation method, system, equipment and computer storage medium
CN117406957B (en) Modular multiplication method, modular multiplication assembly and semi-custom circuit
CN116820394B (en) Scalar multiplication circuit oriented to elliptic curve encryption algorithm

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant