CN108650078A - A kind of accelerated method of SM9 id passwords algorithm - Google Patents

A kind of accelerated method of SM9 id passwords algorithm Download PDF

Info

Publication number
CN108650078A
CN108650078A CN201810241155.2A CN201810241155A CN108650078A CN 108650078 A CN108650078 A CN 108650078A CN 201810241155 A CN201810241155 A CN 201810241155A CN 108650078 A CN108650078 A CN 108650078A
Authority
CN
China
Prior art keywords
domain
algorithm
expansion
efficiency
specific
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201810241155.2A
Other languages
Chinese (zh)
Inventor
李丹
徐茂智
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing CEC Huada Electronic Design Co Ltd
Original Assignee
Beijing CEC Huada Electronic Design Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing CEC Huada Electronic Design Co Ltd filed Critical Beijing CEC Huada Electronic Design Co Ltd
Priority to CN201810241155.2A priority Critical patent/CN108650078A/en
Publication of CN108650078A publication Critical patent/CN108650078A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0822Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0863Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Complex Calculations (AREA)

Abstract

The present invention designs a kind of accelerated method for the close SM9 id passwords algorithm of state, expand domain structure and specific mathematical property based on 12 times in algorithm, it increases substantially 12 times and expands element-specific square multiplication efficiency in domain, it is mainly used in the close SM9 id passwords algorithm software and hardware of state and realizes field, be to improve the method that password realizes efficiency using mathematical property.SM9 is a kind of id password algorithm based on elliptic curve to design of the close publication of state, its safety-critical is the bilinearity feature of elliptic curve pair, and Bilinear map operation mathematically needs base field and expands the algorithm on domain, the expansion domain used in SM9 designs is obtained by tower expansion, any primary operation expanded on domain is required for based on a large amount of base field operation, the specific structure that the present invention passes through Miller algorithm characteristics and tower expansion in research Bilinear map calculating process, increase substantially 12 realization efficiency for expanding element-specific square multiplication in domain, compared to the expansion domain square multiplication of basis 12 times, operation efficiency can be improved nearly 50%.

Description

acceleration method of SM9 identification cryptographic algorithm
The technical field is as follows:
the method is mainly applied to the field of realization of software and hardware of the SM9 cryptographic identification algorithm.
Background art:
the SM9 cipher identification cryptographic algorithm 12-time domain expansion square multiplication acceleration method is mainly based on two aspects:
the 1.12-time domain expansion adopts a tower type expansion structure:
based on finite field Fp1-2-4-12 tower type expansion structure:
(1)
(2)
(3)
wherein,
finite field FpIs a finite field of modulo large prime number p, having a property p2≡1(mod 6);
The reduction polynomial for the second expansion in the (1) th time is: x is the number of2-α,α=-2;
The reduced polynomial for the second expansion at time (2) is: x is the number of2-u,u2=α,
The reduced polynomial for the cubic expansion performed in (3) th time is: x is the number of3-v,v2=u,
At the same time have omega3=v。
2. Specific order of elements after Miller's algorithm in bilinear pairings:
the SM9 identification algorithm makes the element (p) at the end of Miller algorithm in the calculation process of elliptic curve pair2+1)(p6Power of-1), and expansion 12 times, as known from the tower-like expansion structureOf order p for any non-zero element in the domain12-1,
Due to the fact that
p12-1=(p2+1)(p6-1)(p4-p2+1)
Then is done (p)2+1)(p6-1) the order of the elements raised to the power is (p)4-p2+1)。
The invention content is as follows:
based on the two backgrounds, the method for accelerating square multiplication operation of elements after Miller algorithm comprises the following steps:
note that the element α in the 12-degree extension field is a + b ω + c ω2Wherein a, b and c are elements in 4-time extension domain, and the notation of a is a0+a1v,Wherein a is0,a1Is an element in a 2-time expansion field, and the same applies to b and c
(1) Calculating a in 4-degree extension2AndcomputingMarking as A;
(2) calculating c in 4-degree extension2AndcomputingMarking as B;
(3) calculating b in 4-degree extension2AndcomputingMarking as C;
(4) finally α2=A+Bω+Cω2
Wherein,
and in the operation converted into the base domain, the ordinary square multiplication of 12 times needs 36 times of multiplication and 174 times of addition, and the improved square multiplication only needs 18 times of multiplication and 130 times of addition, so that the efficiency is improved by nearly 50%.
The analysis table of the operation efficiency of the square multiplication on the 12-time extension is as follows:
note that the 12-time spread element α ═ a + b ω + c ω2Wherein a, b and c are elements in 4-degree extension, if a ═ a0+a1v, then rememberWherein a is0,a1Is an element in 2-degree extension field, note α2=A+Bw+Cw2
Description of the drawings:
a flow chart of a 12-time domain expansion square multiplication operation.
The specific implementation mode is as follows:
as illustrated in fig. 1, let α be a + b ω + c ω2Wherein a, b and c are elements in 4-degree extension, if a ═ a0+a1v, then rememberWherein a is0,a1Is an element in a 2-time expansion domain
Calculation α2=A+Bω+Cω2
Wherein,
specific analysis:
the 6 th order expansion group was constructed as follows:
where q is a positive integer and q ≡ 1(mod 6).
Order to
α=(a0+a1v)+(b0+b1v)ω+(c0+c1v)ω2=a+bω+cω2
Wherein
a=a0+a1v
b=b0+b1v
c=c0+c1v
Then there is
α2=a2+2abω+(2ac+b22+2bcω3+c2ω4
=(a2+2bcv)+(2ab+c2v)ω+(2ac+b22
=A+Bω+Cω2
Wherein
A=a2+2bcv
B=2ab+c2v
C=2ac+b2
The observation and discovery
vq=v2(q-1)/2·v=ξ(q-1)/2·v
Since (ξ)(q-1)/2)2=ξ(q-1)1, and v2- ξ is a primitive polynomial, ζ(q-1)/2=-1
Then
vq=-v
ωq=ω3(q-1)/3·ω=v(q-1)/3·ω=v2(q-1)/6·ω=ξ(q-1)/6·ω
Introducing 6-order unit root deltaI.e. delta6-1=0,δ2-1≠0,δ3-1 ≠ 0, then
ωq=δ·ω
And is composed of
δ6-1=(δ2-1)(δ42+1)=0
δ6-1=(δ3-1)(δ3+1)=0
Is provided with
42+1)=0
3+1)=0
Due to the fact that
(a+bv)q=a+bvq=a-bv
If A is a + bv, it will be noted
If q is equal to p2When the expansion domain of degree 12 is regarded as polynomial expansion of degree 6, the element order after the outer power of miller cycle is (q)2Q +1), this element being denoted α, having
Namely, it is
Bringing the expression of upper α into
After expansion and combination, the right side of the equation is 0, and the left side polynomial ω polynomial constant term is:
the first item is as follows:
the second order term is:
the polynomial is 0, i.e. the coefficients of the terms are 0, which results in:
substituting the expression A, B and C into the expression:

Claims (1)

1. An acceleration method of SM9 identification cryptographic algorithm is characterized in that for any one time of power operation of elements on 12 expansion fields required after Miller algorithm in bilinear pairing operation process, the acceleration power algorithm comprises the following steps:
note that the element α in the 12-degree extension field is a + b ω + c ω2Wherein a, b and c are elements in 4-time extension domain, and the notation of a is a0+a1v,Wherein a is0,a1Is an element in a 2-time expansion field, and the same applies to b and c
(1) Calculating a in 4-degree extension2AndcomputingMarking as A;
(2) calculating c in 4-degree extension2AndcomputingMarking as B;
(3) calculating b in 4-degree extension2AndcomputingMarking as C;
(4) finally α2=A+Bω+Cω2
CN201810241155.2A 2018-03-22 2018-03-22 A kind of accelerated method of SM9 id passwords algorithm Pending CN108650078A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810241155.2A CN108650078A (en) 2018-03-22 2018-03-22 A kind of accelerated method of SM9 id passwords algorithm

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810241155.2A CN108650078A (en) 2018-03-22 2018-03-22 A kind of accelerated method of SM9 id passwords algorithm

Publications (1)

Publication Number Publication Date
CN108650078A true CN108650078A (en) 2018-10-12

Family

ID=63744707

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810241155.2A Pending CN108650078A (en) 2018-03-22 2018-03-22 A kind of accelerated method of SM9 id passwords algorithm

Country Status (1)

Country Link
CN (1) CN108650078A (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112202568A (en) * 2020-10-09 2021-01-08 天津大学 Software and hardware collaborative design SM9 digital signature communication method and system
CN112398652A (en) * 2021-01-20 2021-02-23 北京信安世纪科技股份有限公司 Method, device, equipment and storage medium for determining R-ate pair
CN112769557A (en) * 2020-12-30 2021-05-07 北京宏思电子技术有限责任公司 Implementation method and device for accelerating SM9 bilinear pairing operation in embedded system
CN113660087A (en) * 2021-07-06 2021-11-16 浙江传媒学院 SM9 identification cryptographic algorithm hardware implementation system based on finite field
CN114143005A (en) * 2021-11-15 2022-03-04 武汉大学 Acceleration method for Tate bilinear pairings and variants thereof
CN114296688A (en) * 2021-11-09 2022-04-08 南京邮电大学 Domain expansion-based pin-shaped fuzzy function signal construction method
CN114697033A (en) * 2020-12-29 2022-07-01 紫光同芯微电子有限公司 Optimization implementation method for domain expansion inversion of SM9 identification cryptographic algorithm

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100246813A1 (en) * 2009-03-30 2010-09-30 The Regents Of The University Of California Method and system for accelerating the deterministic enciphering of data in a small domain
CN102479171A (en) * 2010-11-25 2012-05-30 上海华虹集成电路有限责任公司 Method for realizing Eta bilinear pairings on supersingular curve in binary field
CN106921638A (en) * 2015-12-28 2017-07-04 航天信息股份有限公司 A kind of safety device based on asymmetric encryption

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100246813A1 (en) * 2009-03-30 2010-09-30 The Regents Of The University Of California Method and system for accelerating the deterministic enciphering of data in a small domain
CN102479171A (en) * 2010-11-25 2012-05-30 上海华虹集成电路有限责任公司 Method for realizing Eta bilinear pairings on supersingular curve in binary field
CN106921638A (en) * 2015-12-28 2017-07-04 航天信息股份有限公司 A kind of safety device based on asymmetric encryption

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
袁峰: "SM9标识密码算法综述", 《信息安全研究》 *

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112202568A (en) * 2020-10-09 2021-01-08 天津大学 Software and hardware collaborative design SM9 digital signature communication method and system
CN114697033A (en) * 2020-12-29 2022-07-01 紫光同芯微电子有限公司 Optimization implementation method for domain expansion inversion of SM9 identification cryptographic algorithm
CN112769557A (en) * 2020-12-30 2021-05-07 北京宏思电子技术有限责任公司 Implementation method and device for accelerating SM9 bilinear pairing operation in embedded system
CN112769557B (en) * 2020-12-30 2022-10-18 北京宏思电子技术有限责任公司 Implementation method and device for accelerating SM9 bilinear pairing operation in embedded system
CN112398652A (en) * 2021-01-20 2021-02-23 北京信安世纪科技股份有限公司 Method, device, equipment and storage medium for determining R-ate pair
CN113660087A (en) * 2021-07-06 2021-11-16 浙江传媒学院 SM9 identification cryptographic algorithm hardware implementation system based on finite field
CN113660087B (en) * 2021-07-06 2023-09-26 浙江传媒学院 SM9 identification cipher algorithm hardware realization system based on finite field
CN114296688A (en) * 2021-11-09 2022-04-08 南京邮电大学 Domain expansion-based pin-shaped fuzzy function signal construction method
CN114143005A (en) * 2021-11-15 2022-03-04 武汉大学 Acceleration method for Tate bilinear pairings and variants thereof
CN114143005B (en) * 2021-11-15 2023-12-08 武汉大学 Tate bilinear pair and accelerating method for variant thereof

Similar Documents

Publication Publication Date Title
CN108650078A (en) A kind of accelerated method of SM9 id passwords algorithm
Zeng et al. Two new permutation polynomials with the form over
JP2009537025A5 (en)
Dawahdeh et al. Modified ElGamal elliptic curve cryptosystem using hexadecimal representation
US20180097633A1 (en) Signature generation and verification system
CN103929305A (en) SM2 signature algorithm implementation method
JP5742735B2 (en) COMMUNICATION DEVICE AND COMMUNICATION METHOD
CN112019352A (en) SM9 quick signature method and system and electronic equipment
Ballet et al. Shimura modular curves and asymptotic symmetric tensor rank of multiplication in any finite field
Pasquetti et al. Comments on “Filter-based stabilization of spectral element methods”
Xu et al. An improved sliding window algorithm for ECC multiplication
Howgrave-Graham et al. A method to solve cyclotomic norm equations
CN107017987A (en) The elliptic curve method of Bilinear map is selected in a kind of security password technology
Wroński Faster point scalar multiplication on short weierstrass elliptic curves over fp using twisted hessian curves over Fp2
Arshad et al. Auto and cross correlation of well balanced sequence over odd characteristic field
Arshad et al. Multi-value sequence generated by trace function and power residue symbol over proper sub extension field
Akleylek et al. Efficient interleaved Montgomery modular multiplication for lattice-based cryptography
Miura et al. Analysis of a method to eliminate fruitless cycles for Pollard’s rho method with skew Frobenius mapping over a Barreto-Naehrig curve
Hegde et al. Pollard RHO algorithm for integer factorization and discrete logarithm problem
Kanzawa et al. A Method to Eliminate Fruitless Cycles for Pollard's Rho Method by Splitting a Seed-point Table for a Random Walk
CN106407631A (en) Co-processor implementation method suitable for bilinear pairing crypto chip
Kanzawa et al. Effectiveness of a Method to Eliminate Fruitless Cycles for Pollard's Rho Method
CN114143005B (en) Tate bilinear pair and accelerating method for variant thereof
Ticleanu Endomorphisms on elliptic curves for optimal subspaces and applications to differential equations and nonlinear cryptography
Randal-Williams A REMARK ON THE HOMOLOGY OF TEMPERLEY–LIEB ALGEBRAS

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20181012

WD01 Invention patent application deemed withdrawn after publication