CN111756538B - Method and device for realizing ECC scalar multiplier based on prime preprocessing - Google Patents

Method and device for realizing ECC scalar multiplier based on prime preprocessing Download PDF

Info

Publication number
CN111756538B
CN111756538B CN202010598636.6A CN202010598636A CN111756538B CN 111756538 B CN111756538 B CN 111756538B CN 202010598636 A CN202010598636 A CN 202010598636A CN 111756538 B CN111756538 B CN 111756538B
Authority
CN
China
Prior art keywords
point
scalar
prime
wnaf
preprocessing
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010598636.6A
Other languages
Chinese (zh)
Other versions
CN111756538A (en
Inventor
黄海
那宁
邢琳
刘志伟
于斌
赵石磊
彭天彬
陶宏敬
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Harbin University of Science and Technology
Original Assignee
Harbin University of Science and Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Harbin University of Science and Technology filed Critical Harbin University of Science and Technology
Priority to CN202010598636.6A priority Critical patent/CN111756538B/en
Publication of CN111756538A publication Critical patent/CN111756538A/en
Application granted granted Critical
Publication of CN111756538B publication Critical patent/CN111756538B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3006Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters
    • H04L9/3033Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters details relating to pseudo-prime or prime number generation, e.g. primality test
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/12Details relating to cryptographic hardware or logic circuitry
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D10/00Energy efficient computing, e.g. low power processors, power management or thermal management

Abstract

The application provides a method, a device and a storage device for realizing an ECC scalar multiplier based on prime number preprocessing, wherein prime number preprocessing is used for replacing odd number preprocessing in a wNAF, so that the preprocessing operation amount is greatly reduced; the multi-base chain coding concept is applied to the wNAF scalar multiplication, the search range of the addition chain is reduced to one nonzero number in the wNAF expression sequence, the time for constructing the addition chain is effectively reduced, and the problems of overlong time or large hardware area in search and construction time and the like existing in the conventional ECC scalar multiplier are solved.

Description

Method and device for realizing ECC scalar multiplier based on prime preprocessing
Technical Field
The application relates to the field of cryptography, in particular to an ECC scalar multiplier implementation method and device based on prime preprocessing.
Background
ECC (elliptic curve cryptography ) was proposed by Miller and Koblitz, respectively, in 1987, and compared with other public key cryptography systems, ECC can achieve smaller key length to achieve higher security strength, and is widely used in the fields of secure electronic commerce, mobile communication, e-government and blockchain, due to the characteristic of ECC. The signature scheme, the signature verification scheme and the key exchange scheme based on the ECC are accepted by authorities such as ANSI (American national institute of standards), IEEE, ISO and NIST (national institute of standards and technology), and are adopted as international standards, and with the continuous optimization of an ECC algorithm, under the condition of larger key encryption and decryption, the traditional software encryption and decryption modes are difficult to reach the required speed, so that the hardware encryption card is one of common modes for realizing the ECC.
The core of an ECC hardware implementation is a scalar multiplier whose implementation principle is to solve for the operation of one point Q, q=kp given an integer K (scalar) and one point P (base point) on the elliptic curve.
Common K is represented by D & A (Doubling and Addition), NAF (non-adjacent representation), wNAF (window non-adjacent-form), double-base chain or multi-base chain, but all of the above methods have drawbacks:
the D & A method implements an ECC scalar multiplier, and performs point-adding processing on data of non-zero bits due to the expansion of scalar K only, and the method is easy to be parallel, but the point-adding operation of the processing is huge.
Compared with the D & A method for realizing the ECC scalar multiplier, the NAF method and the wNAF method can reduce the number of point addition operations by processing odd data of 2 bits or even W bits at one time in a preprocessing mode by using an additional register or a memory, so that the non-zero bit rate in binary expansion of the scalar K in the calculation process is reduced, but the number of preprocessing operations is increased exponentially with the increase of a window W, which can lead to the time spent for searching on preprocessing operation or the increase of the number of registers for storing preprocessing, and the overlong searching time and the increase of hardware area are caused.
The double-base chain and multi-base chain method realizes ECC scalar multiplier, and in the process of constructing the double-base chain and the multi-base chain, scalar K is unfolded into a plurality of 2 bin *3 tri *5 qui And (3) accelerating scalar multiplication through addition chains and three, five and seven times points, exhausting the generation modes of all addition chains, selecting the best of the addition chains to carry out subsequent scalar multiplication, and constructing an optimal addition chain by the method is long in time, and if the constructed addition chain is long, the calculated amount and the running time are longer.
In summary, the existing implementations of ECC scalar multipliers have the problem of excessively long time or large hardware area for searching, building, etc.
Disclosure of Invention
Based on the problems, the application provides an ECC scalar multiplier implementation method, device and storage medium based on prime preprocessing, which are used for solving the problems of overlong time or larger hardware area in searching and constructing the prior ECC scalar multiplier.
The embodiment of the application discloses a method for realizing an ECC scalar multiplier based on prime preprocessing, which comprises the following steps:
step1, inputting a scalar K and a base point P, selecting the window size w of a wNAF representation sequence according to the memory size and the requirement of the required hardware area, and setting an empty result point for storing the result of each cycle;
step2. Generating a wNAF representation sequence of scalar K, the number of sequence bits being B, representing scalar K asWherein the number of bits B is selected from one of 15 curves recommended by NIST; k (k) i A binary value for each bit of scalar K;
step3 performing 2 on odd numbers in the wNAF expression sequence w Preprocessing all prime numbers;
step4, performing point doubling operation on the result point to obtain a new result point; by means of shift execution, the whole wNAF representation sequence generated by scalar K is executed from the place at B-1 to the place at 0 in turn;
step5, if the shift is executed until the wNAF indicates that the non-zero number K_B in the sequence is prime, searching a preprocessing point corresponding to the prime, and if the non-zero number K_B in the sequence is non-prime, searching a preprocessing point Q1 corresponding to the nearest prime s;
step6. Calculate the difference a between the non-zero number k_b and the nearest prime number s, if a is not equal to 0, construct the multi-base chain a=2 bin *3 tri *5 qui *7 set Searching a term with the frequency of 1 in the multi-base chain, replacing the term with a pretreatment point, and calculating Q2=aP, wherein bin represents a double-point frequency storage linked list, tri represents a triple-point frequency storage linked list, qui represents a quintupling frequency storage linked list, and set represents a seven-point frequency storage linked list; if a is equal to 0, q2=null;
step7, adding the Q1 and Q2 points to obtain a scalar multiplication result Q, carrying out point adding operation on the result point obtained after the Q and Step4 times of point operation, and updating the result stored in the result point again to be used as the scalar multiplication result;
step8, repeating Step4 to Step7, shifting for B times, and outputting final scalar multiplication result after all shifting is completed.
Further, the wNAF expression sequence for generating the scalar K with the bit number of B is used for expressing the scalar K asWherein the number of bits B may be selected from one of 15 curves recommended by NIST, including:
step2.1 let i=0
step 2.2 if the scalar K is greater than or equal to 1, repeating steps 2.3 through 2.5;
step 2.3 if K mod 2=1, K i =K mod 2 w ,K=K-k i ;
step 2.4 if K mod 2 = 0, then K = K/2, ki = 0;
step 2.5 let i=i+1;
step 2.6 wNAF returns K to represent the sequence D { K } B-1 , k B-2 ,…, k 1 , k 0 }。
Further, the method comprises the step of carrying out 2 on the odd number in the wNAF expression sequence w All prime number preprocessing operations below, including:
step3.1, calculating the double point of the base point P to obtain a double point result 2P;
step 3.2 let i=1, pre-processing point p_pre=p;
step3.3 determining if i is greater than 2 w -1, if so, returning all pre-processed pre-processing points; otherwise, continuing to judge whether i is prime, if so, storing P_pre for pre-calculation, and if not, making P_pre=P_pre+2P, and i=i+2;
step3.4, continuing to determine whether i in step3.3 is greater than 2 w -1, if yes, returning all pre-processed pre-processing points, otherwise, repeatedly executing step3.1-step3.4 until i is greater than 2 w -1 condition is satisfied.
Further, the multiple point operation specifically includes: this point is multiplied by 2 and the point addition operation is a two-point addition.
The embodiment of the application discloses an ECC scalar multiplier implementation device based on prime number preprocessing, which comprises a memory and a processor, wherein the memory is used for storing a plurality of instructions, and the processor is used for loading the instructions stored in the memory to execute:
step1, inputting a scalar K and a base point P, selecting the window size w of a wNAF representation sequence according to the memory size and the requirement of the required hardware area, and setting an empty result point for storing the result of each cycle;
step2. Generating a wNAF representation sequence of scalar K, the number of sequence bits being B, representing scalar K asWherein the number of bits B is selected from one of 15 curves recommended by NIST; k (k) i A binary value for each bit of scalar K;
step3 performing 2 on odd numbers in the wNAF expression sequence w Preprocessing all prime numbers;
step4, performing point doubling operation on the result point to obtain a new result point; by means of shift execution, the whole wNAF representation sequence generated by scalar K is executed from the place at B-1 to the place at 0 in turn;
step5, if the shift is executed until the wNAF indicates that the non-zero number K_B in the sequence is prime, searching a preprocessing point corresponding to the prime, and if the non-zero number K_B in the sequence is non-prime, searching a preprocessing point Q1 corresponding to the nearest prime s;
step6. Calculate the difference a between the non-zero number k_b and the nearest prime number s, if a is not equal to 0, construct the multi-base chain a=2 bin *3 tri *5 qui *7 set Searching a term with the frequency of 1 in the multi-base chain, replacing the term with a pretreatment point, and calculating Q2=aP, wherein bin represents a double-point frequency storage linked list, tri represents a triple-point frequency storage linked list, qui represents a quintupling frequency storage linked list, and set represents a seven-point frequency storage linked list; if a is equal to 0, q2=null;
step7, adding the Q1 and Q2 points to obtain a scalar multiplication result Q, carrying out point adding operation on the result point obtained after the Q and Step4 times of point operation, and updating the result stored in the result point again to be used as the scalar multiplication result;
step8, repeating Step4 to Step7, shifting for B times, and outputting final scalar multiplication result after all shifting is completed.
Further, the processor is further configured to load instructions stored in the memory to perform: the wNAF expression sequence for generating the scalar K with the bit number of B is used for expressing the scalar K asWherein the number of bits B may be selected from one of 15 curves recommended by NIST, including:
step2.1 let i=0
step 2.2 if the scalar K is greater than or equal to 1, repeating steps 2.3 through 2.5;
step 2.3 if K mod 2=1, K i =K mod 2 w ,K=K-k i ;
step 2.4 if K mod 2 = 0, then K = K/2, ki = 0;
step 2.5 let i=i+1;
step 2.6 wNAF returns K to represent the sequence D { K } B-1 , k B-2 ,…, k 1 , k 0 }。
Further, the processor is further configured to load instructions stored in the memory to perform: said 2 for odd numbers in the wNAF expression sequence w All prime number preprocessing operations below, including:
step3.1, calculating the double point of the base point P to obtain a double point result 2P;
step 3.2 let i=1, pre-processing point p_pre=p;
step3.3 determining if i is greater than 2 w -1, if so, returning all pre-processed pre-processing points; otherwise, continuing to judge whether i is prime, if so, storing P_pre for pre-calculation, and if not, making P_pre=P_pre+2P, and i=i+2;
step3.4, continuing to determine whether i in step3.3 is greater than 2 w -1, if so, returning all pre-processed pre-processing points, otherwiseRepeating steps 3.1-3.4 until i is greater than 2 w -1 condition is satisfied.
Further, the processor is further configured to load instructions stored in the memory to perform: the multiple point operation specifically comprises the following steps: this point is multiplied by 2 and the point addition operation is a two-point addition.
Embodiments of the present application also provide a computer readable storage medium storing one or more programs executable by one or more processors to implement the prime number preprocessing-based ECC scalar multiplier implementation method of any one of the preceding claims 1 to 4.
Compared with the prior art, the method, the device and the storage equipment for realizing the ECC scalar multiplier based on prime preprocessing have the advantages that at least the following beneficial effects are realized: the application provides an ECC scalar multiplier implementation method based on prime number preprocessing, which replaces odd preprocessing in wNAF with prime number preprocessing, so that preprocessing operation amount is greatly reduced; the multi-base chain coding concept is applied to the wNAF scalar multiplication, the search range of the addition chain is reduced to one nonzero number in the wNAF expression sequence, the time for constructing the addition chain is effectively reduced, and the problems of overlong time or large hardware area in search and construction time and the like existing in the conventional ECC scalar multiplier are solved.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are needed in the description of the embodiments will be briefly described below, it will be apparent that the drawings in the following description are only some embodiments of the present application, and that other drawings can be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a flow chart of a method for ECC scalar multiplier implementation based on prime preprocessing provided by an embodiment of the present application;
FIG. 2 is a block diagram of an ECC scalar multiplier device based on prime preprocessing according to an embodiment of the present application;
fig. 3 is a flowchart of a method for generating a wNAF representation sequence of scalar K according to an embodiment of the present application;
FIG. 4 shows an embodiment of the present application for providing 2 for odd numbers in a wNAF representation sequence w And a method flow chart of all prime number preprocessing operations.
Detailed Description
In order to make the technical solution and advantages of the present application more clear, a detailed description of a specific implementation of a method for implementing an ECC scalar multiplier based on prime preprocessing according to an embodiment of the present application is provided below with reference to the accompanying drawings. It should be understood that the following description of the preferred embodiments is provided for the purpose of illustrating and explaining the application, and is not intended to limit the application. And embodiments of the application and features of the embodiments may be combined with each other without conflict.
The technical scheme provided by the embodiment of the application realizes that prime number preprocessing is used for replacing odd number preprocessing in the wNAF, so that the preprocessing operand is greatly reduced; the multi-base chain coding concept is applied to the wNAF scalar multiplication, the search range of the addition chain is reduced to one nonzero number in the wNAF expression sequence, the time for constructing the addition chain is effectively reduced, and the problems of overlong time or large hardware area in search and construction time and the like existing in the conventional ECC scalar multiplier are solved.
The embodiment of the application discloses a method for realizing an ECC scalar multiplier based on prime preprocessing, which is shown in a figure 1, and comprises the following steps:
step1, inputting a scalar K and a base point P, selecting the window size w of a wNAF representation sequence according to the memory size and the requirement of the required hardware area, and setting an empty result point for storing the result of each cycle;
step2. Generating a wNAF representation sequence of scalar K, the number of sequence bits being B, representing scalar K asForm (iv);
each non-zero coefficient so constructed is odd and there is at most one non-zero bit in any consecutive number w;
wherein, the bit number B can be one bit number of 15 curves recommended by NIST; NIST (national institute of standards and technology) recommends parameters and bit lengths of 15 elliptic curves in FIPS186, five classes for prime number domain, five classes for binary domain and koblize domain, 163,233,283,409,571; k (k) i A binary value for each bit of scalar K; if k=101101, then K 5 =1,k 4 =0,k 3 =1,k 2 =1,k 1 =0,k 0 =1;
Step3 performing 2 on odd numbers in the wNAF expression sequence w Preprocessing all prime numbers;
step4, performing point doubling operation on the result point to obtain a new result point; by means of shift execution, the whole wNAF representation sequence generated by scalar K is executed from the place at B-1 to the place at 0 in turn;
step5, if the shift is executed until the wNAF indicates that the non-zero number K_B in the sequence is prime, searching a preprocessing point corresponding to the prime, and if the non-zero number K_B in the sequence is non-prime, searching a preprocessing point Q1 corresponding to the nearest prime s;
step6. Calculate the difference a between the non-zero number k_b and the nearest prime number s, if a is not equal to 0, construct the multi-base chain a=2 bin *3 tri *5 qui *7 set Searching a term with the frequency of 1 in the multi-base chain, replacing the term with a pretreatment point, and calculating Q2=aP, wherein bin represents a double-point frequency storage linked list, tri represents a triple-point frequency storage linked list, qui represents a quintupling frequency storage linked list, and set represents a seven-point frequency storage linked list; if a is equal to 0, q2=null;
step7, adding the Q1 and Q2 points to obtain a scalar multiplication result Q, carrying out point adding operation on the result point obtained after the Q and Step4 times of point operation, and updating the result stored in the result point again to be used as the scalar multiplication result;
step8, repeating Step4 to Step7, shifting for B times, and outputting final scalar multiplication result after all shifting is completed.
Preferably, the wNAF representation sequence for generating the scalar K, with the bit number of B, represents the scalar K asWherein the number of bits B may be selected from one of 15 curves recommended by NIST, including: the method flow is shown in figure 3;
step2.1 let i=0
Step 2.2 if the scalar K is greater than or equal to 1, repeatedly executing steps 2.3 to 2.5;
step 2.3 if kmod 2=1, K i =K mod 2 w ,K=K-k i ;
Step2.4 if K mod 2=0, then k=k/2, ki=0;
step2.5 let i=i+1;
step 2.6 wNAF returns K to represent the sequence D { K } B-1 , k B-2 ,…, k 1 , k 0 }。
Preferably, the method comprises the step of carrying out 2 on the odd number in the wNAF expression sequence w All prime number preprocessing operations below, including: the method flow is shown in fig. 4, and the scope of the multi-base chain construction is reduced to 1 to 2w, so that the steps and time for construction are simplified.
Step3.1, calculating the double point of the base point P to obtain a double point result 2P;
step3.2 let i=1, pre-processing point p_pre=p;
step3.3 determining if i is greater than 2 w -1, if so, returning all pre-processed pre-processing points; otherwise, continuing to judge whether i is prime, if so, storing P_pre for pre-calculation, and if not, making P_pre=P_pre+2P, and i=i+2;
step3.4, continuing to determine if i in Step3.3 is greater than 2 w -1, if yes, returning all pre-processing points for pre-processing, otherwise, repeatedly executing Step3.1-Step3.4 until i is greater than 2 w -1 condition is satisfied.
Preferably, the multiple point operation is specifically: this point is multiplied by 2 and the point addition operation is a two-point addition.
The embodiment of the application also provides a device for realizing the ECC scalar multiplier based on prime number preprocessing, which is shown in figure 2 and comprises: the apparatus comprises a memory 21 and a processor 22, the memory 21 for storing a plurality of instructions, the processor 22 for loading the instructions stored in the memory 21 to perform:
step1, inputting a scalar K and a base point P, selecting the window size w of a wNAF representation sequence according to the memory size and the requirement of the required hardware area, and setting an empty result point for storing the result of each cycle;
step2. Generating a wNAF representation sequence of scalar K, the number of sequence bits being B, representing scalar K asWherein the number of bits B is selected from one of 15 curves recommended by NIST;
step3 performing 2 on odd numbers in the wNAF expression sequence w Preprocessing all prime numbers;
step4, performing point doubling operation on the result point to obtain a new result point; by means of shift execution, the whole wNAF representation sequence generated by scalar K is executed from the place at B-1 to the place at 0 in turn;
step5, if the shift is executed until the wNAF indicates that the non-zero number K_B in the sequence is prime, searching a preprocessing point corresponding to the prime, and if the non-zero number K_B in the sequence is non-prime, searching a preprocessing point Q1 corresponding to the nearest prime s;
step6. Calculate the difference a between the non-zero number k_b and the nearest prime number s, if a is not equal to 0, construct the multi-base chain a=2 bin *3 tri *5 qui *7 set Searching a term with the frequency of 1 in the multi-base chain, replacing the term with a pretreatment point, and calculating Q2=aP, wherein bin represents a double-point frequency storage linked list, tri represents a triple-point frequency storage linked list, qui represents a quintupling frequency storage linked list, and set represents a seven-point frequency storage linked list; if a is equal to 0, q2=null;
step7, adding the Q1 and Q2 points to obtain a scalar multiplication result Q, carrying out point adding operation on the result point obtained after the Q and Step4 times of point operation, and updating the result stored in the result point again to be used as the scalar multiplication result;
step8, repeating Step4 to Step7, shifting for B times, and outputting final scalar multiplication result after all shifting is completed.
Preferably, the processor 22 alsoInstructions for loading instructions stored in the memory 21 to perform: the wNAF expression sequence for generating the scalar K with the bit number of B is used for expressing the scalar K asWherein the number of bits B may be selected from one of 15 curves recommended by NIST, including: the method flow is shown in figure 3;
step2.1 let i=0
Step 2.2 if the scalar K is greater than or equal to 1, repeatedly executing steps 2.3 to 2.5;
step 2.3 if kmod 2=1, K i =K mod 2 w ,K=K-k i ;
Step2.4 if K mod 2=0, then k=k/2, ki=0;
step2.5 let i=i+1;
step 2.6 wNAF returns K to represent the sequence D { K } B-1 , k B-2 ,…, k 1 , k 0 }。
Preferably, the processor 22 is further configured to load instructions stored in the memory 21 to execute: said 2 for odd numbers in the wNAF expression sequence w All prime number preprocessing operations below, including:
step3.1, calculating the double point of the base point P to obtain a double point result 2P;
step3.2 let i=1, pre-processing point p_pre=p;
step3.3 determining if i is greater than 2 w -1, if so, returning all pre-processed pre-processing points; otherwise, continuing to judge whether i is prime, if so, storing P_pre for pre-calculation, and if not, making P_pre=P_pre+2P, and i=i+2;
step3.4, continuing to determine whether i in Step3.3 is greater than 2 w -1, if yes, returning all pre-processing points for pre-processing, otherwise, repeatedly executing Step3.1-Step3.4 until i is greater than 2 w -1 condition is satisfied.
Preferably, the processor 22 is further configured to load instructions stored in the memory 21 to execute: the multiple point operation specifically comprises the following steps: this point is multiplied by 2 and the point addition operation is a two-point addition.
Embodiments of the present application also provide a computer readable storage medium storing one or more programs that can be executed by one or more processors to perform the method of the present application implemented on an ECC scalar multiplier based on prime number preprocessing.
According to the method, the device and the storage equipment for realizing the ECC scalar multiplier based on prime number preprocessing, which are provided by the application, the prime number preprocessing is used for replacing the odd number preprocessing in the wNAF, so that the preprocessing operation amount is greatly reduced; the multi-base chain coding concept is applied to the wNAF scalar multiplication, the search range of the addition chain is reduced to one nonzero number in the wNAF expression sequence, the time for constructing the addition chain is effectively reduced, and the problems of overlong time or large hardware area in search and construction time and the like existing in the conventional ECC scalar multiplier are solved.
From the foregoing description of embodiments, it will be apparent to those skilled in the art that embodiments of the present application may be implemented in hardware, or may be implemented in a combination of software and a necessary general purpose hardware platform. Based on such understanding, the technical solution of the embodiments of the present application may be embodied in the form of a software product, where the software product may be stored in a non-volatile storage medium (may be a CD-ROM, a U-disk, a mobile hard disk, etc.), and includes several instructions for causing a computer device (may be a personal computer, a server, or a network device, etc.) to perform the method described in the embodiments of the present application.
Those skilled in the art will appreciate that the drawing is merely a schematic representation of one preferred embodiment and that the modules or processes in the drawing are not necessarily required to practice the application.
Those skilled in the art will appreciate that modules in an apparatus of an embodiment may be distributed in an apparatus of an embodiment as described in the embodiments, and that corresponding changes may be made in one or more apparatuses different from the present embodiment. The modules of the above embodiments may be combined into one module, or may be further split into a plurality of sub-modules.
The foregoing embodiment numbers of the present application are merely for the purpose of description, and do not represent the advantages or disadvantages of the embodiments.
It will be apparent to those skilled in the art that various modifications and variations can be made to the present application without departing from the spirit or scope of the application. Thus, it is intended that the present application also include such modifications and alterations insofar as they come within the scope of the appended claims or the equivalents thereof.

Claims (9)

1. A method for ECC scalar multiplier implementation based on prime preprocessing, comprising:
step1, inputting a scalar K and a base point P, selecting the window size w of a wNAF representation sequence according to the memory size and the requirement of the required hardware area, and setting an empty result point for storing the result of each cycle;
step2. Generating a wNAF representation sequence of scalar K, the number of sequence bits being B, representing scalar K asWherein the number of bits B is selected from one of 15 curves recommended by NIST; k (k) i A binary value for each bit of scalar K;
step3 performing 2 on odd numbers in the wNAF expression sequence w Preprocessing all prime numbers;
step4, performing point doubling operation on the result point to obtain a new result point; by means of shift execution, the whole wNAF representation sequence generated by scalar K is executed from the place at B-1 to the place at 0 in turn;
step5, if the shift is executed until the wNAF indicates that the non-zero number K_B in the sequence is prime, searching a preprocessing point corresponding to the prime, and if the non-zero number K_B in the sequence is non-prime, searching a preprocessing point Q1 corresponding to the nearest prime s;
step6. Calculate the difference a between the non-zero number k_b and the nearest prime number s, if a is not equal to 0, construct the multi-base chain a=2 bin *3 tri *5 qui *7 set Searching for a term with the number of times of 1 in the multi-base chain, replacing the term with a pretreatment point, and calculating Q2=aP, wherein bin represents a double-point number storage chain table and tri represents three timesThe point number storage linked list and qui represent five-time point number storage linked lists, and set represents seven-time point number storage linked lists; if a is equal to 0, q2=null;
step7, adding the Q1 and Q2 points to obtain a scalar multiplication result Q, carrying out point adding operation on the result point obtained after the Q and Step4 times of point operation, and updating the result stored in the result point again to be used as the scalar multiplication result;
step8, repeating Step4 to Step7, shifting for B times, and outputting final scalar multiplication result after all shifting is completed.
2. The method of claim 1, wherein the generating a wNAF representation sequence of scalar K, having a number of bits B, represents scalar K asWherein the number of bits B may be selected from one of 15 curves recommended by NIST, including:
step2.1 let i=0
step 2.2 if the scalar K is greater than or equal to 1, repeating steps 2.3 through 2.5;
step 2.3 if K mod 2=1, K i =K mod 2 w ,K=K-k i ;
step 2.4 if K mod 2 = 0, then K = K/2, ki = 0;
step 2.5 let i=i+1;
step 2.6 wNAF returns K to represent the sequence D { K } B-1 , k B-2 ,…, k 1 , k 0 }。
3. The method of claim 1, wherein the odd number in the wNAF representation sequence is 2 w All prime number preprocessing operations below, including:
step3.1, calculating the double point of the base point P to obtain a double point result 2P;
step 3.2 let i=1, pre-processing point p_pre=p;
step3.3 determining if i is greater than 2 w -1, if so, returning all pre-processed pre-processing points; otherwise, continuing to judge whether i is prime, if so, storing P_pre for pre-calculation,if not, let p_pre=p_pre+2p, i=i+2;
step3.4, continuing to determine whether i in step3.3 is greater than 2 w -1, if yes, returning all pre-processed pre-processing points, otherwise, repeatedly executing step3.1-step3.4 until i is greater than 2 w -1 condition is satisfied.
4. The method according to claim 1, characterized in that the multiple point operation is in particular: this point is multiplied by 2 and the point addition operation is a two-point addition.
5. An ECC scalar multiplier implementation based on prime preprocessing, comprising a memory for storing a plurality of instructions and a processor for loading instructions stored in the memory to perform:
step1, inputting a scalar K and a base point P, selecting the window size w of a wNAF representation sequence according to the memory size and the requirement of the required hardware area, and setting an empty result point for storing the result of each cycle;
step2. Generating a wNAF representation sequence of scalar K, the number of sequence bits being B, representing scalar K asWherein the number of bits B is selected from one of 15 curves recommended by NIST; k (k) i A binary value for each bit of scalar K;
step3 performing 2 on odd numbers in the wNAF expression sequence w Preprocessing all prime numbers;
step4, performing point doubling operation on the result point to obtain a new result point; by means of shift execution, the whole wNAF representation sequence generated by scalar K is executed from the place at B-1 to the place at 0 in turn;
step5, if the shift is executed until the wNAF indicates that the non-zero number K_B in the sequence is prime, searching a preprocessing point corresponding to the prime, and if the non-zero number K_B in the sequence is non-prime, searching a preprocessing point Q1 corresponding to the nearest prime s;
step6. Calculate the nonzero number K_BIf a is not equal to 0, constructing a multi-base chain a=2 bin *3 tri *5 qui *7 set Searching a term with the frequency of 1 in the multi-base chain, replacing the term with a pretreatment point, and calculating Q2=aP, wherein bin represents a double-point frequency storage linked list, tri represents a triple-point frequency storage linked list, qui represents a quintupling frequency storage linked list, and set represents a seven-point frequency storage linked list; if a is equal to 0, q2=null;
step7, adding the Q1 and Q2 points to obtain a scalar multiplication result Q, carrying out point adding operation on the result point obtained after the Q and Step4 times of point operation, and updating the result stored in the result point again to be used as the scalar multiplication result;
step8, repeating Step4 to Step7, shifting for B times, and outputting final scalar multiplication result after all shifting is completed.
6. The apparatus of claim 5, wherein the processor is further configured to load instructions stored in the memory to perform: the wNAF expression sequence for generating the scalar K with the bit number of B is used for expressing the scalar K asWherein the number of bits B may be selected from one of 15 curves recommended by NIST, including:
step2.1 let i=0
step 2.2 if the scalar K is greater than or equal to 1, repeating steps 2.3 through 2.5;
step 2.3 if K mod 2=1, K i =K mod 2 w ,K=K-k i ;
step 2.4 if K mod 2 = 0, then K = K/2, ki = 0;
step 2.5 let i=i+1;
step 2.6 wNAF returns K to represent the sequence D { K } B-1 , k B-2 ,…, k 1 , k 0 }。
7. The apparatus of claim 5, wherein the processor is further configured to load instructions stored in the memory to perform: said 2 for odd numbers in the wNAF expression sequence w All prime numbers belowA preprocessing operation comprising:
step3.1, calculating the double point of the base point P to obtain a double point result 2P;
step 3.2 let i=1, pre-processing point p_pre=p;
step3.3 determining if i is greater than 2 w -1, if so, returning all pre-processed pre-processing points; otherwise, continuing to judge whether i is prime, if so, storing P_pre for pre-calculation, and if not, making P_pre=P_pre+2P, and i=i+2;
step3.4, continuing to determine whether i in step3.3 is greater than 2 w -1, if yes, returning all pre-processed pre-processing points, otherwise, repeatedly executing step3.1-step3.4 until i is greater than 2 w -1 condition is satisfied.
8. The apparatus of claim 5, wherein the processor is further configured to load instructions stored in the memory to perform: the multiple point operation specifically comprises the following steps: this point is multiplied by 2 and the point addition operation is a two-point addition.
9. A computer readable storage medium storing one or more programs executable by one or more processors to implement the prime number preprocessing-based ECC scalar multiplier implementation method of any of claims 1-4.
CN202010598636.6A 2020-06-28 2020-06-28 Method and device for realizing ECC scalar multiplier based on prime preprocessing Active CN111756538B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010598636.6A CN111756538B (en) 2020-06-28 2020-06-28 Method and device for realizing ECC scalar multiplier based on prime preprocessing

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010598636.6A CN111756538B (en) 2020-06-28 2020-06-28 Method and device for realizing ECC scalar multiplier based on prime preprocessing

Publications (2)

Publication Number Publication Date
CN111756538A CN111756538A (en) 2020-10-09
CN111756538B true CN111756538B (en) 2023-10-13

Family

ID=72677644

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010598636.6A Active CN111756538B (en) 2020-06-28 2020-06-28 Method and device for realizing ECC scalar multiplier based on prime preprocessing

Country Status (1)

Country Link
CN (1) CN111756538B (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CA2631276A1 (en) * 2008-05-14 2009-11-14 Patrick Longa Exponentiation method using multibase number representation
CN101753306A (en) * 2009-12-22 2010-06-23 上海大学 Digital signature authentication method for applying Montgomery elliptic curve
CN103078732A (en) * 2013-01-08 2013-05-01 武汉大学 Prime field elliptic curve crypto dot product accelerating circuit
CN103282950A (en) * 2010-12-27 2013-09-04 三菱电机株式会社 Arithmetical device, arithmetical device elliptical scalar multiplication method and elliptical scalar multiplication program, arithmetical device multiplicative operation method and multiplicative operation program, as well as arithmetical device zero determination method and zero determination program
CN106888088A (en) * 2017-03-29 2017-06-23 中国人民解放军信息工程大学 Elliptic curve cipher Fast implementation and its device
CN110611559A (en) * 2019-08-21 2019-12-24 广东工业大学 Side channel attack resistant SM2 dot product architecture based on algorithm layer and operation method thereof

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2006145945A (en) * 2004-11-22 2006-06-08 Sony Corp Encryption processing operation method, encryption processing apparatus and computer program
US7986779B2 (en) * 2007-06-30 2011-07-26 Intel Corporation Efficient elliptic-curve cryptography based on primality of the order of the ECC-group

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CA2631276A1 (en) * 2008-05-14 2009-11-14 Patrick Longa Exponentiation method using multibase number representation
CN101753306A (en) * 2009-12-22 2010-06-23 上海大学 Digital signature authentication method for applying Montgomery elliptic curve
CN103282950A (en) * 2010-12-27 2013-09-04 三菱电机株式会社 Arithmetical device, arithmetical device elliptical scalar multiplication method and elliptical scalar multiplication program, arithmetical device multiplicative operation method and multiplicative operation program, as well as arithmetical device zero determination method and zero determination program
CN103078732A (en) * 2013-01-08 2013-05-01 武汉大学 Prime field elliptic curve crypto dot product accelerating circuit
CN106888088A (en) * 2017-03-29 2017-06-23 中国人民解放军信息工程大学 Elliptic curve cipher Fast implementation and its device
CN110611559A (en) * 2019-08-21 2019-12-24 广东工业大学 Side channel attack resistant SM2 dot product architecture based on algorithm layer and operation method thereof

Also Published As

Publication number Publication date
CN111756538A (en) 2020-10-09

Similar Documents

Publication Publication Date Title
Antipa et al. Accelerated verification of ECDSA signatures
Öztürk et al. Low-power elliptic curve cryptography using scaled modular arithmetic
CN111966324B (en) Implementation method and device for multi-elliptic curve scalar multiplier and storage medium
US8411855B1 (en) Size optimization for large elliptic curve cryptography scalar multiplication acceleration tables
CN109145616B (en) SM2 encryption, signature and key exchange implementation method and system based on efficient modular multiplication
CN113628094A (en) High-throughput SM2 digital signature computing system and method based on GPU
CN108875416B (en) Elliptic curve multiple point operation method and device
CN115344237A (en) Data processing method combining Karatsuba and Montgomery modular multiplication
Farzam et al. Implementation of supersingular isogeny-based Diffie-Hellman and key encapsulation using an efficient scheduling
CN109933304B (en) Rapid Montgomery modular multiplier operation optimization method suitable for national secret sm2p256v1 algorithm
CN113721988B (en) Chip-based workload proving method and chip for workload proving
CN111756538B (en) Method and device for realizing ECC scalar multiplier based on prime preprocessing
CN109144472A (en) A kind of binary expands the scalar multiplication and its realization circuit of domain elliptic curve
CN207115387U (en) XIU accumulator registers, XIU accumulator registers circuit and electronic equipment
Faugère et al. Software toolkit for hfe-based multivariate schemes
Kawamura et al. Efficient algorithms for sign detection in RNS using approximate reciprocals
EP4275157A1 (en) Method and system for privacy-preserving logistic regression training based on homomorphically encrypted ciphertexts
Baktır et al. Finite field polynomial multiplication in the frequency domain with application to elliptic curve cryptography
Kim Efficient Algorithm for Multi-Bit Montgomery Inverse Using Refined Multiplicative Inverse Modular $2^ K$
US20130198253A1 (en) Methods of calculating negative inverse of modulus
Lee et al. Efficient implementation of NTRU cryptosystem using sliding window methods
CN110865794A (en) Parallel modular multiplication method for data security communication
Tay et al. A tree search algorithm for low multiplicative complexity logic design
KR101423947B1 (en) Modular multiplication and modular exponentiation using extended NIST prime
JP5791562B2 (en) COMPRESSION FUNCTION OPERATION DEVICE, COMPRESSION FUNCTION OPERATION METHOD, AND PROGRAM

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant