CN112769553A - Implementation method and device for accelerating SM9 bilinear pairing operation in embedded system - Google Patents

Implementation method and device for accelerating SM9 bilinear pairing operation in embedded system Download PDF

Info

Publication number
CN112769553A
CN112769553A CN202011609326.6A CN202011609326A CN112769553A CN 112769553 A CN112769553 A CN 112769553A CN 202011609326 A CN202011609326 A CN 202011609326A CN 112769553 A CN112769553 A CN 112769553A
Authority
CN
China
Prior art keywords
register
data
operation result
bit
coprocessor
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202011609326.6A
Other languages
Chinese (zh)
Other versions
CN112769553B (en
Inventor
王亚伟
司明
张贺
吴晓彤
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Hongsi Electronic Technology Co ltd
Original Assignee
Beijing Hongsi Electronic Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Hongsi Electronic Technology Co ltd filed Critical Beijing Hongsi Electronic Technology Co ltd
Priority to CN202011609326.6A priority Critical patent/CN112769553B/en
Publication of CN112769553A publication Critical patent/CN112769553A/en
Application granted granted Critical
Publication of CN112769553B publication Critical patent/CN112769553B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/30Arrangements for executing machine instructions, e.g. instruction decode
    • G06F9/30003Arrangements for executing specific machine instructions
    • G06F9/30007Arrangements for executing specific machine instructions to perform operations on data operands
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/30Arrangements for executing machine instructions, e.g. instruction decode
    • G06F9/30098Register arrangements
    • G06F9/3012Organisation of register space, e.g. banked or distributed register file
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D10/00Energy efficient computing, e.g. low power processors, power management or thermal management

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Image Processing (AREA)

Abstract

The present application relates to the field of information security technologies, and in particular, to a method and an apparatus for implementing an SM9 bilinear pairing operation in an embedded system. In the application, the effective operation of the bilinear pairings of the SM9 password system is realized, the time of the bilinear pairings in the operation process is reduced, and the speed of the bilinear pairings is improved.

Description

Implementation method and device for accelerating SM9 bilinear pairing operation in embedded system
Technical Field
The present application relates to the field of information security technologies, and in particular, to a method and an apparatus for implementing an SM9 bilinear pairing operation in an embedded system.
Background
The SM9 bilinear asymmetric algorithm (SM 9 algorithm for short) is an identification cryptographic algorithm based on bilinear pairings, generates a public key pair and a private key pair of a user according to the identity of the user, and associates identity information with the cryptographic algorithm, thereby omitting the processes of digital certificate, certificate bank and key bank management. The SM9 algorithm does not need to apply for a digital certificate, and is suitable for security guarantee of various emerging applications of Internet applications. Such as password service based on cloud technology, e-mail security, intelligent terminal protection, internet of things security, cloud storage security, and the like. The security applications can adopt a mobile phone number or a mail address as a public key to realize security applications such as data encryption, identity authentication, call encryption, channel encryption and the like, and have the characteristics of convenient use and easy deployment, thereby opening the door for popularizing a cryptographic algorithm.
At present, IBC (Identity-Based Cryptograph, identification cryptosystem) is rapidly developed, and the system can theoretically remove a CA certificate, so that great convenience exists in use, and as an SM9 cryptosystem of a unique set of identification cryptosystem in international, the core thereof lies in operation of bilinear pairing, and how to realize accelerating operation of bilinear pairing becomes a current technical problem to be solved urgently.
Disclosure of Invention
The application provides a method and a device for accelerating SM9 bilinear pairings operation in an embedded system, so as to realize accelerating effective operation on the bilinear pairings of an SM9 password system.
In a first aspect, a method for implementing an SM9 bilinear pairwise operation acceleration in an embedded system is provided, which includes the following steps:
step S1, the coprocessor calculates to obtain a first coordinate data and a second coordinate data according to the acquired random number, and stores the first coordinate data into a first register and the second coordinate data into a second register;
step S2, the coprocessor maps the data in the second register to third coordinate data, and stores the mapped third coordinate data in a third register;
step S3, the coprocessor acquires a second preset value and arranges the second preset value in sequence from high to low according to the bit number of the second preset value;
step S4, if the bit with the highest bit number is the non-specific bit, go to step S5 to execute the processing; if the bit with the highest current bit number is the specific bit, the process goes to step S9 to execute the process; if all the bit numbers of the second preset value are traversed, transferring the data corresponding to the last bit number to the step S12 for processing;
step S5, the coprocessor carries out line function point multiplication operation according to the data in the first register and the data in the third register, and stores the obtained operation result into a second data group of a fourth register;
step S6, the coprocessor performs a dot multiplication operation on the data in the third register to obtain an operation result, and updates the operation result with the data in the third register;
step S7, the coprocessor carries out twelve times of domain square operation on the first data group in the fifth register, and updates the operation result to the data in the fifth register;
step S8, the coprocessor performs twelve-domain multiplication on the data in the fourth register and the data in the fifth register, and updates the operation result with the data in the fifth register; if the bit is not the last bit, sequentially selecting the bit with the highest next bit number, and then switching to the step S4 for traversal processing according to the data obtained in the steps S5 to S8; if the bit is the last bit, the data obtained based on the above operation is transferred to step S12 for processing;
step S9, the coprocessor performs a line function point add operation according to the data in the third register, the data in the first register, and the data in the second register, and updates the operation result with the data in the second data group in the fourth register;
step S10, the coprocessor performs a dot-and-add operation according to the data in the third register and the data in the second register, and updates the data in the third register with the operation result;
step S11, the coprocessor performs twelve-domain multiplication operations on the data in the fourth register and the data in the fifth register, and updates the operation result with the data in the fifth register; after sequentially selecting the bit with the highest next bit number, switching to the step S4 for traversal processing according to the data obtained in the steps S9 to S11;
step S12, the coprocessor carries out secondary domain expansion space operation according to the acquired first preset value, third preset value and the data in the second register, and stores the obtained operation result into a sixth register and a seventh register;
step S13, the coprocessor performs a dot-and-add operation according to the data in the first register, the data in the sixth register, the data in the seventh register, the data in the third register, and the data in the fourth register, updates the data in the fourth register and the data in the third register with the operation result, performs twelve domain multiplication operations according to the data in the fourth register and the data in the fifth register, and updates the data in the fifth register with the operation result;
and step S14, the coprocessor calculates the data in the fifth register to obtain and store a linear pair calculation result.
In one possible implementation, the step S1 includes:
the coprocessor calculates the inverse of the random number relative to a first preset value and stores an obtained operation result into an eighth register;
the coprocessor carries out dot product operation according to the random number and the data in the first register and stores an operation result into the first register;
and the coprocessor performs dot product operation according to the data in the eighth register and the data in the second register and stores the operation result to the second register.
In one possible implementation, the step S2 includes:
and the coprocessor maps the two-dimensional second coordinate data in the second register to the three-dimensional third coordinate data in the third register.
In one possible implementation, the step S3 includes:
the coprocessor acquires a second preset value 6 x t +2, determines the bit number of the second preset value 6 x t +2, and arranges the bit numbers in sequence from high to low, wherein the lowest bit number is the 0 th bit.
In one possible implementation, the specific bit in the step S4 is the 1 st bit.
In one possible implementation, the step S13 includes:
the coprocessor executes a line function point addition operation according to the data in the first register, the data in the sixth register, the data in the third register and the data in the fourth register, and updates the operation result to the data in the fourth register;
the coprocessor executes secondary domain expansion point addition operation according to the data in the sixth register and the data in the third register, and updates the operation result to the data in the third register;
the coprocessor performs twelve-time domain multiplication operation according to the data in the fourth register and the data in the fifth register, and updates the operation result to the data in the fifth register;
the coprocessor executes a line function point addition operation according to the data in the first register, the data in the seventh register, the data in the third register and the data in the fourth register, and updates the operation result to the data in the fourth register;
the coprocessor executes secondary domain expansion point addition operation according to the data in the seventh register and the data in the third register, and updates the operation result to the data in the third register;
and the coprocessor performs twelve-time domain multiplication operation on the data in the fourth register and the data in the fifth register, and updates the operation result to the data in the fifth register.
In a second aspect, an apparatus for implementing an SM9 bilinear pairwise acceleration operation in an embedded system is provided, including:
the first processing module is used for calculating to obtain first coordinate data and second coordinate data according to the acquired random number, and storing the first coordinate data into a first register and the second coordinate data into a second register;
the second processing module is used for mapping the data in the second register to third coordinate data and storing the mapped third coordinate data into a third register;
the third processing module is used for acquiring a second preset value and sequentially arranging the second preset value according to the bit number of the second preset value from high to low; if the bit with the highest current bit number is a non-specific bit, the fourth processing module executes processing; if the bit with the highest current bit number is the specific bit, the eighth processing module executes processing;
the fourth processing module is used for performing line function point multiplication operation according to the data in the first register and the data in the third register and storing an obtained operation result into a second data group of a fourth register;
the fifth processing module is used for performing point multiplication operation on the data in the third register to obtain an operation result, and updating the data in the third register with the operation result;
the sixth processing module is used for performing twelve-time domain square operation on the first data group in the fifth register and updating the data in the fifth register with the operation result;
a seventh processing module, configured to perform twelve-domain multiplication on the data in the fourth register and the data in the fifth register, and update the data in the fifth register with an operation result; if the bit is not the last bit, sequentially selecting the bit with the highest next bit number, and performing traversal processing by the third processing module according to the obtained data; if the bit is the last bit, processing the data obtained based on the operation by an eleventh processing module;
the eighth processing module is configured to perform a line function point addition operation according to the data in the third register, the data in the first register, and the data in the second register, and update the operation result with the data in the second data group in the fourth register;
the ninth processing module is used for performing a dot-and-add operation on the data in the third register and the data in the second register and updating the data in the third register with the operation result;
a tenth processing module, configured to perform twelve-domain multiplication operations on the data in the fourth register and the data in the fifth register, and update the operation result with the data in the fifth register; after sequentially selecting the bit with the highest bit number, the third processing module performs traversal processing according to the obtained data;
the eleventh processing module is configured to perform secondary domain expansion space operation according to the acquired first preset value, the acquired third preset value and the data in the second register, and store an obtained operation result in a sixth register and a seventh register;
a twelfth processing module, configured to perform a dot-and-add operation according to the data in the first register, the data in the sixth register, the data in the seventh register, the data in the third register, and the data in the fourth register, update the data in the fourth register and the data in the third register with an operation result, perform twelve domain multiplication operations according to the data in the fourth register and the data in the fifth register, and update the data in the fifth register with the operation result;
and the thirteenth processing module is used for operating the data in the fifth register to obtain and store a linear pair operation result.
In one possible implementation, the first processing module is configured to calculate an inverse of the random number with respect to a first preset value, and store an obtained operation result in an eighth register; performing dot product operation according to the random number and data in the first register, and storing an operation result into the first register; and performing dot product operation according to the data in the eighth register and the data in the second register, and storing an operation result to the second register.
In one possible implementation manner, the second processing module is configured to map the two-dimensional second coordinate data in the second register to the three-dimensional third coordinate data in the third register, and update the data in the third register with the operation result.
In one possible implementation manner, the third processing module is configured to obtain a second preset value 6 × t +2, determine the bit numbers of the second preset value 6 × t +2, and arrange the bit numbers in sequence from high to low, where the lowest bit number is the 0 th bit.
In one possible implementation, the specific bit is a 1 st bit.
In one possible implementation, the twelfth processing module is configured to perform a line function dot-and-add operation according to the data in the first register, the data in the sixth register, the data in the third register, and the data in the fourth register, and update the data in the fourth register with the operation result; performing a second domain expansion point addition operation according to the data in the sixth register and the data in the third register, and updating the data in the third register with the operation result; performing twelve-domain multiplication operation according to the data in the fourth register and the data in the fifth register, and updating the data in the fifth register according to the operation result; performing a line function point-and-point operation according to the data in the first register, the data in the seventh register, the data in the third register and the data in the fourth register, and updating the data in the fourth register with the operation result; performing a second domain expansion point addition operation according to the data in the seventh register and the data in the third register, and updating the data in the third register with the operation result; and performing twelve-domain multiplication operation according to the data in the fourth register and the data in the fifth register, and updating the data in the fifth register according to the operation result.
By means of the technical scheme, the technical scheme provided by the application at least has the following advantages:
in the application, the effective operation of the bilinear pairings of the SM9 password system is realized, the time of the bilinear pairings in the operation process is reduced, and the speed of the bilinear pairings is improved.
Drawings
Various other advantages and benefits will become apparent to those of ordinary skill in the art upon reading the following detailed description of the preferred embodiments. The drawings are only for purposes of illustrating the preferred embodiments and are not to be construed as limiting the embodiments of the invention. Also, like reference numerals are used to refer to like parts throughout the drawings. In the drawings:
fig. 1 is a schematic flowchart of an implementation method for accelerating SM9 bilinear pairwise operation in an embedded system provided in the present application;
fig. 2 is a schematic structural diagram of an implementation apparatus for accelerating SM9 bilinear pairwise operation in the embedded system provided in the present application.
Detailed Description
The present application provides a method and an apparatus for implementing an operation of accelerating SM9 bilinear pairings in an embedded system, and the following describes in detail a specific embodiment of the present application with reference to the accompanying drawings.
Reference will now be made in detail to embodiments of the present application, examples of which are illustrated in the accompanying drawings, wherein like or similar reference numerals refer to the same or similar elements or elements having the same or similar function throughout. The embodiments described below with reference to the drawings are exemplary only for the purpose of explaining the present application and are not to be construed as limiting the present application.
As used herein, the singular forms "a", "an", "the" and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It will be further understood that the terms "comprises" and/or "comprising," when used in this specification, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof. It will be understood that when an element is referred to as being "connected" or "coupled" to another element, it can be directly connected or coupled to the other element or intervening elements may also be present. Further, "connected" or "coupled" as used herein may include wirelessly connected or wirelessly coupled. As used herein, the term "and/or" includes all or any element and all combinations of one or more of the associated listed items.
It will be understood by those within the art that, unless otherwise defined, all terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this application belongs. It will be further understood that terms, such as those defined in commonly used dictionaries, should be interpreted as having a meaning that is consistent with their meaning in the context of the prior art and will not be interpreted in an idealized or overly formal sense unless expressly so defined herein.
To make the objects, technical solutions and advantages of the present application more clear, embodiments of the present application will be described in further detail below with reference to the accompanying drawings. The following several specific embodiments may be combined with each other, and details of the same or similar concepts or processes may not be repeated in some embodiments.
For the present application, several parameters are involved in the bilinear pairings operation process, including: a first preset value (P), a second preset value (constant 6 x t +2), a third preset value (constant C) and a fourth preset value (inverse C' of constant C), a first data group (f), a second data group (G), first coordinate data (point coordinate G on a primary extension area)1(x1,y1) Second coordinate data (point coordinate G on second expansion region)2(x2,y2) Jacobian coordinates G), third coordinate data3’(x2’,y2’,z3) First spatial coordinate data (spatial coordinate Q on quadratic expansion domain)1(Q1x,Q1y)) and second spatial coordinate data (spatial coordinate Q over a quadratic extension2(Q2x,Q2y));
Wherein, the parameter P:
B640000002A3A6F1D603AB4FF58EC74521F2934B1A7AEEDBE56F9B27E351457D
t:
600000000058F98A
constant 6 × t + 2:
00000002400000000215D93E
constant C:
3F23EA58E5720BDB843C6CFA9C08674947C5C86E0DDD04EDA91D8354377B698B
C':
88FF5C730C0B73A064E54BB6A38B7F78CA1B1AA1217BA25198DAFEA840A7DEF7
data set f and data set g are each twelve-domain data (a)0,,,,,,,,,,,a11) Is twelve-dimensional 256-bit data, the original value is 1, i.e. a0......a10All are 0, a11A value of 1;
point coordinate G on primary extension1(x1,y1);x1、y1All 256 bits of data;
point coordinate G on quadratic expansion2(x2,y2);x2、y2All 256 bits of data;
space coordinate Q on quadratic expansion domain1(Q1x,Q1y) and Q2(Q2x,Q2y);
And (3) outputting: f ═ e (G)1,G2) (linear pair output, 12 256 bits).
Based on the above parameters, as shown in fig. 1, a flow diagram of an implementation method and an implementation device for accelerating SM9 bilinear pairwise operation in an embedded system provided by the present application is provided, where the method includes the following steps:
step S1, the coprocessor calculates a first coordinate data and a second coordinate data according to the acquired random number, and stores the first coordinate data in the first register and the second coordinate data in the second register.
In a possible implementation, the coprocessor calculates the inverse of the random number with respect to the first preset value, and stores the obtained operation result in the eighth register; the coprocessor carries out dot product operation according to the random number and data in the first register, and stores an operation result into the first register; and the coprocessor performs dot product operation according to the data in the eighth register and the data in the second register and stores the operation result in the second register.
In step S2, the coprocessor maps the data in the second register to third coordinate data, and stores the mapped third coordinate data in a third register.
In one possible implementation, the coprocessor maps the two-dimensional second coordinate data in the second register to the three-dimensional third coordinate data in the third register, and updates the data in the third register with the operation result.
In step S3, the coprocessor obtains the second preset value, and the bits are sequentially arranged from high to low according to the second preset value.
In one possible implementation, the coprocessor obtains the second preset value 6 × t +2, determines the number of bits of the second preset value 6 × t +2, and arranges the bits in sequence from high to low, wherein the lowest number of bits is the 0 th bit.
And step S4, the coprocessor carries out corresponding processing according to the bit number.
In a possible implementation manner, the coprocessor sequentially selects the bits with the highest current bit number according to the bit numbers from high to low, determines whether the selected bits are non-specific bits, and if the bits with the highest current bit number are non-specific bits, goes to step S5 to execute processing; if the bit with the highest current bit number is the specific bit, the process goes to step S9 to execute the process; executing corresponding cyclic processing according to the bit number from high to low; wherein, the specific bit is the 1 st bit.
In step S5, the coprocessor performs a line function point multiplication operation according to the data in the first register and the data in the third register, and stores the obtained operation result in the second data group of the fourth register.
And step S6, the coprocessor performs point multiplication operation on the data in the third register to obtain an operation result, and the operation result is updated to the data in the third register.
In step S7, the coprocessor performs twelve domain square operations on the first data set in the fifth register, and updates the operation result with the data in the fifth register.
In step S8, the coprocessor performs twelve domain multiplication operations on the data in the fourth register and the data in the fifth register, and updates the operation result with the data in the fifth register.
In a possible implementation manner, after updating the data in the fifth register according to the operation result, if the current bit is not the last bit, sequentially selecting the bit with the highest next bit number, and then performing traversal processing according to the data obtained in steps S5 to S8 to step S4; if the current bit is the last bit, the data obtained based on the above operation is transferred to step S12 for processing.
In step S9, the coprocessor performs a line function dot-and-dot operation according to the data in the third register, the data in the first register, and the data in the second register, and updates the operation result with the data in the second data group in the fourth register.
And step S10, the coprocessor performs a dot-and-add operation according to the data in the third register and the data in the second register, and updates the data in the third register with the operation result.
And step S11, the coprocessor performs twelve-time domain multiplication operation according to the data in the fourth register and the data in the fifth register, and updates the operation result with the data in the fifth register.
Further, after updating the data in the fifth register with the operation result, sequentially selecting the bit with the highest next bit number, and going to step S4 to perform traversal processing according to the data obtained in steps S9 to S11.
And step S12, the coprocessor performs secondary domain expansion space operation according to the acquired first preset value, third preset value and data in the second register, and stores the obtained operation result into a sixth register and a seventh register.
In a possible implementation manner, if all the bit numbers corresponding to the second preset value are traversed, corresponding calculation is performed based on the data corresponding to the last bit number;
taking a first coordinate value of the coordinate data in the second register as a base number and a first preset value as an index as a first intermediate value, taking a fourth preset value as a base number and a negative 2 as an index as a second intermediate value, and calculating the product of the first intermediate value and the second intermediate value to obtain a first operation result in the first space coordinate data; taking a second coordinate value of the coordinate data in the second register as a base number and a first preset value as an index as a first intermediate value, taking a fourth preset value as a base number and a minus 3 as an index as a second intermediate value, and calculating the product of the first intermediate value and the second intermediate value to obtain a second operation result in the first space coordinate data; the first operation result and the second operation result form first space coordinate data;
taking the fourth preset value as a base number and negative 4 as an index as a second intermediate value, and calculating the product of the second intermediate value and the first coordinate value of the coordinate data in the second register to obtain a first operation result in the second spatial coordinate data; taking the fourth preset value as a base number and the negative 6 as an index as a second intermediate value, and calculating the product of the second intermediate value and a second coordinate value of the coordinate data in the second register to obtain a second operation result in the second space coordinate data; the first operation result and the second operation result form second space coordinate data; and calculating the inverse of the second operation result in the second space coordinate data.
Step S13, the coprocessor performs a dot-and-add operation according to the data in the first register, the data in the sixth register, the data in the seventh register, the data in the third register, and the data in the fourth register, updates the data in the fourth register and the data in the third register with the operation result, performs twelve domain multiplication operations according to the data in the fourth register and the data in the fifth register, and updates the data in the fifth register with the operation result.
In one possible implementation manner, the coprocessor executes a line function point addition operation according to the data in the first register, the data in the sixth register, the data in the third register and the data in the fourth register, and updates the data in the fourth register with the operation result;
the coprocessor executes secondary domain expansion point addition operation according to the data in the sixth register and the data in the third register, and updates the operation result to the data in the third register;
the coprocessor performs twelve-time domain multiplication operation on the data in the fourth register and the data in the fifth register, and updates the operation result to the data in the fifth register;
the coprocessor executes line function point addition operation according to the data in the first register, the data in the seventh register, the data in the third register and the data in the fourth register, and updates the operation result to the data in the fourth register;
the coprocessor executes secondary domain expansion point addition operation according to the data in the seventh register and the data in the third register, and updates the operation result to the data in the third register;
and the coprocessor performs twelve-time domain multiplication operation on the data in the fourth register and the data in the fifth register, and updates the data in the fifth register with the operation result.
And step S14, the coprocessor calculates the data in the fifth register to obtain and store the calculation result of the linear pair.
In one possible implementation manner, after updating the data in the fifth register, the coprocessor performs operation according to the updated data in the fifth register to obtain a corresponding linear pair operation result, and stores the linear pair operation result.
In the application, the effective operation of the bilinear pairings of the SM9 password system is realized, the time of the bilinear pairings in the operation process is reduced, and the speed of the bilinear pairings is improved.
Based on the above technical solution of the implementation method for accelerating SM9 bilinear pairwise operation in the embedded system provided by the present application, the present application correspondingly provides a schematic structural diagram of an implementation apparatus for accelerating SM9 bilinear pairwise operation in the embedded system, as shown in fig. 2, the implementation apparatus 20 for accelerating SM9 bilinear pairwise operation in the embedded system of the present application may include:
the first processing module 21 is configured to calculate to obtain first coordinate data and second coordinate data according to the obtained random number, store the first coordinate data in the first register, and store the second coordinate data in the second register;
the second processing module 22 is configured to map the data in the second register to third coordinate data, and store the mapped third coordinate data in a third register;
the third processing module 23 is configured to obtain a second preset value, and arrange the second preset value in sequence from high to low according to the number of bits of the second preset value; if the bit with the highest current bit number is a non-specific bit, the fourth processing module 24 performs processing; if the bit with the highest current bit number is the specific bit, the eighth processing module 28 executes the processing;
a fourth processing module 24, configured to perform a line function point-fold operation according to the data in the first register and the data in the third register, and store an obtained operation result in a second data group of a fourth register;
a fifth processing module 25, configured to perform a dot multiplication operation on the data in the third register to obtain an operation result, and update the operation result with the data in the third register;
a sixth processing module 26, configured to perform twelve-time domain square operation on the first data group in the fifth register, and update the operation result with the data in the fifth register;
a seventh processing module 27, configured to perform twelve-domain multiplication on the data in the fourth register and the data in the fifth register, and update the operation result with the data in the fifth register; if the bit is not the last bit, sequentially selecting the bit with the highest next bit number, and performing traversal processing by the third processing module 23 according to the obtained data; if the bit is the last bit, the eleventh processing module 211 processes the data obtained based on the operation;
an eighth processing module 28, configured to perform a line function dot-and-add operation according to the data in the third register, the data in the first register, and the data in the second register, and update the operation result with the data in the second data group in the fourth register;
a ninth processing module 29, configured to perform a dot-and-add operation on the data in the third register and the data in the second register, and update the data in the third register with the operation result;
a tenth processing module 210, configured to perform twelve domain multiplication operations on the data in the fourth register and the data in the fifth register, and update the operation result with the data in the fifth register; after sequentially selecting the next bit with the highest bit number, the third processing module 23 performs traversal processing according to the obtained data;
the eleventh processing module 211 is configured to perform secondary domain expansion space operation according to the acquired first preset value, the acquired third preset value, and data in the second register, and store an obtained operation result in a sixth register and a seventh register;
a twelfth processing module 212, configured to perform a dot-and-add operation according to the data in the first register, the data in the sixth register, the data in the seventh register, the data in the third register, and the data in the fourth register, update the data in the fourth register and the data in the third register with the operation result, perform twelve domain multiplication operations according to the data in the fourth register and the data in the fifth register, and update the data in the fifth register with the operation result;
and the thirteenth processing module 213, configured to perform an operation on the data in the fifth register to obtain and store a linear pair operation result.
In a possible implementation manner, the first processing module 21 is configured to calculate an inverse of the random number with respect to the first preset value, and store the obtained operation result in the eighth register; performing dot product operation according to the random number and data in the first register, and storing an operation result into the first register; and performing dot product operation according to the data in the eighth register and the data in the second register, and storing the operation result into the second register.
In one possible implementation, the second processing module 22 is configured to map the two-dimensional second coordinate data in the second register to the three-dimensional third coordinate data in the third register.
In one possible implementation, the third processing module 23 is configured to obtain a second preset value 6 × t +2, determine the number of bits of the second preset value 6 × t +2, and arrange the bits in order from high to low, where the lowest number of bits is the 0 th bit.
In one possible implementation, the particular bit is the 1 st bit.
In one possible implementation, the twelfth processing module 212 is configured to perform a line function dot-and-add operation according to the data in the first register, the data in the sixth register, the data in the third register, and the data in the fourth register, and update the data in the fourth register with the operation result; performing secondary domain expansion point addition operation according to the data in the sixth register and the data in the third register, and updating the data in the third register with the operation result; performing twelve-domain multiplication operation according to the data in the fourth register and the data in the fifth register, and updating the data in the fifth register with the operation result; performing a line function point-and-point operation according to the data in the first register, the data in the seventh register, the data in the third register and the data in the fourth register, and updating the data in the fourth register with the operation result; performing secondary domain expansion point addition operation according to the data in the seventh register and the data in the third register, and updating the data in the third register with the operation result; and performing twelve-domain multiplication operation according to the data in the fourth register and the data in the fifth register, and updating the data in the fifth register according to the operation result.
In the application, the effective operation of the bilinear pairings of the SM9 password system is realized, the time of the bilinear pairings in the operation process is reduced, and the speed of the bilinear pairings is improved.
It will be understood by those within the art that each block of the block diagrams and/or flowchart illustrations, and combinations of blocks in the block diagrams and/or flowchart illustrations, can be implemented by computer program instructions. Those skilled in the art will appreciate that the computer program instructions may be implemented by a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, implement the aspects specified in the block or blocks of the block diagrams and/or flowchart illustrations disclosed herein.
The modules of the device can be integrated into a whole or can be separately deployed. The modules can be combined into one module, and can also be further split into a plurality of sub-modules.
Those skilled in the art will appreciate that the drawings are merely schematic representations of one preferred embodiment and that the blocks or flow diagrams in the drawings are not necessarily required to practice the present application.
Those skilled in the art will appreciate that the modules in the devices in the embodiments may be distributed in the devices in the embodiments according to the description of the embodiments, and may be correspondingly changed in one or more devices different from the embodiments. The modules of the above embodiments may be combined into one module, or further split into multiple sub-modules.
The above application serial numbers are for descriptive purposes only and do not represent the merits of the embodiments.
The disclosure of the present application is only a few specific embodiments, but the present application is not limited to these, and any variations that can be made by those skilled in the art are intended to fall within the scope of the present application.

Claims (12)

1. A realization method for accelerating SM9 bilinear pairing operation in an embedded system is characterized by comprising the following steps:
step S1, the coprocessor calculates to obtain a first coordinate data and a second coordinate data according to the acquired random number, and stores the first coordinate data into a first register and the second coordinate data into a second register;
step S2, the coprocessor maps the data in the second register to third coordinate data, and stores the mapped third coordinate data in a third register;
step S3, the coprocessor acquires a second preset value and arranges the second preset value in sequence from high to low according to the bit number of the second preset value;
step S4, if the bit with the highest bit number is the non-specific bit, go to step S5 to execute the processing; if the bit with the highest current bit number is the specific bit, the process goes to step S9 to execute the process;
step S5, the coprocessor carries out line function point multiplication operation according to the data in the first register and the data in the third register, and stores the obtained operation result into a second data group of a fourth register;
step S6, the coprocessor performs a dot multiplication operation on the data in the third register to obtain an operation result, and updates the operation result with the data in the third register;
step S7, the coprocessor carries out twelve times of domain square operation on the first data group in the fifth register, and updates the operation result to the data in the fifth register;
step S8, the coprocessor performs twelve-domain multiplication on the data in the fourth register and the data in the fifth register, and updates the operation result with the data in the fifth register; if the bit is not the last bit, sequentially selecting the bit with the highest next bit number, and then switching to the step S4 for traversal processing according to the data obtained in the steps S5 to S8; if the bit is the last bit, the data obtained based on the above operation is transferred to step S12 for processing;
step S9, the coprocessor performs a line function point add operation according to the data in the third register, the data in the first register, and the data in the second register, and updates the operation result with the data in the second data group in the fourth register;
step S10, the coprocessor performs a dot-and-add operation according to the data in the third register and the data in the second register, and updates the data in the third register with the operation result;
step S11, the coprocessor performs twelve-domain multiplication operations on the data in the fourth register and the data in the fifth register, and updates the operation result with the data in the fifth register; after sequentially selecting the bit with the highest next bit number, switching to the step S4 for traversal processing according to the data obtained in the steps S9 to S11;
step S12, the coprocessor carries out secondary domain expansion space operation according to the acquired first preset value, third preset value and the data in the second register, and stores the obtained operation result into a sixth register and a seventh register;
step S13, the coprocessor performs a dot-and-add operation according to the data in the first register, the data in the sixth register, the data in the seventh register, the data in the third register, and the data in the fourth register, updates the data in the fourth register and the data in the third register with the operation result, performs twelve domain multiplication operations according to the data in the fourth register and the data in the fifth register, and updates the data in the fifth register with the operation result;
and step S14, the coprocessor calculates the data in the fifth register to obtain and store a linear pair calculation result.
2. The method according to claim 1, wherein the step S1 includes:
the coprocessor calculates the inverse of the random number relative to a first preset value and stores an obtained operation result into an eighth register;
the coprocessor carries out dot product operation according to the random number and the data in the first register and stores an operation result into the first register;
and the coprocessor performs dot product operation according to the data in the eighth register and the data in the second register and stores the operation result to the second register.
3. The method according to claim 2, wherein the step S2 includes:
and the coprocessor maps the two-dimensional second coordinate data in the second register to the three-dimensional third coordinate data in the third register.
4. The method according to claim 1, wherein the step S3 includes:
the coprocessor acquires a second preset value 6 x t +2, determines the bit number of the second preset value 6 x t +2, and arranges the bit numbers in sequence from high to low, wherein the lowest bit number is the 0 th bit.
5. The method as claimed in claim 1, wherein the specific bit in the step S4 is a 1 st bit.
6. The method according to claim 3, wherein the step S13 includes:
the coprocessor executes a line function point addition operation according to the data in the first register, the data in the sixth register, the data in the third register and the data in the fourth register, and updates the operation result to the data in the fourth register;
the coprocessor executes secondary domain expansion point addition operation according to the data in the sixth register and the data in the third register, and updates the operation result to the data in the third register;
the coprocessor performs twelve-time domain multiplication operation according to the data in the fourth register and the data in the fifth register, and updates the operation result to the data in the fifth register;
the coprocessor executes a line function point addition operation according to the data in the first register, the data in the seventh register, the data in the third register and the data in the fourth register, and updates the operation result to the data in the fourth register;
the coprocessor executes secondary domain expansion point addition operation according to the data in the seventh register and the data in the third register, and updates the operation result to the data in the third register;
and the coprocessor performs twelve-time domain multiplication operation on the data in the fourth register and the data in the fifth register, and updates the operation result to the data in the fifth register.
7. An apparatus for accelerating SM9 bilinear pairwise operation in an embedded system, comprising:
the first processing module is used for calculating to obtain first coordinate data and second coordinate data according to the acquired random number, and storing the first coordinate data into a first register and the second coordinate data into a second register;
the second processing module is used for mapping the data in the second register to third coordinate data and storing the mapped third coordinate data into a third register;
the third processing module is used for acquiring a second preset value and sequentially arranging the second preset value according to the bit number of the second preset value from high to low; if the bit with the highest current bit number is a non-specific bit, the fourth processing module executes processing; if the bit with the highest current bit number is the specific bit, the eighth processing module executes processing;
the fourth processing module is used for performing line function point multiplication operation according to the data in the first register and the data in the third register and storing an obtained operation result into a second data group of a fourth register;
the fifth processing module is used for performing point multiplication operation on the data in the third register to obtain an operation result, and updating the data in the third register with the operation result;
the sixth processing module is used for performing twelve-time domain square operation on the first data group in the fifth register and updating the data in the fifth register with the operation result;
a seventh processing module, configured to perform twelve-domain multiplication on the data in the fourth register and the data in the fifth register, and update the data in the fifth register with an operation result; if the bit is not the last bit, sequentially selecting the bit with the highest next bit number, and performing traversal processing by the third processing module according to the obtained data; if the bit is the last bit, processing the data obtained based on the operation by an eleventh processing module;
the eighth processing module is configured to perform a line function point addition operation according to the data in the third register, the data in the first register, and the data in the second register, and update the operation result with the data in the second data group in the fourth register;
the ninth processing module is used for performing a dot-and-add operation on the data in the third register and the data in the second register and updating the data in the third register with the operation result;
a tenth processing module, configured to perform twelve-domain multiplication operations on the data in the fourth register and the data in the fifth register, and update the operation result with the data in the fifth register; after sequentially selecting the bit with the highest bit number, the third processing module performs traversal processing according to the obtained data;
the eleventh processing module is configured to perform secondary domain expansion space operation according to the acquired first preset value, the acquired third preset value and the data in the second register, and store an obtained operation result in a sixth register and a seventh register;
a twelfth processing module, configured to perform a dot-and-add operation according to the data in the first register, the data in the sixth register, the data in the seventh register, the data in the third register, and the data in the fourth register, update the data in the fourth register and the data in the third register with an operation result, perform twelve domain multiplication operations according to the data in the fourth register and the data in the fifth register, and update the data in the fifth register with the operation result;
and the thirteenth processing module is used for operating the data in the fifth register to obtain and store a linear pair operation result.
8. The apparatus of claim 7, wherein the first processing module is configured to compute an inverse of the random number with respect to a first preset value, and store a result of the computation in an eighth register; performing dot product operation according to the random number and data in the first register, and storing an operation result into the first register; and performing dot product operation according to the data in the eighth register and the data in the second register, and storing an operation result to the second register.
9. The apparatus of claim 8, wherein the second processing module is to map second coordinate data in two dimensions in a second register to third coordinate data in three dimensions in a third register.
10. The apparatus of claim 7, wherein the third processing module is configured to obtain a second preset value 6 × t +2, determine the number of bits of the second preset value 6 × t +2, and arrange the bits in order from high to low, wherein the lowest number of bits is 0 th bit.
11. The apparatus of claim 7, wherein the specific bit is a 1 st bit.
12. The apparatus of claim 9, wherein the twelfth processing module is configured to perform a line function dot-and-add operation on the data in the first register, the data in the sixth register, the data in the third register, and the data in the fourth register, and update the data in the fourth register with the operation result; performing a second domain expansion point addition operation according to the data in the sixth register and the data in the third register, and updating the data in the third register with the operation result; performing twelve-domain multiplication operation according to the data in the fourth register and the data in the fifth register, and updating the data in the fifth register according to the operation result; performing a line function point-and-point operation according to the data in the first register, the data in the seventh register, the data in the third register and the data in the fourth register, and updating the data in the fourth register with the operation result; performing a second domain expansion point addition operation according to the data in the seventh register and the data in the third register, and updating the data in the third register with the operation result; and performing twelve-domain multiplication operation according to the data in the fourth register and the data in the fifth register, and updating the data in the fifth register according to the operation result.
CN202011609326.6A 2020-12-30 2020-12-30 Implementation method and device for accelerating SM9 bilinear pairing operation in embedded system Active CN112769553B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011609326.6A CN112769553B (en) 2020-12-30 2020-12-30 Implementation method and device for accelerating SM9 bilinear pairing operation in embedded system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011609326.6A CN112769553B (en) 2020-12-30 2020-12-30 Implementation method and device for accelerating SM9 bilinear pairing operation in embedded system

Publications (2)

Publication Number Publication Date
CN112769553A true CN112769553A (en) 2021-05-07
CN112769553B CN112769553B (en) 2022-08-19

Family

ID=75697580

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011609326.6A Active CN112769553B (en) 2020-12-30 2020-12-30 Implementation method and device for accelerating SM9 bilinear pairing operation in embedded system

Country Status (1)

Country Link
CN (1) CN112769553B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113660087A (en) * 2021-07-06 2021-11-16 浙江传媒学院 SM9 identification cryptographic algorithm hardware implementation system based on finite field
CN113676335A (en) * 2021-10-21 2021-11-19 飞天诚信科技股份有限公司 Method and device for realizing signature in security chip

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101300775A (en) * 2005-10-31 2008-11-05 松下电器产业株式会社 Secure processing device, secure processing method, encrypted confidential information embedding method, program, storage medium, and integrated circuit
CN103092688A (en) * 2012-12-28 2013-05-08 飞天诚信科技股份有限公司 Generating coordinate point method in embedded system
CN107294719A (en) * 2017-06-19 2017-10-24 北京万协通信息技术有限公司 A kind of encryption-decryption coprocessor of Bilinear map computing
CN107896142A (en) * 2017-10-11 2018-04-10 大唐微电子技术有限公司 A kind of method and device for performing Montgomery Algorithm, computer-readable recording medium
US20190190713A1 (en) * 2016-08-30 2019-06-20 Mitsubishi Electric Corporation Encryption system, encryption method, and computer readable medium

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101300775A (en) * 2005-10-31 2008-11-05 松下电器产业株式会社 Secure processing device, secure processing method, encrypted confidential information embedding method, program, storage medium, and integrated circuit
CN103092688A (en) * 2012-12-28 2013-05-08 飞天诚信科技股份有限公司 Generating coordinate point method in embedded system
US20190190713A1 (en) * 2016-08-30 2019-06-20 Mitsubishi Electric Corporation Encryption system, encryption method, and computer readable medium
CN107294719A (en) * 2017-06-19 2017-10-24 北京万协通信息技术有限公司 A kind of encryption-decryption coprocessor of Bilinear map computing
CN107896142A (en) * 2017-10-11 2018-04-10 大唐微电子技术有限公司 A kind of method and device for performing Montgomery Algorithm, computer-readable recording medium

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
YIHONG LONG 等: "Collaborative Generations of SM9 Private Key and Digital Signature using Homomorphic Encryption", 《2020 5TH INTERNATIONAL CONFERENCE ON COMPUTER AND COMMUNICATION SYSTEMS(ICCCS)》 *
郝中源: "基于FPGA的双线性对密码算法并行架构设计", 《南开大学学报(自然科学版)》 *

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113660087A (en) * 2021-07-06 2021-11-16 浙江传媒学院 SM9 identification cryptographic algorithm hardware implementation system based on finite field
CN113660087B (en) * 2021-07-06 2023-09-26 浙江传媒学院 SM9 identification cipher algorithm hardware realization system based on finite field
CN113676335A (en) * 2021-10-21 2021-11-19 飞天诚信科技股份有限公司 Method and device for realizing signature in security chip
CN113676335B (en) * 2021-10-21 2021-12-28 飞天诚信科技股份有限公司 Method and device for realizing signature in security chip

Also Published As

Publication number Publication date
CN112769553B (en) 2022-08-19

Similar Documents

Publication Publication Date Title
JP6083234B2 (en) Cryptographic processing device
CN106850221B (en) Information encryption and decryption method and device
CN112769553B (en) Implementation method and device for accelerating SM9 bilinear pairing operation in embedded system
US9553722B2 (en) Generating a key based on a combination of keys
CN107425971B (en) Certificateless data encryption/decryption method and device and terminal
WO2016153430A1 (en) Method of obfuscating data
Wang et al. Fast encryption scheme for 3D models based on chaos system
CN109361644A (en) A kind of Fog property base encryption method for supporting fast search and decryption
JP2016526851A (en) System for sharing encryption keys
US9544277B1 (en) KAFKA: A cellular automation / complex Fibonacci sequences-based technique for encrypting and decrypting audio, video and text messages
CN111556048B (en) Attribute-based secure communication method and system supporting ciphertext mode matching
CN103067165A (en) Outsourcing calculation method, device and server of public key system
CN112733177A (en) Hierarchical identification password encryption method based on global hash
CN111555861A (en) Circular range query method and system in cloud environment based on position privacy protection
Feng et al. A symmetric image encryption approach based on line maps
CN108768634B (en) Verifiable cryptographic signature generation method and system
Iovane et al. An Information Fusion approach based on prime numbers coming from RSA algorithm and Fractals for secure coding
Mushtaq et al. Triangular coordinate extraction (TCE) for hybrid cubes
CN110798313B (en) Secret dynamic sharing-based collaborative generation method and system for number containing secret
CN110879894A (en) Image encryption and decryption method based on lazy scale transformation and random layered fusion
CN116886273A (en) Three-dimensional medical image encryption method based on biological characteristic key and cubic S box
Tabash et al. Image encryption algorithm based on chaotic map
CN111010273A (en) Attribute-based encryption and decryption method and system based on position decryption
CN112769556B (en) Implementation method and device for accelerating SM9 bilinear pairing operation in embedded system
JP6000188B2 (en) KEY EXCHANGE DEVICE, KEY EXCHANGE SYSTEM, KEY EXCHANGE METHOD, AND PROGRAM

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant