CN114510273B - Processor and method for realizing scalar multiplication operation of elliptic curve password - Google Patents

Processor and method for realizing scalar multiplication operation of elliptic curve password Download PDF

Info

Publication number
CN114510273B
CN114510273B CN202210418263.9A CN202210418263A CN114510273B CN 114510273 B CN114510273 B CN 114510273B CN 202210418263 A CN202210418263 A CN 202210418263A CN 114510273 B CN114510273 B CN 114510273B
Authority
CN
China
Prior art keywords
point
multiplier
scalar multiplication
elliptic curve
computing units
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202210418263.9A
Other languages
Chinese (zh)
Other versions
CN114510273A (en
Inventor
汪建强
李冬
郑茳
肖佐楠
匡启和
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
CCore Technology Suzhou Co Ltd
Original Assignee
CCore Technology Suzhou Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by CCore Technology Suzhou Co Ltd filed Critical CCore Technology Suzhou Co Ltd
Priority to CN202210418263.9A priority Critical patent/CN114510273B/en
Publication of CN114510273A publication Critical patent/CN114510273A/en
Application granted granted Critical
Publication of CN114510273B publication Critical patent/CN114510273B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/30Arrangements for executing machine instructions, e.g. instruction decode
    • G06F9/30003Arrangements for executing specific machine instructions
    • G06F9/30007Arrangements for executing specific machine instructions to perform operations on data operands
    • G06F9/3001Arithmetic instructions
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F7/00Methods or arrangements for processing data by operating upon the order or content of the data handled
    • G06F7/38Methods or arrangements for performing computations using exclusively denominational number representation, e.g. using binary, ternary, decimal representation
    • G06F7/48Methods or arrangements for performing computations using exclusively denominational number representation, e.g. using binary, ternary, decimal representation using non-contact-making devices, e.g. tube, solid state device; using unspecified devices
    • G06F7/483Computations with numbers represented by a non-linear combination of denominational numbers, e.g. rational numbers, logarithmic number system or floating-point numbers
    • G06F7/485Adding; Subtracting
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F7/00Methods or arrangements for processing data by operating upon the order or content of the data handled
    • G06F7/38Methods or arrangements for performing computations using exclusively denominational number representation, e.g. using binary, ternary, decimal representation
    • G06F7/48Methods or arrangements for performing computations using exclusively denominational number representation, e.g. using binary, ternary, decimal representation using non-contact-making devices, e.g. tube, solid state device; using unspecified devices
    • G06F7/483Computations with numbers represented by a non-linear combination of denominational numbers, e.g. rational numbers, logarithmic number system or floating-point numbers
    • G06F7/487Multiplying; Dividing
    • G06F7/4876Multiplying
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/30Arrangements for executing machine instructions, e.g. instruction decode
    • G06F9/38Concurrent instruction execution, e.g. pipeline or look ahead
    • G06F9/3867Concurrent instruction execution, e.g. pipeline or look ahead using instruction pipelines

Landscapes

  • Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Mathematical Optimization (AREA)
  • Computational Mathematics (AREA)
  • Mathematical Analysis (AREA)
  • Pure & Applied Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Software Systems (AREA)
  • Nonlinear Science (AREA)
  • Complex Calculations (AREA)

Abstract

The disclosed embodiments relate to a processor and method for implementing scalar multiplication operations for elliptic curve cryptography. The processor for realizing the scalar multiplication operation of the elliptic curve cryptosystem comprises: a first multiplier and a second multiplier, both having a three-stage pipeline structure; the plurality of computing units are respectively used for storing operation data and are respectively electrically connected with the first multiplier or the second multiplier; a plurality of adders, each adder electrically connected to one of the plurality of computing units; a system clock for providing a clock signal; and the controller is electrically connected with the plurality of computing units and is used for controlling the plurality of computing units to execute scalar multiplication operation of the elliptic curve password. The processor for realizing the scalar multiplication operation of the elliptic curve password can reduce occupied hardware resources, reduce power consumption and greatly improve the operation performance of the scalar multiplication operation of the elliptic curve password.

Description

Processor and method for realizing scalar multiplication operation of elliptic curve password
Technical Field
The disclosed embodiments relate to the field of cryptographic technologies, and in particular, to a processor and a method for implementing scalar multiplication operations of elliptic curve cryptography.
Background
An Elliptic Curve Cryptography (ECC) system is an algorithm for establishing public key encryption, and is a Cryptography system constructed based on an Elliptic Curve discrete logarithm problem. With the continuous development of 5G technology and artificial intelligence technology, there is a higher demand for the performance of ECC elliptic curve cryptography.
However, the ECC cryptosystem is complex in theory and large in operation amount, and the existing technology is difficult to meet the requirement of computing performance. In the prior art, there are generally three situations. Using low bit width multipliers results in lower performance of the operator; the use of a larger number of multipliers results in greater power consumption; the high-bit-width multiplier is used, and the hardware cannot meet the requirement, so that the operation process can only be operated at a lower frequency, and the operation performance is lower.
Disclosure of Invention
In view of the above, it is desirable to provide a processor and a method for implementing scalar multiplication of elliptic curve cryptography, which can maximize the use of hardware resources and improve the computation performance, in order to solve the above-mentioned technical problems.
In a first aspect, an embodiment of the present disclosure provides a processor for implementing a scalar multiplication operation of an elliptic curve cipher, including:
the first multiplier and the second multiplier are respectively provided with a three-stage pipeline structure, the three-stage pipeline structure corresponds to three clock cycles, each stage of pipeline structure corresponds to one sub multiplier, and the next stage of sub multiplier receives parameters and calculation results transmitted by the previous stage of sub multiplier;
the plurality of computing units are respectively used for storing point multiplication data or point addition data, and are respectively electrically connected with the first multiplier or the second multiplier;
a plurality of adders, each adder electrically connected to one of the plurality of computing units;
a system clock for providing a clock signal;
and the controller is electrically connected with the plurality of computing units and is used for controlling the plurality of computing units to execute scalar multiplication operation of the elliptic curve password.
In one embodiment, the plurality of computing units are respectively configured to store point doubling operation data or point adding operation data, and include:
the plurality of calculation units comprise six calculation units, wherein the first calculation unit and the second calculation unit are used for storing point doubling operation data, and the third calculation unit, the fourth calculation unit, the fifth calculation unit and the sixth calculation unit are used for storing point addition operation data.
In one embodiment, the plurality of computing units are electrically connected to the first multiplier or the second multiplier respectively, and include:
any three of the plurality of computing units are electrically connected with the first multiplier in sequence, and the remaining three computing units are electrically connected with the second multiplier in sequence.
In one embodiment, the plurality of computing units are electrically connected to the first multiplier or the second multiplier respectively, and include:
the first calculating unit, the second calculating unit and the sixth calculating unit are electrically connected with the first multiplier, and the third calculating unit, the fourth calculating unit and the fifth calculating unit are electrically connected with the second multiplier.
In a second aspect, the disclosed embodiments also provide a method for implementing scalar multiplication of an elliptic curve cipher, where the method is applied to a processor implementing scalar multiplication of an elliptic curve cipher, and the processor implementing scalar multiplication of the elliptic curve cipher includes a first multiplier and a second multiplier, where the first multiplier and the second multiplier both have a three-stage pipeline structure, the three-stage pipeline structure respectively corresponds to three clock cycles, each stage pipeline structure corresponds to one sub-multiplier, and a next stage sub-multiplier receives parameters and calculation results transmitted from a previous stage sub-multiplier; the plurality of computing units are respectively used for storing point multiplication data or point addition data, and are respectively electrically connected with the first multiplier or the second multiplier; a plurality of adders, each adder electrically connected to one of the plurality of computing units; a system clock for providing a clock signal; the controller is electrically connected with the plurality of computing units and is used for controlling the plurality of computing units to execute scalar multiplication operation of the elliptic curve password, and the controller comprises:
acquiring coordinates and scalar multiplication coefficients of a first point on an elliptic curve equation, wherein the elliptic curve equation is determined according to parameters of an elliptic curve password;
determining operation data of each of the plurality of calculation units according to the scalar multiplication coefficient and the coordinates of the first point, wherein the operation data comprises point multiplication data or point addition data;
and under the control of a clock period, controlling the first multiplier, the second multiplier and the adder to operate the operation data according to a point doubling operation rule and a point adding operation rule to obtain an operation result.
In one embodiment, the determining operation data of each of the plurality of calculation units according to the scalar multiplication factor and the coordinate of the first point, the operation rule including a multiple point operation data or a point addition operation data, includes:
expanding the scalar multiplication coefficient according to a binary system, and determining a binary value of each digit of the expanded scalar multiplication coefficient;
and determining the operation data corresponding to the binary value according to the coordinates of the first point according to the sequence from the lower bit to the upper bit.
In one embodiment, the determining operation data corresponding to the binary value according to the coordinates of the first point in the order from the lower bit to the upper bit includes:
under the condition that the binary number value is zero, determining an operation rule to perform point doubling operation on the coordinates of the first point;
and determining the operation data corresponding to each calculation unit according to the operation rule, and updating the operation result to the coordinate of the first point.
In one embodiment, the determining operation data corresponding to the binary number value according to the coordinate of the first point in the order from the lower bit to the upper bit includes:
under the condition that the binary value is 1 for the first time, determining an operation rule that the coordinate of the first point is assigned to a second point on the elliptic curve equation, and performing point doubling operation on the coordinate of the first point;
and determining the operation data corresponding to each calculation unit according to the operation rule, and updating the operation result to the coordinate of the first point.
In one embodiment, the determining operation data corresponding to the binary value according to the coordinates of the first point in the order from the lower bit to the upper bit includes:
under the condition that the binary value is 1 and is not 1 for the first time, determining an operation rule that the coordinate of the first point is subjected to point doubling operation, and the coordinate of the first point and the coordinate of the second point are subjected to point addition operation;
and determining the operation data corresponding to each calculation unit according to the operation rule, updating the point multiplication operation result to the coordinate of the first point, and updating the point addition operation result to the coordinate of the second point.
In one embodiment, the controlling the first multiplier, the second multiplier and the adder to operate the coordinate of the first point according to the operation rule to obtain an operation result includes:
controlling the first multiplier, the second multiplier and the adder to sequentially calculate the coordinates of the first point from a low order to a high order according to a calculation rule corresponding to the binary number value;
and determining the coordinate of the second point after the highest-order operation of the expanded scalar multiplication coefficient is finished as the result of the elliptic curve password scalar multiplication operation.
According to the embodiment of the disclosure, two multipliers, a plurality of adders and a controller are arranged to execute scalar multiplication operation of elliptic curve passwords according to calculation rules stored in a calculation unit, wherein the two multipliers are both arranged in a three-level pipeline structure; meanwhile, the two multipliers are of three-level pipeline structures, and can simultaneously perform parallel operation on the six computing units, so that the operation performance of scalar multiplication operation of the elliptic curve password is greatly improved.
Drawings
FIG. 1 is a block diagram of a processor that implements scalar multiplication operations for elliptic curve cryptography, according to an embodiment;
FIG. 2 is a flow diagram illustrating a method for performing scalar multiplication of elliptic curve cryptography, according to one embodiment;
FIG. 3 is a flowchart illustrating a method for performing scalar multiplication of elliptic curve cryptography, according to an embodiment.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present disclosure more clearly understood, the embodiments of the present disclosure are described in further detail below with reference to the accompanying drawings and the embodiments. It is to be understood that the specific embodiments described herein are merely illustrative of the embodiments of the disclosure and that no limitation to the embodiments of the disclosure is intended.
For the convenience of those skilled in the art to understand the technical solutions provided by the embodiments of the present disclosure, the following description will first explain technical backgrounds for implementing the technical solutions.
Elliptic Curve Cryptography (ECC), which was proposed in 1985 by n.koblitz and v.miller, utilizes a class of cryptosystems that results from replacing finite cyclic groups in the discrete logarithm problem with finite groups of elliptic curves over finite fields. The elliptic curve cipher has the advantages of high safety performance, fast processing speed, low bandwidth requirement, small memory space, etc. compared with RSA, ECC has superiority in key length and operation speed.
In elliptic curve cryptography, the core operation is scalar multiplication (k × Q), where Q is a point on the elliptic curve and k is a scalar value. Scalar multiplication can be decomposed into two basic operations: dot-add operations (ECPADD) and double-dot operations (ECPDBL).
The point addition operation is such that the result of the addition of two different points remains a point on the elliptic curve. The doubling operation makes the result of adding two identical points still a point on the elliptic curve. Unlike ordinary operations, point addition is only used when two points are different.
None of the above algorithms is a normal operation, but a modulo operation. In the double-point operation, the most time-consuming operation is the modular multiplication operation. The Montgomery modular multiplication algorithm has high efficiency and is convenient to realize. Montgomery modular multiplication requires the conversion of a common number A to a Montgomery number A' = A x R mod N during use. In order to multiply two montgomery numbers a '= a × R mod N and B' = B × R mod N to result in (a × B) = R mod N, the montgomery modular multiplication operation is defined as MM (a ', B') = (a '× B')/R-1 mod N. R is typically an integer convenient for reduction, such as 232 or 264, and the like.
If the input and output of the double-point operation are both Montgomery numbers, their internal corresponding modular multiplication operations can be replaced by Montgomery modular multiplication mode.
Based on the technical background described above, embodiments of the present disclosure provide a processor and a method for implementing scalar multiplication operations of elliptic curve cryptography.
Fig. 1 is a schematic diagram illustrating a structure of a processor for implementing a scalar multiplication operation of an elliptic curve cryptosystem according to an exemplary embodiment, and referring to fig. 1, the processor for implementing the scalar multiplication operation of the elliptic curve cryptosystem includes:
the first multiplier and the second multiplier are respectively provided with a three-level pipeline structure, the three-level pipeline structure respectively corresponds to three clock cycles, each level of pipeline structure corresponds to one sub multiplier, and the next-level sub multiplier receives parameters and calculation results transmitted by the previous-level sub multiplier;
in the embodiment of the disclosure, two multipliers are arranged in a processor for realizing scalar multiplication operation of elliptic curve cryptography, and the two multipliers have the same structure, wherein each multiplier is a multiplier with a three-level pipeline structure. The three-level pipeline structure corresponds to three clock cycles respectively, each level of pipeline structure corresponds to one sub-multiplier, and each sub-multiplier finishes a part of operation steps in multiplication operation. That is, when the multiplier executes multiplication, each clock cycle completes the multiplication step in the first-stage flowing water, and the final result of the multiplication is obtained after three clock cycles. When the multiplier performs operation, when one multiplication is performed to the second-stage pipeline, after the parameters and the calculation result corresponding to the multiplication are transmitted to the second sub-multiplier, the next multiplication can enter the first sub-multiplier to complete the first-stage pipeline operation, that is, when the multiplier performs multiplication, three sub-multipliers corresponding to the three-stage pipeline structure can simultaneously perform parallel calculation on three multiplications.
The plurality of computing units are respectively used for storing point multiplication data or point addition data, and are respectively electrically connected with the first multiplier or the second multiplier;
in the embodiment of the disclosure, a plurality of computing units are arranged in a processor for realizing scalar multiplication operation of elliptic curve cryptography, and are used for storing data of point multiplication operation and point addition operation. In the process of scalar multiplication operation of elliptic curve cryptography, point multiplication operation and point addition operation are involved, and operation data can be generated in the operation process. Each calculation unit is provided with a register for storing two operands, a register for storing an operation result, and two registers for storing an intermediate result (intermediate result of Montgomery modular multiplication algorithm) for multiplication, and when the calculation is carried out, according to the operation steps of point multiplication and point addition, the result is firstly taken from the first point coordinate, the second point coordinate or the intermediate result in the operation process, then the result is stored in the operand register, then the calculation is executed, and finally the result register is stored, and then the result register is stored in the register for storing the first point coordinate, the second point coordinate or the intermediate result in the operation according to the operation step.
A plurality of adders, each adder electrically connected to one of the plurality of computing units;
in the embodiment of the disclosure, a plurality of adders are arranged in a processor for realizing scalar multiplication of elliptic curve cryptography, and the adders are electrically connected with a plurality of computing units and are used for executing corresponding sum addition operations in the computing units. When the adder is electrically connected to the computing unit, it is usually only necessary to electrically connect the computing unit including the addition operation to the computing unit.
A system clock for providing a clock signal;
in an embodiment of the disclosure, a system clock is provided for providing a clock signal. In one example, a system clock is coupled to the multiplier, the adder, the computational unit, and the controller.
And the controller is electrically connected with the plurality of computing units and is used for controlling the plurality of computing units to execute scalar multiplication operation of the elliptic curve password.
In the embodiment of the disclosure, a controller is disposed in a processor for implementing scalar multiplication of an elliptic curve cipher, and the controller is electrically connected to the plurality of computing units and is used for controlling the plurality of computing units to execute the scalar multiplication of the elliptic curve cipher according to a preset operation rule. In one example, the controller consists of a 4-bit register. And setting the controller register to be 0 to represent the first step when the calculation of the multiple point and point addition operation is started, and adding 1 to represent the next operation (specifically, the operation of each step refers to the table one) after finishing signals of 6 calculation units are captured (unit finishing signals without calculation tasks exist all the time). When the value of the controller register equals 11, it indicates that the double dot and dot addition operation is finished.
According to the embodiment of the disclosure, two multipliers, a plurality of adders and a controller are arranged to execute scalar multiplication operation of elliptic curve passwords according to calculation rules stored in a calculation unit, wherein the two multipliers are both arranged in a three-level pipeline structure; meanwhile, the two multipliers are of a three-level pipeline structure, and can simultaneously perform parallel operation on the six computing units, so that the operation performance of scalar multiplication operation of the elliptic curve password is greatly improved.
In one embodiment, the plurality of computing units, respectively for storing the double-point operation data or the dot-plus operation data, include:
the plurality of calculation units comprise six calculation units, wherein the first calculation unit and the second calculation unit are used for storing point doubling operation data, and the third calculation unit, the fourth calculation unit, the fifth calculation unit and the sixth calculation unit are used for storing point addition operation data.
In the embodiment of the disclosure, when the computing unit is arranged, according to the principle of scalar multiplication operation in the scalar multiplication operation of the elliptic curve cryptosystem, the operation process includes a point multiplication operation and a point addition operation. And respectively storing corresponding data into the computing units according to the operation rules of the point doubling operation and the point adding operation, wherein the operation data of the point doubling operation are stored into the first computing unit and the second computing unit, and the operation data of the point adding operation are stored into the third computing unit, the fourth computing unit, the fifth computing unit and the sixth computing unit.
In the embodiment of the disclosure, two computing units are arranged for storing operation data of point doubling operation, four computing units are arranged for storing operation data of point addition operation, and six computing units are arranged in total. The embodiment of the disclosure sets six computing units, thereby providing a precondition for improving the operational performance by realizing parallel operation of all the computing units.
In one embodiment, the plurality of computing units are electrically connected to the first multiplier or the second multiplier respectively, and include:
any three of the plurality of computing units are electrically connected with the first multiplier in sequence, and the remaining three computing units are electrically connected with the second multiplier in sequence.
In the embodiment of the disclosure, three of the six calculating units are electrically connected to the first multiplier, and the other three calculating units are electrically connected to the second multiplier.
According to the embodiment of the disclosure, every three computing units are electrically connected with one multiplier, and because of the three-level pipeline structure of each multiplier, the parallel computing of six computing units can be realized, so that the operation performance of scalar multiplication operation of elliptic curve passwords is greatly improved.
In one embodiment, the plurality of computing units are electrically connected to the first multiplier or the second multiplier respectively, and include:
the first calculating unit, the second calculating unit and the sixth calculating unit are electrically connected with the first multiplier, and the third calculating unit, the fourth calculating unit and the fifth calculating unit are electrically connected with the second multiplier.
In the embodiment of the present disclosure, the first calculating unit, the second calculating unit, and the sixth calculating unit are electrically connected to the first multiplier, and the third calculating unit, the fourth calculating unit, and the fifth calculating unit are electrically connected to the second multiplier, wherein the multipliers are executed according to the above connection sequence when executing multiplication.
In the embodiment of the present disclosure, the operation flow of the multiplier of the three-stage pipeline structure is to calculate the operation data in the calculation unit according to the corresponding operation rule in the corresponding clock cycle. Therefore, the third computing unit is electrically connected to the second multiplier, so that the computing step in the third computing unit can still start computing in the first clock cycle when the first computing unit and the second computing unit do not need to compute multiplication. According to the embodiment of the disclosure, the connection sequence of the computing unit and the multiplier is set, so that the operation efficiency during scalar multiplication operation is further improved, and the operation performance of the processor is further improved.
In one example, two 256-bit multipliers using a three-stage pipeline structure are used, and a calculation unit determines whether multiplication or addition is used and determines operands according to a controller; the multiplier and adder determine to which register the result is stored, depending on the controller. The multiplication result can be obtained after three clock cycles, so that the time sequence of hardware can meet the requirement, the hardware can run at higher frequency, and the performance of ECC scalar multiplication operation is improved. And because there are only two multipliers, the power consumption will be at a relatively low level. In addition, because the multiplier has three stages of pipeline structures, each stage of pipeline structure can carry out different multiplication operations, so that ECC scalar multiplication operation under Jacobian coordinates can be carried out in parallel, and the operation speed is further improved.
Fig. 2 is a flowchart illustrating a method for implementing scalar multiplication of an elliptic curve cryptosystem according to an exemplary embodiment, and referring to fig. 2, the method for implementing scalar multiplication of an elliptic curve cryptosystem is applied to a processor for implementing scalar multiplication of an elliptic curve cryptosystem, where the processor for implementing scalar multiplication of an elliptic curve cryptosystem includes a first multiplier and a second multiplier, each of the first multiplier and the second multiplier has a three-stage pipeline structure, each of the three stages corresponds to three clock cycles, each stage of the pipeline structure corresponds to one sub-multiplier, and a next stage of the sub-multiplier receives parameters and calculation results from a previous stage of the sub-multipliers; the plurality of computing units are respectively used for storing point multiplication data or point addition data, and are respectively electrically connected with the first multiplier or the second multiplier; a plurality of adders, each adder electrically connected to one of the plurality of computing units; a system clock for providing a clock signal; the controller is electrically connected with the plurality of computing units and is used for controlling the plurality of computing units to execute scalar multiplication operation of the elliptic curve password, and the controller comprises:
step S201, obtaining coordinates and scalar multiplication coefficients of a first point on an elliptic curve equation, wherein the elliptic curve equation is determined according to parameters of an elliptic curve password;
in the embodiment of the disclosure, first, parameters and scalar multiplication coefficients of an elliptic curve equation input by a user are obtained, the elliptic curve equation is determined according to the parameters of the elliptic curve equation input by the user, and coordinates under Jacobian coordinates corresponding to coordinates of a base point on the elliptic curve equation are obtained, that is, the coordinates of the first point. In one example, obtaining the parameters P, A, B of the elliptic curve equation entered by the user may determine that the elliptic curve equation is Y ^ 2% P = (X ^3+ A ^ X + B)% P. The z coordinate of the parameter point P input by scalar multiplication is 1, because the real coordinate of the ECC point is an affine coordinate and only has x and y coordinates, only one z coordinate needs to be added when the affine coordinate is converted into a Jacobian coordinate, and the initial coordinate of z is 1.
Step S202, determining operation data of each calculation unit in the plurality of calculation units according to the scalar multiplication coefficient and the coordinates of the first point, wherein the operation data comprises multiple point operation data or point addition operation data;
in the embodiment of the present disclosure, an operation rule for the coordinates of the first point is determined according to the obtained scalar multiplication factor, where the operation for the coordinates of the first point includes a double-point operation and a point-and-add operation. And determining all point doubling operations and point addition operations to be executed on the coordinates of the first point according to the scalar multiplication coefficient, wherein all operation data are stored in corresponding computing units.
In one example, as shown in table 1, operation data of a double-dot operation is stored in the first calculation unit and the second calculation unit, and operation data of a dot-addition operation is stored in the third calculation unit, the fourth calculation unit, the fifth calculation unit, and the sixth calculation unit. Wherein, Az4 = A x z4 used in the second computing unit, and the initial value of z is 1, so the initial value of Az4 is A; (P) x ,P y ,P z ) Is the coordinate of the first point, (Q) x ,Q y ,Q z ) Is the coordinate of the second point, (X) 2 ,Y 2 ,Z 2 ) Coordinates (X) of new first point after the multiple point operation 3 ,Y 3 ,Z 3 ) And the coordinates of the second point after the point addition operation.
TABLE 1
Step (ii) of First computing unit Second computing unit Third computing unit Fourth calculating unit Fifth calculating unit Sixth calculation unit
1 L 5 =P x *P x L 6 =P y *P y L 1 =P z *P z L 2 =Q z *Q z L 3 =P z *Q y L 4 =Q z *P y
2 L 5 =L 5 +L 5 L 7 =L 5 +Az4 L 1 =Q x *L 1 L 2 =P x *L 2 L 3 =L 3 *L 1 L 4 =L 4 *L 2
3 L 6 =P x *L 6 X 2 =L 6 *L 6 L 1 =L 1 -L 2 L 3 = L 3 -L 4
4 L 5 =L 7 +L 5 L 6 =L 6 +L 6 X 3 =L 3 *L 3 Z 3 =P z *L 1 Y 3 = L 1 *L 1 L 4 =L 4 *L 1
5 L 7 =L 5 *L 5 Z 2 =P y *P z Z 3 =Z 3 *Q z L 1 =L 1 *Y 3 Y 3 =Y 3 *L 2 L 4 =L 4 *Y 3
6 L 6 =L 6 +L 6 Y 2 =X 2 +X 2 X 3 =X 3 -L 1 L 2 =Y 3 +Y 3
7 X 2 =L 6 +L 6 Y 2 =Y 2 +Y 2 X 3 =X 3 -L 2
8 X 2 =L 7 –X 2 L 7 =Y 2 +Y 2 Y 3 =Y 3 -X 3
9 L 6 =L 6 -X 2 Z 2 =Z 2 +Z 2 Y 3 =Y 3 *L 3
10 Y 2 =L 5 *L 6 Az4=L 7 *Az4 Y 3 =Y 3 -L 4
11 Y 2 =Y 2 -L 7 Az4=Az4+Az4
Step S203, under the control of a clock cycle, controlling the first multiplier, the second multiplier and the adder to perform an operation on the operation data according to a multiple point operation rule and a point addition operation rule to obtain an operation result.
In the embodiment of the present disclosure, all the operation steps are sequentially executed using the first multiplier, the second multiplier, and the adder, based on the data stored in the calculation unit, in accordance with the steps of the operation rule determined based on the scalar multiplication coefficient. When the adder and the multiplier perform the operation, the operation needs to be performed according to the clock period. In the operation process, the operation corresponding to each step in all the computing units is calculated in parallel, and the calculation of the next step is performed only after the operations to be executed in the same step corresponding to all the computing units are all completed. And after all the determined operation steps are operated, outputting a corresponding operation result as an operation result of scalar multiplication of the elliptic curve password. In one example, in a hardware design, there is usually a step index i, and each computing unit has a done signal done after the computation is completed (while the done signal of the computing unit that is not started is always present), when 6 done signals are captured, i is added by 1 to the next step, and then a start signal is sent to the needed computing unit, and the unit starts the computation. And when i equals 11, a bit calculation of the expanded scalar multiplication coefficient ends.
According to the embodiment of the disclosure, the operation data corresponding to the operation rule of the point doubling and the point adding are stored in the corresponding calculation units, and the operation steps in the calculation units are calculated by adopting the multipliers with two three-level pipeline structures, so as to obtain the operation result. The embodiment of the disclosure can realize the parallel computation of the computing unit through fewer multipliers, thereby not only reducing occupied hardware resources and power consumption, but also greatly improving the operational performance of the scalar multiplication operation of the elliptic curve cryptography.
In one embodiment, the determining operation data of each of the plurality of calculation units according to the scalar multiplication factor and the coordinates of the first point, the operation rule including a double-point operation data or a point-and-add operation data, includes:
expanding the scalar multiplication coefficient according to a binary system, and determining a binary value of each digit of the expanded scalar multiplication coefficient;
and determining the operation data corresponding to the binary value according to the coordinates of the first point according to the sequence from the lower bit to the upper bit.
In the embodiment of the present disclosure, after a scalar multiplication coefficient is obtained, binary expansion is performed on the scalar multiplication coefficient, and a binary value corresponding to each bit of the binary expanded scalar multiplication coefficient is determined. And determining an operation rule corresponding to the binary numerical value corresponding to each bit according to the sequence from the lower bit to the upper bit, and determining the operation data stored in each calculation unit according to the operation rule.
In one example, the operation from high to low bits is as follows:
point P, coefficient k, calculating Q = k × P, and expanding k according to binary system to obtain value k of each bit i Let Q = O (infinity point in ECC, i.e. corresponding to zero element), go through k from high to low: q = Q + Q (multiple point operation), if k i =1, Q = Q + P (dot addition), and finally Q is output.
While traversing from low to high is: if k is i =1, then Q = Q + P (dot-plus), P = P + P (dot-multiplied), and finally Q is output.
Obviously, in the above traversal from high to low, k is the number i Starts to traverse with the highest bit of 1 and does not go from low to high i The lowest bit of the data is 1, so that the traversal times from high to low are less and the performance is faster if parallel computation cannot be performed. In each traversal from high to low, the parameters of the point addition operation are the result of the multiple points, and in the traversal from low to high, the multiple points and the point addition have no mutual dependence relationship, so the operation of the multiple points and the point addition from high to low is sequential, the parallel operation cannot be performed, and the parallel operation can be realized from low to high. Therefore, when scalar multiplication is performed, if the condition of parallel operation of point multiplication and point addition can be satisfied from hardware, the operation performance during scalar multiplication is improved.
According to the embodiment of the disclosure, the operation rule corresponding to the scalar multiplication factor is determined by the numerical value of each bit after binary expansion corresponding to the scalar multiplication factor, so that the subsequent scalar multiplication operation can be executed.
In one embodiment, the determining operation data corresponding to the binary number value according to the coordinate of the first point in the order from the lower bit to the upper bit includes:
under the condition that the binary number value is zero, determining an operation rule to perform point doubling operation on the coordinates of the first point;
and determining the operation data corresponding to each calculation unit according to the operation rule, and updating the operation result to the coordinate of the first point.
In the embodiment of the present disclosure, the binary number value of the expanded scalar multiplication coefficient is determined in order from a lower order to a higher order, when the binary number value is zero, an operation rule is determined such that a point multiplication operation is performed on the coordinates of the first point, operation data corresponding to each calculation unit is determined according to the operation rule, and the coordinates of the first point are updated with the result of the point multiplication operation, that is, the result after the operation is completed is determined to be the new coordinates of the first point instead of the coordinates of the first point.
In the embodiment of the present disclosure, the operation data stored in each calculation unit in the case where the binary value is zero is determined.
In one embodiment, the determining operation data corresponding to the binary value according to the coordinates of the first point in the order from the lower bit to the upper bit includes:
under the condition that the binary value is 1 for the first time, determining an operation rule that the coordinate of the first point is assigned to a second point on the elliptic curve equation, and performing point doubling operation on the coordinate of the first point;
and determining the operation data corresponding to each calculation unit according to the operation rule, and updating the operation result to the coordinate of the first point.
In the embodiment of the present disclosure, the binary value of the expanded scalar multiplication coefficient is determined in the order from lower bits to upper bits, and when the binary value is the first 1 in the order from lower bits to upper bits, an operation rule is determined such that the coordinate of the first point is assigned to the second point, a multiple operation is performed on the coordinate of the first point, operation data corresponding to each calculation unit is determined according to the operation rule, and the coordinate of the first point is determined to be updated with the result of the multiple operation, that is, the result after the operation is completed is the new coordinate of the first point instead of the coordinate of the first point.
In the embodiment of the present disclosure, the operation data stored in each calculation unit in the case where the binary value is the first 1 from the upper bit to the lower bit is determined. In the embodiment of the disclosure, no dot addition operation is performed before traversing to the first bit 1 of the expanded scalar multiplication coefficient, and then the coordinate of the second point = O (an infinitely distant point, i.e. a zero point in an ECC system), and at this time, performing the dot addition operation on the coordinate of the first point and the coordinate of the second point is regarded as directly copying the coordinate of the first point to the second point, so that the operation amount can be reduced, and the power consumption can be reduced.
In one embodiment, the determining operation data corresponding to the binary value according to the coordinates of the first point in the order from the lower bit to the upper bit includes:
under the condition that the binary value is 1 and is not 1 for the first time, determining an operation rule that the coordinate of the first point is subjected to point doubling operation, and the coordinate of the first point and the coordinate of the second point are subjected to point addition operation;
and determining the operation data corresponding to each calculation unit according to the operation rule, updating the point multiplication operation result to the coordinate of the first point, and updating the point addition operation result to the coordinate of the second point.
In the embodiment of the present disclosure, the binary value of the expanded scalar multiplication coefficient is determined in the order from lower bits to upper bits, and when the binary value is 1 and is not the first 1 in the order from lower bits to upper bits, the operation rule is determined such that a point operation is performed on the coordinates of the first point, a point addition operation is performed on the coordinates of the first point and the coordinates of the second point, the operation data corresponding to each calculation unit is determined according to the operation rule, the point addition result is updated to the coordinates of the first point, the point addition result is updated to the coordinates of the second point, that is, the result after the point addition operation is completed replaces the coordinates of the first point to become the coordinates of a new first point, and the result after the point addition operation is completed replaces the coordinates of the second point to become the coordinates of a new second point.
In the embodiment of the present disclosure, the operation data stored in each calculation unit in the case where the binary value is 1 and is not the first 1 from the upper bit to the lower bit is determined.
In one embodiment, the controlling the first multiplier, the second multiplier and the adder to operate the coordinates of the first point according to the operation rule to obtain an operation result includes:
controlling the first multiplier, the second multiplier and the adder to sequentially calculate the coordinates of the first point from a low order to a high order according to an operation rule corresponding to the binary number value;
and determining the coordinate of the second point after the highest-order operation of the expanded scalar multiplication coefficient is finished as the result of the elliptic curve password scalar multiplication operation.
In the embodiment of the present disclosure, after determining all operation rules corresponding to the scalar multiplication factor, the multiplier and the adder are controlled to operate the coordinates of the first point according to a preset multiple point operation rule and a preset point addition operation rule. And finishing the operation flow after the operation rule corresponding to the highest bit in the expanded scalar multiplication coefficient is finished, and taking the data of the coordinates of the second point output at the moment as a final result of the elliptic curve password scalar multiplication operation.
After the operation rule is determined, the multiplier and the adder are controlled to operate the coordinate data of the first point, wherein the operation is performed sequentially according to the order from the lower order to the upper order of the expanded scalar coefficient, and the finally obtained coordinate of the second point is used as the operation result of scalar multiplication. The embodiment of the disclosure can perform operation according to the corresponding operation rule, and obtain the final operation result of scalar multiplication.
FIG. 3 is a flowchart illustrating a method for implementing scalar multiplication of an elliptic cryptographic curve according to an exemplary embodiment, referring to FIG. 3, first obtaining parameters (P, A, B) of an ECC elliptic curve input by a user, a coefficient k of the scalar multiplication, and a point P (P) in Jacobian coordinates x ,P y ,P z ) (ii) a Binary expansion of scalar multiplication coefficient k, each bit represented as k i And traverse from low to high when k i If =0, the point P is only multiplied; when k is i =1, if it is the first bit 1, the point P is copied to the point Q and the point P is subjected to a point doubling operation, if it is not the first bit 1, the point P is subjected to a point doubling operation, and the point P and the point Q are subjected to a point addition operation, the result of the point doubling operation is stored in the point P, and the result of the point addition operation is stored in the point Q. And when the scalar multiplication coefficient k is traversed, outputting a point Q as the result of the ECC scalar multiplication. Wherein (X) 3 ,Y 3 ,Z 3 ) And point Q (Q) x ,Q y ,Q z ) Using the same store, (X) 2 ,Y 2 ,Z 2 ) And point P (P) x ,P y ,P z ) The same storage is used, thereby reducing the storage space of the hardware. All operations need to perform modulo operation on P; except for P, other parameters all use a Montgomery mode, and the Montgomery modular multiplication algorithm is adopted in the modular multiplication algorithm, so that the modular operation is removed, and the calculation speed is improved.
It should be understood that, although the steps of the flowcharts in the figures are shown in order as indicated by the arrows, the steps are not necessarily performed in order as indicated by the arrows. The steps are not performed in the exact order shown and described, and may be performed in other orders, unless explicitly stated otherwise. Moreover, at least some of the steps in the figures may include multiple steps or multiple stages, which are not necessarily performed at the same time, but may be performed at different times, which are not necessarily performed in sequence, but may be performed alternately or at least partially in sequence with other steps or other steps.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by hardware instructions of a computer program, which can be stored in a non-volatile computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. Any reference to memory, databases, or other media used in the embodiments provided by the embodiments of the disclosure may include at least one of non-volatile and volatile memory. The nonvolatile Memory may include Read-Only Memory (ROM), magnetic tape, floppy disk, flash Memory, optical Memory, high-density embedded nonvolatile Memory, resistive Random Access Memory (ReRAM), Magnetic Random Access Memory (MRAM), Ferroelectric Random Access Memory (FRAM), Phase Change Memory (PCM), graphene Memory, and the like. Volatile Memory can include Random Access Memory (RAM), external cache Memory, and the like. By way of illustration and not limitation, RAM can take many forms, such as Static Random Access Memory (SRAM) or Dynamic Random Access Memory (DRAM), among others. The databases involved in the various embodiments provided by the embodiments of the present disclosure may include at least one of relational and non-relational databases. The non-relational database may include, but is not limited to, a block chain based distributed database, and the like. The processors referred to in the embodiments provided in the disclosure may be general processors, central processing units, graphics processors, digital signal processors, programmable logic devices, quantum computing-based data processing logic devices, etc., without being limited thereto.
The technical features of the above embodiments can be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the above embodiments are not described, but should be considered as the scope of the present specification as long as there is no contradiction between the combinations of the technical features.
The above-mentioned embodiments only express a few implementations of the embodiments of the present disclosure, and the descriptions thereof are specific and detailed, but not construed as limiting the scope of the claims of the embodiments of the present disclosure. It should be noted that, for those skilled in the art, variations and modifications can be made without departing from the concept of the embodiments of the present disclosure, and these are all within the scope of the embodiments of the present disclosure. Therefore, the protection scope of the embodiments of the present disclosure should be subject to the appended claims.

Claims (10)

1. A processor for performing scalar multiplication operations for elliptic curve cryptography, comprising:
the first multiplier and the second multiplier are respectively provided with a three-level pipeline structure, the three-level pipeline structure respectively corresponds to three clock cycles, each level of pipeline structure corresponds to one sub multiplier, and the next-level sub multiplier receives parameters and calculation results transmitted by the previous-level sub multiplier;
the plurality of computing units are respectively used for storing point multiplication data or point addition data, and are respectively electrically connected with the first multiplier or the second multiplier;
a plurality of adders, each adder electrically connected to one of the plurality of computing units;
a system clock for providing a clock signal;
and the controller is electrically connected with the plurality of computing units and is used for controlling the plurality of computing units to execute scalar multiplication operation of the elliptic curve password.
2. The processor of claim 1, wherein the plurality of computing units are configured to store multiple point operation data or point addition operation data, respectively, and comprise:
the plurality of calculation units comprise six calculation units, wherein the first calculation unit and the second calculation unit are used for storing point doubling operation data, and the third calculation unit, the fourth calculation unit, the fifth calculation unit and the sixth calculation unit are used for storing point addition operation data.
3. The processor of claim 2, wherein the plurality of computing units are electrically connected to the first multiplier or the second multiplier, respectively, and comprise:
any three of the plurality of computing units are electrically connected with the first multiplier in sequence, and the remaining three computing units are electrically connected with the second multiplier in sequence.
4. The processor of claim 2, wherein the plurality of computing units are electrically connected to the first multiplier or the second multiplier, respectively, and comprise:
the first calculating unit, the second calculating unit and the sixth calculating unit are electrically connected with the first multiplier, and the third calculating unit, the fourth calculating unit and the fifth calculating unit are electrically connected with the second multiplier.
5. A method for realizing scalar multiplication of elliptic curve passwords is applied to a processor for realizing the scalar multiplication of the elliptic curve passwords, and the processor for realizing the scalar multiplication of the elliptic curve passwords comprises a first multiplier and a second multiplier, wherein the first multiplier and the second multiplier are respectively provided with a three-stage pipeline structure, the three-stage pipeline structure respectively corresponds to three clock cycles, each stage of pipeline structure corresponds to one sub-multiplier, and the next stage of sub-multiplier receives parameters and calculation results transmitted by the previous stage of sub-multiplier; the plurality of computing units are respectively used for storing point multiplication data or point addition data, and are respectively electrically connected with the first multiplier or the second multiplier; a plurality of adders, each adder electrically connected to one of the plurality of computing units; a system clock for providing a clock signal; a controller electrically connected to the plurality of computing units, for controlling the plurality of computing units to perform scalar multiplication of elliptic curve cryptography, the controller comprising:
acquiring coordinates and scalar multiplication coefficients of a first point on an elliptic curve equation, wherein the elliptic curve equation is determined according to parameters of an elliptic curve password;
determining operation data of each of the plurality of calculation units according to the scalar multiplication coefficient and the coordinates of the first point, wherein the operation data comprises point multiplication data or point addition data;
and under the control of a clock period, controlling the first multiplier, the second multiplier and the adder to operate the operation data according to a point doubling operation rule and a point adding operation rule to obtain an operation result.
6. The method of claim 5, wherein determining operation data for each of the plurality of computing units based on the scalar multiplication factor and the coordinates of the first point, the operation rule comprising multiple point operation data or point addition operation data, comprises:
expanding the scalar multiplication coefficient according to a binary system, and determining a binary value of each digit of the expanded scalar multiplication coefficient;
and determining the operation data corresponding to the binary value according to the coordinates of the first point according to the sequence from the lower bit to the upper bit.
7. The method according to claim 6, wherein determining the operation data corresponding to the binary value according to the coordinates of the first point in the order from lower bits to upper bits comprises:
under the condition that the binary number value is zero, determining an operation rule to perform point doubling operation on the coordinates of the first point;
and determining the operation data corresponding to each calculation unit according to the operation rule, and updating the operation result to the coordinate of the first point.
8. The method according to claim 6, wherein determining the operation data corresponding to the binary value according to the coordinates of the first point in the order from lower bits to upper bits comprises:
under the condition that the binary value is 1 for the first time, determining an operation rule that the coordinate of the first point is assigned to a second point on the elliptic curve equation, and performing point doubling operation on the coordinate of the first point;
and determining the operation data corresponding to each calculation unit according to the operation rule, and updating the operation result to the coordinate of the first point.
9. The method according to claim 6, wherein determining the operation data corresponding to the binary value according to the coordinates of the first point in the order from lower bits to upper bits comprises:
under the condition that the binary value is 1 and is not 1 for the first time, determining an operation rule that the coordinate of the first point is subjected to point doubling operation, and the coordinate of the first point and the coordinate of the second point are subjected to point addition operation;
and determining the operation data corresponding to each calculation unit according to the operation rule, updating the point doubling operation result to the coordinate of the first point, and updating the point addition operation result to the coordinate of the second point.
10. The method according to any one of claims 6 to 9, wherein the controlling the first multiplier, the second multiplier and the adder to operate on the coordinate of the first point according to the operation rule to obtain an operation result comprises:
controlling the first multiplier, the second multiplier and the adder to sequentially calculate the coordinates of the first point from a low order to a high order according to a calculation rule corresponding to the binary number value;
and determining the coordinate of the second point after the highest-order operation of the expanded scalar multiplication coefficient is finished as the result of the elliptic curve password scalar multiplication operation.
CN202210418263.9A 2022-04-21 2022-04-21 Processor and method for realizing scalar multiplication operation of elliptic curve password Active CN114510273B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210418263.9A CN114510273B (en) 2022-04-21 2022-04-21 Processor and method for realizing scalar multiplication operation of elliptic curve password

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210418263.9A CN114510273B (en) 2022-04-21 2022-04-21 Processor and method for realizing scalar multiplication operation of elliptic curve password

Publications (2)

Publication Number Publication Date
CN114510273A CN114510273A (en) 2022-05-17
CN114510273B true CN114510273B (en) 2022-08-12

Family

ID=81554810

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210418263.9A Active CN114510273B (en) 2022-04-21 2022-04-21 Processor and method for realizing scalar multiplication operation of elliptic curve password

Country Status (1)

Country Link
CN (1) CN114510273B (en)

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105389157A (en) * 2015-10-29 2016-03-09 中国人民解放军国防科学技术大学 Goldschmidt algorithm-based floating-point divider

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7991154B2 (en) * 2008-05-14 2011-08-02 Univeristy of Castilla-La Mancha Exponentiation method using multibase number representation

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105389157A (en) * 2015-10-29 2016-03-09 中国人民解放军国防科学技术大学 Goldschmidt algorithm-based floating-point divider

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
二进制域上椭圆曲线密码ECC的高性能FPGA实现;尤文珠等;《计算机科学》(第08期);全文 *
素数域椭圆曲线密码加速器的VLSI实现;谢天艺等;《计算机工程与应用》(第01期);全文 *

Also Published As

Publication number Publication date
CN114510273A (en) 2022-05-17

Similar Documents

Publication Publication Date Title
Hasan et al. A modified Massey-Omura parallel multiplier for a class of finite fields
Öztürk et al. Low-power elliptic curve cryptography using scaled modular arithmetic
WO2015164996A1 (en) Elliptic domain curve operational method and elliptic domain curve operational unit
CN111966324B (en) Implementation method and device for multi-elliptic curve scalar multiplier and storage medium
Fan et al. Efficient hardware implementation of Fp-arithmetic for pairing-friendly curves
US7486789B2 (en) Device and method for calculation on elliptic curve
CN115344237A (en) Data processing method combining Karatsuba and Montgomery modular multiplication
CN114330730A (en) Quantum line block compiling method, device, equipment, storage medium and product
Gutub et al. Efficient scalable VLSI architecture for Montgomery inversion in GF (p)
Abdulrahman et al. New regular radix-8 scheme for elliptic curve scalar multiplication without pre-computation
Putranto et al. Another concrete quantum cryptanalysis of binary elliptic curves
CN114527956A (en) Computing method for non-fixed point scalar multiplication in SPA attack resistant SM2 cryptographic algorithm
CN101971138A (en) An apparatus and a method for calculating a multiple of a point on an elliptic curve
CN114510273B (en) Processor and method for realizing scalar multiplication operation of elliptic curve password
CN115348002A (en) Montgomery modular multiplication fast calculation method based on multi-word long multiplication instruction
JP4621162B2 (en) Finite commutative group operation method, apparatus and program thereof
JP2000206879A (en) Device and method for operating group calculations of jacobi variety of hyperelliptic curve defined on galois field with two characteristics
KR20140089230A (en) Mutiplication method and modular multiplier using redundant form recoding
CN1696894B (en) Multiplier calculating modular multiplicatin of large numbers
WO2017095652A1 (en) Method and system for efficient quantum ternary arithmetic
JP4223819B2 (en) Power residue calculation apparatus and program
Li et al. Low complexity bit-parallel $ GF (2^ m) $ multiplier for all-one polynomials
JP4850884B2 (en) Power-residue calculator
JP3540280B2 (en) Power-residue calculation method and remainder calculation method
CN106911475A (en) The implementation method and its circuit structure of a kind of Tate pairings

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant