CN115913556A - Device and method for accelerating elliptic curve scalar point multiplication calculation and storage medium - Google Patents

Device and method for accelerating elliptic curve scalar point multiplication calculation and storage medium Download PDF

Info

Publication number
CN115913556A
CN115913556A CN202211702753.8A CN202211702753A CN115913556A CN 115913556 A CN115913556 A CN 115913556A CN 202211702753 A CN202211702753 A CN 202211702753A CN 115913556 A CN115913556 A CN 115913556A
Authority
CN
China
Prior art keywords
elliptic curve
point
section
points
elliptic
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202211702753.8A
Other languages
Chinese (zh)
Other versions
CN115913556B (en
Inventor
汪福全
刘明
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenglong Singapore Pte Ltd
Original Assignee
Shenglong Singapore Pte Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenglong Singapore Pte Ltd filed Critical Shenglong Singapore Pte Ltd
Priority to CN202211702753.8A priority Critical patent/CN115913556B/en
Publication of CN115913556A publication Critical patent/CN115913556A/en
Application granted granted Critical
Publication of CN115913556B publication Critical patent/CN115913556B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Image Processing (AREA)

Abstract

Disclosed herein are an apparatus, method, and storage medium for accelerating elliptic curve scalar point multiplication calculations. The device comprises: the data memory is used for pre-storing a plurality of elliptic curve intermediate point sets; each set of elliptic curve intermediate points comprises at least one elliptic curve intermediate point which is an elliptic curve reference point P 0 Multiple points of (d); the encoder is used for carrying out binary coding on the input elliptic curve coefficients; the divider is used for dividing the elliptic curve coefficient binary code into N sections according to a preset bit width W; a scalar dot product calculator, configured to obtain an elliptic curve middle point from a corresponding elliptic curve middle point set segment by segment from a lowest bit segment of the elliptic curve coefficient binary code according to a code value of the elliptic curve coefficient binary code, and perform addition or subtraction of elliptic curve points on the obtained elliptic curve middle points to obtain a final outputAnd (4) point. The scheme can improve the calculation efficiency of the algorithm.

Description

Device and method for accelerating elliptic curve scalar point multiplication calculation and storage medium
Technical Field
The embodiment of the application relates to the technical field of cryptography, in particular to a device and a method for accelerating elliptic curve scalar point multiplication calculation and a storage medium.
Background
Elliptic Curve Cryptography (ECC) is a public key Cryptography method based on Elliptic Curve mathematics. The use of elliptic curves in cryptography was independently proposed in 1985 by NealKoblitz and Victor Miller, respectively. The elliptic curve discrete logarithm problem based on the elliptic curve cryptosystem is more difficult than the large integer factorization and discrete logarithm problem, and has obvious advantages compared with the traditional public key cryptosystem: (1) The attack resistance is higher, and the known effective attack means is less. (2) Under the same security strength, the key length required by ECC is much smaller, thus greatly reducing the required calculation amount, energy expenditure, storage space and data flow.
Scalar point multiplication calculation of elliptic curves is widely used in the fields of homomorphic encryption, polynomial commitment algorithm, privacy calculation, elliptic curve signature and the like in the current zero knowledge proof field.
In a traditional elliptic curve scalar dot product calculation method, Q = kP is calculated, k is a coefficient, P is a known reference point on an elliptic curve, and since k is usually large, the calculation amount is huge, and the method is not favorable for quick calculation.
Disclosure of Invention
The embodiment of the application provides a device for accelerating the scalar point multiplication calculation of an elliptic curve, which comprises:
the data memory is used for pre-storing a plurality of elliptic curve intermediate point sets; each set of elliptic curve intermediate points comprises at least one elliptic curve intermediate point which is an elliptic curve reference point P 0 The multiple point of (2);
the encoder is used for carrying out binary coding on the input elliptic curve coefficients to obtain the elliptic curve coefficient binary coding;
the divider is used for dividing the elliptic curve coefficient binary code into N sections according to a preset bit width W;
Figure BDA0004024448190000021
l is the length of the elliptic curve coefficient binary code; />
Figure BDA0004024448190000022
Is an rounding up symbol;
and the scalar dot multiplication calculator is used for acquiring the intermediate points of the elliptic curve from the corresponding elliptic curve intermediate point set section by section from the lowest bit section of the elliptic curve coefficient binary code according to the code value of the elliptic curve coefficient binary code of the section, and performing addition operation or subtraction operation of the elliptic curve points on the acquired elliptic curve intermediate points point by point accumulation to obtain a final output point.
The embodiment of the application provides a method for accelerating scalar point multiplication calculation of an elliptic curve, which comprises the following steps:
pre-storing a plurality of elliptic curve intermediate point sets; each set of elliptic curve intermediate points comprises at least one elliptic curve intermediate point which is an elliptic curve reference point P 0 Multiple points of (d);
carrying out binary coding on the input elliptic curve coefficients to obtain the elliptic curve coefficient binary coding; dividing the binary code of the elliptic curve coefficient into N sections according to a preset bit width W;
Figure BDA0004024448190000023
l is the length of the elliptic curve coefficient binary code; />
Figure BDA0004024448190000024
Is an rounding up symbol;
and acquiring elliptic curve intermediate points from the lowest bit section of the elliptic curve coefficient binary code section by section according to the code values of the elliptic curve coefficient binary code of the section from the corresponding elliptic curve intermediate point set, and performing addition operation or subtraction operation of the elliptic curve points on the acquired elliptic curve intermediate points point by point accumulation to obtain a final output point.
An embodiment of the present application provides a computer-readable storage medium, which stores a computer program, and when the computer program is executed by a processor, the computer program implements the steps of the method for accelerating the computation of scalar point multiplication of elliptic curves.
According to the device, the method and the storage medium for accelerating the scalar point multiplication calculation of the elliptic curve, a data storage device stores a plurality of elliptic curve intermediate point sets in advance; the encoder carries out binary coding on the input elliptic curve coefficients to obtain the elliptic curve coefficient binary coding; dividing the binary code of the elliptic curve coefficient into N sections by a divider according to a preset bit width W; and the scalar dot multiplication calculator acquires an elliptic curve middle point from a corresponding elliptic curve middle point set section by section from the lowest bit section of the elliptic curve coefficient binary code according to the code value of the elliptic curve coefficient binary code of the section, and performs addition operation or subtraction operation of elliptic curve points on the acquired elliptic curve middle points point by point accumulation to obtain a final output point. The device and the method for accelerating the scalar point multiplication calculation of the elliptic curve provided by the embodiment can improve the calculation efficiency of the algorithm by coding the elliptic curve coefficients in sections and storing the middle point of the elliptic curve in advance.
Other aspects will be apparent upon reading and understanding the attached drawings and detailed description.
Drawings
The drawings are used for providing an understanding of the present disclosure and are incorporated in and constitute a part of this specification, illustrate embodiments of the disclosure and together with the examples, do not limit the disclosure.
FIG. 1 is a schematic structural diagram of an apparatus for accelerating scalar point multiplication computation of an elliptic curve according to an embodiment of the present application;
fig. 2 is a flowchart of a method for accelerating computation of scalar point multiplication of elliptic curves according to an embodiment of the present application.
Detailed Description
The description herein describes embodiments, but is intended to be exemplary, rather than limiting and it will be apparent to those of ordinary skill in the art that many more embodiments and implementations are possible that are within the scope of the embodiments described herein. Although many possible combinations of features are shown in the drawings and discussed in the detailed description, many other combinations of the disclosed features are possible. Any feature or element of any embodiment may be used in combination with or instead of any other feature or element in any other embodiment, unless expressly limited otherwise.
The present application includes and contemplates combinations of features and elements known to those of ordinary skill in the art. The embodiments, features and elements disclosed in the present application may also be combined with any conventional features or elements to form a unique inventive concept as defined by the appended claims. Any feature or element of any embodiment may also be combined with features or elements from other inventive aspects to form yet another unique inventive aspect, as defined by the appended claims. Thus, it should be understood that any of the features shown and/or discussed in this application may be implemented alone or in any suitable combination. Accordingly, the embodiments are not to be restricted except in light of the attached claims and their equivalents. Further, various modifications and changes may be made within the scope of the appended claims.
The embodiment of the application provides a device for accelerating the scalar point multiplication calculation of an elliptic curve. As shown in fig. 1, an apparatus for accelerating scalar point product calculation of an elliptic curve comprises:
a data memory 10 for storing a plurality of sets of intermediate points of elliptic curves in advance; each set of elliptic curve intermediate points comprises at least one elliptic curve intermediate point which is an elliptic curve reference point P 0 Multiple points of (d);
the encoder 20 is configured to perform binary encoding on the input elliptic curve coefficients to obtain elliptic curve coefficient binary encoding;
a divider 30, configured to divide the elliptic curve coefficient binary code into N segments according to a preset bit width W;
Figure BDA0004024448190000041
l is the length of the elliptic curve coefficient binary code; />
Figure BDA0004024448190000042
Is an rounding up symbol;
and the scalar dot product calculator 40 is used for acquiring the intermediate points of the elliptic curve from the corresponding intermediate point set of the elliptic curve section by section from the lowest bit section of the elliptic curve coefficient binary code according to the code value of the elliptic curve coefficient binary code of the section, and performing point-by-point accumulation on the acquired intermediate points of the elliptic curve to obtain a final output point by the addition operation or the subtraction operation of the elliptic curve points.
The device for accelerating the scalar point multiplication calculation of the elliptic curve comprises a data storage, an encoder, a divider and a scalar point multiplication calculator. The data memory stores a plurality of elliptic curve middle point sets in advance; the encoder carries out binary coding on the input elliptic curve coefficients to obtain the elliptic curve coefficient binary coding; dividing the binary code of the elliptic curve coefficient into N sections by a divider according to a preset bit width W; and the scalar dot multiplication calculator acquires an elliptic curve middle point from a corresponding elliptic curve middle point set section by section from the lowest bit section of the elliptic curve coefficient binary code according to the code value of the elliptic curve coefficient binary code of the section, and performs addition operation or subtraction operation of elliptic curve points on the acquired elliptic curve middle points point by point accumulation to obtain a final output point. The device for accelerating the scalar point multiplication calculation of the elliptic curve provided by the embodiment can improve the calculation efficiency of the algorithm by coding the elliptic curve coefficients in sections and storing the intermediate points of the elliptic curve in advance.
In some exemplary embodiments, the preset bit width W is determined according to the calculation speed requirement and the storage capacity of the data memory. Dividing the binary code of the elliptic curve coefficient into N sections according to a preset bit width W, and assuming that W =8 and the length of the binary code of the input elliptic curve coefficient is 20 bits, then
Figure BDA0004024448190000051
In some exemplary embodiments, the jth elliptic curve middle point P in the ith elliptic curve middle point set ij Is an elliptic curve reference point P 0 K of (a) ij Doubling points; p is ij =k ij P 0 ;k ij =j*2 (i-1)W (ii) a i and j are natural numbers.
In some exemplary embodiments, the divider is configured to divide the elliptic curve coefficient binary code k into N segments according to a preset bit width W in the following manner:
Figure BDA0004024448190000052
wherein n is i Is the coded value of the i-th section elliptic curve coefficient binary coding; n is i ≤2 W -1, all of n i Is a non-negative integer, n N Is not zero.
In some exemplary embodiments, each set of elliptic curve midpoint comprises 2 W -1 elliptic curve middle point;
the scalar dot product calculator is used for acquiring the intermediate points of the elliptic curve from the corresponding intermediate point set of the elliptic curve section by section from the lowest bit section of the elliptic curve coefficient binary code according to the code value of the elliptic curve coefficient binary code section by section in the following mode, and performing addition operation or subtraction operation of the elliptic curve points on the acquired intermediate points of the elliptic curve point by point to obtain a final output point:
for the i-th section of elliptic curve coefficient binary coding, if the coded value n of the section of elliptic curve coefficient binary coding i If not, the nth elliptic curve intermediate point set is obtained from the ith elliptic curve intermediate point set i An intermediate point of the elliptic curve if the coded value n of the elliptic curve coefficient binary coding i If the value is 0, directly skipping the ith elliptic curve middle point set; i is more than or equal to 1 and less than or equal to N;
accumulating all the obtained intermediate points of the elliptic curve point by point to carry out addition operation of the elliptic curve points to obtain a final output point P out ;P out =∑P i ;P i Is the intermediate point of the acquired elliptic curve.
Middle of each elliptic curveThe set of points comprises 2 W 1 elliptic curve intermediate points, some elliptic curve intermediate points P are listed in Table 1 below ij Examples of (2).
TABLE 1
Figure BDA0004024448190000053
Figure BDA0004024448190000061
In some exemplary embodiments, each set of elliptic curve intermediate points comprises 2 W-1 An elliptic curve middle point;
the scalar dot multiplication calculator is used for acquiring the middle point of the elliptic curve from the corresponding elliptic curve middle point set section by section according to the encoding value of the elliptic curve coefficient binary encoding from the lowest bit section of the elliptic curve coefficient binary encoding by adopting the following mode, and performing addition operation or subtraction operation of elliptic curve points on the acquired elliptic curve middle points point by point accumulation to obtain a final output point:
for the elliptic curve coefficient binary code of the lowest-order section, acquiring an elliptic curve middle point from a corresponding elliptic curve middle point set directly or indirectly according to the code value of the elliptic curve coefficient binary code of the section, and generating a carry to an adjacent high-order section when the elliptic curve middle point is acquired from the corresponding elliptic curve middle point set indirectly; for the other i-th section of elliptic curve coefficient binary codes except the lowest-order section, when the adjacent low-order section carries to the home position section, adding 1 to the code value of the section of elliptic curve coefficient binary codes to be used as the final code value of the section of elliptic curve coefficient binary codes, when the adjacent low-order section does not carry to the home position section, using the code value of the section of elliptic curve coefficient binary codes as the final code value of the section of elliptic curve coefficient binary codes, directly or indirectly acquiring an elliptic curve middle point from the corresponding elliptic curve middle point set according to the final code value of the section of elliptic curve coefficient binary codes, and generating carry to the adjacent high-order section when indirectly acquiring the elliptic curve middle point from the corresponding elliptic curve middle point set;
if the highest section generates carry, directly acquiring a 1 st elliptic curve intermediate point from the (N + 1) th elliptic curve intermediate point set;
accumulating all the obtained intermediate points of the elliptic curve point by point to carry out addition operation or subtraction operation of the elliptic curve points to obtain a final output point P out ;P out =∑a i P i ;P i Is the middle point of the acquired elliptic curve, when P is i Is directly obtained from the corresponding elliptic curve intermediate point set i =1, when P i Is obtained indirectly from the corresponding set of intermediate points of the elliptic curve i =-1。
In some exemplary embodiments, the scalar dot product calculator is configured to obtain elliptic curve intermediate points from the corresponding elliptic curve intermediate point sets directly or indirectly according to the binary-coded code values of the elliptic curve coefficients in the following manner:
if the coded value n of the elliptic curve coefficient binary coding 1 If the value is 0, directly skipping the middle point set of the 1 st elliptic curve; if the coded value n of the elliptic curve coefficient binary coding 1 Satisfies 0<n 1 ≤2 W-1 Then get the n-th elliptic curve from the 1 st elliptic curve middle point set 1 An elliptic curve middle point; if the coded value n of the elliptic curve coefficient binary coding 1 Satisfies 2 W-1 <n 1 ≤2 W 1, then obtaining 2 nd elliptic curve intermediate point set from 1 st elliptic curve intermediate point set W -n 1 The middle point of the elliptic curve.
In some exemplary embodiments, the scalar dot product calculator is configured to binary code the final coded value n 'according to the segment of elliptic curve coefficients in the following manner' i Obtaining elliptic curve intermediate points directly or indirectly from a corresponding set of elliptic curve intermediate points:
if final coded value n' i N 'is satisfied' i =0,Directly skipping the ith elliptic curve intermediate point set; if final coded value i' i Satisfies 0<n′ i ≤2 W-1 Acquiring n 'th from the ith elliptic curve middle point set' i An elliptic curve middle point; if final coded value n' i Satisfies 2 W-1 <n′ i ≤2 W 1, obtaining the 2 nd elliptic curve from the ith elliptic curve middle point set W -n′ i An elliptic curve middle point; i is more than or equal to 1 and less than or equal to N.
Each set of elliptic curve intermediate points comprises 2 W-1 The middle points of the elliptic curves, some of which are shown in Table 2 below ij Examples of (2).
TABLE 2
j=1 j=2 j=3 j=4 …… j=2 W-1
i=1 P 0 2P 0 3P 0 4P 0 …… 2 W-1 P 0
i=2 2 W P 0 2*2 W P 0 3*2 W P 0 4*2 W P 0 …… (2 W-1 )*2 W P 0
i=3 2 2W P 0 2*2 2W P 0 3*2 2W P 0 4*2 2W P 0 …… (2 W-1 )*2 2W P 0
i=4 2 3W P 0 2*2 3W P 0 3*2 3W P 0 4*2 3W P 0 …… (2 W-1 )*2 3W P 0
Each set of elliptic curve intermediate points comprises 2 W-1 An elliptic curve middle point comprising 2 relative to each elliptic curve middle point set W And the data storage capacity is reduced by half by 1 elliptic curve middle point, so that the expense of storage resources can be greatly reduced. For example, when W =8, each set of elliptic curve intermediate points includes 2 7 (128) An elliptic curve middle point comprising 2 relative to each elliptic curve middle point set 8 And 1 (255) elliptic curve intermediate points, the data storage capacity is reduced by half, and the overhead of storage resources can be greatly reduced.
The embodiment of the application provides a method for accelerating the scalar point multiplication calculation of an elliptic curve. As shown in fig. 2, a method for accelerating scalar dot product calculation of an elliptic curve includes:
step S10, pre-storing a plurality of elliptic curve intermediate point sets; each set of elliptic curve intermediate points comprises at least one elliptic curve intermediate point which is an elliptic curve reference point P 0 Multiple points of (d);
step S20, carrying out binary coding on the input elliptic curve coefficients to obtain the elliptic curve coefficient binary coding; dividing the binary code of the elliptic curve coefficient into N sections according to a preset bit width W;
Figure BDA0004024448190000081
l is the length of the elliptic curve coefficient binary code; />
Figure BDA0004024448190000082
Is an rounding up symbol;
and step S30, acquiring elliptic curve intermediate points from the corresponding elliptic curve intermediate point set section by section according to the encoding values of the elliptic curve coefficient binary codes of the section from the lowest bit section of the elliptic curve coefficient binary codes, and performing addition operation or subtraction operation of the elliptic curve points on the acquired elliptic curve intermediate points point by point accumulation to obtain final output points.
The method for accelerating the scalar point multiplication calculation of the elliptic curve provided by the embodiment of the application stores a plurality of elliptic curve intermediate point sets in advance; carrying out binary coding on the input elliptic curve coefficients to obtain the elliptic curve coefficient binary coding; dividing the binary code of the elliptic curve coefficient into N sections according to a preset bit width W; and acquiring elliptic curve intermediate points from the lowest bit section of the elliptic curve coefficient binary code section by section according to the code values of the elliptic curve coefficient binary code of the section from the corresponding elliptic curve intermediate point set, and performing addition operation or subtraction operation of the elliptic curve points on the acquired elliptic curve intermediate points point by point accumulation to obtain a final output point. The method for accelerating the scalar point multiplication calculation of the elliptic curve provided by the embodiment can improve the calculation efficiency of the algorithm by carrying out sectional coding on the elliptic curve coefficients and storing the intermediate points of the elliptic curve in advance.
In some exemplary embodiments, the jth elliptic curve middle point P in the ith elliptic curve middle point set ij Is an elliptic curve reference point P 0 K of (a) ij Doubling points; p ij =k ij P 0 ;k ij =j*2 (i-1)W (ii) a i and j are natural numbers.
In some exemplary embodiments, dividing the elliptic curve coefficient binary code k into N segments according to a preset bit width W includes segmenting in the following manner:
Figure BDA0004024448190000083
wherein n is i Is the coded value of the i-th section elliptic curve coefficient binary coding; n is i ≤2 W -1, all of n i Is a non-negative integer, n N Is not zero.
In some exemplary embodiments, each set of elliptic curve intermediate points comprises 2 W -1 elliptic curve middle point;
acquiring elliptic curve intermediate points from a corresponding elliptic curve intermediate point set section by section from the lowest bit section of the elliptic curve coefficient binary code according to the code value of the elliptic curve coefficient binary code of the section, and performing addition operation or subtraction operation of the elliptic curve points on the acquired elliptic curve intermediate points point by point accumulation to obtain a final output point, wherein the method comprises the following steps:
for the i-th section of elliptic curve coefficient binary coding, if the coded value n of the section of elliptic curve coefficient binary coding i If not, the nth elliptic curve intermediate point set is obtained from the ith elliptic curve intermediate point set i The middle point of the elliptic curve if the coded value n of the coefficient binary coding of the elliptic curve i If the value is 0, directly skipping the ith elliptic curve middle point set; i is more than or equal to 1 and less than or equal to N;
accumulating all the obtained intermediate points of the elliptic curve point by point to carry out addition operation of the elliptic curve points to obtain a final output point P out ;P out =∑P i ;P i Is the intermediate point of the acquired elliptic curve.
In some exemplary embodiments, each set of elliptic curve intermediate points comprises 2 W-1 An elliptic curve middle point;
acquiring elliptic curve intermediate points section by section from the lowest bit section of the elliptic curve coefficient binary code according to the code value of the elliptic curve coefficient binary code of the section from a corresponding elliptic curve intermediate point set, and accumulating the acquired elliptic curve intermediate points point by point to perform addition operation or subtraction operation of elliptic curve points to obtain a final output point, wherein the method comprises the following steps:
for the elliptic curve coefficient binary code of the lowest-order section, acquiring an elliptic curve middle point from a corresponding elliptic curve middle point set directly or indirectly according to the code value of the elliptic curve coefficient binary code of the section, and generating a carry to an adjacent high-order section when the elliptic curve middle point is acquired from the corresponding elliptic curve middle point set indirectly; for the other i-th section of elliptic curve coefficient binary codes except the lowest-order section, when the adjacent low-order section carries the carry to the home-order section, the coded value of the elliptic curve coefficient binary code of the section is added with 1 to be used as the final coded value of the elliptic curve coefficient binary code of the section, when the adjacent low-order section does not carry to the home-order section, the coded value of the elliptic curve coefficient binary code of the section is used as the final coded value of the elliptic curve coefficient binary code of the section, the intermediate point of the elliptic curve is directly or indirectly obtained from the corresponding intermediate point set of the elliptic curve according to the final coded value of the elliptic curve coefficient binary code of the section, and the carry is also generated to the adjacent high-order section when the intermediate point of the elliptic curve is indirectly obtained from the corresponding intermediate point set of the elliptic curve;
if the highest section generates carry, directly acquiring a 1 st elliptic curve intermediate point from the (N + 1) th elliptic curve intermediate point set;
accumulating all the obtained intermediate points of the elliptic curve point by point to carry out addition operation or subtraction operation of the elliptic curve points to obtain a final output point P out ;P out =∑a i P i ;P i Is the middle point of the acquired elliptic curve, when P is i When a is directly obtained from the corresponding elliptic curve middle point set i =1, when P i Is obtained indirectly from the corresponding set of intermediate points of the elliptic curve i =-1。
In some exemplary embodiments, obtaining elliptic curve intermediate points from the corresponding elliptic curve intermediate point sets directly or indirectly from the coded values binary-coded for the elliptic curve coefficient of the segment comprises:
if the coded value n of the elliptic curve coefficient binary coding 1 If the value is 0, directly skipping the middle point set of the 1 st elliptic curve; if the coded value n of the elliptic curve coefficient binary coding 1 Satisfies 0<n 1 ≤2 W-1 Then, the nth elliptic curve intermediate point set is obtained from the 1 st elliptic curve intermediate point set 1 An elliptic curve middle point; if the coded value n of the elliptic curve coefficient binary coding 1 Satisfies 2 W-1 <n 1 ≤2 W 1, then obtaining 2 nd elliptic curve intermediate point set from 1 st elliptic curve intermediate point set W -n 1 The middle point of the elliptic curve.
In some exemplary embodiments, the final coded value n is binary coded according to the elliptic curve coefficient of the segment i ' obtaining elliptic curve intermediate points directly or indirectly from a corresponding set of elliptic curve intermediate points, comprising:
if the final encoded value n is i ' full ofFoot n i ' =0, then directly skipping the ith elliptic curve middle point set; if the final encoded value n is i i satisfies 0<n i ′≤2 W-1 Then, the nth elliptic curve is obtained from the ith elliptic curve middle point set i ' intermediate points of the elliptic curve; if the final encoded value n is ' satisfy 2 W-1 <n i ′≤2 W 1, obtaining the 2 nd elliptic curve from the ith elliptic curve middle point set W -n i ' intermediate points of the elliptic curve; i is more than or equal to 1 and less than or equal to N.
Each set of elliptic curve intermediate points comprises 2 W-1 An elliptic curve middle point comprising 2 relative to each elliptic curve middle point set W And the data storage capacity is reduced by half by 1 elliptic curve middle point, so that the expense of storage resources can be greatly reduced.
Embodiments of the present application provide a computer-readable storage medium storing a computer program, which when executed by a processor implements the above-mentioned steps of the method for accelerating the scalar point multiplication computation of an elliptic curve.
It will be appreciated by a person skilled in the art that the functional modules/units in the apparatus disclosed above may be implemented as software, firmware, hardware and suitable combinations thereof. In a hardware implementation, the division between functional modules/units mentioned in the above description does not necessarily correspond to the division of physical components; for example, one physical component may have multiple functions, or one function or step may be performed by several physical components in cooperation. Some or all of the components may be implemented as software executed by a processor, such as a digital signal processor or microprocessor, or as hardware, or as an integrated circuit, such as an application specific integrated circuit. Such software may be distributed on computer readable media, which may include computer storage media (or non-transitory media) and communication media (or transitory media). The term computer storage media includes volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information such as computer readable instructions, data structures, program modules or other data, as is well known to those of ordinary skill in the art. Computer storage media includes, but is not limited to, RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, digital Versatile Disks (DVD) or other optical disk storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to store the desired information and which can accessed by a computer. In addition, communication media typically embodies computer readable instructions, data structures, program modules or other data in a modulated data signal such as a carrier wave or other transport mechanism and includes any information delivery media as known to those skilled in the art.

Claims (10)

1. An apparatus for accelerating elliptic curve scalar point multiplication calculations, comprising:
the data memory is used for pre-storing a plurality of elliptic curve intermediate point sets; each set of elliptic curve intermediate points comprises at least one elliptic curve intermediate point which is an elliptic curve reference point P 0 The multiple point of (2);
the encoder is used for carrying out binary coding on the input elliptic curve coefficients to obtain the binary coding of the elliptic curve coefficients;
the divider is used for dividing the elliptic curve coefficient binary code into N sections according to a preset bit width W;
Figure FDA0004024448180000011
l is the length of the elliptic curve coefficient binary code; />
Figure FDA0004024448180000012
Is an rounding up symbol;
and the scalar dot multiplication calculator is used for acquiring the middle point of the elliptic curve from the corresponding elliptic curve middle point set section by section from the lowest bit section of the elliptic curve coefficient binary code according to the coding value of the elliptic curve coefficient binary code of the section, and performing addition operation or subtraction operation of elliptic curve points on the acquired elliptic curve middle points point by point accumulation to obtain a final output point.
2. The apparatus of claim 1, wherein:
j-th elliptic curve middle point P in i-th elliptic curve middle point set ij Is an elliptic curve reference point P 0 K of (a) ij Doubling points; p ij =k ij P 0 ;k ij =j*2 (i-1)W (ii) a i and j are natural numbers.
3. The apparatus of claim 2, wherein:
the divider is used for dividing the elliptic curve coefficient binary code k into N sections according to a preset bit width W in the following way:
Figure FDA0004024448180000013
wherein n is i Is the coded value of the i-th section elliptic curve coefficient binary coding; n is i ≤2 W -1, all of n i Is a non-negative integer, n N Is not zero.
4. The apparatus of claim 3, wherein:
each set of elliptic curve intermediate points comprises 2 W -1 elliptic curve middle point;
the scalar dot product calculator is used for acquiring the intermediate points of the elliptic curve from the corresponding intermediate point set of the elliptic curve section by section from the lowest bit section of the elliptic curve coefficient binary code according to the code value of the elliptic curve coefficient binary code section by section in the following mode, and performing addition operation or subtraction operation of the elliptic curve points on the acquired intermediate points of the elliptic curve point by point to obtain a final output point:
for the i-th section of elliptic curve coefficient binary coding, if the coded value n of the section of elliptic curve coefficient binary coding i If not, the nth elliptic curve intermediate point set is obtained from the ith elliptic curve intermediate point set i Middle of an elliptic curvePoint if the coded value n of the binary coding of the elliptic curve coefficient segment i If the value is 0, directly skipping the ith elliptic curve middle point set; i is more than or equal to 1 and less than or equal to N;
accumulating all the obtained intermediate points of the elliptic curve point by point to carry out addition operation of the elliptic curve points to obtain a final output point P out ;P out =∑P i ;P i Is the intermediate point of the acquired elliptic curve.
5. The apparatus of claim 3, wherein:
each set of elliptic curve intermediate points comprises 2 W-1 An ellipse curve middle point;
the scalar dot multiplication calculator is used for acquiring the middle point of the elliptic curve from the corresponding elliptic curve middle point set section by section according to the encoding value of the elliptic curve coefficient binary encoding from the lowest bit section of the elliptic curve coefficient binary encoding by adopting the following mode, and performing addition operation or subtraction operation of elliptic curve points on the acquired elliptic curve middle points point by point accumulation to obtain a final output point:
for the elliptic curve coefficient binary coding of the lowest-order section, acquiring an elliptic curve intermediate point from a corresponding elliptic curve intermediate point set directly or indirectly according to the coded value of the elliptic curve coefficient binary coding of the section, and generating carry to an adjacent high-order section when acquiring the elliptic curve intermediate point from the corresponding elliptic curve intermediate point set indirectly; for the other i-th section of elliptic curve coefficient binary codes except the lowest-order section, when the adjacent low-order section carries the carry to the home-order section, the coded value of the elliptic curve coefficient binary code of the section is added with 1 to be used as the final coded value of the elliptic curve coefficient binary code of the section, when the adjacent low-order section does not carry to the home-order section, the coded value of the elliptic curve coefficient binary code of the section is used as the final coded value of the elliptic curve coefficient binary code of the section, the intermediate point of the elliptic curve is directly or indirectly obtained from the corresponding intermediate point set of the elliptic curve according to the final coded value of the elliptic curve coefficient binary code of the section, and the carry is also generated to the adjacent high-order section when the intermediate point of the elliptic curve is indirectly obtained from the corresponding intermediate point set of the elliptic curve; if the highest section generates carry, directly acquiring a 1 st elliptic curve intermediate point from the (N + 1) th elliptic curve intermediate point set;
accumulating all the obtained intermediate points of the elliptic curve point by point to carry out addition operation or subtraction operation of the elliptic curve points to obtain a final output point P out ;P out =∑a i P i ;P i Is the middle point of the acquired elliptic curve, when P is i When a is directly obtained from the corresponding elliptic curve middle point set i =1, when P i Is obtained indirectly from the corresponding set of intermediate points of the elliptic curve i =-1。
6. The apparatus of claim 5, wherein:
the scalar dot product calculator is used for directly or indirectly acquiring elliptic curve intermediate points from the corresponding elliptic curve intermediate point set according to the coded values of the binary coding of the elliptic curve coefficient of the section in the following modes:
if the coded value n of the elliptic curve coefficient binary coding 1 If the value is 0, directly skipping the 1 st elliptic curve middle point set; if the coded value n of the elliptic curve coefficient binary coding 1 Satisfies 0<n 1 ≤2 W-1 Then, the nth elliptic curve intermediate point set is obtained from the 1 st elliptic curve intermediate point set 1 An elliptic curve middle point; if the coded value n of the elliptic curve coefficient binary coding 1 Satisfies 2 W-1 <n 1 ≤2 W 1, then obtaining 2 nd elliptic curve intermediate point set from 1 st elliptic curve intermediate point set W -n 1 The middle point of the elliptic curve.
7. The apparatus of claim 5, wherein:
the scalar dot product calculator is used for binary coding the final coded value n 'according to the elliptic curve coefficient of the segment in the following way' i Obtaining elliptic curves directly or indirectly from corresponding sets of intermediate points of elliptic curvesIntermediate points:
if final coded value n' i N 'is satisfied' i If =0, directly skipping the ith elliptic curve middle point set; if final coded value n' i Satisfies 0<n′ i ≤2 W-1 Acquiring n 'th from the ith elliptic curve middle point set' i An elliptic curve middle point; if final coded value n' i Satisfies 2 W-1 <n′ i ≤2 W 1, then obtaining 2 nd elliptic curve intermediate point set from ith elliptic curve intermediate point set W -n′ i An ellipse curve middle point; i is more than or equal to 1 and less than or equal to N.
8. A method of accelerating elliptic curve scalar point multiplication computations, comprising:
pre-storing a plurality of elliptic curve intermediate point sets; each set of elliptic curve intermediate points comprises at least one elliptic curve intermediate point which is an elliptic curve reference point P 0 Multiple points of (d);
carrying out binary coding on the input elliptic curve coefficients to obtain the elliptic curve coefficient binary coding; dividing the binary code of the elliptic curve coefficient into N sections according to a preset bit width W;
Figure FDA0004024448180000031
l is the length of the elliptic curve coefficient binary code; />
Figure FDA0004024448180000032
Is an rounding up symbol;
and acquiring elliptic curve intermediate points from the lowest bit section of the elliptic curve coefficient binary code section by section according to the code values of the elliptic curve coefficient binary code of the section from the corresponding elliptic curve intermediate point set, and performing addition operation or subtraction operation of the elliptic curve points on the acquired elliptic curve intermediate points point by point accumulation to obtain a final output point.
9. The method of claim 8, wherein:
the jth elliptic curve middle point P in the ith elliptic curve middle point set ij Is an elliptic curve reference point P 0 K of (a) ij Multiplying points; p ij =k ij P 0 ;k ij =j*2 (i-1)W (ii) a i and j are natural numbers.
10. A computer-readable storage medium storing a computer program which, when executed by a processor, implements the steps of the method of accelerating an elliptic curve scalar point multiplication computation of claim 8 or 9 above.
CN202211702753.8A 2022-12-28 2022-12-28 Device, method and storage medium for accelerating elliptic curve scalar point multiplication calculation Active CN115913556B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211702753.8A CN115913556B (en) 2022-12-28 2022-12-28 Device, method and storage medium for accelerating elliptic curve scalar point multiplication calculation

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211702753.8A CN115913556B (en) 2022-12-28 2022-12-28 Device, method and storage medium for accelerating elliptic curve scalar point multiplication calculation

Publications (2)

Publication Number Publication Date
CN115913556A true CN115913556A (en) 2023-04-04
CN115913556B CN115913556B (en) 2024-01-26

Family

ID=86492428

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211702753.8A Active CN115913556B (en) 2022-12-28 2022-12-28 Device, method and storage medium for accelerating elliptic curve scalar point multiplication calculation

Country Status (1)

Country Link
CN (1) CN115913556B (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103942031A (en) * 2014-04-28 2014-07-23 山东华芯半导体有限公司 Elliptic domain curve operational method and elliptic domain curve arithmetic unit
CN104298646A (en) * 2014-09-29 2015-01-21 北京宏思电子技术有限责任公司 Method and device for obtaining point multiplication operation result of elliptic curve cryptograph

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103942031A (en) * 2014-04-28 2014-07-23 山东华芯半导体有限公司 Elliptic domain curve operational method and elliptic domain curve arithmetic unit
CN104298646A (en) * 2014-09-29 2015-01-21 北京宏思电子技术有限责任公司 Method and device for obtaining point multiplication operation result of elliptic curve cryptograph

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
周晚 等: "Montgomery形式椭圆曲线的标量乘法运算", 硅谷 *

Also Published As

Publication number Publication date
CN115913556B (en) 2024-01-26

Similar Documents

Publication Publication Date Title
EP1995974B1 (en) Method for realizing arithmetic coding
JP4155539B2 (en) Information transmission method and apparatus, and storage medium
Enge Computing discrete logarithms in high-genus hyperelliptic Jacobians in provably subexponential time
CN101981618B (en) Reduced-complexity vector indexing and de-indexing
US9887805B2 (en) Device, system and method for efficient coset decoder by transform
KR101749096B1 (en) Method and apparatus for ldpc code decoding
Lai et al. Communicating with chaos using two-dimensional symbolic dynamics
Interlando et al. Generalization of the ball-collision algorithm
Pavlov On intrinsic ergodicity and weakenings of the specification property
Bostan et al. A fast algorithm for computing the characteristic polynomial of the p-curvature
CN107070463B (en) Efficient construction method of polarization code
US8856200B2 (en) Exponentiation calculation apparatus and exponentiation calculation method
CN115913556B (en) Device, method and storage medium for accelerating elliptic curve scalar point multiplication calculation
CN101266796A (en) A quantified coding method and device
US20220083870A1 (en) Training in Communication Systems
Lamriji et al. Towards fast ECC signing algorithms for Blockchain
KR101698875B1 (en) Apparatus and method for decoding of ldpc code
CN110808739A (en) Binary coding method and device with unknown source symbol probability distribution
CN115862653A (en) Audio denoising method and device, computer equipment and storage medium
KR100852220B1 (en) Method for finding minimal signed digit with variable multi-bit coding based on booth&#39;s algorithm
CN110351097B (en) Digital signature method based on lattice
KR100723863B1 (en) Methhod for protecting DPA using randomized Frobenius decompositions and apparatus thereof
CN113114276B (en) Network coding and decoding method and device based on cyclic shift and related components
Noma et al. Iterative sliding window method for shorter number of operations in modular exponentiation and scalar multiplication
CN107026652B (en) Partition-based positive integer sequence compression method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant