CN209560522U - Obtain the hardware device of the intermediate result group in encryption and decryption operation - Google Patents

Obtain the hardware device of the intermediate result group in encryption and decryption operation Download PDF

Info

Publication number
CN209560522U
CN209560522U CN201920409784.1U CN201920409784U CN209560522U CN 209560522 U CN209560522 U CN 209560522U CN 201920409784 U CN201920409784 U CN 201920409784U CN 209560522 U CN209560522 U CN 209560522U
Authority
CN
China
Prior art keywords
data
intermediate result
output
register
multiplier
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201920409784.1U
Other languages
Chinese (zh)
Inventor
杨帆
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guizhou Huaxin Semiconductor Technology Co.,Ltd.
Original Assignee
Guizhou Huaxintong Semiconductor Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guizhou Huaxintong Semiconductor Technology Co Ltd filed Critical Guizhou Huaxintong Semiconductor Technology Co Ltd
Priority to CN201920409784.1U priority Critical patent/CN209560522U/en
Application granted granted Critical
Publication of CN209560522U publication Critical patent/CN209560522U/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Abstract

The present disclosure discloses a kind of hardware devices of the intermediate result group in acquisition encryption and decryption operation.The hardware device includes: dual port random access memory, displacement input part and adder and multiplier.Displacement input part is arranged between adder and multiplier and dual port random access memory and improves the collective frequency of the hardware device so as to shorten the length of the critical path of the hardware device for the hardware device.

Description

Obtain the hardware device of the intermediate result group in encryption and decryption operation
Technical field
This disclosure relates to a kind of hardware device for obtaining the intermediate result group in encryption and decryption operation.
Background technique
In present electronic communication and e-commerce, it usually needs added using encryption and decryption technology to cleartext information It is close, cleartext information is changed into the ciphertext content for being difficult to read.And know that the special object of key then can be via decrypting process Ciphertext is reduced to clear content.In encryption and decryption field, RSA (Rivest- Shamir-Adleman) Encryption Algorithm and ECC (Elliptic curve cryptography, elliptic curve cryptography) algorithm has been widely used.In general, RSA cryptographic algorithms It is required to optimize the time of encryption and decryption operation using Montgomery (Montgomery) power-modular operation with ECC algorithm.Meanwhile by Hardware device can be used usually to realize in the calculation step of Montgomery power-modular operation, to advanced optimize encryption and decryption fortune The time of calculation.
Utility model content
In view of the foregoing, present disclose provides a kind of method of the intermediate result group in acquisition encryption and decryption operation and firmly Part device.
It is provided according at least one embodiment of the disclosure a kind of for obtaining the intermediate result group in encryption and decryption operation Hardware device comprising: dual port random access memory, be configured as storage it is associated with the encryption and decryption operation one or more A data;Shift input part, connect with the dual port random access memory, the displacement input part be configured as from twoport with The first data and the second data are selected in the one or more data stored in machine access memory, to the first data and second Data carry out shift operation respectively to obtain and store the first input data and the second input data;And adder and multiplier, with the shifting Position input part connection, the adder and multiplier be configured as to both the first input data and the second input data carry out multiplying and Add operation, to obtain and store the first intermediate result and the second intermediate result as the intermediate result group.
Detailed description of the invention
It, below will be to needed in the embodiment attached in order to illustrate more clearly of the technical solution of the embodiment of the present disclosure Figure is briefly described, it should be understood that the following drawings illustrates only some embodiments of the disclosure, therefore is not construed as pair The restriction of range for those of ordinary skill in the art without creative efforts, can also be according to this A little attached drawings obtain other relevant attached drawings.
Fig. 1 is the structural block diagram for showing a kind of hardware device for obtaining the intermediate result group in encryption and decryption operation.
Fig. 2A is the intermediate result group in the acquisition encryption and decryption operation shown according to one or more other embodiments of the present disclosure Hardware device schematic diagram.
Fig. 2 B is the intermediate result group in the acquisition encryption and decryption operation shown according to one or more other embodiments of the present disclosure Hardware device block diagram.
Fig. 3 A is the intermediate result group in the acquisition encryption and decryption operation shown according to one or more other embodiments of the present disclosure Hardware device displacement input part schematic diagram.
Fig. 3 B is the intermediate result group in the acquisition encryption and decryption operation shown according to one or more other embodiments of the present disclosure Hardware device displacement input part block diagram.
Fig. 4 A is the intermediate result group in the acquisition encryption and decryption operation shown according to one or more other embodiments of the present disclosure Hardware device adder and multiplier schematic diagram.
Fig. 4 B is the intermediate result group in the acquisition encryption and decryption operation shown according to one or more other embodiments of the present disclosure Hardware device adder and multiplier block diagram.
Fig. 5 A is the intermediate result group in the acquisition encryption and decryption operation shown according to one or more other embodiments of the present disclosure Hardware device high-order output adding unit schematic diagram.
Fig. 5 B is the intermediate result group in the acquisition encryption and decryption operation shown according to one or more other embodiments of the present disclosure Hardware device high-order output adding unit block diagram.
Fig. 6 A is the intermediate result group in the acquisition encryption and decryption operation shown according to one or more other embodiments of the present disclosure Hardware device low level output adding unit schematic diagram.
Fig. 6 B is the intermediate result group in the acquisition encryption and decryption operation shown according to one or more other embodiments of the present disclosure Hardware device high-order output adding unit block diagram.
Fig. 7 is the intermediate result group in the acquisition encryption and decryption operation shown according to one or more other embodiments of the present disclosure The another schematic diagram of hardware device.
Specific embodiment
In order to enable the purposes, technical schemes and advantages of the disclosure become apparent, basis is described in detail below with reference to figure The example embodiment of the disclosure.Obviously, described embodiment is only a part of this disclosure embodiment, rather than the disclosure Whole embodiments, it should be appreciated that the disclosure is not limited by example embodiment described herein.Based on sheet described in the disclosure Open embodiment, obtained all other embodiment is all in the case where not making the creative labor by those skilled in the art It should fall within the protection scope of the disclosure.It should be noted that in this specification and figure, have substantially the same step and Element is remembered with identical icon to indicate, and will be omitted to the repeated description of these steps and element.
I. Montgomery power-modular operation involved in encryption and decryption calculating
Accoding to exemplary embodiment, in typical RSA enciphering and deciphering algorithm, there is the e powers to integer X one big The net calculation step of mould is carried out, namely is to solve for XeThe value of %M, this operation are also referred to as Montgomery Algorithm.Montgomery Algorithm is usual It is more complicated, therefore, it is necessary to further be converted Montgomery Algorithm, in order to which hardware is calculated.Under normal conditions, it is The method for being converted to modular multiplication, and take montgomery modulo multiplication Montgomery Algorithm is further reduced the net number of mould to modular multiplication Operation optimizes.
Similarly, accoding to exemplary embodiment, in typical ECC enciphering and deciphering algorithm, there is also " point adds " and " points Multiply " such progress complex calculation to one big integer the step of.Specifically, point add operation includes to meeting elliptic curve equation y2=x3First point of (x of+ax+b1, y1) and second point (x2, y2) carry out point add operation and to obtain meet the elliptic curve equation Coordinate (x thirdly3, y3), the point add operation formula used are as follows: x3=((y2-y1)/(x2-x1))2-x1-x2And y3= ((y2-y1)/(x2-x1)) (x1-x3)-y3.Point Double Operation then includes to first point of (x1, y1) and second point (x2, y2) carry out a little again Operation is to obtain coordinate (x thirdly3, y3), the Point Double Operation formula used are as follows: x3=((3x1 2+a) /(2y1))2-2x1 And y3=((3x1 2+a)/(x1-x3))-y1.In above-mentioned formula, add operation is to add operation by the mould of mould of N, and subtraction is Subtract operation by the mould of mould of N, multiplying is the modular multiplication using N as mould, and division arithmetic is the modular inversion using N as mould, a The constant of N is less than with b.Referring to datum x progress modular inversion asks another several y to may make (x*y) %N=1, at this point, can Using x be y using N be referred to as mould mould it is inverse, y is x inverse as the mould of mould using N.
It is very time-consuming due to carrying out modular inversion, and according to the standard of ECC encryption and decryption, it will usually carry out thousands of a points add or Point Double Operation, it is therefore desirable to reduce the number for carrying out modular inversion.In order to simplify point addition and point-fold operation in ECC encryption and decryption operation In computational complexity, it will usually by the coordinate of above-mentioned each point be converted to amendment Jacobi (Modified Jacobian) sit Mark, and point add operation and Point Double Operation are converted into the point add operation and Point Double Operation under amendment Jacobi coordinate system.After conversion Point add operation and Point Double Operation in, only by calculated final result from amendment Jacobi coordinate be converted to common coordinate When just need to carry out modular inversion, to greatly reduced the computational complexity in ECC encryption and decryption operation.
It follows that whether RSA enciphering and deciphering algorithm or ECC enciphering and deciphering algorithm, all refer to carry out two big integer Modular multiplication and/or mould add operation.One hardware device that can calculate res=h*a*b+g*c then can satisfy RSA encryption and decryption The most modular multiplication and/or mould that can be can relate in algorithm, ECC enciphering and deciphering algorithm and other enciphering and deciphering algorithms add fortune The demand of calculation, wherein a, b, c are less than the integer of N, and the value range of h includes but is not limited to { 1, -1, -2,3,2 }, and g's takes Being worth range includes but is not limited to { -8, -1,1,12,8 }.
Further, since mould adds, mould subtracts, modular multiplication, mould are inverse and the operation of mould power all refers to the net operation of mould, and the net operation of mould is then A large amount of calculation resources can be consumed.Therefore propose it is a kind of using Montgomery algorithm to reduce a series of moulds add, mould subtracts, mould Multiply, mould is inverse and Montgomery Algorithm in the net operation of mould number, so as to which calculating can be further simplified using Montgomery algorithm Difficulty.
Optionally, formula res=h*a*b+g*c relates generally to modular multiplication and the calculating of Mo Jia, now in Montgomery algorithm Modular multiplication calculating for, illustrate the calculation step and execute this that a hardware device that can calculate the formula may relate to The hardware component of a little calculation steps.
For the design for more easily describing the disclosure, by various enciphering and deciphering algorithms it is each be related to mould adds, mould subtracts, modular multiplication, Operation result acquired in each step is known as intermediate result in the inverse operation with mould power of mould.In in enciphering and deciphering algorithm Between result may have multiple, therefore, the collection of intermediate result is collectively referred to as intermediate result group.
Res=h*a*b+g*c is calculated, at least needs first to calculate the result of a and b phase modular multiplication.Assuming that Meng Gema need to be utilized Sharp modular multiplication calculates p=a*b%N, wherein similar a and b is less than the integer of N, and N is modulus.Encryption and decryption calculating in, a, b and N is biggish integer, to improve the safety of enciphering and deciphering algorithm in practical application.Calculate the specific steps packet of p=a*b%N It includes but is not limited to:
Step 1: aM=a*R%N and bM=b*R%N is calculated.Wherein, R=2n, n is so that 2nThe smallest positive integral of > N.
Step 2: pM=(aM*bM+k*N) * R is calculated-1.Wherein, k is so that low n of (aM*bM+k*N) are 0 Smallest positive integral.Under normal conditions, k can be obtained by taking low n after MC*aM*bM again, and MC is so that low n of MC*N are all 1 Integer.
Step 3: pM=pM%N is calculated.
Step 4: if pM be not a series of the last one in modular multiplications as a result, if be back to step 3.If pM It is a series of the last one in modular multiplications as a result, then calculating p=(pM*1+k*N) * R-1%N.
Optionally, in step 1, aM and bM are respectively that a and b is transferred to corresponding number behind the domain of Montgomery.Each is less than N Integer can mutually be calculated with corresponding number in the domain of a Montgomery.In encryption and decryption operation, such as RSA and ECC operation In, the number that most of operations can be used in the domain of Montgomery is calculated, and is then again inversely transformed into operation result commonly Number in domain.
Optionally, in step 3, if aM, bM, k and N are the number of n '-bit wide, it can calculate that the bit wide of aM*bM is The bit wide of 2n, k*N are 2n, and thus the bit wide of (aM*bM+k*N) is 2n+1, and the bit wide of pM is n+1.In actual operation, pM It may not be a series of final result in modular multiplications, and modular multiplication next time may be participated in as intermediate result In, for example, replacement aM or bM.In actual hardware circuit, the size of digital circuit modular multiplier be it is fixed, cannot receive The more bits of multiplier, it is therefore desirable to a net operation of mould, that is, the pM=pM%N in step 3 be carried out to pM, to ensure The bit wide of pM is within n.
Optionally, in step 4, if pM is a series of the last one in modular multiplications, need by pM from cover brother Horse benefit is transformed into common domain in domain, to obtain final operation result p.According to above-mentioned formula, it is known that pM is corresponding with p to close System is pM=p*R%N.Therefore, it can derive, p=(pM*1+k*N) * R-1%N (that is to say, input is the illiteracy brother of pM and 1 The operation result of horse benefit modular multiplication).
In addition, being usually only necessary in first modular multiplication in a series of Montgomery modular multiplications or introducing other Parameter carries out needing to carry out step 1 when modular multiplication, and only needs to carry out step 4 in the last one modular multiplication.
Similarly, the operation that other data that res=h*a*b+g*c is related to can also be calculated using this method, for example, g* C and h* (a*b) etc..
II. common for obtaining the hardware device of the intermediate result group in encryption and decryption operation
Referring now to figure 1, a kind of common hardware device for obtaining the intermediate result group in encryption and decryption operation, Yi Jili are described The method that the main operational in above-mentioned encryption and decryption operation is executed with the hardware device, such as the illiteracy brother in RSA and ECC operation Horse benefit modular multiplication.
Fig. 1 is the structural block diagram for showing a kind of hardware device 100 for obtaining the intermediate result group in encryption and decryption operation.
With reference to Fig. 1, the hardware device 100 shown in FIG. 1 for obtaining the intermediate result group in encryption and decryption operation may include double Mouth random access memory 101, register A 102, register B 103, Port Multiplier 104, the displacement selection of multiplier 105, first Component 106, second shifts alternative pack 107, third displacement alternative pack 108, third and shifts alternative pack 108, the first addition 109, the second addition 110, register D 111 and register C 112.
Wherein, register A 102, register B 103, register C 112, register D 111 input bit wide be all w ratio Spy, the bit wide of two input terminals of multiplier 105 are w bits, and the bit wide of output end is 2w bit.
If the bit wide of data aM, bM, MC are the w ' less than w bit, the bit wide of aM*bM will be 2w '.Therefore multiplier The preceding position the 2w-2w ' data of 105 output result will be 0.The output result of multiplier 105 is not placed in the middle, after will lead in this way Continuous is unable to complete successfully, and is also not easy to hardware handles.Therefore it needs the output result of multiplier 105 passing through the second displaced portions Part 107 moves to left the position (w-w '), and the position front and back (w-w ') data of the binary representation of the output result of such multiplier are all zero, and The valid data (such as aM*bM) of the output result of multiplier 105 will be located at the intermediate position 2w ' of multiplier output result.In this way A part of data of height of the output result of multiplier could be sent to first adder 109, and by the output result of multiplier Low a part of data be sent to second adder 110.
Above-mentioned hardware device 100 can also calculate res=(a*b) * R-1%N+c1.It needs to be counted such as the above method at this time Intermediate result (a*b) %N of calculation is first stored in dual port random access memory 101, then random from twoport by other hardware device It accesses and reads (a*b) %N and c1 in memory 101, then addition fortune is done by first adder 109 and/or second adder 110 It calculates.
Above-mentioned hardware device between multiplier 105 and first adder 109 and second adder 110 by being arranged Second displacement alternative pack 107, realizes the function that the output result of multiplier 105 is placed in the middle.
However, such hardware device 100 but makes needed for the main operational in the calculating process of montgomery modulo multiplication Multiplier-adder critical path is too long, and first adder 109 and second adder 110 need to wait the second displacement selector After 107 operation of part, operation could be carried out to data.
Specifically, above-mentioned critical path refers to postpones longest path in digital circuit in combinational logic.Digital circuit A functional module in all register share the same clock signal, clock signal is one with the change of certain frequency period The signal of change has a moment to be referred to as rising edge in each period.Register is in each rising edge clock, register Interior number is updated to the number of register input terminal, all remaining unchanged in other institute's having times, until on next clock Edge is risen to come.Circuit between two registers can be described as combinational logic again, for example, above-mentioned includes multiplier and adder Path.Register provides input for combinational logic, and to can receive combinational logic defeated for another register or identical register Out.In digital circuit, combinational logic must be completed calculating within this period that register remains unchanged, next in this way Rising edge clock comes then, and the register for providing input for combinational logic can just be updated to next data to be inputted, and connect The result of the calculating of combinational logic could be stored by the register of Combinational logic output.If during such a clock, Once data are not by registers latch, which will disappear, so as to cause operation failure.
In foregoing circuit, multiplier-adder road needed for the main operational in the calculating process of montgomery modulo multiplication Diameter is a time-consuming longest paths, also referred to as critical path in combinational logic in entire circuit.
However Fig. 1 is referred to, need to be arranged the second displacement selector between the calculating path as adder and multiplier Part 107 completes the function that the output result of multiplier 105 is placed in the middle.This makes the behaviour to be carried out within the period of a clock Work becomes complicated, so that multiplier-this critical path of shifting part-adder is too long, to need to set longer clock Period completes the operation of this critical path.Cause the clock frequency of entire hardware circuit not high.
Therefore it needs to provide a kind of hardware device of collective frequency that can further increase multiplier-adder.It needs , it is noted that above-mentioned synthesis is a step of Design of Digital Circuit, and above-mentioned collective frequency refer to it is comprehensive after allow key Path also can normally calculate the maximum clock frequency of completion.
III. for obtaining the hardware device of the intermediate result group in encryption and decryption operation
The above-mentioned intermediate knot being used to obtain in encryption and decryption operation can be replaced by further describing below with reference to Fig. 2A and Fig. 2 B Some embodiments of the hardware device 100 of fruit group.These embodiments can shorten needed for the main operational of montgomery modulo multiplication Multiplier-adder critical path improves the collective frequency of multiplier-adder.
Fig. 2A is the intermediate result group in the acquisition encryption and decryption operation shown according to one or more other embodiments of the present disclosure Hardware device 200 schematic diagram.Fig. 2 B is the acquisition encryption and decryption operation shown according to one or more other embodiments of the present disclosure In intermediate result group hardware device 200 block diagram.
With reference to Fig. 2A and Fig. 2 B, the hardware device 200 of the intermediate result group in acquisition encryption and decryption operation shown in Fig. 2 B can To include dual port random access memory 201 shown in Fig. 2A and Fig. 2 B, displacement input part 202 and adder and multiplier 203.
Specifically, according to the intermediate result group in the acquisition encryption and decryption operation according to one or more other embodiments of the present disclosure Hardware device 200 in all parts configuration it is as follows.
It is one or more associated with the encryption and decryption operation to can be configured as storage for dual port random access memory 201 A data.
Input part 202 is shifted, is connect with the dual port random access memory 201.Shifting input part 202 can be by It is configured to select the first data and the second number from the one or more data stored in dual port random access memory 201 According to, shift operation is carried out respectively to the first data and the second data with obtain and store the first input data and second input number According to.
Adder and multiplier 203 is connect with the displacement input part 202.Adder and multiplier 203 can be configured as to the first input number Multiplying and add operation are carried out according to both the second input datas, to obtain and store among the first intermediate result and second As a result it is used as the intermediate result group.
With reference to Fig. 2A, it can store the data such as above-mentioned aM, bM, MC and N in dual port random access memory 201, these Data all can be the associated one or more data of above-mentioned encryption and decryption operation.
Shift input part 202 can according to Montgomery modular multiplication a certain execution cycle needs from above-mentioned data The first data of middle selection and the second data, such as aM and bM, MC, N etc..
For example, carrying out pM=(aM*bM+k*N) * R-1In aM*bM when, can have by above-mentioned hardware device 200 Following functions.
Function F201: the first data aM and the second data bM are read simultaneously from dual port random access memory 201.
Function F202: displacement input part 202 receives the first data aM and the second data bM, and respectively to the first data aM Shift operation is carried out with the second data bM, and selects the first input data aM*2 from the result after shift operationt1It is defeated with second Enter data bM*2t2
Function F203: the first input data is multiplied by the multiplier in adder and multiplier 203 with the second input data, to obtain Multiplication result product1*2t1+t2=aM*bM*2t1+t2
At this point, the valid data product1 of multiplication result can be located at the intermediate data bit of the output result of multiplier. For example, it is assumed that the bit wide of data aM and bM are the w ' bit of the input bit wide w bit less than adder and multiplier, then the bit wide of aM*bM will For 2w '.By making t1+t2=w-w ', before the binary representation of output result of the multiplier of adder and multiplier 203 can be made The position (w-w ') data are all zero afterwards, and the valid data (such as aM*bM) of the output result of the multiplier of adder and multiplier 203 will be located at The intermediate position 2w ' of multiplier output result.
Function F204: the adder in adder and multiplier 203 can directly acquire multiplication knot from the multiplier in adder and multiplier 203 The valid data product1's of a part of data product1_H of height and multiplication result of the valid data product1 of fruit is low A part of data product1_L.After product1_H is added then available update with zero by the adder in adder and multiplier 203 The first intermediate result product1_H.Low a part of data product1_L is added by the adder in adder and multiplier 203 with zero Then available updated second intermediate result product1_L.
For example, it is assumed that the binary data that the output result of multiplier 401 is 256, then it can be by preceding 128 numbers According to as high-order multiplication result product1_H, and using rear 128 data as low level multiplication result product1_L.
Compared with the hardware device 100 shown in Fig. 1 of hardware device 200 shown in Fig. 2A and 2B, eliminate in multiplier The second displacement alternative pack 107 between 105 and first adder 109 and second adder 110.Simultaneously using displacement input Component 202 shift operation is carried out to the first data (for example, aM) and the second data (for example, bM) with obtain the first input data and Second input data, thus guarantee the first input data and the second input data after the operation by multiplier, Ke Yizhi The intermediate data bit for being located at multiplier output result is connect, convenient for the operation of subsequent adders.Meanwhile multiplier 105, first being added Musical instruments used in a Buddhist or Taoist mass 109 and second adder 110 merge into an adder and multiplier 203, so that needed for the main operational of montgomery modulo multiplication Multiplier-adder critical path shorten, improve the collective frequency of the hardware device.
Hardware device 200 shown in A and 2B according to fig. 2 can extract the addition that must be completed with multiplication same period Out, it is calculated using only an adder and multiplier.So crucial fortune can be promoted compared with hardware device 100 Calculate the collective frequency of device (for example, adder and multiplier).
The one of the displacement input part 202 that can replace hardware device 200 is further described below with reference to Fig. 3 A and Fig. 3 B A little embodiments.
Fig. 3 A is the intermediate result group in the acquisition encryption and decryption operation shown according to one or more other embodiments of the present disclosure Hardware device 200 displacement input part 202 schematic diagram.Fig. 3 B is shown according to one or more other embodiments of the present disclosure Acquisition encryption and decryption operation in intermediate result group hardware device 200 displacement input part 202 block diagram.
The hardware device 200 of intermediate result group in the acquisition encryption and decryption operation with reference to shown in Fig. 3 A and Fig. 3 B, Fig. 3 B Displacement input part 202 may include that the first shift unit group 301 shown in Fig. 3 A and Fig. 3 B, the second shift unit group 302, first are defeated Enter Port Multiplier 303, second and inputs Port Multiplier 304, register A305 and register B306.
With reference to Fig. 3 A and 3B, all parts in above-mentioned displacement input part 202 can be configured as follows.
First shift unit group 301 can be connect with dual port random access memory 201.First shift unit group 301 can be by Be configured to in the one or more data stored in dual port random access memory the first data carry out shift operation with Obtain the first shifted data set.For example, the first shifted data set may include that the first data are moved to left i1Obtained from position Data acquisition system, wherein i1For the integer greater than 0.
First input Port Multiplier 303 can be connect with the first shift unit group 301.The first input Port Multiplier 303 can be by It is configured to select the first input data from the first shifted data set.
Register A 305 can be connect with the first input Port Multiplier 303.Register A 305 can be configured as reception simultaneously Store the first input data.
Second shift unit group 302 can be connect with dual port random access memory 201.Second shift unit group 302 can be by It configures and shift operation is carried out to obtain to the second data in the one or more data stored in dual port random access memory Take the second shifted data set.For example, the second shifted data set may include that the second data are moved to left i2Number obtained from position According to set, wherein i2For the integer greater than 0.
Second input Port Multiplier 304 can be connect with the second shift unit group 302 and adder and multiplier 203.Second input Port Multiplier 304 can be configured as and select from the second shifted data set and the intermediate result group and export the second input data.
Register B 306 can be connect with the second input Port Multiplier 304, and register B 306 can be configured as reception And store the second input data.
With reference to Fig. 3 A, shift input part 202 can according to Montgomery modular multiplication a certain execution cycle needs The first data and the second data, such as aM and bM, MC, N etc. are selected from above-mentioned data.
Assuming that the first data are aM, the second data are bM.
First shift unit group 301 can carry out shift operation to it after receiving the first data aM, be moved with obtaining first Position data acquisition system(Z indicates integer), and first can be therefrom selected by the first input Port Multiplier 303 Input dataIt then can be by the first input data It is stored in register A 305.
Similarly, Port Multiplier 304 and register B306 are inputted by the second shift unit group 302, second, it can be by the second number The second input data is converted to according to bM
In this way, above-mentioned function F202 may be implemented.Utilize displacement input unit as shown in Figure 3A and Figure 3B Part 202 may be implemented to carry out shift operation to the first data (for example, aM) and the second data (for example, bM) to obtain first Input data (for example,) and the second input data (for example,).And then the first input number may be implemented After the operation by multiplier, the middle position of result can be exported located immediately at multiplier according to the second input data, Convenient for the operation of subsequent adders.
The some implementations that can replace the adder and multiplier 203 of hardware device 200 are further described below with reference to Fig. 4 A and Fig. 4 B Example.
Fig. 4 A is the intermediate result group in the acquisition encryption and decryption operation shown according to one or more other embodiments of the present disclosure Hardware device 200 adder and multiplier 203 schematic diagram.Fig. 4 B is the acquisition shown according to one or more other embodiments of the present disclosure The block diagram of the adder and multiplier 203 of the hardware device 200 of intermediate result group in encryption and decryption operation.
The hardware device 200 of intermediate result group in the acquisition encryption and decryption operation with reference to shown in Fig. 4 A and Fig. 4 B, Fig. 4 B Adder and multiplier 203 may include multiplier 401 shown in Fig. 4 A and Fig. 4 B, left-hand adder 402, right-hand adder 403, first Intermediate result Port Multiplier 404, the second intermediate result Port Multiplier 405, register D 406 and register C 407.
With reference to Fig. 4 A and 4B, all parts in adder and multiplier 203 can be configured as follows.
Multiplier 401 can be connect with register A 305 and register B 306.Multiplier 401 can be configured as One input data and the second input data are multiplied to obtain multiplication result.Wherein a part of data of height of the multiplication result are a high position Multiplication result.Low a part of data of multiplication result are low level multiplication result.
Second intermediate result Port Multiplier 405 can be connect with register D 406 and register C 407.Second intermediate result Port Multiplier 405, which can be configured as, to be selected the first intermediate result being stored in register D 406, is stored in register C 407 In at least one of the second intermediate result and zero, and output this to right-hand adder 403.
Right-hand adder 403 can be connect with multiplier 401 and the second input Port Multiplier, and right-hand adder 403 can be by Be configured to the data for receiving low level multiplication result and selecting through the second intermediate result Port Multiplier 405, and to low level multiplication result and Data through the selection of the second intermediate result Port Multiplier 405 carry out add operation, to obtain updated second intermediate result, and will Updated second intermediate result is input to the second input Port Multiplier 304, and by the carry of updated second intermediate result It is input to left-hand adder 402.
Register C 407 can be connect with right-hand adder 403.Register C 407, which can be configured as, to be received and stored Updated second intermediate result replaces the second data in the intermediate result group.
First intermediate result Port Multiplier 404 can be connect with register D 406.First intermediate result Port Multiplier 404 can be with It is configured as that a data will be selected in the first intermediate result being stored in register D 406 and zero, and the data are defeated Enter to left-hand adder 402.
Left-hand adder 402 can be connect with multiplier 401 and the first intermediate result Port Multiplier 404.Left-hand adder 402 It can be configured as the high-order multiplication result of reception, the carry in the second intermediate result, selected through the first intermediate result Port Multiplier 404 Data, and in high-order multiplication result, the second intermediate result carry, through the first intermediate result Port Multiplier 404 select number According to progress add operation to obtain updated first intermediate result.
Register D 406 can be connect with left-hand adder 402.After register D 406 can be configured as reception update The first intermediate result come the first intermediate result for storing before replacing.
With reference to Fig. 4 A, multiplier 401 can need to receive in a certain execution cycle according to Montgomery modular multiplication One input data and the second input data, such asMC, N etc..
Assuming that the first input data isSecond input data is
Multiplier 401 is by the first input dataWith the second input dataIt is multiplied, to be multiplied Method resultAt this point, the valid data product1 of multiplication result will be located at The centre of the output result of multiplier.Assuming that the bit wide of data aM and bM are the w ' ratio of the input bit wide w bit less than adder and multiplier Spy, then the bit wide of aM*bM will be 2w '.By making i1+i2=w-w ', can make the two of the output result of multiplier 401 into The position front and back (the w-w ') data shown of tabulating all are zero, and the valid data (such as product1) of the output result of multiplier 401 The intermediate position 2w ' of multiplier output result will be located at.
In this way, above-mentioned function F203 may be implemented.Since the output result of multiplier 401 has been positioned at The intermediate position 2w ', the access between multiplier 401 and left-hand adder 402, right-hand adder 403 are no longer needed for shift unit. Left-hand adder 402, right-hand adder 403 can operation result directly to multiplier 401 carry out operation, so as to shorten multiplying The length for adding this critical path of device substantially increases the operation efficiency of key operation component adder and multiplier 203.
Left-hand adder 402 can directly acquire the height of the valid data product1 of multiplication result from multiplier 401 A part of data product1_H (for example, high-order multiplication result in Fig. 4 A), while low level multiplier 403 can be from multiplier Low a part of data product1_L of the valid data product1 of multiplication result is directly acquired in 401 (for example, in Fig. 4 A Low level multiplication result).For example, it is assumed that multiplication resultIt is one 256 data, then Product1_H can beBinary representation preceding 128 data, product1_L can beBinary representation rear 128 data.
At this point, due to it is this moment only calculative be product1=aM*bM, thus temporarily do not need to the above results into Row add operation.First intermediate result Port Multiplier 404 will between the data stored in register D 406 and zero selection zero with it is defeated Enter to left-hand adder 402, so that left-hand adder 402 is executed the addition of high-order multiplication result product1_H and zero Operation, to obtain the first intermediate result product1_H.Register D 406 will receive and store high-order multiplication result Product1_H is as the first intermediate result.Second intermediate result can also be by similar operation, from low level multiplication result Product1_L passes through the operation of right-hand adder 403, the second intermediate result Port Multiplier 405, is stored to register C 407.
In this way, above-mentioned function F204 may be implemented.
By above structure, the hardware device 200 of one or more other embodiments of the present disclosure is defeated positioned at multiplier by script The displacement selection input part in source has moved on at register A and register B.From regardless of how data bit width changes, all may be used With by before entering multiplier computation, by the input of register A and register B using shift unit group to moving to left Position, so that the data bit that data bit used in the valid data of multiplier output is most central part always (that is to say residence Middle alignment).Port Multiplier is eliminated on the path of multiplier-adder as a result,.Simultaneously compared with hardware device 100, hardware dress It sets 200 also to remove the Port Multiplier 104 originally between register B and multiplier, and directly utilizes the input register B The second shift unit group 302 substitute the function of Port Multiplier 104.So that the output of register A and register B can be with It is connected directly to adder and multiplier, further improves the collective frequency of hardware device 200.
Thus, it is possible to executed by above-mentioned hardware device 200 must and multiplying same period execute plus Method operation.Meanwhile the hardware device 200 has also been stored by register C 407 and register D 408 and can be used for only holding The intermediate result group of row add operation (for example, be not required to and add operation that multiplying is executed in same period) is (for example, first Intermediate result and the second intermediate result), in order to carry out the operation of next step to intermediate result group.
As fig. 5 a and fig. 5b, for the operation to intermediate result result group progress next step, hardware device 200 may be used also To include high-order output adding unit 500.
Some realities of the high-order output adding unit 500 of hardware device 200 are further described below by Fig. 5 A and Fig. 5 B Apply example.
Fig. 5 A is the intermediate result group in the acquisition encryption and decryption operation shown according to one or more other embodiments of the present disclosure Hardware device 200 high-order output adding unit 500 schematic diagram.Fig. 5 B is shown according to the one or more real of the disclosure Apply the block diagram of the high-order output adding unit 500 of the hardware device 200 of the intermediate result group in the acquisition encryption and decryption operation of example.
The hardware device 200 of intermediate result group in the acquisition encryption and decryption operation with reference to shown in Fig. 5 A and Fig. 5 B, Fig. 5 B High position output adding unit 500 can be configured as receives the first intermediate result from register D 406, and ties to the first centre Fruit carries out add operation.
High position output adding unit 500 may include high position addition shift unit group 501 shown in Fig. 5 A and Fig. 5 B, a high position Addition Port Multiplier group 502, high-order output adder 503, high-order output addition results Port Multiplier 504 and register D1 505.
With reference to Fig. 5 A and 5B, all parts in high position output adding unit 500 can be configured as follows.
High-order output adder 503 can be connect with register D 406, and can be configured as receiving register D 406 First intermediate result of middle storage, and add operation is carried out to obtain the first output result to the first intermediate result.
High position output addition results Port Multiplier 504 can be connect with high-order output adder 503, high position output addition results Port Multiplier 504, which can be configured as, selects the first data exported in result and dual port random access memory, and as Output data selected by a high position is exported to register D1 505.
Register D1 505 can be connect with high position output addition results Port Multiplier 504, and can be configured as reception simultaneously Output data selected by a storage high position, and output this to dual port random access memory and high-order addition shift unit group 501.
High-order addition shift unit group 501 can be connect with register D1 505, and high-order addition shift unit group 501 can be by Be configured to from register D1 505 receive a high position selected by output data, and to output data selected by a high position carry out displacement calculate with Obtain high bit shift output data.
High-order addition Port Multiplier group 502 can be connect with high-order addition shift unit group 501, high-order addition Port Multiplier group 502 It can be configured as the data selected among high bit shift output data and zero, and output this to high-order output adder 503。
Wherein, high-order output adder 503 to the first intermediate result carry out add operation to obtain the first output the result is that By being added the first intermediate result with the data by high-order 502 group selection of addition Port Multiplier group to obtain the first output result Come what is realized.
Assuming that need to calculate the first intermediate result plus a number, for example, calculate res1=(aM [n-1:0] * bM [n-1: 0]+k [n-1:0] * N [n-1:0]) * R-1+C1。
With reference to Fig. 5 A, C1 can be read out from dual port random access memory 201.High position output addition results Port Multiplier C1 is selected in 504 C1 stored in the first output result and dual port random access memory 201, and as high-order institute Data are selected to be output to register D1 505.
Data C1 is output to high-order addition shift unit group 501 by register D1 505, then by high-order addition shift unit group 501, which generate high bit shift output data set, closes { C1*2t3|t3∈Z}.High-order addition Port Multiplier group 502 exports number from high bit shift According to set { C1*2t3| t3 ∈ Z } in choose suitable number C1*2t3, and output it the high-order output adder 503 of value.It is calculating Res1=(aM [n-1:0] * bM [n-1:0]+k [n-1:0] * N [n-1:0]) * R-1In the case where+C1, t3=0, C1*2t3As C1。
Since the first intermediate result can be (aM [n-1:0] * bM [n-1:0]+k [n-1:0] * N [n-1:0]) * R-1, because This, passes through high-order output adder 503 for (aM [n-1:0] * bM [n-1:0]+k [n- 1:0] * N [n-1:0]) * R at this time-1With C1 It is added, res1=(aM [n-1:0] * bM [n-1:0]+k [n- 1:0] * N [n-1:0]) * R can be obtained-1The result of+C1.
In RSA and ECC encryption and decryption operation, there is also two number a and b are carried out modular multiplication along with-the 1 of another number C1 Times, 3 times and the case where 12 times.
At this moment, so that it may pass through high-order addition shift unit group 501, high-order addition Port Multiplier group 502 and high-order output addition Device first acquisition-C1,3C1 or 12C1.
For example, hardware device 200 can calculate res1=(aM [n-1:0] * bM [n-1:0]+k [n-1:0] * N [n-1: 0])*R-1+3*C1.Hardware device 200 needs first to calculate C1 < < 1+C1 (< < 1 expression 1 bit of shifted left), that is to say C1 first 1 bit of shifted left to obtain C1*2, then the C1*2 after moving to left is added with C1,3 times of C1 can be obtained.
Specifically, it can use high-order addition shift unit group and generate high bit shift output data set conjunction { C1*2t3|t3∈ Z}.High-order addition Port Multiplier group 502 closes { C1*2 from high bit shift output data sett3| t3 ∈ Z } in choose suitable number C1*2, And be added C1*2 with d1 using high-order output adder 503,3 times of d1 can be obtained.After obtaining 3*C1, so that it may will 3*C1 and res1=(aM [n-1:0] * bM [n-1:0]+k [n-1:0] * N [n-1:0]) * R-1It is added, to obtain res1=(aM [n-1:0] * bM [n- 1:0]+k [n-1:0] * N [n-1:0]) * R-1+3*C1。
For example, hardware device 200 can also calculate res1=(aM [n-1:0] * bM [n-1:0]+k [n-1:0] * N [n-1: 0])*R-1+12*C1.At this time, it may be necessary to select C1*2 first with high-order addition Port Multiplier group 5023(such as shifted left 3 compares It is special), recycle high-order addition Port Multiplier group 502 to select C1*22(such as 2 bit of shifted left), and added using high-order output Musical instruments used in a Buddhist or Taoist mass 503 is by C1*23With C1*22It is added, 12 times of C1 can be obtained.
For example, hardware device 200 can also calculate res1=(aM [n-1:0] * bM [n-1:0]+k [n-1:0] * N [n-1: 0])*R-1-12*C1.Calculating result in this way may be negative value, it is therefore desirable to calculate res1=(aM [n-1:0] * bM [n-1:0] + k [n-1:0] * N [n-1:0]) * R-1-12*C1+N.At this moment, since register A 305 at this time can store the value of N, so that it may count It calculates and the first intermediate result is subtracted into the result that C1 adds N.The operation efficiency of operation mode in this way, hardware device 200 will Operation efficiency than hardware device 100 is higher.
As shown in Figure 6 A and 6 B, for the operation to intermediate result result group progress next step, hardware device 200 may be used also To include low level output adding unit 600.
Some realities of the low level output adding unit 600 of hardware device 200 are further described below by Fig. 6 A and Fig. 6 B Apply example.
Fig. 6 A is the intermediate result group in the acquisition encryption and decryption operation shown according to one or more other embodiments of the present disclosure Hardware device 200 low level output adding unit 600 schematic diagram.Fig. 6 B is shown according to the one or more real of the disclosure Apply the block diagram of the high-order output adding unit 600 of the hardware device 200 of the intermediate result group in the acquisition encryption and decryption operation of example.
The hardware device 200 of intermediate result group in the acquisition encryption and decryption operation with reference to shown in Fig. 6 A and Fig. 6 B, Fig. 6 B High position output adding unit 600 can be configured as receives the second intermediate result from register C 407, and ties to the second centre Fruit carries out add operation.
It may include low level addition shift unit group 601, low level shown in Fig. 6 A and Fig. 6 B that low level, which exports adding unit 600, Addition Port Multiplier group 602, high position data selection Port Multiplier 603, low level output adder 604, low level export addition results multichannel Device 605 and register C1 606.
With reference to Fig. 6 A and 6B, all parts that may include in low level output adding unit 600 can be configured as follows.
Low level output adder 604 can be connect with register C 407.Low level output adder 604 can be configured as The second intermediate result stored in receiving register C 407, and it is defeated to obtain second to carry out add operation to the second intermediate result Result out.
Low level output addition results Port Multiplier 605 can be connect with low level output adder 604.Low level exports addition results Port Multiplier 605 is configured as the data in the second output result of selection and dual port random access memory, and as low level Selected output data is exported to register C1 606.
Register C1 606 can export addition results Port Multiplier 605 with low level and connect.Register C1 606 can be matched It is set to and receives and stores output data selected by low level, and output this to dual port random access memory 201 and the shifting of low level addition Position device group 601.
Low level addition shift unit group 601 can be connect with register C1 606.Low level addition shift unit group 601 is configured To receive output data selected by low level from register C1 606, and displacement is carried out to output data selected by low level and is calculated to obtain Low level shifts output data.
Low level addition Port Multiplier group 602 can be connect with low level addition shift unit group 601.Low level addition Port Multiplier group 602 A data being configured as among selection low level displacement output data and zero.And output this to low level output adder 604.
High position data selection Port Multiplier 603 can be connect with register D 406.High position data selection Port Multiplier 603 is matched One be set among the second intermediate result and zero stored in mask register D 406, and output this to low level output and add Musical instruments used in a Buddhist or Taoist mass 604.
Wherein, low level output adder 604 to the second intermediate result carry out add operation to obtain the second output the result is that By by the second intermediate result, the data for selecting Port Multiplier 603 to select by high position data and by low level addition Port Multiplier group The data of 602 group selections are added to be realized with obtaining the second output result.
Assuming that need to calculate the second intermediate result plus a number, for example, calculate res2=(aM [n-1:0] * bM [n-1: 0]+k [n-1:0] * N [n-1:0]) * R-1+m*C2。
With reference to Fig. 6 A, res1=(aM [n- 1:0] * bM is calculated using high-order output adding unit 500 with shown in Fig. 5 A [n-1:0]+k [n-1:0] * N [n-1:0]) * R-1+ l*C1 analogously, can calculate the second intermediate result plus a number or add - 1 times, 3 times and 12 times of result of the upper number.
Hardware device 200 is defeated using low level shown in the output adding unit 500 of a high position shown in Fig. 5 A-5B and Fig. 6 A-6B Adding unit 600 out can calculate two i.e. res1=of result (aM [n-1:0] * bM [n-1:0]+k [n-1:0] * N [n- simultaneously 1:0]) * R-1+ l*C1 and res2=(aM [n-1:0] * bM [n- 1:0]+k [n-1:0] * N [n-1:0]) * R-1+ m*C2 adds in this way The fast operation efficiency of entire hardware device 200.
It is further described below with reference to Fig. 7 and exports the hard of adding unit 600 including high-order output adding unit 500 and low level Some embodiments of part device 200.
Fig. 7 is the intermediate result group in the acquisition encryption and decryption operation shown according to one or more other embodiments of the present disclosure The another schematic diagram of hardware device 200.
With reference to Fig. 7, hardware device 200 may include dual port random access memory 201, shift input part 202, be multiply-add Device 203, high-order output adding unit 500 and low level export adding unit 600.
With reference to the structure of hardware device 200 shown in Fig. 7, it is seen that multiplier 401 can be with left-hand adder 402, low level Adder 403 is directly connected to, and without being selected by shift unit and Port Multiplier, while in turn ensuring the output knot of multiplier Fruit is placed in the middle, to improve the service efficiency of the hardware component of actual participation numerical operation.So that Montgomery modular Multiplier-adder key needed for the main operational multiplied calculates path and shortens, and improves the collective frequency of the hardware device.
It meanwhile further including register D 406 and register C 407 in adder and multiplier 203.It, can be with by the two registers So that participating in multiplier 401, left-hand adder 402 and the right-hand adder 403 and other hardware circuits of operation in adder and multiplier 203 It is spaced apart, so that the function of adder and multiplier 203 is more single, it is more efficient.
In addition, hardware device 200 can also include: the displacement input part 202 for carrying out shift operation, high-order output addition The Port Multiplier group etc. for including in component 500, low level output adding unit 600 and these hardware circuits.
Such hardware device 200 can complete the most of operation that may relate in Montgomery modular multiplication.
The add operation for calculating high-order multiplication result and low level multiplication result can not be same with above-mentioned multiplying Period completes.Register C and D can by these operations in adder and multiplier multiplier and adder separate, enhance Meng Gema The independence of each step in sharp operation improves the integral operation efficiency of hardware device 200.
The hardware device of intermediate result group in the acquisition encryption and decryption operation of the embodiment of the present disclosure can shorten encryption and decryption fortune Multiplier-adder path in main operational in calculation, makes it possible to achieve the key of the main operational in encryption and decryption operation The utility ratio of arithmetic unit improves, to improve the application efficiency of hardware device entirety.
It should be noted that all the embodiments in this specification are described in a progressive manner, each embodiment weight Point explanation is the difference from other embodiments, and the same or similar parts between the embodiments can be referred to each other.
In all embodiments provided herein, it should be understood that each box in flowchart or block diagram can be with A part of a module, section or code is represented, a part of the module, section or code includes one or more uses The executable instruction of the logic function as defined in realizing.It should also be noted that in some implementations as replacement, in box The function of being marked can also be occurred with being different from the sequence marked in figure.For example, two continuous boxes can actually It is basically executed in parallel, they can also be executed in the opposite order sometimes, and this depends on the function involved.It is also noted that It is the combination of each box in block diagram and or flow chart and the box in block diagram and or flow chart, can uses and execute rule The dedicated hardware based system of fixed function or movement is realized, or can use the group of specialized hardware and computer instruction It closes to realize.
If function is realized and when sold or used as an independent product in the form of software function module, can store In a computer readable storage medium.Based on this understanding, the technical solution of the disclosure is substantially in other words to existing Having the part for the part or the technical solution that technology contributes can be embodied in the form of software products, the computer Software product is stored in a storage medium, including some instructions are used so that a computer equipment (can be personal meter Calculation machine, server or network equipment etc.) execute each embodiment method of the disclosure all or part of the steps.And it is above-mentioned Storage medium includes: that USB flash disk, mobile hard disk, read-only memory (ROM, Read-Only Memory), random access memory are (double Mouthful random access memory, Random Access Memory), various Jie that can store program code such as magnetic or disk Matter.It should be noted that, in this document, the relational terms of such as first and third or the like be used merely to an entity or Operation is distinguished with another entity or operation, and without necessarily requiring or implying between these entities or operation, there are any This actual relationship or sequence.Moreover, the terms "include", "comprise" or its any other variant be intended to it is non-exclusive Property include so that include a series of elements process, method, article or equipment not only include those elements, but also Further include other elements that are not explicitly listed, or further include for this process, method, article or equipment it is intrinsic Element.In the absence of more restrictions, the element limited by sentence "including a ...", it is not excluded that including element Process, method, article or equipment in there is also other identical elements.
The above is only preferred embodiment of the present disclosure, are not limited to the disclosure, for those skilled in the art For member, the disclosure can have various modifications and variations.It is all the disclosure spirit and principle within, it is made it is any modification, Equivalent replacement, improvement etc., should be included within the protection scope of the disclosure.It should also be noted that similar label and letter are under Similar terms are indicated in the figure in face, therefore, once a certain item is defined in one drawing, then do not needed in subsequent figure to its into Row further definition and explanation.
More than, the only specific embodiment of the disclosure, but the protection scope of the disclosure is not limited thereto, and it is any to be familiar with Those skilled in the art can easily think of the change or the replacement in the technical scope that the disclosure discloses, and should all cover Within the protection scope of the disclosure.Therefore, the protection scope of the disclosure should be with the protection model of the following claims and their equivalents Subject to enclosing.

Claims (5)

1. a kind of hardware device for obtaining the intermediate result group in encryption and decryption operation, which is characterized in that the hardware device includes:
Dual port random access memory is configured as storage one or more data associated with the encryption and decryption operation;
Input part is shifted, is connect with the dual port random access memory, the displacement input part is configured as from twoport The first data and the second data are selected in the one or more data stored in random access memory, to the first data and Two data carry out shift operation respectively to obtain and store the first input data and the second input data;And
Adder and multiplier is connect with the displacement input part, and the adder and multiplier is configured as inputting the first input data and second Both data carry out multiplying and add operation, to obtain and store the first intermediate result and the second intermediate result described in Intermediate result group.
2. obtaining the hardware device of the intermediate result group in encryption and decryption operation as described in claim 1, which is characterized in that described Shifting input part includes:
First shift unit group is connect with the dual port random access memory, and the first shift unit group is configured as to twoport The first data in the one or more data stored in random access memory carry out shift operation to obtain the first displacement Data acquisition system;
First input Port Multiplier, connect with the first shift unit group, and the first input Port Multiplier is configured as moving from first The first input data is selected in the data acquisition system of position;
Register A is connect with the first input Port Multiplier, and the register A is configured to receive and store the first input number According to;
Second shift unit group is connect with the dual port random access memory, and the second shift unit group is configured as to twoport The second data in the one or more data stored in random access memory carry out shift operation to obtain the second displacement Data acquisition system;
Second input Port Multiplier, connect with the second shift unit group and the adder and multiplier, and the second input Port Multiplier is matched It is set to and is selected from the second shifted data set and the intermediate result group and export the second input data;And
Register B is connect with the second input Port Multiplier, and the register B is configured to receive and store the second input number According to.
3. obtaining the hardware device of the intermediate result group in encryption and decryption operation as claimed in claim 2, which is characterized in that described Adder and multiplier includes:
Multiplier is connect with register A and register B, and the multiplier is configured as the first input data and the second input Data are multiplied to obtain multiplication result, wherein a part of data of height of the multiplication result are high-order multiplication result, the multiplication As a result low a part of data are low level multiplication result;
Second intermediate result Port Multiplier, connect with register D and register C, and the second intermediate result Port Multiplier is configured as Select the first intermediate result being stored in register D, in the second intermediate result and zero for being stored in register C at least One, and output this to right-hand adder;
Right-hand adder is connect with multiplier and the second input Port Multiplier, and right-hand adder is configured as receiving low level multiplication knot Fruit and the data selected through the second intermediate result Port Multiplier, and selected to low level multiplication result and through the second intermediate result Port Multiplier Data carry out add operation, to obtain updated second intermediate result, and updated second intermediate result is input to Second input Port Multiplier, and the carry of updated second intermediate result is input to left-hand adder;
Register C is connect with right-hand adder, and the register C is configured to receive and store updated second intermediate result To replace the second intermediate result stored before;
First intermediate result Port Multiplier is connect with register D, and the first intermediate result Port Multiplier is configured as to be stored in A data are selected in the first intermediate result and zero in register D, and the data are input to left-hand adder;
Left-hand adder is connect with multiplier and the first intermediate result Port Multiplier, and the left-hand adder is configured as receiving high-order Multiplication result, the carry in the second intermediate result, the data selected through the first intermediate result Port Multiplier, and to high-order multiplication knot Fruit, the carry in the second intermediate result, the data through the selection of the first intermediate result Port Multiplier carry out add operation and are updated with obtaining The first intermediate result afterwards;
Register D is connect with the left-hand adder, and the register D is configured as receiving updated first intermediate result The first intermediate result stored before replacement.
4. obtaining the hardware device of the intermediate result group in encryption and decryption operation as claimed in claim 3, which is characterized in that described Hardware device further include:
High position output adding unit, is configured as receiving the first intermediate result from register D, and carry out the first intermediate result Add operation, the high-order output adding unit include:
High-order output adder is connect with register D, is configured as the first intermediate result stored in receiving register D, and right First intermediate result carries out add operation to obtain the first output result;
High position output addition results Port Multiplier, connect with high-order output adder, the high-order output addition results Port Multiplier quilt The data being configured in the first output result of selection and dual port random access memory, and as output data selected by a high position It exports to register D1;
Register D1 connect with high position output addition results Port Multiplier, is configured to receive and store output data selected by a high position, And output this to dual port random access memory and high-order addition shift unit group;
High-order addition shift unit group, connect with register D1, and the high position addition shift unit group is configured as from register D1 Output data selected by a high position is received, and displacement is carried out to output data selected by a high position and is calculated to obtain high bit shift output data;
High-order addition Port Multiplier group is connect with high-order addition shift unit group, and the high position addition Port Multiplier group is configured as selecting A data among high bit shift output data and zero, and output this to high-order output adder;
Wherein, the high-order output adder carries out add operation to the first intermediate result to obtain the first output the result is that passing through First intermediate result is added with the data by high-order addition Port Multiplier group group selection and is realized with obtaining the first output result 's.
5. obtaining the hardware device of the intermediate result group in encryption and decryption operation as claimed in claim 3, which is characterized in that described Hardware device further include:
Low level exports adding unit, is configured as receiving the second intermediate result from register C, and carries out to the second intermediate result Add operation, the low level output adding unit include:
Low level output adder is connect with register C, is configured as the second intermediate result stored in receiving register C, and right Second intermediate result carries out add operation to obtain the second output result;
Low level exports addition results Port Multiplier, connect with low level output adder, and the low level exports addition results Port Multiplier quilt The data being configured in the second output result of selection and dual port random access memory, and as output data selected by low level It exports to register C1;
Register C1 connect with low level output addition results Port Multiplier, is configured to receive and store output data selected by low level, And output this to dual port random access memory and low level addition shift unit group;
Low level addition shift unit group, connect with register C1, and the low level addition shift unit group is configured as from register C1 Output data selected by low level is received, and displacement is carried out to output data selected by low level and is calculated to obtain low level displacement output data;
Low level addition Port Multiplier group is connect with low level addition shift unit group, and the low level addition Port Multiplier group is configured as selecting Low level shifts a data among output data and zero, and outputs this to low level output adder;
High position data selects Port Multiplier, connect with register D, and the high position data selection Port Multiplier is configured as mask register One among the second intermediate result stored in D and zero, and output this to low level output adder;
Wherein, the low level output adder carries out add operation to the second intermediate result to obtain the second output the result is that passing through By the second intermediate result, the data by high position data selection Port Multiplier selection and by the Port Multiplier group selection of low level addition Data are added to be realized with obtaining the second output result.
CN201920409784.1U 2019-03-28 2019-03-28 Obtain the hardware device of the intermediate result group in encryption and decryption operation Active CN209560522U (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201920409784.1U CN209560522U (en) 2019-03-28 2019-03-28 Obtain the hardware device of the intermediate result group in encryption and decryption operation

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201920409784.1U CN209560522U (en) 2019-03-28 2019-03-28 Obtain the hardware device of the intermediate result group in encryption and decryption operation

Publications (1)

Publication Number Publication Date
CN209560522U true CN209560522U (en) 2019-10-29

Family

ID=68311631

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201920409784.1U Active CN209560522U (en) 2019-03-28 2019-03-28 Obtain the hardware device of the intermediate result group in encryption and decryption operation

Country Status (1)

Country Link
CN (1) CN209560522U (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109814838A (en) * 2019-03-28 2019-05-28 贵州华芯通半导体技术有限公司 Obtain method, hardware device and the system of the intermediate result group in encryption and decryption operation

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109814838A (en) * 2019-03-28 2019-05-28 贵州华芯通半导体技术有限公司 Obtain method, hardware device and the system of the intermediate result group in encryption and decryption operation
CN109814838B (en) * 2019-03-28 2024-04-12 贵州华芯半导体技术有限公司 Method, hardware device and system for obtaining intermediate result set in encryption and decryption operation

Similar Documents

Publication Publication Date Title
Erdem et al. A general digit-serial architecture for montgomery modular multiplication
JP2722413B2 (en) Implementation method of modular multiplication by Montgomery method
CN100527072C (en) Device and method for carrying out montgomery mode multiply
CN109814838A (en) Obtain method, hardware device and the system of the intermediate result group in encryption and decryption operation
KR100682354B1 (en) Multiple-word multiplication-accumulation circuit and montgomery modular multiplication-accumulation circuit
Jafri et al. Towards an optimized architecture for unified binary huff curves
Tian et al. High-speed FPGA implementation of SIKE based on an ultra-low-latency modular multiplier
Karmakar et al. Efficient finite field multiplication for isogeny based post quantum cryptography
Mrabet et al. A scalable and systolic architectures of montgomery modular multiplication for public key cryptosystems based on dsps
JP2002229445A (en) Modulator exponent device
CN209560522U (en) Obtain the hardware device of the intermediate result group in encryption and decryption operation
KR102496446B1 (en) Word-parallel calculation method for modular arithmetic
US8527570B1 (en) Low cost and high speed architecture of montgomery multiplier
Vollala et al. Efficient modular exponential algorithms compatible with hardware implementation of public‐key cryptography
KR100954584B1 (en) Apparatus and Method for MSD first GF3^m serial multiplication and Recording medium using this
CN115270155A (en) Method for obtaining maximum common divisor of big number expansion and hardware architecture
Yu et al. Efficient modular reduction algorithm without correction phase
Thampi et al. Montgomery multiplier for faster cryptosystems
US6230178B1 (en) Method for the production of an error correction parameter associated with the implementation of a modular operation according to the Montgomery method
Awano et al. Asic coprocessor for 254-bit prime-field pairing based on general purpose arithmetic unit on quadratic extension field
Sheu et al. A pipelined architecture of fast modular multiplication for RSA cryptography
KR100974624B1 (en) Method and Apparatus of elliptic curve cryptography processing in sensor mote and Recording medium using it
Vollala et al. Dual-core implementation of right-to-left modular exponentiation
CN113467752B (en) Division operation device, data processing system and method for private calculation
Kalaiarasi et al. A parallel elliptic curve crypto-processor architecture with reduced clock cycle for FPGA platforms

Legal Events

Date Code Title Description
GR01 Patent grant
GR01 Patent grant
CP03 Change of name, title or address
CP03 Change of name, title or address

Address after: 9th Floor, Building C, Gui'an Center, Plot ZD-64, Big Data Science and Technology Innovation City, Gui'an New Area, Guiyang City, Guizhou Province, 550003 (No. 2 on the south side)

Patentee after: Guizhou Huaxin Semiconductor Technology Co.,Ltd.

Address before: 550081 2nd floor, intersection of Qianzhong Avenue and Jinma Avenue, Gui'an New District, Guiyang City, Guizhou Province

Patentee before: GUIZHOU HUAXINTONG SEMICONDUCTOR TECHNOLOGY Co.,Ltd.