[go: up one dir, main page]

CN113660087B - SM9 identification cipher algorithm hardware realization system based on finite field - Google Patents

SM9 identification cipher algorithm hardware realization system based on finite field Download PDF

Info

Publication number
CN113660087B
CN113660087B CN202110763602.2A CN202110763602A CN113660087B CN 113660087 B CN113660087 B CN 113660087B CN 202110763602 A CN202110763602 A CN 202110763602A CN 113660087 B CN113660087 B CN 113660087B
Authority
CN
China
Prior art keywords
module
algorithm
calculation
domain
modular
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110763602.2A
Other languages
Chinese (zh)
Other versions
CN113660087A (en
Inventor
陈华锋
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhidianxin Hangzhou Intelligent Technology Co ltd
Original Assignee
Zhejiang University of Media and Communications
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhejiang University of Media and Communications filed Critical Zhejiang University of Media and Communications
Priority to CN202110763602.2A priority Critical patent/CN113660087B/en
Publication of CN113660087A publication Critical patent/CN113660087A/en
Application granted granted Critical
Publication of CN113660087B publication Critical patent/CN113660087B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
    • H04L9/3073Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves involving pairings, e.g. identity based encryption [IBE], bilinear mappings or bilinear pairings, e.g. Weil or Tate pairing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Security & Cryptography (AREA)
  • Mathematical Physics (AREA)
  • Physics & Mathematics (AREA)
  • Pure & Applied Mathematics (AREA)
  • Mathematical Optimization (AREA)
  • Computing Systems (AREA)
  • Mathematical Analysis (AREA)
  • General Physics & Mathematics (AREA)
  • Algebra (AREA)
  • Storage Device Security (AREA)

Abstract

本发明属于信息安全领域,公开了一种基于有限域的SM9标识密码算法硬件实现系统,包括寄存器模块、数据通路模块、底层控制模块、存储器模块、辅助函数模块、随机数模块和算法功能模块;本系统的底层运算实现了模块化设计,运算功能多,接口灵活,在支持SM9上层运算实现的同时,还能够支持SM2国密算法、ECDSA等公钥密码算法的核心运算步骤。本系统所有运算步骤均由硬件实现,总面积小,同时保持较高的运算性能,相比于软件实现的性能有很大提高。

The invention belongs to the field of information security and discloses a limited domain-based SM9 identification cryptographic algorithm hardware implementation system, including a register module, a data path module, a bottom control module, a memory module, an auxiliary function module, a random number module and an algorithm function module; The underlying operation of this system implements a modular design, with multiple computing functions and flexible interfaces. While supporting the SM9 upper-layer operation implementation, it can also support the core operation steps of public key cryptography algorithms such as SM2 national cryptographic algorithm and ECDSA. All the computing steps of this system are implemented by hardware, with a small total area and high computing performance. Compared with software implementation, the performance is greatly improved.

Description

一种基于有限域的SM9标识密码算法硬件实现系统A hardware implementation system of SM9 identification cryptographic algorithm based on finite fields

技术领域Technical field

本发明属于信息安全领域,尤其涉及一种基于有限域的SM9标识密码算法硬件实现系统。The invention belongs to the field of information security, and in particular relates to a hardware implementation system of SM9 identification cryptographic algorithm based on a limited domain.

背景技术Background technique

1984年,标识密码算法的概念首次被提出。在标识密码算法系统中,用户的私钥由密钥生成中心根据主密钥和用户标识计算得出,用户的公钥由用户标识唯一确定,从而用户不需要通过第三方保证其公钥的真实性。国密SM9算法是基于椭圆曲线对构造的公钥密码算法,其安全性基于椭圆曲线对的双线性的性质,当椭圆曲线离散对数问题和扩域离散对数问题的求解难度相当时,可用椭圆曲线对构造出安全性和实现效率兼顾的标识密码算法。In 1984, the concept of identity cryptographic algorithms was first proposed. In the identification cryptographic algorithm system, the user's private key is calculated by the key generation center based on the master key and user ID, and the user's public key is uniquely determined by the user ID, so the user does not need to use a third party to ensure the authenticity of his public key. sex. The National Secret SM9 algorithm is a public key cryptographic algorithm based on elliptic curve pairs. Its security is based on the bilinear properties of elliptic curve pairs. When the elliptic curve discrete logarithm problem and the extended domain discrete logarithm problem are equally difficult to solve, Elliptic curve pairs can be used to construct an identity cryptographic algorithm that balances security and efficiency.

SM9标识密码算法作为基于双线性对的公钥密码算法,省去了第三方机构的证书认证,同时也具有很高的安全性。但是由于涉及到椭圆曲线和有限域的计算,计算复杂度较大,计算较慢,制约着算法的应用。因此,提高SM9算法的运算速度具有重要意义。The SM9 logo cryptographic algorithm is a public key cryptographic algorithm based on bilinear pairing, which eliminates the need for certificate authentication by a third-party organization and is also highly secure. However, since it involves the calculation of elliptic curves and finite fields, the calculation complexity is large and the calculation is slow, which restricts the application of the algorithm. Therefore, it is of great significance to improve the operation speed of SM9 algorithm.

发明内容Contents of the invention

为了解决上述问题,本发明在遵循国密SM9算法标准的情况下,设计了一种基于有限域的SM9标识密码算法硬件实现系统,以实现SM9算法的快速运算。本发明的一种基于有限域的SM9标识密码算法硬件实现系统的具体技术方案如下:In order to solve the above problems, the present invention designs a hardware implementation system of the SM9 identification cryptographic algorithm based on a finite field while complying with the national secret SM9 algorithm standard to realize the fast operation of the SM9 algorithm. The specific technical solution of the present invention's finite field-based SM9 identification cryptographic algorithm hardware implementation system is as follows:

一种基于有限域的SM9标识密码算法硬件实现系统,包括寄存器模块、数据通路模块、底层控制模块、存储器模块、辅助函数模块、随机数模块和算法功能模块;A hardware implementation system for the SM9 identification cryptographic algorithm based on finite fields, including a register module, a data path module, a bottom-level control module, a memory module, an auxiliary function module, a random number module and an algorithm function module;

所述寄存器模块用于读取用户的配置信息以及控制信息;The register module is used to read the user's configuration information and control information;

所述数据通路模块用于完成对参与运算的数据的各类操作,实现数据在寄存器和存储器之间的传输和对数据进行简单的操作,包括将数据从寄存器写入存储器和从存储器读取数据,用户写入寄存器的初始参数、标识和明文数据通过数据通路模块传输至存储器;The data path module is used to complete various operations on the data involved in the operation, realize the transmission of data between the register and the memory, and perform simple operations on the data, including writing data from the register to the memory and reading data from the memory. , the initial parameters, identification and plaintext data written by the user to the register are transmitted to the memory through the data path module;

所述存储器模块用于存储各类运算数据,包括初始参数、计算中间值和计算结果;The memory module is used to store various types of calculation data, including initial parameters, calculation intermediate values and calculation results;

所述底层控制模块用于调用底层的算法模块以完成各类有限域计算、椭圆曲线计算和加密操作;The underlying control module is used to call the underlying algorithm module to complete various finite field calculations, elliptic curve calculations and encryption operations;

所述辅助函数模块用于实现SM9算法中的密码函数H1/H2和密钥派生函数KDF,密钥派生函数用于产生SM9算法中的加解密密钥;The auxiliary function module is used to implement the cryptographic functions H1/H2 and the key derivation function KDF in the SM9 algorithm, and the key derivation function is used to generate the encryption and decryption keys in the SM9 algorithm;

所述随机数模块用于产生算法所需的1到(N-1)之间的随机数;The random number module is used to generate random numbers between 1 and (N-1) required by the algorithm;

所述算法功能模块用于调用其余各模块以实现SM9算法中的各种算法功能。The algorithm function module is used to call other modules to implement various algorithm functions in the SM9 algorithm.

进一步地,所述寄存器模块的具体功能包括:用户将控制信息及配置信息写入寄存器模块,寄存器模块将用户写入的初始参数、标识和明文数据传输至存储器模块,再根据控制信息启动相应的算法功能运算;若运算成功,寄存器模块将计算结果从存储器模块读出并传输给用户;若运算失败,寄存器模块将计算失败信号传输给用户。Further, the specific functions of the register module include: the user writes control information and configuration information into the register module, the register module transmits the initial parameters, identification and plaintext data written by the user to the memory module, and then starts the corresponding program according to the control information. Algorithm function operation; if the operation is successful, the register module reads the calculation result from the memory module and transmits it to the user; if the operation fails, the register module transmits the calculation failure signal to the user.

进一步地,所述数据通路模块能实现数据在存储器中不同地址之间进行搬运操作,包括将两个数据进行比较、将两个数据进行首尾拼接和将数据进行移位。Furthermore, the data path module can realize data transfer operations between different addresses in the memory, including comparing two data, splicing two data head to tail, and shifting the data.

进一步地,所述底层的算法模块包括双线性对模块、SM3运算模块和SM4运算模块,所述双线性对模块包括有限域计算、椭圆曲线计算和双线性对计算的功能;所述SM3运算模块是硬件实现的SM3算法功能模块,所述SM3算法是一种杂凑算法,适用于SM9算法应用中的数字签名和验证以及消息认证码的生成和验证;所述SM4运算模块是硬件实现的SM4算法功能模块,所述SM4算法是一种分组密码算法,用于SM9算法中的公钥加密和解密。Further, the underlying algorithm module includes a bilinear pairing module, an SM3 operation module and an SM4 operation module. The bilinear pairing module includes the functions of finite field calculation, elliptic curve calculation and bilinear pairing calculation; The SM3 operation module is a hardware-implemented SM3 algorithm function module. The SM3 algorithm is a hash algorithm, suitable for digital signature and verification in SM9 algorithm applications and the generation and verification of message authentication codes; the SM4 operation module is a hardware-implemented SM4 algorithm function module, the SM4 algorithm is a block cipher algorithm, used for public key encryption and decryption in the SM9 algorithm.

进一步地,所述双线性对模块包括素域计算模块,二次扩域运算模块,四次扩域运算模块,十二次扩域运算模块,二次扩域椭圆曲线运算模块、线函数运算模块,最终幂运算模块和双线性对计算状态机;Further, the bilinear pairing module includes a prime domain calculation module, a quadratic extended domain operation module, a fourth extended domain operation module, a twelfth extended domain operation module, a quadratic extended domain elliptic curve operation module, and a line function operation. module, the final power operation module and the bilinear pairing calculation state machine;

所述素域计算模块用于完成素域中的模运算及椭圆曲线点的运算;The prime domain calculation module is used to complete modular operations and elliptic curve point operations in the prime domain;

所述二次扩域运算模块用于实现素域经二次扩张后得到的二次扩域中的各类运算,包括:模加、模减、模乘、模逆及二次域元素frobenius运算;The secondary expansion operation module is used to implement various operations in the secondary expansion of the prime field after the second expansion, including: modular addition, modular subtraction, modular multiplication, modular inversion and quadratic field element frobenius operations. ;

所述四次扩域运算模块用于实现素域经四次扩张后得到的四次扩域中的各类运算,包括:模加、模减、模乘、模逆及四次域元素frobenius运算;The quadruple domain expansion operation module is used to implement various operations in the four domain expansions obtained after four expansions of the prime field, including: modular addition, modular subtraction, modular multiplication, modular inversion, and quadratic domain element frobenius operations. ;

所述十二次扩域运算模块用于实现素域经十二次扩张后得到的十二次扩域中的各类运算,包括:模乘、模逆、模幂及十二次域元素frobenius运算;The twelve-fold field expansion operation module is used to implement various operations in the twelve-fold field expansion obtained after twelve expansions of the prime field, including: modular multiplication, modular inversion, modular exponentiation and twelve-fold field element frobenius operation; operation

所述二次扩域椭圆曲线运算模块用于实现二次扩域下椭圆曲线的各类运算,包括:二次域点的坐标系转换、二次域点加、二次域倍点、二次域点乘、二次域点的frobenius运算;所述二次域点的坐标转系换指的是二次域中的椭圆曲线点在仿射坐标系和射影坐标系之间的转换;The quadratic extended domain elliptic curve operation module is used to implement various operations of elliptic curves under quadratic extended domain, including: coordinate system conversion of quadratic domain points, quadratic domain point addition, quadratic domain doubling point, quadratic domain point doubling Domain point multiplication and frobenius operation of quadratic domain points; the coordinate transformation of the quadratic domain point refers to the conversion of elliptic curve points in the quadratic domain between the affine coordinate system and the projective coordinate system;

所述线函数运算模块用于实现R-ate对计算的中的函数gU,V(Q)的运算,即两椭圆曲线点的连线方程的计算;函数gU,V(Q)计算流程按照SM9算法标准总则中定义实现;计算中,若两椭圆曲线点为不同点且均不为无穷远点,则结果为过两点的直线方程;若两椭圆曲线点为相同点且均不为无穷远点,则结果为过该点的椭圆曲线的切线方程;若其中有一椭圆曲线点为无穷远点,则结果为过另一点做x轴垂线的方程;The line function operation module is used to realize the operation of the function g U, V (Q) calculated by R-ate, that is, the calculation of the connecting equation of two elliptic curve points; the calculation process of the function g U, V (Q) Implemented in accordance with the definition defined in the SM9 algorithm standard general principles; during calculation, if the two elliptic curve points are different points and are not infinite points, the result is the equation of a straight line passing through the two points; if the two elliptic curve points are the same point and are not If there is an infinity point, the result is the tangent equation of the elliptic curve passing through that point; if one of the elliptic curve points is the infinity point, the result is the equation of the perpendicular to the x-axis passing through another point;

所述最终幂运算模块用于实现R-ate对计算步骤中的最后一步,即 The final exponentiation module is used to implement the last step in the R-ate pair calculation step, that is

所述双线性对计算状态机用于控制并调用各模块以完成双线性对的计算。The bilinear pairing calculation state machine is used to control and call each module to complete the calculation of bilinear pairing.

进一步地,所述素域计算模块中包括模加减计算硬件模块、蒙哥马利模乘硬件模块、模逆计算硬件模块和素域椭圆曲线计算模块;所述模加减计算硬件模块用于实现素域运算中的模加、模减、取模运算;所述蒙哥马利模乘硬件模块用于实现素域中的模乘运算,蒙哥马利模乘硬件模块是基于优化的蒙哥马利模乘算法实现的;所述模逆计算硬件模块用于实现素域中的模逆运算;所述素域椭圆曲线计算模块用于实现素域中的点加、点乘和验点运算。Further, the prime domain calculation module includes a modular addition and subtraction calculation hardware module, a Montgomery modular multiplication hardware module, a modular inverse calculation hardware module and a prime domain elliptic curve calculation module; the modular addition and subtraction calculation hardware module is used to implement the prime domain Modular addition, modular subtraction, and modular operations in the operation; the Montgomery modular multiplication hardware module is used to implement modular multiplication operations in the prime domain, and the Montgomery modular multiplication hardware module is implemented based on the optimized Montgomery modular multiplication algorithm; the modular multiplication hardware module is used to implement modular multiplication operations in the prime domain. The inverse calculation hardware module is used to implement modular inverse operations in the prime domain; the prime domain elliptic curve calculation module is used to implement point addition, point multiplication and check point operations in the prime domain.

进一步地,所述辅助函数模块的密码函数H1/H2、密钥派生函数KDF的运算步骤均按照SM9算法标准中步骤实现;密码函数H1/H2及密钥派生函数KDF中需要调用密码杂凑函数Hv(),密码杂凑函数Hv()通过SM3运算模块实现。Further, the operation steps of the cryptographic function H1/H2 and the key derivation function KDF of the auxiliary function module are all implemented according to the steps in the SM9 algorithm standard; the cryptographic hash function Hv needs to be called in the cryptographic function H1/H2 and the key derivation function KDF. (), the cryptographic hash function Hv() is implemented through the SM3 operation module.

进一步地,所述SM9算法的算法功能包括:数字签名生成、数字签名验证、密钥交换协议、公钥加密和公钥解密;所述算法功能按照SM9算法标准中的步骤实现计算。Further, the algorithm functions of the SM9 algorithm include: digital signature generation, digital signature verification, key exchange protocol, public key encryption and public key decryption; the algorithm functions are calculated according to the steps in the SM9 algorithm standard.

本发明的一种基于有限域的SM9标识密码算法硬件实现系统具有以下优点:The present invention's SM9 identification cryptographic algorithm hardware implementation system based on finite fields has the following advantages:

1.本系统的底层运算实现了模块化设计,运算功能多,接口灵活,在支持SM9上层运算实现的同时,还能够支持SM2国密算法、ECDSA等公钥密码算法的核心运算步骤。1. The underlying operation of this system implements a modular design, with multiple computing functions and flexible interfaces. While supporting the SM9 upper-layer operation implementation, it can also support the core operation steps of public key cryptography algorithms such as SM2 national cryptographic algorithm and ECDSA.

2.本系统所有运算步骤均由硬件实现,总面积小,同时保持较高的运算性能,相比于软件实现的性能有很大提高。2. All the computing steps of this system are implemented by hardware, with a small total area and high computing performance. Compared with software implementation, the performance is greatly improved.

附图说明Description of the drawings

图1为SM9数字签名生成算法的流程图;Figure 1 is a flow chart of the SM9 digital signature generation algorithm;

图2为SM9数字签名验证算法的流程图;Figure 2 is a flow chart of the SM9 digital signature verification algorithm;

图3为SM9密钥交换协议的流程图;Figure 3 is a flow chart of the SM9 key exchange protocol;

图4为SM9公钥加密算法的流程图;Figure 4 is a flow chart of the SM9 public key encryption algorithm;

图5为SM9解密算法的流程图;Figure 5 is a flow chart of the SM9 decryption algorithm;

图6为本发明的一种基于有限域的SM9标识密码算法硬件实现系统的架构图;Figure 6 is an architectural diagram of a hardware implementation system for the limited field-based SM9 identification cryptographic algorithm of the present invention;

图7位本发明的一种双线性对模块的架构图。Figure 7 is an architectural diagram of a bilinear alignment module of the present invention.

具体实施方式Detailed ways

以下将结合具体实施例对本发明进一步阐述。本发明在遵循国密SM9标识密码算法标准的情况下,提供一种基于有限域的SM9标识密码算法硬件实现系统,以实现SM9算法的快速运算。本发明实施例展示了一种有限域下的SM9标识密码算法硬件实现系统的架构。本硬件实现系统实施例遵循国密SM9算法标准,采用算法标准推荐的256位的BN曲线以及R-ate对。The present invention will be further described below with reference to specific examples. The present invention provides a hardware implementation system of the SM9 identification cryptographic algorithm based on a finite field to realize the fast operation of the SM9 algorithm while complying with the national secret SM9 identification cryptographic algorithm standard. The embodiment of the present invention demonstrates the architecture of a hardware implementation system for the SM9 identification cryptographic algorithm in a limited domain. This hardware implementation system embodiment follows the national secret SM9 algorithm standard and uses the 256-bit BN curve and R-ate pair recommended by the algorithm standard.

下面将结合附图,对本发明的实施例进行更清晰的说明。当然,所述实施例只是用于解释本发明,并非限定本发明的范围。The embodiments of the present invention will be described more clearly below with reference to the accompanying drawings. Of course, the above-mentioned embodiments are only used to explain the present invention and do not limit the scope of the present invention.

如图6所示,一种基于有限域的SM9标识密码算法硬件实现系统,包括寄存器模块、数据通路模块、底层控制模块、存储器模块、辅助函数模块、随机数模块和算法功能模块。As shown in Figure 6, a finite field-based SM9 identification cryptographic algorithm hardware implementation system includes a register module, a data path module, a bottom-level control module, a memory module, an auxiliary function module, a random number module and an algorithm function module.

所述寄存器模块用于读取用户的配置信息以及控制信息。用户将算法功能的选择等控制信息及需要计算的数据等配置信息写入寄存器模块,寄存器模块将用户写入的初始参数、标识、明文数据等传输至存储器模块,再根据控制信息启动相应的算法功能运算;若运算成功,寄存器模块将计算结果从存储器模块读出并传输给用户;若运算失败,寄存器模块将计算失败信号传输给用户。The register module is used to read the user's configuration information and control information. The user writes control information such as the selection of algorithm functions and configuration information such as data to be calculated into the register module. The register module transmits the initial parameters, identification, plain text data, etc. written by the user to the memory module, and then starts the corresponding algorithm based on the control information. Functional operation; if the operation is successful, the register module reads the calculation result from the memory module and transmits it to the user; if the operation fails, the register module transmits the calculation failure signal to the user.

所述数据通路模块用于完成对参与运算的数据的各类操作,实现数据在寄存器和存储器之间的传输和对数据进行简单的操作,包括将数据从寄存器写入存储器和从存储器读取数据,用户写入寄存器的初始参数、标识、明文数据等通过数据通路模块传输至存储器。数据通路模块还能实现数据在存储器中不同地址之间进行搬运操作,包括将两个数据进行比较、将两个数据进行首尾拼接、将数据进行移位等。The data path module is used to complete various operations on the data involved in the operation, realize the transmission of data between the register and the memory, and perform simple operations on the data, including writing data from the register to the memory and reading data from the memory. , the initial parameters, logos, plain text data, etc. written by the user into the register are transmitted to the memory through the data path module. The data path module can also implement data transfer operations between different addresses in the memory, including comparing two data, splicing two data head to tail, shifting data, etc.

所述存储器模块用于存储各类运算数据,包括初始参数、计算中间值和计算结果;The memory module is used to store various types of calculation data, including initial parameters, calculation intermediate values and calculation results;

所述底层控制模块用于调用底层的算法模块以完成各类有限域计算、椭圆曲线计算和加密操作;所述底层的算法模块包括双线性对模块、SM3运算模块、SM4运算模块的功能。其中双线性对模块是SM9算法的核心计算模块,包括有限域计算、椭圆曲线计算和双线性对计算;SM3运算模块是硬件实现的SM3算法功能模块,SM3算法是一种杂凑算法,适用于SM9算法应用中的数字签名和验证以及消息认证码的生成和验证;SM4运算模块是硬件实现的SM4算法功能模块,SM4算法是一种分组密码算法,用于SM9算法中的公钥加密和解密。The underlying control module is used to call the underlying algorithm module to complete various finite field calculations, elliptic curve calculations and encryption operations; the underlying algorithm module includes the functions of a bilinear pairing module, an SM3 operation module, and an SM4 operation module. Among them, the bilinear pairing module is the core calculation module of the SM9 algorithm, including finite field calculation, elliptic curve calculation and bilinear pairing calculation; the SM3 operation module is a hardware-implemented SM3 algorithm function module. The SM3 algorithm is a hash algorithm suitable for It is used for digital signature and verification as well as the generation and verification of message authentication codes in the application of SM9 algorithm; the SM4 operation module is a hardware-implemented SM4 algorithm function module. The SM4 algorithm is a block cipher algorithm used for public key encryption and Decrypt.

所述双线性对模块用于实现有限域计算、椭圆曲线及双线性对的计算,是SM9算法的核心计算模块。本发明实施例提供了一种双线性对模块的硬件架构,如图7所示,本实施例中的双线性对模块包括素域计算模块,二次扩域运算模块,四次扩域运算模块,十二次扩域运算模块,二次扩域椭圆曲线运算模块、线函数运算模块,最终幂运算模块和双线性对计算状态机。The bilinear pairing module is used to implement finite field calculations, elliptic curves and bilinear pairing calculations, and is the core calculation module of the SM9 algorithm. The embodiment of the present invention provides a hardware architecture of a bilinear pairing module, as shown in Figure 7. The bilinear pairing module in this embodiment includes a prime domain calculation module, a quadratic domain expansion operation module, and a quadratic domain expansion module. Operation module, twelfth expansion domain operation module, quadratic expansion elliptic curve operation module, line function operation module, final power operation module and bilinear pair calculation state machine.

所述素域计算模块用于完成素域中的模运算及椭圆曲线点的运算。所述素域计算模块中包括模加减计算硬件模块、蒙哥马利模乘硬件模块、模逆计算硬件模块、素域椭圆曲线计算模块。所述模加减计算硬件模块用于实现素域运算中的模加、模减、取模运算。所述蒙哥马利模乘硬件模块用于实现素域中的模乘运算,蒙哥马利模乘硬件模块是基于优化的蒙哥马利模乘算法实现的,拥有更高的运算效率。模逆计算硬件模块用于实现素域中的模逆运算。素域椭圆曲线计算模块用于实现素域中的点加、点乘、验点运算。The prime domain calculation module is used to complete modular operations and elliptic curve point operations in the prime domain. The prime domain calculation module includes a modular addition and subtraction calculation hardware module, a Montgomery modular multiplication hardware module, a modular inverse calculation hardware module, and a prime domain elliptic curve calculation module. The modular addition and subtraction calculation hardware module is used to implement modular addition, modular subtraction, and modular operations in prime field operations. The Montgomery modular multiplication hardware module is used to implement modular multiplication operations in the prime domain. The Montgomery modular multiplication hardware module is implemented based on the optimized Montgomery modular multiplication algorithm and has higher computing efficiency. The modular inversion calculation hardware module is used to implement modular inversion operations in the prime domain. The prime domain elliptic curve calculation module is used to implement point addition, point multiplication, and check point operations in the prime domain.

所述二次扩域运算模块用于实现素域经二次扩张后得到的二次扩域中的各类运算,包括:模加、模减、模乘、模逆及二次域元素frobenius运算。The secondary expansion operation module is used to implement various operations in the secondary expansion of the prime field after the second expansion, including: modular addition, modular subtraction, modular multiplication, modular inversion and quadratic field element frobenius operations. .

所述四次扩域运算模块用于实现素域经四次扩张后得到的四次扩域中的各类运算,包括:模加、模减、模乘、模逆及四次域元素frobenius运算。The quadruple domain expansion operation module is used to implement various operations in the four domain expansions obtained after four expansions of the prime field, including: modular addition, modular subtraction, modular multiplication, modular inversion, and quadratic domain element frobenius operations. .

所述十二次扩域运算模块用于实现素域经十二次扩张后得到的十二次扩域中的各类运算,包括:模乘、模逆、模幂及十二次域元素frobenius运算。The twelve-fold field expansion operation module is used to implement various operations in the twelve-fold field expansion obtained after twelve expansions of the prime field, including: modular multiplication, modular inversion, modular exponentiation and twelve-fold field element frobenius Operation.

所述二次扩域椭圆曲线运算模块用于实现二次扩域下椭圆曲线的各类运算,包括:二次域点的坐标系转换、二次域点加、二次域倍点、二次域点乘、二次域点的frobenius运算。其中二次域点的坐标系转换指的是二次域中的椭圆曲线点在仿射坐标系和射影坐标系之间的转换。The quadratic extended domain elliptic curve operation module is used to implement various operations of elliptic curves under quadratic extended domain, including: coordinate system conversion of quadratic domain points, quadratic domain point addition, quadratic domain doubling point, quadratic domain point doubling Domain point multiplication and frobenius operation of quadratic domain points. The coordinate system transformation of quadratic domain points refers to the transformation of elliptic curve points in the quadratic domain between the affine coordinate system and the projective coordinate system.

所述线函数运算模块用于实现R-ate对计算中的函数gU,V(Q)的运算,即两椭圆曲线点的连线方程的计算。函数gU,V(Q)计算流程按照SM9算法标准总则中定义实现;计算中,若两椭圆曲线点为不同点且均不为无穷远点,则结果为过两点的直线方程;若两椭圆曲线点为相同点且均不为无穷远点,则结果为过该点的椭圆曲线的切线方程;若其中有一椭圆曲线点为无穷远点,则结果为过另一点做x轴垂线的方程。The line function calculation module is used to implement the R-ate calculation of the functions g U, V (Q) in the calculation, that is, the calculation of the line equation of the two elliptic curve points. The calculation process of function g U, V (Q) is implemented in accordance with the definition in the SM9 algorithm standard general principles; during calculation, if the two elliptic curve points are different points and are not infinite points, the result is a straight line equation passing through the two points; If the elliptic curve points are the same point and are not infinity points, the result is the tangent equation of the elliptic curve passing through that point; if one of the elliptic curve points is an infinity point, the result is the equation of the x-axis perpendicular to the other point. equation.

所述最终幂运算模块用于实现R-ate对计算步骤中的最后一步,即 The final exponentiation module is used to implement the last step in the R-ate pair calculation step, that is

所述双线性对计算状态机用于控制并调用各模块以完成双线性对的计算。The bilinear pairing calculation state machine is used to control and call each module to complete the calculation of bilinear pairing.

本实施例中的双线性对的计算采用的是BN曲线上的R-ate对的计算,计算过程如下:The calculation of bilinear pairs in this embodiment uses the calculation of R-ate pairs on the BN curve. The calculation process is as follows:

πq为Frobenius自同态,πq:E→E,πq(x,y)=(xq,yq)。π q is a Frobenius automorphism, π q : E→E, π q (x, y)=(x q , y q ).

E→E,/> E→E,/>

R-ate对的计算:Calculation of R-ate pairs:

输入:素域Fp中的点P,二次扩域Fp2中的点Q,a=6t+2Input: point P in the prime field F p , point Q in the quadratic extended field F p2 , a=6t+2

输出:十二次扩域Fp12中的元素f。Output: element f in the twelve-fold expansion field F p12 .

步骤1:设aL-1=1;Step 1: Set a L-1 = 1;

步骤2:置T=Q,f=1;Step 2: Set T=Q, f=1;

步骤3:对i从L-2降至0,执行:Step 3: To reduce i from L-2 to 0, execute:

a)计算f=f2·gT,T(P),T=[2]T;a) Calculate f=f 2 ·g T, T (P), T=[2]T;

b)若ai=1,计算f=f·gT,Q(P),T=T+Q;b) If a i = 1, calculate f = f·g T, Q (P), T = T + Q;

步骤4:计算Q1=πq(Q), Step 4: Calculate Q 1q (Q),

步骤5:计算T=T+Q1Step 5: Calculate T=T+Q 1 ;

步骤6:计算T=T-Q2Step 6: Calculate T= TQ2 ;

步骤7:计算 Step 7: Calculate

步骡8:输出f。Step 8: Output f.

所述辅助函数模块用于实现SM9算法中的密码函数H1/H2和密钥派生函数KDF,密钥派生函数KDF用于产生SM9算法中的加解密密钥。密码函数H1/H2、密钥派生函数KDF的运算步骤均按照SM9算法标准中步骤实现。密码函数H1/H2及密钥派生函数KDF中需要调用密码杂凑函数Hv(),SM9算法标准规定使用国家密码管理主管部门批准的密码杂凑函数Hv()如SM3密码杂凑算法,本发明实施例中通过SM3运算模块实现。The auxiliary function module is used to implement the cryptographic function H 1 /H 2 and the key derivation function KDF in the SM9 algorithm. The key derivation function KDF is used to generate the encryption and decryption keys in the SM9 algorithm. The operation steps of the cryptographic function H 1 /H 2 and the key derivation function KDF are all implemented in accordance with the steps in the SM9 algorithm standard. The cryptographic function H 1 /H 2 and the key derivation function KDF need to call the cryptographic hash function H v (). The SM9 algorithm standard stipulates the use of the cryptographic hash function H v () approved by the national cryptography management department, such as the SM3 cryptographic hash algorithm. In the embodiment of the invention, it is implemented through the SM3 computing module.

所述随机数模块用于产生算法所需的1到(N-1)之间的随机数。The random number module is used to generate random numbers between 1 and (N-1) required by the algorithm.

所述算法功能模块用于调用其余各模块以实现SM9算法中的各种算法功能,SM9算法的算法功能包括:数字签名生成、数字签名验证、密钥交换协议、公钥加密、公钥解密。算法功能按照SM9算法标准中的步骤实现计算,各算法的计算步骤如下:The algorithm function module is used to call other modules to implement various algorithm functions in the SM9 algorithm. The algorithm functions of the SM9 algorithm include: digital signature generation, digital signature verification, key exchange protocol, public key encryption, and public key decryption. The algorithm function is calculated according to the steps in the SM9 algorithm standard. The calculation steps of each algorithm are as follows:

1)数字签名生成算法,如图1所示,1) Digital signature generation algorithm, as shown in Figure 1,

待签名的消息为比特串M,为了获取消息M的数字签名(h,S),作为签名者的用户A应实现以下运算步骤:The message to be signed is a bit string M. In order to obtain the digital signature (h, S) of the message M, user A as the signer should implement the following operation steps:

步骤1:通过调用双线性对模块计算群GT中的元素g=e(P1,Ppub-s);Step 1: Calculate the element g=e(P 1 ,P pub-s ) in the group G T by calling the bilinear pairing module;

步骤2:通过随机数模块产生随机数r∈[1,N-1];Step 2: Generate random number r∈[1,N-1] through the random number module;

步骤3:通过双线性对模块计算群GT中的元素w=gr,将w的数据类型转换为比特串;Step 3: Calculate the element w= gr in the group G T through the bilinear pairing module, and convert the data type of w into a bit string;

步骤4:通过辅助函数模块计算整数h=H2(M||w,N),H2为SM9算法中的密码函数;Step 4: Calculate the integer h = H 2 (M||w,N) through the auxiliary function module, where H 2 is the cryptographic function in the SM9 algorithm;

步骤5:通过双线性对模块的子模块素域计算模块计算整数l=(r-h)mod N,若l=0则返回步骤2;Step 5: Calculate the integer l=(r-h)mod N through the prime field calculation module of the sub-module of the bilinear alignment module. If l=0, return to step 2;

步骤6:通过素域计算模块计算群G1中的元素S=[l]dSAStep 6: Calculate the element S=[l]d SA in group G 1 through the prime field calculation module;

步骤7:将S和h转换为字节串,消息M的签名为(h,S)。Step 7: Convert S and h into byte strings, and the signature of message M is (h, S).

2)数字签名验证算法,如图2所示,2) Digital signature verification algorithm, as shown in Figure 2,

为了检验收到的消息M’及其数字签名(h’,S’),作为验证者的用户B应实现以下运算步骤:In order to verify the received message M’ and its digital signature (h’, S’), user B as the verifier should implement the following operation steps:

步骤1:检验h’∈[1,N-1]是否成立,若不成立则验证不通过;Step 1: Check whether h’∈[1,N-1] is established. If not, the verification fails;

步骤2:将S’的数据类型转换为椭圆曲线上的点,检验S’∈G1是否成立,若不成立则验证不通过;Step 2: Convert the data type of S' to a point on the elliptic curve, and check whether S'∈G 1 is established. If not, the verification fails;

步骤3:通过调用双线性对模块计算群GT中的元素g=e(P1,Ppub-s);Step 3: Calculate the element g=e(P 1 ,P pub-s ) in the group G T by calling the bilinear pairing module;

步骤4:计算模块计算群GT中的元素t=gh’Step 4: The calculation module calculates the element t=g h' in the group G T ;

步骤5:通过辅助函数模块计算整数h1=H1(IDA||hid,N),H1为SM9算法中的密码函数;Step 5: Calculate the integer h 1 =H 1 (ID A ||hid,N) through the auxiliary function module, where H 1 is the cryptographic function in the SM9 algorithm;

步骤6:计算群G2中的元素P=[h1]P2+Ppub-sStep 6: Calculate the element P in group G 2 = [h 1 ]P 2 +P pub-s ;

步骤7:通过调用双线性对模块计算群GT中的元素u=e(S’,P);Step 7: Calculate the element u=e(S',P) in the group G T by calling the bilinear pairing module;

步骤8:计算群GT中的元素w’=u·t,将w’的数据类型转换为比特串;Step 8: Calculate the element w'=u·t in the group G T , and convert the data type of w' into a bit string;

步骤9:通过辅助函数模块计算整数h2=H2(M’||w’,N),通过数据通路模块检验h2=h’是否成立,若成立则验证通过;否则验证不通过。Step 9: Calculate the integer h 2 =H 2 (M'||w',N) through the auxiliary function module, and check whether h 2 =h' is true through the data path module. If it is true, the verification passes; otherwise, the verification fails.

3)密钥交换协议,如图3所示,3) Key exchange protocol, as shown in Figure 3,

用户A和B协商获得密钥数据的长度为klen比特,用户A为发起方,用户B为响应方。用户A和B双方为了获得相同的密钥,应实现如下运算步骤:Users A and B negotiate to obtain the length of the key data, which is klen bits. User A is the initiator and user B is the responder. In order to obtain the same key, both users A and B should implement the following operation steps:

用户A:User A:

步骤A1:计算群G1中的元素QB=[H1(IDB||hid,N)]P1+Ppub-eStep A1: Calculate the element Q B =[H 1 (ID B ||hid,N)]P 1 +P pub-e in group G 1 ;

步骤A2:产生随机数rA∈[1,N-1];Step A2: Generate random number r A ∈[1,N-1];

步骤A3:计算群G1中的元素RA=[rA]QBStep A3: Calculate the element RA = [r A ]Q B in group G 1 ;

步骤A4:将RA发送给用户B;Step A4: Send R A to user B;

用户B:User B:

步骤B1:计算群G1中的元素QA=[H1(IDA||hid,N)]P1+Ppub-eStep B1: Calculate the element Q A in group G 1 =[H 1 (ID A ||hid,N)]P 1 +P pub-e ;

步骤B2:产生随机数rB∈[1,N-1];Step B2: Generate random number r B ∈[1,N-1];

步骤B3:计算群G1中的元素RB=[rB]QAStep B3: Calculate the element R B =[r B ]Q A in group G 1 ;

步骤B4:验证RA∈G1是否成立,若不成立则协商失败;否则调用双线性对模块计算群GT中的元素g1=e(RA,deB),g2=e(Ppub-e,P2)rB,g3=g1 rB,将g1,g2,g3的数据类型转换为比特串;Step B4: Verify whether R A ∈ G 1 is established. If not, the negotiation fails; otherwise, call the bilinear pairing module to calculate the elements g 1 =e(R A ,de B ), g 2 =e(P pub-e ,P 2 ) rB , g 3 =g 1 rB , convert the data types of g 1 , g 2 , g 3 into bit strings;

步骤B5:把RA和RB的数据类型转换为比特串,通过辅助函数模块计算SKB=KDF(IDA||IDB||RA||RB||g1||g2||g3,klen),KDF为SM9算法中的密钥派生函数;Step B5: Convert the data types of R A and R B into bit strings, and calculate SK B =KDF(ID A ||ID B ||R A ||R B ||g 1 ||g 2 | through the auxiliary function module |g 3 , klen), KDF is the key derivation function in the SM9 algorithm;

(可选项)步骤B6:通过调用SM3运算模块计算SB=Hash(0x82||g1||Hash(g2||g3||IDA||IDB||RA||RB));(Optional) Step B6: Calculate S B =Hash(0x82||g 1 ||Hash(g 2 ||g 3 ||ID A ||ID B || RA ||R B ) by calling the SM3 operation module );

步骤B7:将RB、(可选项)SB发送给用户A;Step B7: Send RB and (optional) SB to user A;

用户A:User A:

步骤A5:验证RB∈G1是否成立,若不成立则协商失败;否则调用双线性对模块计算群GT中的元素g1’=e(Ppub-e,P2)rA,g2’=e(RB,deA),g3’=(g2’)rA,将g1’,g2’,g3’的数据类型转换为比特串;Step A5: Verify whether R B ∈G 1 is established. If not, the negotiation fails; otherwise, call the bilinear pairing module to calculate the element g 1 '=e(P pub-e ,P 2 ) rA , g 2 in the group G T '=e(R B ,de A ), g 3 '=(g 2 ') rA , convert the data types of g 1 ', g 2 ', g 3 ' into bit strings;

步骤A6:把RA和RB的数据类型转换为比特串,(可选项)通过调用SM3运算模块计算S1=Hash(0x82||g1’||Hash(g2’||g3’||IDA||IDB||RA||RB)),并通过数据通路模块检验S1=SB是否成立,若等式不成立则从B到A的密钥确认失败;Step A6: Convert the data types of R A and R B into bit strings, (optional) calculate S 1 =Hash(0x82||g 1 '||Hash(g 2 '||g 3 ' by calling the SM3 operation module ||ID A ||ID B ||R A ||R B )), and check whether S 1 = S B is established through the data path module. If the equation is not established, the key confirmation from B to A fails;

步骤A7:通过辅助函数模块计算SKA=KDF(IDA||IDB||RA||RB||g1’||g2’||g3’,klen);Step A7: Calculate SK A =KDF(ID A ||ID B ||RA ||R B ||g 1 '||g 2 '||g 3 ' , klen) through the auxiliary function module;

(可选项)步骤A8:通过调用SM3运算模块计算SA=Hash(0x83||g1’||Hash(g2’||g3’||IDA||IDB||RA||RB)),并将SA发送给用户B。(Optional) Step A8: Calculate S A =Hash(0x83||g 1 '||Hash(g 2 '||g 3 '||ID A ||ID B || RA || by calling the SM3 operation module) R B )), and sends S A to user B.

用户B:User B:

(可选项)步骤B8:通过调用SM3运算模块计算S2=Hash(0x83||g1||Hash(g2||g3||IDA||IDB||RA||RB)),并通过数据通路模块检验S2 (Optional) Step B8: Calculate S 2 =Hash(0x83||g 1 ||Hash(g 2 ||g 3 ||ID A ||ID B || RA ||R B ) by calling the SM3 operation module ), and check S 2 through the data path module

=SA是否成立,若等式不成立则从A到B的密钥确认失败。=S Whether A is established. If the equation is not established, the key confirmation from A to B fails.

4)公钥加密算法,如图4所示,4) Public key encryption algorithm, as shown in Figure 4,

需要发送的消息为比特串M,mlen为M的比特长度,K1_len为分组密码算法中密钥K1的比特长度,K2_len为函数MAC(K2,Z)中密钥K2的比特长度。The message to be sent is a bit string M, mlen is the bit length of M, K 1 _len is the bit length of the key K 1 in the block cipher algorithm, K 2 _len is the key K 2 in the function MAC(K 2 ,Z) Bit length.

为了加密明文M给用户B,作为加密者的用户A应实现以下运算步骤:In order to encrypt plaintext M to user B, user A as the encryptor should implement the following operation steps:

步骤1:计算群G1中的元素QB=[H1(IDB||hid,N)]P1+Ppub-eStep 1: Calculate the element Q B =[H 1 (ID B ||hid,N)]P 1 +P pub-e in group G 1 ;

步骤2:产生随机数r∈[1,N-1];Step 2: Generate random number r∈[1,N-1];

步骤3:计算群G1中的元素C1=[r]QB,将C1的数据类型转换为比特串;Step 3: Calculate element C 1 =[r]Q B in group G 1 and convert the data type of C 1 into a bit string;

步骤4:通过调用双线性对模块计算群GT中的元素g=e(Ppub-e,P2);Step 4: Calculate the element g=e(P pub-e ,P 2 ) in the group G T by calling the bilinear pairing module;

步骤5:计算群GT中的元素w=gr,按将w的数据类型转换为比特串;Step 5: Calculate the element w= gr in the group G T and convert the data type of w into a bit string;

步骤6:按加密明文的方法分类进行计算:Step 6: Calculate according to the method of encrypting plaintext:

a)如果加密明文的方法是基于密钥派生函数的序列密码算法,则a) If the method of encrypting plaintext is a sequence cipher algorithm based on a key derivation function, then

1)计算整数klen=mlen+K2_len,通过辅助函数模块计算K=KDF(C1||w||IDB,klen)。令K1为K最左边的mlen比特,K2为剩下的K2_len比特,通过数据通路模块模块判断K1是否为全0比特串,若是则返回步骤2;1) Calculate the integer klen=mlen+K 2 _len, and calculate K=KDF(C 1 ||w||ID B ,klen) through the auxiliary function module. Let K 1 be the leftmost mlen bit of K, and K 2 be the remaining K 2 _len bits. Use the data path module module to determine whether K 1 is an all-0 bit string. If so, return to step 2;

2)通过数据通路模块计算C2=M⊕K12) Calculate C 2 =M⊕K 1 through the data path module.

b)如果加密明文的方法是结合密钥派生函数的分组密码算法,则b) If the method of encrypting the plaintext is a block cipher algorithm combined with a key derivation function, then

1)计算整数klen=K1_len+K2_len,通过辅助函数计算K=KDF(C1||w||IDB,klen)。令K1为K最左边的K1_len1) Calculate the integer klen=K 1 _len+K 2 _len, and calculate K=KDF(C 1 ||w||ID B ,klen) through the auxiliary function. Let K 1 be the leftmost K 1 _len of K

比特,K2为剩下的K2_len比特,通过数据通路模块模块判断K1是否为全0比特串,若是则返回步骤2;bits, K 2 is the remaining K 2 _len bits, and the data path module module determines whether K 1 is an all-0 bit string. If so, return to step 2;

2)调用SM4运算模块计算C2=Enc(K1,M)。2) Call the SM4 operation module to calculate C 2 =Enc(K 1 ,M).

步骤7:调用SM3运算模块计算C3=MAC(K2,C2);Step 7: Call the SM3 operation module to calculate C 3 =MAC (K 2 ,C 2 );

步骤8:输出密文C=C1||C3||C2Step 8: Output the ciphertext C=C 1 ||C 3 ||C 2 .

5)解密算法,如图5所示,5) Decryption algorithm, as shown in Figure 5,

mlen为密文C=C1||C3||C2中C2的比特长度,K1_len为分组密码算法中密钥K1的比特长度,K2_len为函数MAC(K2,Z)中密钥K2的比特长度。mlen is the bit length of C 2 in ciphertext C=C 1 ||C 3 ||C 2 , K 1 _len is the bit length of key K 1 in the block cipher algorithm, K 2 _len is the function MAC (K 2 ,Z ) the bit length of key K 2 .

为了对C进行解密,作为解密者的用户B应实现以下运算步骤:In order to decrypt C, user B as the decryptor should implement the following operation steps:

步骤1:从C中取出比特串C1,将C1的数据类型转换为椭圆曲线上的点,验证C1∈G1是否成立,若不成立则报错并退出;Step 1: Get the bit string C 1 from C, convert the data type of C 1 to a point on the elliptic curve, verify whether C 1 ∈ G 1 is true, if not, report an error and exit;

步骤2:通过双线性对模块计算群T中的元素w’=e(C1,deB),将w’的数据类型转换为比特串;Step 2: Calculate the element w'=e(C 1 , de B ) in group T through the bilinear pairing module, and convert the data type of w' into a bit string;

步骤3:按加密明文的方法分类进行计算:Step 3: Calculate according to the method of encrypting plaintext:

a)如果加密明文的方法是基于密钥派生函数的序列密码算法,则a) If the method of encrypting plaintext is a sequence cipher algorithm based on a key derivation function, then

1)计算整数klen=mlen+K2_len,通过辅助函数计算K’=KDF(C1||w’||IDB,klen)。令K1’为K’最左边的mlen1) Calculate the integer klen=mlen+K 2 _len, and calculate K'=KDF(C 1 ||w'||ID B ,klen) through the auxiliary function. Let K 1 ' be the leftmost mlen of K'

比特,K2’为剩下的K2_len比特,通过数据通路模块判断K1’是否为全0比特串,若是则报错并退出;bits, K 2 ' is the remaining K 2 _len bits, and the data path module determines whether K 1 ' is an all-0 bit string. If so, an error is reported and exits;

2)通过数据通路模块计算M’=C2⊕K1’。2) Calculate M'=C 2 ⊕K 1 ' through the data path module.

b)如果加密明文的方法是结合密钥派生函数的分组密码算法,则b) If the method of encrypting the plaintext is a block cipher algorithm combined with a key derivation function, then

1)计算整数klen=K1_len+K2_len,通过辅助函数计算K’1) Calculate the integer klen=K 1 _len+K 2 _len, and calculate K' through the auxiliary function

=KDF(C1||w’||IDB,klen)。令K1’为K’最左边的K1_len=KDF(C 1 ||w'||ID B ,klen). Let K 1 ' be the leftmost K 1 _len of K'

比特,K2’为剩下的K2_len比特,通过数据通路模块判断K1’是否为全0比特串,若是则报错并退出;bits, K 2 ' is the remaining K 2 _len bits, and the data path module determines whether K 1 ' is an all-0 bit string. If so, an error is reported and exits;

2)调用SM4运算模块计算M’=Dec(K1’,C2)。2) Call the SM4 operation module to calculate M'=Dec(K 1 ',C 2 ).

步骤4:调用SM3运算模块计算u=MAC(K2’,C2),从C中取出比特串C3,通过数据通路模块判断u=C3是否成立,不成立则报错并退出;Step 4: Call the SM3 operation module to calculate u=MAC(K 2 ',C 2 ), take out the bit string C 3 from C, and use the data path module to determine whether u=C 3 is true. If not, an error will be reported and exit;

步骤5:输出明文M’。Step 5: Output plaintext M’.

系统参数选择:System parameter selection:

实施例系统参数的选择遵循标准GM/T 0044.1-2016SM9标识密码算法总则中的系统参数选取规则。本发明实施例采用的是椭圆曲线是算法标准推荐的256位BN曲线,所选择的BN曲线的曲线方程如下:The selection of system parameters in the embodiment follows the system parameter selection rules in the standard GM/T 0044.1-2016SM9 general principles of identification cryptographic algorithms. The elliptic curve used in the embodiment of the present invention is a 256-bit BN curve recommended by the algorithm standard. The curve equation of the selected BN curve is as follows:

E:y2=x3+b;E: y 2 = x 3 + b;

其中x和y分别为椭圆曲线的横坐标和纵坐标,b为一个不为0的常参数,此参数可自定义。曲线的嵌入次数k=12,曲线的阶N也是素数。曲线的主要参数包括基域特征q,曲线阶N,Frobenius映射的迹tr,上述参数可通过参数t来确定:Among them, x and y are the abscissa and ordinate of the elliptic curve respectively, and b is a constant parameter that is not 0. This parameter can be customized. The embedding degree of the curve k=12, and the order N of the curve is also a prime number. The main parameters of the curve include the base domain feature q, the curve order N, and the trace tr of Frobenius mapping. The above parameters can be determined by the parameter t:

q(t)=36t4+36t3+24t2+6t+1;q(t)=36t 4 +36t 3 +24t 2 +6t+1;

N(t)=36t4+36t3+18t2+6t+1;N(t)=36t 4 +36t 3 +18t 2 +6t+1;

tr(t)=6t2+1;tr(t)=6t 2 +1;

由于选取椭圆曲线的嵌入次数k=12,因此双线性对运算要在十二次扩域中计算。本发明按照SM9算法标准中描述的方法对有限域进行塔式扩张,塔式扩张的方式如下:Since the embedding degree of the elliptic curve is selected k = 12, the bilinear pairing operation must be calculated in twelve expansions. The present invention performs tower expansion on the finite field according to the method described in the SM9 algorithm standard. The tower expansion method is as follows:

基域经二次扩张为二次扩域,约化多项式为:x2-α,α=-2;The base domain is expanded twice into a quadratic extended domain, and the reduced polynomial is: x 2 -α, α=-2;

二次扩域经二次扩张为四次扩域,约化多项式为:x2-u,u2=α;The quadratic expansion domain is expanded into a fourth expansion domain after quadratic expansion, and the reduced polynomial is: x 2 -u, u 2 =α;

四次扩域经三次扩张为十二次扩域,约化多项式为:x3-v,v2=u;The quadruple expansion field is expanded into a twelfth expansion field through three expansions, and the reduced polynomial is: x 3 -v, v 2 =u;

SM9算法中所有参与计算的数都必须在所构造的有限域及其扩域中,参与计算的点都必须在所构造的BN曲线上。运算时还需给定群G1的生成元P1和群G2的生成元P2All the numbers involved in the calculation in the SM9 algorithm must be in the constructed finite field and its extended domain, and the points involved in the calculation must be on the constructed BN curve. During the operation, the generator P 1 of group G 1 and the generator P 2 of group G 2 need to be given.

本发明实施例通过Verilog HDL实现。按照本发明提供的SM9标识密码算法硬件实现系统架构实现的SM9算法硬件加速器,经过测试得出其所实现的算法功能和运行结果与SM9算法标准及提供的计算示例相符。SM9算法的软件实现方案的计算效率和本实施例经测试得到的计算效率对比如表1所示。The embodiment of the present invention is implemented through Verilog HDL. The SM9 algorithm hardware accelerator implemented according to the SM9 identification cryptographic algorithm hardware implementation system architecture provided by the present invention has been tested and found to be consistent with the SM9 algorithm standard and the provided calculation examples. Table 1 shows the comparison between the computational efficiency of the software implementation of the SM9 algorithm and the tested computational efficiency of this embodiment.

表1SM9软件与本实施例实现计算效率对比Table 1 Comparison of computational efficiency between SM9 software and this embodiment

根据表1数据可知,本发明提供的SM9算法硬件实现方案在算法功能计算时所需计算时间仅为软件实现方案的1/10~1/9左右,计算速度相比于软件实现有着大幅的提升。According to the data in Table 1, it can be seen that the SM9 algorithm hardware implementation provided by the present invention requires only about 1/10 to 1/9 of the calculation time required for algorithm function calculation, and the calculation speed is significantly improved compared to the software implementation. .

可以理解,本发明是通过一些实施例进行描述的,本领域技术人员知悉的,在不脱离本发明的精神和范围的情况下,可以对这些特征和实施例进行各种改变或等效替换。另外,在本发明的教导下,可以对这些特征和实施例进行修改以适应具体的情况及材料而不会脱离本发明的精神和范围。因此,本发明不受此处所公开的具体实施例的限制,所有落入本申请的权利要求范围内的实施例都属于本发明所保护的范围内。It is understood that the present invention has been described through some embodiments. Those skilled in the art know that various changes or equivalent substitutions can be made to these features and embodiments without departing from the spirit and scope of the present invention. In addition, the features and embodiments may be modified to adapt a particular situation and material to the teachings of the invention without departing from the spirit and scope of the invention. Therefore, the present invention is not limited to the specific embodiments disclosed here, and all embodiments falling within the scope of the claims of the present application are within the scope of protection of the present invention.

Claims (5)

1.一种基于有限域的SM9标识密码算法硬件实现系统,包括寄存器模块、数据通路模块、底层控制模块、存储器模块、辅助函数模块、随机数模块和算法功能模块;其特征在于,1. A hardware implementation system for the SM9 identification cryptographic algorithm based on finite fields, including a register module, a data path module, a bottom-level control module, a memory module, an auxiliary function module, a random number module and an algorithm function module; it is characterized by: 所述寄存器模块用于读取用户的配置信息以及控制信息;The register module is used to read the user's configuration information and control information; 所述数据通路模块用于完成对参与运算的数据的各类操作,实现数据在寄存器和存储器之间的传输和对数据进行简单的操作,包括将数据从寄存器写入存储器和从存储器读取数据,用户写入寄存器的初始参数、标识和明文数据通过数据通路模块传输至存储器;The data path module is used to complete various operations on the data involved in the operation, realize the transmission of data between the register and the memory, and perform simple operations on the data, including writing data from the register to the memory and reading data from the memory. , the initial parameters, identification and plaintext data written by the user to the register are transmitted to the memory through the data path module; 所述存储器模块用于存储各类运算数据,包括初始参数、计算中间值和计算结果;The memory module is used to store various types of calculation data, including initial parameters, calculation intermediate values and calculation results; 所述底层控制模块用于调用底层的算法模块以完成各类有限域计算、椭圆曲线计算和加密操作;The underlying control module is used to call the underlying algorithm module to complete various finite field calculations, elliptic curve calculations and encryption operations; 所述底层的算法模块包括双线性对模块、SM3运算模块和SM4运算模块,所述双线性对模块包括有限域计算、椭圆曲线计算和双线性对计算的功能;所述SM3运算模块是硬件实现的SM3算法功能模块,所述SM3算法是一种杂凑算法,适用于SM9算法应用中的数字签名和验证以及消息认证码的生成和验证;所述SM4运算模块是硬件实现的SM4算法功能模块,所述SM4算法是一种分组密码算法,用于SM9算法中的公钥加密和解密;The underlying algorithm module includes a bilinear pairing module, an SM3 operation module and an SM4 operation module. The bilinear pairing module includes the functions of finite field calculation, elliptic curve calculation and bilinear pairing calculation; the SM3 operation module It is a hardware-implemented SM3 algorithm function module. The SM3 algorithm is a hash algorithm, suitable for digital signature and verification in SM9 algorithm applications and the generation and verification of message authentication codes; the SM4 operation module is a hardware-implemented SM4 algorithm. Function module, the SM4 algorithm is a block cipher algorithm, used for public key encryption and decryption in the SM9 algorithm; 所述双线性对模块包括素域计算模块,二次扩域运算模块,四次扩域运算模块,十二次扩域运算模块,二次扩域椭圆曲线运算模块、线函数运算模块,最终幂运算模块和双线性对计算状态机;The bilinear pairing module includes a prime field calculation module, a quadratic extended domain operation module, a fourth extended domain operation module, a twelfth extended domain operation module, a quadratic extended domain elliptic curve operation module, and a line function operation module. Finally, Power operation module and bilinear pairing calculation state machine; 所述素域计算模块用于完成素域中的模运算及椭圆曲线点的运算;The prime domain calculation module is used to complete modular operations and elliptic curve point operations in the prime domain; 所述素域计算模块中包括模加减计算硬件模块、蒙哥马利模乘硬件模块、模逆计算硬件模块和素域椭圆曲线计算模块;所述模加减计算硬件模块用于实现素域运算中的模加、模减、取模运算;所述蒙哥马利模乘硬件模块用于实现素域中的模乘运算,蒙哥马利模乘硬件模块是基于优化的蒙哥马利模乘算法实现的;所述模逆计算硬件模块用于实现素域中的模逆运算;所述素域椭圆曲线计算模块用于实现素域中的点加、点乘和验点运算;The prime domain calculation module includes a modular addition and subtraction calculation hardware module, a Montgomery modular multiplication hardware module, a modular inverse calculation hardware module and a prime domain elliptic curve calculation module; the modular addition and subtraction calculation hardware module is used to implement prime domain operations. Modular addition, modular subtraction, and modular operations; the Montgomery modular multiplication hardware module is used to implement modular multiplication operations in the prime domain, and the Montgomery modular multiplication hardware module is implemented based on the optimized Montgomery modular multiplication algorithm; the modular inverse calculation hardware The module is used to implement modular inverse operations in the prime domain; the prime domain elliptic curve calculation module is used to implement point addition, point multiplication and check point operations in the prime domain; 所述二次扩域运算模块用于实现素域经二次扩张后得到的二次扩域中的各类运算,包括:模加、模减、模乘、模逆及二次域元素frobenius运算;所述四次扩域运算模块用于实现素域经四次扩张后得到的四次扩域中的各类运算,包括:模加、模减、模乘、模逆及四次域元素frobenius运算;所述十二次扩域运算模块用于实现素域经十二次扩张后得到的十二次扩域中的各类运算,包括:模乘、模逆、模幂及十二次域元素frobenius运算;The secondary expansion operation module is used to implement various operations in the secondary expansion of the prime field after the second expansion, including: modular addition, modular subtraction, modular multiplication, modular inversion and quadratic field element frobenius operations. ; The quadratic domain expansion operation module is used to implement various operations in the four domain expansions obtained after four expansions of the prime field, including: modular addition, modular subtraction, modular multiplication, modular inversion and quartic domain element frobenius Operation; the twelve-fold field expansion operation module is used to implement various operations in the twelve-fold field expansion obtained after twelve expansions of the prime field, including: modular multiplication, modular inversion, modular exponentiation and twelve-fold field Element frobenius operation; 所述二次扩域椭圆曲线运算模块用于实现二次扩域下椭圆曲线的各类运算,包括:二次域点的坐标系转换、二次域点加、二次域倍点、二次域点乘、二次域点的frobenius运算;所述二次域点的坐标转系换指的是二次域中的椭圆曲线点在仿射坐标系和射影坐标系之间的转换;The quadratic extended domain elliptic curve operation module is used to implement various operations of elliptic curves under quadratic extended domain, including: coordinate system conversion of quadratic domain points, quadratic domain point addition, quadratic domain doubling point, quadratic domain point doubling Domain point multiplication and frobenius operation of quadratic domain points; the coordinate transformation of the quadratic domain point refers to the conversion of elliptic curve points in the quadratic domain between the affine coordinate system and the projective coordinate system; 所述线函数运算模块用于实现R-ate对计算中的函数gU,V(Q)的运算,即两椭圆曲线点的连线方程的计算;函数gU,V(Q)计算流程按照SM9算法标准总则中定义实现;计算中,若两椭圆曲线点为不同点且均不为无穷远点,则结果为过两点的直线方程;若两椭圆曲线点为相同点且均不为无穷远点,则结果为过该点的椭圆曲线的切线方程;若其中有一椭圆曲线点为无穷远点,则结果为过另一点做x轴垂线的方程;The line function operation module is used to realize the operation of R-ate on the functions g U, V (Q) in the calculation, that is, the calculation of the line equation of the two elliptic curve points; the calculation process of the function g U, V (Q) is as follows The implementation is defined in the SM9 algorithm standard general principles; during calculation, if the two elliptic curve points are different points and neither are infinite points, the result is the equation of a straight line passing through the two points; if the two elliptic curve points are the same point and neither are infinite If there is a far point, the result is the tangent equation of the elliptic curve passing through that point; if one of the elliptic curve points is an infinity point, the result is the equation of the perpendicular to the x-axis passing through another point; 所述最终幂运算模块用于实现R-ate对计算步骤中的最后一步,即 The final exponentiation module is used to implement the last step in the R-ate pair calculation step, that is 所述双线性对计算状态机用于控制并调用各模块以完成双线性对的计算;The bilinear pairing calculation state machine is used to control and call each module to complete the calculation of bilinear pairing; 所述辅助函数模块用于实现SM9算法中的密码函数H1/H2和密钥派生函数KDF,密钥派生函数用于产生SM9算法中的加解密密钥;The auxiliary function module is used to implement the cryptographic function H 1 /H 2 and the key derivation function KDF in the SM9 algorithm, and the key derivation function is used to generate the encryption and decryption keys in the SM9 algorithm; 所述随机数模块用于产生算法所需的1到(N-1)之间的随机数;The random number module is used to generate random numbers between 1 and (N-1) required by the algorithm; 所述算法功能模块用于调用其余各模块以实现SM9算法中的各种算法功能。The algorithm function module is used to call other modules to implement various algorithm functions in the SM9 algorithm. 2.根据权利要求1所述的基于有限域的SM9标识密码算法硬件实现系统,其特征在于,所述寄存器模块的具体功能包括:用户将控制信息及配置信息写入寄存器模块,寄存器模块将用户写入的初始参数、标识和明文数据传输至存储器模块,再根据控制信息启动相应的算法功能运算;若运算成功,寄存器模块将计算结果从存储器模块读出并传输给用户;若运算失败,寄存器模块将计算失败信号传输给用户。2. The SM9 identification cryptographic algorithm hardware implementation system based on limited fields according to claim 1, characterized in that the specific functions of the register module include: the user writes control information and configuration information into the register module, and the register module writes the user The written initial parameters, identification and plain text data are transferred to the memory module, and then the corresponding algorithm function operation is started based on the control information; if the operation is successful, the register module reads the calculation result from the memory module and transmits it to the user; if the operation fails, the register module The module transmits the calculation failure signal to the user. 3.根据权利要求1所述的基于有限域的SM9标识密码算法硬件实现系统,其特征在于,所述数据通路模块能实现数据在存储器中不同地址之间进行搬运操作,包括将两个数据进行比较、将两个数据进行首尾拼接和将数据进行移位。3. The SM9 identification cryptographic algorithm hardware implementation system based on finite fields according to claim 1, characterized in that the data path module can realize data transfer operations between different addresses in the memory, including transferring two data. Compare, splice the two data head to tail and shift the data. 4.根据权利要求1所述的基于有限域的SM9标识密码算法硬件实现系统,其特征在于,所述辅助函数模块的密码函数H1/H2、密钥派生函数KDF的运算步骤均按照SM9算法标准中步骤实现;密码函数H1/H2及密钥派生函数KDF中需要调用密码杂凑函数Hv(),密码杂凑函数Hv()通过SM3运算模块实现。4. The finite field-based SM9 identification cryptographic algorithm hardware implementation system according to claim 1, characterized in that the operation steps of the cryptographic functions H1/H2 and the key derivation function KDF of the auxiliary function module are all in accordance with the SM9 algorithm standard. Implementation in steps; the cryptographic function H1/H2 and the key derivation function KDF need to call the cryptographic hash function Hv(), and the cryptographic hash function Hv() is implemented through the SM3 operation module. 5.根据权利要求1所述的基于有限域的SM9标识密码算法硬件实现系统,其特征在于,所述SM9算法的算法功能包括:数字签名生成、数字签名验证、密钥交换协议、公钥加密和公钥解密;所述算法功能按照SM9算法标准中的步骤实现计算。5. The finite field-based SM9 identification cryptographic algorithm hardware implementation system according to claim 1, characterized in that the algorithm functions of the SM9 algorithm include: digital signature generation, digital signature verification, key exchange protocol, public key encryption and public key decryption; the algorithm function implements the calculation according to the steps in the SM9 algorithm standard.
CN202110763602.2A 2021-07-06 2021-07-06 SM9 identification cipher algorithm hardware realization system based on finite field Active CN113660087B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110763602.2A CN113660087B (en) 2021-07-06 2021-07-06 SM9 identification cipher algorithm hardware realization system based on finite field

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110763602.2A CN113660087B (en) 2021-07-06 2021-07-06 SM9 identification cipher algorithm hardware realization system based on finite field

Publications (2)

Publication Number Publication Date
CN113660087A CN113660087A (en) 2021-11-16
CN113660087B true CN113660087B (en) 2023-09-26

Family

ID=78477161

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110763602.2A Active CN113660087B (en) 2021-07-06 2021-07-06 SM9 identification cipher algorithm hardware realization system based on finite field

Country Status (1)

Country Link
CN (1) CN113660087B (en)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114338049B (en) * 2022-03-14 2022-07-05 山东区块链研究院 Rapid realization method and system of SM2 cryptographic algorithm based on modular reduction
CN116346474A (en) * 2023-03-29 2023-06-27 国网辽宁省电力有限公司电力科学研究院 A secure access method and system for virtual power plant distributed energy
CN116846543A (en) * 2023-07-26 2023-10-03 百信信息技术有限公司 SM3 password hash algorithm data processing method and related equipment
CN117353926B (en) * 2023-12-01 2024-02-27 苏州元脑智能科技有限公司 SM2 algorithm password processing method, device and equipment based on chip
CN117650951B (en) * 2024-01-30 2024-05-10 北京格尔国信科技有限公司 IKE authentication and negotiation method based on identification cipher algorithm
CN119341744B (en) * 2024-12-20 2025-04-25 江苏意源科技有限公司 Data processing method based on Shenwei CPU instruction set

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102739396A (en) * 2011-04-11 2012-10-17 航天信息股份有限公司 Co-processor applied in information security
CN102761413A (en) * 2011-04-27 2012-10-31 航天信息股份有限公司 Implementation system of p-element domain SM2 elliptic curve public key cryptographic algorithm
CN103023659A (en) * 2013-01-08 2013-04-03 武汉大学 ECC (elliptic curve cryptosystem) encryption hardware device with expandable parameter bit width
CN107147488A (en) * 2017-03-24 2017-09-08 广东工业大学 A signature verification system and method based on SM2 encryption and decryption algorithm
CN206712805U (en) * 2017-04-26 2017-12-05 美的智慧家居科技有限公司 Key chip system and internet of things equipment
CN108259179A (en) * 2016-12-29 2018-07-06 航天信息股份有限公司 A kind of encryption-decryption coprocessor and its operation method based on SM9 id password algorithms
CN108650078A (en) * 2018-03-22 2018-10-12 北京中电华大电子设计有限责任公司 A kind of accelerated method of SM9 id passwords algorithm
CN112202568A (en) * 2020-10-09 2021-01-08 天津大学 Software and hardware co-design SM9 digital signature communication method and system
CN112769553A (en) * 2020-12-30 2021-05-07 北京宏思电子技术有限责任公司 Implementation method and device for accelerating SM9 bilinear pairing operation in embedded system

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102412971B (en) * 2011-11-30 2015-04-29 西安西电捷通无线网络通信股份有限公司 SM2 key exchange protocol based key agreement method and device

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102739396A (en) * 2011-04-11 2012-10-17 航天信息股份有限公司 Co-processor applied in information security
CN102761413A (en) * 2011-04-27 2012-10-31 航天信息股份有限公司 Implementation system of p-element domain SM2 elliptic curve public key cryptographic algorithm
CN103023659A (en) * 2013-01-08 2013-04-03 武汉大学 ECC (elliptic curve cryptosystem) encryption hardware device with expandable parameter bit width
CN108259179A (en) * 2016-12-29 2018-07-06 航天信息股份有限公司 A kind of encryption-decryption coprocessor and its operation method based on SM9 id password algorithms
CN107147488A (en) * 2017-03-24 2017-09-08 广东工业大学 A signature verification system and method based on SM2 encryption and decryption algorithm
CN206712805U (en) * 2017-04-26 2017-12-05 美的智慧家居科技有限公司 Key chip system and internet of things equipment
CN108650078A (en) * 2018-03-22 2018-10-12 北京中电华大电子设计有限责任公司 A kind of accelerated method of SM9 id passwords algorithm
CN112202568A (en) * 2020-10-09 2021-01-08 天津大学 Software and hardware co-design SM9 digital signature communication method and system
CN112769553A (en) * 2020-12-30 2021-05-07 北京宏思电子技术有限责任公司 Implementation method and device for accelerating SM9 bilinear pairing operation in embedded system

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
SM9标识密码算法综述;袁峰;程朝辉;;信息安全研究(第11期);全文 *
国密SM9算法R-ate对计算的优化设计;王明东;何卫国;李军;梅瑞;;通信技术(第09期);全文 *

Also Published As

Publication number Publication date
CN113660087A (en) 2021-11-16

Similar Documents

Publication Publication Date Title
CN113660087B (en) SM9 identification cipher algorithm hardware realization system based on finite field
CN111314089B (en) SM 2-based two-party collaborative signature method and decryption method
US11310060B1 (en) Atomic cross-chain swaps using equivalent secret values
CN101420300B (en) Double factor combined public key generating and authenticating method
CN107395368B (en) Digital signature method, decapsulation method and decryption method in media-free environment
US11223486B2 (en) Digital signature method, device, and system
CN108418686A (en) A multi-distributed SM9 decryption method and medium and key generation method
CN108292402A (en) The determination of the public secret of secure exchange for information and level certainty key
CN107425968A (en) A kind of SM2 elliptic curve public key cryptographic algorithms under binary field F2m realize system
CN104821880A (en) Certificate-free generalized proxy signcryption method
EP2686978B1 (en) Keyed pv signatures
CN102761412A (en) P-element domain SM2 elliptic curve public key encryption, decryption and encryption-decryption hybrid system
CN114117547B (en) SM9 digital signature acceleration generation method and digital signature acceleration verification method based on pre-calculation table
EP4208982B1 (en) Method for electronic signing and authenticaton strongly linked to the authenticator factors possession and knowledge
WO2020164252A1 (en) Identity-based identity hiding key agreement method based on bilinear paring
CN115865531B (en) A proxy re-encryption digital asset authorization method
CN112350827B (en) Koblitz curve-based elliptic curve encryption and decryption method and system for acceleration scalar multiplication calculation
CN117879833A (en) Digital signature generation method based on improved elliptic curve
WO2024239591A1 (en) Multi-party key agreement method and system based on guomi algorithms
CN106941406B (en) Identify-based encryption endorsement method, decryption sign test method and device thereof
CN115442042A (en) A Certificateless Public Key Encryption Method Based on SM2 Algorithm and SM9 Algorithm
CN118842659A (en) N-selection k unintentional transmission method based on RSA
CN114285576B (en) Non-opposite online and offline signcryption method
CN115694827A (en) SM 2-based certificate encryption method and system
CN115277019A (en) An agile digital signature verification method and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right

Effective date of registration: 20250310

Address after: Room 1007, 10th Floor, Hanggang Metallurgical Technology Building, No. 294 Tianmushan Road, Xihu District, Hangzhou City, Zhejiang Province 310013

Patentee after: Zhidianxin (Hangzhou) Intelligent Technology Co.,Ltd.

Country or region after: China

Address before: 310018 Xueyuan Street 998, Xiasha Higher Education Park, Hangzhou City, Zhejiang Province

Patentee before: ZHEJIANG University OF MEDIA AND COMMUNICATIONS

Country or region before: China

TR01 Transfer of patent right