CN100461668C - Multiple computing circuit for ellipic curve cipher algorithm chip - Google Patents
Multiple computing circuit for ellipic curve cipher algorithm chip Download PDFInfo
- Publication number
- CN100461668C CN100461668C CNB2004100814398A CN200410081439A CN100461668C CN 100461668 C CN100461668 C CN 100461668C CN B2004100814398 A CNB2004100814398 A CN B2004100814398A CN 200410081439 A CN200410081439 A CN 200410081439A CN 100461668 C CN100461668 C CN 100461668C
- Authority
- CN
- China
- Prior art keywords
- point
- computation
- module
- value
- elliptic curve
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Landscapes
- Complex Calculations (AREA)
Abstract
This invention discloses a double point computation circuit used for elliptic curve code algorithmic chip. Its characteristics rely in: a control module used for separation of big integer K value, pre-computation and logical control, double point module and the dot piling module; the control module separates the big integer K value into m small integer Ki, and pre-computes the corresponding point Pi integrated to point P; then under the logical control of the control module, respectively carry out double point calculation in the corresponding m double point modules, send the calculated value to the dot-piling module to implement dot-piling computation, and output big integer K and the dot-piling computation value of the point P. This m circuits paralleled dot-piling computation circuit has apparent effect on the improvement of the performance, and m circuits paralleled computation performance is as m times as that of the mono-way serial double-point computation. Because the double-point computation takes up 95% time of the whole elliptic curve code algorithm, so the improvement multiple of the whole elliptic curve code algorithmic chip is m.
Description
Technical field
The present invention relates to a kind of point doubling circuit that is used for the elliptic curve cryptography chip.
Background technology
Elliptic curve cryptography is a kind of public key algorithm.Elliptic curve cryptography comprises a some P to be taken advantage of by a big integer K, and promptly point doubling is called for short K*P.In the calculating process of elliptic curve cryptography, point doubling has accounted for most times.Thereby, influence the elliptic curve cryptography chip performance in other words the deciding factor of arithmetic speed be to realize the circuit of point doubling.
Point doubling is meant that a some P is taken advantage of by a big integer K on the elliptic curve, and K the power that is similar to an element on the multiplicative group of finite field calculates.The canonical algorithm of this computing is a binary system exponentiation method, or claims the quadratic sum multiplication algorithm, corresponding to a series of two times of points and point add operation on the elliptic curve.This canonical algorithm circuit is realized existing two class prioritization schemes: a class is that to keep two point doubling number of times constant, reduces the number of times of point add operation, thereby reduces the operation time of whole times of point.For example: change the K value into the balanced binary system coding by the straight binary coding, each iteration is carried out the k-ary method of k index bits, the sliding window method after the further popularization of k-ary method etc.Another kind of is under the prerequisite of single times of point, improve the speed of point doubling circuit internal module, for example: P unit territory utilizes improved Montgomery algorithm, improves inner important module---the execution speed that mould is taken advantage of of point doubling circuit, thereby improves the speed of point doubling.Above-mentioned prioritization scheme improves to the arithmetic speed of elliptic curve cryptography chip, but still can not satisfy the requirement of the high-speed chip realization of elliptic curve cryptography fully.
Summary of the invention
Goal of the invention of the present invention is to overcome above-mentioned deficiency, provides a kind of arithmetic speed the high point doubling circuit that is used for the elliptic curve cryptography chip.
For achieving the above object, a kind of point doubling circuit that is used for the elliptic curve cryptography chip of the present invention comprises that one is used for the control module of the fractionation of big integer K value, pre-computation and logic control, and times point module and point add module;
Control module is split as a plurality of small integer K with big integer K value
i, and binding site P pre-computation goes out corresponding some P
iUnder the control module logic control, carry out point doubling respectively in a plurality of times of point modules of correspondence then, the numerical value after the computing is sent into a little to add and is carried out point add operation in the module, exports big integer K and the point doubling value of putting P.
Described big integer K value is split as a plurality of small integer K
i, adopt the method for following formulae express to split:
K=2
[n(m-1)/m]K
m+…+2
[n(i-1)/m]K
i+…+2
[n/m]K
2+K
1
[] is to round symbol in the following formula, and n is the number of bits of big integer K, and m is that the K value splits into K
iNumber;
Described binding site P pre-computation goes out corresponding some P
i, adopt following formula to carry out pre-computation:
P
i=2
[n(i-1)/m]*P
Describedly carry out point doubling respectively in a plurality of times of point modules of correspondence, the numerical value after the computing is sent into a little to add and is carried out point add operation in the module, adopts the method for following formulae express to carry out:
K*P=K
m*P
m+…+K
i*P
i+…+K
2*P
2+K
1*P
1
The parallel point doubling circuit in this m road is very significant to the raising of performance, the performance of the point doubling circuit that the m road is parallel be the single channel serial the point doubling circuit approximate m doubly.Because point doubling has accounted for the operation time more than 95% in whole elliptic curve cryptography, so the raising multiple of the performance of whole elliptic curve cryptography chip is approximately m.
Above-mentioned fractionation number m can be arbitrarily more than or equal to 2 small integer, that is to say that sort circuit is applicable to the scheme of 2 road or 2 road above concurrent operations, and big more then degree of concurrence of m and chip performance are higher.But, because the restriction of chip-scale and control circuit complexity, be not that the way that walks abreast is The more the better, need take the parallel scheme in several roads in conjunction with the concrete condition decision.
Description of drawings
Fig. 1 is a former times of point module schematic diagram;
Fig. 2 is a kind of point doubling circuit theory diagrams that are used for the elliptic curve cryptography chip of the present invention;
Fig. 3 is the schematic diagram that point doubling circuit shown in Figure 2 is divided into two-way.
Embodiment
Below in conjunction with the drawings and specific embodiments, a kind of point doubling circuit that is used for the elliptic curve cryptography chip of the present invention is described in further detail and describes.
Fig. 1 is a former times of point module schematic diagram.Among the figure,, in the elliptic curve cryptography chip, a times point module 1 of carrying out point doubling is arranged corresponding to the point doubling in the elliptic curve cryptography.Times point module 1 structurally can be divided into three levels, and top layer is a point doubling itself, and its input comprises multiple K, P point coordinates (x
0, y
0), be output as point doubling K as a result
*P value (x
k, y
k); The intermediate layer is that two times of point modules 11 and point add module 12 on the elliptic curve group, and according to the difference of K value in the top layer, the point doubling of top layer can be described as the different sequences of two times of points in intermediate layer and point add operation; BAMs such as bottom is that mould adds, mould is taken advantage of, invert, data transaction, the two times of points and the point add operation in intermediate layer are made of these BAMs of bottom.13 pairs of whole times of point modules 1 of control module carry out logic control, to realize point doubling.
Fig. 2 is a kind of point doubling circuit theory diagrams that are used for the elliptic curve cryptography chip of the present invention.Among the figure, input is n position binary system random number K and puts P (x
0, y
0), random number K is divided into m binary number K
1, K
2..., K
i..., K
m, and satisfy:
K=2
[n(m-1)/m]K
m+…+2
[n(i-1)/m]K
i+…+2
[n/m]K
2+K
1
[] is to round symbol in the following formula, and for example [n (i-1)/m] is the maximum integer that is not more than n (i-1)/m, according to associative law and distributive law, has so:
K*P=K
m*P
m+…+K
i*P
i+…+K
2*P
2+K
1*P
1
P in the following formula
i=2
[n (i-1)/m]* P
The point doubling of K and P has just just resolved into K like this
1And P
1, K
2And P
2..., K
iAnd P
i..., K
mAnd P
mPoint doubling result's point adds sum, wherein K separately
1, K
2..., K
i..., K
mBe fractionation to K, P
2..., P
i..., P
mBe to P carry out [n/m] inferior ..., [n (i-1)/m] inferior ..., [n (m-1)/m] inferior two point doublings the result, if try to achieve P in advance
2..., P
i..., P
m, just can carry out K
1* P, K
2* P
2..., K
i* P
i..., K
m* P
mConcurrent operation.
Concrete structure and annexation are:
Control module 2 is split as a plurality of small integer K with big integer K value
i, and binding site P pre-computation goes out corresponding some P
iUnder the control module logic control, carry out point doubling respectively in a plurality of times of point modules 1 of correspondence then, the numerical value after the computing is sent into a little to add and is carried out point add operation in the module 3, exports big integer K and the point doubling value of putting P.
(1) is K
1* P, K
2* P
2..., K
i* P
i..., K
m* P
mDistribute separately independently point doubling unit, i.e. times point module i among Fig. 2, the point doubling that walks abreast of m road can not be subjected to independently to carry out with influencing each other like this;
(2) control module sends K respectively to each times point module i
1, K
2..., K
i..., K
mWith P, P
2..., P
i..., P
mCoordinate (x
0, y
0), (x
2, y
2) ..., (x
i, y
i) ..., (x
m, y
m), and the operation of control each times point module i in calculating process;
(3) after each road point doubling finishes, with the coordinate (x of the operation result of each times point module
K1, y
K1), (x
K2, y
K2) ..., (x
Ki, y
Ki) ..., (x
Km, y
Km) send into one and independently add module, these point doublings result promptly obtains K*P (x after all adding through point
k, y
k).
The parallel point doubling circuit in this m road is very significant to the raising of performance, the performance of the point doubling circuit that the m road is parallel be the single channel serial the point doubling circuit m doubly.Because point doubling has accounted for the operation time more than 95% in whole elliptic curve cryptography, so the raising multiple of the performance of whole elliptic curve cryptography chip is approximately m.
Fig. 3 is the schematic diagram that point doubling circuit shown in Figure 2 is divided into two-way.Among the figure, control module 2 splits 2 small integer K with big integer K
2, K
1, and binding site P pre-computation goes out corresponding some P
2, P
1, K
2, K
1An and P
2, P
1, satisfy:
K=2
[n/2]K
2+K
1
P
2=2
[n/2]*P、P
1=P
Then under control module 2 logic controls, in times point module 1 of correspondence, times point module 2, carry out point doubling respectively, the numerical value after the computing is sent into a little to add and is carried out point add operation in the module 3, exports the point doubling value (x of big integer K and some P
k, y
k).
K*P=K
2*P
2+K
1*P
1
Two parts are doubly put computing simultaneously, and then the speed of point doubling is almost original twice, because the point of back adds time of taking less than 1% of point doubly.Owing to the time more than 95% that point doubling has accounted for whole elliptic curve operations, therefore can increase substantially the arithmetic speed of existing elliptic curve chip according to method of the present invention.If arithmetic speed is 2000 times/second when adopting parallel times of point methods, then two doubly put concurrent operation can be near 4000 times/second.
In the realization of point doubling, the method in two element field and P unit territory is different, and the circuit that the present invention describes all is suitable for for two element field and P unit territory.A kind of point doubling circuit that is used for the elliptic curve cryptography chip of the present invention is not limited to the scope of embodiment, and all utilize innovation and creation that the present invention conceives all at the row of protection.
Claims (1)
1. a point doubling circuit that is used for the elliptic curve cryptography chip is characterized in that, comprises that one is used for the control module of the fractionation of big integer K value, pre-computation and logic control, and times point module and point add module;
Control module is split as a plurality of small integer K with big integer K value
i, and binding site P pre-computation goes out corresponding some P
iUnder the control module logic control, carry out point doubling respectively in a plurality of times of point modules of correspondence then, the numerical value after the computing is sent into a little to add and is carried out point add operation in the module, exports big integer K and the point doubling value of putting P;
Described big integer K value is split as a plurality of small integer K
i, adopt the method for following formulae express to split:
K=2
[n(m-1)/m]K
m+...+2
[n(i-1)/m]K
i+...+2
[n/m]K
2+K
1
[] is to round symbol in the following formula, and n is the number of bits of big integer K, and m is the number that the K value splits into Ki;
Described binding site P pre-computation goes out corresponding some P
i, adopt following formula to carry out pre-computation:
P
i=2
[n(i-1)/m]*P
Describedly carry out point doubling respectively in a plurality of times of point modules of correspondence, the numerical value after the computing is sent into a little to add and is carried out point add operation in the module, adopts the method for following formulae express to carry out:
K*P=K
m*P
m+...+K
i*P
i+...+K
2*P
2+K
1*P
1。
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2004100814398A CN100461668C (en) | 2004-12-09 | 2004-12-09 | Multiple computing circuit for ellipic curve cipher algorithm chip |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2004100814398A CN100461668C (en) | 2004-12-09 | 2004-12-09 | Multiple computing circuit for ellipic curve cipher algorithm chip |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1625104A CN1625104A (en) | 2005-06-08 |
| CN100461668C true CN100461668C (en) | 2009-02-11 |
Family
ID=34765723
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB2004100814398A Expired - Fee Related CN100461668C (en) | 2004-12-09 | 2004-12-09 | Multiple computing circuit for ellipic curve cipher algorithm chip |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100461668C (en) |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP2509253B1 (en) * | 2005-11-03 | 2014-06-18 | Certicom Corp. | Simultaneous scalar multiplication method |
| EP2228715A1 (en) * | 2009-03-13 | 2010-09-15 | Thomson Licensing | Fault-resistant calculcations on elliptic curves |
| CN102761413B (en) * | 2011-04-27 | 2015-06-10 | 航天信息股份有限公司 | Implementation system of p-element domain SM2 elliptic curve public key cryptographic algorithm |
| CN103942031B (en) * | 2014-04-28 | 2017-07-04 | 山东华芯半导体有限公司 | Elliptic domain curve operations method |
| CN104267926B (en) * | 2014-09-29 | 2018-03-09 | 北京宏思电子技术有限责任公司 | The method and apparatus for obtaining elliptic curve cipher data |
| CN109117677A (en) * | 2018-09-21 | 2019-01-01 | 阿里巴巴集团控股有限公司 | A kind of circuit for elliptic curve multi point arithmetic |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20020057796A1 (en) * | 1998-12-24 | 2002-05-16 | Lambert Robert J. | Method for accelerating cryptographic operations on elliptic curves |
| US20030059043A1 (en) * | 2001-09-26 | 2003-03-27 | Katsuyuki Okeya | Elliptic curve signature verification method and apparatus and a storage medium for implementing the same |
-
2004
- 2004-12-09 CN CNB2004100814398A patent/CN100461668C/en not_active Expired - Fee Related
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20020057796A1 (en) * | 1998-12-24 | 2002-05-16 | Lambert Robert J. | Method for accelerating cryptographic operations on elliptic curves |
| US20030059043A1 (en) * | 2001-09-26 | 2003-03-27 | Katsuyuki Okeya | Elliptic curve signature verification method and apparatus and a storage medium for implementing the same |
Also Published As
| Publication number | Publication date |
|---|---|
| CN1625104A (en) | 2005-06-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Margaliot et al. | Lie-algebraic stability conditions for nonlinear switched systems and differential inclusions | |
| CN104090737B (en) | A kind of modified model part parallel framework multiplier and its processing method | |
| CN100461668C (en) | Multiple computing circuit for ellipic curve cipher algorithm chip | |
| CN103942031A (en) | Elliptic domain curve operational method and elliptic domain curve arithmetic unit | |
| CN101197668A (en) | Elliptic curve anti-bypass attack method based on randomizing multiplication with symbol scalar | |
| CN102184161A (en) | Matrix inversion device and method based on residue number system | |
| KR20060106565A (en) | Computation method, computing devicee and computer program | |
| Arun Sekar et al. | Implementation of FIR filter using reversible modified carry select adder | |
| CN102393812A (en) | Implementation method for rapid scalar multiplication algorithm in elliptic curve cryptosystem | |
| CN103023659B (en) | ECC (elliptic curve cryptosystem) encryption hardware device with expandable parameter bit width | |
| CN102509145B (en) | Power-aware power balancing S box unit circuit and application method thereof | |
| Barua et al. | Binary arithmetic for DNA computers | |
| CN104572012A (en) | Polynomial-based GF [2(227)] high-speed modular multiplier based on AOP (all one polynomial) | |
| CN1957384B (en) | Electronic element and data processing method | |
| CN103914277B (en) | Extensible modular multiplier circuit based on improved Montgomery modular multiplication algorithm | |
| CN1811698A (en) | Hardware high-density realizing method for great number modules and power system | |
| CN102226885A (en) | Modulo 2n-2k-1 adder and design method thereof | |
| Liu et al. | A high speed VLSI implementation of 256-bit scalar point multiplier for ECC over GF (p) | |
| CN102270110B (en) | Improved 16Booth-based coder | |
| CN107203487A (en) | A kind of safe reconstruction structure of anti-power consumption attack | |
| CN108566271A (en) | It is multiplexed round transformation circuit, AES encryption circuit and its encryption method | |
| Zeng et al. | A q-analog of the Seidel generation of Genocchi numbers | |
| CN102929574A (en) | Pulse multiplying unit design method on GF (Generator Field) (2163) domain | |
| CN1375765A (en) | Fast large-scale multiplying circuit | |
| Borowik et al. | Logic synthesis method for pattern matching circuits implementation in FPGA with embedded memories |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| ASS | Succession or assignment of patent right |
Owner name: CHENGDU 30JAVEE MICROELECTRONICS CO., LTD. Free format text: FORMER OWNER: NO.30 INST., CHINA ELECTRONIC SCIENCE + TECHNOLOGY GROUP CORP. Effective date: 20110707 |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| COR | Change of bibliographic data |
Free format text: CORRECT: ADDRESS; FROM: 610041 NO. 6, CHUANGYE ROAD, HIGH-TECH. ZONE, CHENGDU CITY, SICHUAN PROVINCE TO: 610041 6/F, OFFICE BUILDING, NO. 6, CHUANGYE ROAD, HIGH-TECH. ZONE, CHENGDU CITY, SICHUAN PROVINCE |
|
| TR01 | Transfer of patent right |
Effective date of registration: 20110707 Address after: 6, building 610041, building 6, pioneering Road, Chengdu hi tech Zone, Sichuan Patentee after: Chengdu Sanlingjia Microelectronic Co., Ltd. Address before: 610041, No. 6, pioneering Road, hi tech Zone, Sichuan, Chengdu Patentee before: No.30 Inst., China Electronic Science & Technology Group Corp. |
|
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20090211 Termination date: 20181209 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |