CN104660399A - RSA modular exponentiation calculation method and device - Google Patents
RSA modular exponentiation calculation method and device Download PDFInfo
- Publication number
- CN104660399A CN104660399A CN201310608755.5A CN201310608755A CN104660399A CN 104660399 A CN104660399 A CN 104660399A CN 201310608755 A CN201310608755 A CN 201310608755A CN 104660399 A CN104660399 A CN 104660399A
- Authority
- CN
- China
- Prior art keywords
- value
- rsa
- result
- product
- delivery
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Landscapes
- Storage Device Security (AREA)
- Complex Calculations (AREA)
Abstract
The invention provides a RSA modular exponentiation calculation method and device. The RSA modular exponentiation calculation method comprises the following steps: acquiring information m, a modular number N, a random number r, a public key e and a private key d; calculating a first value m0, wherein the first value m0 is a value that N is delivered from the product of re-1 and the information m; calculating a second value m1, the second value m1 is a value that N is delivered from the product of the first value m0 and the random number r; calculating a third value S1, the third value S1 is a value that N is delivered from (m1)d-1; acquiring RSA encryption result S corresponding to information m, and the result S is the result that N is delivered from the product of the third value S1 and the first value m0. By adopting the method and the device, base number randomization on RSA can be achieved through relatively small expense, so that power consumption analysis attack can be avoided.
Description
Technical field
The present invention relates to the technical field of data security, particularly a kind of RSA modular exponentiation operation method and device.
Background technology
In existing RSA public key encryption algorithm Montgomery Algorithm, randomized mask is added to truth of a matter m, making the truth of a matter of actual participation Montgomery Algorithm become unknown by known, by fixedly becoming variable, thus avoiding power consumption analysis attack.
Such as, before deciphering or signature computing perform, select a random numeral to (V
i, V
d), make it meet V
d=(V
i -1)
dmod N, using carry out as truth of a matter m expressly randomization cover after the pseudo-truth of a matter be: m '=mV
imod N, so after Montgomery Algorithm terminates, to the respective mode power operation result that m ' obtains as the truth of a matter, namely carries out S=S ' V to pseudo-result S '
dthe process of mod N, to recover real result S.
Under normal circumstances, in order to avoid Montgomery Algorithm, numeral is to electing as: (r
e, r
-1), but due to S ' V
dmod N=(r
em)
dr
-1mod N, therefore, is carrying out S=S ' V
din the processing procedure of mod N computing, relate to the computing of r^ (-1) mod N.But large owing to calculating r^ (-1) mod N time overhead, the efficiency of rsa encryption process can be affected.
Therefore, need to propose a kind of new RSA modular exponentiation operation method and device, to improve the efficiency of rsa encryption process.
Summary of the invention
The problem that the present invention solves proposes a kind of new RSA modular exponentiation operation method and device, the truth of a matter randomization that can realize RSA by less expense, thus avoid power consumption analysis attack.
The embodiment provides a kind of RSA modular exponentiation operation method, described method comprises: obtaining information m, modulus N, random number r, PKI e and private key d; Calculate the first value m0, described first value m0 is r
e-1with the product of information m to the value after N delivery; Calculating the second value m1, described second value m1 is that the product of described first value m0 and described random number r is to the value after N delivery; Calculate the 3rd value S1, described 3rd value S1 is (m1)
d-1to the value after N delivery; The rsa encryption result S that obtaining information m is corresponding, described result S are that the product of the 3rd value S1 and described first value m0 is to the result of N delivery.
Embodiments of the invention additionally provide a kind of RSA modular exponentiation arithmetic unit, and described device comprises: acquiring unit, for obtaining information m, modulus N, random number r, PKI e and private key d; First arithmetic element, for calculating the first value m0, described first value m0 is r
e-1with the product of information m to the value after N delivery; Second arithmetic element, for calculating the second value m1, described second value m1 is that the product of described first value m0 and described random number r is to the value after N delivery; 3rd arithmetic element, for calculating the 3rd value S1, described 3rd value S1 is (m1)
d-1to the value after N delivery; 4th arithmetic element, for the rsa encryption result S that obtaining information m is corresponding, described result S is that the product of the 3rd value S1 and described first value m0 is to the result of N delivery.
Compared with prior art, embodiments of the invention have the following advantages:
In technique scheme, not only meet the randomized demand of the truth of a matter of RSA modular exponentiation computing, avoid carrying out power consumption analysis attack to RSA, nor relate to r
-1the computing of mod N, that is avoids modular inversion, and this, by saving the time of rsa encryption process, therefore can improve the efficiency of rsa encryption process.
Accompanying drawing explanation
Fig. 1 is the flow chart of RSA modular exponentiation operation method in the embodiment of the present invention;
Fig. 2 is the structural representation of RSA modular exponentiation arithmetic unit in the embodiment of the present invention.
Embodiment
By describing technology contents of the present invention, structural feature in detail, being realized object and effect, below in conjunction with accompanying drawing, the specific embodiment of the present invention is described in detail.Set forth a lot of detail in the following description so that fully understand the present invention, but the present invention can also adopt other to be different from alternate manner described here to implement, therefore the present invention is not by the restriction of following public specific embodiment.
Fig. 1 is the flow chart of RSA modular exponentiation operation method in the embodiment of the present invention.As shown in Figure 1, described method comprises step S101 to S105.
Step S101, obtaining information m, modulus N, random number r, PKI e and private key d.
In an embodiment of the present invention, described random number r is random, variable, and that is, in each RSA modular exponentiation calculating process, described random number r can change.The object adding described random number r is to make the follow-up truth of a matter of carrying out RSA modular exponentiation computing be a randomized result, which eliminate information m in algorithm implementation and the corresponding relation between reveal information (information that the truth of a matter after randomization is relevant), thus make assailant be difficult to direct obtaining information m.
Step S102, calculate the first value m0, described first value m0 is r
e-1with the product of information m to the value after N delivery.
In an embodiment of the present invention, by described step S102, described first value is m0=(r
e-1.m) mod N.
Step S103, calculating the second value m1, described second value m1 is that the product of described first value m0 and described random number r is to the value after N delivery.
In an embodiment of the present invention, by described step S103, described second value m1 be the product of described first value m0 and described random number r to the value after N delivery, so described second value is for m1=(m0.r) mod N.
Step S104, calculate the 3rd value S1, described 3rd value S1 is m1
d-1to the value after N delivery;
In an embodiment of the present invention, by described step S104, the 3rd value S1 of acquisition is: S1=m1
d-1mod N.
The rsa encryption result S that step S105, obtaining information m are corresponding, described result S are that the product of the 3rd value S1 and described first value m0 is to the result of N delivery.
In an embodiment of the present invention, by described step S105, the rsa encryption result S that obtaining information m is corresponding is: S=(S1.m0) mod N.
It should be noted that, on the one hand, do not relate to r when calculating first is worth m0, the second value m1 and the 3rd value S1
-1the computing of mod N.R
-1the computing of mod N mainly contains two kinds of methods: a kind of is the Euclidean algorithm by expansion, but this needs extra hardware circuit; Another kind utilizes fermat's little theorem to calculate, but time overhead is larger.As can be seen from above calculating process, in an embodiment of the present invention, r is not related to
-1the computing of mod N, therefore can bring larger convenient for rsa encryption computing, thus improve encryption efficiency.
On the other hand, according to the intrinsic property of RSA cryptographic algorithms: r
edmod N=r, so can derive as follows:
S=m
dmod N=r
edm
dr
-1mod N=(r
em)
dr
-1mod N
Derive as follows further:
S=(r
em)
dr
-1mod N=((r
em)
d-1r
e-1m)mod N
Make (r
e-1m) mod N equals m0, and (m0.r) mod N equals m1, m1
d-1mod N equals S1, can obtain:
S=(r
em)
dr
-1mod N=((r
em)
d-1r
e-1m)mod N=(m1)
d-1m0mod N
Shift onto known according to above-mentioned, the RSA modular exponentiation operation result after described truth of a matter randomization and the RSA modular exponentiation operation result before randomization are still consistent.
Embodiments of the invention additionally provide a kind of RSA modular exponentiation arithmetic unit, please refer to Fig. 2, and described RSA modular exponentiation arithmetic unit 200 comprises:
Acquiring unit 210, for obtaining information m, modulus N, random number r, PKI e and private key d;
First arithmetic element 220, for calculating the first value m0, described first value m0 is r
e-1with the product of information m to the value after N delivery;
Second arithmetic element 230, for calculating the second value m1, described second value m1 is that the product of described first value and described random number r is to the value after N delivery;
3rd arithmetic element 240, for calculating the 3rd value S1, described 3rd value S1 is m1
d-1to the value after N delivery;
4th arithmetic element 250, for the rsa encryption result S that obtaining information m is corresponding, described result S is that the product of the 3rd value S1 and described first value m0 is to the result of N delivery.
In an embodiment of the present invention, described first arithmetic element 220 comprises Montgomery Algorithm device and modular multiplication device, described second arithmetic element 230 can be modular multiplication device, and described 3rd arithmetic element 240 can be Montgomery Algorithm device, and described 4th arithmetic element 250 can be modular multiplication device.
One of ordinary skill in the art will appreciate that all or part of step in the various methods of above-described embodiment is that the hardware that can carry out instruction relevant by program has come, this program can be stored in a computer-readable recording medium, and storage medium can comprise: ROM, RAM, disk or CD etc.
Although the present invention discloses as above, the present invention is not defined in this.Any those skilled in the art, without departing from the spirit and scope of the present invention, all can make various changes or modifications, and therefore protection scope of the present invention should be as the criterion with claim limited range.
Claims (2)
1. a RSA modular exponentiation operation method, is characterized in that, comprising:
Obtaining information m, modulus N, random number r, PKI e and private key d;
Calculate the first value m0, described first value m0 is r
e-1with the product of information m to the value after N delivery;
Calculating the second value m1, described second value m1 is that the product of described first value m0 and described random number r is to the value after N delivery;
Calculate the 3rd value S1, described 3rd value S1 is (m1)
d-1to the value after N delivery;
The rsa encryption result S that obtaining information m is corresponding, described result S are that the product of the 3rd value S1 and described first value m0 is to the result of N delivery.
2. a RSA modular exponentiation arithmetic unit, is characterized in that, comprising:
Acquiring unit, for obtaining information m, modulus N, random number r, PKI e and private key d;
First arithmetic element, for calculating the first value m0, described first value m0 is r
e-1with the product of information m to the value after N delivery;
Second arithmetic element, for calculating the second value m1, described second value m1 is that the product of described first value m0 and described random number r is to the value after N delivery;
3rd arithmetic element, for calculating the 3rd value S1, described 3rd value S1 is (m1)
d-1to the value after N delivery;
4th arithmetic element, for the rsa encryption result S that obtaining information m is corresponding, described result S is that the product of the 3rd value S1 and described first value m0 is to the result of N delivery.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310608755.5A CN104660399B (en) | 2013-11-25 | 2013-11-25 | A kind of RSA modular exponentiation operation method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310608755.5A CN104660399B (en) | 2013-11-25 | 2013-11-25 | A kind of RSA modular exponentiation operation method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104660399A true CN104660399A (en) | 2015-05-27 |
| CN104660399B CN104660399B (en) | 2018-02-23 |
Family
ID=53251137
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310608755.5A Active CN104660399B (en) | 2013-11-25 | 2013-11-25 | A kind of RSA modular exponentiation operation method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104660399B (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106452789A (en) * | 2016-11-02 | 2017-02-22 | 北京宏思电子技术有限责任公司 | Signature method of preventing side-channel attack from multi-azimuth |
| CN106685660A (en) * | 2015-11-07 | 2017-05-17 | 上海复旦微电子集团股份有限公司 | Method and device for testing large prime number |
| CN108111309A (en) * | 2018-02-28 | 2018-06-01 | 北京融通高科微电子科技有限公司 | RSA private key mask operations method, coprocessor and RSA operation device |
| CN108173657A (en) * | 2017-12-01 | 2018-06-15 | 上海华虹集成电路有限责任公司 | A kind of efficient resisting differential power consumption analysis RSA implementation methods |
| CN111931176A (en) * | 2020-09-29 | 2020-11-13 | 网御安全技术(深圳)有限公司 | Method and device for defending side channel attack and readable storage medium |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1505313A (en) * | 2002-11-29 | 2004-06-16 | 海南信安数据***有限公司 | Elliptic curve signature and signature verification method and apparatus |
| CN102468956A (en) * | 2010-11-11 | 2012-05-23 | 上海华虹集成电路有限责任公司 | Method suitable for RSA modular exponentiation calculation |
-
2013
- 2013-11-25 CN CN201310608755.5A patent/CN104660399B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1505313A (en) * | 2002-11-29 | 2004-06-16 | 海南信安数据***有限公司 | Elliptic curve signature and signature verification method and apparatus |
| CN102468956A (en) * | 2010-11-11 | 2012-05-23 | 上海华虹集成电路有限责任公司 | Method suitable for RSA modular exponentiation calculation |
Non-Patent Citations (1)
| Title |
|---|
| 刘晓星: "公钥加密算法RSA的一种快速实现方法", 《微计算机信息》 * |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106685660A (en) * | 2015-11-07 | 2017-05-17 | 上海复旦微电子集团股份有限公司 | Method and device for testing large prime number |
| CN106685660B (en) * | 2015-11-07 | 2020-04-17 | 上海复旦微电子集团股份有限公司 | Method and device for testing large prime number |
| CN106452789A (en) * | 2016-11-02 | 2017-02-22 | 北京宏思电子技术有限责任公司 | Signature method of preventing side-channel attack from multi-azimuth |
| CN108173657A (en) * | 2017-12-01 | 2018-06-15 | 上海华虹集成电路有限责任公司 | A kind of efficient resisting differential power consumption analysis RSA implementation methods |
| CN108111309A (en) * | 2018-02-28 | 2018-06-01 | 北京融通高科微电子科技有限公司 | RSA private key mask operations method, coprocessor and RSA operation device |
| CN111931176A (en) * | 2020-09-29 | 2020-11-13 | 网御安全技术(深圳)有限公司 | Method and device for defending side channel attack and readable storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104660399B (en) | 2018-02-23 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104660399A (en) | RSA modular exponentiation calculation method and device | |
| US7908641B2 (en) | Modular exponentiation with randomized exponent | |
| US20130114806A1 (en) | Method for encrypting a message through the computation of mathematical functions comprising modular multiplications | |
| AU2011310576A1 (en) | Protecting modular exponentiation in cryptographic operations | |
| CN101198998A (en) | Information security device and elliptic curve operating device | |
| Kocabaş et al. | Implementation of binary Edwards curves for very-constrained devices | |
| CN101371285B (en) | Encryption processing device, encryption processing method | |
| CN103942031A (en) | Elliptic domain curve operational method and elliptic domain curve arithmetic unit | |
| FR2941798A1 (en) | APPARATUS FOR CALCULATING A RESULT OF SCALAR MULTIPLICATION | |
| Karakoyunlu et al. | Efficient and side-channel-aware implementations of elliptic curve cryptosystems over prime fields | |
| CN103490885B (en) | Use the computational methods of the RSA of Chinese remainder theorem and calculate device | |
| US20110311041A1 (en) | Crytographically transforming data text | |
| CN104660400A (en) | RSA modular exponentiation calculation method and device | |
| WO2019121747A1 (en) | Device and method for protecting execution of a cryptographic operation | |
| Moore et al. | Accelerating integer-based fully homomorphic encryption using Comba multiplication | |
| CN104683102A (en) | SM2 signature calculation method and device | |
| US8804952B2 (en) | System and method for securing scalar multiplication against differential power attacks | |
| CN103246494A (en) | Safety modular exponentiation method for resisting energy analysis and fault attack | |
| Page et al. | Fault and side-channel attacks on pairing based cryptography | |
| CN103580869B (en) | A kind of CRT-RSA signature method and device | |
| US10484173B2 (en) | X-only generic mapping function for PACE protocol | |
| WO2015199675A1 (en) | System and method for securing scalar multiplication against differential power attacks | |
| CN102932147A (en) | Elliptic curve cipher timing attacking method based on hidden markov model (HMM) | |
| CN107947943A (en) | It is a kind of to circulate non-equilibrium oily vinegar endorsement method offline online | |
| CN102394747B (en) | Method for rapidly embedding plaintext on one point of elliptic curve |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |