CN112118103A - Hardware implementation system for fast point multiplication of elliptic curve under prime field Fp - Google Patents

Abstract

The invention discloses a hardware realization system for fast point multiplication of an elliptic curve under a prime field Fp, which comprises a point multiplication main control module, a point addition control module, a point doubling control module, a check module, a modular addition/modular subtraction operation module, a modular inverse operation module and a modular multiplication operation module. The invention provides a hardware realization system for the rapid point multiplication of the elliptic curve under the prime field Fp with low hardware cost and high operation speed for users by the flow line design of hardware resources such as a multiplexing multiplier, a register and the like of a point addition control module and a point doubling control module, by adopting a point multiplication method of a window NAF, and by adopting a binary Euler inversion algorithm and the like.

Description

Hardware implementation system for fast point multiplication of elliptic curve under prime field Fp

Technical Field

The invention relates to a state cryptographic algorithm in the field of information security, in particular to a hardware implementation system for fast point multiplication of an elliptic curve under a prime field Fp.

Background

Elliptic Curve Cryptography (ECC) is a public key cryptography method based on Elliptic curve mathematics, and the number theory problem that the public key system depends on is respectively an integer factorization problem, a discrete logarithm problem, and an Elliptic curve discrete logarithm problem, and the corresponding difficulties are the basis of RSA public key cryptography security, ELGamal public key and its variant security, and Elliptic curve public key cryptography security in turn.

Disclosure of Invention

The invention aims to provide a hardware implementation system for quickly performing point multiplication on an elliptic curve under a prime field Fp with low hardware overhead and high operation speed.

In order to solve the technical problems, the technical scheme of the invention is as follows:

a hardware realization system for elliptic curve fast point multiplication under prime field Fp comprises a point multiplication main control module, a point addition control module, a point doubling control module, a check module, a modular addition/modular subtraction operation module, a modular inverse operation module and a modular multiplication operation module:

the point multiplication main control module is used for calling a point addition control module or a point doubling control module by a point multiplication algorithm under a prime field Jacobian coordinate;

the point adding control module is used for calling a check module by an elliptic curve point adding algorithm;

the multiple point control module is used for calling a check module by an elliptic curve multiple point algorithm;

the module for performing modulo addition/modulo subtraction operation is used for performing modulo addition operation and modulo subtraction operation respectively;

the modular inverse operation module is used for modular inverse operation of a binary modular inverse algorithm under the prime domain affine coordinates;

the modular multiplication operation module is based on the modular multiplication operation of a second-order rapid modular reduction algorithm.

Preferably, the point multiplication main control module is a point multiplication algorithm of the window NAF, the window width of the point multiplication algorithm of the window NAF in the elliptic curve point G (Gx, Gy) is w, and the expected running time is

M of the expected operation time is 256, A is the point plus the operation time, and D is the multiple point operation time.

Preferably, the modular inversion module is a binary euler inversion algorithm.

Preferably, the modular multiplication operation module consists of two steps of multiplication operation and fast modular reduction operation.

Preferably, the multiplication operation is a 129-bit multiplier.

Preferably, the point adding control module and the point doubling control module are both elliptic curve point adding algorithms.

Preferably, the arithmetic operation steps of the point addition control module include:

inputting: p1 (X1, Y1, Z1) using jacobian coordinates, P2 (X2, Y2) using affine coordinates

And (3) outputting: p3 ═ P1+ P2 ═ X3, Y3, Z3 using jacobi coordinates

①T1＝Z1*Z1

②T2＝T1*Z1

③T1＝T1*x2

④T2＝T2*y2,T1＝T1-X1

⑤T3＝T1*T1,T2＝T2-Y1

⑥Z3＝Z1*Y1

⑦T4＝T3*T1

⑧T3＝T3*X1

⑨T5＝T2*T2-T4,T1＝3T3

⑩T4＝T4*Y1,T1＝T1-T5

Y3＝T1*T2-T4,X3＝T3-T1

return(X3,Y3,Z3)

Preferably, the arithmetic operation steps of the multiple point control module include:

inputting: p1 ═ (X1, Y1, Z1), using jacobian coordinates

And (3) outputting: p3 ═ 2P1 ═ X3, Y3, Z3, using jacobian coordinates

①T1＝Z1*Z1,Y3＝2Y1

②T4＝Y3*Y3,T2＝X1-T1,T1＝X1+T1

③T2＝T2*T1

④T3＝T4*X1,T2＝3T2

⑤Z3＝Y3*Z1,T1＝2T3

⑥X3＝T2*T2-T1

⑦Y3＝T4*T4,T1＝T3-X3

⑧T3＝T1*T2-Y3,Y3＝Y3/2

⑨return(X3,Y3,Z3)

The invention has the beneficial effects that:

the invention provides a hardware realization system for the rapid point multiplication of the elliptic curve under the prime field Fp with low hardware cost and high operation speed for users by the flow line design of hardware resources such as a multiplexing multiplier, a register and the like of a point addition control module and a point doubling control module, by adopting a point multiplication method of a window NAF, and by adopting a binary Euler inversion algorithm and the like.

Drawings

FIG. 1 is a block diagram of the present invention.

Detailed Description

The following further describes embodiments of the present invention with reference to the drawings. It should be noted that the description of the embodiments is provided to help understanding of the present invention, but the present invention is not limited thereto. In addition, the technical features involved in the embodiments of the present invention described below may be combined with each other as long as they do not conflict with each other.

According to the illustration of FIG. 1:

a hardware realization system for elliptic curve fast point multiplication under prime field Fp comprises a point multiplication main control module, a point addition control module, a point doubling control module, a check module, a modular addition/modular subtraction operation module, a modular inverse operation module and a modular multiplication operation module:

the point multiplication main control module is used for calling a point addition control module or a point doubling control module by a point multiplication algorithm under a prime field Jacobian coordinate;

the point adding control module is used for calling a check module by an elliptic curve point adding algorithm;

the multiple point control module is used for calling a check module by an elliptic curve multiple point algorithm;

the module for performing modulo addition/modulo subtraction operation is used for performing modulo addition operation and modulo subtraction operation respectively;

the modular inverse operation module is used for modular inverse operation of a binary modular inverse algorithm under the prime domain affine coordinates;

the modular multiplication operation module is based on the modular multiplication operation of a second-order rapid modular reduction algorithm.

The point multiplication main control module is a point multiplication algorithm of a window NAF, the window width of the point multiplication algorithm of the window NAF in an elliptic curve point G (Gx, Gy) is w, and the expected running time is

M of the expected operation time is 256, A is the point plus the operation time, and D is the multiple point operation time.

The modular inversion operation module is a binary Euler inversion algorithm.

The modular multiplication operation module consists of multiplication operation and quick modular reduction operation.

The multiplication operation is a 129-bit multiplier.

The point addition control module and the multiple point control module are both elliptic curve point addition algorithms which are suitable for Jacobian coordinates under a prime field GF (p), and the algorithms are optimized, so that the hardware cost is lower and the operation is faster through hardware resources such as a multiplexing multiplier, a register and the like and pipeline design.

The implementation case is as follows:

the dot-product main control module adopts two algorithms during operation:

firstly, inputting: integer k, point G (Gx, Gy), where k is under prime field gf (P) and P is on elliptic curve e (fp), outputs:

Q＝kP

1.Q＝O；

2.for i＝n-1downto 0do

3.Q＝2Q

4.if ki＝1then

5.Q＝Q+P

6.end if

7.end for

8.reture Q

inputting:

point G (Gx, Gy), G_iiG where l is 256, k is under prime field gf (p), G is on elliptic curve e (fp), i e {1,3,5, …,2^w-1-1}, output: kG

1.Q＝0；

2.for i from l-1downto 0do

3.Q＝2Q；

4.ifki≠0then

5.ifki>0then Q＝Q+G_ki

6.else Q＝Q-G_-ki

7.end if

8.end if

9.end for

10.return Q

The combined dot product main control module is as follows:

input k, point G (Gx, Gy), step 1: let point Q be 0; step 2-8, i is reduced from l-1 to execute circulation; and step 3: realizing point doubling operation Q-2Q; step 4-7: if k is 1, the dot addition operation Q is Q + P, and step 8 returns the dot product kP.

Inputting the number NAF coded by k_w(k) Base points G (Gx, Gy) and G_i＝iG，i∈{1,3,5,…,2^w-¹-1}, step 1: let point Q be 0; step 2-8, i is reduced from l-1 to execute circulation; and step 3: realizing point doubling operation Q-2Q; step 4-7: if ki>0, perform a dot add operation Q ═ Q + G_kiOr ki<0, perform a dot-add operation Q ═ Q-G_-ki(note: setting G)_-ki(Gx, Gy), then-G-_ki＝(Gx,-Gy)，Q-G-_kiStill considered as a point-and-add operation); step 10 returns the dot product result kG.

The implementation case is as follows:

the algorithm adopted by the point adding control module during operation is as follows:

inputting: p1 ═ X1, Y1, Z1 using jacobian coordinates, P2 ═ X2, Y2 using affine coordinates

And (3) outputting: p3 ═ P1+ P2 ═ X3, Y3, Z3, using jacobian coordinates

①T1＝Z1*Z1

②T2＝T1*Z1

③T1＝T1*x2

④T2＝T2*y2,T1＝T1-X1

⑤T3＝T1*T1,T2＝T2-Y1

⑥Z3＝Z1*Y1

⑦T4＝T3*T1

⑧T3＝T3*X1

⑨T5＝T2*T2-T4,T1＝3T3

⑩T4＝T4*Y1,T1＝T1-T5

Y3＝T1*T2-T4,X3＝T3-T1

return(X3,Y3,Z3)

The implementation case is as follows:

the algorithm adopted by the point adding control module during operation is as follows:

inputting: p1 ═ (X1, Y1, Z1), using jacobian coordinates

And (3) outputting: p3 ═ 2P1 ═ X3, Y3, Z3, using jacobian coordinates

①T1＝Z1*Z1,Y3＝2Y1

②T4＝Y3*Y3,T2＝X1-T1,T1＝X1+T1

③T2＝T2*T1

④T3＝T4*X1,T2＝3T2

⑤Z3＝Y3*Z1,T1＝2T3

⑥X3＝T2*T2-T1

⑦Y3＝T4*T4,T1＝T3-X3

⑧T3＝T1*T2-Y3,Y3＝Y3/2

⑨return(X3,Y3,Z3)

The implementation case is as follows:

the modular inverse multiplication operation module adopts a binary Euler inversion algorithm, and the algorithm adopted in the operation is as follows:

inputting: p and x, b ∈ (0, p)

And (3) outputting: y, xy ═ 1modp

①u←p；v←x；r←o；s←b；

U is an even number: r ← r/2 modp; u ← u/2

V is an even number: s ← s/2 modp; v ← v/2

U and v are odd numbers: u > v, r ← (r-s) modp, u ← u-v

When u is not equal to 1 and v is not equal to 1, returning to the step 2, if u is equal to 1, y is equal to r, otherwise, y is equal to s, and outputting y

Knowing p and x, b ∈ (0, p), the output y, satisfying xy ═ b modp

Let u be p, v be x, r be 0, and s be b

If u is an even number, r-r/2 modp is performed, u-u/2

If v is an even number, s-s/2 modp, v-v/2 are performed

If u and v are both odd numbers, the next step r ═ r (r-s) modp is executed, and if not, the last operation is executed

If u is greater than v, perform r ═ r (r-s) modp, u ═ u-v, otherwise perform s ═ s-r) modp, v ═ v-u

If both u and r are not equal to 1, the operation is switched to execute r ═ r/2modp and u ═ u/2, otherwise, u ═ 1, y ═ r, otherwise, y ═ s, the output y is output, and the operation of modulo inverse multiplication is finished.

The embodiments of the present invention have been described in detail with reference to the accompanying drawings, but the present invention is not limited to the described embodiments. It will be apparent to those skilled in the art that various changes, modifications, substitutions and alterations can be made in these embodiments without departing from the principles and spirit of the invention, and the scope of protection is still within the scope of the invention.

Claims (8)

1. The hardware realization system for the rapid point multiplication of the elliptic curve under the prime field Fp is characterized by comprising a point multiplication main control module, a point addition control module, a point doubling control module, a check module, a modular addition/modular subtraction operation module, a modular inverse operation module and a modular multiplication operation module:

the point multiplication main control module is used for calling a point addition control module or a point doubling control module by a point multiplication algorithm under a prime field Jacobian coordinate;

the point adding control module is used for calling a check module by an elliptic curve point adding algorithm;

the multiple point control module is used for calling a check module by an elliptic curve multiple point algorithm;

the module for performing modulo addition/modulo subtraction operation is used for performing modulo addition operation and modulo subtraction operation respectively;

the modular inverse operation module is used for modular inverse operation of a binary modular inverse algorithm under the prime domain affine coordinates;

the modular multiplication operation module is based on the modular multiplication operation of a second-order rapid modular reduction algorithm.

2. The hardware implementation system of claim 1, wherein the point multiplication master control module is a point multiplication algorithm of a window NAF, the window width of the point multiplication algorithm of the window NAF in an elliptic curve point G (Gx, Gy) is w, and the expected running time is

M of the expected operation time is 256, A is the point plus the operation time, and D is the multiple point operation time.

3. The hardware implementation system of claim 1, wherein the modular inversion module is a binary euler inversion algorithm.

4. The hardware implementation system of claim 1, wherein the modular multiplication module comprises two steps of multiplication and fast modular reduction.

5. The hardware implementation system of claim 4, wherein the multiplication operation is a 129-bit multiplier.

6. The hardware implementation system of claim 4, wherein the point addition control module and the point doubling control module are both elliptic curve point addition algorithms.

7. The hardware implementation system of claim 1, wherein the arithmetic operation steps of the point addition control module include:

inputting: p1 (X1, Y1, Z1) using jacobian coordinates, P2 (X2, Y2) using affine coordinates

And (3) outputting: p3 ═ P1+ P2 ═ X3, Y3, Z3, using jacobian coordinates

①T1＝Z1*Z1

②T2＝T1*Z1

③T1＝T1*x2

④T2＝T2*y2,T1＝T1-X1

⑤T3＝T1*T1,T2＝T2-Y1

⑥Z3＝Z1*Y1

⑦T4＝T3*T1

⑧T3＝T3*X1

⑨T5＝T2*T2-T4,T1＝3T3

⑩T4＝T4*Y1,T1＝T1-T5

Y3＝T1*T2-T4,X3＝T3-T1

return(X3,Y3,Z3)。

8. The hardware implementation system of claim 1, wherein the operation steps of the multiple point control module algorithm include:

inputting: p1 ═ (X1, Y1, Z1), using jacobian coordinates

And (3) outputting: p3 ═ 2P1 ═ X3, Y3, Z3, using jacobian coordinates

①T1＝Z1*Z1,Y3＝2Y1

②T4＝Y3*Y3,T2＝X1-T1,T1＝X1+T1

③T2＝T2*T1

④T3＝T4*X1,T2＝3T2

⑤Z3＝Y3*Z1,T1＝2T3

⑥X3＝T2*T2-T1

⑦Y3＝T4*T4,T1＝T3-X3

⑧T3＝T1*T2-Y3,Y3＝Y3/2

⑨return(X3,Y3,Z3)。

Images