Koblitz曲线上改进的ECDSA算法

标量乘法的效率决定着椭圆曲线密码体制的性能,而Koblitz曲线上的快速标量乘算法,是标量乘法研究的重要课题.Lee et al算法采用Frobenius映射扩展正整数k,并将其扩展后的系数改写成二进制形式,有效地提高标量乘算法效率.文中将JSF应用到扩展后的系数中,以较小存储空间为代价来提高算法效率k并将算法用到改进...     

一种基于折半运算的Comb标量乘算法

通过将折半运算应用于Comb算法,提出了一种新的Comb标量乘算法,它可以提高域Fm2上的椭圆曲线标量乘法的效率.在预计算阶段和赋值阶段,新算法分别用高效的折半运算取代倍点运算.对新算法运行时间进行分析,并与传统的Comb算法进行比较,当窗口宽度w=4时,新算法效率提高58%~63%.     

标量乘法的FPGA实现

从实际应用出发,研究了椭圆曲线标量乘法算法的FPGA的实现。采用P1363推荐的GF(2163)上的Koblitz曲线,首先设计了一个精简指令集的微处理器IP核,利用此指令集编程实现标量乘法,最终实现的标量乘法需要8 830个ALUT和5 575个register,运行一次标量乘法的时间为184.52μs。与其他文献的标量乘法运算的硬件实现相比,实现的标量乘法运算在资源速度综合方面具有较大的优势。     

一类安全椭圆曲线的选取及其标量乘法的快速计算

安全椭圆曲线的选取和标量乘法的快速计算是有效实现椭圆曲线密码体制的两个主要问题.本文将二者结合起来考虑给出了一类适合普通PC机实现的安全椭圆曲线,并详细给出了选取这类曲线的具体步骤和基于"大步-小步法"思想构造了一种新的计算这类曲线上标量乘法的快速算法.这类曲线不仅选取容易而且利用本文所提出方法计算其标量乘法时能使所需椭圆曲线运算次数大大减少.此外,选用这类曲线后基域中元素不再需要专门的表示方法,各种运算能非常快地得到实现,从而能极大地提高体制的整体实现速度.     

椭圆曲线密码体制中快速标量乘算法实现

椭圆曲线密码(ECC),是一种以椭圆曲线离散对数问题为出发点而制定出的各种公钥密码体制,在1985年由学者Koblitz和Miller两人分别独立提出。ECC的主要特征是采用有限域上的椭圆曲线有限点群而非是传统的基于离散对数问题密码体制中所采用的有限循环群。因为标量乘算法是ECC中最耗时同时也是最为重要的算法,因为其运算效率的高低将直接影响到ECC实现的效率。本篇论文即是研究椭圆曲线密码中的标量乘法,以期能够探寻出一种快速安全的标量乘算法。     

PDA上ECC电磁分析神经网络分类方法

电磁分析攻击是对PDA等移动终端设备的椭圆曲线密码系统进行攻击的有效手段.简单电磁分析攻击中的信号分类是一个难点问题.文章针对椭圆曲线密码系统中的标量乘法运算时发射的电磁信号,运用人工神经网络技术进行分类判别,从而获取标量乘法中的秘密参量.     

抗SPA攻击的椭圆曲线NAF标量乘实现算法

针对椭圆曲线非相邻形式（NAF）标量乘法不能很好地抵抗简单功耗分析攻击（SPA）的问题,对NAF标量乘的实现算法以及对NAF标量乘的SPA攻击原理进行了分析,提出一种新的标量乘实现算法——平衡能量NAF标量乘法。通过对智能卡功耗分析平台的实测波形进行分析验证,平衡能量NAF标量乘法不仅继承了NAF标量乘法运算效率高的优点,而且能够很好地抵抗SPA攻击,提高密码芯片的安全性。     

用替换标量加速椭圆曲线点乘的研究

在优化有限域上椭圆曲线点乘的研究中,寻找标量的等价表示形式以减少点加和倍点运算的数量一直是关注的热点。因为点乘运算在一个H阶有限群中,利用有限群的性质,Q=kP=（n-k）（-P）。对于椭圆曲线,n-k和-P容易计算,于是计算点乘的标量k可以替换为n-k。因此,计算点乘时可通过选取代价更小的标量来减少计算量。理论和实验研究表明,替换标量可在微小的开销下使通常的重复倍加点算法的点加次数平均减少约5％。     

一种Montgomery型椭圆曲线的高效标量乘算法

椭圆曲线标量乘法是椭圆曲线密码系统的基本运算,安全高效的标量乘法将直接提高椭圆曲线密码系统的效率和安全性.本文将Fibonacei数列的概念进行了扩展,提出了Fibonacci型数列的概念,并用Fibonaeei型数列将Montgomery型曲线上点的加法运算公式进行了简化,得到了新的点加公式fibAdd.利用黄金比率...     

HECC除子标量乘并行集群算法设计

为了加快超椭圆曲线密码体制(HECC)中除子标量乘的运算速度,进行基于大数据技术的除子标量乘并行算法研究。根据"空间换时间"的策略对除子标量乘法常规方法进行改进,在任务规模为1016的条件下,运算耗时减少16.28%,提出基于负载均衡的任务划分优化方案。此方案分别将Hadoop集群平台、Spark集群平台、Spark-GPU集群平台的并行技术应用于改进后的除子标量乘算法中,研究并行算法与串行算法的运行效率。当问题规模一定时,随着节点个数的增加,不同集群平台的加速呈上升趋势,其中Spark-GPU并行算法的增长趋势最为明显,当节点个数为4时,Spark-GPU并行算法的加速比达到了261.84。通过对比3种集群平台的并行算法,发现Spark-GPU可以最有效地缩短运算耗时,加快除子标量乘法的运算速度。     

针对滑动窗口算法的椭圆曲线密码故障分析

基于符号变换故障攻击原理,针对采用滑动窗口算法实现点乘运算的椭圆曲线密码,当故障位于倍点运算时,给出一种能够解决"零块失效"问题的改进故障分析方法,实验结果表明15次故障注入即可恢复192bit完整密钥;当故障位于加法运算时,提出一种新的故障分析方法,实验结果表明1次故障注入可将密钥搜索空间降低27~215。该方法对其他使用滑动窗口算法的密码算法故障攻击具有借鉴意义。     

优化扩域上椭圆曲线标量乘的一个新算法

提出了一种优化扩域上椭圆曲线标量乘的新算法.算法基于Frobenius映射和二进制串的逻辑操作.文中对这个算法给出了细致精确的分析,而且在此基础上对新算法作了进一步改进.最后从理论分析和实际仿真两个方面就新算法和传统算法进行了比较.指出新算法执行时间比传统的φ-adic算法要少20%到40%.     

Fast Reconfigurable Elliptic Curve Cryptography Acceleration for <Emphasis Type="Italic">GF</Emphasis>(2<Superscript><Emphasis Type="Italic">m</Emphasis></Superscript>) on 32 bit Processors

This paper focuses on the design and implementation of a fast reconfigurable method for elliptic curve cryptography acceleration in GF(2 ^m ). The main contribution of this paper is comparing different reconfigurable modular multiplication methods and modular reduction methods for software implementation on Intel IA-32 processors, optimizing point arithmetic to reduce the number of expensive reduction operations through a novel reduction sharing technique, and measuring performance for scalar point multiplication in GF(2 ^m ) on Intel IA-32 processors. This paper determined that systematic reduction is best for fields defined with trinomials or pentanomials; however, for fields defined with reduction polynomials with large Hamming weight Barrett reduction is best. In GF(2⁵⁷¹) for Intel P4 2.8 GHz processor, long multiplication with systematic reduction was 2.18 and 2.26 times faster than long multiplication with Barrett or Montgomery reduction. This paper determined that Montgomery Invariant scalar point multiplication with Systematic reduction in Projective coordinates was the fastest method for single scalar point multiplication for the NIST fields from GF(2¹⁶³) to GF(2⁵⁷¹). For single scalar point multiplication on a reconfigurable elliptic curve cryptography accelerator, we were able to achieve ∼6.1 times speedup using reconfigurable reduction methods with long multiplication, Montgomery’s MSB Invariant method in projective coordinates, and systematic reduction. Further extensions were made to implement fast reconfigurable elliptic curve cryptography for repeated scalar point multiplication on the same base point. We also show that for L > 20 the LSB invariant method combined with affine doubling precomputation outperforms the LSB invariant method combined with López-Dahab doubling precomputation for all reconfigurable reduction polynomial techniques in GF(2⁵⁷¹) for Intel IA-32 processors. For L = 1000, the LSB invariant scalar point multiplication method was 13.78 to 34.32% faster than using the fastest Montgomery Invariant scalar point multiplication method on Intel IA-32 processors.     

Signed sliding window algorithms for modulo multiplication

The signed sliding window (SSW) number system for accelerating long-wordlength modulo multiplication is introduced. Compared with the previously published unsigned sliding window (USW) number system, SSW reduces the average number of nonzero digits in a number or reduces the amount of pre-computation required. In addition, how USW and SSW can be combined advantageously with Montgomery's algorithm for modulo reduction is described     

高性能Ed25519算法硬件架构设计与实现

针对签名验签速度难以满足特定应用领域需求的问题,该文设计了一种高性能Ed25519算法的硬件实现架构。采用宽度为2 bit的窗口法实现标量乘运算,减少了标量乘所需的总周期数;通过优化点加倍点操作步骤,提高了乘法器的硬件使用率;使用低计算复杂度的快速模约简实现模乘,提高了整体运算速度。为了使模L运算可复用标量乘中的快速模约简,该文提出一种基于Barrett约简的模L算法。通过优化解压过程中模幂操作过程,精简了步骤并使其可复用模乘。对所提架构做硬件实现,在TSMC的55 nm CMOS工艺下,面积为746×103等效门,最高频率360 MHz,每秒能够执行公钥生成9.06×104次、签名8.82×104次和验签3.99×104次。     

Pseudo 4D projective coordinate-based multi-base scalar multiplication

In order to address the problem of elliptic curve cryptosystem (ECC) for the expensive cost in scalar multiplication and the vulnerability to the power analysis attacks,a pseudo 4D projective coordinate-based multi-base scalar multiplication was proposed to optimize group operation layer and scalar multiplication operation layer,which aimed at increasing the performance of ECC and resisting common power analysis attacks.Experimental results show that compared with the state-of-the-art algorithms,the proposed algorithm decreases 5.71% of point doubling cost,3.17% of point tripling cost,and 8.74% of point quintupling cost under discrete group operations.When the key length is 160 bit,the proposed algorithm decreases 36.32% of point tripling cost,17.42% of point quintupling cost,and 8.70% of the system cost under continuous group operations.The analyzing of power consumption wave shows that the proposed algorithm can resist SPA and DPA attack.     

Improved Scalar Multiplication on Elliptic Curves Defined over F2mn

We propose two improved scalar multiplication methods on elliptic curves over F_qn where q = 2^m using Frobenius expansion. The scalar multiplication of elliptic curves defined over subfield F_q can be sped up by Frobenius expansion. Previous methods are restricted to the case of a small m. However, when m is small, it is hard to find curves having good cryptographic properties. Our methods are suitable for curves defined over medium‐sized fields, that is, 10 ≤ m ≤ 20. These methods are variants of the conventional multiple‐base binary (MBB) method combined with the window method. One of our methods is for a polynomial basis representation with software implementation, and the other is for a normal basis representation with hardware implementation. Our software experiment shows that it is about 10% faster than the MBB method, which also uses Frobenius expansion, and about 20% faster than the Montgomery method, which is the fastest general method in polynomial basis implementation.     

Efficient Recursive IDFT Scheme for Complex-valued Signals in Tap-selective Maximum-likelihood Channel Estimation

This paper presents several efficient, recursive inverse discrete Fourier transform (IDFT) schemes for complex-valued input data in tap-selective maximum-likelihood channel estimation; the results of their implementation are also presented. The proposed schemes employ only real-valued arithmetic, which reduces the number of required real multiplication operations in comparison with conventional IDFT approaches; however, the number of real additions increases significantly due to the sliding window scheme. The results show that the schemes can reduce the computational complexity and enhance flexibility when only several subsets of the IDFT output bins are required.     

Design of highly efficient elliptic curve crypto-processor with two multiplications over GF（2^163）

In this article, a parallel hardware processor is presented to compute elliptic curve scalar multiplication in polynomial basis representation. The processor is applicable to the operations of scalar multiplication by using a modular arithmetic logic unit (MALU). The MALU consists of two multiplications, one addition, and one squaring. The two multiplications and the addition or squaring can be computed in parallel. The whole computations of scalar multiplication over GF(2163) can be performed in 3 064 cycles. The simulation results based on Xilinx Virtex2 XC2V6000 FPGAs show that the proposed design can compute random GF(2163) elliptic curve scalar multiplication operations in 31.17 μs, and the resource occupies 3 994 registers and 15 527 LUTs, which indicates that the crypto-processor is suitable for high-performance application.     

Flexible Hardware Processor for Elliptic Curve Cryptography Over NIST Prime Fields

Exchange of private information over a public medium must incorporate a method for data protection against unauthorized access. Elliptic curve cryptography (ECC) has become widely accepted as an efficient mechanism to secure sensitive data. The main ECC computation is a scalar multiplication, translating into an appropriate sequence of point operations, each involving several modular arithmetic operations. We describe a flexible hardware processor for performing computationally expensive modular addition, subtraction, multiplication, and inversion over prime finite fields $GF(p)$ . The proposed processor supports all five primes $p$ recommended by NIST, whose sizes are 192, 224, 256, 384, and 521 bits. It can also be programmed to automatically execute sequences of modular arithmetic operations. Our field-programmable gate-array implementation runs at 60 MHz and takes between 4 and 40 ms (depending on the used prime) to perform a typical scalar multiplication.