关于椭圆曲线密码的实现

从实现的角度,讨论了椭圆曲线密码实现中的一些问题,涉及有限域的选择,高斯正规基,曲线的选择,点乘的计算方法,签名方案等实际问题。     

一种新型硬件可配置公钥制密码协处理器的VLSI实现

提出了一种新型的硬件可配置的密码协处理器，同时适用于GF(p)和GF(2^m)两种域，可以实现RSA和ECC两种目前主流的加密算法。同时又具备硬件可配置的特点，可以完成32—512bit的模乘运算而无需对硬件做任何修改。本文的密码协处理芯片用TSMC0．35μm标准单元库综合，可以工作在100MHz时钟下，等效单元45k等效门，512bit的模乘运算速度可以达到190kbit／s，一次椭圆曲线上的233bit的点加运算只需18μs。     

浅析椭圆曲线密码体制

椭圆曲线上的公钥密码体制能够提供与其他公钥密码体制相同的安全性,而使用的密钥长度却要短的多。介绍了椭圆曲线密码体制的数学基础,及其应用模型,并为计算椭圆曲线的阶提出了一个有效的算法。     

一种改进的椭圆曲线密码实现算法

椭圆曲线密码系统(ECC)与其他公钥体制相比,是迄今为止每比特具有最高安全强度的密码系统.椭圆曲线密码的算法研究的一个方向是进一步减少算法的运算量,以便于该算法在实际环境中应用.椭圆曲线上的倍点和数乘运算是椭圆曲线中核心运算,该文通过对计算过程的深入研究,推导了直接计算2mP,m≠1的公式,并从理论上分析直接计算所节省的计算量.进而对椭圆曲线密码的快速实现算法进行了相应的改进,所提出的新算法的性能随着直接计算2mP,m≠1中m的增大而提高,在极限情况下性能可比原算法提高30%,具有较大的应用价值.     

一种网络安全协处理器的椭圆曲线密码模块设计

提出了一种网络安全协处理器的椭圆曲线密码(ECC)模块设计方法,可以两个核共同完成多种椭圆曲线数字签名算法,而且支持多倍点、点加和点验证运算.在0.18μmCMOS工艺下,综合后关键路径为3.42ns、面积为3.58mm2.时钟频率为250MHz时,每秒完成770多次参数长度为192位椭圆曲线数字签名算法(ECDSA)的签名或者验证.     

ECC密码技术及其优越性

椭圆曲线密码体制是近年来兴起的一种性能优良的公钥密码体制，本文介绍了椭圆曲线密码体制的有关概念和基本理论，将它与其它公钥密码体制进行了比较，阐述了椭圆曲线密码体制的优越性。     

基于椭圆曲线密码数字签名的研究与实现

设计了一个基于椭圆曲线密码体制的数字签名方案,实现了该数字签名系统.     

Schoof算法及其在椭圆曲线密码体制中的应用

Schoof算法是一种确定性算法，用于计算有限域Fq上椭圆曲线上的点的个数#GF(q），详细介绍了Schoof算法，并应用它构造了一种方法随机生成安全的椭圆曲线，在此椭圆曲线上实现的加密系统可以抵抗Pohlig-Hellman攻击。     

A Survey of Cryptographic Primitives and Implementations for Hardware-Constrained Sensor Network Nodes

In a wireless sensor network environment, a sensor node is extremely constrained in terms of hardware due to factors such as maximizing lifetime and minimizing physical size and overall cost. Nevertheless, these nodes must be able to run cryptographic operations based on primitives such as hash functions, symmetric encryption and public key cryptography in order to allow the creation of secure services. Our objective in this paper is to survey how the existing research-based and commercial-based sensor nodes are suitable for this purpose, analyzing how the hardware can influence the provision of the primitives and how software implementations tackles the task of implementing instances of those primitives. As a result, it will be possible to evaluate the influence of provision of security in the protocols and applications/scenarios where sensors can be used.

Multidimensional Exploration of Software Implementations for DSP Algorithms

When implementing software for programmable digital signal processors (PDSPs), the design space is defined by a complex range of constraints and optimization objectives. Three implementation metrics that are crucial in many PDSP applications are the program memory requirement (code size), data memory requirement, and execution time. This paper addresses the problem of exploring the 3-dimensional space of trade-offs that is defined by these crucial metrics. Given a software library for a target PDSP, and a dataflow-based block diagram specification of a DSP application in terms of this library, our objective in this paper is to compute a full range of Pareto-optimal solutions. For solving this multi-objective optimization problem, an evolutionary algorithm based approach is applied. We illustrate our techniques by analyzing the trade-off fronts of a practical application for a number of well-known, commercial PDSPs.     

面向密码算法的大位宽比特置换操作高速实现方案

针对面向字级优化的通用处理器,在应对密码算法中大位宽比特置换操作时效率较低的问题,该文提出2N-2N和kN-kN(k2)的大位宽比特置换操作高速实现方案。并针对方案中涉及的比特提取和比特提取-移位两种操作,分别提出专用扩展指令BEX, BEX-ROT。在此基础上,对专用指令硬件架构的高效设计进行研究,提出一种基于Inverse Butterfly网络统一硬件架构-RERS(Reconfigurable Extract and Rotation Shifter)及相应可重构路由算法,以最大限度地共享硬件资源,减小电路面积。实验结果表明,所提方案能够将处理器架构执行大位宽比特置换操作的指令条数缩减约10倍,大幅提升其处理效率。同时,由专用指令所带来的硬件资源开销和延迟开销均较低,不会影响到原架构正常工作频率。     

基于国产密码算法的数控网络的认证与验证模型研究及安全评估

该文针对工业控制系统安全,提出面向数控系统(NCS)网络安全保护技术框架,选用国产密码系列算法中的SM2, SM3, SM4算法,设计并建立了数控网络(CNC)认证与验证模型(AUTH-VRF),分内外两层为数控网络提供安全防护。外层为数控网络设备间通信与传输进行安全认证实现网段隔离,内层验证通信协议完整性以确保现场设备接收运行程序的正确性与有效性;通过基于SM2, SM3, SM4算法设计和部署的外层防护装置,为分布式数控(DNC)设备与数控系统之间的通信提供身份认证与文件加密传输;同时针对工业控制网络的S7Comm工业通信协议数据,通过SM3算法验证专有工业协议数据完整性。通过网络攻击实验证明,AUTH-VRF模型可以为数控网络中工业生产数据提供有效的安全认证和资源完整性保护,为满足我国关键基础设施“国内、国外工业控制系统产品共同安全可控”和“安全技术深入工业控制系统各个层级”的需求提供了实际可行的技术参考方案。     

A Survey of VLSI Implementations of Tree Search Algorithms for MIMO Detection

Multiple-input multiple-output (MIMO) detection algorithms have received considerable research interest in recent years, as a result of the increasing need for high data-rate communications. Detection techniques range from the low-complexity linear detectors to the maximum likelihood detector, which scales exponentially with the number of transmit antennas. In between these two extremes are the tree search (TS) algorithms, such as the popular sphere decoder, which have emerged as attractive choices for implementing MIMO detection, due to their excellent performance-complexity trade-offs. In this paper, we survey some of the state-of-the-art VLSI implementations of TS algorithms and compare their results using various metrics such as the throughput and power consumption. We also present notable contributions that have been made in the last three decades in implementing TS algorithms for MIMO detection, especially with respect to achieving low-complexity, high-throughput designs. Finally, a number of design considerations and trade-offs for implementing MIMO detectors in hardware are presented.     

适用于智能电网的EPON

针对电力通信网络骨干网强、接入网弱的现状,介绍了烽火通信开发的高带宽、长传输距离、环境适应性强的以太网无源光网络（EPON）,以及电力配电自动化及用电信息采集一体化解决方案和PFTTH解决方案。     

On the Throughput of Channel Access Algorithms with Limited Sensing

We consider some access protocols for Aloha type multiaccess channels. We argue, and show in an important case, that they can be modified to allow new transmitters to join the system at arbitrary times. This feature, known as "limited sensing" or "continuous entry," need not reduce throughput performances. In the case presented, the modified algorithm is also robust with respect to feedback errors.     

New Algorithms for Network Optimization

Two new alogrithms suitable for computer-aided optimization of networks are presented. They are both based on the nonlinear least /spl rho/th approximation approach, which has been successfully applied by the authors to microwave network design problems requiring minimax or near-minimax solutions. A basic difference here is that, instead of requiring very large values of /spl rho/, any finite value of /spl rho/, greater than 1 can be used to produce extremely accurate minimax solutions. This paper discusses a six-variable transformer example where values of /spl rho/ equal to 2, 4, 6, 10, 100, 1000, and 10 000 have all been used separately to obtain substantially the same solution. Both the adjoint network method for gradient evaluation and the Fletcher method are employed for greater efficiency. Comparisons with the razor search and grazer search methods are made. Some far-reaching observations concerning minimax design are also made.     

一种适用于帧中继网络的加密器

简述帧中继网络可能受到的攻击和为了对抗这些威胁而采用的安全设备—FPX4802/DES。