有限素域上椭圆曲线模逆运算的设计与实现

在对四种不同类型的求模逆算法进行改进的基础上,提出了一种统一的有限素数域上的模逆运算结构。该结构结合这四种类型的模逆算法,通过选择信号完成Montgomery模逆或一般整数模逆运算,而不增加其它的硬件资源消耗。最后对该结构采用VHDL硬件描述语言进行了代码设计,并基于FPGA进行了编译综合和布局布线。实验结果表明该设计与采用两种不同结构分别计算的方案相比,节省近一半的硬件资源。     

GF(2m)上椭圆曲线密码协处理器的快速实现

在分析椭圆曲线密码体制的基础上,给出了椭圆曲线密码体制基本运算单元的硬件设计方案,基于FPGA实现了一种GF(2m)上椭圆曲线密码协处理器.采用双端口RAM技术完成了协处理器与微控制器的挂接,并且根据微控制器不同的指令调度,协处理器能够完成椭圆曲线密码体制5种基本运算操作.实现结果表明,该协处理器能够适应160≤m≤400范围内任意有限域的选取,能较好地满足数字签名和数据加解密中的应用要求.     

New Vistas in elliptic curve cryptography

The past 10 years have been witness to a sea change in the availability and distribution of high security cryptography for broad civilian applications. In this paper, we give a brief history of cryptography support in Windows and describe the upcoming architectural changes, including support for ECC, forthcoming in Windows Vista.     

Novel fault attack resistant architecture for elliptic curve cryptography

Hardware implementations of cryptosystems are susceptible to fault attacks. By analyzing the side channel information from implementation, the attacker can retrieve the secret information. Generally, in the hardware implementations, validations of results are reported at the end of the computation. If faults are injected at the input side of computation, all the computations performed afterward are wasteful and this is a potential situation which can leak the secret key information using side channel attacks. The current work proposes fault attack resistant implementation of an elliptic curve cryptosystem using a shared point validator unit, zero-one detector, and double coherence check by modified Montgomery Powering Ladder Algorithm. The architecture is robust to fault attacks along with power and area efficiency.     

一种基于FPGA的素域椭圆曲线标量乘结构

基于一种简化求商的高基Montgomery模乘流水化阵列结构,提出并实现了素域上椭圆曲线标量乘硬件结构。该结构采用修正的Jacobian坐标的点加和倍点算法以及Kaliski提出的Montgomery模逆的算法。实验结果表明,该结构与相关工作相比具有更好的性能。     

基于椭圆曲线密码体制的CDMA网络鉴权设计

由于我国并未掌握蜂窝鉴权与话音加密算法（CAVE）的实现,使得CDMA网络并未实现真正的安全。提出了一种基于椭圆曲线的CDMA网络鉴权方案,通过公钥签名机制完成对用户身份的识别和管理。与CAVE算法相比,该方案除具备自主知识产权外,还减轻了鉴权中心的负担。最后通过实验证明这种鉴权方案是完全可行的。     

基于椭圆曲线密码的智能电网通信认证协议

为了确保通信在智能电网中的安全可靠,越来越多的认证协议被应用在通信过程中。针对Mahmood等（MAHMOOD K,CHAUDHRY S A,NAQVI H,et al.An elliptic curve cryptography based lightweight authentication scheme for smart grid communication.Future Generation Computer Systems,2018,81：557-565）提出的认证协议,指出此协议易受到内部特权人员攻击,缺少更换口令阶段,对用户缺少亲和性,无法保证用户有唯一的用户名,并有一个公式的错误。为改进此协议,提出一个基于椭圆曲线的认证协议。首先,增加用户与设备之间的登录阶段,其次,利用椭圆曲线密码学难题进行信息交互,最后补充口令更换阶段。通过BAN逻辑形式化分析,改进协议安全可行,能抵挡住内部人员攻击,并具有口令更换、用户名唯一、对用户有亲和性的特点。     

基于椭圆曲线密码体制的XML盲签名方案

通过将XML数字签名技术延伸到盲签名,并在实现中使用椭圆曲线公钥密码算法,提出了基于椭圆曲线密码体制的XML盲签名方案,用实例阐述了该方案的实施流程,并分析了其安全性。该方案结合椭圆曲线密码体制和XML数字签名的优势,在实现保护用户匿名性的同时,扩大了XML数字签名在受限环境中的应用范围,提高了网络环境中信息交换的效率。     

PKI,elliptic curve cryptography,and digital signatures

Global electronic commerce (E-comm) necessitates a high degree of trust in its operation for widespread acceptance at government, enterprise and individual levels. In order to achieve this cryptographic systems must play a major part in the overall ‘trust-building’ cycle and, within the cryptography realm, public key cryptography has emerged over twenty years as the key element. However, public key cryptography requires a public key infrastructure to exist for it to become useful and for associated algorithms to be proven and accepted, particularly where those algorithms are used for ‘digital signature’ purposes. This paper assesses the situation in relation to differing models for such public key infrastructures that have emerged and also to differing algorithms that play a role in the creation and verification of digital signatures. An emphasis is placed on the emerging use of elliptic curve cryptography (ECC) as an alternative to more widely accepted public key algorithms. Overall, the need to allow for multiple algorithms is emphasized as being prudent and a safeguard against any unforeseen ‘cracking’ of a particular algorithm that may be in use. Both technical and policy parameters in this area are outlined in the paper. However, the paper concludes that lack of government, and particularly parliamentary, leadership and firm decision making in the area of public key infrastructure and associated legal and management regulation means that resulting reliance on market forces may simply cause disparate regimes to be created that will impede orderly global electronic commerce.     

基于椭圆曲线密码的RFID安全协议

为了能够解决RFID在用户安全、隐私等问题方面的安全隐患,提出了一种基于椭圆曲线密码的RFID安全协议.在椭圆曲线离散对数问题难解的基础上,与其它公钥密码体制相比,该协议的安全性能更高、密码长度更短且计算量更低.该协议运用基于椭圆曲线的DH密钥交换协议ECDH(elliptic curve Diffie-Hellman)与基于嵌入明文的加密方案,实现了保护RFID标签与读写器之间的数据交换;同时,通过对该协议的安全性分析以及与其它采用对称密钥体系的RFID协议的比较表明,该协议能够满足RFID系统的安全性要求.     

FPGA based hardware acceleration for elliptic curve public key cryptosystems

This paper addresses public key cryptosystems based on elliptic curves, which are aimed to high-performance digital signature schemes. Elliptic curve algorithms are characterized by the fact that one can work with considerably shorter keys compared to the RSA approach at the same level of security. A general and highly efficient method for mapping the most time-critical operations to a configurable co-processor is proposed. By means of real-time measurements the resulting performance values are compared to previously published state of the art hardware implementations.

A generator based approach is advocated for that purpose which supports application specific co-processor configurations in a flexible and straight forward way. Such a configurable CryptoProcessor has been integrated into a Java-based digital signature environment resulting in a considerable increase of its performance. The outlined approach combines in an unique way the advantages of mapping functionality to either hardware or software and it results in high-speed cryptosystems which are both portable and easy to update according to future security requirements.     

Isomorphic transformations of an elliptic curve over a finite field

Transformations of points of a nonsupersingular elliptic curve are selected as a promising method for the further development of cryptographic systems. Statements are proved on estimates of the number of isomorphic transformations of a nonsupersingular elliptic curve over an extension of a finite field. They vary depending on characteristics of the finite field. The estimates obtained can be used to improve elliptic curve cryptosystems.     

一个基于椭圆曲线密码的多服务器环境下三因子认证协议

随着多服务器环境应用的增多,为保证通信双方的信息安全,结合口令,智能卡和生物特征的三因子认证协议越来越多。最近,Chaudhry提出了一个基于椭圆曲线密码的三因子认证协议方案,文章分析此方案,指出其无法抵抗拒绝服务攻击,伪装攻击,用户没有唯一标识符,且无法成功更改口令。为解决这些安全缺陷,文章提出了一个改进的方案,更加合理的利用椭圆曲线数学难题,并使用模糊提取器来结合三因子。文章通过BAN逻辑形式化分析,和对已知攻击手段的分析,证明了改进的方案可行且安全。与Chandhry等方案相比,改进的方案更为安全和实用。     

A pairing-free certificateless digital multisignature scheme using elliptic curve cryptography

In a digital multisignature scheme, two or more signers are allowed to produce a single signature on a common message, which can be verified by anyone. In the literature, many schemes are available based on the public key infrastructure or identity-based cryptosystem with bilinear pairing and map-to-point (MTP) hash function. The bilinear pairing and the MTP function are time-consuming operations and they need a large super-singular elliptic curve group. Moreover, the cryptosystems based on them are difficult to implement and less efficient for practical use. To the best of our knowledge, certificateless digital multisignature scheme without pairing and MTP hash function has not yet been devised and the same objective has been fulfilled in this paper. Furthermore, we formally prove the security of our scheme in the random oracle model under the assumption that ECDLP is hard.     

椭圆曲线数字签名方案的研究与改进

椭圆曲线公钥密码体制以其特有的优越性被广泛应用于电子商务等领域.分析了椭圆曲线数字签名算法的优缺点,在构造签名方程的基础上,提出了一种新的无求逆的签名算法,通过理论证明和编程实验,验证了算法的有效性,简化了运算的复杂程度,同时保证了算法的安全性.     

An authenticated group key transfer protocol using elliptic curve cryptography

Several groupware applications like e-conferences, pay-per view, online games, etc. require a common session key to establish a secure communication among the group participants. For secure communication, such applications often need an efficient group key establishment protocol to construct a common session key for group communications. Conventional group key transfer protocols depends on mutually trusted key generation center (KGC) to generate and distribute the group key to each participant in each session. However, those approaches require extra communication overheads in the server setup. This paper presents an efficient and secure group key transfer protocol using elliptic curve cryptography (ECC). The proposed protocol demonstrates a novel group key transfer protocol, in which one of the group member plays the role of KGC (the protocol without an online KGC, which is based on elliptic curve discrete logarithm problem (ECDLP) and Shamir’s secret sharing scheme. The confidentiality of the proposed protocol is ensured by Shamir’s secret sharing, i.e., information theoretically secure and provides authentication using ECDLP. Furthermore, the proposed protocol resists against potential attacks (insider and outsider) and also significantly reduces the overheads of the system. The security analysis section of the present work also justifies the security attributes of the proposed protocol under various security assumptions.     

An area/performance trade-off analysis of a GF(2) multiplier architecture for elliptic curve cryptography

A hardware architecture for GF(2^m) multiplication and its evaluation in a hardware architecture for elliptic curve scalar multiplication is presented. The architecture is a parameterizable digit-serial implementation for any field order m. Area/performance trade-off results of the hardware implementation of the multiplier in an FPGA are presented and discussed.     

椭圆曲线密码中抗功耗分析攻击的标量乘改进方案

椭圆曲线标量乘法运算是椭圆曲线密码(ECC)体制中最主要的计算过程,标量乘法的效率和安全性一直是研究的热点。针对椭圆曲线标量乘运算计算量大且易受功耗分析攻击的问题,提出了一种抗功耗分析攻击的快速滑动窗口算法,在雅可比和仿射混合坐标系下采用有符号滑动窗口算法实现椭圆曲线标量乘计算,并采用随机化密钥方法抵抗功耗分析攻击。与二进制展开法、密钥分解法相比的结果表明,新设计的有符号滑动窗口标量乘算法计算效率、抗攻击性能有明显提高。     

A lightweight remote user authentication scheme for IoT communication using elliptic curve cryptography

Internet of things (IoT) has become a new era of communication technology for performing information exchange. With the immense increment of usage of smart devices, IoT services become more accessible. To perform secure transmission of data between IoT network and remote user, mutual authentication, and session key negotiation play a key role. In this research, we have proposed an ECC-based three-factor remote user authentication scheme that runs in the smart device and preserves privacy, and data confidentiality of the communicating user. To support our claim, multiple cryptographic attacks are analyzed and found that the proposed scheme is not vulnerable to those attacks. Finally, the computation and communication overheads of the proposed scheme are compared with other existing protocols to confirm that the proposed scheme is lightweight. A formal security analysis using AVISPA simulation tool has been done that confirms the proposed scheme is robust against relevant security threats.

     

基于BB84与椭圆曲线的数字签名方案

利用BB84协议在量子密钥分配过程中的安全性与椭圆曲线加密体制在经典加密算法中的优越性相结合,提出了一种基于BB84协议和椭圆曲线的数字签名方案,该方案利用量子密钥作为会话密钥从而使得签名过程高效、简易,此会话密钥在密钥分配过程中具备的可证明安全性与椭圆曲线加密体制的安全性相结合对该数字签名方案提供了双重安全保护,同时可以达到互相认证的效果。