高性能Ed25519算法硬件架构设计与实现

针对签名验签速度难以满足特定应用领域需求的问题，该文设计了一种高性能Ed25519算法的硬件实现架构。采用宽度为2 bit的窗口法实现标量乘运算，减少了标量乘所需的总周期数；通过优化点加倍点操作步骤，提高了乘法器的硬件使用率；使用低计算复杂度的快速模约简实现模乘，提高了整体运算速度。为了使模L运算可复用标量乘中的快速模约简，该文提出一种基于Barrett约简的模L算法。通过优化解压过程中模幂操作过程，精简了步骤并使其可复用模乘。对所提架构做硬件实现，在TSMC的55 nm CMOS工艺下，面积为746×103等效门，最高频率360 MHz，每秒能够执行公钥生成9.06×104次、签名8.82×104次和验签3.99×104次。

High-performance Hardware Architecture Design and Implementation of Ed25519 Algorithm

The speed of existing signature and verification architecture is difficult to meet the requirement of the specific applications domain, to solve this problem a high-performance hardware architecture of Ed25519 algorithm is developed. The scalar multiplication algorithm is implemented by using the window method with 2 bit width to reduce the total cycle numbers of the algorithm significantly. By optimizing the order of operations of point addition and point doubling, the hardware utilization rate of multiplier is improved. The module multiplication is realized by using fast module reduction with low computational complexity, thus the overall operation speed is improved. The modular L algorithm based on Barrett reduction is proposed to reuse the fast modular reduction in scalar multiplications. By optimizing the modular power computation in the decompression process, the steps are simplified and the modular multiplication can be reused. Under the TSMC 55 nm CMOS process, the area of the proposed hardware architecture is 7.46×105 equivalent gate, and the maximum frequency is up to 360 MHz. It can perform 9.06×104 key generations, 8.82×104 signatures and 3.99×104 verifications per second.