Nothing Special   »   [go: up one dir, main page]

CN114531241B - Data encryption method and device, electronic equipment using data encryption method and storage medium - Google Patents

Data encryption method and device, electronic equipment using data encryption method and storage medium Download PDF

Info

Publication number
CN114531241B
CN114531241B CN202210429372.0A CN202210429372A CN114531241B CN 114531241 B CN114531241 B CN 114531241B CN 202210429372 A CN202210429372 A CN 202210429372A CN 114531241 B CN114531241 B CN 114531241B
Authority
CN
China
Prior art keywords
coordinate
window
calculation
variable
reference coordinate
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202210429372.0A
Other languages
Chinese (zh)
Other versions
CN114531241A (en
Inventor
赵东艳
臧仕平
李德建
于艳艳
李建阳
成嵩
冯曦
邵瑾
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
State Grid Corp of China SGCC
Beijing Smartchip Microelectronics Technology Co Ltd
Original Assignee
State Grid Corp of China SGCC
Beijing Smartchip Microelectronics Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by State Grid Corp of China SGCC, Beijing Smartchip Microelectronics Technology Co Ltd filed Critical State Grid Corp of China SGCC
Priority to CN202210429372.0A priority Critical patent/CN114531241B/en
Priority to CN202210945567.0A priority patent/CN115276994A/en
Publication of CN114531241A publication Critical patent/CN114531241A/en
Application granted granted Critical
Publication of CN114531241B publication Critical patent/CN114531241B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Mathematical Physics (AREA)
  • General Physics & Mathematics (AREA)
  • Mathematical Analysis (AREA)
  • Mathematical Optimization (AREA)
  • Physics & Mathematics (AREA)
  • Pure & Applied Mathematics (AREA)
  • Algebra (AREA)
  • Computing Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Complex Calculations (AREA)
  • Storage Device Security (AREA)

Abstract

The embodiment of the disclosure relates to the field of data processing, and discloses a data encryption method, a data encryption device, electronic equipment using the method and a storage medium, which solve the problems of low calculation efficiency due to bit-by-bit calculation. The data encryption method comprises the following steps: acquiring a first coordinate and a first bit vector of a specified curve; obtaining a reference coordinate set based on the first coordinate of the designated curve, wherein the reference coordinate set comprises a first reference coordinate, a second reference coordinate, a third reference coordinate and a reference multiple coordinate; dividing a first bit vector into second bit vectors, wherein the length of each second bit vector is a specific window length which is larger than 1 bit; and performing multiply-add calculation on the basis of the reference coordinates in the reference coordinate group window by window according to the value of the second bit vector to obtain a second coordinate, wherein the second coordinate is encrypted data obtained by encrypting the first bit vector on the basis of the specified curve, so that the operating efficiency of the Montgomery ladder method is improved.

Description

Data encryption method and device, electronic equipment using data encryption method and storage medium
Technical Field
The present disclosure relates to the field of data processing, and in particular, to a data encryption method and apparatus, and an electronic device and a storage medium using the method.
Background
In the fields of data processing, computer communication, and the like, encryption is often performed using, for example, a specific curve, an RSA algorithm, and the like.
In the operation process of encrypting by using a specific curve, the time spent by the point multiplication operation of a non-fixed point is the longest, and the current mainstream optimization method on a common processor is mainly a window method, because the method consumes less resources and is suitable for most applications. However, in the ultra-high speed cryptographic chip and the cloud application popularized in the future, more resource overhead can be provided, so that the Montgomery ladder method is more suitable. However, the current Montgomery ladder method is not optimized much.
In cryptographic calculations such as RSA, the Montgomery ladder method is also used to perform modular exponentiation, i.e. M is calculated using the Montgomery ladder method on the input base M and the exponential binary vector e e . The specific implementation of the modular exponentiation operation includes a modular multiplication operation. The prior art optimizes the Montgomery ladder method by firstly performing integer operation, and optimizing two times of modular multiplication operation into one time of modular operation during the modular multiplication operation, but the times of multiplication operation in the prior art are not reduced, and the length of data for modular operation is doubled due to two times of multiplication in succession, and the time for one time of modular operation is also prolonged. In the existing Montgomery ladder method for elliptic curve encryption and modular exponentiation calculation, bit-by-bit calculation is needed, and the calculation efficiency is low.
It will be appreciated by those skilled in the art that other modular exponentiation algorithms than the RSA algorithm also face the same problem. The same problem is faced in montgomery ladder methods used in other fields of encryption.
Disclosure of Invention
In order to solve corresponding technical problems in the technical field, embodiments of the present disclosure provide a data encryption method and apparatus, an electronic device using the method, and a storage medium.
According to a first aspect of the present disclosure, an encryption method for specifying a curve is provided in an embodiment of the present disclosure, which includes:
acquiring a first coordinate and a first bit vector of a specified curve;
obtaining a reference coordinate set based on the first coordinate of the designated curve, wherein the reference coordinate set comprises a first reference coordinate, a second reference coordinate, a third reference coordinate and a reference multiple coordinate;
dividing the first bit vector into second bit vectors, wherein the length of each second bit vector is a specific window length which is larger than 1 bit;
and performing multiply-add calculation on the basis of the reference coordinates in the reference coordinate set window by window according to the value of the second bit vector to obtain a second coordinate, wherein the second coordinate is encrypted data obtained by encrypting the first bit vector on the basis of the specified curve.
In combination with the first aspect of the present disclosure, in a first implementation form of the first aspect,
the multiply-add calculation includes: calculating a multiple point and a point addition; and/or
A first reference coordinate in the reference coordinate set is an infinite point coordinate; and/or
A second reference coordinate in the reference coordinate set is a first coordinate of the designated curve; and/or
The third reference coordinate in the reference coordinate group is obtained by point subtraction calculation of the second reference coordinate and the first reference coordinate; and/or
And the reference multiple coordinates in the reference coordinate group are calculated by integral multiple points of the third reference coordinate.
In combination with the first implementation manner of the first aspect of the present disclosure, in a second implementation manner of the first aspect,
under the condition that the length of the specific window is 2 bits, the reference multiple coordinate is obtained by calculating the third reference coordinate and a negative 1-time point of the third reference coordinate; and/or
Under the condition that the specific window length is 4 bits, the reference multiple coordinate is formed by the following calculation results: from a minus 8-fold point calculation result to an 8-fold point calculation result of the third reference coordinate.
In combination with the second implementation manner of the first aspect of the present disclosure, in a third implementation manner of the first aspect,
under the condition that the specific window length is 2 bits, the multiplication and addition calculation comprises the following steps:
in the said window, the window is provided with a window,
under the condition that the value of the second bit vector is "00" or "11",
performing double-point calculation on the first reference coordinate or the second reference coordinate twice to obtain a first output coordinate in a window;
performing point addition calculation on the first output coordinate in the window and the reference multiple coordinate to obtain a second output coordinate in the window;
and taking the first output coordinate in the window and the second output coordinate in the window as the input of the calculation of the next window, and respectively assigning values to the first reference coordinate and the second reference coordinate in the next window.
In combination with the third implementation of the first aspect of the present disclosure, in a fourth implementation of the first aspect,
under the condition that the specific window length is 2 bits, the multiply-add calculation further includes:
in the said window, the window is provided with a window,
under the condition that the value of the second bit vector is "01" or "10",
performing point addition calculation on the first reference coordinate and the second reference coordinate;
performing point doubling calculation on the result of the point addition calculation to obtain a third output coordinate in the window;
performing point addition calculation on the third output coordinate in the window and the reference multiple coordinate to obtain a fourth output coordinate in the window;
and taking the third output coordinate in the window and the fourth output coordinate in the window as the input of the calculation of the next window, and respectively assigning values to the first reference coordinate and the second reference coordinate in the next window.
With reference to the fourth implementation manner of the first aspect of the present disclosure, in a fifth implementation manner of the first aspect, the multiply-add calculation further includes:
and after the calculation of all the windows is finished, taking the first output coordinate in the last window or the third output coordinate in the last window as the second coordinate.
In combination with the second implementation manner of the first aspect of the present disclosure, in a sixth implementation manner of the first aspect,
under the condition that the specific window length is 4 bits, the multiplication and addition calculation comprises the following steps:
performing four times of point calculation on the first reference coordinate or the second reference coordinate in the window;
performing point addition calculation on the result of the fourth time point calculation and the reference multiple coordinate to obtain a fifth output coordinate in the window and a sixth output coordinate in the window;
and taking the fifth output coordinate in the window and the sixth output coordinate in the window as the input of the calculation of the next window, and respectively assigning values to the first reference coordinate and the second reference coordinate in the next window.
With reference to the sixth implementation manner of the first aspect of the present disclosure, in a seventh implementation manner of the first aspect, the multiply-add calculation further includes:
and after the calculation of all the windows is finished, taking a fifth output coordinate in the last window as the second coordinate.
In combination with the sixth implementation manner of the first aspect of the present disclosure, in an eighth implementation manner of the first aspect,
the four times of dot calculation is realized by continuous dot calculation.
In combination with the first aspect of the present disclosure, in a ninth implementation form of the first aspect,
the specified curve is an elliptic curve.
In a second aspect, an embodiment of the present disclosure provides an encrypted data processing method, including:
acquiring a first base number and a first exponential vector of the modular exponentiation calculation;
initializing a reference variable set based on the first base number, the reference variable set comprising: a first variable, a second variable, a third variable, and a fourth variable;
dividing the first exponential vector into a second exponential vector, wherein the length of the second exponential vector is a specific window length which is larger than 1 bit, and the first exponential vector and the second exponential vector are bit vectors;
and performing multiple square calculation on the first variable or the second variable in the reference variable group window by window according to the value of the second index vector, and performing modular multiplication operation on the result of the multiple square calculation and the third variable or the fourth variable in the reference variable group to obtain an output variable, wherein the output variable is used for encrypting data.
In combination with the second aspect of the present disclosure, in a first implementation manner of the second aspect,
the specific window length is 4 bits.
With reference to the first implementation manner of the second aspect of the present disclosure, in a second implementation manner of the second aspect, the initializing a reference variable group based on the first base number includes:
initializing a first variable, initializing a second variable according to the first base number, and calculating a third variable and a fourth variable by using the first variable and the second variable.
In combination with the second implementation manner of the second aspect of the present disclosure, in a third implementation manner of the second aspect,
said calculating a third variable and a fourth variable using said first variable and said second variable comprises:
calculating an inverse variable of the first variable, calculating the third variable using a result of a power calculation of the inverse variable of the first variable and a result of a power calculation of the second variable,
and calculating an inverse variable of the second variable, and calculating the fourth variable by using a result of the power calculation of the first variable and a result of the power calculation of the inverse variable of the second variable.
In combination with the first implementation manner of the second aspect of the present disclosure, in a fourth implementation manner of the second aspect,
performing multiple square calculations on the first variable or the second variable in the reference variable group window by window according to the value of the second index vector, and performing modular multiplication operation on the result of the multiple square calculations and the third variable or the fourth variable in the reference variable group to obtain an output variable, wherein the step of performing the modular multiplication operation on the result of the multiple square calculations and the third variable or the fourth variable in the reference variable group comprises:
in the said window, the window is provided with a window,
under the condition that the value of the second index vector is "0000" to "0111",
performing quadratic calculation on a first variable in the reference variable group, and performing modular multiplication operation on a result of the quadratic calculation and a third variable or a fourth variable in the reference variable group to obtain a first output variable in a window and a second output variable in the window;
taking the first output variable in the window and the second output variable in the window as the input of the calculation of the next window, assigning values to the first variable and the second variable in the next window, and/or
Under the condition that the value of the second index vector is from "1000" to "1111",
performing quadratic calculation on a second variable in the reference variable group, and performing modular multiplication operation on a result of the quadratic calculation and a third variable or a fourth variable in the reference variable group to obtain a third output variable in the window and a fourth output variable in the window;
and taking the third output variable in the window and the fourth output variable in the window as the input of the calculation of the next window, and assigning values to the first variable and the second variable in the next window.
In combination with the fourth implementation of the second aspect of the present disclosure, in a fifth implementation of the second aspect,
performing multiple square calculation on the first variable or the second variable in the reference variable group window by window according to the value of the second index vector, and performing modular multiplication operation on the result of the multiple square calculation and the third variable or the fourth variable in the reference variable group to obtain an output variable, further comprising:
and after the calculation of all the windows is finished, taking the first output variable in the last window or the third output variable in the last window as the output variable.
In a third aspect, an encryption apparatus for specifying a curve is provided in this disclosed embodiment, and includes:
the first coordinate and bit vector acquisition module is used for acquiring a first coordinate and a first bit vector of the specified curve;
the first initialization module is used for obtaining a reference coordinate set based on the first coordinate of the designated curve, and the reference coordinate set comprises a first reference coordinate, a second reference coordinate, a third reference coordinate and a reference multiple coordinate;
a first bit vector dividing module, configured to divide the first bit vector into second bit vectors, where the length of the second bit vector is greater than a specific window length of 1 bit;
and the multiplication and addition calculation module is used for carrying out multiplication and addition calculation on the basis of the reference coordinates in the reference coordinate set window by window according to the value of the second bit vector to obtain a second coordinate, and the second coordinate is encrypted data obtained by encrypting the first bit vector on the basis of the specified curve.
With reference to the third aspect of the present disclosure, in a first implementation manner of the third aspect,
the multiply-add calculation includes: calculating a multiple point and a point addition; and/or
A first reference coordinate in the reference coordinate set is an infinite point coordinate; and/or
A second reference coordinate in the reference coordinate set is a first coordinate of the designated curve; and/or
The third reference coordinate in the reference coordinate group is obtained by point subtraction calculation of the second reference coordinate and the first reference coordinate; and/or
And the reference multiple coordinates in the reference coordinate group are calculated by integral multiple points of the third reference coordinate.
With reference to the first implementation manner of the third aspect of the present disclosure, in a second implementation manner of the third aspect,
under the condition that the length of the specific window is 2 bits, the reference multiple coordinate is obtained by calculating the third reference coordinate and a negative 1-time point of the third reference coordinate; and/or
Under the condition that the specific window length is 4 bits, the reference multiple coordinate is formed by the following calculation results: from a minus 8-fold point calculation result to an 8-fold point calculation result of the third reference coordinate.
With reference to the second implementation manner of the third aspect of the present disclosure, in a third implementation manner of the third aspect,
under the condition that the specific window length is 2 bits, the multiply-add calculation module is further configured to:
in the said window, the window is provided with a window,
under the condition that the value of the second bit vector is "00" or "11",
performing double-point calculation on the first reference coordinate or the second reference coordinate twice to obtain a first output coordinate in a window;
performing point addition calculation on the first output coordinate in the window and the reference multiple coordinate to obtain a second output coordinate in the window;
and taking the first output coordinate in the window and the second output coordinate in the window as the input of the calculation of the next window, and respectively assigning values to the first reference coordinate and the second reference coordinate in the next window.
With reference to the third implementation manner of the third aspect of the present disclosure, in a fourth implementation manner of the third aspect,
under the condition that the specific window length is 2 bits, the multiply-add calculation module is further configured to:
in the said window, the window is provided with a window,
under the condition that the value of the second bit vector is "01" or "10",
performing point addition calculation on the first reference coordinate and the second reference coordinate;
performing point doubling calculation on the result of the point addition calculation to obtain a third output coordinate in the window;
performing point addition calculation on the third output coordinate in the window and the reference multiple coordinate to obtain a fourth output coordinate in the window;
and taking the third output coordinate in the window and the fourth output coordinate in the window as the input of the calculation of the next window, and respectively assigning values to the first reference coordinate and the second reference coordinate in the next window.
With reference to the fourth implementation manner of the third aspect of the present disclosure, in a fifth implementation manner of the third aspect, the multiply-add calculating module is further configured to:
and after the calculation of all the windows is finished, taking the first output coordinate in the last window or the third output coordinate in the last window as the second coordinate.
With reference to the second implementation manner of the third aspect of the present disclosure, in a sixth implementation manner of the third aspect,
under the condition that the specific window length is 4 bits, the multiply-add calculation module is configured to:
performing four times of point calculation on the first reference coordinate or the second reference coordinate in the window;
performing point addition calculation on the result of the fourth time point calculation and the reference multiple coordinate to obtain a fifth output coordinate in the window and a sixth output coordinate in the window;
and taking the fifth output coordinate in the window and the sixth output coordinate in the window as the input of the calculation of the next window, and respectively assigning values to the first reference coordinate and the second reference coordinate in the next window.
With reference to the sixth implementation manner of the third aspect of the present disclosure, in a seventh implementation manner of the third aspect, the multiply-add calculating module is further configured to:
and after the calculation of all the windows is finished, taking a fifth output coordinate in the last window as the second coordinate.
With reference to the fifth implementation manner of the third aspect of the present disclosure, in an eighth implementation manner of the third aspect,
the four times of dot calculation is realized by continuous dot calculation.
With reference to the third aspect of the present disclosure, in a ninth implementation manner of the third aspect,
the specified curve is an elliptic curve.
In a fourth aspect, an embodiment of the present disclosure provides an encrypted data processing apparatus, including:
the first base number and exponent bit vector acquisition module is used for acquiring a first base number and a first exponent vector of modular exponentiation calculation;
a second initialization module, configured to initialize a reference variable group based on the first base number, where the reference variable group includes: a first variable, a second variable, a third variable, and a fourth variable;
a first exponent vector dividing module, configured to divide the first exponent vector into second exponent vectors, where the length of the second exponent vector is a specific window length greater than 1 bit, and the first exponent vector and the second exponent vectors are bit vectors;
and the square and modular multiplication operation module is used for carrying out square calculation on the first variable or the second variable in the reference variable group window by window according to the value of the second index vector, and carrying out modular multiplication operation on the result of the square calculation and the third variable or the fourth variable in the reference variable group to obtain an output variable, wherein the output variable is used for encrypting data.
In combination with the fourth aspect of the present disclosure, in a first implementation manner of the fourth aspect,
the specific window length is 4 bits.
In combination with the first implementation manner of the fourth aspect of the present disclosure, in the second implementation manner of the fourth aspect,
the second initialization module is configured to:
initializing a first variable, initializing a second variable according to the first base number, and calculating a third variable and a fourth variable by using the first variable and the second variable.
In combination with the second implementation manner of the fourth aspect of the present disclosure, in a third implementation manner of the fourth aspect,
said calculating a third variable and a fourth variable using said first variable and said second variable comprises:
calculating an inverse variable of the first variable, calculating the third variable using a result of a power calculation of the inverse variable of the first variable and a result of a power calculation of the second variable,
and calculating an inverse variable of the second variable, and calculating the fourth variable by using a result of the power calculation of the first variable and a result of the power calculation of the inverse variable of the second variable.
In combination with the first implementation manner of the fourth aspect of the present disclosure, in a fourth implementation manner of the fourth aspect,
the square and modular multiplication operation module is used for:
in the said window, the window is provided with a window,
under the condition that the value of the second index vector is from "0000" to "0111",
performing quadratic calculation on a first variable in the reference variable group, and performing modular multiplication operation on a result of the quadratic calculation and a third variable or a fourth variable in the reference variable group to obtain a first output variable in a window and a second output variable in the window;
taking the first output variable in the window and the second output variable in the window as the input of the calculation of the next window, assigning values to the first variable and the second variable in the next window, and/or
Under the condition that the value of the second index vector is from "1000" to "1111",
performing quadratic calculation on a second variable in the reference variable group, and performing modular multiplication operation on a result of the quadratic calculation and a third variable or a fourth variable in the reference variable group to obtain a third output variable in the window and a fourth output variable in the window;
and taking the third output variable in the window and the fourth output variable in the window as the input of the calculation of the next window, and assigning values to the first variable and the second variable in the next window.
In combination with the fourth implementation manner of the fourth aspect of the present disclosure, in a fifth implementation manner of the fourth aspect,
the square and modular multiplication module is further configured to:
and after the calculation of all the windows is finished, taking the first output variable in the last window or the third output variable in the last window as the output variable.
In a fifth aspect, the present disclosure provides an electronic device, including a memory and a processor, where the memory is configured to store one or more computer instructions, where the one or more computer instructions are executed by the processor to implement the method according to any one of the first aspect, the first implementation manner of the first aspect to the ninth implementation manner of the first aspect, the second aspect, and the first implementation manner of the second aspect to the fifth implementation manner of the second aspect.
In a sixth aspect, an embodiment of the present disclosure provides a computer-readable storage medium, on which computer instructions are stored, where the computer instructions are executed by a processor to implement the method according to the first aspect, the first implementation manner of the first aspect to the ninth implementation manner of the first aspect, the second aspect, and the first implementation manner of the second aspect to the fifth implementation manner of the second aspect.
In a seventh aspect, an embodiment of the present disclosure provides a chip, configured to execute an instruction, where the instruction is executed by the chip to implement the method according to the first aspect, the first implementation manner of the first aspect to the ninth implementation manner of the first aspect, the second aspect, and the first implementation manner of the second aspect to the fifth implementation manner of the second aspect.
The technical scheme provided by the embodiment of the disclosure can have the following beneficial effects:
according to the technical scheme provided by the embodiment of the disclosure, a first coordinate and a first bit vector of a designated curve are obtained; obtaining a reference coordinate set based on the first coordinate of the designated curve, wherein the reference coordinate set comprises a first reference coordinate, a second reference coordinate, a third reference coordinate and a reference multiple coordinate; dividing the first bit vector into second bit vectors, wherein the length of each second bit vector is a specific window length which is larger than 1 bit; and performing multiply-add calculation on the basis of the reference coordinates in the reference coordinate group window by window according to the value of the second bit vector to obtain a second coordinate, wherein the second coordinate is encrypted data obtained by encrypting the first bit vector on the basis of the specified curve, so that the operating efficiency of the Montgomery ladder method is improved.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the disclosure.
Drawings
Other features, objects, and advantages of the present disclosure will become more apparent from the following detailed description of non-limiting embodiments when taken in conjunction with the accompanying drawings. In the drawings.
Fig. 1 shows a flow diagram of an encryption method for specifying a curve according to an embodiment of the present disclosure.
Fig. 2 shows a flowchart when step S104 is 00 or 11 in a 2-bit window according to the embodiment described in fig. 1.
Fig. 3 shows a flow chart when step S104 is 01 or 10 in a 2-bit window according to the embodiment described in fig. 1.
Fig. 4 shows a flowchart in which step S104 is implemented with a 4-bit window according to the embodiment described in fig. 1.
Fig. 5 shows a flow diagram of an encrypted data processing method according to an embodiment of the present disclosure.
Fig. 6 shows a flow chart when step S504 is 0000 to 0111 in a 4-bit window according to the embodiment of fig. 5.
Fig. 7 shows a flowchart when step S504 is 1000 to 1111 in the 4-bit window according to the embodiment described in fig. 5.
Fig. 8 is a block diagram illustrating an encryption apparatus for specifying a curve according to an embodiment of the present disclosure.
Fig. 9 shows a block diagram of an encrypted data processing apparatus according to an embodiment of the present disclosure.
Fig. 10 shows a block diagram of an electronic device according to an embodiment of the present disclosure.
FIG. 11 shows a schematic block diagram of a computer system suitable for use in implementing a method according to an embodiment of the present disclosure.
Detailed Description
Hereinafter, exemplary embodiments of the present disclosure will be described in detail with reference to the accompanying drawings so that those skilled in the art can easily implement them. Furthermore, parts that are not relevant to the description of the exemplary embodiments have been omitted from the drawings for the sake of clarity.
It should be further noted that the embodiments and labels in the embodiments of the present disclosure may be combined with each other without conflict. The present disclosure will be described in detail below with reference to the accompanying drawings in conjunction with embodiments.
In the fields of communications, computers, and the like, for example, elliptic curves, RSA algorithms, and the like are used in many cases for encryption.
In the operation process of encrypting by using a specific curve, the time spent by the point multiplication operation of a non-fixed point is the longest, and the current mainstream optimization method on a common processor is mainly a window method, because the method consumes less resources and is suitable for most applications. However, in the ultra-high speed cryptographic chip and the cloud application popularized in the future, more resource overhead can be provided, so that the Montgomery ladder method is more suitable. However, the current Montgomery ladder method is not optimized much.
In cryptographic calculations such as RSA, the Montgomery ladder method is also used to perform modular exponentiation, i.e., M is calculated using the Montgomery ladder method on the input base M and the exponent binary vector e e . The specific implementation of the modular exponentiation operation includes a modular multiplication operation. The optimization of the Montgomery ladder method in the prior art is to perform integer operation first, and optimize twice modular multiplication operation into once modular operation during modular multiplication operation, but the times of multiplication operation in the prior art are not reduced, and the length of data for modular calculation is doubled due to two times of multiplication in succession, and once modular calculation is performedThe time of the modular operation is also longer, in the existing Montgomery ladder method for elliptic curve encryption and modular exponentiation calculation, the calculation needs to be carried out bit by bit, and the calculation efficiency is low.
It will be appreciated by those skilled in the art that other modular exponentiation algorithms than the RSA algorithm also face the same problem. The same problem is faced in montgomery ladder methods used in other fields of encryption.
To solve the above problems, the present disclosure proposes a data encryption method, an apparatus, an electronic device using the method, and a storage medium.
In the embodiment of the present disclosure, for the encryption time modular exponentiation operation such as the RSA method, a base number M and an exponential binary vector e such as 1024 bits in length are input, and M is calculated by using the montgomery ladder method in which the specific window length is 4 bits e
It will be understood by those skilled in the art that the exponent binary vector e may have other bit lengths, such as 256 bits or 512 bits, etc., and the specific window length may have other lengths, such as 2 bits or 8 bits, etc., and the disclosure is not limited thereto.
In the embodiment of the present disclosure, first, initialization is performed, and the following calculation is performed:
t 0,0 = 1
t 1,0 = M
calculating t 0,0 -1
X = t 0,0 -1 t 1,0
X 2 = t 0,0 -2 t 1,0 2
X 3 = X*X 2 = t 0,0 -3 t 1,0 3
X 4 = (X 2 ) 2 = t 0,0 -4 t 1,0 4
X 5 = X 2 *X 3 = t 0,0 -5 t 1,0 5
X 6 = (X 3 ) 2 = t 0,0 -6 t 1,0 6
X 7 = X 3 *X 4 = t 0,0 -7 t 1,0 7
X 8 = (X 4 ) 2 = t 0,0 -8 t 1,0 8
Calculating t 1,0 -1
Y = t 0,0 t 1,0 -1
Y 2 = t 0,0 2 t 1,0 -2
Y 3 = Y*Y 2 = t 0,0 3 t 1,0 -3
Y 4 = (Y 2 ) 2 = t 0,0 4 t 1,0 -4
Y 5 = Y 2 *Y 3 = t 0,0 5 t 1,0 -5
Y 6 = (Y 3 ) 2 = t 0,0 6 t 1,0 -6
Y 7 = Y 3 *Y 4 = t 0,0 7 t 1,0 -7
Y 8 = (Y 4 ) 2 = t 0,0 8 t 1,0 -8
In the embodiment of the present disclosure, the obtained reference variable group t is initialized 0,0 、t 1,0 、t 0,0 -1 、X ~X 8 、t 1,0 -1 、Y ~Y 8 The method can be directly used for subsequent operation in the window so as to improve the operation efficiency. The initialization process only uses 2 times of inverse operation, and the initialization efficiency is improved.
In the embodiment of the disclosure, for the ith window (0 ≦ i ≦ 255), 4 bits of e are (e) 4i+3 ,e 4i+2 ,e 4i+1 ,e 4i ). For different (e) 4i+3 ,e 4i+2 ,e 4i+1 ,e 4i ) Taking values, respectively carrying out the following operations:
0000:
t 0,1 = t 0,0 2
t 0,2 = t 0,1 2
t 0,3 = t 0,2 2
t 0,4 = t 0,3 2
t 0,5 = t 0,4 ;t 1,1 = t 0,4 *X
0001:
t 0,1 = t 0,0 2
t 0,2 = t 0,1 2
t 0,3 = t 0,2 2
t 0,4 = t 0,3 2
t 0,5 = t 0,4 *X;t 1,1 = t 0,4 *X 2
0010:
t 0,1 = t 0,0 2
t 0,2 = t 0,1 2
t 0,3 = t 0,2 2
t 0,4 = t 0,3 2
t 0,5 = t 0,4 *X 2 ;t 1,1 = t 0,4 *X 3
0011:
t 0,1 = t 0,0 2
t 0,2 = t 0,1 2
t 0,3 = t 0,2 2
t 0,4 = t 0,3 2
t 0,5 = t 0,4 *X 3 ;t 1,1 = t 0,4 *X 4
0100:
t 0,1 = t 0,0 2
t 0,2 = t 0,1 2
t 0,3 = t 0,2 2
t 0,4 = t 0,3 2
t 0,5 = t 0,4 *X 4 ;t 1,1 = t 0,4 *X 5
0101:
t 0,1 = t 0,0 2
t 0,2 = t 0,1 2
t 0,3 = t 0,2 2
t 0,4 = t 0,3 2
t 0,5 = t 0,4 *X 5 ;t 1,1 = t 0,4 *X 6
0110:
t 0,1 = t 0,0 2
t 0,2 = t 0,1 2
t 0,3 = t 0,2 2
t 0,4 = t 0,3 2
t 0,5 = t 0,4 *X 6 ;t 1,1 = t 0,4 *X 7
0111:
t 0,1 = t 0,0 2
t 0,2 = t 0,1 2
t 0,3 = t 0,2 2
t 0,4 = t 0,3 2
t 0,5 = t 0,4 *X 7 ;t 1,1 = t 0,4 *X 8
1000:
t 1,1 = t 1,0 2
t 1,2 = t 1,1 2
t 1,3 = t 1,2 2
t 1,4 = t 1,3 2
t 0,1 = t 1,4 *Y 8 ;t 1,5 = t 1,4 *Y 7
1001:
t 1,1 = t 1,0 2
t 1,2 = t 1,1 2
t 1,3 = t 1,2 2
t 1,4 = t 1,3 2
t 0,1 = t 1,4 *Y 7 ;t 1,5 = t 1,4 *Y 6
1010:
t 1,1 = t 1,0 2
t 1,2 = t 1,1 2
t 1,3 = t 1,2 2
t 1,4 = t 1,3 2
t 0,1 = t 1,4 *Y 6 ;t 1,5 = t 1,4 *Y 5
1011:
t 1,1 = t 1,0 2
t 1,2 = t 1,1 2
t 1,3 = t 1,2 2
t 1,4 = t 1,3 2
t 0,1 = t 1,4 *Y 5 ;t 1,5 = t 1,4 *Y 4
1100:
t 1,1 = t 1,0 2
t 1,2 = t 1,1 2
t 1,3 = t 1,2 2
t 1,4 = t 1,3 2
t 0,1 = t 1,4 *Y 4 ;t 1,5 = t 1,4 *Y 3
1101:
t 1,1 = t 1,0 2
t 1,2 = t 1,1 2
t 1,3 = t 1,2 2
t 1,4 = t 1,3 2
t 0,1 = t 1,4 *Y 3 ;t 1,5 = t 1,4 *Y 2
1110:
t 1,1 = t 1,0 2
t 1,2 = t 1,1 2
t 1,3 = t 1,2 2
t 1,4 = t 1,3 2
t 0,1 = t 1,4 *Y 2 ;t 1,5 = t 1,4 *Y
1111:
t 1,1 = t 1,0 2
t 1,2 = t 1,1 2
t 1,3 = t 1,2 2
t 1,4 = t 1,3 2
t 0,1 = t 1,4 *Y;t 1,5 = t 1,4
in the disclosed embodiments, for different (e) 4i+3 ,e 4i+2 ,e 4i+1 ,e 4i ) In each operation of value taking, the former 4 times of square operation is serial square operation, and the subsequent 2 times of modular multiplication operation is parallel operationAnd performing modular multiplication operation. The parallel modular multiplication operation can save clock period and improve operation speed.
In the embodiment of the present disclosure, the square operation may use the same operation unit as the modular multiplication operation, so as to save cost; the square operation and the modular multiplication operation can be separately realized to improve the efficiency.
In the disclosed embodiments, t 0,0 、t 0,1 ......t 0,5 The same memory space can be multiplexed, t 1,0 、t 1, 1 ......t 1,5 The same memory space can be multiplexed. And realizing the result of the previous window operation as the input of the next window operation through the multiplexing of the storage space. After all the windows are calculated, if (e) is found in the window corresponding to i =255 4i+3 ,e 4i+2 ,e 4i+1 ,e 4i ) If = 0000-0111, then t is calculated 0,5 Output as a return value for the Montgomery ladder method; if (e) 4i+3 ,e 4i+2 ,e 4i+1 ,e 4i ) If t is 1000 to 1111, then t is added 0,1 Output as a return value for the montgomery ladder method.
In the disclosed embodiment, in the Montgomery ladder method for modular exponentiation such as RSA encryption algorithm, the output variable, i.e., the return value M, is obtained by the Montgomery ladder method of initialization and window-by-window operation from the first base number M and the first exponent vector e e The return value M e For encryption. The technical scheme of the invention aims to realize the Montgomery ladder method efficiently in a mode of initialization and window-by-window operation.
In the embodiment of the disclosure, compared with the Montgomery ladder method for modular exponentiation calculation of original bit-by-bit calculation, the number of clock cycles of the Montgomery ladder method with a specific window length of 4 bits is reduced from 2048 to 1536, and the calculation performance is improved by 25%.
In the embodiment of the disclosure, for the Montgomery ladder method suitable for elliptic curve encryption, the input is the first coordinate X on the elliptic curve 0 First coordinate X 0 Which may be any coordinate on an elliptic curve, and a bit vector K of L bits for calculating KX 0.
In the disclosed embodiment, K is a 256-bit vector, i.e., L = 256.
In the embodiment of the present disclosure, with 2 as a specific window length, K is divided into 128 windows, and the operation is performed window by window.
In the embodiment of the present disclosure, initialization is performed first:
Y 0,0 = O
Y 1,0 = X 0
wherein, Y 0,0 "O" in O is an infinite coordinate point. For Y 1,0 And Y 0,0 Performing a point subtraction operation to obtain
X = Y 1,0 - Y 0,0
-X = -(Y 1,0 - Y 0,0 )。
Wherein, - (Y) 1,0 - Y 0,0 ) Is (Y) 1,0 - Y 0,0 ) The negative 1-fold point of the calculation results.
In the embodiment of the present disclosure, the reference coordinate set Y obtained by initialization 0,0 、Y 1,0 X and X can be directly used for subsequent operation in a window so as to improve the operation efficiency.
In the embodiment of the disclosure, for the ith window (0 ≦ i ≦ 127), the 2 bits of K are (K) 2i+1 , k 2i ). For different (k) 2i+1 , k 2i ) Taking values, respectively carrying out the following operations:
00:
Y 0,1 = 2Y 0,0
Y 0,2 = 2Y 0,1
Y 1,1 = 2Y 0,2 + X
11:
Y 1,1 = 2Y 1,0
Y 1,2 = 2Y 1,1
Y 0,1 = 2Y 1,2 + X
01:
Y 0,1 = Y 0,0 +Y 1,0
Y 0,2 = 2Y 0,1
10:
Y 1,1 = Y 0,0 +Y 1,0
Y 1,2 = 2Y 1,1
Y 0,1 = 2Y 1,2 + X。
in the disclosed embodiments, Y 0,1 =2Y 0,0 、Y 0,2 =2Y 0,1 Equal to the point calculation, Y 1,1 =Y 0,2 +X、Y 0,1 =Y 1,2 + X, etc. are points plus counts.
In the disclosed embodiments, X 0 X can multiplex the same memory space, Y 0,0 、Y 0,1 、Y 0,2 Can multiplex the same storage space, Y 1,0 、Y 1,1 、Y 1,2 The same memory space can be multiplexed. And realizing the result of the previous window operation as the input of the next window operation through the multiplexing of the storage space. After all the windows are calculated, if (k) is in the window corresponding to i =127 2i+1 ,k 2i ) If =00 or 01, then Y is 0,2 Output as a return value for the Montgomery ladder method; if (k) 2i+1 ,k 2i ) = 11 or 10, then Y is 0,1 Output as a return value for the montgomery ladder method.
In the Montgomery ladder method of the disclosed embodiment, the coordinate X on the elliptic curve is used as the reference 0 And a bit vector K of L bits, the second coordinate, i.e. the return value KX, being obtained by a Montgomery ladder method involving initialization and window-by-window operation 0 The return value KX 0 For elliptic curve cryptography. The technical scheme of the invention aims to realize the Montgomery ladder method efficiently in a mode of initialization and window-by-window operation.
In the embodiment of the present disclosure, the montgomery ladder method applied to the elliptic curve may also be applied to divide K into 64 windows with a specific window length of 4, and perform operations window by window.
In the embodiment of the present disclosure, initialization is performed first:
Y 0,0 = 0
Y 1,0 = X 0
wherein, Y 0,0 "O" in O is an infinite coordinate point. For Y 1,0 And Y 0,0 Performing a point subtraction operation to obtain
X = Y 1,0 - Y 0,0
2X = 2(Y 1,0 - Y 0,0 )
......
8X = 8(Y 1,0 - Y 0,0 )
-X = -(Y 1,0 - Y 0,0 )
-2X = 22(Y 1,0 - Y 0,0 )
......
-8X = -8(Y 1,0 - Y 0,0 )。
Wherein-8 (Y) 1,0 - Y 0,0 ) Is (Y) 1,0 - Y 0,0 ) Minus 8 times the point calculation result of 8 (Y) 1,0 - Y 0,0 ) Is (Y) 1,0 - Y 0,0 ) The results were calculated at 8 times.
In the embodiment of the present disclosure, the reference coordinate set Y obtained by initialization 0,0 、Y 1,0 X-8X, -X-8X can be directly used for subsequent operation in a window so as to improve the operation efficiency.
In the embodiment of the disclosure, for the ith window (0 ≦ i ≦ 63), the 4 bits of K are (K) 4i+3 ,k 4i+2 ,k 4i+1 ,k 4i ). For different (k) 4i+3 ,k 4i+2 ,k 4i+1 ,k 4i ) Taking values, respectively carrying out the following operations:
0000:
Y 0,1 = 2Y 0,0
Y 0,2 = 2Y 0,1
Y 0,3 = 2Y 0,2
Y 0,4 = 2Y 0,3
Y 0,5 = 2Y 0,4 ;Y 1,1 = Y 0,4 + X
0001:
Y 0,1 = 2Y 0,0
Y 0,2 = 2Y 0,1
Y 0,3 = 2Y 0,2
Y 0,4 = 2Y 0,3
Y 0,5 = 2Y 0,4 + X;Y 1,1 = Y 0,4 + 2X
0010:
Y 0,1 = 2Y 0,0
Y 0,2 = 2Y 0,1
Y 0,3 = 2Y 0,2
Y 0,4 = 2Y 0,3
Y 0,5 = 2Y 0,4 + 2X;Y 1,1 = Y 0,4 + 3X
0011:
Y 0,1 = 2Y 0,0
Y 0,2 = 2Y 0,1
Y 0,3 = 2Y 0,2
Y 0,4 = 2Y 0,3
Y 0,5 = 2Y 0,4 + 3X;Y 1,1 = Y 0,4 + 4X
0100:
Y 0,1 = 2Y 0,0
Y 0,2 = 2Y 0,1
Y 0,3 = 2Y 0,2
Y 0,4 = 2Y 0,3
Y 0,5 = 2Y 0,4 + 4X;Y 1,1 = Y 0,4 + 5X
0101:
Y 0,1 = 2Y 0,0
Y 0,2 = 2Y 0,1
Y 0,3 = 2Y 0,2
Y 0,4 = 2Y 0,3
Y 0,5 = 2Y 0,4 + 5X;Y 1,1 = Y 0,4 + 6X
0110:
Y 0,1 = 2Y 0,0
Y 0,2 = 2Y 0,1
Y 0,3 = 2Y 0,2
Y 0,4 = 2Y 0,3
Y 0,5 = 2Y 0,4 + 6X;Y 1,1 = Y 0,4 + 7X
0111:
Y 0,1 = 2Y 0,0
Y 0,2 = 2Y 0,1
Y 0,3 = 2Y 0,2
Y 0,4 = 2Y 0,3
Y 0,5 = 2Y 0,4 + 7X; Y 1,1 = Y 0,4 + 8X
1000:
Y 1,1 = 2Y 1,0
Y 1,2 = 2Y 1,1
Y 1,3 = 2Y 1,2
Y 1,4 = 2Y 1,3
Y 0,1 = 2Y 1,4 - 8X;Y 1,5 = Y 1,4 - 7X
1001:
Y 1,1 = 2Y 1,0
Y 1,2 = 2Y 1,1
Y 1,3 = 2Y 1,2
Y 1,4 = 2Y 1,3
Y 0,1 = 2Y 1,4 - 7X; Y 1,5 = Y 1,4 - 6X
1010:
Y 1,1 = 2Y 1,0
Y 1,2 = 2Y 1,1
Y 1,3 = 2Y 1,2
Y 1,4 = 2Y 1,3
Y 0,1 = 2Y 1,4 - 6X; Y 1,5 = Y 1,4 - 5X
1011:
Y 1,1 = 2Y 1,0
Y 1,2 = 2Y 1,1
Y 1,3 = 2Y 1,2
Y 1,4 = 2Y 1,3
Y 0,1 = 2Y 1,4 - 5X; Y 1,5 = Y 1,4 - 4X
1100:
Y 1,1 = 2Y 1,0
Y 1,2 = 2Y 1,1
Y 1,3 = 2Y 1,2
Y 1,4 = 2Y 1,3
Y 0,1 = 2Y 1,4 - 4X; Y 1,5 = Y 1,4 - 3X
1101:
Y 1,1 = 2Y 1,0
Y 1,2 = 2Y 1,1
Y 1,3 = 2Y 1,2
Y 1,4 = 2Y 1,3
Y 0,1 = 2Y 1,4 - 3X; Y 1,5 = Y 1,4 - 2X
1110:
Y 1,1 = 2Y 1,0
Y 1,2 = 2Y 1,1
Y 1,3 = 2Y 1,2
Y 1,4 = 2Y 1,3
Y 0,1 = 2Y 1,4 - 2X; Y 1,5 = Y 1,4 - X
1111:
Y 1,1 = 2Y 1,0
Y 1,2 = 2Y 1,1
Y 1,3 = 2Y 1,2
Y 1,4 = 2Y 1,3
Y 0,1 = 2Y 1,4 - X; Y 1,5 = Y 1,4
in the disclosed embodiments, for different (k) 4i+3 ,k 4i+2 ,k 4i+1 ,k 4i ) In each operation of value taking, the first 4 times of point adding operation is serial point adding operation, and the subsequent 2 times of point adding operation is parallel point adding operation. The parallel dot addition operation can save clock period and improve operation speed.
In the disclosed embodiments, X 0 X can multiplex the same memory space, Y 0,0 、Y 0,1 ......Y 0,5 Can multiplex the same storage space, Y 1,0 、Y 1,1 ......Y 1,5 The same memory space can be multiplexed. And realizing the result of the previous window operation as the input of the next window operation through the multiplexing of the storage space. After all the windows are calculated, if (k) is in the window corresponding to i =63 4i+3 ,k 4i+2 ,k 4i+1 ,k 4i ) If = 0000-0111, then Y is added 0,5 Output as a return value for the Montgomery ladder method; if (k) 4i+3 ,k 4i+2 ,k 4i+1 ,k 4i ) If = 1000-1111, then Y is added 0,1 Output as a return value for the montgomery ladder method.
In the Montgomery ladder method of the disclosed embodiment, the coordinate X on the elliptic curve is used as the reference 0 And a bit vector K of L bits, the second coordinate, i.e. the return value KX, being obtained by a Montgomery ladder method involving initialization and window-by-window operation 0 The return value KX 0 For elliptic curve cryptography. The technical scheme of the invention aims to realize the Montgomery ladder method efficiently in a mode of initialization and window-by-window operation.
In the embodiment of the present disclosure, for the above Montgomery ladder method applicable to elliptic curve cryptography with the specific window length of 4 bits and divided into 64 windows, for the ith window (0 ≦ i ≦ 63), K is (K) with 4 bits of K 4i+3 ,k 4i+2 ,k 4i+1 ,k 4i ). For different (k) 4i+3 ,k 4i+2 ,k 4i+1 ,k 4i ) Value taking can convert the point doubling operation of 4 times of serial calculation into continuous point doubling operation so as to save clock period and improve operation speed, and the following operations are respectively carried out:
0000:
Y 0,1 = 2 4 Y 0,0
Y 0,2 = Y 0,1 ; Y 1,1 = Y 0,2 + X
0001:
Y 0,1 = 2 4 Y 0,0
Y 0,2 = Y 0,1 + X; Y 1,1 = Y 0,2 + 2X
0010:
Y 0,1 = 2 4 Y 0,0
Y 0,2 = Y 0,1 + 2X; Y 1,1 = Y 0,2 + 3X
0011:
Y 0,1 = 2 4 Y 0,0
Y 0,2 = Y 0,1 + 3X; Y 1,1 = Y 0,2 + 4X
0100:
Y 0,1 = 2 4 Y 0,0
Y 0,2 = Y 0,1 + 4X; Y 1,1 = Y 0,2 + 5X
0101:
Y 0,1 = 2 4 Y 0,0
Y 0,2 = Y 0,1 + 5X; Y 1,1 = Y 0,2 + 6X
0110:
Y 0,1 = 2 4 Y 0,0
Y 0,2 = Y 0,1 + 6X; Y 1,1 = Y 0,2 + 7X
0111:
Y 0,1 = 2 4 Y 0,0
Y 0,2 = Y 0,1 + 7X; Y 1,1 = Y 0,2 + 8X
1000:
Y 1,1 = 2 4 Y 1,0
Y 0,1 = Y 1,1 - 8X; Y 1,2 = Y 1,1 - 7X
1001:
Y 1,1 = 2 4 Y 1,0
Y 0,1 = Y 1,1 - 7X; Y 1,2 = Y 1,1 - 6X
1010:
Y 1,1 = 2 4 Y 1,0
Y 0,1 = Y 1,1 - 6X; Y 1,2 = Y 1,1 - 5X
1011:
Y 1,1 = 2 4 Y 1,0
Y 0,1 = Y 1,1 - 5X; Y 1,2 = Y 1,1 - 4X
1100:
Y 1,1 = 2 4 Y 1,0
Y 0,1 = Y 1,1 - 4X; Y 1,2 = Y 1,1 - 3X
1101:
Y 1,1 = 2 4 Y 1,0
Y 0,1 = Y 1,1 - 3X; Y 1,2 = Y 1,1 - 2X
1110:
Y 1,1 = 2 4 Y 1,0
Y 0,1 = Y 1,1 - 2X; Y 1,2 = Y 1,1 - X
1111:
Y 1,1 = 2 4 Y 1,0
Y 0,1 = Y 1,1 - X; Y 1,2 = Y 1,1
in the present disclosureIn the examples, Y 0,0 、Y 0,1 、Y 0,2 Can multiplex the same storage space, Y 1,0 、Y 1,1 、Y 1,2 The same memory space can be multiplexed. And realizing the result of the previous window operation as the input of the next window operation through the multiplexing of the storage space. After all the windows are calculated, if (k) is in the window corresponding to i =63 4i+3 ,k 4i+2 ,k 4i+1 ,k 4i ) =0000~0111, then Y 0,2 Output as a return value for the Montgomery ladder method; if (k) 4i+3 ,k 4i+2 ,k 4i+1 ,k 4i ) If = 1000-1111, then Y is added 0,1 Output as a return value for the montgomery ladder method. The return value of the montgomery ladder method is used for elliptic curve cryptography.
In the embodiment of the present disclosure, the following table shows the clock counts of the conventional bit-by-bit montgomery ladder method, the 2-bit window method, the 4-bit window method, and the 4-bit window method using the continuous double-point operation, and the improvement efficiency of the 2-bit window method, the 4-bit window method, and the 4-bit window method using the continuous double-point operation with respect to the bit-by-bit montgomery ladder method.
Figure 852368DEST_PATH_IMAGE001
In the embodiment of the disclosure, under the condition of insufficient storage space, a 2-bit window method can be adopted to save the storage space with slower operation performance; under the condition of sufficient storage space, a 4-bit window method can be adopted to improve the operation performance.
It will be understood by those skilled in the art that the vector K may have other bit lengths, such as 512 bits, 1024 bits, etc., and the specific window length may also have other lengths, such as 8 bits, 16 bits, etc., which is not limited by the present disclosure.
Fig. 1 shows a flow diagram of an encryption method for specifying a curve according to an embodiment of the present disclosure.
As shown in fig. 1, the encryption method for specifying the curve includes: steps S101, S102, S103, S104.
In step S101, a first coordinate and a first bit vector of a specified curve are acquired.
In step S102, a reference coordinate set is obtained based on the first coordinate of the designated curve, where the reference coordinate set includes a first reference coordinate, a second reference coordinate, a third reference coordinate, and a reference multiple coordinate.
In step S103, the first bit vector is divided into a second bit vector, and the length of the second bit vector is a specific window length greater than 1 bit.
In step S104, performing multiply-add calculation on a window-by-window basis on the reference coordinate in the reference coordinate group according to the value of the second bit vector to obtain a second coordinate, where the second coordinate is encrypted data obtained by encrypting the first bit vector on the basis of the specified curve.
According to an embodiment of the present disclosure, the specified curve may be an elliptic curve. For convenience of explanation, the following description will be given taking an elliptic curve as an example.
In the disclosed embodiment, as mentioned above, for the Montgomery ladder method applied to the elliptic curve, the input is the first coordinate X on the elliptic curve 0 First coordinate X 0 Can be any coordinate on an elliptic curve, and a bit vector K of L bits for calculating KX 0
In the disclosed embodiment, K is a 256-bit vector, i.e., L = 256.
In the embodiment of the present disclosure, with 2 as a specific window length, K is divided into 128 windows; or divide K into 64 windows with 4 as a specific window length.
In the disclosed embodiment, in initialization, by X 0 The obtained reference coordinate set Y 0,0 、Y 1,0 X-8X, -X-8X can be directly used for subsequent operation in a window so as to improve the operation efficiency.
In the disclosed embodiment, reference coordinate Y is set 0,0 、Y 1,0 And calculating the point doubling and point addition at X-8X, -X-8X to obtain a second coordinate.
According to the embodiment of the disclosure, a first coordinate and a first bit vector of a designated curve are obtained; obtaining a reference coordinate set based on the first coordinate of the designated curve, wherein the reference coordinate set comprises a first reference coordinate, a second reference coordinate, a third reference coordinate and a reference multiple coordinate; dividing the first bit vector into a second bit vector, wherein the length of the second bit vector is a specific window length which is larger than 1 bit; and performing multiply-add calculation on the basis of the reference coordinates in the reference coordinate group window by window according to the value of the second bit vector to obtain a second coordinate, wherein the second coordinate is encrypted data obtained by encrypting the first bit vector on the basis of the specified curve, so that the operating efficiency of the Montgomery ladder method is improved.
In the disclosed embodiments, the multiply-add calculation includes: the multiple point calculation and the point addition calculation.
In the disclosed embodiment, the first reference coordinate Y is as previously described 0,0 = O, "O" is the infinite point coordinate. Second reference coordinate Y 1,0 = X 0 ,X 0 Is the first coordinate. Third reference coordinate X = Y 1,0 - Y 0,0 Is the result of a point subtraction operation of the second reference coordinate and the first reference coordinate. The reference multiple coordinate X-8X-8X is the result of calculation of integral multiple points of the third reference coordinate X.
According to an embodiment of the present disclosure, calculating by the multiplication and addition includes: calculating a multiple point and a point addition; and/or the first reference coordinate in the reference coordinate set is an infinite point coordinate; and/or a second reference coordinate in the reference coordinate set is a first coordinate of the specified curve; and/or the third reference coordinate in the reference coordinate group is obtained by point subtraction calculation of the second reference coordinate and the first reference coordinate; and/or
The multiple reference coordinates in the reference coordinate set are obtained by calculating the multiple points of the third reference coordinate, so that the pre-calculation of various coordinates is performed, the method is suitable for the calculation in a subsequent window, and the overall efficiency is improved.
In the embodiment of the present disclosure, as described above, under the condition that the specific window length is 2 bits, the reference multiple coordinates are X and-X; the reference multiple coordinate is 8X to-8X under the condition that the specific window length is 4 bits.
According to the embodiment of the present disclosure, under the condition that the length of the specific window is 2 bits, the reference multiple coordinate is calculated from the third reference coordinate and a negative 1-time point of the third reference coordinate; and/or under the condition that the specific window length is 4 bits, the reference multiple coordinate is formed by the following calculation results: and (4) from the negative 8-time point calculation result to the 8-time point calculation result of the third reference coordinate, thereby carrying out reasonable initialization and improving the operation efficiency.
Fig. 2 shows a flowchart when step S104 is 00 or 11 in a 2-bit window according to the embodiment described in fig. 1.
As shown in fig. 2, the process of step S104 when the window of 2 bits is 00 or 11 includes: steps S201 to S203.
In step S201, twice times of point calculation is performed on the first reference coordinate or the second reference coordinate to obtain a first output coordinate in the window.
In step S202, a point addition calculation is performed on the first output coordinate in the window and the reference multiple coordinate to obtain a second output coordinate in the window.
In step S203, the first output coordinate in the window and the second output coordinate in the window are used as inputs of next window calculation, and are respectively assigned to the first reference coordinate and the second reference coordinate in the next window.
Fig. 3 shows a flow chart when step S104 is 01 or 10 in a 2-bit window according to the embodiment described in fig. 1.
As shown in fig. 3, the process of step S104 when the number is 01 or 10 in the 2-bit window includes: steps S301 to S304.
In step S301, a point addition calculation is performed on the first reference coordinate and the second reference coordinate.
In step S302, the point addition calculation result is multiplied to obtain a third output coordinate in the window.
In step S303, performing point addition calculation on the third output coordinate in the window and the reference multiple coordinate to obtain a fourth output coordinate in the window.
In step S304, the third output coordinate in the window and the fourth output coordinate in the window are used as inputs of next window calculation, and the first reference coordinate and the second reference coordinate in the next window are assigned respectively.
In the embodiment of the present disclosure, as described above, under the condition that the specific window length is 2 bits, the (k) is different 2i+1 ,k 2i ) Taking values, respectively carrying out the following operations:
00:
Y 0,1 = 2Y 0,0
Y 0,2 = 2Y 0,1
Y 1,1 = 2Y 0,2 + X
11:
Y 1,1 = 2Y 1,0
Y 1,2 = 2Y 1,1
Y 0,1 = 2Y 1,2 + X
01:
Y 0,1 = Y 0,0 +Y 1,0
Y 0,2 = 2Y 0,1
10:
Y 1,1 = Y 0,0 +Y 1,0
Y 1,2 = 2Y 1,1
Y 0,1 = 2Y 1,2 + X。
in the disclosed embodiments, Y 0,1 =2Y 0,0 、Y 0,2 =2Y 0,1 Equal to the point calculation, Y 1,1 =Y 0,2 +X、Y 0,1 =Y 1,2 + X, etc. are points plus counts.
In the disclosed embodiments, X 0 X can multiplex the same memory space, Y 0,0 、Y 0,1 、Y 0,2 Can multiplex the same storage space, Y 1,0 、Y 1,1 、Y 1,2 The same memory space can be multiplexed. By storingAnd multiplexing the storage space, and using the result of the previous window operation as the input of the next window operation.
According to an embodiment of the present disclosure, under the condition that the specific window length is 2 bits, the multiply-add calculation includes: in the window, under the condition that the value of the second bit vector is '00' or '11', twice point-doubling calculation is carried out on the first reference coordinate or the second reference coordinate to obtain a first output coordinate in the window; performing point addition calculation on the first output coordinate in the window and the reference multiple coordinate to obtain a second output coordinate in the window; and taking the first output coordinate in the window and the second output coordinate in the window as the input of the next window calculation, and respectively assigning values to the first reference coordinate and the second reference coordinate in the next window, thereby realizing window-by-window operation and improving the operation efficiency.
According to an embodiment of the present disclosure, under the condition that the specific window length is 2 bits, the multiply-add calculation further includes: in the window, under the condition that the value of the second bit vector is '01' or '10', performing point addition calculation on the first reference coordinate and the second reference coordinate; performing point doubling calculation on the result of the point addition calculation to obtain a third output coordinate in the window; performing point addition calculation on the third output coordinate in the window and the reference multiple coordinate to obtain a fourth output coordinate in the window; and taking the third output coordinate in the window and the fourth output coordinate in the window as the input of the calculation of the next window, and respectively assigning values to the first reference coordinate and the second reference coordinate in the next window, thereby realizing window-by-window operation and improving the operation efficiency.
In the embodiment of the present disclosure, after all windows are calculated, if (k) is (k) in the window corresponding to i =127 2i+1 ,k 2i ) If =00 or 01, then Y is 0,2 Output as a return value for the Montgomery ladder method; if (k) 2i+1 ,k 2i ) = 11 or 10, then Y will be 0,1 Output as a return value for the montgomery ladder method.
According to an embodiment of the present disclosure, calculating by multiplication and addition further includes: and after the calculation of all the windows is finished, taking the first output coordinate in the last window or the third output coordinate in the last window as the second coordinate, thereby improving the operation efficiency.
Fig. 4 shows a flowchart in which step S104 is implemented with a 4-bit window according to the embodiment described in fig. 1.
As shown in fig. 4, the process of step S104 implemented by using a 4-bit window includes: steps S401, S402, S403.
In step S401, four times of point calculation is performed on the first reference coordinate or the second reference coordinate in the window.
In step S402, performing point addition calculation on the result of the fourth time multiple point calculation and the reference multiple coordinate to obtain a fifth output coordinate in the window and a sixth output coordinate in the window.
In step S403, the fifth output coordinate in the window and the sixth output coordinate in the window are used as inputs of next window calculation, and the first reference coordinate and the second reference coordinate in the next window are assigned respectively.
In the disclosed embodiment, as described above, in the disclosed embodiment, for the ith window (0 ≦ i ≦ 63), the 4 bits of K are (K) 4i+3 ,k 4i+2 ,k 4i+1 ,k 4i ). For different (k) 4i+3 ,k 4i+2 ,k 4i+1 ,k 4i ) Taking values, respectively carrying out the following operations:
0000:
Y 0,1 = 2Y 0,0
Y 0,2 = 2Y 0,1
Y 0,3 = 2Y 0,2
Y 0,4 = 2Y 0,3
Y 0,5 = 2Y 0,4 ; Y 1,1 = Y 0,4 + X
0001:
Y 0,1 = 2Y 0,0
Y 0,2 = 2Y 0,1
Y 0,3 = 2Y 0,2
Y 0,4 = 2Y 0,3
Y 0,5 = 2Y 0,4 + X; Y 1,1 = Y 0,4 + 2X
......
1110:
Y 1,1 = 2Y 1,0
Y 1,2 = 2Y 1,1
Y 1,3 = 2Y 1,2
Y 1,4 = 2Y 1,3
Y 0,1 = 2Y 1,4 - 2X; Y 1,5 = Y 1,4 - X
1111:
Y 1,1 = 2Y 1,0
Y 1,2 = 2Y 1,1
Y 1,3 = 2Y 1,2
Y 1,4 = 2Y 1,3
Y 0,1 = 2Y 1,4 - X; Y 1,5 = Y 1,4
in the disclosed embodiments, for different (k) 4i+3 ,k 4i+2 ,k 4i+1 ,k 4i ) In each operation of the values, the previous 4 times of point multiplication operation is serial point multiplication operation, and the subsequent 2 times of point addition operation is parallel point addition operation. The parallel dot addition operation can save clock period and improve operation speed.
In the disclosed embodiments, X 0 X can multiplex the same memory space, Y 0,0 、Y 0,1 ......Y 0,5 Can multiplex the same storage space, Y 1,0 、Y 1,1 ......Y 1,5 The same memory space can be multiplexed. And realizing the result of the previous window operation as the input of the next window operation through the multiplexing of the storage space.
According to an embodiment of the present disclosure, under the condition that the specific window length is 4 bits, the multiply-add calculation includes: performing four times of point calculation on the first reference coordinate or the second reference coordinate in the window; performing point addition calculation on the result of the fourth time point calculation and the reference multiple coordinate to obtain a fifth output coordinate in the window and a sixth output coordinate in the window; and taking the fifth output coordinate in the window and the sixth output coordinate in the window as the input of the next window calculation, and respectively assigning values to the first reference coordinate and the second reference coordinate in the next window, so that the window-by-window operation is realized, and the operation efficiency is improved.
In the embodiment of the present disclosure, after all windows are calculated, if (k) is (k) in the window corresponding to i =63 4i+3 ,k 4i+2 ,k 4i+1 ,k 4i ) =0000~0111, then Y 0,5 Output as a return value for the Montgomery ladder method; if (k) 4i+3 ,k 4i+2 ,k 4i+1 ,k 4i ) If =1000 to 1111, then Y is added 0,1 Output as a return value for the montgomery ladder method.
According to an embodiment of the present disclosure, calculating by the multiplication and addition further includes: and after the calculation of all the windows is finished, taking the fifth output coordinate in the last window as the second coordinate, thereby improving the operation speed.
In the embodiment of the present disclosure, under the condition that the length of the specific window is 4 bits, the multiple point operation of 4 times of serial computations may be converted into a continuous multiple point operation, so as to save a clock period and improve an operation speed.
According to the embodiment of the disclosure, the calculation of the continuous multiple points is realized by four times of multiple point calculation, so that the calculation speed is improved.
According to the embodiment of the disclosure, the specified curve is an elliptic curve, so that the operation speed is improved.
Fig. 5 shows a flow chart of an encrypted data processing method according to an embodiment of the present disclosure.
As shown in fig. 5, the flow of the encrypted data processing method includes: steps S501, S502, S503, S504.
In step S501, a first base and a first exponent vector of the modular exponentiation calculation are acquired.
In step S502, a reference variable set is initialized based on the first base number, the reference variable set including: a first variable, a second variable, a third variable, and a fourth variable.
In step S503, the first exponent vector is divided into a second exponent vector, the length of the second exponent vector is a specific window length greater than 1 bit, and the first exponent vector and the second exponent vector are bit vectors.
In step S504, a plurality of square calculations are performed on the first variable or the second variable in the reference variable group window by window according to the value of the second index vector, and a result of the plurality of square calculations and a third variable or a fourth variable in the reference variable group are subjected to a modular multiplication operation to obtain an output variable, where the output variable is used to encrypt data.
As described above, in the embodiment of the present disclosure, for a modular exponentiation such as the RSA method, M and a binary vector e such as 1024 bits in length are input, and M is calculated using the Montgomery ladder method with a specific window length of 4 bits e
In the embodiment of the present disclosure, first, initialization is performed, and the following calculation is performed:
t 0,0 = 1
t 1,0 = M
calculating t 0,0 -1
X = t 0,0 -1 t 1,0
X 2 = t 0,0 -2 t 1,0 2
X 3 = X*X 2 = t 0,0 -3 t 1,0 3
X 4 = (X 2 ) 2 = t 0,0 -4 t 1,0 4
X 5 = X 2 *X 3 = t 0,0 -5 t 1,0 5
X 6 = (X 3 ) 2 = t 0,0 -6 t 1,0 6
X 7 = X 3 *X 4 = t 0,0 -7 t 1,0 7
X 8 = (X 4 ) 2 = t 0,0 -8 t 1,0 8
Calculating t 1,0 -1
Y = t 0,0 t 1,0 -1
Y 2 = t 0,0 2 t 1,0 -2
Y 3 = Y*Y 2 = t 0,0 3 t 1,0 -3
Y 4 = (Y 2 ) 2 = t 0,0 4 t 1,0 -4
Y 5 = Y 2 *Y 3 = t 0,0 5 t 1,0 -5
Y 6 = (Y 3 ) 2 = t 0,0 6 t 1,0 -6
Y 7 = Y 3 *Y 4 = t 0,0 7 t 1,0 -7
Y 8 = (Y 4 ) 2 = t 0,0 8 t 1,0 -8
In the embodiment of the present disclosure, the obtained reference variable group t is initialized 0,0 、t 1,0 、t 0,0 -1 、X ~X 8 、t 1,0 -1 、Y ~ Y 8 The method can be directly used for subsequent operation in the window so as to improve the operation efficiency. In the set of reference variables, t 0,0 Is a first variable, t 1,0 Is a second variable, X-X 8 Is a third variable, Y-Y 8 Is the fourth variable.
In the embodiment of the disclosure, for the ith window (0 ≦ i ≦ 255), 4 bits of e therein are the second index vector (e) 4i+3 ,e 4i+2 ,e 4i+1 ,e 4i ). For different (e) 4i+3 ,e 4i+2 ,e 4i+1 ,e 4i ) Taking values, respectively carrying out the following operations:
0000:
t 0,1 = t 0,0 2
t 0,2 = t 0,1 2
t 0,3 = t 0,2 2
t 0,4 = t 0,3 2
t 0,5 = t 0,4 ; t 1,1 = t 0,4 *X
0001:
t 0,1 = t 0,0 2
t 0,2 = t 0,1 2
t 0,3 = t 0,2 2
t 0,4 = t 0,3 2
t 0,5 = t 0,4 *X; t 1,1 = t 0,4 *X 2
......
1110:
t 1,1 = t 1,0 2
t 1,2 = t 1,1 2
t 1,3 = t 1,2 2
t 1,4 = t 1,3 2
t 0,1 = t 1,4 *Y 2 ; t 1,5 = t 1,4 *Y
1111:
t 1,1 = t 1,0 2
t 1,2 = t 1,1 2
t 1,3 = t 1,2 2
t 1,4 = t 1,3 2
t 0,1 = t 1,4 *Y; t 1,5 = t 1,4
in the present disclosureIn the examples, for different (e) 4i+3 ,e 4i+2 ,e 4i+1 ,e 4i ) In each operation of value taking, the first 4 times of square operation is serial square operation, and the subsequent 2 times of modular multiplication operation is parallel modular multiplication operation. The parallel modular multiplication operation can save clock period and improve operation speed.
In the embodiment of the present disclosure, the square operation may use the same operation unit as the modular multiplication operation, so as to save cost; the square operation and the modular multiplication operation can be separately realized to improve the efficiency.
In the disclosed embodiments, t 0,0 、t 0,1 ......t 0,5 The same memory space can be multiplexed, t 1,0 、t 1, 1 ......t 1,5 The same memory space can be multiplexed. And realizing the result of the previous window operation as the input of the next window operation through the multiplexing of the storage space. After all the windows are calculated, if (e) is found in the window corresponding to i =255 4i+3 ,e 4i+2 ,e 4i+1 ,e 4i ) If = 0000-0111, then t is calculated 0,5 Output as a return value for the Montgomery ladder method; if (e) 4i+3 ,e 4i+2 ,e 4i+1 ,e 4i ) If t is 1000 to 1111, then t is added 0,1 Output as a return value for the montgomery ladder method.
According to the embodiment of the disclosure, a first base number and a first exponent vector calculated by obtaining a modular exponentiation;
initializing a reference variable set based on the first base number, the reference variable set comprising: a first variable, a second variable, a third variable, and a fourth variable; dividing the first exponent vector into a second exponent vector, wherein the length of the second exponent vector is a specific window length which is larger than 1 bit; and performing multiple square calculation on the first variable or the second variable in the reference variable group window by window according to the value of the second exponential vector, and performing modular multiplication operation on the result of the multiple square calculation and the third variable or the fourth variable in the reference variable group to obtain an output variable, wherein the output variable is used for encrypting data, so that the operation speed of the Montgomery ladder method for modular exponentiation calculation is increased.
According to the embodiment of the disclosure, the specific window length is 4 bits, so that window-by-window operation is realized, and the operation efficiency is improved.
In the embodiment of the present disclosure, first, initialization is performed, and the following calculation is performed:
t 0,0 = 1
t 1,0 = M
calculating t 0,0 -1
X = t 0,0 -1 t 1,0
X 2 = t 0,0 -2 t 1,0 2
X 3 = X*X 2 = t 0,0 -3 t 1,0 3
X 4 = (X 2 ) 2 = t 0,0 -4 t 1,0 4
X 5 = X 2 *X 3 = t 0,0 -5 t 1,0 5
X 6 = (X 3 ) 2 = t 0,0 -6 t 1,0 6
X 7 = X 3 *X 4 = t 0,0 -7 t 1,0 7
X 8 = (X 4 ) 2 = t 0,0 -8 t 1,0 8
Calculating t 1,0 -1
Y = t 0,0 t 1,0 -1
Y 2 = t 0,0 2 t 1,0 -2
Y 3 = Y*Y 2 = t 0,0 3 t 1,0 -3
Y 4 = (Y 2 ) 2 = t 0,0 4 t 1,0 -4
Y 5 = Y 2 *Y 3 = t 0,0 5 t 1,0 -5
Y 6 = (Y 3 ) 2 = t 0,0 6 t 1,0 -6
Y 7 = Y 3 *Y 4 = t 0,0 7 t 1,0 -7
Y 8 = (Y 4 ) 2 = t 0,0 8 t 1,0 -8
In the embodiment of the present disclosure, the reference variable set obtained by initialization includes the first variable t 0,0 A second variable t 1,0 、t 0,0 -1 、t 1,0 -1 And the third variable X-X 8 And the fourth variable Y-Y 8 The method can be directly used for subsequent operation in the window so as to improve the operation efficiency.
According to an embodiment of the present disclosure, initializing the reference variable group based on the first base number includes: initializing a first variable, initializing a second variable according to the first base number, and calculating a third variable and a fourth variable by using the first variable and the second variable, thereby facilitating subsequent operation in a window and improving the operation efficiency.
According to an embodiment of the present disclosure, calculating a third variable and a fourth variable by the using the first variable and the second variable includes: the method includes calculating an inverse variable of the first variable, calculating the third variable using a result of a power calculation of the inverse variable of the first variable and a result of a power calculation of the second variable, calculating an inverse variable of the second variable, and calculating the fourth variable using a result of a power calculation of the first variable and a result of a power calculation of the inverse variable of the second variable, thereby providing an initialization efficiency.
Fig. 6 shows a flow chart when step S504 is 0000 to 0111 in a 4-bit window according to the embodiment of fig. 5.
As shown in fig. 6, the flow of step S504 when the 4-bit window is 0000 to 0111 includes: step S601 and step S602.
In step S601, a square calculation is performed on the first variable in the reference variable group, and a modular multiplication operation is performed on the result of the square calculation and the third variable or the fourth variable in the reference variable group to obtain a first output variable in the window and a second output variable in the window.
In step S602, the first output variable in the window and the second output variable in the window are used as inputs of calculation of a next window, and the first variable and the second variable in the next window are assigned.
Fig. 7 shows a flowchart when step S504 is 1000 to 1111 in the 4-bit window according to the embodiment described in fig. 5.
As shown in fig. 7, the flow of step S504 when it is 1000 to 1111 in the 4-bit window includes: step S701, step S702.
In step S701, a fourth square calculation is performed on the second variable in the reference variable group, and a modular multiplication operation is performed on the result of the fourth square calculation and the third variable or the fourth variable in the reference variable group to obtain a third output variable in the window and a fourth output variable in the window.
In step S702, the third output variable in the window and the fourth output variable in the window are used as inputs of the next window calculation, and the first variable and the second variable in the next window are assigned.
In the embodiment of the disclosure, for the ith window (0 ≦ i ≦ 255), 4 bits of e are (e) 4i+3 ,e 4i+2 ,e 4i+1 ,e 4i ). For different (e) 4i+3 ,e 4i+2 ,e 4i+1 ,e 4i ) Taking values, respectively carrying out the following operations:
0000:
t 0,1 = t 0,0 2
t 0,2 = t 0,1 2
t 0,3 = t 0,2 2
t 0,4 = t 0,3 2
t 0,5 = t 0,4 ; t 1,1 = t 0,4 *X
0001:
t 0,1 = t 0,0 2
t 0,2 = t 0,1 2
t 0,3 = t 0,2 2
t 0,4 = t 0,3 2
t 0,5 = t 0,4 *X; t 1,1 = t 0,4 *X 2
......
1110:
t 1,1 = t 1,0 2
t 1,2 = t 1,1 2
t 1,3 = t 1,2 2
t 1,4 = t 1,3 2
t 0,1 = t 1,4 *Y 2 ; t 1,5 = t 1,4 *Y
1111:
t 1,1 = t 1,0 2
t 1,2 = t 1,1 2
t 1,3 = t 1,2 2
t 1,4 = t 1,3 2
t 0,1 = t 1,4 *Y; t 1,5 = t 1,4
in the disclosed embodiments, t 0,0 、t 0,1 ......t 0,5 The same memory space can be multiplexed, t 1,0 、t 1, 1 ......t 1,5 The same memory space can be multiplexed. And realizing the result of the previous window operation as the input of the next window operation through the multiplexing of the storage space.
According to the embodiment of the present disclosure, performing multiple square calculations on the first variable or the second variable in the reference variable group window by window according to the value of the second index vector, and performing a modular multiplication operation on the result of the multiple square calculations and the third variable or the fourth variable in the reference variable group to obtain an output variable includes: in the window, under the condition that the value of the second index vector is from "0000" to "0111", performing quadratic calculation on the first variable in the reference variable group, and performing modular multiplication operation on the result of the quadratic calculation and the third variable or the fourth variable in the reference variable group to obtain a first output variable in the window and a second output variable in the window; taking the first output variable in the window and the second output variable in the window as the input of the next window calculation, assigning values to the first variable and the second variable in the next window, and/or performing quadrate calculation on the second variable in the reference variable group under the condition that the value of the second index vector is from 1000 to 1111, and performing modular multiplication operation on the result of the quadrate calculation and the third variable or the fourth variable in the reference variable group to obtain a third output variable in the window and a fourth output variable in the window; and taking the third output variable in the window and the fourth output variable in the window as the input of the calculation of the next window, and assigning values to the first variable and the second variable in the next window, thereby improving the operation efficiency.
In the embodiment of the present disclosure, after all windows are calculated, if (e) is (e), the window corresponding to i =255 is calculated 4i+3 ,e 4i+2 ,e 4i+1 ,e 4i ) If = 0000-0111, then t is calculated 0,5 Output as a return value for the Montgomery ladder method; if (e) 4i+3 ,e 4i+2 ,e 4i+1 ,e 4i ) If t is 1000 to 1111, then t is added 0,1 Output as a return value for the montgomery ladder method.
According to the embodiment of the present disclosure, performing multiple square calculations on the first variable or the second variable in the reference variable group window by window according to the value of the second index vector, and performing a modular multiplication operation on the result of the multiple square calculations and the third variable or the fourth variable in the reference variable group to obtain the output variable further includes: and after the calculation of all the windows is finished, taking the first output variable in the last window or the third output variable in the last window as the output variable, thereby improving the operation efficiency.
Fig. 8 is a block diagram illustrating an encryption apparatus for specifying a curve according to an embodiment of the present disclosure.
As shown in fig. 8, an encryption apparatus 800 for specifying a curve includes: a first coordinate and bit vector obtaining module 801, a first initialization module 802, a first bit vector dividing module 803, and a multiply-add calculating module 804.
The first coordinate and bit vector obtaining module 801 is configured to obtain a first coordinate and a first bit vector of a specified curve.
The first initialization module 802 is configured to obtain a reference coordinate set based on the first coordinate of the designated curve, where the reference coordinate set includes a first reference coordinate, a second reference coordinate, a third reference coordinate, and a reference multiple coordinate.
The first bit vector splitting module 803 is configured to split the first bit vector into a second bit vector, where the length of the second bit vector is a specific window length greater than 1 bit.
The multiply-add calculation module 804 is configured to perform multiply-add calculation window by window based on the reference coordinate in the reference coordinate set according to the value of the second bit vector to obtain a second coordinate, where the second coordinate is used to encrypt the specified curve.
According to the embodiment of the disclosure, the first coordinate and bit vector acquisition module is used for acquiring a first coordinate and a first bit vector of a specified curve; the first initialization module is used for obtaining a reference coordinate set based on the first coordinate of the specified curve, and the reference coordinate set comprises a first reference coordinate, a second reference coordinate, a third reference coordinate and a reference multiple coordinate; a first bit vector dividing module, configured to divide the first bit vector into a second bit vector, where the length of the second bit vector is greater than a specific window length of 1 bit; and the multiplication and addition calculation module is used for carrying out multiplication and addition calculation on the basis of the reference coordinates in the reference coordinate group window by window according to the value of the second bit vector to obtain a second coordinate, and the second coordinate is used for encrypting the specified curve, so that the operation efficiency of the Montgomery ladder method is improved.
According to an embodiment of the present disclosure, calculating by the multiplication and addition includes: calculating a multiple point and a point addition; and/or the first reference coordinate in the reference coordinate set is an infinity point coordinate; and/or the second reference coordinate in the reference coordinate set is the first coordinate of the specified curve; and/or the third reference coordinate in the reference coordinate set is obtained by point subtraction calculation of the second reference coordinate and the first reference coordinate; and/or the reference multiple coordinates in the reference coordinate group are calculated by integral multiple points of the third reference coordinate, so that various coordinates are pre-calculated, the method is suitable for operation in a subsequent window, and the overall efficiency is improved.
According to the embodiment of the present disclosure, under the condition that the length of the specific window is 2 bits, the reference multiple coordinate is calculated from the third reference coordinate and a negative 1-time point of the third reference coordinate; and/or under the condition that the specific window length is 4 bits, the reference multiple coordinate is formed by the following calculation results: and (4) from the negative 8-time point calculation result to the 8-time point calculation result of the third reference coordinate, thereby carrying out reasonable initialization and improving the operation efficiency.
According to an embodiment of the present disclosure, under the condition that the specific window length is 2 bits, the multiply-add calculation module is configured to: in the window, under the condition that the value of the second bit vector is '00' or '11', twice point-doubling calculation is carried out on the first reference coordinate or the second reference coordinate to obtain a first output coordinate in the window; performing point addition calculation on the first output coordinate in the window and the reference multiple coordinate to obtain a second output coordinate in the window; and taking the first output coordinate in the window and the second output coordinate in the window as the input of the calculation of the next window, and respectively assigning values to the first reference coordinate and the second reference coordinate in the next window, thereby realizing window-by-window operation and improving the operation efficiency.
According to an embodiment of the present disclosure, on the condition that the specific window length is 2 bits, the multiply-add calculation module is further configured to: in the window, under the condition that the value of the second bit vector is '01' or '10', point addition calculation is carried out on the first reference coordinate and the second reference coordinate; performing point doubling calculation on the result of the point addition calculation to obtain a third output coordinate in the window; performing point addition calculation on the third output coordinate in the window and the reference multiple coordinate to obtain a fourth output coordinate in the window; and taking the third output coordinate in the window and the fourth output coordinate in the window as the input of the next window calculation, and respectively assigning values to the first reference coordinate and the second reference coordinate in the next window, so that the window-by-window operation is realized, and the operation efficiency is improved.
According to an embodiment of the present disclosure, the multiply-add calculation module is further configured to:
and after the calculation of all the windows is finished, taking the first output coordinate in the last window or the third output coordinate in the last window as the second coordinate, thereby improving the operation efficiency.
According to an embodiment of the present disclosure, under the condition that the specific window length is 4 bits, the multiply-add calculation module is configured to: performing four times of point calculation on the first reference coordinate or the second reference coordinate in the window; performing point addition calculation on the result of the fourth time point calculation and the reference multiple coordinate to obtain a fifth output coordinate in the window and a sixth output coordinate in the window; and taking the fifth output coordinate in the window and the sixth output coordinate in the window as the input of the next window calculation, and respectively assigning values to the first reference coordinate and the second reference coordinate in the next window, so that the window-by-window operation is realized, and the operation efficiency is improved.
According to an embodiment of the present disclosure, the multiply-add calculation module is further configured to: and after the calculation of all the windows is finished, taking the fifth output coordinate in the last window as the second coordinate, thereby improving the operation speed.
According to the embodiment of the disclosure, the calculation of the continuous multiple points is realized by four times of multiple point calculation, so that the calculation speed is improved.
According to the embodiment of the disclosure, the specified curve is an elliptic curve, so that the operation speed is improved.
Fig. 9 shows a block diagram of an encrypted data processing apparatus according to an embodiment of the present disclosure.
As shown in fig. 9, the encrypted data processing apparatus 900 includes: a first base number and exponent bit vector obtaining module 901, a second initialization module 902, a first exponent vector splitting module 903, and a square and modular multiplication operation module 904.
A first base and exponent bit vector obtaining module 901, configured to obtain a first base and a first exponent vector of a modular exponentiation.
A second initializing module 902, configured to initialize a reference variable group based on the first base number, where the reference variable group includes: a first variable, a second variable, a third variable, and a fourth variable.
A first exponent vector dividing module 903, configured to divide the first exponent vector into a second exponent vector, where the length of the second exponent vector is greater than a specific window length of 1 bit, and the first exponent vector and the second exponent vector are bit vectors.
And a square and modular multiplication operation module 904, configured to perform multiple square calculations on the first variable or the second variable in the reference variable group window by window according to the value of the second index vector, and perform modular multiplication operation on a result of the multiple square calculations and a third variable or a fourth variable in the reference variable group to obtain an output variable, where the output variable is used to encrypt data.
According to the embodiment of the disclosure, the module for obtaining the first base number and the first exponent vector is used for obtaining the first base number and the first exponent vector of the modular exponentiation calculation; a second initialization module, configured to initialize a reference variable set based on the first base number, where the reference variable set includes: a first variable, a second variable, a third variable, and a fourth variable; the first exponent vector dividing module is used for dividing the first exponent vector into a second exponent vector, and the length of the second exponent vector is greater than the specific window length of 1 bit; and the square and modular multiplication operation module is used for performing multiple square calculations on the first variable or the second variable in the reference variable group window by window according to the value of the second exponential vector, performing modular multiplication operation on the result of the multiple square calculations and the third variable or the fourth variable in the reference variable group to obtain an output variable, and the output variable is used for encrypting data, so that the operation speed of the Montgomery ladder method for modular exponentiation calculation is increased.
According to the embodiment of the disclosure, the specific window length is 4 bits, so that window-by-window operation is realized, and the operation efficiency is improved.
According to the embodiment of the present disclosure, the second initialization module is configured to: initializing a first variable, initializing a second variable according to the first base number, and calculating a third variable and a fourth variable by using the first variable and the second variable, thereby facilitating subsequent operation in a window and improving the operation efficiency.
According to an embodiment of the present disclosure, calculating a third variable and a fourth variable by the using the first variable and the second variable includes: the method includes calculating an inverse variable of the first variable, calculating the third variable using a result of a power calculation of the inverse variable of the first variable and a result of a power calculation of the second variable, calculating an inverse variable of the second variable, and calculating the fourth variable using a result of a power calculation of the first variable and a result of a power calculation of the inverse variable of the second variable, thereby providing an initialization efficiency.
According to an embodiment of the present disclosure, the square and modular multiplication operation module is configured to: in the window, under the condition that the value of the second index vector is from "0000" to "0111", performing quadratic computation on the first variable in the reference variable group, and performing modular multiplication operation on the result of the quadratic computation and the third variable or the fourth variable in the reference variable group to obtain a first output variable in the window and a second output variable in the window; taking the first output variable in the window and the second output variable in the window as the input of the next window calculation, assigning values to the first variable and the second variable in the next window, and/or performing quadrate calculation on the second variable in the reference variable group under the condition that the value of the second index vector is from 1000 to 1111, and performing modular multiplication operation on the result of the quadrate calculation and the third variable or the fourth variable in the reference variable group to obtain a third output variable in the window and a fourth output variable in the window; and taking the third output variable in the window and the fourth output variable in the window as the input of the calculation of the next window, and assigning values to the first variable and the second variable in the next window, thereby improving the operation efficiency.
According to an embodiment of the present disclosure, the square-and-modular multiplication operation module is further configured to: and after the calculation of all the windows is finished, taking the first output variable in the last window or the third output variable in the last window as the output variable, thereby improving the operation efficiency.
Fig. 10 shows a block diagram of an electronic device according to an embodiment of the present disclosure.
As shown in fig. 10, the electronic device 1000 comprises a memory 1001 and a processor 1002, wherein the memory 1001 is configured to store one or more computer instructions, wherein the one or more computer instructions are executed by the processor 1002 to implement the steps of:
acquiring a first coordinate and a first bit vector of a specified curve;
obtaining a reference coordinate set based on the first coordinate of the designated curve, wherein the reference coordinate set comprises a first reference coordinate, a second reference coordinate, a third reference coordinate and a reference multiple coordinate;
dividing the first bit vector into a second bit vector, wherein the length of the second bit vector is a specific window length which is larger than 1 bit;
and performing multiply-add calculation on the basis of the reference coordinates in the reference coordinate group window by window according to the value of the second bit vector to obtain a second coordinate, wherein the second coordinate is used for encrypting the specified curve.
In the embodiment of the present disclosure, it is,
the multiply-add calculation includes: calculating a multiple point and a point addition; and/or
A first reference coordinate in the reference coordinate set is an infinite point coordinate; and/or
A second reference coordinate in the reference coordinate set is a first coordinate of the designated curve; and/or
The third reference coordinate in the reference coordinate group is obtained by point subtraction calculation of the second reference coordinate and the first reference coordinate; and/or
And the reference multiple coordinates in the reference coordinate group are calculated by integral multiple points of the third reference coordinate.
In the embodiment of the present disclosure, it is,
under the condition that the length of the specific window is 2 bits, the reference multiple coordinate is obtained by calculating the third reference coordinate and a negative 1-time point of the third reference coordinate; and/or
Under the condition that the specific window length is 4 bits, the reference multiple coordinate is formed by the following calculation results: from a minus 8-fold point calculation result to an 8-fold point calculation result of the third reference coordinate.
In the embodiments of the present disclosure, it is preferred,
under the condition that the specific window length is 2 bits, the multiplication and addition calculation comprises the following steps:
in the said window, the window is provided with a window,
under the condition that the value of the second bit vector is "00" or "11",
performing double-point calculation on the first reference coordinate or the second reference coordinate twice to obtain a first output coordinate in a window;
performing point addition calculation on the first output coordinate in the window and the reference multiple coordinate to obtain a second output coordinate in the window;
and taking the first output coordinate in the window and the second output coordinate in the window as the input of the calculation of the next window, and respectively assigning values to the first reference coordinate and the second reference coordinate in the next window.
In the embodiments of the present disclosure, it is preferred,
under the condition that the specific window length is 2 bits, the multiply-add calculation further includes:
in the said window, the window is provided with a window,
under the condition that the value of the second bit vector is "01" or "10",
performing point addition calculation on the first reference coordinate and the second reference coordinate;
performing point doubling calculation on the result of the point addition calculation to obtain a third output coordinate in the window;
performing point addition calculation on the third output coordinate in the window and the reference multiple coordinate to obtain a fourth output coordinate in the window;
and taking the third output coordinate in the window and the fourth output coordinate in the window as the input of the calculation of the next window, and respectively assigning values to the first reference coordinate and the second reference coordinate in the next window.
In an embodiment of the present disclosure, the multiply-add calculation further includes:
and after the calculation of all the windows is finished, taking the first output coordinate in the last window or the third output coordinate in the last window as the second coordinate.
In the embodiments of the present disclosure, it is preferred,
under the condition that the specific window length is 4 bits, the multiplication and addition calculation comprises the following steps:
performing four times of point calculation on the first reference coordinate or the second reference coordinate in the window;
performing point addition calculation on the result of the fourth time point calculation and the reference multiple coordinate to obtain a fifth output coordinate in the window and a sixth output coordinate in the window;
and taking the fifth output coordinate in the window and the sixth output coordinate in the window as the input of the calculation of the next window, and respectively assigning values to the first reference coordinate and the second reference coordinate in the next window.
In an embodiment of the present disclosure, the multiply-add calculation further includes:
and after the calculation of all the windows is finished, taking a fifth output coordinate in the last window as the second coordinate.
In the embodiments of the present disclosure, it is preferred,
the four times of dot calculation is realized by continuous dot calculation.
In the embodiments of the present disclosure, it is preferred,
the specified curve is an elliptic curve.
The one or more computer instructions are further executable by the processor 1002 to implement the steps of:
acquiring a first base number and a first exponential vector of the modular exponentiation calculation;
initializing a reference variable set based on the first base number, the reference variable set comprising: a first variable, a second variable, a third variable, and a fourth variable;
dividing the first exponential vector into a second exponential vector, wherein the length of the second exponential vector is a specific window length which is larger than 1 bit, and the first exponential vector and the second exponential vector are bit vectors;
and performing multiple square calculation on the first variable or the second variable in the reference variable group window by window according to the value of the second index vector, and performing modular multiplication operation on the result of the multiple square calculation and the third variable or the fourth variable in the reference variable group to obtain an output variable, wherein the output variable is used for encrypting data.
In the embodiments of the present disclosure, it is preferred,
the specific window length is 4 bits.
In an embodiment of the present disclosure, the initializing a reference variable group based on the first base number includes:
initializing a first variable, initializing a second variable according to the first base number, and calculating a third variable and a fourth variable by using the first variable and the second variable.
In the embodiments of the present disclosure, it is preferred,
said calculating a third variable and a fourth variable using said first variable and said second variable comprises:
calculating an inverse variable of the first variable, calculating the third variable using a result of a power calculation of the inverse variable of the first variable and a result of a power calculation of the second variable,
and calculating an inverse variable of the second variable, and calculating the fourth variable by using a result of the power calculation of the first variable and a result of the power calculation of the inverse variable of the second variable.
In the embodiments of the present disclosure, it is preferred,
the window-by-window calculation of the first variable or the second variable in the reference variable group is performed with multiple square calculations according to the value of the second index vector, and the modular multiplication operation is performed with the result of the multiple square calculations and the third variable or the fourth variable in the reference variable group to obtain an output variable includes:
in the said window, the window is provided with a window,
under the condition that the value of the second index vector is "0000" to "0111",
performing quadratic calculation on a first variable in the reference variable group, and performing modular multiplication operation on a result of the quadratic calculation and a third variable or a fourth variable in the reference variable group to obtain a first output variable in a window and a second output variable in the window;
taking the first output variable in the window and the second output variable in the window as the input of the calculation of the next window, assigning values to the first variable and the second variable in the next window, and/or
Under the condition that the value of the second index vector is from "1000" to "1111",
performing quadratic calculation on a second variable in the reference variable group, and performing modular multiplication operation on a result of the quadratic calculation and a third variable or a fourth variable in the reference variable group to obtain a third output variable in the window and a fourth output variable in the window;
and taking the third output variable in the window and the fourth output variable in the window as the input of the calculation of the next window, and assigning values to the first variable and the second variable in the next window.
In this embodiment of the present disclosure, the performing, window by window, multiple square calculations on the first variable or the second variable in the reference variable group according to the value of the second index vector, and performing a modular multiplication operation on a result of the multiple square calculations and a third variable or a fourth variable in the reference variable group to obtain an output variable further includes:
and after the calculation of all the windows is finished, taking the first output variable in the last window or the third output variable in the last window as the output variable.
FIG. 11 shows a schematic block diagram of a computer system suitable for use in implementing methods according to embodiments of the present disclosure.
As shown in fig. 11, the computer system 1100 includes a processing unit 1101, which can execute various processes in the above-described embodiments according to a program stored in a Read Only Memory (ROM) 1102 or a program loaded from a storage section 1108 into a Random Access Memory (RAM) 1103. In the RAM1103, various programs and data necessary for the operation of the computer system 1100 are also stored. The processing unit 1101, the ROM1102, and the RAM1103 are connected to each other by a bus 1104. An input/output (I/O) interface 1105 is also connected to bus 1104.
The following components are connected to the I/O interface 1105: an input portion 1106 including a keyboard, mouse, and the like; an output portion 1107 including a signal output unit such as a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and a speaker; a storage section 1108 including a hard disk and the like; and a communication section 1109 including a network interface card such as a LAN card, a modem, or the like. The communication section 1109 performs communication processing via a network such as the internet. A driver 1110 is also connected to the I/O interface 1105 as necessary. A removable medium 1111 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is mounted on the drive 1110 as necessary, so that a computer program read out therefrom is mounted into the storage section 1108 as necessary. The processing unit 1101 may be implemented as a CPU, a GPU, a TPU, an FPGA, an NPU, or other processing units.
In particular, the above described methods may be implemented as computer software programs according to embodiments of the present disclosure. For example, embodiments of the present disclosure include a computer program product comprising computer instructions that, when executed by a processor, implement the method steps described above. In such an embodiment, the computer program product may be downloaded and installed from a network via the communication portion 1109 and/or installed from the removable media 1111.
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The units or modules described in the embodiments of the present disclosure may be implemented by software or by programmable hardware. The units or modules described may also be provided in a processor, and the names of the units or modules do not in some cases constitute a limitation of the units or modules themselves.
As another aspect, the present disclosure also provides a computer-readable storage medium, which may be a computer-readable storage medium included in the electronic device or the computer system in the above embodiments; or it may be a separate computer readable storage medium not incorporated into the device. The computer readable storage medium stores one or more programs for use by one or more processors in performing the methods described in the present disclosure.
In the present disclosure, it is to be understood that terms such as "including" or "having," etc., are intended to indicate the presence of labels, numbers, steps, actions, components, parts, or combinations thereof disclosed in the present specification, and are not intended to exclude the possibility that one or more other labels, numbers, steps, actions, components, parts, or combinations thereof are present or added.
Meanwhile, the above description is only a preferred embodiment of the present disclosure and an illustration of the applied technical principles. It will be appreciated by those skilled in the art that the scope of the invention in the present disclosure is not limited to the specific combination of the above-mentioned features, but also encompasses other embodiments in which any combination of the above-mentioned features or their equivalents is possible without departing from the inventive concept. For example, the above features and (but not limited to) the features disclosed in this disclosure having similar functions are replaced with each other to form the technical solution.

Claims (23)

1. An encryption method for specifying a curve, comprising:
acquiring a first coordinate and a first bit vector of a specified curve;
obtaining a reference coordinate set based on the first coordinate of the designated curve, wherein the reference coordinate set comprises a first reference coordinate, a second reference coordinate, a third reference coordinate and a reference multiple coordinate;
dividing the first bit vector into second bit vectors, wherein the length of each second bit vector is a specific window length which is larger than 1 bit;
and performing multiply-add calculation on the basis of the reference coordinates in the reference coordinate set window by window according to the value of the second bit vector to obtain a second coordinate, wherein the second coordinate is encrypted data obtained by encrypting the first bit vector on the basis of the specified curve.
2. The method of claim 1,
the multiply-add calculation includes: calculating a multiple point and a point addition; and/or
A first reference coordinate in the reference coordinate set is an infinite point coordinate; and/or
A second reference coordinate in the reference coordinate set is a first coordinate of the specified curve; and/or
The third reference coordinate in the reference coordinate group is obtained by point subtraction calculation of the second reference coordinate and the first reference coordinate; and/or
And the reference multiple coordinates in the reference coordinate group are calculated by integral multiple points of the third reference coordinate.
3. The method of claim 2,
under the condition that the length of the specific window is 2 bits, the reference multiple coordinate is obtained by calculating the third reference coordinate and a negative 1-time point of the third reference coordinate; and/or
Under the condition that the specific window length is 4 bits, the reference multiple coordinate is formed by the following calculation results: from a minus 8-fold point calculation result to an 8-fold point calculation result of the third reference coordinate.
4. The method of claim 3,
under the condition that the specific window length is 2 bits, the multiplication and addition calculation comprises the following steps:
in the said window, the window is provided with a window,
under the condition that the value of the second bit vector is "00" or "11",
performing double-point calculation on the first reference coordinate or the second reference coordinate twice to obtain a first output coordinate in a window;
performing point addition calculation on the first output coordinate in the window and the reference multiple coordinate to obtain a second output coordinate in the window;
and taking the first output coordinate in the window and the second output coordinate in the window as the input of the calculation of the next window, and respectively assigning values to the first reference coordinate and the second reference coordinate in the next window.
5. The method of claim 4,
under the condition that the specific window length is 2 bits, the multiply-add calculation further includes:
in the said window, the window is provided with a window,
under the condition that the value of the second bit vector is "01" or "10",
performing point addition calculation on the first reference coordinate and the second reference coordinate;
performing point doubling calculation on the result of the point addition calculation to obtain a third output coordinate in the window;
performing point addition calculation on the third output coordinate in the window and the reference multiple coordinate to obtain a fourth output coordinate in the window;
and taking the third output coordinate in the window and the fourth output coordinate in the window as the input of the calculation of the next window, and respectively assigning values to the first reference coordinate and the second reference coordinate in the next window.
6. The method of claim 5, wherein the multiply-add calculation further comprises:
and after the calculation of all the windows is finished, taking the first output coordinate in the last window or the third output coordinate in the last window as the second coordinate.
7. The method of claim 3,
under the condition that the specific window length is 4 bits, the multiplication and addition calculation comprises the following steps:
performing four times of point calculation on the first reference coordinate or the second reference coordinate in the window;
performing point addition calculation on the result of the fourth time multiple point calculation and the reference multiple coordinates to obtain a fifth output coordinate in the window and a sixth output coordinate in the window;
and taking the fifth output coordinate in the window and the sixth output coordinate in the window as the input of the calculation of the next window, and respectively assigning values to the first reference coordinate and the second reference coordinate in the next window.
8. The method of claim 7, wherein the multiply-add calculation further comprises:
and after the calculation of all the windows is finished, taking a fifth output coordinate in the last window as the second coordinate.
9. The method of claim 7,
the four times dot calculation is realized by continuous dot calculation.
10. The method of claim 1,
the specified curve is an elliptic curve.
11. An encryption apparatus for specifying a curve, comprising:
the first coordinate and bit vector acquisition module is used for acquiring a first coordinate and a first bit vector of the specified curve;
the first initialization module is used for obtaining a reference coordinate set based on the first coordinate of the designated curve, and the reference coordinate set comprises a first reference coordinate, a second reference coordinate, a third reference coordinate and a reference multiple coordinate;
a first bit vector dividing module, configured to divide the first bit vector into second bit vectors, where the length of the second bit vector is greater than a specific window length of 1 bit;
and the multiplication and addition calculation module is used for carrying out multiplication and addition calculation on the basis of the reference coordinates in the reference coordinate group window by window according to the value of the second bit vector to obtain a second coordinate, and the second coordinate is encrypted data obtained by encrypting the first bit vector on the basis of the specified curve.
12. The apparatus of claim 11,
the multiply-add calculation includes: calculating a multiple point and a point addition; and/or
A first reference coordinate in the reference coordinate set is an infinite point coordinate; and/or
A second reference coordinate in the reference coordinate set is a first coordinate of the designated curve; and/or
The third reference coordinate in the reference coordinate group is obtained by point subtraction calculation of the second reference coordinate and the first reference coordinate; and/or
And the reference multiple coordinates in the reference coordinate group are calculated by integral multiple points of the third reference coordinate.
13. The apparatus of claim 12,
under the condition that the length of the specific window is 2 bits, the reference multiple coordinate is obtained by calculating the third reference coordinate and a negative 1-time point of the third reference coordinate; and/or
Under the condition that the specific window length is 4 bits, the reference multiple coordinate is formed by the following calculation results: from a minus 8-fold point calculation result to an 8-fold point calculation result of the third reference coordinate.
14. The apparatus of claim 13,
under the condition that the specific window length is 2 bits, the multiply-add calculation module is configured to:
in the said window, the window is provided with a window,
under the condition that the value of the second bit vector is "00" or "11",
performing double-point calculation on the first reference coordinate or the second reference coordinate twice to obtain a first output coordinate in a window;
performing point addition calculation on the first output coordinate in the window and the reference multiple coordinate to obtain a second output coordinate in the window;
and taking the first output coordinate in the window and the second output coordinate in the window as the input of the calculation of the next window, and respectively assigning values to the first reference coordinate and the second reference coordinate in the next window.
15. The apparatus of claim 14,
under the condition that the specific window length is 2 bits, the multiply-add calculation module is further configured to:
in the said window, the window is provided with a window,
under the condition that the value of the second bit vector is "01" or "10",
performing point addition calculation on the first reference coordinate and the second reference coordinate;
performing point doubling calculation on the result of the point addition calculation to obtain a third output coordinate in the window;
performing point addition calculation on the third output coordinate in the window and the reference multiple coordinate to obtain a fourth output coordinate in the window;
and taking the third output coordinate in the window and the fourth output coordinate in the window as the input of the calculation of the next window, and respectively assigning values to the first reference coordinate and the second reference coordinate in the next window.
16. The apparatus of claim 15, wherein the multiply-add computation module is further configured to:
and after the calculation of all the windows is finished, taking the first output coordinate in the last window or the third output coordinate in the last window as the second coordinate.
17. The apparatus of claim 13,
under the condition that the specific window length is 4 bits, the multiply-add calculation module is configured to:
performing four times of point calculation on the first reference coordinate or the second reference coordinate in the window;
performing point addition calculation on the result of the fourth time point calculation and the reference multiple coordinate to obtain a fifth output coordinate in the window and a sixth output coordinate in the window;
and taking the fifth output coordinate in the window and the sixth output coordinate in the window as the input of the calculation of the next window, and respectively assigning values to the first reference coordinate and the second reference coordinate in the next window.
18. The apparatus of claim 17, wherein the multiply-add computation module is further configured to:
and after the calculation of all the windows is finished, taking a fifth output coordinate in the last window as the second coordinate.
19. The apparatus of claim 17,
the four times dot calculation is realized by continuous dot calculation.
20. The apparatus of claim 11,
the specified curve is an elliptic curve.
21. An electronic device comprising a memory and a processor; wherein the memory is to store one or more computer instructions that are executed by the processor to implement the method steps of any one of claims 1-10.
22. A readable storage medium having stored thereon computer instructions for execution by a processor to perform the method steps of any of claims 1-10.
23. A chip characterized by comprising an encryption device for specifying curves according to any one of claims 11 to 20.
CN202210429372.0A 2022-04-22 2022-04-22 Data encryption method and device, electronic equipment using data encryption method and storage medium Active CN114531241B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN202210429372.0A CN114531241B (en) 2022-04-22 2022-04-22 Data encryption method and device, electronic equipment using data encryption method and storage medium
CN202210945567.0A CN115276994A (en) 2022-04-22 2022-04-22 Encrypted data processing method and device, electronic equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210429372.0A CN114531241B (en) 2022-04-22 2022-04-22 Data encryption method and device, electronic equipment using data encryption method and storage medium

Related Child Applications (1)

Application Number Title Priority Date Filing Date
CN202210945567.0A Division CN115276994A (en) 2022-04-22 2022-04-22 Encrypted data processing method and device, electronic equipment and storage medium

Publications (2)

Publication Number Publication Date
CN114531241A CN114531241A (en) 2022-05-24
CN114531241B true CN114531241B (en) 2022-08-30

Family

ID=81628282

Family Applications (2)

Application Number Title Priority Date Filing Date
CN202210945567.0A Pending CN115276994A (en) 2022-04-22 2022-04-22 Encrypted data processing method and device, electronic equipment and storage medium
CN202210429372.0A Active CN114531241B (en) 2022-04-22 2022-04-22 Data encryption method and device, electronic equipment using data encryption method and storage medium

Family Applications Before (1)

Application Number Title Priority Date Filing Date
CN202210945567.0A Pending CN115276994A (en) 2022-04-22 2022-04-22 Encrypted data processing method and device, electronic equipment and storage medium

Country Status (1)

Country Link
CN (2) CN115276994A (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107425968A (en) * 2017-06-22 2017-12-01 广东工业大学 A kind of SM2 elliptic curve public key cryptographic algorithms under binary field F2m realize system
CN108306735A (en) * 2017-12-29 2018-07-20 成都锐成芯微科技股份有限公司 The hardware implementation method and its system of elliptic curve point multiplication operation
CN111966324A (en) * 2020-08-19 2020-11-20 哈尔滨理工大学 Multi-elliptic curve scalar multiplier oriented implementation method, device and storage medium
CN112134704A (en) * 2020-09-21 2020-12-25 中国电子科技网络信息安全有限公司 Sm2 performance optimization implementing method
CN113691543A (en) * 2021-08-25 2021-11-23 苏州国芯科技股份有限公司 Data encryption method and device based on elliptic curve, computer equipment and medium

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107425968A (en) * 2017-06-22 2017-12-01 广东工业大学 A kind of SM2 elliptic curve public key cryptographic algorithms under binary field F2m realize system
CN108306735A (en) * 2017-12-29 2018-07-20 成都锐成芯微科技股份有限公司 The hardware implementation method and its system of elliptic curve point multiplication operation
CN111966324A (en) * 2020-08-19 2020-11-20 哈尔滨理工大学 Multi-elliptic curve scalar multiplier oriented implementation method, device and storage medium
CN112134704A (en) * 2020-09-21 2020-12-25 中国电子科技网络信息安全有限公司 Sm2 performance optimization implementing method
CN113691543A (en) * 2021-08-25 2021-11-23 苏州国芯科技股份有限公司 Data encryption method and device based on elliptic curve, computer equipment and medium

Also Published As

Publication number Publication date
CN115276994A (en) 2022-11-01
CN114531241A (en) 2022-05-24

Similar Documents

Publication Publication Date Title
CN112148437B (en) Calculation task acceleration processing method, device and equipment for federal learning
CN112070222B (en) Processing device, accelerator and method for federal learning
US8498411B1 (en) Using multiples above two with running totals and reference values other than 0 and 2 (window size) in elliptic curve cryptography scalar multiplication acceleration tables
US20110161390A1 (en) Modular multiplication processing apparatus
US6567832B1 (en) Device, method, and storage medium for exponentiation and elliptic curve exponentiation
US7024560B2 (en) Power-residue calculating unit using Montgomery algorithm
CN108875416B (en) Elliptic curve multiple point operation method and device
Zheng et al. Exploiting the floating-point computing power of GPUs for RSA
US6763366B2 (en) Method for calculating arithmetic inverse over finite fields for use in cryptography
CN113608718B (en) Method for realizing prime number domain large integer modular multiplication calculation acceleration
CN111092718A (en) Encryption method and device and electronic equipment
CN116633526B (en) Data processing method, device, equipment and medium
CN114531241B (en) Data encryption method and device, electronic equipment using data encryption method and storage medium
Al-Shorman et al. Performance of Parallel RSA on IMAN1 Supercomputer
US20040091105A1 (en) Apparatus for hyperelliptic-curve cryptography processing
Seo et al. Consecutive operand-caching method for multiprecision multiplication, revisited
CN113467752B (en) Division operation device, data processing system and method for private calculation
CN112799637B (en) High-throughput modular inverse computation method and system in parallel environment
CN114706557A (en) ASIC chip and implementation method and device of Montgomery modular multiplication
KR100257123B1 (en) High-speed exponentiation method using a modified montgomery modular multiplication
Baktır et al. Finite field polynomial multiplication in the frequency domain with application to elliptic curve cryptography
KR100257124B1 (en) High-speed exponentiation method using common-multiplicand modular multiplication
KR100194769B1 (en) Using memory to find inverses on finite fields
KR20020086005A (en) Inverse operator for elliptic curve cryptosystems
US11954487B2 (en) Techniques, devices, and instruction set architecture for efficient modular division and inversion

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20220524

Assignee: CHINA GRIDCOM Co.,Ltd.

Assignor: BEIJING SMARTCHIP MICROELECTRONICS TECHNOLOGY Co.,Ltd.

Contract record no.: X2022990000699

Denomination of invention: Data encryption method, device, electronic device and storage medium using the method

Granted publication date: 20220830

License type: Common License

Record date: 20220923

EE01 Entry into force of recordation of patent licensing contract