CN-122001593-A - Control method and system of elliptic curve crypto coprocessor

Abstract

The invention discloses a control method and a system of an elliptic curve cryptographic coprocessor, and relates to the technical field of information security, wherein the method comprises the steps that a controller initializes a register module, and the register module acquires a first parameter of an X25519 key exchange process, a second parameter of an Ed25519 signature process and a third parameter of an Ed25519 signature verification process; the digital signature module performs Ed25519 signature operation by using Edwards curves based on the operation unit and the second parameter, performs Ed25519 signature verification operation by using expanded quaternary homogeneous coordinates based on a signature operation result and the third parameter, and the register module receives the key exchange result, the signature operation result and the signature verification operation result and outputs a control signal. The invention provides a high-efficiency and safe encryption solution for the resource-limited Internet of things equipment.

Inventors

• YIN ZHENYU
• WEN YONGJUN
• ZHONG QINGHUA
• WANG DEMING

Assignees

• 华南师范大学

Dates

Publication Date

20260508

Application Date

20260303

Claims (10)

1. 1. A method for controlling an elliptic curve crypto coprocessor, the method comprising: initializing a register module by a controller of the elliptic curve cryptography coprocessor based on a finite state machine, wherein the register module acquires a first parameter of an X25519 key exchange process, a second parameter of an Ed25519 signature process and a third parameter of an Ed25519 signature verification process; an operation unit of a dispatching prime domain module operation module, and an X25519 key exchange module performs X25519 key exchange by utilizing a parallel calculation strategy based on the operation unit and a first parameter to obtain a key exchange result; The Ed25519 digital signature module performs Ed25519 signature operation by using an Edwards curve based on the operation unit and the second parameter to obtain a signature operation result; performing Ed25519 signature verification operation by using the expanded quaternary homogeneous coordinates based on the signature operation result and the third parameter to obtain a signature verification operation result; the register module receives the key exchange result, the signature operation result and the signature verification operation result and outputs a control signal based on the key exchange result, the signature operation result and the signature verification operation result.
2. 2. The method for controlling an elliptic curve crypto coprocessor according to claim 1, wherein the X25519 key exchange module performs X25519 key exchange by using a parallel computing policy based on the operation unit and the first parameter, and obtains a key exchange result, including: The X25519 key exchange module performs scalar multiplication operation by utilizing a parallel calculation strategy based on the operation unit and the first parameter to obtain the public key; And performing scalar multiplication operation by using the public key based on the operation unit to obtain a shared key.
3. 3. The method for controlling an elliptic curve crypto coprocessor according to claim 2, wherein the scalar multiplication is performed by using a parallel computing strategy based on the operation unit and the first parameter to obtain the public key, comprising: Generating an algorithm scalar parameter based on the first parameter; and determining a modular adding unit, a modular subtracting unit, a modular multiplying unit and a modular inverting unit based on the operation unit, and performing scalar multiplication operation by using the modular adding unit, the modular subtracting unit, the modular multiplying unit and the modular inverting unit based on the scalar parameters of the algorithm by using a parallel calculation strategy to obtain the public key.
4. 4. The method for controlling an elliptic curve crypto coprocessor according to claim 3, wherein the scalar multiplication operation is performed by using the modulo addition unit, the modulo subtraction unit, the modulo multiplication unit and the modulo inverse unit in combination with a parallel computing strategy based on the algorithmic scalar parameter to obtain the public key, and the method comprises the following steps: Determining an addition result and a reduction result by using a modulo addition unit in combination with the parallel computing strategy based on the algorithm scalar parameters; Determining output data based on the modulo reduction unit using the addition result and the subtraction result; and performing scalar multiplication operation by using the modular multiplication unit and the modular inverse unit based on the output data to obtain the public key.
5. 5. The method for controlling an elliptic curve crypto coprocessor according to claim 1, wherein the Ed25519 digital signature module performs an Ed25519 signature operation using an Edwards curve based on the operation unit and the second parameter, and obtains a signature operation result, including: The Ed25519 digital signature module performs hash processing on the second parameter based on the SHA-512 module to obtain EdDSA public keys; and performing Ed25519 signature operation by using the EdDSA public key and combining with the Edwards curve based on the operation unit to obtain a signature operation result.
6. 6. The method for controlling an elliptic curve crypto coprocessor as set forth in claim 5, wherein said performing an Ed25519 signature operation based on the operation unit using the EdDSA public key in combination with an Edwards curve to obtain a signature operation result includes: determining a modular adding unit, a modular subtracting unit, a modular multiplying unit and a modular inverting unit based on the operation unit; And performing Ed25519 signature operation by combining the EdDSA public keys with the Edwards curve based on the modulo adding unit, the modulo subtracting unit, the modulo multiplying unit and the modulo inverting unit to obtain a signature operation result.
7. 7. The method for controlling an elliptic curve crypto coprocessor according to claim 6, wherein the performing Ed25519 signature operation based on the modulo adding unit, the modulo subtracting unit, the modulo multiplying unit and the modulo inverting unit by using the EdDSA public key in combination with the Edwards curve to obtain a signature operation result includes: Setting a time sequence scheduling period of a modular adding unit and setting a borrowing mark of a modular subtracting unit; Setting a two-stage reduction strategy of a modular multiplication unit, and setting an extended Euclidean algorithm of a modular inversion unit; And performing Ed25519 signature operation by combining the EdDSA public key with an Edwards curve based on the time sequence scheduling period of the modulo addition unit, the borrowing mark of the modulo subtraction unit, the two-stage reduction strategy of the modulo multiplication unit and the extended Euclidean algorithm of the modulo inversion unit to obtain a signature operation result.
8. 8. The method for controlling an elliptic curve crypto coprocessor according to claim 1, wherein the performing Ed25519 signature verification operation by using extended quaternary homogeneous coordinates based on the signature operation result and a third parameter to obtain a signature verification operation result includes: Performing point adding operation by using the expanded quaternary homogeneous coordinates based on the signature operation result and a third parameter to obtain a point adding operation result; Performing point-time operation by using the expanded quaternary homogeneous coordinates based on the signature operation result and a third parameter to obtain a point-time operation result; And carrying out Ed25519 signature verification operation based on the point adding operation result and the point multiplying operation result to obtain a signature verification operation result.
9. 9. The method for controlling an elliptic curve crypto coprocessor according to claim 8, wherein the performing Ed25519 signature verification operation based on the point adding operation result and the point multiplying operation result to obtain a signature verification operation result includes: performing modular inverse operation based on the point adding operation result and the point multiplying operation result to obtain a modular inverse operation result; and determining affine coordinates based on the modulus inverse operation result, and carrying out Ed25519 signature verification operation based on the affine coordinates to obtain a signature verification operation result.
10. 10. A control system for an elliptic curve crypto coprocessor, characterized in that the system comprises a register module, a prime-field modular arithmetic module, an X25519 key exchange module, an Ed25519 digital signature module and a controller, said controller being connected to said register module, prime-field modular arithmetic module, X25519 key exchange module and Ed25519 digital signature module, respectively, said register module being connected to said X25519 key exchange module and Ed25519 digital signature module, respectively, wherein said apparatus is configured for performing the control method for an elliptic curve crypto coprocessor according to any one of claims 1-9.

Description

Control method and system of elliptic curve crypto coprocessor Technical Field The invention relates to the technical field of information security, in particular to a control method and a control system of an elliptic curve crypto coprocessor. Background With the rapid development of the internet of things technology, the security problem has become a major challenge for data exchange between nodes of the internet of things. Most of the current internet of things devices generally face multiple security threats such as weak identity authentication mechanism, missing message integrity, disclosure of personal privacy information and the like. The current internet of things system also faces the security and resource balance challenges while pursuing lightweight design, on one hand, the internet of things equipment is generally limited by requirements of computing capacity, storage space, power consumption and the like, and the hardware constraint requires a security protocol to have high conciseness and high energy efficiency, so that excessive input cost can be caused. On the other hand, the existing lightweight security schemes mainly depend on traditional symmetric encryption algorithms, and although the algorithms are high in calculation efficiency and low in resource consumption, the existing lightweight security schemes still have some inherent limitations, firstly, the risk that passwords are cracked is increased due to long-term fixed use of keys, secondly, the existing lightweight security schemes only depend on symmetric encryption mechanisms, lack of perfect identity authentication mechanisms, and cannot verify the true identities and data integrity of two communication parties. In this regard, each enterprise has introduced an elliptic curve crypto coprocessor to solve the above problems, however, the existing elliptic curve crypto coprocessor still has drawbacks, for example, the modular multiplication implementation scheme adopts general Montgomery reduction and requires additional domain conversion overhead, and the modular addition and subtraction operation adopts a serial comparison judgment strategy, so that the critical path is longer, and the overall performance is affected. Disclosure of Invention The invention aims to overcome the defects of the prior art, and provides a control method and a system for an elliptic curve crypto coprocessor, which realize the control of the elliptic curve crypto coprocessor with better performance and provide a high-efficiency and safe encryption solution for the resource-limited Internet of things equipment. In order to solve the technical problems, the invention provides a control method of an elliptic curve crypto coprocessor, which comprises the following steps: initializing a register module by a controller of the elliptic curve cryptography coprocessor based on a finite state machine, wherein the register module acquires a first parameter of an X25519 key exchange process, a second parameter of an Ed25519 signature process and a third parameter of an Ed25519 signature verification process; an operation unit of a dispatching prime domain module operation module, and an X25519 key exchange module performs X25519 key exchange by utilizing a parallel calculation strategy based on the operation unit and a first parameter to obtain a key exchange result; The Ed25519 digital signature module performs Ed25519 signature operation by using an Edwards curve based on the operation unit and the second parameter to obtain a signature operation result; performing Ed25519 signature verification operation by using the expanded quaternary homogeneous coordinates based on the signature operation result and the third parameter to obtain a signature verification operation result; the register module receives the key exchange result, the signature operation result and the signature verification operation result and outputs a control signal based on the key exchange result, the signature operation result and the signature verification operation result. Optionally, the X25519 key exchange module performs X25519 key exchange by using a parallel computing policy based on the operation unit and the first parameter, to obtain a key exchange result, including: The X25519 key exchange module performs scalar multiplication operation by utilizing a parallel calculation strategy based on the operation unit and the first parameter to obtain the public key; And performing scalar multiplication operation by using the public key based on the operation unit to obtain a shared key. Optionally, the performing scalar multiplication operation by using a parallel computing policy based on the operation unit and the first parameter to obtain the public key includes: Generating an algorithm scalar parameter based on the first parameter; and determining a modular adding unit, a modular subtracting unit, a modular multiplying unit and a modular inverting unit based on the operation unit, and per