CN-122027146-A - Hardware processing system, method and storage medium suitable for SIKE protocol

Abstract

The application discloses a hardware processing system, a method and a storage medium suitable for SIKE protocols, and relates to the field of quantum computation, comprising a control module, a SIKE algorithm kernel module and a storage module, wherein the control module comprises a state machine for coordinating data flow and operation sequences in key generation, key encapsulation and key decapsulation processes related to SIKE protocols, the SIKE algorithm kernel module comprises a finite field operation unit, a homologous calculation engine and a hash unit, the homologous calculation engine is used for calculating target point multiplication operation and target large number homologous calculation related to SIKE protocols, the homologous calculation engine is used for receiving a data processing request related to the SIKE algorithm and issued by a target host, target key related data corresponding to the data processing request, reporting processing states of the target key related data to the target host, and the storage module is used for storing elliptic curve points, curve parameters and data calculation results generated in the process of processing the target key related data.

Inventors

• WANG TINGPING
• SUN CHENG
• WANG JIANQIANG
• ZHENG JIANG
• XIAO ZUONAN
• KUANG QIHE

Assignees

• 苏州国芯科技股份有限公司

Dates

Publication Date

20260512

Application Date

20260325

Claims (10)

1. 1. A hardware processing system adapted for use with a SIKE protocol, comprising: The control module comprises a state machine for coordinating data flow and operation sequences in key generation, key encapsulation and key decapsulation processes related to SIKE protocols; SIKE an algorithm kernel module, wherein the SIKE algorithm kernel module comprises a finite field operation unit, a homologous calculation engine and a hash unit containing a hash function, and the homologous calculation engine is used for calculating target point multiplication operation and target large number homologous calculation related to the SIKE protocol; The configuration register is used for receiving a data processing request related to SIKE algorithm issued by a target host, target key related data corresponding to the data processing request and reporting the processing state of the target key related data to the target host; The storage module is used for storing elliptic curve points, curve parameters and data calculation results generated in the process of processing the related data of the target key.
2. 2. The hardware processing system adapted for use with the SIKE protocol as in claim 1, wherein the state machines include a master state machine and a module state machine; the main state machine is a state machine for coordinating the execution sequence and state circulation of the module state machine.
3. 3. The hardware processing system adapted for use with the SIKE protocol as in claim 2, wherein the module state machines include a state machine for key generation, a state machine for key agreement, a state machine for hash operation; the states occurring in the state machine related to the key generation sequentially comprise an idle state, a modulo addition state, a three-point step multiplication operation state, a homology mapping calculation state, an inversion operation state and an end state; The states occurring in the state machine related to the key agreement sequentially comprise an idle state, a state for calculating target parameters in an elliptic curve, a modulo addition state, a three-point step multiplication operation state, a homology mapping calculation state, a state for calculating invariant in the elliptic curve and a completion state.
4. 4. The hardware processing system according to claim 1, wherein the finite field operation unit includes a modulo multiplier based on a montgomery modulo multiplication algorithm, a modulo add/modulo subtract, a modulo inverter based on an extended euclidean algorithm, and a squarer.
5. 5. The hardware processing system adapted for use with the SIKE protocol as in claim 1, wherein the homology computation engine includes a point multiplication module and a homology evaluation module; the point multiplication module is a module for carrying out point multiplication on a base point and a private key related to a SIKE algorithm based on a Montgomery ladder algorithm; The homology evaluation module is a module for calculating homology based on Velu formula and degree of homology mapping.
6. 6. The hardware processing system adapted for use with the SIKE protocol as in claim 1, wherein the storage module includes a distributed RAM or a block RAM.
7. 7. The hardware processing system of claim 1, wherein the configuration register is disposed at a target location between a system bus and the control module, and wherein the system bus is coupled to the target host.
8. 8. A key processing method based on a hardware processing system, wherein the hardware processing system is the hardware processing system according to any one of claims 1 to 7, and wherein the key processing method comprises: Acquiring a data processing request which is issued by a target host based on a system bus and is related to SIKE algorithm and target key related data corresponding to the data processing request by a configuration register in the hardware processing system, wherein the data processing request is a data processing request containing any one or more of key generation, key encapsulation and key decapsulation related to SIKE algorithm; And correspondingly processing the target key related data based on the data processing request by a control module, a SIKE algorithm kernel module and a storage module in the hardware processing system to obtain a key related data processing result, so as to upload the key related data processing result to the target host through the configuration register.
9. 9. The key processing method based on a hardware processing system according to claim 8, wherein the processing, by using a control module, SIKE algorithm kernel module and a storage module in the hardware processing system, of the target key related data based on the data processing request to perform corresponding processing, obtains a key related data processing result, includes: generating corresponding configuration signals according to the data processing request through a state machine in a control module of the hardware processing system; and determining a homologous calculation sequence of a corresponding target degree according to the configuration signal and the target key related data through a homologous calculation engine, a finite field operation unit and a hash unit containing a hash function in a storage module and a SIKE algorithm kernel module of the hardware processing system, and executing corresponding data processing operation based on the homologous calculation sequence to obtain a corresponding processing result.
10. 10. A computer readable storage medium for storing a computer program, wherein the computer program when executed by a processor implements the hardware processing system based key processing method of claim 8 or 9.

Description

Hardware processing system, method and storage medium suitable for SIKE protocol Technical Field The present invention relates to the field of quantum computing, and in particular, to a hardware processing system, method and storage medium suitable for SIKE protocols. Background With the development of quantum computing, the existing mainstream public key cryptosystems such as RSA and ECC face serious threats. Post quantum cryptography aims at designing cryptographic algorithms that are resistant to quantum computer attacks. The SIKE algorithm based on the super singular elliptic curve homology problem is regarded as a promising candidate scheme due to the smaller key size, and enters a high-standard post quantum cryptography standard selection flow, and the exquisite algorithm design structure has important research value. However, the SIKE algorithm has high computational complexity, especially on the frequently performed finite field operations such as modular multiplication and modular addition, which can lead to significant performance bottlenecks in software implementation, and it is difficult to satisfy application scenarios with strict requirements on real-time performance and power consumption. In the prior art, although research is attempted to perform preliminary acceleration through software optimization of a general-purpose processor such as RISC-V or using FPGA, the problems of large calculation delay and low energy efficiency are often caused. For example, on resource-constrained IoT devices, directly deploying SIKE algorithms that are not hardware-accelerated can face significant challenges. Therefore, how to design a special hardware architecture for SIKE algorithm core operation features to achieve dual improvement of computing efficiency and security is a technical problem to be solved currently. Disclosure of Invention In view of the above, the present invention aims to provide a hardware processing system, a method and a storage medium applicable to SIKE protocols, which can design a special hardware architecture for the core operation feature of SIKE algorithm to realize dual improvement of computing efficiency and security. The specific scheme is as follows: in a first aspect, the present application provides a hardware processing system adapted for use with SIKE protocols, comprising: The control module comprises a state machine for coordinating data flow and operation sequences in key generation, key encapsulation and key decapsulation processes related to SIKE protocols; SIKE an algorithm kernel module, wherein the SIKE algorithm kernel module comprises a finite field operation unit, a homologous calculation engine and a hash unit containing a hash function, and the homologous calculation engine is used for calculating target point multiplication operation and target large number homologous calculation related to the SIKE protocol; The configuration register is used for receiving a data processing request related to SIKE algorithm issued by a target host, target key related data corresponding to the data processing request and reporting the processing state of the target key related data to the target host; The storage module is used for storing elliptic curve points, curve parameters and data calculation results generated in the process of processing the related data of the target key. Optionally, the state machine includes a main state machine and a module state machine; the main state machine is a state machine for coordinating the execution sequence and state circulation of the module state machine. Optionally, the module state machine includes a state machine related to key generation, a state machine related to key negotiation, and a state machine related to hash operation; the states occurring in the state machine related to the key generation sequentially comprise an idle state, a modulo addition state, a three-point step multiplication operation state, a homology mapping calculation state, an inversion operation state and an end state; The states occurring in the state machine related to the key agreement sequentially comprise an idle state, a state for calculating target parameters in an elliptic curve, a modulo addition state, a three-point step multiplication operation state, a homology mapping calculation state, a state for calculating invariant in the elliptic curve and a completion state. Optionally, the finite field operation unit includes a modulo multiplier based on a montgomery modulo multiplication algorithm, a modulo add/modulo subtract device, a modulo inverse device based on an extended euclidean algorithm, and a squarer. Optionally, the homology calculation engine comprises a point multiplication module and a homology evaluation module; the point multiplication module is a module for carrying out point multiplication on a base point and a private key related to a SIKE algorithm based on a Montgomery ladder algorithm; The homology evaluation module is a modul