Abstract: Elliptic curve encryption is a public key system that can provide the highest bit strength among all public key cryptosystems currently known. When the FPGA realizes the elliptic curve encryption system, the multiplication and inversion operations in the polynomial finite field based on GF(2) are the two major difficulties. This article provides an elliptic curve encryption FPGA implementation structure, focusing on the realization of multiplication and inversion operations in the polynomial finite field based on GF(2), and compares the performance with the software implementation.
Encryption security From the point of view of number theory, any public key cryptosystem is based on an NP (unsolvable problem), that is, for a specific problem, there is no way to find a polynomial time algorithm to solve the problem. Generally, the algorithms for solving such problems are exponential time or sub-exponential time. For example, the commonly used RSA algorithm is based on the intractability of large integer factorization problems. After nearly 30 years of research, although the RSA algorithm does not have a polynomial time algorithm, you can find a sub-exponential time algorithm. At present, the key length must be greater than 1024 bits to ensure the security of information transmission, while the elliptic curve encryption system (EllipTIc Curve Cryptosystem—ECC) is a public key system that can provide the highest bit strength (Strength-Per-Bit) among all public key cryptosystems currently known. It only needs 160 keys to achieve 1024-bit RSA algorithm. The level of security provided. It is based on the Discrete Logarithm Problem (ECDLP) in the point group on the elliptic curve over the finite field, which is considered by many cryptographic experts to be exponential difficulty. Therefore, for the elliptic curve encryption system, from the perspective of calculation amount, processing speed, storage space and communication bandwidth, the elliptic curve encryption system has great advantages. The public key encryption algorithm standard P1363 that IEEE has developed is based on the ECC algorithm. Nowadays, the cryptography community generally believes that it will replace RSA as a general public key cryptographic algorithm. It has become a research hotspot and a very promising research direction.
Figure 1 Point algorithm implementation
Figure 2 Key and data exchange
Figure 3 Structure diagram of elliptic curve encryption system
Figure 4 Block diagram of FPGA circuit module of elliptic curve encryption system
Figure 5 Verification system structure
Elliptic curve encryption system Elliptic curve The introduction of Non-supersingular elliptic curve Weierstrass equation E: Y2+XY=X3+aX2+c where a, c∈GF(2k), c≠0. In order to simplify the calculation in the future, introduce z so that X=x/z; Y=y/z, then the elliptic curve equation is transformed into E: y2z+xyz=x3+ax2z+cz3, and define (x, y, z)=λ( x, y, z). It can be seen that when z≠0, (X, Y) and (x, y, z) correspond. When z=0, it can be understood as going to infinity along the y axis, which is defined as the infinity point O. Then all the points on the elliptic curve plus the point at infinity constitute an Abel group, and O is the identity element (zero element). Two point operations are defined on the elliptic curve E: point operations and point operations.
1) The point operation on the elliptic curve is defined as: Suppose P=( x1, y1, 1)∈E, Q=( x2, y2, 1) ∈E, -P=( x1, y1+ x1, 1), when Q≠-P when PQ=(x3, y3, z3) then when P≠Q:
Where A=(x2z1+x1), B=(y2z1+y1), C=A+B, D=A2(A+a2z1)z1BC
When P=Q:
among them
2) The point operation on the elliptic curve is defined as: Suppose P=(x1, y1, 1)∈E, (ltlt-1...l0)2 is the binary representation of integer l, lP=PPAP=Q and Q∈ E.
Using the above point operation, the point algorithm is realized as shown in Figure 1. Define l=logpQ. If the period of P is large, it is easier to use l and P to find Q, but it is difficult to use P and Q to find l. This is ECDLP. Elliptic curve encryption is based on this problem. on.
Encryption system In the Diffe-Hellman public key system system, the specific elliptic curve, the point P on the curve and the large prime number N of P are public information.
To communicate between A and B, first obtain the elliptic curve E, the point P and the prime number N. Then user A uses the randomly selected integer a in [1,N-1] as the private key, and A sends KpubA=aP as his public key to user B, and at the same time, B sends random in [1,N-1] The selected integer b is used as the private key, and KpubB=bP is sent to A as its own public key. A and B each multiply their private key by the public key passed by the other party to obtain KAB, thus completing the key exchange process. When user A needs to send the data m to be transmitted to user B, A uses m and KAB to generate Em. When user B gets Em, it uses the KAB generated by the key exchange process and the encrypted data Em obtained from user A. Data m. See Figure 2.
Elliptic encryption system implementation. In the elliptic encryption systems that have been put into use so far, most of the key lengths are relatively short, generally concentrated in 30 to 60 bits. This is because when the software is implemented, the key is limited by the software execution rate. The rate of an elliptical encryption system with a relatively large length (≥160) will not meet the requirements for use. At the same time, in hardware implementation, an elliptical encryption system with a relatively large key length will consume a lot of hardware resources. With the deepening of elliptic encryption algorithm research and the rapid development of programmable logic devices, it is a possible choice to implement elliptical encryption systems using programmable logic devices. An implementation scheme will be introduced below and implemented with software and hardware.
According to the requirements of the above elliptic encryption system, the encryption system structure diagram of Figure 3 is designed, in which the ellipse encryption system parameter interface obtains the basic parameters of the ellipse related to encryption, such as the private key, the elliptic curve, and the given point on the elliptic curve. The elliptic curve multiplication control part is mainly responsible for how to calculate the multiplication result, and will call PP and PQ to achieve the multiplication function; and PP and PQ get the result through the call of finite field addition, multiplication and inversion.
Software model verification The main purpose of software implementation is to establish a verification model for hardware implementation. The structure of the entire software is shown in Figure 3. In the process of implementing the software verification system, the addition on the finite field is an exclusive OR operation. Multiplication and inversion on a finite field are key points, and resource consumption during hardware implementation must be considered in advance, and efficient algorithms are required. In this system, the particularity brought by the compound domain GF((2n)m) is used, which can realize multiplication and inversion operations efficiently and quickly.
* Multiplication on GF(2n): A(y)&TImes;B(y)=C(Y)modQ(y), Q(y) is a reduced polynomial. Commonly used are: Paar-Rosner multiplier, Mastrovito multiplier, Massey-Omura multiplier, Hasan-Bhargava multiplier, etc. Here are two options:
1) When n is relatively small, it can be realized by the look-up table method, set ω as the primitive root of Q(y)=0, then F2n={0,ω,Aω2n-1}, use the look-up table method to obtain the order times of A and B a, b, the order of C is c=a+b, again using the look-up table method to get C from c. This method is used in this system to realize multiplication on GF(2n).
2) When n is relatively large, the resource consumption by using the look-up table method is too large and unbearable. You can use C=Z&TImes;B (when n is relatively large), Z is a matrix determined by A(y), Q(y), among them:
* Multiplication of compound finite fields: Taking GF((24)2) as an example, the multiplication of GF(28) can be constructed by multiplication and addition on GF(24). The primitive polynomial of the subdomain GF(24) is Q(y)=y4+y+1, and the primitive polynomial of the second subdomain is R(z)=z3+z+ω14, where ω is the GF(24) The base element satisfies Q(ω)=0. The multiplication of two elements in the field [a0+a1z]&TImes;[b0+b1z] can be expressed as:
In this way, the multiplication of GF((24)2) on the compound field can be obtained by the mathematical operation of the finite field on GF(24).
* The inverse operation of the compound finite field: the inverse of the element A in the compound finite field GF((2n)m) is:
Among them, it can be observed that Ar belongs to the element in the subdomain GF(2n), and the value of (Ar)-1 can be easily calculated.
FPGA hardware implementation software implementation method development time is short, but its encryption speed is relatively slow, which hinders the practicality of elliptic curve encryption. The FPGA method combines the flexibility of software and the security of hardware, and provides a superior speed than the software-based method. Compared with traditional ASIC implementations, programmable devices are more suitable for cryptographic applications due to their high flexibility. field.
Based on the software model, we optimized the model for the characteristics of the FPGA hardware. According to the requirements of the elliptic curve encryption algorithm, the encryption system is modularized. Each module performs its own function independently, and the modules exchange data and time sequence to achieve the encryption function. Figure 4 is a block diagram of the circuit module implemented by the elliptic curve encryption system FPGA.
Among them, the elliptic curve encryption control system module is the core of the whole system. When Ready is True, the system reads in the initial data and controls the RAM to store the initial data. In the operation process, the module controls the selector according to the data source, performs PP=R and PQ=R operations to obtain the final result, and then outputs the result through the Out_Ready signal; the selector module is based on the instructions provided by the control system module Control the PP=R module and PQ=R module, and provide the corresponding real-time data stream; the PP=R module and PQ=R module use the timing control of the addition and multiplication operations on the finite field to find the points on the elliptic curve The addition operation will directly affect the speed performance of the entire system. Therefore, it is necessary to design a reasonable input and output data stream for addition and multiplication operations on a finite field to achieve a high-efficiency operation rate. Various memory modules store the initial value of the system, the intermediate value in the operation process, and the result of the system operation according to different instructions.
Based on the above factors, we chose the VirtexII device of XILINX Company, ISE 4.1 as the development platform, and VHDL as the development language. Because the 168-bit elliptic curve encryption algorithm requires a relatively large amount of calculation, wiring is a factor worth considering when implementing FPGA. For the selection of FPGA devices, wiring resources should be considered. The Virtex series provides abundant wiring resources. The performance indicators obtained after simulation on Modelsim are: the initial setup time is required for the first encryption or decryption driven by a 40MHz clock, the output of plaintext or ciphertext takes about 2ms, and the subsequent output of plaintext or ciphertext is about 25Mbps. It can be seen that this is a relatively high rate and can be applied to many occasions.
Application system verification After the ellipse encryption hardware is implemented, it must be verified in the actual system. We specially constructed a serial port encryption experiment board for verification. The structure of the entire verification system is shown in Figure 5. The actual system verification proves that the hardware implementation of the above-mentioned elliptic encryption system is successful.
Conclusion Public key cryptosystems are usually used in key management, key exchange, digital signature and authentication and other occasions that involve less information due to their high computational and time complexity. At present, old algorithms such as DES and RSA are still widely used. The update of the algorithm can not only enable the original cipher users to obtain better performance, but also enable the use of IC cards, mobile phones and other fields that are otherwise difficult to implement cryptographic algorithms. Password technology to ensure information security.
The elliptic curve cryptosystem (ECC) is attracting the attention of the industry with its shorter key and theoretically higher strength, and the hardware implementation of the elliptic curve cryptosystem (ECC) will also be a focal point in the public key cryptosystem. . Although this article has laid a good foundation for future work, there is still a lot of work to be done in the following aspects. The first is the development of programmable logic devices, and devices that can provide greater gate counts and faster rates will inevitably appear in the future; secondly, the improvement of the elliptic curve cryptosystem itself; finally, the further improvement of hardware implementation algorithms for finite field mathematical operations. With the development of the above aspects, hardware implementations that can provide longer keys and faster data rates will be implemented, and a faster and more secure encryption system will be provided for the development of the national economy and society.
All in one pc is a new trend for desktop type computer nowadays. What you can see at this store is Custom All In One PC. There are 19 inch all in one pc, 21.5 All In One PC, All In One PC 23.8 Inch and 27 inch all in one pc, which are the main sizes at the market. How to choose the most suitable one for special application? According to clients` feedback, 19.1 inch entry level, 21.5 inch middle and low level, 23.8 or 27 inch higher level-All In One PC I7. Some clients may worry the heat-releasing since equipped releasing fan into the back of monitor, see no releasing fences on back cover. However, totally no need worry that point, cause special back cover material and releasing holes can meet the demand of heat releasing.
You can see All In One Business Computer, All In One Gaming PC, and All In One Desktop Touch Screen series at this shop.
Any other unique design or parameters, just feel free to contact us so that can get right and value information quickly.
Believe will try our best to support you!
All In One PC,All In One Pc I7,Custom All In One Pc,All In One Pc 23.8 Inch,21.5 All In One Pc
Henan Shuyi Electronics Co., Ltd. , https://www.shuyielectronictech.com