面向移动设备的国密SM2高效实现研究
Research on Efficient Implementation of SM2 for Mobile Devices
- 电子学报 2023年51卷第12期 页码:3437-3443
- 作者机构:
1.南京航空航天大学计算机科学与技术学院,江苏南京 211106
2.香港浸会大学,香港 999077
3.北京师范大学-香港浸会大学联合国际学院,广东珠海 519087
4.之江实验室,浙江杭州 311101
- 作者简介:
[ "张吉鹏 男,1999年3月出生于山东省济宁市.现为南京航空航天大学博士生.研究方向为公钥密码算法、后量子密码算法、密码工程.E-mail: jp-zhang@outlook.com" ]
[ "黄军浩 男,1995年11月出生于广东省化州市.现为香港浸会大学、北京师范大学香港浸会大学联合国际学院博士生.研究方向为公钥密码算法、后量子密码算法、密码工程. E-mail: huangjunhao@uic.edu.cn" ]
[ "刘 哲(通讯作者) 男,1986年12月出生于山东省济宁市,国家海外高层次人才,现任之江实验室基础理论研究院副院长.曾获得教育部高校计算机专业优秀教师奖、《麻省理工科技评论》中国区“35岁以下科技创新35人”、阿里巴巴达摩院青橙奖、中国密码学会密码创新奖一等奖等荣誉.长期从事信息安全领域的研究,在IACR CHES、ACM CCS、IEEE S&P等顶级安全会议和IEEE TC、IEEE TDSC、IEEE TIFS等顶级安全期刊发表学术论文160多篇. E-mail: zhe.liu@zhejianglab.com" ]
- 基金信息:国家重点研发计划(2020AAA0107703);国家自然科学基金(62132008);霍英东教育基金(171057);江苏省杰出青年基金(BK20220075)
DOI:10.12263/DZXB.20221419
中图分类号: TP309收稿:2022-12-21,
修回:2023-07-31,
纸质出版:2023-12-25
- 稿件说明:
移动端阅览
张吉鹏,黄军浩,于璇等.面向移动设备的国密SM2高效实现研究[J].电子学报,2023,51(12):3437-3443.
ZHANG Ji-peng,HUANG Jun-hao,YU Xuan,et al.Research on Efficient Implementation of SM2 for Mobile Devices[J].ACTA ELECTRONICA SINICA,2023,51(12):3437-3443.
张吉鹏,黄军浩,于璇等.面向移动设备的国密SM2高效实现研究[J].电子学报,2023,51(12):3437-3443. DOI: 10.12263/DZXB.20221419.
ZHANG Ji-peng,HUANG Jun-hao,YU Xuan,et al.Research on Efficient Implementation of SM2 for Mobile Devices[J].ACTA ELECTRONICA SINICA,2023,51(12):3437-3443. DOI: 10.12263/DZXB.20221419.
摘要
SM2的优化实现在x86-64架构上已经得到了充分的研究,但在ARMv8-A架构上的优化仍不充分,为此本工作提出了以下优化方案:针对SM2的模
p
与模
n
乘法/平方运算,充分利用
p
与
n
的数值特点优化了蒙哥马利模乘;针对模
p
与模
n
求逆运算,推导并实现了更快的基于费马小定理的模逆算法;针对固定点与非固定点标量乘法,分别实现了宽度为7与5的窗口算法;针对签名生成过程中
s
的计算,用一个模
n
加/减法替换一个模
n
乘法.将上述优化技术集成到OpenSSL(3.0.0-beta1)中后,在华为云鲲鹏920计算平台上的测试表明,SM2签名性能提升8.7倍;SM2验签性能提升3.5倍.在移动设备树莓派4平台上,SM2的签名性能提高9.7倍;验签性能提高3.4倍.
Abstract
SM2 has been fully studied on x86-64 architecture
but its optimization on ARMv8-A architecture is inadequate. In this work
we propose the following optimizations to fill this gap: for the modular multiplication/squaring of
p
and
n
in SM2
we optimize Montgomery modular multiplication/squaring by leveraging the numerical characteristics of
p
and
n
; for the modular inversion of
p
and
n
in SM2
we derive and implement a faster modular inversion algorithm based on Fermat's little theorem; for fixed-point and unknown-point scalar multiplication
we implement window algorithms with a window width of 7 and 5
respectively; for the calculation of
s
during the signature generation process
we replace a modular multiplication of
n
with a cheaper modular addition/subtraction of
n
. After integrating the optimizations mentioned above into OpenSSL (3.0.0-beta1)
the benchmark on the HUAWEI Cloud Kunpeng 920 computing platform shows that the performance of SM2 signature generation is accelerated by 8.7 times; the performance of SM2 signature verification is accelerated by 3.5 times. Meanwhile
on the mobile device Raspberry Pi 4 platform
the performance of SM2 signature generation is accelerated by 9.7 times; the
performance of SM2 signature verification is accelerated by 3.4 times.
关键词
Keywords
references
HANKERSON D , MENEZES A J , VANSTONE S . Guide to Elliptic Curve Cryptography [M ] . Berlin : Springer Science & Business Media , 2006 .
ADALIER M , TEKNIK A . Efficient and secure elliptic curve cryptography implementation of curve p-256 [C ] // Workshop on Elliptic Curve Cryptography Standards . Gaithersburg : NIST , 2015 : 1 - 10 .
BERNSTEIN D J . Curve25519: New Diffie-Hellman speed records [C ] // International Workshop on Public Key Cryptography . Berlin : Springer , 2006 : 207 - 228 .
BERNSTEIN D J , DUIF N , LANGE T , et al . High-speed high-security signatures [J ] . Journal of Cryptographic Engineering , 2012 , 2 ( 2 ): 77 - 89 .
XIA J , CHENG C N , ZHOU X P , et al . Kunpeng 920: The first 7-nm chiplet-based 64-core ARM SoC for cloud services [J ] . IEEE Micro , 2021 , 41 ( 5 ): 67 - 75 .
DONGARRA J . Report on the Fujitsu Fugaku system [R/OL ] . ( 2020-06-22 )[ 2022-11-01 ] . https://icl.utk.edu/files/publications/2020/icl-utk-1379-2020.pdf https://icl.utk.edu/files/publications/2020/icl-utk-1379-2020.pdf .
BERNSTEIN D J , SCHWABE P . NEON crypto [C ] // International Workshop on Cryptographic Hardware and Embedded Systems . Berlin : Springer , 2012 : 320 - 339 .
FAZ-HERNÁNDEZ A , LÓPEZ J , DAHAB R . High-performance implementation of elliptic curve cryptography using vector instructions [J ] . ACM Transactions on Mathematical Software , 2019 , 45 ( 3 ): 1 - 35 .
KOC C K , ACAR T , KALISKI B S . Analyzing and comparing Montgomery multiplication algorithms [J ] . IEEE Micro , 1996 , 16 ( 3 ): 26 - 33 .
MAI L , YAN Y , JIA S L , et al . Accelerating SM2 digital signature algorithm using modern processor features [C ] // International Conference on Information and Communications Security . Cham : Springer , 2019 : 430 - 446 .
GUERON S , KRASNOV V . Fast prime field elliptic-curve cryptography with 256-bit primes [J ] . Journal of Cryptographic Engineering , 2015 , 5 ( 2 ): 141 - 151 .
国家密码管理局 . SM2椭圆曲线公钥密码算法第1部分:总则 [S/OL ] . ( 2010-12 )[ 2022-11-10 ] . https://www.oscca.gov.cn/sca/xxgk/2010-12/17/1002386/files/b791a9f908bb4803875ab6aeeb7b4e03.pdf https://www.oscca.gov.cn/sca/xxgk/2010-12/17/1002386/files/b791a9f908bb4803875ab6aeeb7b4e03.pdf .
兰修文 . ECC计算算法的优化及其在SM2实现中的运用 [D ] . 成都 : 电子科技大学 , 2019 .
LAN X W . Optimization of ECC Calculation Algorithm and its Application in SM2 Implementation [D ] . Chengdu : University of Electronic Science and Technology of China , 2019 . (in Chinese)
KNUTH D E . The Art of Computer Programming, Volume 2: Seminumerical Algorithms [M ] . Hoboken : Addison-Wesley Professional , 2014 .
BRIAN S . The most efficient known addition chains for field element & scalar inversion for the most popular & most unpopular elliptic curves [R/OL ] . ( 2017-05-31 )[ 2022-11-10 ] . https://briansmith.org/ecc-inversion-addition-chains-01 https://briansmith.org/ecc-inversion-addition-chains-01 .
Project OpenSSL . bn_mod_exp_mont_consttime subroutine [R/OL ] . ( 2023-06-11 )[ 2023-07-31 ] . https://github.com/openssl/openssl/blob/master/crypto/bn/bn_exp.c https://github.com/openssl/openssl/blob/master/crypto/bn/bn_exp.c .
Project GmSSL . ecp_sm 2 z 256 _mod_inverse subroutine[R/OL ] . ( 2018-09-07 )[ 2022-11-10 ] . https://github.com/guanzhi/GmSSL/blob/GmSSL-v2/crypto/ec/ecp_sm2z256.c https://github.com/guanzhi/GmSSL/blob/GmSSL-v2/crypto/ec/ecp_sm2z256.c .
ZHOU L , SU C H , HU Z , et al . Lightweight implementations of NIST P-256 and SM2 ECC on 8-bit resource-constraint embedded device [J ] . ACM Transactions on Embedded Computing Systems , 2019 , 18 ( 3 ): 1 - 13 .
Project OpenSSL . ecp_nistz 256-armv 8 .pl[R/OL ] . ( 2021-10-01 )[ 2022-11-10 ] . https://github.com/openssl/openssl/blob/master/crypto/ec/asm/ecp_nistz256-armv8.pl https://github.com/openssl/openssl/blob/master/crypto/ec/asm/ecp_nistz256-armv8.pl .
BOOTH A D . A signed binary multiplication technique [J ] . The Quarterly Journal of Mechanics and Applied Mathematics , 1951 , 4 ( 2 ): 236 - 240 .
Project OpenSSL . bn_mul_montsubroutine [R/OL ] . ( 2021-10-01 )[ 2022-11-10 ] . https://github.com/openssl/openssl/blob/master/crypto/bn/asm/armv8-mont.pl https://github.com/openssl/openssl/blob/master/crypto/bn/asm/armv8-mont.pl .
0
浏览量
10
下载量
0
CSCD
- 网络PDF下载
- Meta-XML下载
- BibTeX下载
- Endnote下载
- RefMan 下载
- NoteExpress下载
- NoteFirst下载
关联资源
相关文章
相关作者
相关机构
- 技术支持由北京北大方正电子有限公司提供 京ICP备09064830号-19
京公网安备11010802024621 - 本系统建议在Chrome、 IE9+ 以上版本浏览器阅读本站内容,360浏览器请切换至极速模式
- Cookies帮助我们提供服务并提供个性化体验。使用本网站,即表示您同意我们使用Cookies