低功耗嵌入式平台的SM2国密算法优化实现

doi:10.11959/j.issn.2096-109x.2022080

网络与信息安全学报 ›› 2022, Vol. 8 ›› Issue (6): 29-38.doi: 10.11959/j.issn.2096-109x.2022080

• 专题：密码学技术与应用 • 上一篇下一篇

低功耗嵌入式平台的SM2国密算法优化实现

刘赣秦, 李晖, 朱辉, 黄煜坤, 刘兴东

西安电子科技大学网络与信息安全学院，陕西西安 710071

修回日期:2022-07-05 出版日期:2022-12-15 发布日期:2023-01-16
作者简介:刘赣秦（1998- ），男，江西莲花人，西安电子科技大学硕士生，主要研究方向为密码算法的高性能优化
李晖（1968- ），男，河南灵宝人，博士，西安电子科技大学教授、博士生导师，主要研究方向为密码学、无线网络安全、云计算安全、信息论与编码理论
朱辉（1981- ），男，河南周口人，博士，西安电子科技大学教授、博士生导师，主要研究方向为数据安全与隐私保护、安全方案及协议设计、网络及应用安全
黄煜坤（1998- ），男，湖北襄阳人，西安电子科技大学硕士生，主要研究方向为密码算法的高性能优化
刘兴东（1992- ），男，湖南衡阳人，西安电子科技大学硕士生，主要研究方向为网络空间安全、可信执行环境、密码算法优化
基金资助:
国家自然科学基金(61972304);国家自然科学基金(61932015);陕西省重点产业创新链项目(2020ZDLGY08-04)

Public key cryptographic algorithm SM2 optimized implementation on low power embedded platform

Ganqin LIU, Hui LI, Hui ZHU, Yukun HUANG, Xingdong LIU

School of Cyber Engineering, Xidian University, Xi’an 710071, China

Revised:2022-07-05 Online:2022-12-15 Published:2023-01-16
Supported by:
The National Natural Science Foundation of China(61972304);The National Natural Science Foundation of China(61932015);Natural Science Foundation of Shaanxi Province(2020ZDLGY08-04)

摘要/Abstract

摘要：

随着无线通信技术的发展和智能终端的普及，越来越多的密码算法被应用到物联网设备中以保障通信安全和数据安全，其中，由国家密码管理局提出的 SM2 椭圆曲线公钥密码算法作为我国自主研发的椭圆曲线公钥密码算法具有安全性高、密钥短的优点，已在通信系统中广泛部署，应用于身份认证、密钥协商等关键环节。然而，由于算法涉及有限域上的大整数运算，计算开销较大，在低功耗嵌入式平台下的执行严重影响用户体验。因此，面向ARM-m系列处理器提出了一种低功耗嵌入式平台的SM2算法的高效实现方案。具体来说，通过 Thumb-2 指令集提供的支持处理进位和节省寻址周期，对大整数的模加、模减等基础运算进行优化，并结合平台可用寄存器的数量构建高效的基础运算模块；基于ARM-m系列处理器乘累加指令周期短的特点，优化蒙哥马利乘法实现，并结合CIOS算法设计高效的模乘方案，方案不再局限于梅森素数，极大地提高了模乘计算的速度和灵活性；在理论分析和实验测试的基础上，给出了嵌入式平台上多倍点标量乘法 wNAF 滑动窗法的窗长选取方法。实验测试结果表明，可有效提升资源受限的低功耗嵌入式平台中SM2 算法的计算效率，不做预计算的情况下在 Cortex-M3 处理器上测试签名速度可达 0.204 秒/次，验签速度0.388秒/次，加密速度0.415秒/次，解密速度0.197秒/次。

关键词: 信息安全, 椭圆曲线密码体制, SM2, 嵌入式平台, 优化

Abstract:

With the development of wireless communication technology and the popularization of intelligent terminals, more and more cryptographic algorithms are applied to IoT devices to ensure the security of communication and data.Among them, the SM2 elliptic curve public key cryptography proposed by the State Cryptography Administration is an elliptic curve public key cryptography algorithm developed domestically, which has the advantages of high security and short key.SM2 has been widely deployed in various communication systems and is used in essential parts such as identity authentication and key negotiation.However, since SM2 involves large integer operations on finite fields, the computational cost is high, and its execution on a low-power embedded platform seriously affects the user experience.Therefore, an efficient implementation scheme of SM2 algorithm for low-power embedded platform was proposed for ARM-m series processors.Specifically, Thumb-2 instruction set was adopted to handle carry and save addressing cycles, basic operations such as modulo addition and sub-traction of large integers were optimized, and the number of available registers on the platform was combined to build efficient basic operations.Besides, based on the short multiplication and accumulation instruction cycle of ARM-m series processors, the implementation of Montgomery multiplication was optimized, and an efficient modular multiplication scheme was designed in combination with the CIOS algorithm.The scheme was no longer limited to Mersenne primes, and greatly improved the speed and flexibility of modular multiplication.Based on the theoretical analysis and experimental test, the window length selection method of the multiple point-scalar multiplication wNAF sliding window method on the embedded platform was given.The experimental test results show that the proposed scheme can effectively improve the computational efficiency of the SM2 algorithm on the resource-constrained low-power embedded platform.Without pre-calculation, the test signature speed can reach 0.204s/time, the signature verification speed is 0.388s/time, the encryption speed is 0.415s/time, and the decryption speed is 0.197s/time.

Key words: information security, elliptic curve cryptosystem, SM2, embedded platform, optimization

中图分类号:

TP393

刘赣秦, 李晖, 朱辉, 黄煜坤, 刘兴东. 低功耗嵌入式平台的SM2国密算法优化实现[J]. 网络与信息安全学报, 2022, 8(6): 29-38.

Ganqin LIU, Hui LI, Hui ZHU, Yukun HUANG, Xingdong LIU. Public key cryptographic algorithm SM2 optimized implementation on low power embedded platform[J]. Chinese Journal of Network and Information Security, 2022, 8(6): 29-38.

图/表 11

图1

表1

图2

图3

表2

表3

表4

表5

图4

表6

图5

参考文献 29

[1]	国家密码管理局. SM2 椭圆曲线公钥密码算法第 1 部分:总则:GM/T 0003.1-2012[S]. 北京:中国标准出版社, 2012:8.
	State Cryptography Administration. SM2 elliptic curve public key cryptography algorithm part 1:general provisions:GM/T 0003.1-2012[S]. 8 Beijing:China Standard Press, 2012:8.
[2]	罗玙榕, 曹进, 李晖 ,等. 基于SM2联合签名的电子发票公开验证方案[J]. 网络与信息安全学报, 2022,8(2): 122-131.
	LUO Y R , CAO J , LI H ,et al. Electronic invoice public verification scheme based on SM2 joint signature[J]. Journal of Network and Information Security, 2022,8(2): 122-131.
[3]	陈锋, 邹洪, 吴亚楠 ,等. 基于SM2密码体系的电力信息安全监控系统设计[J]. 电子设计工程, 2022,30(5): 100-103,108.
	CHEN F , ZOU H , WU Y N ,et al. Design of power information security monitoring system based on sm2 cipher system[J]. Electronic Design Engineering, 2022,30(5): 100-103,108.
[4]	程朝辉 . 基于SM2的无证书加密算法[J]. 密码学报, 2021,8(1): 87-95.
	CHENG C H . Certificateless encryption algorithm based on SM2[J]. Journal of Cryptography, 2021,8(1): 87-95.
[5]	MONTGOMERY P L . Modular multiplication without trial division[J]. Mathematics of Computation, 1985,44(170): 519-521.
[6]	KOC C , ACAR T , JR B . Analyzing and comparing montgomery multiplication algorithms[J]. Micro,IEEE, 1996,16(3): 26-33.
[7]	SOLINAS J A . Generalized mersenne numbers[M]. Faculty of Mathematics,University of Waterloo, 1999.
[8]	PARIHAR A , NAKHATE S . High-speed high-throughput VLSI Architecture for RSA montgomery modular multiplication with efficient format conversion[J]. Journal of the Institution of Engineers (India) Series B, 2019,100(2): 217-222.
[9]	RAHMAN M S , HOSSAIN M S , RAHAT E H ,et al. Efficient hardware implementation of 256-bit ECC processor over prime field[C]// 2019 International Conference on Electrical,Computer and Communication Engineering (ECCE). 2019: 1-6.
[10]	王腾飞, 张海峰, 许森 . SM2专用指令协处理器设计与实现[J]. 计算机工程与应用, 2022,58(2): 102-109.
	WANG T F , ZHANG H F , XU S . Design and implementation of SM2 special instruction coprocessor[J]. Computer Engineering and Applications, 2022,58(2): 102-109.
[11]	DING J N , LI S G , GU Z . High-speed ECC processor over NIST prime fields applied with toom–cook multiplication[J]. IEEE Transactions on Circuits and Systems I, 2019,66(3): 1003-1016.
[12]	李斌, 周清雷, 陈晓杰 ,等. 可重构的素域SM2算法优化方法[J]. 通信学报, 2022,43(3): 30-41.
	LI B , ZHOU Q L , CHEN X J ,et al. Optimization of reconfigurable SM2 algorithm over prime field[J]. Journal of Communication, 2022,43(3): 30-41.
[13]	HOSSAIN M S , KONG Y . High-performance FPGA implementation of modular inversion over F_256 for elliptic curve cryptography[C]// 2015 IEEE International Conference on Data Science and Data Intensive Systems. 2015: 169-174.
[14]	ZHOU L , SU C , HU Z ,et al. Lightweight implementations of NIST P-256 and SM2 ECC on 8-bit resource-constraint embedded device[J]. ACM Transactions on Embedded Computing Systems (TECS), 2019,18(3): 1-13.
[15]	朱辉, 黄煜坤, 王枫为 ,等. 一种基于图形处理器的高吞吐量SM2 数字签名计算方案[J]. 电子与信息学报, 2022,44(10): 1-10.
	ZHU H , HUANG Y K , WANG F W ,et al. A high throughput SM2 digital signature computing scheme based on graphics processor[J]. Journal of Electronics and Information Technology, 2022,44(10): 1-10.
[16]	LONGA P , GEBOTYS C . Efficient techniques for high-speed elliptic curve cryptography[C]// International Workshop on Cryptographic Hardware and Embedded Systems. Heidelberg, 2010: 80-94.
[17]	COHEN H , MIYAJI A , ONO T . Efficient elliptic curve exponentiation using mixed coordinates[C]// International Conference on the Theory and Application of Cryptology and Information Security. 1998: 51-65.
[18]	SETIADI I , KISTIJANTORO A I , MIYAJI A . Elliptic curve cryptography:Algorithms and implementation analysis over coordinate systems[C]// 2015 2nd International Conference on Advanced Informatics:Concepts,Theory and Applications (ICAICTA). 2015: 1-6.
[19]	LONGA P , MIRI A . Fast and flexible elliptic curve point arithmetic over prime fields[J]. IEEE Transactions on Computers, 2008,57(3): 289-302.
[20]	HANKERSON D , MENEZES A J , VANSTONE S . Guide to elliptic curve cryptography[M]. Springer Science ＆ Business Media, 2006.
[21]	ISLAM M M , HOSSAIN M S , HASAN M K ,et al. FPGA implementation of high-speed area-efficient processor for elliptic curve point multiplication over prime field[J]. IEEE Access, 2019,7: 178811-178826.
[22]	国家密码管理局. SM3 密码杂凑算法:GMT 0004.4-2012[S]. 北京:中国标准出版社, 2012:8.
	National Cryptography Administration. SM3 password hashing algorithm:GMT 0004.4-2012[S]. Beijing:Standards Press of China, 2012:8.
[23]	RIVAIN M . Fast and regular algorithms for scalar multiplication over elliptic curves[J]. Cryptology ePrint Archive, 2011.
[24]	GURA N , Patel A , Wander A ,et al. Comparing elliptic curve cryptography and RSA on 8-bit CPUs[C]// International Workshop on Cryptographic Hardware and Embedded Systems. 2004: 119-132.
[25]	Advanced Micro Devices,Inc. AMD graphic core next[R]. Advanced Micro Devices,Inc, 2011.
[26]	DUSSE S R , KALISKI B S . A cryptographic library for the Motorola DSP56000[C]// Workshop on the Theory and Application of Cryptographic Techniques. 1990: 230-244.
[27]	MUIR J , STINSON D . Minimality and other properties of the width-? nonadjacent form[J]. Mathematics of Computation, 2006,75(253): 369-384.
[28]	国家密码管理局. SM2椭圆曲线公钥密码算法第5部分:参数定义:GMT 0003.4-2012[S]. 北京:中国标准出版社, 2012.
	National Cryptography Administration. SM2 Elliptic curve public key cryptography algorithm Part 5:Parameter definition:GMT 0003.4-2012[S]. Beijing:Standards Press of China, 2012.
[29]	闫闵 . 基于GPU的SM2数字签名和验证算法的快速实现与优化[D]. 上海:上海交通大学, 2020.
	YAN M . Fast implementation and optimization of SM2 digital signature and verification algorithm based on GPU[D]. Shanghai:Shanghai Jiaotong University, 2020.

指令	说明
LDMIA/STMIA Rn <reg list>	从指定存储器位置读取/写入多
	个字到reg list给出的寄存器列
	表中
CMP Ra,Rb	比较两寄存器内容并修改标
	志位
ADDS/SUBS Ra,Rb,Rc	Ra=Rb+/-Rc，修改标志位
ADD/SUB Ra,Rb,Rc	Ra=Rb+/-Rc，不修改标志位
ADCS/SBCS Ra,Rb,Rc	Ra=Rb+/-Rc+/-进位/借位，修改
	标志位
LDR Ra,[Rb,#immed]	将 Rb 中地址偏移量为 immed
	的字加载到Ra
UMLAL RdLo,RdHi,Rn,Rm	{RdHi,RdLo}+=Rn*Rm
EOR Rd,Rn	将Rd与Rn按位异或结果保存
	在Rd

寄存器	功能
r0~r2	x、y、p地址
r3	当前操作数
r4~r11	指令LDMIA加载的256位变量
r12	临时存放r3操作数，模减时使用

窗口长度w	预计算阶段计算量	乘法阶段计算量	总计算量
2	A+D	86A+256D	87A+257D
3	3A+D	64A+256D	67A+257D
4	7A+D	52A+256D	59A+257D
5	15A+D	43A+256D	58A+257D
6	31A+D	37A+256D	68A+257D
7	63A+D	32A+256D	95A+257D
注：A代表点加运算，D代表倍点运算

方法	约占运行时间总比例	耗时/ms	平均每次耗时/μs
本文	2%	51.972	1.175 8
LibTomMath库	6%	177.628	4.018 7

模乘算法	SM2签名时间/s	SM2验签时间/s	SM2加密时间/s	SM2解密时间/s
蒙哥马利乘法^[5]	0.652 8	1.293 8	1.276 3	0.649 0
文献[29]	0.412 9	0.810 5	0.807 0	0.410 3
梅森素数法^[12]	0.219 9	0.422 0	0.429 2	0.218 2
SOS^[6]	0.258 1	0.498 8	0.503 9	0.256 1
FIOS^[6]	0.369 6	0.722 4	0.722 1	0.367 1
本文	0.207 2	0.396 4	0.404 4	0.205 5

低功耗嵌入式平台的SM2国密算法优化实现

Public key cryptographic algorithm SM2 optimized implementation on low power embedded platform

在线阅读

pdf下载

可视化

摘要/Abstract

引用本文

使用本文

图/表 11

参考文献 29

相关文章 15

Metrics

推荐阅读 0

多倍点标量乘法算法	预计算时间占比	预计算耗时/s	标量乘法耗时/s
二进制展开	0%	0	255.418
滑动窗（w=5）	7.6%	14.976	196.451
滑动窗（w=4）	3.7%	7.253	196.944
wNAF（w=5）	7.7%	14.951	194.268
wNAF（w=4）	3.8%	7.272	192.161

[1]	胡向东, 唐玲玲. 基于轻量级梯度提升机优化的工业互联网入侵检测方法[J]. 网络与信息安全学报, 2023, 9(2): 46-55.
[2]	白雪, 秦宝东, 郭瑞, 郑东. 基于SM2的两方协作盲签名协议[J]. 网络与信息安全学报, 2022, 8(6): 39-51.
[3]	刘军, 袁霖, 冯志尚. 集群网络密钥管理方案研究综述[J]. 网络与信息安全学报, 2022, 8(6): 52-69.
[4]	谢绒娜, 马铸鸿, 李宗俞, 田野. 基于卷积神经网络的加密流量分类方法[J]. 网络与信息安全学报, 2022, 8(6): 84-91.
[5]	夏毅, 兰明敬, 陈晓慧, 罗军勇, 周刚, 何鹏. 可解释的知识图谱推理方法综述[J]. 网络与信息安全学报, 2022, 8(5): 1-25.
[6]	谢绒娜, 范晓楠, 袁琳, 郭子晨, 朱家玉, 史国振. 在线社交网络中延伸访问控制机制研究[J]. 网络与信息安全学报, 2021, 7(5): 123-131.
[7]	陈佩, 李凤华, 李子孚, 郭云川, 成林. 基于规则关联的安全数据采集策略生成[J]. 网络与信息安全学报, 2021, 7(5): 132-148.
[8]	毋文超, 任志宇, 杜学绘. 基于权限聚类的属性值优化[J]. 网络与信息安全学报, 2021, 7(4): 175-182.
[9]	王涛, 陈鸿昶. 考虑拜占庭属性的SDN安全控制器多目标优化部署方案[J]. 网络与信息安全学报, 2021, 7(3): 72-84.
[10]	李瑾, 曹进, 张跃宇, 张美茹, 李晖. 信息安全专业课程思政的逆向教学设计——以西安电子科技大学“无线通信网络安全”课程为例[J]. 网络与信息安全学报, 2021, 7(3): 166-174.
[11]	曹琪, 阮树骅, 陈兴蜀, 兰晓, 张红霞, 金泓键. Hyperledger Fabric平台的国密算法嵌入研究[J]. 网络与信息安全学报, 2021, 7(1): 65-75.
[12]	刘国杰,张建标. 基于TPCM的服务器可信PXE启动方法[J]. 网络与信息安全学报, 2020, 6(6): 105-111.
[13]	胡桥,胡玉鹏,廖鑫,秦拯,孙建华,张吉良. 湖南大学信息安全专业本科培养计划修订调查分析及改进思路[J]. 网络与信息安全学报, 2020, 6(4): 153-158.
[14]	曲强,于洪涛,黄瑞阳. 基于注意力机制的社交垃圾文本检测方法[J]. 网络与信息安全学报, 2020, 6(1): 54-61.
[15]	贾春福,李瑞琪,田美琦,程晓阳. 信息安全与法学复合型人才培养模式[J]. 网络与信息安全学报, 2019, 5(3): 31-35.