[go: up one dir, main page]

CN104468100A - Improved sliding window modular exponentiation computing method - Google Patents

Improved sliding window modular exponentiation computing method Download PDF

Info

Publication number
CN104468100A
CN104468100A CN201410726861.8A CN201410726861A CN104468100A CN 104468100 A CN104468100 A CN 104468100A CN 201410726861 A CN201410726861 A CN 201410726861A CN 104468100 A CN104468100 A CN 104468100A
Authority
CN
China
Prior art keywords
window
zero
length
sliding window
modular
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201410726861.8A
Other languages
Chinese (zh)
Inventor
孙达志
杨博为
李晓红
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tianjin University
Original Assignee
Tianjin University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tianjin University filed Critical Tianjin University
Priority to CN201410726861.8A priority Critical patent/CN104468100A/en
Publication of CN104468100A publication Critical patent/CN104468100A/en
Pending legal-status Critical Current

Links

Landscapes

  • Complex Calculations (AREA)

Abstract

本发明涉及密码学、信息安全领域,为提出一种提高效率的预计算方法,能够有效降低滑动窗口算法的计算复杂度,为此,本发明采取的技术方案是,改进的滑动窗口模幂计算方法,包括如下步骤:首先需要确定一个最大窗口长度d,窗口定义为对数字按位进行划分的分组,每个分组的位数不大于d,然后根据具体策略将指数e划分为零窗口与非零窗口;计算时扫描指数遇到零窗口则进行模平方操作,遇到非零窗口先进行模平方操作,再从预计算存储值中获取相应模幂值进行模乘操作。本发明主要应用于数据处理及机要通信。

The present invention relates to the fields of cryptography and information security. In order to propose a pre-calculation method for improving efficiency, which can effectively reduce the computational complexity of the sliding window algorithm, the technical solution adopted by the present invention is to improve the sliding window modular exponentiation calculation The method includes the following steps: firstly, a maximum window length d needs to be determined, and the window is defined as a group that divides numbers by bits, and the number of bits in each group is not greater than d, and then according to a specific strategy, the index e is divided into zero windows and non- Zero window; when the scanning index encounters a zero window during calculation, the modular square operation is performed, and when a non-zero window is encountered, the modular square operation is performed first, and then the corresponding modular exponent value is obtained from the pre-calculated storage value to perform the modular multiplication operation. The invention is mainly applied to data processing and confidential communication.

Description

改进的滑动窗口模幂计算方法An Improved Calculation Method of Modular Exponentiation with Sliding Window

技术领域technical field

本发明涉及密码学、信息安全领域;主要用于提高公钥密码体系中大数模幂计算的计算效率。具体讲,涉及改进的滑动窗口模幂计算方法。The invention relates to the fields of cryptography and information security; it is mainly used for improving the calculation efficiency of large number modular power calculation in the public key cryptosystem. Specifically, it relates to an improved sliding window modular exponentiation calculation method.

技术背景technical background

公钥密码体制是目前应用非常广泛的一种密码体制。在信息系统安全中,特别是在数字签名、认证和密钥分配与管理中,公钥密码都扮演着必不可少的角色。公钥密码体制的产生源自对称密码中存在的两个问题。第一个是密钥的分配问题,对称密码需要通信双方共享同一个密钥,而且需要一个密钥分配中心,第二个就是数字签名的问题。Diffie和Hellman于1976年提出了一种思想从根本上异于之前的所有密码体制。Public key cryptosystem is a kind of cryptosystem widely used at present. In information system security, especially in digital signature, authentication and key distribution and management, public key cryptography plays an essential role. The emergence of public key cryptography stems from two problems in symmetric cryptography. The first is the distribution of keys. Symmetric cryptography requires both communication parties to share the same key and a key distribution center. The second is the issue of digital signatures. Diffie and Hellman came up with an idea in 1976 that was fundamentally different from all previous cryptosystems.

公钥密码体制属于非对称密码,依赖于一个加密密钥和一个不同的解密密钥。一个完整的公钥密码体制加解密过程大致包含六个要素:公钥、私钥、加密算法、解密算法、明文、密文。Public-key cryptography is an asymmetric cryptography that relies on an encryption key and a different decryption key. A complete public key cryptosystem encryption and decryption process roughly includes six elements: public key, private key, encryption algorithm, decryption algorithm, plaintext, and ciphertext.

在这种密码体制中,所有用户都可以获得其他用户的公钥,而每个用户各自产生并保留私钥,不需同特定用户共享。用户保持私钥的安全性,那么信息的交换都是安全的。用户可以随时更换私钥,只需将更换后伴随产生的公钥分发替换旧的公钥。In this cryptographic system, all users can obtain the public keys of other users, and each user generates and retains a private key without sharing it with a specific user. Users keep their private keys safe, so the exchange of information is safe. Users can change the private key at any time, and only need to distribute the public key generated with the replacement to replace the old public key.

Diffie和Hellman提出的这种新的密码思想使得密码学家们竞相提出了许多算法试图满足公钥密码体制的性质,但是其中的很多算法都是不健全的。1977年,MIT的三位科学家RonRivest、Adi Shamir和Len Adleman提出了以他们三人姓氏首字母命名的算法——RSA算法,并于1978年发表。RSA算法是目前应用最为广泛的公钥密码方案之一,也是第一个能同时用于信息加解密与数字签名的算法。RSA算法的安全性基于这样一个事实——计算两个大质数的乘积十分容易,而将两个大质数的乘积进行因数分解十分困难。也就是说,如果一个大数只包含两个大的质因数,那么对其进行因数分解将十分困难。但由于公钥密码在加解密时所进行的模幂计算运算复杂,速度缓慢,而公钥密码加解密算法的速度主要取决于模幂与模乘算法的效率高低,这就使得模幂算法的计算效率成为了公钥密码体系的瓶颈,因此如何实现快速的模幂算法是密码学界普遍关注的问题。The new cryptographic idea proposed by Diffie and Hellman has led cryptographers to propose many algorithms to satisfy the properties of public key cryptosystem, but many of them are unsound. In 1977, three scientists at MIT, Ron Rivest, Adi Shamir, and Len Adleman, proposed an algorithm named after their initials, the RSA algorithm, and published it in 1978. The RSA algorithm is one of the most widely used public key cryptography schemes at present, and it is also the first algorithm that can be used for both information encryption, decryption and digital signature. The security of the RSA algorithm is based on the fact that it is very easy to calculate the product of two large prime numbers, but it is very difficult to factorize the product of two large prime numbers. That is, if a large number contains only two large prime factors, it will be very difficult to factorize it. However, due to the complexity and slow speed of the modular exponentiation calculation in the encryption and decryption of the public key cryptography, the speed of the encryption and decryption algorithm of the public key cryptography mainly depends on the efficiency of the modular exponentiation and modular multiplication algorithms, which makes the modular exponentiation algorithm Computational efficiency has become the bottleneck of public-key cryptosystems, so how to implement fast modular exponentiation algorithms is a common concern in the field of cryptography.

模幂的研究对象是:假设N、M、e都为k位的二进制大整数,k很大(如k>256)时,快速计算:The research object of modular exponentiation is: assuming that N, M, and e are all k-bit binary integers, and when k is very large (such as k>256), fast calculation:

C=Me mod N   (1)C=M e mod N (1)

式(1)一般都转化为一系列的模乘和模平方计算。如计算M15,可通过序列:Equation (1) is generally transformed into a series of modular multiplication and modular square calculations. If calculating M 15 , you can pass the sequence:

M→M2→M3→M4→M5→…M15 M→ M2M3M4M5 →… M15

计算得到。显然,这种计算方法的效率非常低下,因此,对大整数模幂和模乘算法的加速实现进行研究具有重要的理论意义和实用价值。calculated. Obviously, the efficiency of this calculation method is very low. Therefore, research on the accelerated implementation of large integer modular exponentiation and modular multiplication algorithms has important theoretical significance and practical value.

在实际应用中,RSA算法广泛用于电子邮件的加密解密。电子邮件系统自动为每个用户分配一对密钥对(e1,e2),其中,e1为该用户的公钥,e2为该用户的私钥,之后系统将公钥公布出去,并将私钥妥善保存。当用户B向用户A发送邮件时,通过用户A的公钥e1对邮件明文M进行加密,得到密文C,并将密文C发送出去。由于RSA加密算法的性质,该密文C只有拥有对应私钥的用户A可以解密,从而保证了电子邮件的安全和隐私。In practical applications, the RSA algorithm is widely used in the encryption and decryption of emails. The email system automatically assigns a pair of key pairs (e 1 , e 2 ) to each user, where e 1 is the user’s public key and e 2 is the user’s private key, and then the system publishes the public key. And keep the private key properly. When user B sends an email to user A, the plaintext M of the email is encrypted by user A's public key e 1 to obtain ciphertext C, and the ciphertext C is sent out. Due to the nature of the RSA encryption algorithm, the ciphertext C can only be decrypted by user A who has the corresponding private key, thus ensuring the security and privacy of the email.

具体过程如下:The specific process is as follows:

(1)加密过程:设M为原始邮件内容,e1为用户A的公钥,N为系统统一规定的模数,则用户B通过计算Me1mod N得到的密文C;(1) Encryption process: Let M be the original email content, e1 be the public key of user A, and N be the modulus uniformly stipulated by the system, then user B can obtain the ciphertext C by calculating M e1 mod N;

(2)解密过程:用户A收到密文C后,使用自己的私钥e2,和系统规定的N进行模幂计算:Ce2mod N,得到明文M。(2) Decryption process: After receiving the ciphertext C, user A uses his own private key e 2 to perform modular exponentiation calculation with N specified by the system: C e2 mod N, to obtain plaintext M.

发明内容Contents of the invention

为了克服现有技术的不足,提出一种提高效率的预计算方法,能够有效降低滑动窗口算法的计算复杂度,为此,本发明采取的技术方案是,改进的滑动窗口模幂计算方法,包括如下步骤:首先需要确定一个最大窗口长度d,窗口定义为对数字按位进行划分的分组,每个分组的位数不大于d,然后根据具体策略将指数e划分为零窗口与非零窗口;计算时扫描指数遇到零窗口则进行模平方操作,遇到非零窗口先进行模平方操作,再从预计算存储值中获取相应模幂值进行模乘操作;其中,给出滑动窗口法的窗口划分策略具体为:用ZW表示零窗口,NW表示非零窗口,窗口长度设定为d:In order to overcome the deficiencies of the prior art, a pre-calculation method for improving efficiency is proposed, which can effectively reduce the computational complexity of the sliding window algorithm. For this reason, the technical solution adopted by the present invention is that the improved sliding window modular exponentiation calculation method includes The following steps are as follows: First, a maximum window length d needs to be determined. The window is defined as a group that divides numbers by bits. The number of bits in each group is not greater than d. Then, according to the specific strategy, the index e is divided into zero windows and non-zero windows; When the scanning index encounters a zero window during calculation, the modular square operation is performed, and when a non-zero window is encountered, the modular square operation is performed first, and then the corresponding modular exponent value is obtained from the pre-calculated storage value to perform the modular multiplication operation; among them, the sliding window method is given. The window division strategy is specifically: use ZW to represent a zero window, NW to represent a non-zero window, and set the window length to d:

初始状态S为ZW:The initial state S is ZW:

当S=ZW时,扫描第1位,若是0,归入ZW,S=ZW;若是1,归入新的NW,S=NW;When S=ZW, scan the first bit, if 0, belong to ZW, S=ZW; if 1, belong to new NW, S=NW;

当S=NW时,扫描d-1位,将本NW结束在最后一位非零位设为i位,本次扫描的i+1至d-1位归入ZW,S=ZW。When S=NW, scan d-1 bits, set this NW to end at the last non-zero bit as i bit, the i+1 to d-1 bits of this scan belong to ZW, S=ZW.

所述改进的滑动窗口模幂计算方法进一步细化为:The improved sliding window modular power calculation method is further refined as:

输入:M、e、n、d;Input: M, e, n, d;

输出:C=Me mod n;Output: C = M e mod n;

其中,M代表要发送的消息,用二进制数字表示,e表示指数,n表示模数,d表示滑动窗口的最大长度,C为计算结果,mod代表模运算,即求Me除以n所得的余数;Among them, M represents the message to be sent, expressed in binary numbers, e represents the exponent, n represents the modulus, d represents the maximum length of the sliding window, C is the calculation result, and mod represents the modulo operation, that is, the remainder obtained by dividing Me by n ;

(1)将滑动窗口的最大长度设置为d;(1) Set the maximum length of the sliding window to d;

(2)根据以下策略由左至右划分指数e:(2) Divide the index e from left to right according to the following strategy:

(2.1)初始状态S为零窗口状态用ZW表示,非零窗口状态用NW表示;(2.1) The initial state S is represented by ZW for the zero window state, and NW for the non-zero window state;

(2.2)当S=ZW时,扫描1位,若是0,归入ZW,S=ZW;若是1,归入新的NW,S=NW;(2.2) When S=ZW, scan 1 bit, if 0, belong to ZW, S=ZW; If 1, belong to new NW, S=NW;

(2.3)当S=NW时,向后扫描d-1位,并向前回溯至第一个非零位,设为i,将本次扫描的第1位至第i位(包括i)归入当前的NW,将第i+1至d-1位归入ZW,S=ZW;(2.3) When S=NW, scan d-1 bits backward, and trace back to the first non-zero bit, set it as i, return the 1st bit to the i-th bit (including i) of this scan into the current NW, the i+1 to d-1 bits are classified into ZW, S=ZW;

(2.4)循环(2.2)和(2.3),直到扫描完指数e的所有位,最终得到非零窗口F1,F2,…,Fs,和零窗口Z1,Z2,…,Zk,其中s得到的表示扫描非零窗口的数量,k表示扫描得到的零窗口的数量;(2.4) Loop (2.2) and (2.3) until all bits of the exponent e are scanned, and finally get non-zero windows F 1 , F 2 ,…,F s , and zero windows Z 1 , Z 2 ,…,Z k , where s indicates the number of scanned non-zero windows, and k indicates the number of scanned zero windows;

(3)根据以下策略对非零窗口进行预计算,得出加法链:(3) Precompute the non-zero window according to the following strategy to obtain the addition chain:

(3.1)对F1,F2,…,Fs按升序排列且每个值只记一次,得到序列W0=w01,w02,…,w0i(3.1) Arrange F 1 , F 2 ,...,F s in ascending order and record each value only once, and obtain the sequence W 0 =w 01 ,w 02 ,...,w 0i ;

(3.2)保存a0=w0i,计算t0=w0i-w0i-1(3.2) save a 0 =w 0i , calculate t 0 =w 0i -w 0i-1 ;

若t0已在W0中出现或t0=1,则在W0中删去w0i,得到W1=w01,w02,…,w0i-1If t 0 has appeared in W 0 or t 0 =1, then delete w 0i in W 0 to obtain W 1 =w 01 ,w 02 ,...,w 0i-1 ;

否则在W0中用t0替换w0i,得到W1=w01,w02,…,w0i-1,t0Otherwise, replace w 0i with t 0 in W 0 to get W 1 =w 01 ,w 02 ,...,w 0i-1 ,t 0 ;

(3.3)以上一步中得到的Wi-1序列为输入,重复(3.1)-(3.2)步骤,直至Wi中只剩下一个元素wi1(3.3) The W i-1 sequence obtained in the previous step is used as input, and steps (3.1)-(3.2) are repeated until only one element w i1 remains in W i ;

(3.4)用任何一种计算可行的方法求出wi1的一条加法链,得到ai,ai+1,…,as(3.4) Use any computationally feasible method to find an addition chain of w i1 to get a i , a i+1 ,..., a s ;

(3.5)对A=a0,a1,…,as按升序排列;(3.5) Arrange A=a 0 , a 1 ,..., a s in ascending order;

(4)使用加法链A=a0,a1,…,as,计算MFi的值,其中Fi为非零窗口,i=1,2,…,s;(4) Use the addition chain A=a 0 ,a 1 , ... ,as to calculate the value of M Fi , where F i is a non-zero window, i=1,2,...,s;

(5)初始C=MF1,i从2到s做循环:(5) Initial C=M F1 , i loops from 2 to s:

(5.1)C=(C*MFi)mod n;(5.1) C = (C*M Fi ) mod n;

(6)对零窗口Z1,Z2,…,Zk,i从1到k做循环:(6) For zero windows Z 1 , Z 2 ,…, Z k , loop i from 1 to k:

(6.1)C=CEi mod n,这里Ei=2Li,Li为窗口Fi的长度;(6.1) C=C Ei mod n, where E i =2 Li , Li is the length of the window F i ;

(7)输出密文C。(7) Output ciphertext C.

随着指数长度的增加,滑动窗口的长度也应当相应增加以获得更好地计算效率;当指数长度为3时,滑动窗口的长度应为4位,而指数长度增加到1024时,滑动窗口长度选择为6为,指数长度为4096时,滑动窗口长度为7。As the length of the index increases, the length of the sliding window should also increase accordingly to obtain better computational efficiency; when the length of the index is 3, the length of the sliding window should be 4 bits, and when the length of the index increases to 1024, the length of the sliding window 6 is selected, and when the index length is 4096, the sliding window length is 7.

与已有技术相比,本发明的技术特点与效果:Compared with prior art, technical characteristic and effect of the present invention:

本发明在传统滑动窗口法的基础上,通过窗口选择策略,以及预计算的改进,实现了高效率的模幂计算,可有效提高大数模幂计算运行时的效率。Based on the traditional sliding window method, the present invention realizes high-efficiency modular exponentiation calculation through window selection strategy and pre-calculation improvement, and can effectively improve the operating efficiency of large-number modular exponentiation calculation.

附图说明Description of drawings

图1左右两个流程图分别为使用本发明方法进行公钥加密和解密的过程,其中左图为加密过程,右图为解密过程。图中箭头旁边的字符表示上一个流程的输出以及下一个流程的输入。The two flowcharts on the left and right of Fig. 1 are respectively the process of using the method of the present invention to perform public key encryption and decryption, wherein the left figure is the encryption process, and the right figure is the decryption process. The characters next to the arrows in the figure indicate the output of the previous process and the input of the next process.

具体实施方式Detailed ways

滑动窗口法首先需要确定一个最大窗口长度d,然后根据具体策略将指数e划分为零窗口与非零窗口Fi。滑动窗口法根据不同的策略将指数划分为长度不等的零窗口与非零窗口Fi,计算时扫描指数遇到零窗口则进行模平方操作,遇到非零窗口先进行模平方操作,再从预计算存储值中获取相应模幂值进行模乘操作。The sliding window method first needs to determine a maximum window length d, and then divides the index e into a zero window and a non-zero window F i according to a specific strategy. The sliding window method divides the index into zero windows and non-zero windows F i with different lengths according to different strategies. During calculation, when the scanning index encounters a zero window, the modular square operation is performed. When a non-zero window is encountered, the modular square operation is performed first, and then Obtain the corresponding modular power value from the pre-calculated storage value to perform the modular multiplication operation.

首先,给出滑动窗口法的窗口划分策略,用ZW表示零窗口,NW表示非零窗口,窗口长度设定为d:First, the window division strategy of the sliding window method is given, ZW is used to represent the zero window, NW is used to represent the non-zero window, and the window length is set to d:

策略滑动窗口法:Strategy sliding window method:

初始状态S为ZW:The initial state S is ZW:

当S=ZW时,扫描1位,若是0,归入ZW,S=ZW;若是1,归入新的NW,S=NW。When S=ZW, scan 1 bit, if 0, classify into ZW, S=ZW; if 1, classify into new NW, S=NW.

当S=NW时,向后扫描d-1位,并向前回溯至第一个非零位,设为i,将本次扫描的第1位至第i位(包括i)归入当前的NW,将第i+1至d-1位归入新ZW,S=ZW;When S=NW, scan d-1 bits backward, and trace back to the first non-zero bit, set it as i, and classify the 1st bit to the i-th bit (including i) of this scan into the current NW, put i+1 to d-1 into the new ZW, S=ZW;

循环执行上述步骤,直到扫描完指数e的所有位,最终得到窗口F1,F2,…,FsPerform the above steps in a loop until all bits of the exponent e are scanned, and finally obtain the window F 1 , F 2 ,...,F s ;

例1:利用该策略,由左至右扫描划分e=(111010100100101),令窗口长度d=4,则划分如下:Example 1: Utilize this strategy, scan and divide e=(111010100100101) from left to right, make the window length d=4, then divide as follows:

e=111 0 101 00 1001 0 1。e=111 0 101 00 1001 0 1.

结合该策略,滑动窗口法的算法表述如下:Combined with this strategy, the algorithm of the sliding window method is expressed as follows:

其次,是预计算的改进。在算法1中,预计算为第(1)步,计算Mw mod n,w=3,5,…,2d-1,其计算复杂度为2d-1。然而,对于任意给定位数的指数确定其最优窗口大小,通常需要采集大规模样本,即传统的暴力搜索法;或在一定范围内逐一测试。两者都相当耗费资源。另一方面,当窗口大小d选择过大时,预计算量呈指数型增长,预计算结果很可能没有被充分利用,造成资源浪费。本发明给出一种利用加法序列思想进行预计算的方法,使得预计算的结果能得到充分利用。其主要思想是将非零窗口F1,F2,…,Fs中重复的值去掉,从而将问题转化为求非零窗口值的一个加法序列,也就是说求一条通过所有给定值的加法链。若序列S=(a0,a1,…,as)满足以下性质,则称S为e(e=as)的一条加法链:Second, is the improvement of precomputation. In Algorithm 1, the precomputation is step (1), and M w mod n is calculated, w=3,5,...,2 d -1, and its computational complexity is 2 d-1 . However, to determine the optimal window size for any index with a given number of digits, it is usually necessary to collect large-scale samples, that is, the traditional brute force search method; or to test one by one within a certain range. Both are quite resource intensive. On the other hand, when the window size d is too large, the amount of pre-computation increases exponentially, and the pre-computation results may not be fully utilized, resulting in waste of resources. The invention provides a pre-computing method using the addition sequence idea, so that the pre-calculated results can be fully utilized. Its main idea is to remove the repeated values in the non-zero windows F 1 , F 2 ,...,F s , so as to transform the problem into an additive sequence of non-zero window values, that is to say, to find a sequence that passes through all given values. Addition chain. If the sequence S=(a 0 ,a 1 ,…,as ) satisfies the following properties, then S is called an addition chain of e(e=a s ):

(1)S为单调递增序列;(1) S is a monotonically increasing sequence;

(2)a0=1,as=e;(2) a 0 =1, a s =e;

(3)ai=aj+ak,0≤j≤k<i≤s。(3) a i =a j +a k , 0≤j≤k<i≤s.

该算法表述如下:The algorithm is expressed as follows:

算法2求出的A即是一条包含所有非零窗口值的加法链。之后根据A依次计算出Mai,i=0,1,…,s,即可得到所有预计算所需的模幂值。The A calculated by Algorithm 2 is an addition chain including all non-zero window values. Afterwards, M ai is sequentially calculated according to A, i=0, 1, .

例2:选择窗口长度d=6,输入F1,…,Fs=19,7,21,61,35,7,35,47,35,55。Example 2: Select window length d=6, input F 1 ,...,F s =19,7,21,61,35,7,35,47,35,55.

(1)对F1,F2,…,Fi序列按升序排列,重复的值只记一次,得到W0=7,19,21,35,47,55,61;(1) Arrange the F 1 , F 2 ,..., F i sequences in ascending order, and record the repeated value only once, and get W 0 =7, 19, 21, 35, 47, 55, 61;

(2)a0=61,t0=61-55=6;(2) a 0 =61, t 0 =61-55=6;

(3)用6替换61,并按升序排列得到W1=6,7,19,21,35,47,55;(3) replace 61 with 6, and arrange in ascending order to obtain W 1 =6,7,19,21,35,47,55;

(4)重复(1)-(3)步骤:(4) Repeat (1)-(3) steps:

第1次循环后:After the 1st loop:

W1=6,7,19,21,35,47,55,A=61;W 1 =6,7,19,21,35,47,55, A=61;

第2次循环后:After the 2nd loop:

W2=6,7,8,19,21,35,47,A=61,55;W 2 =6,7,8,19,21,35,47, A=61,55;

第3次循环后:After the 3rd loop:

W3=6,7,8,12,19,21,35,A=61,55,47;W 3 =6,7,8,12,19,21,35, A=61,55,47;

第13次循环后:After the 13th loop:

W13=2,A=61,55,47,35,21,19,14,12,8,7,6,5,4;W 13 = 2, A = 61, 55, 47, 35, 21, 19, 14, 12, 8, 7, 6, 5, 4;

(5)最后的一条加法链为1,2,添加到A;(5) The last addition chain is 1, 2, added to A;

(6)按升序排列得到:(6) Arranged in ascending order to get:

A=1,2,4,5,6,7,8,12,14,19,21,35,47,55,61;A=1,2,4,5,6,7,8,12,14,19,21,35,47,55,61;

(7)返回A。(7) Return to A.

根据加法链A计算所有非零窗口值共需14次计算,而传统方法则需要计算出全部值,共26-1=32次计算。A total of 14 calculations are required to calculate all non-zero window values according to the addition chain A, while the traditional method needs to calculate all the values, a total of 2 6 −1 =32 calculations.

下面通过实验来分析该方法的效果,选取512位、1024位、2048位、4096位4种长度的指数进行对比,选取较短的3位、6位、7位、8位及较长的12位7种窗口长度。对每个单元随机产生1000000个数进行划分获得其各种实际复杂度,利用公式编程计算获得各种理论复杂度。实验数据如表1、表2。Let’s analyze the effect of this method through experiments, select 512-bit, 1024-bit, 2048-bit, and 4096-bit indices for comparison, and select shorter 3-bit, 6-bit, 7-bit, 8-bit and longer 12-bit There are 7 window lengths. The 1,000,000 randomly generated numbers for each unit are divided to obtain various actual complexities, and the formula programming calculation is used to obtain various theoretical complexities. The experimental data are shown in Table 1 and Table 2.

表1中,BC表示二进制法复杂度,WLEN表示最左窗口长度,NWIN表示非零窗口数,OPRE表示传统滑动窗口法预计算复杂度,OC表示传统滑动窗口法总复杂度,APRE表示改进方法的预计算复杂度,AC表示改进方法的总复杂度。In Table 1, BC represents the complexity of the binary method, WLEN represents the length of the leftmost window, NWIN represents the number of non-zero windows, OPRE represents the precomputation complexity of the traditional sliding window method, OC represents the total complexity of the traditional sliding window method, and APRE represents the improved method The precomputational complexity of , AC represents the total complexity of the improved method.

表1改进方法与传统滑动窗口法对比Table 1 Comparison between the improved method and the traditional sliding window method

表2预计算量改进百分比Table 2 Pre-computation improvement percentage

位长\dbit length\d 33 66 77 88 1212 512512 0.00%0.00% 5.83%5.83% 30.58%30.58% 57.53%57.53% 96.09%96.09% 10241024 0.00%0.00% 0.13%0.13% 10.53%10.53% 37.04%37.04% 93.92%93.92% 20482048 0.00%0.00% 0.00%0.00% 0.65%0.65% 14.78%14.78% 90.54%90.54% 40964096 0.00%0.00% 0.00%0.00% 0.00%0.00% 1.98%1.98% 84.25%84.25%

实验表明,当选择的窗口长度小于最优窗口长度时,改进方法效率同传统滑动窗口法效率相当;当选择的窗口长度大于最优窗口长度时,可以看出改进方法复杂度的增长较为平缓,而传统滑动窗口法复杂度呈指数型增长。也就是说,在最优窗口长度未知的情况下,应用改进方法不必担心因窗口选择过大而引起的复杂度暴涨。Experiments show that when the selected window length is smaller than the optimal window length, the efficiency of the improved method is equivalent to that of the traditional sliding window method; when the selected window length is greater than the optimal window length, it can be seen that the complexity of the improved method increases relatively slowly. However, the complexity of the traditional sliding window method increases exponentially. That is to say, when the optimal window length is unknown, the application of the improved method does not need to worry about the complexity skyrocketing caused by too large window selection.

因此,本发明在传统滑动窗口法的基础上,通过窗口选择策略,以及预计算的改进,实现了高效率的模幂计算,可有效提高大数模幂计算运行时的效率。Therefore, on the basis of the traditional sliding window method, the present invention realizes high-efficiency modular exponentiation calculation through the window selection strategy and the improvement of pre-computation, which can effectively improve the efficiency of large-number modular exponentiation calculation at runtime.

1.窗口长度的选择1. Selection of window length

实验选取128位、256位、512位、1024位、2048位、4096位6种长度的指数进行对比,选取3~8位6种窗口长度。对每个单元随机产生1000000个数进行划分获得实际计算复杂度,实验结果如下表。In the experiment, exponents of 6 lengths of 128 bits, 256 bits, 512 bits, 1024 bits, 2048 bits, and 4096 bits were selected for comparison, and six window lengths of 3 to 8 bits were selected. Randomly generate 1,000,000 numbers for each unit and divide them to obtain the actual computational complexity. The experimental results are shown in the table below.

表3滑动窗口法的实际复杂度Table 3 The actual complexity of the sliding window method

d\位长d\ bit length 128128 256256 512512 10241024 20482048 40964096 33 161.19161.19 321.19321.19 641.18641.18 1281.181281.18 2561.172561.17 5121.155121.15 44 157.92157.92 311.51311.51 618.71618.71 1233.111233.11 2461.902461.90 4919.504919.50 55 160.72160.72 310.05310.05 608.72608.72 1206.051206.05 2400.722400.72 4790.064790.06 66 172.70172.70 318.99318.99 611.56611.56 1196.701196.70 2366.972366.97 4707.524707.52 77 201.44201.44 345.44345.44 633.44633.44 1209.441209.44 2361.442361.44 4665.474665.47 88 262.67262.67 404.90404.90 689.33689.33 1258.241258.24 2395.972395.97 4671.534671.53

由上表可见,随着指数长度的增加,滑动窗口的长度也应当相应增加以获得更好地计算效率。比如当指数长度为3时,滑动窗口的长度应为4位,而指数长度增加到1024时,滑动窗口长度选择为6为,指数长度为4096时,滑动窗口长度为7效果最好。It can be seen from the above table that as the length of the index increases, the length of the sliding window should also increase accordingly to obtain better computational efficiency. For example, when the exponent length is 3, the length of the sliding window should be 4 bits, and when the exponent length increases to 1024, the sliding window length is selected as 6, and when the exponent length is 4096, the sliding window length of 7 works best.

2.实施的算法2. Implemented algorithm

Claims (3)

1.一种改进的滑动窗口模幂计算方法,其特征是,包括如下步骤:首先需要确定一个最大窗口长度d,然后根据具体策略将指数e划分为零窗口序列Z1,…,Zi与非零窗口序列F1,…,Fi;计算时扫描指数遇到零窗口则进行模平方操作,遇到非零窗口先进行模平方操作,再从预计算存储值中获取相应模幂值进行模乘操作;其中,给出滑动窗口法的窗口划分策略具体为:用ZW表示零窗口,NW表示非零窗口,窗口长度设定为d:1. An improved sliding window modular exponentiation calculation method is characterized in that it comprises the following steps: at first it is necessary to determine a maximum window length d, and then according to a specific strategy, the index e is divided into zero window sequences Z 1 ,..., Z i and Non-zero window sequence F 1 ,...,F i ; when the scanning index encounters a zero window during calculation, the modular square operation is performed, and when a non-zero window is encountered, the modular square operation is performed first, and then the corresponding modular exponent value is obtained from the pre-calculated storage value. Modular multiplication operation; wherein, the window division strategy of the sliding window method is given as follows: use ZW to represent a zero window, NW to represent a non-zero window, and the window length is set to d: 初始状态S为ZW:The initial state S is ZW: 当S=ZW时,扫描第1位,若是0,归入ZW,S=ZW;若是1,归入新的NW,S=NW;When S=ZW, scan the first bit, if 0, belong to ZW, S=ZW; if 1, belong to new NW, S=NW; 当S=NW时,扫描d-1位,将本NW结束在最后一位非零位设为i位,本次扫描的i+1至d-1位归入ZW,S=ZW。When S=NW, scan d-1 bits, set this NW to end at the last non-zero bit as i bit, the i+1 to d-1 bits of this scan belong to ZW, S=ZW. 2.如权利要求1所述的改进的滑动窗口模幂计算方法,其特征是,所述改进的滑动窗口模幂计算方法进一步细化为:2. the improved sliding window modular power calculation method as claimed in claim 1, is characterized in that, described improved sliding window modular power calculation method is further refined as: 输入:M、e、n、d;Input: M, e, n, d; 输出:C=Me mod n;Output: C = M e mod n; 其中,M代表要发送的消息,用二进制数字表示,e表示指数,n表示模数,d表示滑动窗口的最大长度,C为计算结果,mod代表模运算,即求Me除以n所得的余数;Among them, M represents the message to be sent, expressed in binary numbers, e represents the exponent, n represents the modulus, d represents the maximum length of the sliding window, C is the calculation result, mod represents the modulus operation, that is, the result obtained by dividing M e by n remainder; (1)将滑动窗口的最大长度设置为d;(1) Set the maximum length of the sliding window to d; (2)根据以下策略由左至右划分指数e:(2) Divide the index e from left to right according to the following strategy: (2.1)初始状态S为零窗口状态用ZW表示,非零窗口状态用NW表示;(2.1) The initial state S is represented by ZW for the zero window state, and NW for the non-zero window state; (2.2)当S=ZW时,扫描1位,若是0,归入ZW,S=ZW;若是1,归入新的NW,S=NW;(2.2) When S=ZW, scan 1 bit, if 0, belong to ZW, S=ZW; If 1, belong to new NW, S=NW; (2.3)当S=NW时,向后扫描d-1位,并向前回溯至第一个非零位,设为i,将本次扫描的第1位至第i位(包括i)归入当前的NW,将第i+1至d-1位归入ZW,S=ZW;(2.3) When S=NW, scan d-1 bits backward, and trace back to the first non-zero bit, set it as i, return the 1st bit to the i-th bit (including i) of this scan into the current NW, the i+1 to d-1 bits are classified into ZW, S=ZW; (2.4)循环(2.2)和(2.3),直到扫描完指数e的所有位,最终得到非零窗口F1,F2,…,Fs,和零窗口Z1,Z2,…,Zk,其中s得到的表示扫描非零窗口的数量,k表示扫描得到的零窗口的数量;(2.4) Loop (2.2) and (2.3) until all bits of the exponent e are scanned, and finally get non-zero windows F 1 , F 2 ,…,F s , and zero windows Z 1 , Z 2 ,…,Z k , where s indicates the number of scanned non-zero windows, and k indicates the number of scanned zero windows; (3)根据以下策略对非零窗口进行预计算,得出加法链:(3) Precompute the non-zero window according to the following strategy to obtain the addition chain: (3.1)对F1,F2,…,Fs按升序排列且每个值只记一次,得到序列W0=w01,w02,…,w0i(3.1) Arrange F 1 , F 2 ,...,F s in ascending order and record each value only once, and obtain the sequence W 0 =w 01 ,w 02 ,...,w 0i ; (3.2)保存a0=w0i,计算t0=w0i-w0i-1(3.2) save a 0 =w 0i , calculate t 0 =w 0i -w 0i-1 ; 若t0已在W0中出现或t0=1,则在W0中删去w0i,得到W1=w01,w02,…,w0i-1If t 0 has appeared in W 0 or t 0 =1, then delete w 0i in W 0 to obtain W 1 =w 01 ,w 02 ,...,w 0i-1 ; 否则在W0中用t0替换w0i,得到W1=w01,w02,…,w0i-1,t0Otherwise, replace w 0i with t 0 in W 0 to get W 1 =w 01 ,w 02 ,...,w 0i-1 ,t 0 ; (3.3)以上一步中得到的Wi-1序列为输入,重复(3.1)-(3.2)步骤,直至Wi中只剩下一个元素Wi1(3.3) The W i-1 sequence obtained in the previous step is used as input, and steps (3.1)-(3.2) are repeated until only one element W i1 remains in W i ; (3.4)用任何一种计算可行的方法求出wi1的一条加法链,得到ai,ai+1,…,as(3.4) Use any computationally feasible method to find an addition chain of w i1 to get a i , a i+1 ,..., a s ; (3.5)对A=a0,a1,…,as按升序排列;(3.5) Arrange A=a 0 , a 1 ,..., a s in ascending order; (4)使用加法链A=a0,a1,…,as,计算MFi的值,其中Fi为非零窗口,i=1,2,…,s;(4) Use the addition chain A=a 0 ,a 1 , ... ,as to calculate the value of M Fi , where F i is a non-zero window, i=1,2,...,s; (5)初始C=MF1,i从2到s做循环:(5) Initial C=M F1 , i loops from 2 to s: (5.1)C=(C*MFi)mod n;(5.1) C = (C*M Fi ) mod n; (6)对零窗口Z1,Z2,…,Zk,i从1到k做循环:(6) For zero windows Z 1 , Z 2 ,…, Z k , loop i from 1 to k: (6.1)C=CEi mod n,这里Ei=2Li,Li为窗口Fi的长度;(6.1) C=C Ei mod n, where E i =2 Li , Li is the length of the window F i ; (7)输出密文C。(7) Output ciphertext C. 3.如权利要求2所述的改进的滑动窗口模幂计算方法,其特征是,随着指数长度的增加,滑动窗口的长度也应当相应增加以获得更好地计算效率;当指数长度为3时,滑动窗口的长度应为4位,而指数长度增加到1024时,滑动窗口长度选择为6为,指数长度为4096时,滑动窗口长度为7。3. the improved sliding window modular exponent calculation method as claimed in claim 2, is characterized in that, along with the increase of exponent length, the length of sliding window also should correspondingly increase to obtain better computational efficiency; When exponent length is 3 , the length of the sliding window should be 4 bits, and when the length of the index increases to 1024, the length of the sliding window is selected as 6, and when the length of the index is 4096, the length of the sliding window is 7.
CN201410726861.8A 2014-12-03 2014-12-03 Improved sliding window modular exponentiation computing method Pending CN104468100A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201410726861.8A CN104468100A (en) 2014-12-03 2014-12-03 Improved sliding window modular exponentiation computing method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201410726861.8A CN104468100A (en) 2014-12-03 2014-12-03 Improved sliding window modular exponentiation computing method

Publications (1)

Publication Number Publication Date
CN104468100A true CN104468100A (en) 2015-03-25

Family

ID=52913534

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410726861.8A Pending CN104468100A (en) 2014-12-03 2014-12-03 Improved sliding window modular exponentiation computing method

Country Status (1)

Country Link
CN (1) CN104468100A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107040370A (en) * 2015-11-04 2017-08-11 恩智浦有限公司 Use the Montgomery Algorithm of random addition chain
CN108055126A (en) * 2017-12-11 2018-05-18 哈尔滨理工大学 The method of anti-power consumption attack based on random addition chain
CN113627202A (en) * 2021-07-21 2021-11-09 大唐互联科技(武汉)有限公司 System for binding production data and products through code scanning

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1547111A (en) * 2003-12-01 2004-11-17 成都卫士通信息产业股份有限公司 Partition control method for exponent dynamic sliding window for modular power arithmetic
CN101436932A (en) * 2008-12-18 2009-05-20 天津大学 Module power computation method capable of resisting simple current drain aggression
CN103197913A (en) * 2012-01-09 2013-07-10 上海华虹集成电路有限责任公司 Method for calculating modular exponentiation

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1547111A (en) * 2003-12-01 2004-11-17 成都卫士通信息产业股份有限公司 Partition control method for exponent dynamic sliding window for modular power arithmetic
CN101436932A (en) * 2008-12-18 2009-05-20 天津大学 Module power computation method capable of resisting simple current drain aggression
CN103197913A (en) * 2012-01-09 2013-07-10 上海华虹集成电路有限责任公司 Method for calculating modular exponentiation

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
屈晓等: ""模幂滑动窗口法分析及加法链在预计算中的应用"", 《计算机工程》 *

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107040370A (en) * 2015-11-04 2017-08-11 恩智浦有限公司 Use the Montgomery Algorithm of random addition chain
CN107040370B (en) * 2015-11-04 2021-07-27 恩智浦有限公司 Apparatus for generating code implementing modular exponentiation
CN108055126A (en) * 2017-12-11 2018-05-18 哈尔滨理工大学 The method of anti-power consumption attack based on random addition chain
CN113627202A (en) * 2021-07-21 2021-11-09 大唐互联科技(武汉)有限公司 System for binding production data and products through code scanning
CN113627202B (en) * 2021-07-21 2024-03-29 大唐互联科技(武汉)有限公司 System for binding production data with product through code scanning

Similar Documents

Publication Publication Date Title
Panda et al. A hybrid security algorithm for RSA cryptosystem
Ambedkar et al. An efficient method to factorize the RSA public key encryption
CN110545179A (en) R-LWE-based NTRU encryption method and security proving method thereof
Hu et al. Enhanced flexibility for homomorphic encryption schemes via CRT
KR20110136787A (en) Coding Points on Elliptic Curves
Vidhya et al. Hybrid key generation for RSA and ECC
CN104468100A (en) Improved sliding window modular exponentiation computing method
Lu et al. Factoring multi-power RSA modulus N= prq with partial known bits
Raghunandan et al. Key generation and security analysis of text cryptography using cubic power of Pell's equation
Arora Enhancing cryptographic security using novel approach based on enhanced-RSA and Elamal: Analysis and comparison
CN114465728B (en) Method, device, equipment and storage medium for attacking elliptic curve signature algorithm
Barman et al. An efficient hybrid elliptic curve cryptography system with DNA encoding
CN102246456A (en) Systems and methods for combating side-channel attacks on cyclic group-based encryption
CN117938439A (en) A fast and secure outsourcing computing method for cloud computing data security
Raghunandan et al. Enhanced RSA algorithm using fake modulus and fake public key exponent
JP2005055488A (en) Scalar multiplication calculation method, apparatus and program for elliptic curve cryptography
Musa et al. Hybrid Cloud Storage Techniques Using Rsa And Ecc
KR101548174B1 (en) Method for calculating negative inverse of modulus
Assoujaa et al. Pairing based cryptography New random point exchange key protocol
Vambol The prospects for group-based knapsack ciphers in the post-quantum era
Somsuk The alternative Method to Finish Modular Exponentiation and Point Multiplication Processes.
Irawadi Discrete Logarithmic Improvement for ElGamal Cryptosystem Using Matrix Concepts
Ariffin et al. AA β public key cryptosystem-A comparative analysis against RSA and ECC
Ganpati et al. A Survey of Different Public-Key Cryptosystems
Somsuk A new modified integer factorization algorithm using integer modulo 20's technique

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
WD01 Invention patent application deemed withdrawn after publication
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20150325