Modulo operation method with variable bit width and modulo operation circuit
阅读说明:本技术 一种位宽可变的求模运算方法及求模运算电路 (Modulo operation method with variable bit width and modulo operation circuit ) 是由 杨晨 刘依维 杨泽鹏 苏阳 于 2021-07-23 设计创作,主要内容包括:本发明一种位宽可变的求模运算方法及求模运算电路,先对模数左移,用左移的结果和模数结合被操作数的位宽,按由大到小的顺序形成N+1个区间,左移一位,用被操作数减去第1个区间的最小值,判断所得结果与该值的大小,结果大于时,用该结果替换被操作数继续作减去操作,直到所得结果小于为止,然后进行下一个区间操作,若一开始就小于,则直接进入下一个区间,重复上述操作直到进入最后一个区间,再作减去和比较操作,完成求模运算,左移两位或以上时,对被操作数所在的区间进行判断,然后将被操作数跳转到对应区间,按照之前过程直接进行之后区间的减去和比较操作;相应的电路需配置若干个移位器、寄存器、减法器和选择器。(The invention relates to a modular arithmetic method with variable bit width and a modular arithmetic circuit, firstly, a modulus is shifted to the left, the result of the left shift and the modulus are combined with the bit width of an operated number to form N +1 intervals in the descending order, the interval is shifted to the left by one bit, the minimum value of the 1 st interval is subtracted from the operated number to judge the size of the obtained result and the value, when the result is larger than the value, the replacement of the operand with the result continues with the subtraction operation, until the result is less, then, the next interval operation is carried out, if the operation is smaller than the first interval, the next interval is directly entered, the operation is repeated until the last interval is entered, then the subtraction and comparison operation is carried out, the modulo operation is completed, when the operation is shifted to the left by two or more bits, judging the interval where the operated number is located, then jumping the operated number to the corresponding interval, and directly carrying out subtraction and comparison operation of the subsequent interval according to the previous process; the corresponding circuit needs to be provided with a plurality of shifters, registers, subtractors and selectors.)
1. A modular arithmetic method with variable bit width is characterized by comprising the following steps:
step 1, performing left shift operation on the modulus to obtain N left shift results, combining the left shift results and the modulus with the bit width of the operated number to form N +1 intervals in descending order, and marking the minimum value of the ith interval as MiI ═ 1,2,3 … n, or n + 1;
step 2, when the modulus is shifted to the left by one bit, the step 2a is carried out, when the modulus is shifted to the left by two or more bits, the interval where the operated number is located is judged, then the operated number is jumped to the corresponding interval, and the operated number is jumped to the corresponding interval according to the M of the interval where the operated number is locatediM occurring in the step after bondingiJumping to the corresponding step later;
step 2a, subtracting M from the operated number1The results obtained are compared with M1Comparing;
step 2b, if the result is less than M1If yes, go to step 3, if the result is greater than M1Then the method continues with step 2a until the result is less than M1Then, step 3 is carried out;
step 3, replacing the operated number with the result obtained in the step 2, and adding M1Is replaced by M2Step 2a and step 2b will be continued,then, carrying out step 4;
step 4, replacing the operated number with the result obtained in the step 3, and adding M1Is replaced by M3Step 2a and step 2b will continue, followed by step 5;
step 5, continuously subtracting and comparing the result obtained in step 4 according to the repeated process described in step 3 and step 4 until M is completedn+1And (4) subtracting and comparing, outputting an operation result, and finishing the modular operation.
2. The modulo operation method according to claim 1, wherein the bit width of the operand in step 1 is 2 times the bit width of the modulus.
3. The modulo operation method according to claim 1, wherein the modulus has a bit width of 10 bits or 15 bits.
4. The modulo operation method of claim 1, wherein the number of bits left shifted by the modulus in step 1 is divisible by the number of bits wide of the modulus.
5. The modulo operation method according to claim 1, wherein when n ≧ 2, starting from step 2, in the case of the largest operand, 2 is requiredn1 comparison operation described in step 2 and 2n1 subtraction operation described in step 2.
6. A modular arithmetic circuit with variable bit width is characterized by comprising a plurality of shifters, a plurality of registers, a plurality of subtractors and a plurality of selectors, wherein:
the shifters are used for performing left shift operation on the modulus respectively to obtain N left shift results;
the 1 st level register in the plurality of registers is used for caching N left-shifted results obtained by the operand and the plurality of shifters, and the rest registers in the plurality of registers are respectively a2 nd level register, a 3 rd level register, …, an Nth level register and an N +1 th level register;
the plurality of subtractors comprise a 1 st-level subtracter, a2 nd-level subtracter, …, an Nth-level subtracter and an N +1 th-level subtracter, and the plurality of selectors comprise a 1 st-level selector, a2 nd-level selector, …, an Nth-level selector and an N +1 th-level selector;
the first output end of the 1 st-level register is respectively connected with the input ends of the 2 nd-level register, the 3 rd-level register, …, the Nth-level register and the N +1 th-level register, the second output end of the 1 st-level register is connected with the input end of the 1 st-level selector, the third output end and the fourth output end of the 1 st-level register are both connected with the input end of the 1 st-level subtracter, the output end of the 1 st-level subtracter is connected with the input end of the 1 st-level selector, the output end of the 1 st-level selector is connected with the input end of the 2 nd-level register, and the 1 st-level register, the 1 st-level subtracter and the 1 st-level selector form a 1 st-level operation unit;
the ith-level register, the ith-level subtracter and the ith-level selector form an ith-level operation unit according to the connection mode of the 1 st-level register, the 1 st-level subtracter and the 1 st-level selector, i is respectively 2,3 … N and N +1, the output end of the ith-level selector is connected with the input end of the (i + 1) th-level register, and i is respectively 2,3 … and N;
when the modulus is shifted to the left by two or more bits, the 1 st level register is also provided with a fifth output end and a sixth output end, and the selectors also comprise primary selectors; the 1 st stage register inputs the operated number to the primary selector through a fifth output terminal, and inputs the N left-shifted results to the primary selector through a sixth output terminal, and the primary selector controls the 2 nd stage register, the 3 rd stage register, …, the N th stage register and the N +1 th stage register through a plurality of enable signals, respectively.
7. The modulo arithmetic circuit of claim 6, wherein the stage 1 register is configured to input the operand to the stage 1 subtractor through a third output and to input the first left-shifted result by one bit to the stage 1 subtractor through a fourth output.
8. The modulo arithmetic circuit of claim 6, wherein when the modulus is shifted left by two or more bits, another output terminal of the ith stage subtractor is connected between the ith stage register and the ith stage subtractor, i ═ 1,2,3 … N, and N + 1.
Technical Field
The invention relates to the technical field of digital circuits, in particular to a modular arithmetic method with variable bit width and a modular arithmetic circuit.
Background
With the rapid development of information science and technology, information networks have been widely used. And the cryptographic technology is the core of information security and is the foundation of network space security. Cryptography is the technique of encrypting, analyzing, identifying and validating information and managing keys. The development and application fields of cryptographic techniques are constantly evolving. Currently, a new generation of cryptographic technology standard being established by the National Institute of Standards and Technology (NIST) is the standard for post-quantum cryptography. The post-quantum cryptography is a new generation cryptographic algorithm that can resist quantum computer attacks on existing cryptographic algorithms. Through three rounds of screening, six out seven cryptographic algorithms need to use a modular arithmetic unit. Meanwhile, the modular operation is not only an operation-intensive operator of the cryptographic algorithms, but also the security guarantee of the cryptographic algorithms.
With the continuous development of cryptographic algorithms, the complexity of their logic operations is continuously increased, the data amount of operations is continuously increased, and CPUs are gradually unable to meet the requirements of cryptographic algorithms on the operation speed, and the current development direction tends to accelerate the data operations through external chips. In the hardware implementation of the cryptographic algorithm, the common implementation means are fpga (field Programmable Gate array), asic (application specific integrated circuit), and soc (system On chip). The FPGA is used as a semi-custom circuit, which not only solves the defects of the custom circuit, but also overcomes the defect that the number of gate circuits of the original programmable device is limited, but also has the defect of the limitation of resources on equipment.
The current common modulo algorithm is the following two types: barrett's algorithm and montgomery's algorithm. The hardware implementation of these two algorithms can be accelerated for different types of modulo arithmetic, but they have the disadvantage of consuming precious DSP resources on the FPGA, which conflicts with the use of the DSP by the main logic arithmetic unit.
Disclosure of Invention
Aiming at the problems in the prior art, the invention provides a modular operation method with variable bit width and a modular operation circuit, which avoid using DSP resources and have better flexibility.
The invention is realized by the following technical scheme:
a modular arithmetic method with variable bit width comprises the following steps:
step 1, performing left shift operation on the modulus to obtain N left shift results, combining the left shift results and the modulus with the bit width of the operated number to form N +1 intervals in descending order, and marking the minimum value of the ith interval as MiI ═ 1,2,3 … n, or n + 1;
step 2, when the modulus is shifted to the left by one bit, the step 2a is carried out, when the modulus is shifted to the left by two or more bits, the interval where the operated number is located is judged, then the operated number is jumped to the corresponding interval, and the operated number is jumped to the corresponding interval according to the M of the interval where the operated number is locatediM occurring in the step after bondingiJumping to the corresponding step later;
step 2a, subtracting M from the operated number1The results obtained are compared with M1Comparing;
step 2b, if the result is less than M1If yes, go to step 3, if the result is greater than M1Then the method continues with step 2a until the result is less than M1Then, step 3 is carried out;
step 3, replacing the operated number with the result obtained in the step 2, and adding M1Is replaced by M2Step 2a and step 2b will continue, followed by step 4;
step 4, replacing the operated number with the result obtained in the step 3, and adding M1Is replaced by M3Step 2a and step 2b will continue, followed by step 5;
step 5, continuously subtracting and comparing the result obtained in step 4 according to the repeated process described in step 3 and step 4 until M is completedn+1And (4) subtracting and comparing, outputting an operation result, and finishing the modular operation.
Preferably, the bit width of the operand in step 1 is 2 times of the bit width of the modulus.
Preferably, the bit width of the modulus is 10 bits or 15 bits.
Preferably, the number of bits to left shift the modulus in step 1 is divisible by the number of bits of the modulus.
Preferably, when n ≧ 2, starting from step 2, in the case of the largest number of operands, 2 needs to be performedn1 comparison operation described in step 2 and 2n1 subtraction operation described in step 2.
A modular arithmetic circuit with variable bit width comprises a plurality of shifters, a plurality of registers, a plurality of subtractors and a plurality of selectors, wherein:
the shifters are used for performing left shift operation on the modulus respectively to obtain N left shift results;
the 1 st level register in the plurality of registers is used for caching N left-shifted results obtained by the operand and the plurality of shifters, and the rest registers in the plurality of registers are respectively a2 nd level register, a 3 rd level register, …, an Nth level register and an N +1 th level register;
the plurality of subtractors comprise a 1 st-level subtracter, a2 nd-level subtracter, …, an Nth-level subtracter and an N +1 th-level subtracter, and the plurality of selectors comprise a 1 st-level selector, a2 nd-level selector, …, an Nth-level selector and an N +1 th-level selector;
the first output end of the 1 st-level register is respectively connected with the input ends of the 2 nd-level register, the 3 rd-level register, …, the Nth-level register and the N +1 th-level register, the second output end of the 1 st-level register is connected with the input end of the 1 st-level selector, the third output end and the fourth output end of the 1 st-level register are both connected with the input end of the 1 st-level subtracter, the output end of the 1 st-level subtracter is connected with the input end of the 1 st-level selector, the output end of the 1 st-level selector is connected with the input end of the 2 nd-level register, and the 1 st-level register, the 1 st-level subtracter and the 1 st-level selector form a 1 st-level operation unit;
the ith-level register, the ith-level subtracter and the ith-level selector form an ith-level operation unit according to the connection mode of the 1 st-level register, the 1 st-level subtracter and the 1 st-level selector, i is respectively 2,3 … N and N +1, the output end of the ith-level selector is connected with the input end of the (i + 1) th-level register, and i is respectively 2,3 … and N;
when the modulus is shifted to the left by two or more bits, the 1 st level register is also provided with a fifth output end and a sixth output end, and the selectors also comprise primary selectors; the 1 st stage register inputs the operated number to the primary selector through a fifth output terminal, and inputs the N left-shifted results to the primary selector through a sixth output terminal, and the primary selector controls the 2 nd stage register, the 3 rd stage register, …, the N th stage register and the N +1 th stage register through a plurality of enable signals, respectively.
Further, the 1 st stage register inputs the operated-on number to the 1 st stage subtracter through a third output terminal, and inputs the first left-shifted result by one bit to the 1 st stage subtracter through a fourth output terminal.
Still further, when the modulus is shifted left by two or more bits, another output terminal of the ith stage subtracter is connected between the ith stage register and the ith stage subtracter, and i is 1,2,3 … N and N + 1.
Compared with the prior art, the invention has the following beneficial technical effects:
the invention relates to a variable bit width modular arithmetic method, firstly, carrying out left shift operation on a modulus to obtain N left shift results, combining the left shift results and the modulus with the bit width of an operated number to form N +1 intervals in the sequence from big to small, then, dividing into two cases for discussion, when carrying out left shift on the modulus by one bit, firstly using the operated number to subtract the minimum value of the 1 st interval, judging the size of the obtained result and the value, when the result is larger than the value, using the result to replace the operated number to continue subtraction operation until the obtained result is smaller than the value, then carrying out operation of the next interval, if the result is smaller than the value, directly entering the next interval, repeating the operation until the last intermediate result enters the last interval, then carrying out subtraction and comparison operation to finish the modular operation by two bits, when carrying out left shift on the modulus or more than the modulus, the interval where the operated number is located needs to be judged, then the operated number is jumped to the corresponding interval, and the subtraction and comparison operations of the subsequent interval are directly carried out according to the process described before, and the previous interval is ignored. The invention starts the initial shift operation, each stage of operation only comprises the comparison operation and the subtraction operation, which provides convenience for the realization of hardware, is flexible and configurable, can configure corresponding specific schemes through different modulus bit widths, corresponds to the lack of a certain resource of the resource-limited equipment, selects specific processing flows of different modulus bit widths, and has high efficiency. Aiming at the encryption and decryption scheme with smaller bit width difference between an operand x and a modulus q, the modulo operation realized by the invention can be more efficiently completed.
The invention relates to a variable bit width modular arithmetic circuit, which is provided with a plurality of shifters, registers, subtracters and selectors according to a modular arithmetic method, wherein the shifters can respectively carry out left shift operation on a modulus, so as to obtain N left shift results, a 1 st-stage register can buffer operated numbers and N left shift results, only one extra state is needed to complete data pre-jump when the modulus is shifted to the left by two or more bits compared with the modulus to save clock cycles, therefore, the modular arithmetic circuit comprises a plurality of stages of operation units formed by the registers, the subtracters and the selectors except for the initial shifters, wherein a first output end of the 1 st-stage register is respectively connected with input ends of the rest stages of registers, so as to input results after the corresponding shifter, a second output end of the 1 st-stage register in the 1 st-stage operation unit is connected with an input end of the 1 st-stage selector, the third output end and the fourth output end are both connected with the input end of the 1 st level subtracter, the output end of the 1 st level subtracter is connected with the input end of the 1 st level selector, so that the first subtraction and comparison operation can be completed, the output end of the 1 st level selector is connected with the input end of the 2 nd level register, the first result can be input into the next interval, the subsequent register, the subtracter and the selector are connected according to the connection mode of the 1 st level register, the 1 st level subtracter and the 1 st level selector, so that the operation can be repeated until the modulo operation is completed, when the modulus is shifted to the left by two or more than two bits, a fifth output end and a sixth output end are additionally arranged on the 1 st level register, the operated number can be input into the primary selector through the fifth output end, and the N left-shifted results can be input into the primary selector through the sixth output end, the primary selector respectively controls the 2 nd-level register, the 3 rd-level register, the …, the Nth-level register and the N +1 th-level register through a plurality of enabling signals, so that the pre-jump function can be realized, the operated number is directly jumped to the corresponding interval, and then calculation is carried out according to the operation. The invention has simple composition mode, adopts a full-serial mode to build a multi-stage novel modular arithmetic circuit, corresponds to the shortage of a certain resource of resource-limited equipment, and has high processing efficiency.
Drawings
Fig. 1 is a schematic flow chart of an algorithm 1 according to the present invention.
Fig. 2 is a circuit diagram of the algorithm 1 according to the present invention.
Fig. 3 is a schematic flow chart of the algorithm 2 according to the present invention.
Fig. 4 is a circuit diagram of the algorithm 2 according to the present invention.
Detailed Description
The present invention will now be described in further detail with reference to specific examples, which are intended to be illustrative, but not limiting, of the invention.
The invention discloses a modular operation method with variable bit width, which comprises the following steps:
step 1, performing left shift operation on the modulus to obtain N left shift results, combining the left shift results and the modulus with the bit width of the operated number to form N +1 intervals in descending order, and marking the minimum value of the ith interval as MiI ═ 1,2,3 … n, or n + 1;
step 2, when the modulus is shifted to the left by one bit, the step 2a is carried out, when the modulus is shifted to the left by two or more bits, the interval where the operated number is located is judged, then the operated number is jumped to the corresponding interval, and the operated number is jumped to the corresponding interval according to the M of the interval where the operated number is locatediM occurring in the step after bondingiJumping to the corresponding step later;
step 2a, subtracting M from the operated number1The results obtained are compared with M1Comparing;
step 2b, if the result is less than M1If so, go to step 3, if the result is greater thanM1Then the method continues with step 2a until the result is less than M1Then, step 3 is carried out;
step 3, replacing the operated number with the result obtained in the step 2, and adding M1Is replaced by M2Step 2a and step 2b will continue, followed by step 4;
step 4, replacing the operated number with the result obtained in the step 3, and adding M1Is replaced by M3Step 2a and step 2b will continue, followed by step 5;
step 5, continuously subtracting and comparing the result obtained in step 4 according to the repeated process described in step 3 and step 4 until M is completedn+1And (4) subtracting and comparing, outputting an operation result, and finishing the modular operation.
The invention designs a corresponding modular arithmetic circuit, which comprises a plurality of shifters, a plurality of registers, a plurality of subtractors and a plurality of selectors, wherein: the shifters are used for respectively performing left shift operation on the modulus to obtain N left shift results; the 1 st level register in the plurality of registers is used for caching N left-shifted results obtained by the operand and the plurality of shifters, and the rest registers in the plurality of registers are respectively a2 nd level register, a 3 rd level register, …, an Nth level register and an N +1 th level register;
the plurality of subtractors comprise a 1 st-stage subtracter, a2 nd-stage subtracter, …, an Nth-stage subtracter and an N +1 th-stage subtracter, and the plurality of selectors comprise a 1 st-stage selector, a2 nd-stage selector, …, an Nth-stage selector and an N +1 th-stage selector;
the first output end of the 1 st-level register is respectively connected with the input ends of the 2 nd-level register, the 3 rd-level register, …, the Nth-level register and the N +1 th-level register, the second output end of the 1 st-level register is connected with the input end of the 1 st-level selector, the third output end and the fourth output end of the 1 st-level register are both connected with the input end of the 1 st-level subtracter, the 1 st-level register inputs the operated number to the 1 st-level subtracter through the third output end, the first left-shift result is input to the 1 st-level subtracter through the fourth output end, the output end of the 1 st-level subtracter is connected with the input end of the 1 st-level selector, the output end of the 1 st-level selector is connected with the input end of the 2 nd-level register, and the 1 st-level register, the 1 st-level subtracter and the 1 st-level selector form a 1 st-level operation unit;
the ith level register, the ith level subtracter and the ith level selector form an ith level operation unit according to the connection mode of the 1 st level register, the 1 st level subtracter and the 1 st level selector, i is respectively 2,3 … N and N +1, the output end of the ith level selector is connected with the input end of the (i + 1) th level register, and i is respectively 2,3 … and N; and the other output end of the ith stage subtracter is connected between the ith stage register and the ith stage subtracter, wherein i is 1,2,3 … N and N + 1.
When the modulus is shifted to the left by two or more bits, the 1 st level register is also provided with a fifth output end and a sixth output end, and the selectors also comprise primary selectors; the 1 st stage register inputs the operated number to the primary selector through a fifth output terminal, and inputs the N left-shifted results to the primary selector through a sixth output terminal, and the primary selector controls the 2 nd stage register, the 3 rd stage register, …, the N th stage register and the N +1 th stage register through a plurality of enable signals, respectively.
Specific examples are described below.
For the modulus q and the operand x, as shown in fig. 1, taking their bit widths of 10bit and 20bit as examples, the output result is r11。
The pseudo code for algorithm 1 is as follows:
algorithm 1 represents the following flow:
1. shifting the input modulus q to obtain q1,q2,q3,q4Kq10Their values are q left shifted by 10 bits, q left shifted by 9 bits, q left shifted by 8 bits, and so on10Represents the result of shifting q by 1 bit to the left.
2. Defining the range interval of x, 11 intervals are respectively (2)20,q1)(q1,q2),(q2,q3),(q3,q4)...(q9,q10),(q10,q)。
3. Operating on input operated-on number x, i.e. executing r1-1=x-q1(ii) a Then, r is judged1-1And q is1If r is1-1Greater than q1Then leave in this interval to perform operation r1-2=r1-1-q1Then, r is determined1-2And q is1If r is1-2Less than q1Then is recorded as r1Otherwise, continue operation r1-(1+i)=r1-i-q1Up to r1-(i+1)Less than q1R is to1-(i+1)Is marked as r1And used as input for the next interval. By analogy, the input of the ith interval is ri-1The output of the ith interval is ri。
4. The above operation is repeated until an intermediate result r10Into (q)10Q) interval in r according to the above operation11-1>Repeat at q time r11-2=r11-1Q, up to r11-(i+1)<q, at this time, r11-(i+1)Is marked as r11As an output result.
In comparison with the specific flow of the algorithm 1, a corresponding modulo arithmetic circuit is designed, as shown in fig. 2.
First, the input operand x is put into the first input register for buffering. For the input modulus q, the modulus q is respectively changed into a result q which is shifted left by 10 bits through a first-stage shifter (a shifter 1 in the figure, and the similar is not repeated in the following description)1Goes through a second stage shifter to become a result q shifted left by 9 bits2And then becomes a result q shifted to the left by 8 bits through the third stage shifter3Goes through a fourth stage shifter to become a result q shifted to the left by 7 bits4Goes through a fifth stage shifter to become a result q shifted to the left by 6 bits5And then becomes a result q shifted left by 5 bits through a sixth stage shifter6And then becomes a result q shifted left by 4 bits through a seventh stage shifter7Becomes a result q shifted left by 3 bits through the eighth stage shifter8Becomes a result q shifted left by 2 bits through the ninth stage shifter9Becomes a result q shifted left by 1 bit through a shifter of the tenth stage10And place these q-shifted results into the first input register.
The corresponding modular arithmetic circuit is divided into 11 stages in design, and each stage of circuit repeats similar comparison-subtraction operation. Except for the first stage, the input of each stage of circuit is derived from the register of the first stage corresponding to the previous stage of circuit.
The first stage register outputs four signals in total. Referring to fig. 2, when viewed from top to bottom, the first branch output is the result of q and q passing through the corresponding shifter, and is input to the second stage register, the third stage register, the fourth stage register, the fifth stage register, the sixth stage register, the seventh stage register, the eighth stage register, the ninth stage register, the tenth stage register, and the eleventh stage register as the fixed input of the corresponding first-stage subtracter (subtracter i, i is 1,2,3,4,5,6,7,8,9,10,11 in the figure). The second branch output is an input signal x which is directly connected to a first selector (selector 1 in the figure) for the first stage operation, when r is1-(i+1)Less than q1Then it will pass r through the first selector1And transferred into the second level register. The third output and the fourth output are the result q of shifting the input x and q left by 10 bits respectively1They are used as two inputs of the first-stage subtracter.
The design of the modular arithmetic circuit is divided into eleven levels in total, and each level repeats similar operation. i.e. i<One fixed input of the 11 th i-stage subtracter is qiThe other input is the output result r of the previous transmissioni-1(where the other input to the first stage is x). One input of the eleventh-stage subtracter is q, and the other input is an output result r transmitted by the previous stage10。
At the beginning of the operation, the first stage performs subtraction operation x-q by a first subtracter1. Judging the positive and negative relation of the value to obtain r1-1And q is1. If r is1-1<q1Then directly output the result r1Transmitting the data to a current-stage register; if x>q1Then the subtractor continues to operate as described above to obtain r1. And so on until x and q10After the above operation, the operation is performed on x and q, and then the correct output result xmodq can be obtained.
Algorithm 1 extends over several variations: one of which, algorithm 2, is discussed below.
Or an operand x (20bit) modulo q (10bit) operation. The flow diagram of algorithm 2 is shown in fig. 3;
the pseudo code for algorithm 2 is as follows:
the flow represented by algorithm 2 is as follows:
1. shifting the input modulus q to obtain q1,q2,q3,q4,q5The values are q left shifted by 10 bits, q left shifted by 8 bits, q left shifted by 6 bits, q left shifted by 4 bits and q left shifted by 2 bits, respectively.
2. The range of x is judged to be (2) for 6 intervals20,q1),(q1,q2),(q2,q3),(q3,q4),(q4,q5),(q5,q)。
3. Jumping the input operand x to the corresponding interval if jumping to (q)2,q3) Then, the subsequent section, section (2) is performed in sequence20,q1),(q1,q2) It is ignored.
With q2<x<q3For example, a subtraction operation r is performed at this time3-1=x-q3(ii) a Then, r is judged3-1And q is3If r is3-1Greater than q3Then leave in this interval to perform operation r3-2=r3-1-q3(ii) a Then, r is determined3-2And q is3If r is3-2Less than q3Then is recorded as r3Otherwise, continue operation r3-(1+i)=r3-i-q3Up to r3-(i+1)Less than q3,r3-(i+1)Will be recorded as r3And used as input for the next interval. By analogy, the input of the ith interval is ri-1The output of the ith interval is ri。
4. The above operation is repeated until an intermediate result r5Into (q)5Q) interval in r according to the above operation6-1>Repeat at q time r6-2=r6-1Q, up to r6-(i+1)<q, at this time, r6-(i+1)Is marked as r6As an output result.
Algorithm 2 is done with a similar idea as algorithm 1, but shifts the modulus q from one bit to two bits to the left. The hardware design of algorithm 2 adds an extra state to complete the pre-jump of data to save clock cycles, and the state is compared with the shifted different q by operand x, so as to jump to the corresponding state.
In comparison with the specific flow of the algorithm 2, a corresponding modulo arithmetic circuit is designed, as shown in fig. 4.
First, the input x is put into the level 1 register for buffering. For the input modulus q, the modulus q is respectively changed into a result q which is shifted left by 10 bits through a 1 st-stage shifter (a is a in the figure, and the similar is not repeated later)1Goes through the 2 nd stage shifter to become a result q shifted to the left by 8 bits2Goes through the 3 rd stage shifter to become a result q shifted to the left by 6 bits3Goes through the 4 th stage shifter to become a result q shifted left by 4 bits4Through stage 5The shifter becomes a result q shifted left by 2 bits5And place these q-shifted results into the stage 1 register.
When designing, the corresponding modular arithmetic circuit is divided into 7 stages, except that the first stage circuit plays the role of judging the range of x, each stage circuit repeats similar comparison-subtraction operation.
The 1 st stage register outputs six signals in total. Referring to fig. 4, the first branch output is the result of q and q passing through the corresponding shift register, and is input to the 2 nd, 3 rd, 4 th, 5 th and 6 th registers as the fixed input of the corresponding first subtractors (in the figure, subtractors X, X is a, b, c, d, e and f, which correspond to the 1 st, 2 nd, 3 rd, 4 th, 5 th and 6 th subtractors, respectively). The second branch output is an input signal x which is directly connected to the level 1 selector for level 1 operation, when x is<q1Then it will r through the level 1 selector1Into the level 2 register. The third output and the fourth output are the result q of shifting the input x and q left by 10 bits respectively1They are used as two inputs of the 1 st-stage subtracter. The fifth output and the sixth output are the results of the inputs x and q passing through the corresponding shifters, respectively, and they are connected to the primary selector (subtracter o in the figure) of the primary operation, so as to implement the pre-jump function through the primary operation.
At the beginning of the operation, the first stage circuit determines the range of x, and 6 ranges are (2)20,q1)(q1,q2),(q2,q3),(q3,q4),(q4,q5),(q5Q), and outputs an enable signal to control the corresponding stage to be input to the 2 nd stage register, the 3 rd stage register, the 4 th stage register, the 5 th stage register and the 6 th stage register. For example, x has a range interval of (q)2,q3) Then directly skipping the 1 st and 2 nd stage circuits, the circuit starts to operate from the 3 rd stage, the input r of the 3 rd stage2=x。
Considering the above-mentioned example, the 3 rd stage circuit performs the outputR is2And q is3Comparison of (1). The 3 rd-level subtracter firstly executes the operation to obtain r2-q3. If this value is less than 0, r is declared2<q3Then x is directly transferred to the 4 th stage register; if r is2>q3Then, the subtraction operation described above is repeatedly performed by feedback, and then whether the subtracted value is positive or negative is determined, and whether the feedback is continued at the present stage or the input to the register of the next stage is determined. And so on until r5After the operation is carried out with q, the correct output result xmodq can be obtained.
When the number of bits of the modulus Q is Q, it is assumed that the bit width of the operand x is 2 × Q. Similarly, an algorithm that shifts n bits at a time (n can be divided by Q) can be designed using the above-mentioned idea. Considering the most operating case, when n ≧ 2, the algorithm for shifting the modulus q to the left by n bits at a time needs to perform 2 after each shift operation to the leftn1 comparison operations and 2n1 subtraction, total requiredSecondary comparison and subtraction operations.
Considering a hardware implementation, since each stage can be implemented as a full pipeline by inserting registers, and each stage can be implemented by multiplexing selectors and subtractors, the different algorithms of the method will take into account the trade-off of the amount of consumed resources, the clock frequency and the number of consumed clock cycles.
Taking operand x (20 bits) modulo q (10 bits) as an example:
the implementation of algorithm 1 requires ten shifters, eleven selectors and eleven subtractors in total. Considering the clock period, considering the case of minimum operation, each time the input x enters the next range interval, 1 comparison and 1 subtraction are required, and 11 comparison and subtraction operations are required. Each stage only needs 1 clock cycle to complete the operation. And the implementation of algorithm 2 requires five shifters, seven selectors and six subtractors. Considering the clock cycle, considering the most operations, 3 comparisons and 3 subtractions are needed after each modulo q left shift operation, and 18 comparisons and subtractions are needed. Each stage requires at most 3 clock cycles to complete the operation. Aiming at different conditions and different requirements of hardware acceleration of the cryptographic algorithm, the variation of the algorithm can be flexibly selected to complete the realization of the hardware.
In the aspect of hardware implementation, the invention realizes hardware of four schemes by referring to an algorithm. Firstly, according to the algorithm 1, a left shift one-bit version and a left shift two-bit version (respectively marked as shift1_20bit and shift2_20bit) with the operand x of 20 bits and the modulus q of 10 bits are realized, and according to the algorithm 2, a left shift one-bit version and a left shift two-bit version (respectively marked as shift1_30bit and shift2_30bit) with the operand x of 30 bits and the modulus q of 15 bits are realized, and the four hardware implementations are compared. Aiming at different password scheme requirements, different modular reducers, namely modular arithmetic circuits, can be selected to achieve the desired target.
The hardware design uses a standard verilog language, and adopts Artix7 series xc7a200tfbg484-3 board cards to implement RTL code compiling, simulating, synthesizing and wiring of the circuit.
The following lists the frequency, area and clock count comparisons for hardware implementations of several variations of the present algorithm.
frequency/Mhz
Lookup table
On-chip register
Bonded IOB
Buffer control
F7 multiplexer
Clock period
Shift1_20bit
361.272
436
222
42
1
0
20
Shift2_20bit
198.965
202
24
52
1
0
30
Shift1_30bit
262.26
790
470
62
1
0
30
Shift2_30bit
169.005
417
34
77
1
1
45
The comparison shows that the scheme of shifting left by two bits each time is better in area than the scheme of shifting left by one bit each time, and is worse in frequency, which is consistent with the inference. Meanwhile, as the input data increases, the hardware has little decrease in frequency and area performance. Different modular reducers of the invention can be flexibly selected for different encryption schemes, and various indexes shown in the table are perfected.