Research On FPGA-based High-Performance And Secure Implementation Of ECDSA

Since the 21 st century,with rapid development of computer science and technology,as well as continuous upgrading of communication protocols,new large-scale end-to-end communication systems represented by Internet of Things applications have begun to be widely deployed in our lives.For a great number of terminal devices,how to ensure their secure deployment and operation efficiently through cryptographic algorithms,has gradually developed into an imminent problem.In addition,in the face of application scenarios with limited hardware resources and high real-time requirements,how to make cryptographic algorithms with more lightweight computing and more secure deployment has also attracted attentions.As a semicustomized hardware platform,FPGA has advantages of parallelism for hardware computing and the flexibility of programmability,so it is very suitable for the deployment of cryptographic algorithms as a hardware terminal.This paper takes the design and security implementation of an elliptic curve digital signature algorithm(ECDSA),a commonly used digital signature algorithm at home and abroad,and uses FPGA as the implementation equipment.Firstly,this paper discusses and analyzes the mathematical basis of ECDSA,as well as state of the art of ECDSA hardware implementation,and also clarifies that the optimization direction is point multiplication(PM)and modular multiplication(MM).Secondly,aiming at the problems of excessive redundancy calculation,and asymmetrical time of point addition(PA),point double(PD)and point quadruple(PQ)in montgomery ladder point multiplication operations,we propose the 2-parallel point multiplication(2-PPM)algorithm,and the corresponding combined PQ-PA and PD-PA architectures.After that,to solve the problems of low efficiency of modular multipliers and lack of good interpretability of multipliers pipeline stages and instantiation numbers,this paper proposes an algorithm called S-IDDMM,which is based on the high-radix MMM,and demonstrates the design scheme of this multiplier.Finally,the design is deployed to an FPGA board to prove the computational correctness of this design through UDP protocol network communication.The specific contents are as follows:1.The 2-PPM algorithm is proposed,as well as the corresponding combined PQ-PA and PD-PA architectures.By improving the hardware architecture of parallel PM,the 2-PPM algorithm is proposed.The scalar in PM computation is fuzzy by 1 bit per 2 bits,which effectively improves the system efficiency while retaining its side channel protection function.By analyzing the modular multiplication period in parallel PM operation,it is found that point addition requires three times more MM period than double point.Therefore,the combined PD-PA architecture is proposed,so that the MM can be efficiently utilized.Considering the characteristics of 2-PPM,combined PQ-PA is designed,to further improve hardware efficiency and the parallelism.2.The S-IDDMM algorithm based on the high-radix MMM algorithm and its hardware architecture are proposed.This algorithm mainly solves the problem that in high-radix MMM with lower bits multiplication(such as 256bit),the multiplier is usually used inefficiently.In addition,based on the algorithm and the corresponding hardware architecture,this paper explorers further the design scheme of multiplier,including the selection of multiplier pipeline stages and the number of multipliers used.The experimental results based on FPGA show that our design can achieve a certain degree of flexibility while providing good throughput rate and hardware efficiency.In addition to the design and implementation of S-IDDMM algorithm,this paper also makes some optimizations on the modular addition and subtraction module and the modular inverse module,so that the modules can be more suitable for the system.3.In terms of system implementation and deployment,UDP protocol is used to communicate the hardware system with computer network; Information transmission between ECDSA module in FPGA chip and computer is realized through asynchronous FIFO.The computer can transmit random number to the FPGA,and the FPGA returns the signature result after signing the certain random number.This scheme can reach a kind of communication channels between software and hardware,and provide an idea for the configuration of digital signature parameters on the software.