紧凑的Aigis数字签名和密钥封装的软硬件协同实现

doi:10.19678/j.issn.1000-3428.00 70542

摘要/Abstract

摘要： 量子计算机的发展威胁到了现有公钥密码系统的安全性，为防止“先存储，后解密”的攻击，现有公钥密码系统向后量子密码系统迁移迫在眉睫。基于理想格构造的Aigis-sig数字签名方案和Aigis-enc密钥封装方案为我国密码算法设计竞赛一等奖作品，具有抗量子攻击的优势。为了使Aigis-sig/enc能够在有限的硬件资源中高效应用，本文对两系统的代码进行整合、提高了资源利用率，在硬件模块上设计了两组蝶形运算器，通过流水线操作大幅提升快速数论变换(NTT)的计算效率；以此为基础，提出了Aigis-sig方案和Aigis-enc方案的软硬件协同实现方法。经实验测试，本文所设计方案相较于纯软件实现有可观的性能提升,其中ROM空间占用降低65%，数字签名/验签平均运行时间分别缩短29%和11%，密钥封装/解封装平均运行时间分别缩短13%和21%。本文的研究对后量子密码的实用化有重要的参考价值。

Abstract: The development of quantum computing has threatened the security of current public key cryptographic systems. To prevent "harvest now, decrypt latter" attacks, migration to post-quantum cryptographic systems is imminent. The Aigis-sig digital signature scheme and Aigis-enc key encapsulation scheme based on ideal lattices construction, which won the first prize in China's cryptographic algorithm design competition, are resistant to quantum attacks. In order to apply Aigis-sig/enc on limited hardware resources efficiently, this paper integrates the code of the two systems to improve resource utilization, and designs two sets of butterfly operation in the hardware module, and significantly improves the computational efficiency of the fast Number Theoretic Transform (NTT) through pipelined operations. Based on these, the hardware and software cooperative implementation of Aigis-sig and Aigis-enc schemes is proposed. The experimental results show that compared with pure software implementation, the design scheme in this paper has considerable performance improvement. Among them, the ROM space usage is reduced by 65%, the average digital signature/verification run time decreases by 29% and 11%; average key encapsulation/decapsulation run time is reduced by 13% and 21%, respectively. This research is of considerable referential importance to the practical application of post-quantum cryptography.

李岩, 孙久兴, 陈昕, 薛一鸣, 刘戬. 紧凑的Aigis数字签名和密钥封装的软硬件协同实现[J]. 计算机工程, doi: 10.19678/j.issn.1000-3428.00 70542.

Li Yan, Sun Jiuxing, Chen Xin, Xue Yiming, Liu Jian. Compact hardware and software cooperative implementation of Aigis digital signature and key encapsulation[J]. Computer Engineering, doi: 10.19678/j.issn.1000-3428.00 70542.

参考文献

[1]. BUCHMANN J, MAY A, VOLLMER U. Pers pectives for cryptographic long-term security[J]. Communications of the ACM, 2006, 49(9): 5 0–55. [DOI: 10.1145/1151030.1151055]
[2]. SHOR P. Algorithms for quantum comput-ati on: Discrete logarithms and factori-ng[C]. In: Proceedings 35th AnnualSymposium on Found ations of Computer Science. IEEE, 1994:124– 134. [DOI: 10.1109/SFCS.1994.365700]
[3]. LONG G L. Grover algorithm with zero theor etical failure rate[J]. Physical Review A, 2001, 64(2): 436–454. [DOI:10.1103/PhysRevA.64.0 22307]
[4]. 沈诗羽,何峰,赵运磊.Aigis 密钥封装算法多平台高效实现与优化[J].计算机研究与发展,2021,58 (10):2238-2252.SHEN S Y,HE F,ZHAO Y L. Multi-Platform Efficient Implementation and O ptimization of Aigis-enc Algorithm[J].Journal o f Computer Research and Development.2021,5 8(10):2238-2252.[DOI:10.7544/issn1000-1239.20 21.20210617]
[5]. 周朕,何德彪,罗敏,等.紧凑的 Aigis-sig 数字签名方案软硬件协同实现方法[J].网络与信息安全学报,2021,7(2):64-76. Compact software/hardw are co-design and implementation method of Aigis-sig digital signature scheme[J].Chinese J ournal of Network and Information Security.20 21,7(2):64-76.[DOI:10.11959/j.issn.2096-109x.20 21026]
[6]. BERNSTEIN D J. Introduction to post-quantu m cryptography[C].In: Post-Quantum Cryptogra phy. Springer Berlin Heidelberg, 2009: 1–14. [DOI: 10.1007/978-3-540-88702-7_1]
[7]. MOODY D. Post-Quantum Cryptography Stan dardization: Announcement and outline of NIS T’s Call for Submissions[S]. 2016
[8]. AJTAI M. Generating hard instances of lattice problems[C]. In: Proceedings of ACM Symp osium on Theory of Computing. ACM, 1996: 99–108. [DOI: 10.1145/237814.237838]
[9]. AJTAI M, DWORK C. A public-key cryptosy stem with worst-case/average-case equivalence [C].In:Proceedings of ACM Symposium on Th eory of Computing. ACM, 1997284–293. [DO I: 10.1145/258533.258604]
[10].ARHOVEN T, MOSCA M, JOOP VDP. Findi ng shortest lattice vectors faster using quantu m search[J]. Designs, Codes and Cryptography, 2015, 77(2): 375–400. [DOI: 10.1007/s10623- 015-0067-5]
[11].LINDNER R, PEIKERT C. Better key sizes (and attacks) for LWE-based encryption[C]. In: Topics in Cryptology—CT-RSA 2011. Spring er Berlin Heidelberg, 2011: 319–339. [DOI:10. 1007/978-3-642-19074-2_21]
[12].谢天元,李昊宇,朱熠铭,潘彦斌,刘珍,杨照民.Fat Seal：一种基于格的高效签名算法.电子与信息学报[J].2020,42(2):333-340.XIE T Y,LI H Y,Z HU Y M,PAN Y B,LIU Z YANG Z M. FatS eal: An Efficient Lattice-based Signature Algor ithm[J].Journal of Electronics & Information T echnology.2020,42(2):333-340.[DOI: 10.11999/J EIT190678]
[13].冯超逸,赵一鸣.基于理想格的可证明安全数字签名方案[J].计算机工程.2014,46(2):122-128.FE NG Chaoyi,ZHAO Yiming. Ideal Lattice Base d Justifiable Secure Digital Signature Scheme [J]. Computer Engineering.2014,46(2):122-128. [DOI:10.3969/j.issn.1000-3428.2017.05.017]
[14].赵宗渠,黄鹂娟,范涛,马少提.格上基于 KEM 的认证密钥交换协议[J].计算机工程.2020,46(7): 122-128.ZHAO Z Q, HUANG L J, FAN T, MA S T.KEM-based Authenticated Key Excha nge Protocol on Lattice[J].Computer Engineeri ng,2020,46(7):122-128.[DOI:10.19678/j.issn.100 0-3428.0055076]
[15].XU P, HU M, CHEN T, WANG W and JIN H. LaF: Lattice-Based and Communication-effi cient Federated Learning[J]. IEEE Transactions on Information Forensics & Security,2022,17: 2483-2496.
[16].Pilaram, H,Eghlidos, T,Toluee, R. An efficient lattice-based threshold signature scheme using multi-stage secret sharing[J].IET INFORMATI ON SECURITY.2021,15(1):98-106.[DOI:10.104 9/ISE2.12007]
[17].BRAKERSKI Z, GENTRY C, VAIKUNTANA THAN V. (Leveled)Fully homomorphic encryp tion without bootstrapping[J]. ACM Transactio ns on Computation Theory, 2014, 6(3): 1–36. [DOI: 10.1145/2633600]
[18].GENTRY C. Fully homomorphic encryption us ing ideal lattices[C].Proceedings of ACM Sym posium on Theory of Computing.ACM,2009: 169–178. [DOI: 10.1145/1536414. 1536440]
[19].GENTRY C, HALEVI S, NIGEL P. Homomor phic evaluation of the AES circuit[C].Advance s in Cryptology—CRYPTO 2012. Springer Be rlin Heidelberg,2012:850–867.[DOI: 10.1007/97 8-3-642-32009-5_49]
[20].Micciancio D,Regev O.Worst-case to average-c ase reductions based on gaussian measures[J]. SIAM J.Comput.2007,37:267–302.[DOI:10.1109 /FOCS.2004.72]
[21].Oded Regev.On lattices, learning with errors, r andom linear codes, and cryptography[M].Proc eedings of the thirty-seventh annual ACM sy mposium on Theory of computing.2005:84–93.
[22].KIM J.NTRU+: Compact Construction of NTR U Using Simple Encoding Method[J]. IEEE T ransactions on Information Forensics & Securi ty,2023,18:4760-4774.
[23].FU Y,ZHAO X F.Research on Two-Party Coo perative Aigis-sig Digital Signature Protocol. I nternational Conference on Security and Priva cy in New Computing Environments[J].2021. [DOI: https://doi.org/10.1007/978-3-030-96791-8 _4]
[24].FU Y,ZHAO X F.A New Threshold Digital Si gnature Protocol for Aigis-sig.密码学[J].2022,9 (5):872-882.[DOI:10.13868/j.cnki.jcr.000554]
[25].HU Y,DONG S,DONG X.Analysis on Aigis‐ Enc: Asymmetrical and symmetrical[J].IET Inf ormation Security,2021,15(2):147-155.[DOI:http s://doi.org/10.1049/ise2.12009]

选择文件类型/文献管理软件名称

选择包含的内容