Research And Implementation Of SM9 Identity-based Cryptography Based On SOC

For a long time,the cryptography in wireless network has been a research hotspot in the field of information security.The problem of key management in the traditional public key cryptosystem is solved with the proposing of identity-based cryptography.Without complicated certificate exchanges,the public key is directly derived from the user ID,which is effectively improving wireless network throughput.The SM9 identity-based cryptography is a commercial cryptographic algorithm standard independently developed by China.It has the advantages such as strong encryption performance and simple key management,and is especially suitable for wireless network environments with massive users.The SM9 algorithm is complex and computationally intensive,therefor there are currently only software implementation schemes.However,embedded wireless devices typically have low processing performance,which cause the result that software implementation scheme cannot meet the efficiency requirement.Aiming at this problem,the implementation scheme of SM9 identity-based cryptography that is suitable for embedded wireless devices is proposed and implemented on the Zedboard board.The test results show that the program has about 4 times performance improvement compared to the existing software implementation.The specific research contents are as follows:(1)The principle of SM9 identity-based cryptography are studied,where the digital signature and verification algorithm and the public key encryption and decryption algorithm are mainly focused on,and then the algorithm composition is deeply analyzed.(2)Aiming at the problem that the current SM9 identity-based cryptography software implementation scheme is inefficiency,the SOC implementation scheme is proposed for the SM9 identification cryptosystem.The FPGA is adopted to implement time-consuming prime field and the second expansion domain operation of the cryptosystem.And the upper layer algorithm in the cryptosystem is implemented on the ARM,at the same time,the high-speed AXI bus is used to implement data interaction between ARM and FPGA.(3)The hardware scheme of the prime domain and the secondary expansion domain operation modules in the SM9 identity-based cryptosystem is designed and implemented on the FPGA.Through studying the hardware implementation algorithm of finite field operation,the module of modular addition and subtraction,modular multiplication and modular inverse operation under the prime domain and the second expansion domain is designed and implemented on the FPGA.The Modelsim software is used to simulate the designed operation modules,and all the modules' function are test on the Zedboard.The test results are consistent with the test case data given by the SM9 standard.(4)The upper layer algorithm software scheme of the SM9 identity-based cryptosystem is designed and implemented,especially the implement scheme of elliptic curve point operation,multi-point operation,cryptographic auxiliary function(HASH function,KDF function and MAC function),R-ate pair calculation,digital signature and verification algorithm and public key encryption and decryption algorithm.The flow of each upper layer algorithm are designed and implemented on the ARM.The test results show that the software implementation results are consistent with the test case data given by the SM9 standard.(5)The SM9 identity-based cryptosystem designed by combination of software and hardware is test on the Zedboard,especially the functions of digital signature and verification,public key encryption and decryption.The test results verified the correctness of the designed SM9 cryptosystem and the performance is four times better than existing software implementation.