SM2专用指令协处理器设计与实现

Design and Implementation of SM2 Co-processor with Specific Instructions

国家商用密码算法SM2是基于椭圆曲线密码学(ECC)而制定的公钥密码协议,已被国际标准化组织(ISO)确立为国际标准。在实际应用中,SM2算法计算过程的复杂性使其面临实现效率低的问题,并且在实现过程中还会出现与密钥相关的侧信道信息泄露。为了解决上述问题,设计了一种适用于SM2的专用指令硬件协处理器。协处理器包含接口逻辑、取指单元、译码单元、执行单元、程序存储单元和数据存储单元,借鉴通用CPU的流水线技术,将指令的实现过程分为取指、译码、执行、写回四级流水,以提高计算效率。经过在Xilinx ZYNQ-7 FPGA上的实验验证,协处理器可以通过自动执行程序存储单元中的指令序列正确实现SM2加密、解密、签名、验签的计算过程,计算一次标量乘的时间约为2.25 ms,共占用7146个Slice,其指令序列还可以按照软件实现方式进一步优化,说明协处理器具有速度快、面积小、灵活性高的特点。经过理论分析,协处理器可以实现常时的指令序列,具有一定的抵御侧信道攻击的安全性。

The national commercial cryptography algorithmnamed SM2 is a public key cryptographyprotocol based on elliptic curve cryptography(ECC). It has been established as an international standard by the International Organization for Standardization(ISO). In practical applications, the complexity of SM2 algorithm makes it face the problem of low implementation efficiency. And side channel information related to the key may be leaked in the process of implementation.In order to solve these problems, a hardware co-processor with specific instructions for SM2 is designed. The co-processor contains interface logic, fetch unit, decode unit, execution unit, program storage unit, and data storage unit. The implementation process of an instruction can be divided into four stages, which are instruction fetch, decode, execute and write back. The four stages are performed in the way of pipeline, which uses general CPU’s pipeline technology for reference,to improve the performance. After experimental tests on the platform of Xilinx ZYNQ-7 FPGA, the co-processor can complete the calculation process of SM2 encryption, decryption, signature and verification correctly by automatically executing a sequence of instructions in the program storage unit. The time cost for one scalar multiplication calculation is around2.25 ms, and 7 146 Slices are occupied. The instruction sequences can be further optimized according to the software implementation mode. It shows that the co-processor has the characteristics of fast speed, small area and high flexibility.Through theoretical analysis, the co-processor can implement a sequence of instructions with constant time, which indicates that it has certain security against side channel attacks.