信息网络安全 ›› 2017, Vol. 17 ›› Issue (9): 122-127.doi: 10.3969/j.issn.1671-1122.2017.09.029

• • 上一篇    下一篇

Curve25519椭圆曲线算法GPU高速实现

成娟娟1,2,3, 郑昉昱1,2(), 林璟锵1,2, 董建阔1,2,3   

  1. 1.中国科学院信息工程研究所信息安全国家重点实验室,北京100093
    2.中国科学院数据与通信保护研究教育中心,北京100093
    3.中国科学院大学网络空间安全学院,北京100049
  • 收稿日期:2017-08-01 出版日期:2017-09-20 发布日期:2020-05-12
  • 作者简介:

    作者简介: 成娟娟(1992—),女,山西,硕士研究生,主要研究方向为高性能密码实现技术;郑昉昱(1988—),男,福建,助理研究员,博士,主要研究方向为GPU并行计算、高速密码算法实现;林璟锵(1978—),男,福建,研究员,博士,主要研究方向为软硬件安全、网络安全、系统安全;董建阔(1992—),男,河北,博士研究生,主要研究方向为高性能密码实现技术。

  • 基金资助:
    国家自然科学基金[61602476]

High-performance Implementation of Curve25519 on GPU

Juanjuan CHENG1,2,3, Fangyu ZHENG1,2(), Jingqiang LIN1,2, Jiankuo DONG1,2,3   

  1. 1.State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China
    2.Data Assurance and Communication Security Research Center, Chinese Academy of Sciences, Beijing 100093, China
    3.College of Cyberspace Security, University of Chinese Academy of Sciences, Beijing100049, China
  • Received:2017-08-01 Online:2017-09-20 Published:2020-05-12

摘要:

密钥交换是一种在非保护信道中建立共享密钥的方法,被广泛运用在包括TLS/SSL等网络安全协议中。基于椭圆曲线密码算法的Diffie-Hellman算法(ECDH)由于其出色的计算效率,在密钥交换协议中被逐步推广使用。目前主流的ECDH中采用的椭圆曲线是NIST P系列曲线,但随着对性能的迫切要求以及对其安全性的怀疑,IETF在2016年1月正式将Curve25519曲线用于密钥交换,称为X25519密钥交换协议;随后各大开源安全软件也进行跟进,优先推荐使用X25519。X25519的主要计算瓶颈是Curve25519的椭圆曲线点乘算法,文章提出了一种利用GPU的Curve25519的椭圆曲线点乘算法,通过对有限域算术优化和曲线算法优化,在NVIDIA GeForce GTX 780Ti达到了每秒138万次的吞吐率,相较之前基于GPU的实现获得了5.6倍的性能提升。

关键词: 图形处理器, 椭圆曲线, Curve25519, 密钥交换

Abstract:

Widely used in a large range of Internet security protocols such as TLS/SSL, key exchange provides a method to establish a shared secret between two parties in unprotected channel. Among the key exchange algorithms Elliptic-Curve Diffie- Hellman (ECDH) is currently preferred and popularized by the industry. The prevailing ECDH employs NIST P Curve as the underlying elliptic curve, however, with the requirement of high performance and questioning of its security, in January, 2016, IETF officially applied Curve25519 to key exchange in RFC 7748, called X25519 key exchange protocol. And later, many mainstream open-source projects recommended X25519 as the default key exchange protocol. The bottleneck of X25519 lies in the scalar multiplication of Curve25519.This contribution proposed a GPU-accelerated Curve25519 implementation, having yielded a throughput of 1.38 million scalar multiplication per second in NVIDIA GeForce GTX 780Ti, 5.6 times faster than the previous fastest work.

Key words: graphic processing unit (GPU), elliptic curves, Curve25519, key exchange

中图分类号: