国密算法分析与软件性能研究

doi:10.3969/j.issn.1671-1122.2021.10.002

信息网络安全 ›› 2021, Vol. 21 ›› Issue (10): 8-16.doi: 10.3969/j.issn.1671-1122.2021.10.002

国密算法分析与软件性能研究

胡景秀¹^,², 杨阳¹^,², 熊璐¹^,²(), 吴金坛¹^,²

1.中国银联股份有限公司,上海 201201
2.电子商务与电子支付国家工程实验室,上海 201201

收稿日期:2021-05-15 出版日期:2021-10-10 发布日期:2021-10-14
通讯作者: 熊璐 E-mail:xionglu@unionpay.com
作者简介:胡景秀（1990—）,女,山西,硕士,主要研究方向为密码学、移动支付安全、区块链安全等|杨阳（1987—）,男,安徽,高级工程师,硕士,主要研究方向为网络安全、密码学等|熊璐（1991—）,女,湖北,工程师,硕士,主要研究方向为网络安全、移动安全等|吴金坛（1968—）,男,福建,高级工程师,主要研究方向为信息安全
基金资助:
上海市移动电子商务工程技术研究中心项目(19DZ2284800)

SM Algorithm Analysis and Software Performance Research

HU Jingxiu¹^,², YANG Yang¹^,², XIONG Lu¹^,²(), WU Jintan¹^,²

1. China Unionpay Co., Ltd, Shanghai 201201, China
2. National Engineering Laboratory of E-commerce and E-payment, Shanghai 201201, China

Received:2021-05-15 Online:2021-10-10 Published:2021-10-14
Contact: XIONG Lu E-mail:xionglu@unionpay.com

摘要/Abstract

摘要：

密码技术是信息安全的核心,推广国密算法对维护我国网络信息安全意义重大。近年来,我国商用密码产业快速发展,但国密算法普遍存在实现效率较低的问题。为探究国密算法对国际密码算法的替代可行性,文章对国密SM3、SM2、SM4算法及其对标的国际密码算法进行全方位对比,分析算法的计算量与安全性,并利用OpenSSL及我国A厂商优化后的国密算法对各算法进行性能测试。性能测试结果表明,SM3算法与SHA-256算法性能相近;SM2数字签名算法与ECDSA算法的性能受两者选用的杂凑函数影响,但总体上性能相近;当数据量较少时,SM2公钥加密算法与ECIES算法性能取决于加密数据的规模,随着数据量增多,后者的性能显著优于前者;SM4算法性能介于AES与3DES之间。

关键词: 国密算法, SM2算法, SM3算法, SM4算法, 软件性能

Abstract:

Encryption technology is the core of information security, and the promotion of national secret algorithms is of great significance to safeguarding country’s network information security. In recent years, commercial encryption industry of China has developed rapidly, but the SM algorithm generally has the problem of low implementation efficiency. In order to explored the feasibility of the SM algorithm to replace the international encryption algorithm, this article mainly focused on the SM3, SM2, SM4 of SM algorithm and comprehensive comparison of the target international cryptographic algorithms, analyzed the calculation amount and security of the algorithms, and used OpenSSL and a SM algorithm optimized by a domestic manufacturer A to test the performance of each algorithm. The performance test results show that the SM3 is similar to the SHA-256, the performance of the SM2 digital signature algorithm and the ECDSA algorithm is affected by the Hash function they select, but the overall performance is similar. With small amount of data, the performance of SM2 public key encryption algorithm and ECIES algorithm depend on the size of the encrypted data. As the amount of data increases, the performance of the latter is significantly better than the former. The performance of the SM4 algorithm is between AES and 3DES.

Key words: SM algorithm, SM2 algorithm, SM3 algorithm, SM4 algorithm, software performance

中图分类号:

TP309

胡景秀, 杨阳, 熊璐, 吴金坛. 国密算法分析与软件性能研究[J]. 信息网络安全, 2021, 21(10): 8-16.

HU Jingxiu, YANG Yang, XIONG Lu, WU Jintan. SM Algorithm Analysis and Software Performance Research[J]. Netinfo Security, 2021, 21(10): 8-16.

图/表 14

表1

表2

图1

表3

表4

图2

图3

图4

图5

表5

表6

表7

表8

表9

参考文献 15

[1]	National Institute of Standards and Technology. Federal Information Processing Standards Publication 180-3, Secure Hash Standards(SHS)[S]. Gaithersburg: National Institute of Standards and Technology, 2008.
[2]	WANG Xiaoyun, YU Hongbo. How to Break MD5 and Other Hash Functions [C]//Springer. 24th Annual International Conference on Theory and Applications of Cryptographic Techniques, May 22-26, 2005, Aarhus, Denmark. Berlin: Springer, 2005: 19-35.
[3]	National Cryptography Administration. SM3 Cryptographic Hash Algorithm[EB/OL]. https://sca.gov.cn/sca/xwdt/2010-12/17/content_1002389.shtml, 2010-12-17.
	国家密码管理局. SM3密码杂凑算法[EB/OL]. https://sca.gov.cn/sca/xwdt/2010-12/17/content_1002389.shtml, 2010-12-17.
[4]	SHEN Yanzhao. Analysis of SM3 Cryptographic Hash Algorithm[D]. Shanghai: Donghua University, 2013.
	申延召. SM3密码杂凑算法分析[D]. 上海:东华大学, 2013.
[5]	National Cryptography Administration. Public Key Cryptographic Algorithm SM2 Based Elliptic Curves[EB/OL]. https://sca.gov.cn/sca/xwdt/2010-12/17/content_1002386.shtml, 2010-12-17.
	国家密码管理局. SM2椭圆曲线公钥密码算法[EB/OL]. https://sca.gov.cn/sca/xwdt/2010-12/17/content_1002386.shtml, 2010-12-17.
[6]	JOHNSON D, MENEZES A, VANSTONE S. The Elliptic Curve Digital Signature Algorithm (ECDSA)[J]. International Journal of Information Security, 2001, 1(1):36-63. doi: 10.1007/s102070100002 URL
[7]	RIVEST R L. A Method for Obtaining Digital Signatures and Public-key Cryptosystems[J]. Communications of the ACM, 1978, 26(2):96-99. doi: 10.1145/357980.358017 URL
[8]	SUN Rongyan, CAI Changshu, ZHOU Zhou, et al. The Comparision Between Digital Signature Based on SM2 and ECDSA[J]. Network Security Technology and Application, 2013(2):60-62.
	孙荣燕, 蔡昌曙, 周洲, 等. 国密SM2数字签名算法与ECDSA算法对比分析研究[J]. 网络安全技术与应用, 2013(2):60-62.
[9]	ASSOCIATION A B. Public Key Cryptography for the Financial Services Industry, Key Agreement and Key Transport Using Elliptic Curve Cryptography[J]. Speculum, 2006, 81(2):566-569. doi: 10.1017/S0038713400003262 URL
[10]	BIRYUKOV A, CANNIÈRE C D. Data Encryption Standard(DES)[J]. Encyclopedia of Cryptography & Security, 2011, 28(2):295-301.
[11]	DAEMEN J, RIJMEN V. Rijndael, the Advanced Encryption Standard[J]. Dr Dobbs Journal, 2001, 26(3):137-139.
[12]	National Cryptography Administration. Announcement of the State Password Administration(No.7)[EB/OL]. https://www.oscca.gov.cn/sca/xwdt/2006-01/06/content_1002355.shtml, 2016-11-04.
	国家密码管理局国家密码管理局公告（第7号）[EB/OL]. https://www.oscca.gov.cn/sca/xwdt/2006-01/06/content_1002355.shtml, 2016-11-04.
[13]	MERKLE R C, HELLMAN M E. On the Security of Multiple Encryption[J]. Communications of the ACM, 1981, 24(7):465-467. doi: 10.1145/358699.358718 URL
[14]	OORSCHOT P C V, WIENER M J. A Known-plaintext Attack on Two-key Triple Encryption[J]. Springer, 1991(473):318-325.
[15]	DAEMEN J. The Design of Rijndael[J]. Information Security & Cryptography, 2001, 26(3):137-139.

杂凑算法	消息扩展	状态更新	合计
SM3	416SH+584LO	1024SH+1328LO+ 384MA	1440SH+1912LO+ 384MA
SHA-256	480SH+384LO+ 144MA	768SH+1152LO+ 256MA	1248SH+1536LO+ 400MA

输入长度	运行时间比
输入长度	A厂商SM3/SHA-256	OpenSSL SM3/SHA-256
8 B	1.3819	1.8048
64 B	1.2329	1.8392
256 B	1.1652	1.9581
1 KB	1.1295	2.0152
512 KB	1.1181	2.0292
1 MB	1.1160	2.0546

签名算法		SM2	ECDSA
签名产生	椭圆曲线运算	1MP	1MP
签名产生	模运算	3MA+1MI+1MM	1MA+1MI+1MM+1MO
签名验证	椭圆曲线运算	2MP+1AP	2MP+1AP
签名验证	模运算	2MA	2MA+1MI+1MO

算法	签名耗时比	签名验证耗时比
ECDSA_secp256k1/OpenSSL SM2	1.11	1.12
ECDSA_secp256k1/ECDSA_X9.62prime256v1	16.60	4.16

加/解密算法		SM2	ECIES
公钥加密	椭圆曲线运算	3MP	2MP
	逻辑运算	1LO	1LO
	模乘运算	—	1MM
	杂凑运算	（klen/256）× HO₁+1HO	((klen+mackeylen)/256)HO₂+1HH
私钥解密	椭圆曲线运算	2MP	1MP
	逻辑运算	1LO	1LO
	模乘运算	—	1MM
	杂凑运算	（klen/256）HO	（klen/256）HO

国密算法分析与软件性能研究

SM Algorithm Analysis and Software Performance Research

RichHTML

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

图/表 14

参考文献 15

相关文章 6

编辑推荐

Metrics

本文评价

加/解密	输入长度	A厂商SM2/ OpenSSL SM2	RSA2048/ OpenSSL SM2	RSA3072/ OpenSSL SM2
加密	16 B	0.147787644	0.040161646	0.080578194
	64 B	0.148209251	0.039978619	0.080326983
	256 B	0.151985583	0.079726359	0.080332399
	1 KB	0.162721267	0.193082678	0.233398426
	4 KB	0.201123432	0.688962323	0.837251662
	16 KB	0.298521417	1.877450216	2.34507407
	32 KB	0.364572911	2.688391462	3.371995372
解密	16 B	0.228408613	2.29651208	7.175291258
	64 B	0.226845092	2.263777384	7.07422817
	256 B	0.234965591	4.537950334	7.082142906
	1 KB	0.250163081	10.6395389	19.95441131
	4 KB	0.301611021	35.33215849	65.68612578
	16 KB	0.398097074	78.22104433	151.4175574
	32 KB	0.446773723	100.6119596	196.0483998

算法	分组长度 /bit	密钥长度 /bit	迭代轮数	算法结构	算法特性
SM4	128	128	32	非平衡Feistel网络	基本轮函数加迭代,含非线性变换
AES	128	128/182/ 256	10/12/14	SP（代换- 置换）网络	排列、置换加迭代,含非线性变换
3DES	64	112/168	16×3=48	平衡Feistel网络	使用标准的算术和逻辑运算,先替代后置换,不含非线性变换

加/解密	输入长度	A厂商SM4/AES	OpenSSL SM4/AES	AESEVP/AES
加密	32 B	0.99	0.81	10.69
	128 B	2.9	0.83	25.08
	512 B	3.34	0.83	31.96
	1 KB	3.35	0.84	33.54
	4 KB	3.43	0.81	34
	16 KB	3.54	0.82	35.1
	64 KB	3.5	0.82	35.19
	256 KB	3.53	0.82	35.4
	1 MB	3.52	0.82	34.48
解密	32 B	1.31	1.07	11.13
	128 B	3.92	1.12	29.96
	512 B	4.47	1.12	40.97
	1 KB	4.47	1.12	43.08
	4 KB	4.57	1.10	43.54
	16 KB	4.71	1.11	45.04
	64 KB	4.73	1.08	45.44
	256 KB	4.74	1.13	45.7
	1 MB	4.71	1.12	45.48

加/解密	输入长度	A厂商SM4/AES	OpenSSL SM4/ AES	AESEVP/AES
加密	32 B	1.52	1.19	8.53
	128 B	1.18	0.89	6.55
	512 B	1.09	0.82	6.02
	1 KB	1.07	0.80	5.92
	4 KB	1.05	0.80	5.93
	16 KB	1.05	0.80	5.92
	64 KB	1.05	0.81	5.95
	256 KB	1.04	0.80	5.84
	1 MB	1.05	0.80	5.95
解密	32 B	1.23	1.09	10.75
	128 B	3.67	1.10	28.65
	512 B	4.36	1.11	44.58
	1 KB	4.39	1.11	48.78
	4 KB	4.56	1.11	52.46
	16 KB	4.61	1.11	53.39
	64 KB	4.63	1.11	53.93
	256 KB	4.63	1.10	54
	1 MB	4.66	1.11	54.05

[1]	王开轩, 滕亚均, 王琼霄, 王伟. 隐式证书的国密算法应用研究[J]. 信息网络安全, 2021, 21(5): 74-81.
[2]	吴志红, 赵建宁, 朱元, 陆科. 国密算法和国际密码算法在车载单片机上应用的对比研究[J]. 信息网络安全, 2019, 19(8): 68-75.
[3]	胡卫, 吴邱涵, 刘胜利, 付伟. 基于国密算法和区块链的移动端安全eID及认证协议设计[J]. 信息网络安全, 2018, 18(7): 7-9.
[4]	陈颖, 陈长松, 胡红钢. SM4硬件电路的功耗分析研究[J]. 信息网络安全, 2018, 18(5): 52-58.
[5]	李兆斌, 刘丹丹, 黄鑫, 曹浩. 基于国密算法的安全接入设备设计与实现[J]. 信息网络安全, 2016, 16(11): 19-27.
[6]	王敏, 饶金涛, 吴震, 杜之波. SM4密码算法的频域能量分析攻击[J]. 信息网络安全, 2015, 15(8): 14-19.