【作者】 于帆；

【导师】 陈永锋； 邵必林；

【作者基本信息】 西安建筑科技大学 ， 系统工程， 2004， 硕士

【摘要】 随着校园网建设的发展，对校园卡的安全性能要求也越来越高，但限于校园卡自身硬件的资源极为有限，用其实现安全控制面临着存储器容量和计算能力方面的限制。目前市场上的大多数智能卡只是有128到1024字节的RAM，1K到16K字节的EEPROM，6K到16K字节的ROM，CPU通常为8比特，典型的时钟频率为3.57MHz。由此可见任何存储或者是处理能力的增加都意味着智能卡成本的大幅度提高。而椭圆曲线密码体制的突出优点是方便生成公钥、私钥对；节省内存空间；节省带宽；节省处理时间。鉴于此，本论文提出将椭圆曲线密码体制应用于校园卡的安全系统，有着十分明显的经济效益和实用价值。 本论文主要立足于椭圆曲线密码技术实现的运算层，来实现密码层的多种加密算法，包括DH协议、ELGamal加密体制、ELGamal签名和将DSA等内容应用到椭圆曲线密码体制上。运算层是椭圆曲线密码体制实现的最基础、最核心的部分，包括如何来计算椭圆曲线的阶为大素数或含有一个大的素因子，以保证所选取的椭圆曲线为安全椭圆曲线，本文根据IEEE P1363协议的SEA算法实现了安全椭圆曲线的选取；另外如何实现标量乘的快速运算，将会影响整个密码系统的实现效率，本文根据不同情况对椭圆曲线的标量乘法分别采用了带符号的二进制法和滑动窗口法进行快速运算。在密码层上实现了基于大素数域GF（p）(p=2¹⁹²-2⁶⁴-1)的密钥交换、ELGamal加密和椭圆曲线数字签名。综上所述，本论文所作的主要工作有：（1）对目前应用较广的公钥密码体制RSA和ECC算法及加解密实现进行比较。（2）针对目前已有的椭圆曲线攻击算法，使用SEA算法实现了安全椭圆曲线的选取，实现了基于大素数域上的椭圆曲线的ELGamal加解密和数字签名。（3）讨论了椭圆曲线在智能卡上的应用，并提出了两种基于ECC的身份认证方案。更多还原

【Abstract】 With the development of campus network construction, higher security of campus card is required, but hardware resources of campus card itself are so limited that mernory capacity and processing capability is unable to achieve security system. At present, most of the smart cards on market have 128-1024 bites RAM, 1k~16k bites EEPROM, 6k~16k bites ROM, 8 bit CPU usually and typically 3.57 Mhz clock frequency, from which we can see that any improvement on memory or processing capability means great increase of the cost of smart card. Thus, this article proposes to apply Elliptic Curve Encryption System in security system of campus card. Elliptic Curve Encryption System’s advantages are easy produce of public key and private key, saving memory capacity and net width and processing time. These advantages nicely supplement limitations of campus card, improve security of campus card and meanwhile reduce production cost, so this system has a bright future.This article mainly bases on the operation layer of elliptic curve encryption techniques to achieve various encryption algorithms including DH protocol, ELGamal encryption system, ELGamal signature and applying DSA in Elliptic Curve Encryption System. Operation layer is the basic core part in Elliptic Curve Encryption System including how to calculate elliptic curve’s stairs is a large prime or including a large prime gene to ensure elliptic curve to be safe elliptic curve; in this article safe elliptic curve is chosen by P1363 SAE algorithm. Besides, how to achieve fast point multiplication will influence the performance efficiency of the whole encryption system; in this article, for different situations, signed binary method and rolling window method are respectively applied to perform quick operation of elliptic curve’s point multiplication. On encryption layer,exchange of private keys based on prime field GF(p)(p=2192-264-1), ELGamal encryption and elliptic curve digital signature are performed. The main task of this article contains: (l)compares algorithm and encryption and decryption between the widely-used public key encryption system RSA and ECC; (2) directing against present elliptic curve attack algorithm, uses SEA algorithm to perform choosing of safe elliptic curve and to achieve based on prime field elliptic curve’s ELGamal encryption and decryption and digital signature; (3) discusses elliptic curve’s application on smart card and proposes two identification plans based on EEC.更多还原