JP3870937B2 - Arithmetic processing device and arithmetic processing method - Google Patents

Description

  The present invention relates to a method for speeding up operations. In particular, data from an efficient register is stored in a calculation process in which calculation parameters and intermediate values are stored in a register, the stored value of the register is acquired in the calculation process, and the next step of the calculation process is executed based on the acquired value. The present invention relates to an arithmetic processing device and an arithmetic processing method that realize high-speed arithmetic by enabling acquisition.

  For example, in an arithmetic process such as an encryption process, a process of repeatedly executing an arithmetic process based on a certain sequence using a parameter or the intermediate value acquired in the previous step is often performed. When executing such arithmetic processing, a register for storing parameters and intermediate values is used. The parameters and intermediate values are stored in the registers as appropriate, and the arithmetic process proceeds by acquiring the register stored values as necessary. To do.

  For example, Ellipitic Curve Cryptography (ECC) is known as a public key cryptosystem, and a register for storing parameters and intermediate values is used for this cryptographic processing calculation. The elliptic curve cryptography is said to have a 160-bit key and a strength equivalent to that of the RSA 1024-bit key.

In general, elliptic curve cryptography is based on an elliptic curve y ² = x ³ + ax + b (4a ³ + 27b ² ≠ 0) on a prime field or an elliptic curve y ² + xy = x ³ + ax ² on an extension field of ^2. + B (b ≠ 0) or the like is used. A set obtained by adding an infinite point (O) to points on these curves forms a finite group with respect to addition, and the infinite point (O) is the unit element. Hereinafter, the addition of points on the finite group is represented by +. The addition P + Q of two different points P and Q on the finite group is called “point addition”, and the addition P + P = 2P of the points P and P is called “point doubling”. Further, an operation for obtaining a point P + P +... + P = kP obtained by adding the point P k times is referred to as “scalar multiplication of points”.

  It is known that scalar multiplication of points can be constructed using point addition and point doubling. Point addition, point doubling, and point doubling in the affine coordinate system (x, y) and projective coordinates (X, Y, Z) on the elliptic curve on the prime field and the elliptic curve on the two extension field The scalar multiplication method is described in IEEE P1363 / D13 Standard Specifications for Public Key Cryptography.

Further, the scalar multiplication of points is performed at high speed using the Montgomery-type elliptic curve By ² = x ³ + Ax ² + x ((A ² −4) B ≠ 0) on the prime field introduced for performing the prime factorization. A method (P. Montgomery “Speeding the Pollard and Elliptic Curve Method of Factorization”, Mathematics of Computation, Vol. 48, No. 177, pp. 243-264 (1987)) has been proposed. Hereinafter, this method is referred to as the Montgomery method on an elliptic curve on a prime field.

According to this method, if an addition point of two different points: P ₀ (x ₀ , y ₀ ), P ₁ (x ₁ , y ₁ ) is set to a point P ₂ = P ₁ + P _{0 in} the affine coordinate system, P _{If 3} (x ₃ , y ₃ ) = P ₁ (x ₁ , y ₁ ) −P ₀ (x ₀ , y ₀ ) is known,
x ₂ = (x ₀ x ₁ −1) ² / (x ₃ (x ₀ −x ₁ ) ² )
It makes it possible to calculate the _{x 2.}

If the doubling point of the point P ₀ (x ₀ , y ₀ ) is the point P ₂ (x ₂ , y ₂ ) = 2P ₀ ,
x ₂ = (x ₀ ² −1) ² / (4x ₀ (x ₀ ² + Ax ₀ +1))
It makes it possible to calculate the _{x 2.} Thus, the point addition method and the point doubling method can be configured without using the y coordinate.

  When performing arithmetic processing accompanying encryption or decryption based on the above-described elliptic curve cryptography (ECC), processing for repeatedly executing arithmetic processing based on a sequence using parameters and intermediate values acquired in the previous step is performed. Much done. The register is composed of a plurality of registers as a plurality of data storage areas for storing a plurality of values.

  In an arithmetic process that repeatedly executes data storage and data reading from the register, data is not stored at the planned position if the data scheduled to be read from the register is not stored at the planned position in the next calculation cycle. It is necessary to perform copy processing. As a result, there is a problem in that the processing time associated with the copy process increases, causing a delay in the calculation process and reducing the calculation efficiency.

  The present invention has been made in view of the above problems, and in the arithmetic processing for repeatedly executing data storage to the register and data reading from the register, the parameter and intermediate value storage areas are not predetermined specific registers. However, the present invention provides an arithmetic processing device and an arithmetic processing method that enable efficient data acquisition from a register by performing address control and realize high-speed arithmetic processing.

The first aspect of the present invention is:
A memory unit having a memory block having a plurality of registers as a data storage area, an arithmetic unit that inputs data read from the register based on a designated address of the register, and executes arithmetic processing based on the input data; An arithmetic processing unit having a control unit that performs data input / output control on the unit,
An address control unit that inputs a register designation address from the control unit and executes input address conversion processing,
The address control unit inputs a predetermined register address from the control unit, and a data storage register storing data to be output to the arithmetic unit is stored in the same memory block as the specific register. In the case of different registers, the arithmetic processing has a configuration in which an input address from the control unit is converted into a designated address of the data storage register, and the converted address is output as a read address for the memory block. In the device.

  Furthermore, in one embodiment of the arithmetic processing unit of the present invention, the address control unit includes a latch that stores an address of the data storage register, and an input address from the control unit matches a predetermined register address. Based on the detection information of the coincidence detecting unit and the coincidence detecting unit, the input address from the control unit or the address of the data storage register stored in the latch is selected based on the detection information of the coincidence detecting unit. Switch means for outputting as a read address for the memory block.

  Furthermore, in one embodiment of the arithmetic processing unit of the present invention, the address control unit further includes a data storage register in which data to be output is stored in the arithmetic unit and a different register in the same memory block as the specific register A configuration that includes an information storage unit that stores information that validates the address translation operation only when the address translation operation is stored, and that performs address translation processing only when information that validates the address translation operation is stored in the information storage unit It is characterized by being.

  Furthermore, in one embodiment of the arithmetic processing apparatus of the present invention, the arithmetic unit includes a multiplier and an adder that execute Montgomery arithmetic in cryptographic processing arithmetic, and the memory unit includes two memories in a plurality of memory blocks. The specific register of the block is set as a storage area for parameters or intermediate values to be applied to the Montgomery calculation scheduled to be input to the calculation unit in the next calculation cycle, and the address control unit performs the Montgomery calculation from the control unit. A memory block in which the address of the specific register set as the storage area for the parameter to be applied or the intermediate value is input, and the data storage register storing the data to be output in the arithmetic unit is the same as the specific register The input address from the control unit It is converted to the specified address of the data storage registers, characterized by having a configuration for outputting the translated address as a read address for the memory block.

Furthermore, in one embodiment of the arithmetic processing device of the present invention, the arithmetic processing device is an arithmetic processing device that executes the following monpro operation:
MonPro (a ^* , b ^* )
t = a ^* × b ^*
for i = 0 to dl-1
m = t ₀ × P ₀ 'mod r
t = (t + m × P) / r
next i
if t ≧ P then return t−P
else return t
The specific registers of the two memory blocks in the plurality of memory blocks are configured to be stored as registers for storing parameters a ^* or b ^* in the monpro operation.

Furthermore, the second aspect of the present invention provides
An arithmetic processing method,
An address generation step of generating a specified address of the register in the control unit that executes data input / output control for the arithmetic unit;
In the case where the address of the specific register determined in advance from the control unit and the data storage register storing the data to be output to the arithmetic unit are different registers in the same memory block as the specific register, An address control step of converting an input address from the control unit into a designated address of the data storage register and outputting the converted address as a read address for the memory block;
A data read step for reading data from a register of a memory block based on the address controlled in the address control step and outputting the data to the arithmetic unit;
There is an arithmetic processing method characterized by comprising:

  Furthermore, in an embodiment of the arithmetic processing method of the present invention, the address control step further includes a coincidence detecting step for detecting whether or not an input address from the control unit coincides with a predetermined specific register address. Based on the detection information in the coincidence detection step, either an input address from the control unit or an address of the data storage register stored in advance in the latch is selected and output as a read address for the memory block And an output switching step.

  Furthermore, in one embodiment of the arithmetic processing method of the present invention, the address is stored only when a data storage register storing data to be output in the arithmetic unit is a different register in the same memory block as the specific register. An address conversion process is performed in the control step.

  Furthermore, in one embodiment of the arithmetic processing method of the present invention, the address control step inputs a parameter to be applied to Montgomery arithmetic or an address of a specific register set as an intermediate value storage scheduled area from the control unit, and When the data storage register storing the data to be output in the arithmetic unit is a different register in the same memory block as the specific register, the input address from the control unit is set as the designated address of the data storage register. The converted address is output as a read address for the memory block.

Furthermore, in one embodiment of the calculation processing method of the present invention, the calculation processing method includes the calculation step of executing the following monpro calculation:
MonPro (a ^* , b ^* )
t = a ^* × b ^*
for i = 0 to dl-1
m = t ₀ × P ₀ 'mod r
t = (t + m × P) / r
next i
if t ≧ P then return t−P
else return t
In the address control step, an address of a specific register set as a storage area for the parameter a ^* or b ^* in the monpro calculation is input from the control unit, and data to be output is stored in the calculation unit. When the data storage register is a different register of the same memory block as the specific register, the input address from the control unit is converted into a specified address of the data storage register, and the converted address is read out from the memory block It is output as an address.

  According to the configuration of the present invention, a memory unit having a memory block having a plurality of registers as data storage areas, and data read from the register based on a designated address of the register are input, and arithmetic processing based on the input data is performed. In an arithmetic processing unit having a calculation unit to be executed and a control unit for executing data input / output control on the calculation unit, a data storage register storing data to be output in the calculation unit is the same as a predetermined specific register In the case of different registers in the memory block, the address control process is executed to convert the input address from the control unit to the designated address of the data storage register and output the converted address as a read address for the memory block. , Reduce the data copy process for a specific register It is possible to perform the chromatography data reading and processing, faster operation is realized.

Furthermore, according to the configuration of the present invention, in the execution of the Monpro operation: MonPro (a ^* , b ^* ) in the Mongolian operation, a register different from the specific register set as the storage area for the parameter a ^* or b ^* in the Monpro operation When the data corresponding to the parameter a ^* or b ^{* to} be output is stored, the input address from the control unit is converted to the designated address of the data storage register of the parameter a ^* or b ^* to be output, Since the conversion address is output as a read address for the memory block, it is possible to reduce the data copy processing of the monpro operation that is repeatedly executed a plurality of times in the cryptographic processing operation, and the speed of the cryptographic processing operation is realized. The

  Hereinafter, the arithmetic processing device and the arithmetic processing method of the present invention will be described in detail.

  According to the present invention, in the arithmetic processing in which data storage to the register and data reading from the register are repeatedly executed, even when the parameter and intermediate value storage area is not a predetermined specific register, the address control is performed to perform the address control. The present invention provides an arithmetic processing device and an arithmetic processing method that enable efficient data acquisition and realize high-speed arithmetic processing.

  Hereinafter, as a specific example of the arithmetic processing using the register, an example in which arithmetic processing of elliptic curve cryptography (Elliptic Curve Cryptography) in the public key cryptosystem is executed will be described.

The encryption methods are roughly classified into a common key encryption method in which the message sender and receiver use the same key, and a public key encryption method in which the message sender and receiver use different keys. Both encryption methods have the following characteristics.
Common key cryptography: encryption and decryption are performed at high speed.
Public key cryptography: Computation is complicated and key length is long, so decryption is very difficult (discrete logarithm problem).

  Currently, taking advantage of both methods, content encryption is often performed using a common key method and a public key encryption method is used for delivering the key. There are two typical public key cryptosystems: RSA cryptography that has been used for a long time in financial systems, and elliptic curve cryptography that can realize the same security strength as RSA cryptography with a shorter key length than RSA cryptography. Elliptic curve cryptography has a feature that the computation time is shorter than that of RSA cryptography because the key length is short. In recent years, elliptic curve cryptography has attracted attention as an encryption method used for key exchange and authentication on platforms not connected to financial systems.

For example, in the key exchange on the elliptic curve, when the prime number is “P”, the elliptic curve E: y ² = x ³ + ax + b (mod P)
With the point “G” on E and E defined, caller A and receiver B generate appropriate numbers “r” and “s”. A: Calculate rG and set its coordinates to B Send to.
Mr. B: Calculate sG and send the coordinates to Mr. A.
After receiving each other's coordinates,
Mr. A: Calculate r (sG) = rsG.
Mr. B: Calculate s (rG) = srG.
By calculating, Mr. A and Mr. B obtain a common key “rsG”. Even if a malicious third party obtains the transmission data “rG” and “sG”, it is virtually impossible to obtain “rsG” therefrom.

The following two are defined as arithmetic expressions on the ellipse.
Double calculation: (x ₂ , y ₂ ) = 2 (x ₁ , y ₁ )
x ₂ = α ² -2x ₁
y ₂ = −y ₁ + α (x ₁ −x ₂ )
Where α = (3 × ₁ ² + a) / 2y ₁
Addition: (x ₃ , y ₃ ) = (x ₂ , y ₂ ) + (x ₁ , y ₁ )
x ₃ = α ² −x ₁ −x ₂
y ₂ = −y ₁ + α (x ₁ −x ₃ )
Where α = (y ₂ −y ₁ ) / (x ₂ −x ₁ )

If these two operations are used, scalar multiplication of points on the ellipse can be performed. For example, when the remainder number is L [bit], W = sG (s = Σ _{i = 0} ^L−1 s _i · 2 ⁱ )
The calculation of
W = G
for i = L-1 to 0
W: = 2 × W
if s _i = 1 then W: = W + G
next i
It becomes.

For example, the calculation of 200G is
200G = 2 {2 {2 {2 {2 {2 {2G + G}}} + G}}}
Calculated by

  However, in actual calculations, reciprocal calculation is required for each doubling and addition, and Euclid algorithm or power-residue calculation is used for this, but this calculation requires many calculation cycles. For this reason, usually, a technique is adopted in which expansion is performed on three-dimensional Jacobian coordinates, scalar multiplication is performed, and finally, two-dimensional Affin coordinates are restored. Expansion from Affin coordinates (x, y) to Jacobiian coordinates (X, Y, Z) is performed by the following relational expression.

x = X / Z ² (Equation 1)
y = Y / Z ³ (Equation 2)
Here, if Z = 1,
(X, Y, Z) = (x, y, 1)
Thus, expansion to the Jacobian coordinates can be performed.

  Expressions for doubling and adding on the Jacobian coordinates are as shown below.

Double multiplication: (X ₂ , Y ₂ , Z ₂ ) = 2 (X ₁ , Y ₁ , Z ₁ )
X ₂ = M ² −2U (modP) (3)
Y ₂ = −8 Y ⁴ + M (U−X ₂ ) (modP) (Equation 4)
Z ₂ = 2Y ₁ Z ₁ (modP) (Equation 5)
However, M = 3X ₁ ² + aZ ₁ ⁴ , U = 4X ₁ Y ₁ ²

Addition: (X ₃ , Y ₃ , Z ₃ ) = (X ₂ , Y ₂ , Z ₂ ) + (X ₁ , Y ₁ , Z ₁ )
X ₃ = R ² −TW ² (modP) (Equation 6)
Y ₃ = {R (TW ² −2X ₃ ) −SW ³ } / 2 (modP) (Equation 7)
Z ₃ = Z ₁ Z ₂ W (modP) (Equation 8)
However, R = Y ₂ Z ₁ ³ −Y ₁ Z ₂ ³ , S = Y ₂ Z ₁ ³ + Y ₁ Z ₂ ³
W = X ₂ Z ₁ ² −X ₁ Z ₂ ² , T = X ₂ Z ₁ ² + X ₁ Z ₂ ²
Can be defined.

  Using this, scalar multiplication is performed, and finally, inverse conversion to Affin coordinates is performed based on (Equation 1) and (Equation 2). At this time, it is necessary to obtain the reciprocal of Z, but this may be performed once by the scalar multiplication, and the number of cycles required for the calculation is significantly smaller than the case of performing the scalar multiplication on the Affin coordinates. I'm sorry.

  In the operations of (Equation 3) to (Equation 8) described above, the remainder calculation using the prime “P” applies the Barret method or the Montgomery method to reduce the number of operation cycles and reduce the calculation time. Reductions can be made.

In a modular multiplication operation using the Montgoemry method, for example,
When calculating c = a × b mod P, define a value “R” (usually a power of 2) greater than P;
R · R ⁻¹ −P · P ′ = 1 (Equation 9)
A value “P ′” that satisfies the above is obtained.

At this time, the modular multiplication operation is
a ^* = a × R mod P (Formula 10)
b ^* = b × R mod P (Formula 11)
c ^* = MonPro (a ^* , b ^* ) (formula 12)
c = MonPro (c ^* , 1) (Equation 13)
As done.

When it is applied to "scalar multiplication of points on an elliptic curve" etc.
W = sG (s = Σ _{i = 0} ^L−1 s _i · 2 ⁱ )
When calculating
Xg ^* = xg · r mod P
Yg ^* = yg · r mod P
Zg ^* = 1 ・ r mod P
W ^* = (Xw ^* , Yw ^* , Zw ^* ) = G ^* = (Xg ^* , Yg ^* , Zg ^* )
for i = L-1 to 0
W ^* : = 2 × W ^*
if s _i = 1 then W ^* : = W ^* + G ^*
next i
Xw = MonPro (Xw ^* , 1)
Yw = MonPro (Yw ^* , 1)
Zw = MonPro (Zw ^* , 1)
xw = Xw / Zw ² mod P
yw = Yw / Zw ³ mod P
In this way, parameter conversion is performed before and after the loop that accounts for the majority of the number of operation cycles, and the number of operation cycles can be significantly reduced by executing Montgomery operation with the parameter converted value in the loop. .

The MonPro function used in this calculation is defined as follows:
MonPro (a ^* , b ^* ) (Formula 14)
t = a ^* × b ^*
m = t × P ′ mod R
u = (t + m × P) / R
if u ≧ P then return u−P
else return u

Or, when the data width of the multiplier is r [bit] and the data width is dl [word: = rbit],
MonPro (a ^* , b ^* ) (Formula 15)
t = a ^* × b ^*
for i = 0 to dl-1
m = t ₀ × P ₀ 'mod r
t = (t + m × P) / r
next i
if t ≧ P then return t−P
else return t
Defined by

In the above (Formula 15), t ₀ and P ′ ₀ indicate the values of the 0th word of t and P ′. This calculation includes a method realized by a calculation program defined by software and a method realized by hardware. It is desirable that mounting on a portable device without CPU power or mounting on a device requiring high security is realized by hardware.

FIG. 1 shows an example of the hardware configuration of an arithmetic processing apparatus according to the present invention that executes the operation of the MontPro function (MonPro) (MonPro (a ^* , b ^* )) in the Montgomery operation expressed by the above (Formula 15). .

  The arithmetic processing unit includes a memory unit 110 and a calculation unit 150. Data input to the calculation unit is stored in one of the register groups of the memory unit 110, and data is transferred from the register in accordance with an address signal from a control unit (not shown). Is obtained and input to the arithmetic unit 150 via the memory bus switch circuit 130 and the bus, and the arithmetic unit 150 performs an operation, and the result is stored in the memory unit 110 via the bus and the memory bus switch circuit 130. Stored in a register.

  The arithmetic processing unit of the present invention further includes an address control circuit 200, which converts address data from a control circuit (not shown) and outputs it to each memory block.

In the Montgomery operation described above, a plurality of MonPro (a ^* , b ^* ) operations are repeatedly executed, and data acquisition from the register and data for the register are performed for each MonPro (a ^* , b ^* ) operation. Storage processing is executed.

  The arithmetic unit 150 includes a multiplier 152 and adders 154 and 157, latches 151, 153, 155, 156, and 158 for storing operation parameters and intermediate results, and a control circuit (not shown) that controls these.

  The memory unit 110 includes four memory blocks having registers as six unit data storage areas: memories 0 and 120, memories 1 and 121, memories 2 and 122, and memories 3 and 123. Each memory block includes a row decoder and a column decoder. The row decoder selects a designated register based on an input address, and data in a predetermined word unit is connected from the designated register via the column register by a memory bus switch circuit. Output to the bus or input data from the bus. For example, the address is composed of addresses A0 to A5, the register selection is executed using addresses A3 to A5 inputted to the row decoder from the control unit (not shown), and the word selection of the multiple length data is performed by the control unit (not shown). Is performed using addresses A0 to A2 input to the column decoder.

  In a multiple-length multiplication operation, it is necessary to set a multiplier and a multiplicand in a multiplier and to extract a multiplication result. Therefore, at least three memory blocks are required. Similarly, three memory blocks are required for the multiple length addition operation. For example, when performing calculations using four memory blocks, the necessary data capacity is set based on the largest number of data including intermediate values held in the calculation flow. FIG. 1 shows a configuration in the case where the number of data with the largest number of calculations on an elliptic curve is 24.

With this configuration, for example, the stored value of the register 9 (reg. 9) of the memory 1, 121 and the stored value of the register 15 (reg. 15) of the memory 3, 123 are output to the arithmetic unit 150, and multiplication processing is performed. When the result is divided and stored in the register 4 (reg. 4) and the register 8 (reg. 8) of the memories 0 and 120, that is,
(Reg.9) x (reg.15) = (reg.8, reg.4)
An example of processing in the case of executing the multiple length multiplication will be described.

  First, a processing example when the address control circuit 200 which is a feature of the present invention is not provided will be described, and then a processing example when address control by the address control circuit 200 is executed will be described.

(Reg.9) x (reg.15) = (reg.8, reg.4)
When executing a multiple length multiplication of the memory, the memory bus switch circuit 130 is controlled based on a control signal from a control unit (not shown) to connect the memory 1 and the bus 0, the memory 3 and the bus 1, and the memory 0 and the bus 3 To do.

  Next, according to the multiple-length multiplication flow, in the control unit (not shown), the stored value of the register 9 (reg. 9) in the memory 1, 121 and the stored value of the register 15 (reg. 15) in the memory 3, 123 Are generated and stored in the latch 151 in the preceding stage of the multiplier 152 of the arithmetic unit 150 via the memory bus switch circuit 130 and each bus, and the multiplication process is started.

  Note that in the arithmetic unit 150, the stored value of the register 9 (reg. 9) and the stored value of the register 15 (reg. 15) are set as inputs of the multiplier, and the result of the multiplication process is the result of the bus 3 and the memory. The multiplication result is stored in the registers (reg. 8, reg. 4) which are input to the memories 0 and 120 via the bus switch circuit 130 and specified according to the address (address 0) from the address control circuit.

The calculation on the Jacobian coordinates requires a plurality of Montgomery calculations. As a technique for realizing this operation, the circuit scale is reduced by adopting a configuration in which a Montgomery operation used many times is converted into a function and called as necessary. However, operation parameters i.e., Montgomery (Montgomery) parameters Monpuro functions that perform the calculation ^{(MonPro (a *, b *} ) of, a ^*, b ^*) register positions that set will be fixed.

For example, register 0 (reg. 0) to register 7 (reg. 7) of the memory unit 110 are converted to the parameters of the Montpromer function in the Montgomery operation: c ^* = MonPro (a ^* , b ^* ) and intermediate results Set the location to store the value.

As a specific example, the storage locations of the parameters “a ^* ” and “b ^* ” are fixed to the register 5 (reg. 5) and the register 6 (reg. 6), and the storage location of the operation result c ^* is the same register 5 (reg. .5) and register 6 (reg. 6) are assumed.

A monpro function to which the parameters “a ^* ” and “b ^* ” are applied by fixing the storage locations of the parameters “a ^* ” and “b ^* ” in the register 5 (reg. 5) and the register 6 (reg. 6). When c ^* = MonPro (a ^* , b ^* ) is executed in the arithmetic unit 150, it is possible to always perform data extraction by applying a fixed address.

Since the calculation result in the previous operation cycle is stored in any one of the 24 registers of the memory 0, 120 to the memory 3, 123, the stored value is set to the parameters “a ^* ” and “b ^* ” ^. A process of copying to the register 5 (reg. 5) and the register 6 (reg. 6) set as the storage location of “is required.

For example, as shown in FIG. 2, when two pieces of data used for the calculation are in the register 12 (reg. 12) of the memory 0 and the register 19 (reg. 19) of the memory 3, these two pieces of data are set to the parameter “ A process of copying to the register 5 (reg. 5) and the register 6 (reg. 6) set as the storage locations of “a ^* ” and “b ^* ” is required.

  As shown in FIG. 2, when data required for copy processing is stored in different memory blocks, data copy processing from the register 12 (reg. 12) of the memory 0 to the register 5 (reg. 5) of the memory 1; Since the data copy process from the register 19 (reg. 19) of the memory 3 to the register 6 (reg. 6) of the memory 2 can be executed in parallel, the copy is performed in the number of cycles corresponding to the number of words of the data. finish.

  In each memory block, data read processing and write processing can be performed in one cycle, that is, one word data reading or one word data writing processing can be executed. Data read or write processing in different memory blocks can be performed in parallel.

Therefore, for example, as shown in FIG. 3, at least one of the data used in the next calculation cycle is a copy destination, that is, a register 5 (reg) set as a storage location of the parameters “a ^* ” and “b ^* ”. .5) and register 6 (reg. 6) are in the same memory block, a long processing cycle is required for data copy processing.

  In FIG. 3, the memory 2 includes a register 6 (reg. 6) as a copy destination and a register 14 (reg. 14) in which copy source data is stored.

  In this case, since data reading and data writing in the memory 2 cannot be executed in parallel in the same processing cycle, the data reading processing and data writing processing must be executed sequentially. For example, after the data copy process from the register 14 (reg. 14) to the register 5 (reg. 5) accompanied by the data reading process from the register 14 (reg. 14) is completed, the register 19 (reg. 19) to the register 6 It is necessary to execute the data copy process to (reg. 6), which requires twice as many cycles as in the case of the data storage mode shown in FIG.

Further, as shown in FIG. 4, both of the data used in the next calculation cycle are the copy destination, that is, the register 5 (reg. 5) set as the storage location of the parameters “a ^* ” and “b ^* ”. Even in the same memory block as the register 6 (reg. 6), similarly, a long processing cycle is required for the data copy processing.

  4, the memory 2 includes a register 6 (reg. 6) that is a copy destination and a register 14 (reg. 14) that stores copy source data. The memory 1 includes a register 5 (reg. 5) that is a copy destination. reg.5) and a register 17 (reg.17) storing copy source data.

  In this case, data reading and data writing in the memory 2 cannot be executed in parallel in the same processing cycle, and data reading and data writing in the memory 1 cannot be executed in parallel in the same processing cycle. Therefore, the plurality of data reading processes and data writing processes must be executed sequentially.

  For example, after the data copy process from the register 14 (reg. 14) to the register 5 (reg. 5) accompanied by the data read process from the register 14 (reg. 14) is completed, the register 17 (reg. 17) to the register 6 It is necessary to execute the data copy process to (reg. 6), which requires twice as many cycles as in the case of the data storage mode shown in FIG.

  In the coordinate scalar multiplication, the coordinate doubling and addition operations are repeated for the number of times of the bit width of the remainder number “P” (for example, 160 times when the remainder number “P” is 160 [bit]). Therefore, the influence of an increase in the number of operation cycles due to an increase in the number of copy processes becomes great.

  In the present invention, address conversion is performed by the address control circuit 200 in order to eliminate an increase in operation cycle and operation delay due to copy processing based on these data storage areas. By following the configuration of the present invention, the number of operation cycles can be reduced and high-speed operation can be performed.

  In the present invention, an address control circuit 200 is provided that converts an address generated in a control unit (not shown) that executes control of the arithmetic unit 150 and output to the memory block. The internal configuration of the address control circuit 200 will be described with reference to FIGS.

As shown in FIG. 5, the address control circuit 200 includes a register 5 (reg. 5) and a register 6 (reg. 6) set as storage locations of the parameters “a ^* ” and “b ^* ” in the four memory blocks. ), That is, the memory 1, 121 and the two address conversion units 210, 220 for converting the addresses to be output to the memories 2, 122 as necessary.

  Each of the address conversion units 210 and 220 includes address setting latch circuits 211 and 221, coincidence detection circuits 212 and 222, and address switching circuits 213 and 223, respectively. A specific circuit configuration example of one address conversion circuit is shown in FIG.

  As described above, the address is composed of the addresses A5 to A0, and the addresses A5c to A3c are input from the control unit (not shown) to each address conversion unit of the address control circuit, converted as necessary, and converted addresses A5m to A3m. Is input to the row decoder and applied as a register selection address. In addition, word selection of multiple-length data is performed using addresses A0 to A2 input to a column decoder from a control unit (not shown).

Also in the calculation of elliptic curve cryptography, the Montpro function in the Montgomery operation: c ^* = MonPro (a ^* , b ^* ) is repeatedly executed. The storage locations of the parameters “a ^* ” and “b ^* ” are set in the memory 1 121, the register 5 (reg. 5) and the register 6 (reg. 6) of the memory 2 122, and the parameter “a ^* ”. Each time an arithmetic cycle to which “b ^* ” and “b ^* ” are applied, read addresses of the parameters “a ^* ” and “b ^* ”, that is, A3c to A5c = 001 are input from the control unit to the address control circuit 200.

The address control circuit 200 converts the read addresses of the parameters “a ^* ” and “b ^* ” input from the control unit, that is, A5c to A3c = 001, as necessary. Output to 122 row decoder. Specifically, the parameter “a ^* ” or “b ^* ” is the storage register (address (A5, A4, A3) of the parameters “a ^* ” and “b ^* ” in the memories 1 and 121 and the memories 2 and 122. = (001)), the read addresses of the parameters “a ^* ” and “b ^* ” input from the control unit, that is, A5c to A3c = 001 are actually The register in which the parameter “a ^* ” or “b ^* ” is stored is converted into an address for designating and output to the memory 1 121 and the row decoder of the memory 2 122.

A5_L314 to A3_L312 of the latch 211 are calculated by the calculation unit 150 in the previous calculation cycle, and the parameter “a ^* ” or “b ^* ” applied in the next calculation cycle is stored in the memory 1, 121 or the memory 2, 122. This is a latch that sets the register address when it is stored.

  The USE 311 is a latch for setting whether or not to make this circuit block function. When the function is made to function, “1” is set, and when it is not set, “0” is set.

There are the following three modes of operation of the address translation unit.
(A) When “0” is held in the USE 311 of the latch 211 (b) “1” is held in the USE 311 of the latch 211 and the address signals (A5c, A4c, A3c) from the control unit (controller) are When the parameter “a ^* ” or “b ^* ” is different from the designated address (001) of the register 5 (reg. 5) or the register 6 (reg. 6) that is the storage location of the parameter “a ^* ” or “b ^* ”. And the address signal (A5c, A4c, A3c) from the control unit (controller) is stored in the register 5 (reg. 5) or the register 6 (reg. 5) where the parameter “a ^* ” or “b ^* ” is stored. When the specified address (001) is 6)

Hereinafter, the operation of the address translation unit in these three cases will be described.
(A) When “0” is held in USE 311 of latch 211 When “0” is held in USE 311 of latch 211, signal “1” inverted by inverting circuit 334 is input to OR circuit 335. , The output of the OR circuit 335 is 1, the switch elements 341, 342, and 343 of the switch circuit 213 are turned on, and the switch circuit 213 receives the address signals A5c to A3c input from the control unit (controller) as they are, without changing the parameter “a ^{* The} memory designations A5m to A3m for the memories 1 and 121 and the memories 2 and 122, which are memory blocks having the register 5 (reg. 5) and the register 6 (reg. 6) as storage locations of “b” and “b ^* ” Is output to the row decoder of each memory block. In this case, a register designated by the control unit (controller) is designated.

  When the output of the OR circuit 335 is 1, the switch circuit 213 turns on the switch elements 343, 342, and 341, and designates the address (A5c, A4c, A3c) from the control unit (controller) as a register for the memory. When the output from the OR circuit 335 is 0, the switch elements 346, 345, and 344 are turned ON, and the storage addresses of the A3_L312 to A5_L314 of the latch 211 are the register specified addresses for the memory when output as addresses (A5m, A4m, A3m) Output as (A5m, A4m, A3m).

(B) “5” is held in the USE 311 of the latch 211, and the address signal (A5c, A4c, A3c) from the control unit (controller) is stored in the register 5 where the parameter “a ^* ” or “b ^* ” is stored. (Reg.5) or the specified address (001) of register 6 (reg.6)

When “1” is held in the USE 311 of the latch 211, the signal “0” inverted by the inverting circuit 334 is input to the OR circuit 335. The address signal (A5c, A4c, A3c) from the controller (controller) is designated by the register 5 (reg. 5) or register 6 (reg. 6) where the parameter “a ^* ” or “b ^* ” is stored. When the address is different from the address (001), that is, when (A5c, A4c, A3c) ≠ (0, 0, 1), at least one of the outputs of the EOR circuits 331, 332, 333 is “1”.

Note that one input of the EOR circuits 331, 332, and 333 has a designated address of the register 5 (reg. 5) or the register 6 (reg. 6) that is the storage location of the parameter “a ^* ” or “b ^* ” in advance. A setting corresponding to the value corresponding to (001) is made. The setting of the EOR input data setting units 321 to 323 is set to input a value corresponding to the address (001).

Therefore, the address signal (A5c, A4c, A3c) from the controller (controller) is stored in the register 5 (reg. 5) or the register 6 (reg. 6) where the parameter “a ^* ” or “b ^* ” is stored. In other words, when (A5c, A4c, A3c) ≠ (0, 0, 1), at least one of the outputs of the EOR circuits 331, 332, 333 is “1”. Become.

As a result, the output of the OR circuit 335 is “1”, that is, the output of the coincidence detection unit 212 is “1”, and the switch elements 343, 342, and 341 of the switch circuit 213 are switched as in the case of (a) described above. The switch circuit 213 is turned on, and the switch circuit 213 receives the address signals A5c to A3c input from the control unit (controller) as they are, the register 5 (reg. 5) and the register 6 which are the storage locations of the parameters “a ^* ” and “b ^* ”. (Reg. 6) are output to the row decoders of the memory blocks as the register designation addresses A5m to A3m for the memories 1 and 121 and the memories 2 and 122, respectively. In this case, a register designated by the control unit (controller) is designated.

(C) “5” is held in the USE 311 of the latch 211, and the address signal (A5c, A4c, A3c) from the control unit (controller) is stored in the register 5 where the parameter “a ^* ” or “b ^* ” is stored. (Reg. 5) or specified address (001) of register 6 (reg. 6)

When “1” is held in the USE 311 of the latch 211, the signal “0” inverted by the inverting circuit 334 is input to the OR circuit 335. The address signal (A5c, A4c, A3c) from the controller (controller) is designated by the register 5 (reg. 5) or register 6 (reg. 6) where the parameter “a ^* ” or “b ^* ” is stored. When the address matches the address (001), that is, when (A5c, A4c, A3c) = (0, 0, 1), the outputs of the EOR circuits 333, 332, and 331 are all “0”.

  As a result, the output of the OR circuit 335 is “0”, that is, the output of the coincidence detection unit 212 is “0”. Accordingly, the switch elements 346, 345, and 344 of the switch circuit 213 are turned ON, and the switch circuit 213 uses the storage addresses of the A5_L314 to A3_L312 of the latch 211 as register designation addresses (A5m, A4m, and A3m) for each memory block. Output to row decoder. In this case, data reading from the storage addresses of A5_L314 to A3_L312 of the latch 211 is executed.

  A specific address conversion process in the address control circuit 200 and a data read process using an address converted by the address conversion process will be described with reference to FIGS.

FIG. 7 shows a data storage state similar to that described above with reference to FIG. 3, that is, one of the data used in the next calculation cycle is stored in parameters “a ^* ” and “b ^* ”. This is a state in which the register 5 (reg. 5) and the register 6 (reg. 6) set as locations are stored in the same memory block register. One of the data used in the next operation cycle is stored in the register 14 (reg. 14) of the memory 2. The other data is stored in the register 19 (reg. 19) of the memory 3.

In FIG. 8, the same data storage state as described above with reference to FIG. 4, that is, two data used in the next operation cycle are set as storage locations of the parameters “a ^* ” and “b ^* ”. In this state, the data is stored in the registers of the same memory block as the registers 5 (reg. 5) and 6 (reg. 6). One of the data used in the next operation cycle is stored in the register 14 (reg. 14) of the memory 2, and the other data is stored in the register 17 (reg. 17) of the memory 1.

  According to the conventional method, in these two states, it is necessary to execute two data copy processes sequentially, which causes a processing delay and hinders high-speed arithmetic processing. In the process involving address conversion according to the present invention, it is possible to execute a data set by executing only a maximum of one data copy process and shift to the next operation cycle.

In arithmetic processing such as multiplication processing or addition processing, for example, the above-described Montgomery calculation, as understood from (Equation 14) and (Equation 15), “a ^* ” and “b ^* ” are the sets. Even if the positions, that is, the positions of the multiplied data and the multiplied data are switched, the result is not affected.

First, referring to FIG. 7, among the data used in the next operation cycle, one of the data is a register 5 (reg. 5) and a register in which parameters “a ^* ” and “b ^* ” are stored. 6 (reg. 6) will be described in the case where it is in the state stored in the register of the same memory block.

The processing sequence is as follows.
Step S101: The data in the register 19 (reg. 19) in the memory 3 is copied to the register 5 (reg. 5) in the memory 1.
Step S102: Data “0” indicating non-use is set in the USE of the latch 221 of the address conversion unit 220 (see FIG. 5) corresponding to the memory 1, and the USE of the latch 211 of the address conversion unit 210 corresponding to the memory 2 is set. Data “1” indicating use is set, and address data (0, 1, 1) corresponding to the register 14 (reg. 14) is set in (A5_L, A4_L, A3_L).

Step S103a: The output of the address coincidence detection unit 222 of the address conversion unit corresponding to the memory 1, that is, the output of the OR circuit 335 shown in FIG. 6 is 1, the switch elements 343, 342, and 341 of the switch circuit 213 are turned on. The circuit 213 uses the address signals A5c to A3c input from the control unit (controller) as they are, and the designated address of the register 5 (reg. 5), which is the storage location of the parameter “a ^* ”, becomes the register designated addresses A5m to A3m. The data is output to the row decoder of the memory 1, data is read from the register 5 (reg. 5), and is output to the arithmetic unit 150 via the memory bus switch circuit 130 and the bus.

  Step S103b: The output of the address coincidence detection unit 212 of the address conversion unit corresponding to the memory 2, that is, the output of the OR circuit 335 shown in FIG. 6, becomes 0, the switch elements 346, 345, and 344 of the switch circuit 213 are turned on. The circuit 213 outputs the storage addresses of A5_L314 to A3_L312 of the latch 211 to the memory 2 as register designation addresses (A5m, A4m, A3m) for the memory. In this case, data reading from the register 14 (reg. 14) is performed based on the storage addresses of the A5_L 314 to A3_L 312 of the latch 211, that is, the address data (0, 1, 1) corresponding to the register 14 (reg. 14). This is executed and output to the arithmetic unit 150 via the memory bus switch circuit 130 and the bus.

  As a result, the data of the register 5 (reg. 5) of the memory 1 and the data of the register 14 (reg. 14) of the memory 2 are input to the arithmetic unit 150, and an operation based on both data is executed.

  As understood from the above description, the data copy process is only one copy process in step S101. Therefore, the processing cycle is reduced and high-speed computation is possible compared to the processing without the address conversion described above with reference to FIG. 3, that is, the case where the two copy processing needs to be executed sequentially. It becomes.

Next, referring to FIG. 8, two data of data used in the next operation cycle are registered in the registers 5 (reg. 5) and 6 where the parameters “a ^* ” and “b ^* ” are stored. The processing sequence in the case where it is stored in the register of the same memory block as (reg. 6) will be described.

The processing sequence is as follows.
Step S201: Data “1” indicating use is set to USE of the latch 221 of the address conversion unit 220 corresponding to the memory 1, and (A5_L, A4_L, A3_L) is set to address data corresponding to the register 17 (reg. 17). Set (1, 0, 0). Further, data “1” indicating use is set in USE of the latch 211 of the address conversion unit 210 corresponding to the memory 2, and the address data corresponding to the register 14 (reg. 14) is set in (A5_L, A4_L, A3_L). 0,1,1) is set.

  Step S202a: The output of the address coincidence detection unit 222 of the address conversion unit corresponding to the memory 1, that is, the output of the OR circuit 335 shown in FIG. 6 is 0, the switch elements 346, 345, and 344 of the switch circuit 223 are turned on. The circuit 223 outputs the storage addresses of A5_L314 to A3_L312 of the latch 221 to the memory 1 as register designation addresses (A5m, A4m, A3m) for the memory. In this case, data reading from the register 17 (reg. 17) is performed based on the storage addresses of the latches 221 A5_L314 to A3_L312, that is, the address data (1, 0, 0) corresponding to the register 17 (reg. 17). This is executed and output to the arithmetic unit 150 via the memory bus switch circuit 130 and the bus.

  Step S202b: The output of the address match detection unit 212 of the address conversion unit corresponding to the memory 2, that is, the output of the OR circuit 335 shown in FIG. 6, becomes 0, the switch elements 346, 345, and 344 of the switch circuit 213 are turned on. The circuit 213 outputs the storage addresses of A5_L314 to A3_L312 of the latch 211 to the memory 2 as register designation addresses (A5m, A4m, A3m) for the memory. In this case, data reading from the register 14 (reg. 14) is performed based on the storage addresses of the A5_L 314 to A3_L 312 of the latch 211, that is, the address data (0, 1, 1) corresponding to the register 14 (reg. 14). This is executed and output to the arithmetic unit 150 via the memory bus switch circuit 130 and the bus.

  As a result, the data of the register 17 (reg. 17) of the memory 1 and the data of the register 14 (reg. 14) of the memory 2 are input to the arithmetic unit 150, and an operation based on both data is executed.

  As can be understood from the above description, the data copy process is not necessary. Therefore, the processing cycle is greatly reduced compared to the processing without the address conversion described above with reference to FIG. 4, that is, the case where the two copy processing needs to be executed sequentially, and the high-speed operation is reduced. Is possible.

Also, a description will be given of a process in which the result calculated in the calculation unit 150 is stored in the register as an intermediate value, the intermediate value is obtained again from the register, and output to the calculation unit 150 to perform the square calculation. For example, the square calculation process by the above-mentioned Montpro function is shown as the following process.
c ^* = MonPro (a ^* , b ^* )
c2 ^* = MonPro (c ^* , c ^* )
Here, when the data input to a ^* and b ^* is as shown in FIG. 8 (similar to FIG. 4), that is, the two data used in the next operation cycle are the parameters “a ^* ” and “b ^* ”. A case is assumed in which the data is stored in the register of the same memory block as the register 5 (reg. 5) and the register 6 (reg. 6) set as the storage location. That is, one of the data used in the next operation cycle is stored in the register 14 (reg. 14) of the memory 2, and the other data is stored in the register 17 (reg. 17) of the memory 1.

in this case,
Step S301: Data “1” indicating use is set to USE of the latch 221 of the address conversion unit 220 corresponding to the memory 1, and (A5_L, A4_L, A3_L) is set to address data corresponding to the register 17 (reg. 17). Set (1, 0, 0). Further, data “1” indicating use is set in USE of the latch 211 of the address conversion unit 210 corresponding to the memory 2, and the address data corresponding to the register 14 (reg. 14) is set in (A5_L, A4_L, A3_L). 0,1,1) is set.

  Step S302a: The output of the address match detection unit 222 of the address conversion unit corresponding to the memory 1, that is, the output of the OR circuit 335 shown in FIG. 6 is 0, the switch elements 346, 345, and 344 of the switch circuit 223 are turned on. The circuit 223 outputs the storage addresses of A5_L314 to A3_L312 of the latch 221 to the memory 1 as register designation addresses (A5m, A4m, A3m) for the memory. In this case, data reading from the register 17 (reg. 17) is performed based on the storage addresses of the latches 221 A5_L314 to A3_L312, that is, the address data (1, 0, 0) corresponding to the register 17 (reg. 17). This is executed and output to the arithmetic unit 150 via the memory bus switch circuit 130 and the bus.

  Step S302b: The output of the address coincidence detection unit 212 of the address conversion unit corresponding to the memory 2, that is, the output of the OR circuit 335 shown in FIG. 6, becomes 0, the switch elements 344, 345, and 346 of the switch circuit 213 are turned on. The circuit 213 outputs the storage addresses of A5_L314 to A3_L312 of the latch 211 to the memory 2 as register designation addresses (A5m, A4m, A3m) for the memory. In this case, data reading from the register 14 (reg. 14) is performed based on the storage addresses of the A5_L 314 to A3_L 312 of the latch 211, that is, the address data (0, 1, 1) corresponding to the register 14 (reg. 14). This is executed and output to the arithmetic unit 150 via the memory bus switch circuit 130 and the bus.

  As a result, the data of the register 17 (reg. 17) of the memory 1 and the data of the register 14 (reg. 14) of the memory 2 are input to the arithmetic unit 150, and an operation based on both data is executed.

  By these processes, the result executed up to the square calculation is stored in the data of the register 17 (reg. 17) of the memory 1 and the register 14 (reg. 14) of the memory 2.

  The present invention has been described in detail above with reference to specific embodiments. However, it is obvious that those skilled in the art can make modifications and substitutions of the embodiments without departing from the gist of the present invention. In other words, the present invention has been disclosed in the form of exemplification, and should not be interpreted in a limited manner. In order to determine the gist of the present invention, the claims section described at the beginning should be considered.

  As described above, according to the configuration of the present invention, the memory unit having a memory block having a plurality of registers as the data storage area, and the data read from the register based on the designated address of the register are input, In an arithmetic processing device having an arithmetic unit that executes arithmetic processing based on input data and a control unit that executes data input / output control for the arithmetic unit, a data storage register that stores data to be output in the arithmetic unit is preliminarily provided. Address control processing for converting an input address from the control unit into a designated address of the data storage register and outputting the converted address as a read address for the memory block when the specified specific register is a different register in the same memory block Data for a specific register that has been set in advance. By reducing the copying process, it is possible to perform a data reading and processing, faster operation is realized, it is applicable in the cryptographic processing devices that are requested of the high-speed processing.

Furthermore, according to the configuration of the present invention, in the execution of the Monpro operation: MonPro (a ^* , b ^* ) in the Mongolian operation, the identification set as the storage area for the parameter “a ^* ” or “b ^* ” in the Monpro operation to register a different register, parameters to be output "a ^*" or when storing the corresponding data are the "b ^*", the parameters of expected output an input address from the control unit "a ^*" or "b ^*" Since the conversion address is converted into the designated address of the data storage register and the converted address is output as a read address for the memory block, the data copy processing of the monpro operation that is repeatedly executed a plurality of times can be reduced in the cryptographic processing operation. It is possible to realize high-speed cryptographic processing operations and can be applied to cryptographic processing devices that require high-speed processing. It is.

It is a figure which shows the structure of the arithmetic processing apparatus of this invention. It is a figure explaining the register | resistor use structure of a memory in an arithmetic processing, and a copy process. It is a figure explaining the register | resistor use structure of a memory in an arithmetic processing, and a copy process. It is a figure explaining the register | resistor use structure of a memory in an arithmetic processing, and a copy process. It is a figure which shows the address control circuit structure of the arithmetic processing unit of this invention. It is a figure which shows the detailed circuit structural example of the address control circuit of the arithmetic processing unit of this invention. It is a figure explaining the register | resistor utilization arithmetic processing of the memory accompanying the address conversion process in the address control circuit of the arithmetic processing unit of this invention. It is a figure explaining the register | resistor utilization arithmetic processing of the memory accompanying the address conversion process in the address control circuit of the arithmetic processing unit of this invention.

Explanation of symbols

DESCRIPTION OF SYMBOLS 110 Memory part 120-123 Memory block 130 Memory bus switch circuit 150 Operation part 151,153,155,156,158 Latch 152 Multiplier 154,157 Adder 200 Address control circuit 210,220 Address conversion part 211,221 Latch 212, 222 coincidence detection unit 213, 223 switch 311 to 314 latch 321 to 323 EOR input data setting unit 331 to 333 EOR circuit 335 OR circuit 341 to 346 switch element

Claims (10)

A memory unit having a memory block having a plurality of registers as a data storage area, an arithmetic unit that inputs data read from the register based on a designated address of the register, and executes arithmetic processing based on the input data; An arithmetic processing unit having a control unit that performs data input / output control on the unit,
An address control unit that inputs a register designation address from the control unit and executes input address conversion processing,
The address control unit inputs a predetermined register address from the control unit, and a data storage register storing data to be output to the arithmetic unit is stored in the same memory block as the specific register. In the case of different registers, the arithmetic processing has a configuration in which an input address from the control unit is converted into a designated address of the data storage register, and the converted address is output as a read address for the memory block. apparatus. The address control unit
A latch storing the address of the data storage register;
A coincidence detection unit that detects whether an input address from the control unit coincides with an address of a predetermined specific register;
Switch means for selecting either an input address from the control unit or an address of the data storage register stored in the latch based on detection information of the coincidence detection unit and outputting the selected address as a read address for the memory block When,
The arithmetic processing apparatus according to claim 1, comprising: The address control unit further includes:
Including an information storage unit storing information for enabling an address conversion operation only when a data storage register storing data to be output in the arithmetic unit is a different register in the same memory block as the specific register 2. The arithmetic processing apparatus according to claim 1, wherein the address conversion process is performed only when information for enabling an address conversion operation is stored in the information storage unit. The calculation unit includes a multiplier and an adder that perform Montgomery calculation in cryptographic processing calculation,
The memory unit has a configuration in which specific registers of two memory blocks in a plurality of memory blocks are set as storage areas for parameters or intermediate values to be applied to the Montgomery calculation scheduled to be input to the calculation unit in the next calculation cycle. ,
The address control unit inputs an address of the specific register set as a storage area for parameters or intermediate values to be applied to Montgomery calculation from the control unit, and stores data to be output to the calculation unit. When the data storage register is a different register of the same memory block as the specific register, the input address from the control unit is converted into a specified address of the data storage register, and the converted address is read out from the memory block The arithmetic processing unit according to claim 1, wherein the arithmetic processing unit is configured to output as an address. The arithmetic processing device is an arithmetic processing device that executes the following monpro operation:
MonPro (a ^* , b ^* )
t = a ^* × b ^*
for i = 0 to dl-1
m = t ₀ × P ₀ 'mod r
t = (t + m × P) / r
next i
if t ≧ P then return t−P
else return t
5. The operation according to claim 4, wherein the specific registers of the two memory blocks in the plurality of memory blocks are configured to be stored as registers for storing parameters a ^* or b ^* in the Monpro operation. Processing equipment. An arithmetic processing method,
An address generation step of generating a specified address of the register in the control unit that executes data input / output control for the arithmetic unit;
In the case where the address of the specific register determined in advance from the control unit and the data storage register storing the data to be output to the arithmetic unit are different registers in the same memory block as the specific register, An address control step of converting an input address from the control unit into a designated address of the data storage register and outputting the converted address as a read address for the memory block;
A data read step for reading data from a register of a memory block based on the address controlled in the address control step and outputting the data to the arithmetic unit;
An arithmetic processing method characterized by comprising: The address control step further includes:
A coincidence detecting step for detecting whether or not an input address from the control unit coincides with an address of a predetermined specific register;
Based on the detection information in the coincidence detection step, output switching is performed by selecting either the input address from the control unit or the address of the data storage register stored in advance in the latch and outputting it as a read address for the memory block Steps,
The arithmetic processing method according to claim 6, further comprising: In the arithmetic processing method,
The address conversion process in the address control step is performed only when a data storage register storing data scheduled to be output in the arithmetic unit is a different register in the same memory block as the specific register. Item 7. The processing method according to Item 6.   In the address control step, an address of a specific register set as a storage area for parameters or intermediate values to be applied to Montgomery calculation is input from the control unit, and data to be output is stored in the calculation unit When the data storage register is a different register of the same memory block as the specific register, the input address from the control unit is converted into a specified address of the data storage register, and the converted address is read to the memory block The calculation processing method according to claim 6, wherein: The calculation processing method includes a calculation step for executing the following monpro calculation:
MonPro (a ^* , b ^* )
t = a ^* × b ^*
for i = 0 to dl-1
m = t ₀ × P ₀ 'mod r
t = (t + m × P) / r
next i
if t ≧ P then return t−P
else return t
In the address control step, an address of a specific register set as a storage area for the parameter a ^* or b ^* in the monpro calculation is input from the control unit, and the parameter a ^* or b scheduled to be output to the calculation unit ^{When the} data storage register storing the corresponding data of ^* is a different register in the same memory block as the specific register, the input address from the control unit is converted into the designated address of the data storage register, The arithmetic processing method according to claim 9, wherein the conversion address is output as a read address for the memory block.

Images