A Dual-Stack Signature and Verification Method and System with an Integrated PQC Coprocessor in the CPU Chip

By integrating a PQC coprocessor inside the CPU chip and adopting a dual-stack signature and verification method, the security and compatibility issues of traditional cryptography and post-quantum cryptography operating independently are solved, achieving efficient and secure signature and verification, dynamically adjusting the security level, and improving the security and compatibility of the CPU chip.

CN122372222APending Publication Date: 2026-07-10SHANGHAI UNI SENTRY INTELLIGENT TECH CO LTD

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
SHANGHAI UNI SENTRY INTELLIGENT TECH CO LTD
Filing Date
2026-05-27
Publication Date
2026-07-10

AI Technical Summary

Technical Problem

The independent operation modes of traditional cryptography and post-quantum cryptography in existing CPU chips are vulnerable to attacks, and there are problems such as incompatibility, inability to verify historical data, and inability to dynamically adjust security levels during the migration process, making it difficult to meet the requirements of high security, high compatibility, and low overhead.

Method used

A PQC coprocessor is integrated inside the CPU chip. A dual-stack signature and verification method is adopted. By generating and verifying signature components through cross-dependency of traditional cryptography and post-quantum cryptography, combined with a dynamic security level adaptation mechanism, parallel signature and verification are achieved. In the verification process, a fast failure mechanism and post-quantum signature component compression storage are adopted.

Benefits of technology

It achieves the high efficiency and ease of use of traditional cryptography and the resistance to quantum attacks of post-quantum cryptography, balancing security strength and hardware energy efficiency, dynamically adjusting security parameters, resisting fault injection and side-channel attacks, supporting seamless migration between old and new systems, and improving security, compatibility and performance.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN122372222A_ABST
    Figure CN122372222A_ABST
Patent Text Reader

Abstract

This invention relates to a dual-stack signature and verification method and system with an integrated PQC coprocessor within a CPU chip, comprising the following steps: Step A, signature request distribution and parameter parsing: The instruction distribution unit within the CPU chip receives the message M to be signed, parses out the security level parameters, and simultaneously distributes the message M to both the traditional cryptographic operation unit and the post-quantum cryptographic operation unit within the dual-stack cryptographic coprocessor integrated within the CPU; Step B, independent dual-stack preprocessing and temporary parameter generation: The traditional cryptographic operation unit generates a first temporary random number, where n is the order of the elliptic curve base point; simultaneously, the post-quantum cryptographic operation unit generates a noise vector following a discrete Gaussian distribution based on the lattice-based signature algorithm, generates a temporary mask vector, and calculates the commitment hash value; This invention is more quantum-resistant and secure, faster in computation and saves space, and can be used in both new and old systems.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This invention relates to verification methods, specifically to a dual-stack signature and verification method and system for CPU chips with integrated PQC coprocessors. Background Technology

[0002] With the rapid development of quantum computing technology, traditional cryptographic systems based on elliptic curves and other methods face serious threats from quantum algorithms, posing quantum security vulnerabilities to information security systems. While post-quantum cryptography possesses resistance to quantum attacks, it suffers from high computational overhead, high storage consumption, and poor hardware adaptability, making it difficult to directly replace traditional cryptography in CPU chips. Existing cryptographic coprocessors mostly employ independent operation modes for traditional and post-quantum cryptography, lacking secure binding between the two, making them vulnerable to physical attacks such as fault injection and side-channel attacks, resulting in insufficient security protection. Furthermore, the migration from traditional to post-quantum cryptography presents problems such as incompatibility between old and new systems, inability to verify historical data, and easy interruption during the switching process. Moreover, chips cannot dynamically adjust security levels and operation modes based on real-time operating status and attack risks, making it difficult to balance security strength and hardware energy efficiency. This fails to meet the high security, high compatibility, high adaptability, and low overhead cryptographic operation requirements of CPU chips in the quantum security era. Therefore, a dual-stack signature and verification method and system integrating a PQC coprocessor within a CPU chip is proposed. Summary of the Invention

[0003] To address the shortcomings of existing technologies, this invention provides a dual-stack signature and verification method for CPU chips with integrated PQC coprocessors, comprising the following steps: Step A, Signature Request Distribution and Parameter Parsing: The instruction distribution unit inside the CPU chip receives the message M to be signed and parses out the security level parameters. The message M is simultaneously distributed to both the traditional cryptographic operation unit and the post-quantum cryptographic operation unit in the dual-stack cryptographic coprocessor integrated within the CPU. Step B, Dual-Stack Independent Preprocessing and Temporary Parameter Generation: Traditional cryptographic operation units generate the first temporary random number. Where n is the order of the elliptic curve base point; simultaneously, the post-quantum cryptographic unit generates a noise vector following a discrete Gaussian distribution based on the lattice basis signature algorithm. Generate a temporary mask vector And calculate the commitment hash value. ,in It is a lattice-based public key matrix; Step C, cross-dependency signature component generation: The traditional cryptographic unit obtains the commitment hash value c, and calculates the derived temporary key according to the following derivation formula. Then use The first signature component is obtained by calculating the dot product of the elliptic curve. G is the base point of the elliptic curve, and then the second signature component of the traditional signature is calculated. ,in The private key is used for traditional signatures; simultaneously, the post-quantum cryptographic unit obtains the first temporary random number. The least significant byte string is used as the perturbation factor, and the noise vector is modified according to the following perturbation equation. Distribution: ; in The preset perturbation basis vectors for The bit length is given, q is the lattice basis modulus, and is based on the perturbed noise vector. Compute the lattice signature response vector , as a post-quantum signature component; Step D, Entanglement Check Code Generation and Signature Fusion: Dual-Stack Entanglement Construction Unit Receives And calculate the entanglement check code. The calculation formula is: ; in This means r divided by The integer part, for And the integer parts are concatenated sequentially and then hashed to obtain... ; Will and Combined into dual-stack entangled signature data according to a preset format; Step E, Dual-Stack Parallel Verification and Entanglement Verification: In the verification phase, the verification end parses the dual-stack entangled signature data, first verifying it using traditional public keys. Whether the elliptic curve signature equation is satisfied, i.e., verifying the first signature component. ,in Traditional public key; Re-verification using post-quantum public key Does the lattice signature verification condition satisfy, i.e., calculate the reconstructed noise vector? ,in For post-quantum public key verification and The preset norm threshold is used; after both pass, the verification end verifies the value based on r in the signature data. c Recalculate the local entanglement check code using the same method as in step D. and with the signature The signature is compared; if they match, the verification is successful; otherwise, the signature is invalid.

[0004] Furthermore, it also includes a dynamic security level adaptation mechanism: the dual-stack cryptographic coprocessor contains a security measurement module that collects the current temperature fluctuation value of the CPU chip. Root mean square voltage noise and the branch prediction error rate of the instruction execution pipeline The quantum attack risk assessment value (Risk) is calculated using the following formula: ; in and This is a normalized reference value. With configurable weighting coefficients, the Sigmoid function maps the results to a preset range; Security level parameters The risk value is dynamically determined by comparing it with multiple preset thresholds. When Risk is higher than the first preset threshold The value is set to a high security level, which mandates that the perturbation factor bit length in step C be [high security level]. Increase the preset ratio and increase the lattice base modulus q by a preset multiple; when Risk is lower than the second preset threshold... The value is set to a low security level, where the traditional cryptographic operation unit can complete the signature independently, and then the quantum cryptographic operation unit enters a dormant state, wherein the first preset threshold is greater than the second preset threshold.

[0005] Furthermore, the elliptic curve dot product operation... During the calculation process, the intermediate point coordinate register is refreshed every fixed number of rounds by the commitment hash value c output by the post-quantum cryptography unit. The refresh method is as follows: ; in This is a temporary accumulation point in the dot product operation; this refresh operation causes the computation path of the traditional dot product operation to become non-linearly entangled with the post-quantum commitment value. Any fault injection into the post-quantum operation unit will cause the final value of the traditional signature component r to change unpredictably.

[0006] Furthermore, the perturbation basis vector in step C... It is not fixed, but generated by the traditional cryptographic operation unit in the previous signature cycle. Historical values ​​and noise vectors generated by post-quantum cryptographic units The norm is dynamically generated through a recursive relation, specifically the recursive formula: ; Where the superscript t represents the current signature period, and α and β are the forgetting factor and the update factor, respectively. The initial perturbation base is preset at the factory; this recursive process is driven by an on-chip linear feedback shift register, making the perturbation pattern unpredictable in time and correlated with historical signature data.

[0007] Furthermore, in step E, the verification end first calculates the entanglement check code. Without performing complete elliptic curve and lattice basis verification, if If the signature is invalid, the subsequent mathematical verification steps will be skipped; only if the signature is invalid will the signature be output as invalid. Only when the time is right will a complete dual-stack mathematical verification be performed; this fail-fast mechanism reduces the worst-case computational complexity of the verification process from... Reduce to O .

[0008] Furthermore, in generating the final post-quantum signature component... Subsequently, the dual-stack entangled construct does not directly store the complete post-quantum signature component. Instead of a vector, it is combined with a vector consisting of a traditional signature component r and The jointly determined pseudo-random projection matrix Multiply to obtain the compressed signature fragment. ; Projection matrix The generation method is as follows: ; PRNG is a pseudo-random number generator initialized based on the internal physical random number seed of a dual-stack cryptographic coprocessor; during the verification phase, the verification end uses the same r and Reconstructing the projection matrix The quantum signature components are recovered by solving the underdetermined linear equations using a pre-defined compressed sensing recovery algorithm. The approximate value is then used to perform lattice basis verification; this compression method reduces the storage overhead of the post-quantum signature data to a preset compression ratio.

[0009] Furthermore, the post-quantum verification process in step E also includes an intermediate result caching and reuse mechanism: when multiple consecutive signature verification requests come from the same communication session, the verification end will use the reconstructed noise vector calculated in the previous verification process. hash value and norm Store it in the on-chip cache, and simultaneously cache the response vector corresponding to this verification. For the post-quantum component in subsequent signatures First, determine With stored in the cache Check if the Hamming distance is less than a preset distance threshold; if so, directly reuse the cached data. and As a basis for verification, otherwise the entire process in step E is recalculated; this mechanism is used to accelerate the verification throughput of batch signatures within the same session.

[0010] Furthermore, it also includes a multi-algorithm smooth migration mode: when the dual-stack cryptographic coprocessor detects that a traditional cryptographic algorithm is deemed insecure, it disables the signature function of the traditional cryptographic operation unit through a firmware update, but retains its verification function to process legacy signature data; simultaneously, the post-quantum cryptographic operation unit takes over all signature generation tasks and embeds a traditional algorithm-compatible placeholder in the new signature, which is generated by the post-quantum signature component. The pre-defined length of the leading byte is obtained through an irreversible function mapping, which enables older systems that only support traditional verification to recognize the placeholder and skip verification, while newer systems that support dual stacks can extract verification information from the placeholder for complete verification.

[0011] The CPU chip integrates a dual-stack signature and verification system with a PQC coprocessor. The system includes: The instruction distribution unit is configured to receive the message M to be signed and parse out the security level parameters. And simultaneously distribute message M; Traditional cryptographic operation unit, configured to generate the first temporary random number. Obtain the commitment hash value c and calculate the derived temporary key. Then calculate the first signature component r and the second signature component. ; Post-quantum cryptography unit, configured to generate noise vectors and temporary mask vector Calculate the commitment hash value c and obtain the first temporary random number. Modifying the noise vector distribution as a perturbation factor yields And calculate the lattice signature response vector. ; The dual-stack entanglement construct unit is connected to both the traditional cryptographic operation unit and the post-quantum cryptographic operation unit, and is configured to receive r, c Calculate the entanglement check code and r, c and The data is combined into dual-stack entangled signature data; The verification unit is configured to parse the dual-stack entangled signature data, perform elliptic curve signature verification and lattice basis signature verification respectively, and recalculate the local entanglement check code. With the signature Compare the results and output the verification results.

[0012] The present invention has the following advantages over the prior art: This project achieves parallel signature and verification using a dual-stack architecture combining traditional cryptography and post-quantum cryptography by integrating a PQC coprocessor within the CPU chip. This intertwines and binds the operational states of the two cryptographic systems, retaining the efficiency and ease of use of traditional cryptography while providing the resistance to quantum computing attacks inherent in post-quantum cryptography. Furthermore, a dynamic security level adaptation mechanism automatically adjusts security parameters and operational modes based on chip operating status and attack risks, balancing security and energy efficiency. Elliptic curve multiplication and nonlinear entanglement of post-quantum commitment values ​​resist fault injection attacks, while dynamic recursion of perturbation basis vectors makes perturbation modes unpredictable, enhancing resistance to side-channel attacks. The verification end employs a fast failure mechanism, significantly reducing verification complexity and time consumption. Compressed storage of post-quantum signature components reduces storage overhead, and intermediate result caching and reuse improve batch verification throughput. It also supports smooth migration of multiple algorithms, allowing seamless switching to post-quantum cryptography when traditional cryptography is insecure, and is compatible with both new and old systems and historical data. Overall, this project achieves a comprehensive improvement in security, performance, compatibility, and attack resistance. Attached Figure Description

[0013] Figure 1 This is a flowchart of the present invention. Detailed Implementation

[0014] To further illustrate the technical means and effects of the present invention in achieving its intended purpose, the following detailed description of the specific implementation methods, structures, features, and effects of the present invention, in conjunction with the accompanying drawings and preferred embodiments, is provided below.

[0015] like Figure 1 As shown, the dual-stack signature and verification method with an integrated PQC coprocessor in the CPU chip includes the following steps: Step A, Signature Request Distribution and Parameter Parsing: The instruction distribution unit inside the CPU chip receives the message M to be signed and parses out the security level parameters. The message M is simultaneously distributed to both the traditional cryptographic operation unit and the post-quantum cryptographic operation unit in the dual-stack cryptographic coprocessor integrated within the CPU. Step B, Dual-Stack Independent Preprocessing and Temporary Parameter Generation: Traditional cryptographic operation units generate the first temporary random number. Where n is the order of the elliptic curve base point; simultaneously, the post-quantum cryptographic unit generates a noise vector following a discrete Gaussian distribution based on the lattice basis signature algorithm. Generate a temporary mask vector And calculate the commitment hash value. ,in It is a lattice-based public key matrix; Step C, cross-dependency signature component generation: The traditional cryptographic unit obtains the commitment hash value c, and calculates the derived temporary key according to the following derivation formula. Then use The first signature component is obtained by calculating the dot product of the elliptic curve. G is the base point of the elliptic curve, and then the second signature component of the traditional signature is calculated. ,in The private key is used for traditional signatures; simultaneously, the post-quantum cryptographic unit obtains the first temporary random number. The least significant byte string is used as the perturbation factor, and the noise vector is modified according to the following perturbation equation. Distribution: ; in The preset perturbation basis vectors for The bit length is given, q is the lattice basis modulus, and is based on the perturbed noise vector. Compute the lattice signature response vector , as a post-quantum signature component; Step D, Entanglement Check Code Generation and Signature Fusion: Dual-Stack Entanglement Construction Unit Receives And calculate the entanglement check code. The calculation formula is: ; in This means r divided by The integer part, for And the integer parts are concatenated sequentially and then hashed to obtain... ; Will and Combined into dual-stack entangled signature data according to a preset format; Step E, Dual-Stack Parallel Verification and Entanglement Verification: In the verification phase, the verification end parses the dual-stack entangled signature data, first verifying it using traditional public keys. Whether the elliptic curve signature equation is satisfied, i.e., verifying the first signature component. ,in Traditional public key; Re-verification using post-quantum public key Does the lattice signature verification condition satisfy, i.e., calculate the reconstructed noise vector? ,in For post-quantum public key verification and The preset norm threshold is used; after both pass, the verification end verifies the value based on r in the signature data. c Recalculate the local entanglement check code using the same method as in step D. and with the signature The signature is compared; if they match, the verification is successful; otherwise, the signature is invalid.

[0016] It also includes a dynamic security level adaptation mechanism: the dual-stack cryptographic coprocessor contains a security measurement module that collects the current temperature fluctuation value of the CPU chip. Root mean square voltage noise and the branch prediction error rate of the instruction execution pipeline The quantum attack risk assessment value (Risk) is calculated using the following formula: ; in and This is a normalized reference value. With configurable weighting coefficients, the Sigmoid function maps the results to a preset range; Security level parameters The risk value is dynamically determined by comparing it with multiple preset thresholds. When Risk is higher than the first preset threshold The value is set to a high security level, which mandates that the perturbation factor bit length in step C be [high security level]. Increase the preset ratio and increase the lattice base modulus q by a preset multiple; when Risk is lower than the second preset threshold... The value is set to a low security level, where the traditional cryptographic operation unit can complete the signature independently, and then the quantum cryptographic operation unit enters a dormant state, wherein the first preset threshold is greater than the second preset threshold. The dynamic security level adaptation mechanism can collect real-time hardware operating status such as chip temperature fluctuations, voltage noise, and branch prediction error rate, accurately quantify the risk of quantum attacks, and dynamically adjust security parameters and operation modes according to the risk level. In high-risk scenarios, the perturbation factor length and lattice basis modulus are increased to enhance the resistance to quantum attacks, while in low-risk scenarios, the quantum computing unit is put into hibernation to reduce hardware power consumption and computational overhead, achieving an adaptive balance between security strength and system energy efficiency, and improving the robustness and applicability of the chip in complex environments.

[0017] If a normalization reference value is set ; Weighting coefficient ; The first preset threshold is 0.6, and the second preset threshold is 0.3.

[0018] High-risk scenario calculation: Current chip status: 2.

[0019] Substitute into the risk assessment formula: ; Sigmoid mapping: Determined to be of high security level, the perturbation factor bit length is adjusted. An increase of 20% results in a 1.5-fold increase in the lattice basis modulus q.

[0020] Low-risk scenario calculation: Current chip status: .

[0021] Substitute into the risk assessment formula: ; Sigmoid mapping: If it drops further Then the quantum cryptography unit enters a dormant state, and only the traditional cryptography unit independently completes the signature.

[0022] Elliptic curve dot product During the calculation process, the intermediate point coordinate register is refreshed every fixed number of rounds by the commitment hash value c output by the post-quantum cryptography unit. The refresh method is as follows: ; in This is a temporary accumulation point in the dot product operation; this refresh operation causes the computation path of the traditional dot product operation to become non-linearly entangled with the post-quantum commitment value. Any fault injection into the post-quantum operation unit will cause the final value of the traditional signature component r to change unpredictably. This mechanism periodically refreshes the intermediate temporary points of the elliptic curve dot product by the commitment hash value output by the post-quantum cryptographic operation, so that the traditional cryptographic operation path and the post-quantum cryptographic operation state form a nonlinear entanglement. This can effectively resist fault injection attacks against the post-quantum operation unit. Any tampering or disturbance will cause unpredictable changes to the traditional signature components, greatly improving the physical anti-attack capability of the dual-stack system.

[0023] Let the order of the base point of the elliptic curve be n=256, and the current temporary accumulation point be... The hash value is obtained after hashing. The base point is G, and the refresh formula is executed when the fixed refresh cycle is reached: ; Substitute the numerical values ​​into the calculation: ; If an attacker injects a fault into the post-quantum unit, causing a change in c, then It changes accordingly, for example, becomes The refresh result then becomes: ; The resulting first signature component r will be completely different from the correct value, allowing the verification end to directly determine that the signature is invalid, thereby blocking fault injection attacks.

[0024] The perturbation basis vector in step C It is not fixed, but generated by the traditional cryptographic operation unit in the previous signature cycle. Historical values ​​and noise vectors generated by post-quantum cryptographic units The norm is dynamically generated through a recursive relation, specifically the recursive formula: ; Where the superscript t represents the current signature period, and α and β are the forgetting factor and the update factor, respectively. The initial perturbation base is preset at the factory; this recursive process is driven by an on-chip linear feedback shift register, making the perturbation pattern unpredictable in time and correlated with historical signature data; The perturbation basis vector is generated dynamically and recursively, which allows the perturbation pattern to change dynamically with historical signature data and the time dimension to be unpredictable. This avoids the security vulnerabilities caused by fixed perturbation basis, enhances the randomness of noise vector perturbation and resistance to side-channel attacks, and makes the intermediate state of post-quantum cryptography more difficult to crack and track, thereby further improving the physical security of the dual-stack signature system.

[0025] Let forgetting factor Update factor The previous cycle of perturbation base The previous period's traditional temporary random number The noise vector of the previous period The second norm is calculated as follows: ; The normalized noise vector is: ; Substitute into the dynamic recursive formula: ; The calculation yields: ; ; ; Current periodic disturbance base It is dynamically generated from the previous period's data and cannot be predicted in advance, which can effectively resist side-channel analysis and pattern-breaking attacks.

[0026] In step E, the verification end first calculates the entanglement check code. Without performing complete elliptic curve and lattice basis verification, if If the signature is invalid, the subsequent mathematical verification steps will be skipped; only if the signature is invalid will the signature be output as invalid. Only when the time is right will a complete dual-stack mathematical verification be performed; this fail-fast mechanism reduces the worst-case computational complexity of the verification process from... Reduce to O ; The verification end prioritizes the failure-fast mechanism of entangled checksum verification, which reduces the worst-case verification complexity from... Down to This significantly reduces the computational overhead and time consumption of invalid verification, improves overall verification efficiency, and reduces the chip's computational load.

[0027] Assume the computational cost of traditional ECC verification is The computational cost of lattice signature verification is [period / time]. The cycle time and the computational cost of hash operations are... cycle.

[0028] Without failure-fast, the total computational cost of full verification is: cycle; After adopting the fail-fast mechanism, the verification end first calculates the local entanglement checksum. and with the signature Comparison: ; like It is directly determined to be invalid, and only consumes: cycle; Compared to full verification, the time required is reduced to [percentage missing]. This significantly improves processing speed in batch verification scenarios.

[0029] In generating the final post-quantum signature component Subsequently, the dual-stack entangled construct does not directly store the complete post-quantum signature component. Instead of a vector, it is combined with a vector consisting of a traditional signature component r and The jointly determined pseudo-random projection matrix Multiply to obtain the compressed signature fragment. ; Projection matrix The generation method is as follows: ; PRNG is a pseudo-random number generator initialized based on the internal physical random number seed of a dual-stack cryptographic coprocessor; during the verification phase, the verification end uses the same r and Reconstructing the projection matrix The quantum signature components are recovered by solving the underdetermined linear equations using a pre-defined compressed sensing recovery algorithm. The approximate value is then used for lattice basis verification; this compression method reduces the storage overhead of the post-quantum signature data to a preset compression ratio. By using a pseudo-random projection matrix driven by traditional signature components to compress and store post-quantum signature components, the storage overhead of post-quantum signature vectors can be significantly reduced. At the same time, the compressed data can still be accurately recovered through compressed sensing algorithms, thereby improving storage utilization and data transmission efficiency without compromising security.

[0030] Traditional signature components The seed for the pseudo-random number generator is... The projection matrix is ​​obtained. The generating formula is: ; Calculate the XOR value: .

[0031] Let the original post-quantum signature component be... Given a vector of length N=256, with a compression ratio of 1 / 4, the projection matrix is... for 3D matrix, compressed signature fragment The calculation formula is: ; The original storage overhead was 256 units, but after compression, only 64 units need to be stored, reducing the storage overhead to [a fraction of the original amount]. .

[0032] The verification end uses the same r and Reconstructing the projection matrix Solving underdetermined linear equations using compressed sensing recovery algorithm You can get The approximate value is obtained and lattice basis verification is completed. The compression and restoration process does not affect the correctness and security of the signature verification.

[0033] The post-quantum verification process in step E also includes an intermediate result caching and reuse mechanism: when multiple consecutive signature verification requests come from the same communication session, the verification end will use the reconstructed noise vector calculated in the previous verification process. hash value and norm Store it in the on-chip cache, and simultaneously cache the response vector corresponding to this verification. For the post-quantum component in subsequent signatures First, determine With stored in the cache Check if the Hamming distance is less than a preset distance threshold; if so, directly reuse the cached data. and As a basis for verification, otherwise the entire process in step E is recalculated; this mechanism is used to accelerate the verification throughput of batch signatures within the same session. The post-quantum verification intermediate result caching and reuse mechanism can reuse historical calculation results for continuous verification requests within the same communication session, avoiding repeated calculation of the hash value and norm of the reconstructed noise vector, reducing redundant computation, improving batch verification throughput and chip computing efficiency, and reducing system latency.

[0034] Let the preset Hamming distance threshold be... The reconstructed noise vector was calculated during the first verification. Its second norm is The hash value is, and will , Stored in on-chip cache; the post-quantum component of the second verification request in the subsequent session is... First calculate With cache Hamming distance The calculation formula is: ; If the calculation is Then directly reuse the cache. Verification complete, no recalculation required. A single verification can reduce the amount of lattice computation by more than 70%, significantly improving the speed of batch signature verification in the same session.

[0035] It also includes a multi-algorithm smooth migration mode: when the dual-stack cryptographic coprocessor detects that a traditional cryptographic algorithm is deemed insecure, it disables the signature function of the traditional cryptographic operation unit through a firmware update, but retains its verification function to process legacy signature data; simultaneously, the post-quantum cryptographic operation unit takes over all signature generation tasks and embeds a traditional algorithm-compatible placeholder in the new signature, which is generated by the post-quantum signature component. The pre-defined length of the leading byte is obtained through an irreversible function mapping, which enables older systems that only support traditional verification to recognize the placeholder and skip verification, while newer systems that support dual stacks can extract verification information from the placeholder for complete verification. The multi-algorithm smooth migration mode can disable the traditional signature function while retaining the verification capability through firmware updates when traditional cryptographic algorithms are deemed insecure. At the same time, the post-quantum cryptographic operation unit takes over signature generation, and the new signature embeds a compatible placeholder, achieving seamless compatibility between the old and new systems, verifiable historical data, and secure new data. This ensures that the cryptographic system can smoothly transition to the post-quantum security era without interruption or risk.

[0036] Assuming the traditional ECC algorithm is found to have a security vulnerability, the dual-stack coprocessor triggers a smooth migration; the signature function of the traditional cryptographic unit is disabled, but its verification interface is retained for processing historical ECC signature data; the post-quantum cryptographic unit generates a signature component, takes its first 8 bytes as source data, and uses an irreversible hash function to generate a traditional algorithm-compatible placeholder. The mapping formula is: ; The placeholder is written to the traditional signature field position of the new signature; older systems that only support traditional verification recognize the placeholder as a non-standard format and automatically skip verification; newer systems that support dual stacks extract verification information from the placeholder and combine it with... After completing quantum integrity verification, it enables uninterrupted migration from traditional cryptography to quantum cryptography, while being compatible with both new and old devices and historical signature data.

[0037] The CPU chip integrates a dual-stack signature and verification system with a PQC coprocessor. The system includes: The instruction distribution unit is configured to receive the message M to be signed and parse out the security level parameters. And simultaneously distribute message M; Traditional cryptographic operation unit, configured to generate the first temporary random number. Obtain the commitment hash value c and calculate the derived temporary key. Then calculate the first signature component r and the second signature component. ; Post-quantum cryptography unit, configured to generate noise vectors and temporary mask vector Calculate the commitment hash value c and obtain the first temporary random number. Modifying the noise vector distribution as a perturbation factor yields And calculate the lattice signature response vector. ; The dual-stack entanglement construct unit is connected to both the traditional cryptographic operation unit and the post-quantum cryptographic operation unit, and is configured to receive r, c Calculate the entanglement check code and r, c and The data is combined into dual-stack entangled signature data; The verification unit is configured to parse the dual-stack entangled signature data, perform elliptic curve signature verification and lattice basis signature verification respectively, and recalculate the local entanglement check code. With the signature Compare the results and output the verification results.

[0038] The above are merely preferred embodiments of the present invention and are not intended to limit the present invention in any way. Although the present invention has been disclosed above with reference to preferred embodiments, it is not intended to limit the present invention. Any person skilled in the art can make some modifications or alterations to the above-disclosed technical content to create equivalent embodiments without departing from the scope of the present invention. Any simple modifications, equivalent changes and alterations made to the above embodiments based on the technical essence of the present invention without departing from the scope of the present invention shall still fall within the scope of the present invention.

Claims

1. A dual-stack signature and verification method with a PQC coprocessor integrated within a CPU chip, characterized in that, Includes the following steps: Step A, Signature Request Distribution and Parameter Parsing: The instruction distribution unit inside the CPU chip receives the message M to be signed and parses out the security level parameters. The message M is simultaneously distributed to both the traditional cryptographic operation unit and the post-quantum cryptographic operation unit in the dual-stack cryptographic coprocessor integrated within the CPU. Step B, Dual-Stack Independent Preprocessing and Temporary Parameter Generation: Traditional cryptographic operation units generate the first temporary random number. Where n is the order of the elliptic curve base point; simultaneously, the post-quantum cryptographic unit generates a noise vector following a discrete Gaussian distribution based on the lattice basis signature algorithm. Generate a temporary mask vector And calculate the commitment hash value. ; Step C, cross-dependency signature component generation: The traditional cryptographic unit obtains the commitment hash value c, and calculates the derived temporary key according to the following derivation formula. Then use the temporary key The first signature component is obtained by calculating the dot product of the elliptic curve. Then calculate the second signature component of the traditional signature. ; At the same time, the post-quantum cryptography unit obtains the first temporary random number. The least significant byte string is used as the perturbation factor, and the noise vector is modified according to the preset perturbation equation. The distribution of noise vectors after perturbation is obtained. And based on the perturbed noise vector Compute the lattice signature response vector , as a post-quantum signature component; Step D, Entanglement Check Code Generation and Signature Fusion: Dual-Stack Entanglement Construction Unit Receives And calculate the entanglement check code. ,right And the integer parts are concatenated sequentially and then hashed to obtain... ; Will and Combined into dual-stack entangled signature data according to a preset format; Step E, Dual-Stack Parallel Verification and Entanglement Verification: In the verification phase, the verification end parses the dual-stack entangled signature data, first verifying it using traditional public keys. Whether the elliptic curve signature equation is satisfied, i.e., verifying the first signature component. ,in Traditional public key; Re-verification using post-quantum public key Does the lattice signature verification condition satisfy, i.e., calculate the reconstructed noise vector? ,in For post-quantum public key verification and The preset norm threshold is used; after both pass, the verification end verifies the value based on r in the signature data. c Recalculate the local entanglement check code using the same method as in step D. and with the signature The signature is compared; if they match, the verification is successful; otherwise, the signature is invalid.

2. The dual-stack signature and verification method for CPU chips with integrated PQC coprocessors according to claim 1, characterized in that: It also includes a dynamic security level adaptation mechanism: the dual-stack cryptographic coprocessor contains a security measurement module that collects the current temperature fluctuation value of the CPU chip. Root mean square voltage noise and the branch prediction error rate of the instruction execution pipeline Regarding the temperature fluctuation value of the current CPU chip Root mean square voltage noise and the branch prediction error rate of the instruction execution pipeline The quantum attack risk assessment value was obtained through calculation. Security level parameters The risk level (Risk value) is dynamically determined by comparing it with multiple preset thresholds. When the quantum attack risk assessment value (Risk) is higher than a first preset threshold... The value is set to a high security level, which mandates that the perturbation factor bit length in step C be [high security level]. Increase the preset ratio and increase the lattice base modulus q by a preset multiple; when Risk is lower than the second preset threshold... The value is set to a low security level, where the traditional cryptographic operation unit can complete the signature independently, and then the quantum cryptographic operation unit enters a dormant state, wherein the first preset threshold is greater than the second preset threshold.

3. The dual-stack signature and verification method for CPU chips with integrated PQC coprocessors according to claim 2, characterized in that: Elliptic curve dot product During the calculation process, the intermediate point coordinate register is refreshed every fixed number of rounds by the commitment hash value c output by the post-quantum cryptography unit. The refresh method is as follows: ; in This is a temporary accumulation point in the dot product operation; this refresh operation causes the computation path of the traditional dot product operation to become non-linearly entangled with the post-quantum commitment value. Any fault injection into the post-quantum operation unit will cause the final value of the traditional signature component r to change unpredictably.

4. The dual-stack signature and verification method for CPU chips with integrated PQC coprocessors according to claim 3, characterized in that: The perturbation basis vector in step C It is not fixed, but generated by the traditional cryptographic operation unit in the previous signature cycle. Historical values ​​and noise vectors generated by post-quantum cryptographic units The norm is dynamically generated through recursive relations.

5. The dual-stack signature and verification method for CPU chips with integrated PQC coprocessors according to claim 4, characterized in that: In step E, the verification end first calculates the entanglement check code. Without performing complete elliptic curve and lattice basis verification, if If the signature is invalid, the subsequent mathematical verification steps will be skipped; only if the signature is invalid will the signature be output as invalid. Only when the time is right will a complete dual-stack mathematical verification be performed; this fail-fast mechanism reduces the worst-case computational complexity of the verification process from... Reduce to O .

6. The dual-stack signature and verification method for CPU chips with integrated PQC coprocessors according to claim 5, characterized in that: In generating the final post-quantum signature component Subsequently, the dual-stack entangled construct does not directly store the complete post-quantum signature component. Instead of a vector, it is combined with a vector consisting of a traditional signature component r and The jointly determined pseudo-random projection matrix Multiply to obtain the compressed signature fragment. ; During the verification phase, the verification end uses the same r and Reconstructing the projection matrix The quantum signature components are recovered by solving the underdetermined linear equations using a pre-defined compressed sensing recovery algorithm. The approximate value is then used to perform lattice basis verification; this compression method reduces the storage overhead of the post-quantum signature data to a preset compression ratio.

7. The dual-stack signature and verification method for CPU chips with integrated PQC coprocessors according to claim 6, characterized in that: The post-quantum verification process in step E also includes an intermediate result caching and reuse mechanism: when multiple consecutive signature verification requests come from the same communication session, the verification end will use the reconstructed noise vector calculated in the previous verification process. hash value and norm Store it in the on-chip cache, and simultaneously cache the response vector corresponding to this verification. For the post-quantum component in subsequent signatures First, determine With stored in the cache Check if the Hamming distance is less than a preset distance threshold; if so, directly reuse the cached data. and As a basis for verification, otherwise the entire process in step E is recalculated; this mechanism is used to accelerate the verification throughput of batch signatures within the same session.

8. The dual-stack signature and verification method for CPU chips with integrated PQC coprocessors according to claim 7, characterized in that: It also includes a multi-algorithm smooth migration mode: when the dual-stack cryptographic coprocessor detects that a traditional cryptographic algorithm is deemed insecure, it disables the signature function of the traditional cryptographic operation unit through a firmware update, but retains its verification function to process legacy signature data; simultaneously, the post-quantum cryptographic operation unit takes over all signature generation tasks and embeds a traditional algorithm-compatible placeholder in the new signature, which is generated by the post-quantum signature component. The pre-defined length of the leading byte is obtained through an irreversible function mapping, which enables older systems that only support traditional verification to recognize the placeholder and skip verification, while newer systems that support dual stacks can extract verification information from the placeholder for complete verification.

9. A dual-stack signature and verification system with an integrated PQC coprocessor in the CPU chip, the system being used to execute the method of any one of claims 1-8, characterized in that: The system includes: The instruction distribution unit is configured to receive the message M to be signed and parse out the security level parameters. And simultaneously distribute message M; Traditional cryptographic operation unit, configured to generate the first temporary random number. Obtain the commitment hash value c and calculate the derived temporary key. Then calculate the first signature component r and the second signature component. ; Post-quantum cryptography unit, configured to generate noise vectors and temporary mask vector Calculate the commitment hash value c and obtain the first temporary random number. Modifying the noise vector distribution as a perturbation factor yields And calculate the lattice signature response vector. ; The dual-stack entanglement construct unit is connected to both the traditional cryptographic operation unit and the post-quantum cryptographic operation unit, and is configured to receive r, c Calculate the entanglement check code and r, c and The data is combined into dual-stack entangled signature data; The verification unit is configured to parse the dual-stack entangled signature data, perform elliptic curve signature verification and lattice basis signature verification respectively, and recalculate the local entanglement check code. With the signature Compare the results and output the verification results.