Blockchain Security Mechanism Design Based on Chinese Cryptosystem SM2 Algorithm

Abstract

The cryptographic system is the foundation of blockchain security mechanisms. This paper constructs a blockchain security mechanism based on the Chinese national cryptographic SM2 algorithm, involving the generation of public–private key pairs and the signing of block information using key pairs. However, the original SM2 algorithm has a high computational complexity, which cannot meet the requirements of low on-chain delay in blockchain applications. To solve this problem, this paper optimizes the SM2 digital signature algorithm. The scalar multiplication operation in the digital signature algorithm has a large computational complexity, which affects the efficiency of a digital signature. To reduce its computational complexity, this paper improves the traditional window non-adjacent form (w-NAF) algorithm for the scalar multiplication operation and proposes a low computational complexity Fw-NAF algorithm based on the prime number precomputation window, which greatly reduces its computational complexity.

1. Introduction

Blockchain technology has revolutionized various industries by providing secure and transparent decentralized networks for recording and verifying transactions. At the heart of blockchain technology is the use of cryptographic techniques to ensure the security and privacy of data [1,2,3,4,5].

Cryptographic techniques play a crucial role in guaranteeing the integrity, confidentiality, and immutability of data in a blockchain [6]. One of the essential cryptographic tools used in blockchains is the hash algorithm. Hash algorithms, also known as message digest algorithms, generate a fixed-length hash digest value by employing a hash function. This function takes a string message of any length and produces a unique hash value, represented as h = H(M). By integrating hash functions into a blockchain, data security is enhanced as the hash function converts an input into a hash value that cannot be reversed to obtain the original data. Therefore, any alteration made to a block in the blockchain will result in a change to its hash value, which, in turn, modifies the hash value of the subsequent blocks, thus ensuring tamper-proof records [7].

There are several characteristics associated with hash functions that make them well-suited for blockchain applications [8]. First, uniqueness refers to the property of distinct inputs yielding different hash values. This ensures that each record in the blockchain has a unique identifier and prevents data collision. Second, irreversibility signifies that the original data cannot be derived from the hash value. This property strengthens the security of blockchains by making them computationally difficult for attackers to reverse engineer the data. Third, consistency ensures that the same input will consistently produce the same hash value, facilitating data consistency within the blockchain network. Finally, the avalanche effect implies that even a slight modification to the input data will result in a vastly different hash value, thereby ensuring the security and integrity of the blockchain.

In the context of blockchains, the most widely used hash algorithms include SHA-256 (Secure Hash Algorithm 256-bit) and MD-5 (Message Digest 5). SHA-256 is a popular choice as a result of its effectiveness in converting input data of any length into a 256-bit hash value. In blockchains, the hash value of a transaction is stored in a block after being processed using the SHA-256 algorithm. Each block contains multiple transaction records and a hash value that points to the previous block. The linking of blocks through hash values creates a tamper-proof chain, as any modification to the data within a block will lead to changes in the hash values of subsequent blocks. Consequently, ensuring the integrity of a blockchain requires substantial computational power and control over a significant portion of the network’s computing resources.

Apart from hash algorithms, asymmetric encryption, also known as public key encryption, is another cryptographic technique extensively employed in blockchains to ensure data security and privacy. In asymmetric encryption, each node possesses a pair of keys—a public key used for encryption and a private key used for decryption. The public key can be freely shared, whereas the private key must be kept confidential. This arrangement enables secure communication within a blockchain network.

In blockchain systems, such as Bitcoin, users generate public and private key pairs for transaction verification and security. When a user intends to send bitcoins to another user or entity, they use their private key to sign the transaction information cryptographically. The validity of the transaction is subsequently verified via nodes in the blockchain network using the public key corresponding to the private key used for signing. Asymmetric encryption ensures data privacy and immutability as the private key remains under the control of its owner, rendering the data inaccessible and tamper-proof.

2. Related Works

The SM2 asymmetric encryption algorithm is a significant advancement in the field of cryptographic techniques, particularly in the context of blockchain systems. Developed by Chinese cryptography experts and standard setters, the SM2 algorithm is based on elliptic curve cryptography (ECC) and offers high strength, security, and efficiency. As an elliptic curve-based algorithm, SM2 utilizes the mathematical properties of elliptic curves to provide secure encryption and key exchange capabilities. It operates within a finite field defined by the parameters of the elliptic curve and offers advantages such as smaller key sizes and reduced computational complexity compared to traditional public key algorithms, such as RSA [9,10,11,12].

The strength of the SM2 algorithm lies in its ability to resist various cryptographic attacks, including brute-force, differential power analysis, and the elliptic curve discrete logarithm problem. The elliptic curve points and operations used in SM2 provide a high level of security, making it suitable for applications that require strong encryption and data protection. In addition to its security features, the SM2 algorithm offers efficiency benefits. Its key sizes are shorter compared to those of other asymmetric encryption algorithms, resulting in faster cryptographic operations and reduced computational overhead. This efficiency is particularly crucial in blockchain systems, where the speed of transactions and verification plays a significant role in the overall performance and scalability of the network. The adoption of the SM2 algorithm has been widespread in various sectors, including the Chinese government and financial institutions. The algorithm’s robust security and efficiency have made it a preferred choice for encryption protection in these organizations, ensuring the confidentiality and integrity of sensitive data.

However, it is important to note that the SM2 algorithm’s high computational complexity may present challenges in certain blockchain systems, particularly consortium chains. These systems typically require low on-chain latency to achieve faster transaction processing and consensus [13,14].

Existing literature has primarily focused on the implementation and utilization of cryptographic algorithms in blockchains, including the widely adopted SHA-256 algorithm. However, there is a scarcity of research specifically addressing the optimization of the SM2 encryption algorithm to meet the low on-chain latency requirements of consortium chains. This research gap presents an opportunity to explore innovative approaches for enhancing the operational efficiency and scalability of blockchain systems, specifically in the context of consortium chains.

To address this research gap, our study aims to improve the SM2 encryption algorithm by reducing its complexity and enhancing its operational speed. We propose an optimization approach, the Fw-NAF algorithm, and evaluate its effectiveness in reducing on-chain latency. By focusing on the optimization of the SM2 algorithm in the blockchain context, we aim to bridge the existing research gap and contribute to the improvement of blockchain performance in consortium chains. The innovations proposed in this study can be summarized as follows:

(1)

Pre-calculation based on prime numbers: In the point multiplication operation, the traditional pre-calculation of odd points is replaced with the pre-calculation of prime points. This modification significantly reduces the amount of pre-calculation required, particularly when using a large window size. By leveraging prime numbers, the efficiency of the point multiplication operation is improved.

(2)

Difference compensation based on the prime number addition chain: Because the use of prime numbers replaces the use of odd numbers in the pre-calculation process, certain points may not be obtained. To overcome this, this study introduces a novel prime number addition chain algorithm, allowing for the fast calculation of these missing points. This approach enhances the overall computational efficiency of the SM2 algorithm.

(3)

Improved scalar multiplication algorithm: Building upon the pre-calculation using prime numbers and the prime number addition chain algorithm, a refined scalar multiplication algorithm is proposed. Through a series of point addition and doubling operations, the final result of scalar multiplication is efficiently and accurately computed. This improvement significantly reduces the computational complexity of the SM2 algorithm, enabling it to meet the low on-chain latency requirements of consortium chains and other blockchain systems.

3. Materials and Methods

3.1. SM2 Algorithm

An elliptic curve is a smooth curve on a plane that satisfies a specific equation. It is usually represented by the Weierstrass equation [15], which takes the form of y² = x³ + ax + b. It uses mathematical symbols to approximate a function numerically, making it a polynomial or more general form, and solves the equation to obtain the solution to the original problem. In the SM2 algorithm, two different types of elliptic curves can be used for encryption and signature operations, namely elliptic curves based on prime fields and elliptic curves based on binary extension fields [16].

When using the SM2 algorithm for digital signatures, the following system parameters need to be considered:

(1)

The size F_q of a finite field q, which represents the value of the prime numbers;

(2)

The parameters a and b of the elliptic curve and the parameter G(x_g, y_g), which are non-infinite base points on the elliptic curve;

(3)

The parameter n, which represents the order of the base point G on the elliptic curve;

(4)

The remainder factor h of n, which is equal to the total number of points on the elliptic curve divided by the order n of the base point G. Additionally, a, b, x_g, y_g should satisfy a, b, x_g, y_g∈F_q.

Algorithm 1 shows the SM2 public–private key pair generation algorithm. Algorithm 2 shows the SM2 digital signature algorithm. Algorithm 3 shows the SM2 signature verification algorithm.

Algorithm 1: SM2 public–private key pair generation algorithm.

Input: Elliptic curve parameters $(p,E(F_p),G,n)$ Output: public key pk and private key dk (1) randomly select $d_k\in [1,n-1]$ (2) calculate $p_k=d_{k}G$ (3) return $(p_k,d_k)$

Algorithm 2: SM2 digital signature algorithm.

Input: Elliptic curve parameters $(p,E(F_p),G,n)$, private key dk, message M, and identity ZA Output: signature (r, s) (1) let $\overline{M}=Z_A\left|\right|M$ (2) calculate $e=H_{256}(\overline{M})$ (3) select random number $k\in [1,n-1]$ (4) calculate $(x_1,y_1)=kG$ (5) calculate $r=(e+x_1)\mathrm{mod}n$, if r = 0 or r + k = n, return 3 (6) calculate $s=({(1+d_k)}^{-1}\cdot (k-r\cdot d_k))\mathrm{mod}n$, if s = 0, return 3 (7) return (r, s)

Algorithm 3: SM2 signature verification algorithm.

Input: Elliptic curve parameters $(p,E(F_p),G,n)$, public key pk, message M, and signature (r, s) Output: True if signature (r, s) is verified; False, otherwise. (1) check $(r,s)\in [1,n-1]$, if fail return False (2) let $\overline{M}=Z_A\left|\right|M$ (3) calculate $e=H_{256}(\overline{M})$ (4) calculate $t=(r+S)\mathrm{mod}n$ (5) calculate $(x_1,y_1)=sG+t{p}_k$ (6) calculate $R=(e+x_1)\mathrm{mod}n$ (7) if $R=r$ return True; otherwise, return False

3.2. Scalar Dot Product Algorithm on Elliptic Curves

The scalar multiplication operation refers to the multiplication of a point on an elliptic curve by a scalar value, which is a large integer, to obtain another point on the elliptic curve. In the SM2 algorithm, scalar multiplication is commonly used in processes such as computing public keys, verifying signatures, and generating encryption keys. The efficiency of scalar multiplication greatly affects the computational efficiency of the SM2 algorithm. For example, step 2 of Algorithm 1, step 4 of Algorithm 2, and step 5 of Algorithm 3 are scalar multiplication operations, which take up a large proportion of the entire calculation process. Additionally, according to our code implementation, the scalar multiplication operation takes up about 95.5%, 42.2%, and 66.6% of the calculation time of Algorithm 1, Algorithm 2, and Algorithm 3, respectively.

The w-non-adjacent form (w-NAF) algorithm [17] is a method used to compute scalar multiplication on elliptic curves. In the w-NAF algorithm, the scalar k is represented in a non-adjacent form with a window length of w. Compared to the traditional NAF algorithm, the w-NAF algorithm reduces the number of non-zero digits and the Hamming weight by increasing the window length, thereby reducing its computational complexity. Additionally, the w-NAF algorithm can further improve its computational efficiency by preprocessing the points on the curve into a precomputed table. Algorithm 4 presents the w-NAF expansion of an integer k in a window of w.

Algorithm 4: NAFw(k) expansion algorithm for integer k.

Input: Positive integer k, window width w Output: NAFw(k) (1) let j = 0 (2) for each positive integer k ≥ 0:   if k is odd number, $k_j\leftarrow 2-(k\mathrm{mod}{2}^w)$, $k\leftarrow k-k_j$   else let kj = 0 $k\leftarrow k/2$, $j\leftarrow j+1$ (3) return $(k_{j-1},k_{j-2},\dots ,k_1,k_0)$

When expanding the non-arithmetic function (NAF) in the form of a window with width w, the presence of adjacent nonzero elements is prohibited because of the increased window size. Consequently, the average Hamming weight of the window width w is transformed into the value denoted as the following:

$$H_{w NAF}(k)=\frac{1}{w+1}$$

(1)

Scalar dot multiplication using NAF_w(k) expansion is illustrated in Algorithm 5.

Algorithm 5: Scalar dot multiplication.

Input: Positive integers $k,P\in E(F_p)$, window width w Output: kP (1) calculate ${\mathrm{NAF}}_w(k)={\displaystyle \sum _{i=0}^{l-1}{k}_j}{2}^j$ (2) calculate $P_j=jP$, $j\in \{1,3,5,\dots ,2^w-1\}$ (3) let $Q\leftarrow 0$ (4) for j = 0 : l − 1   $Q\leftarrow 2Q$   if kj > 0, $Q\leftarrow Q+P_{k_j}$; else $Q\leftarrow Q-P_{-k_j}$ (5) return Q

The computational complexity of Algorithm 5 is divided into two stages: the precomputation stage and the assignment computation stage. The computational complexity of the precomputation stage is given by the following:

$$D+(2^{w-1}-1)A$$

(2)

The computational complexity of the assignment computation stage is given by the following:

$$lD+\frac{l}{w+1}A$$

(3)

Therefore, the total computational complexity is given by the following:

$$(1+l)D+\left[(2^{w-1}-1)+\frac{l}{w+1}\right]A$$

(4)

The w-NAF algorithm expands a scale into different forms, transforming scalar multiplication into a series of point additions and doublings. The common feature among these forms is the reduction in Hamming weight to minimize the computational cost of point additions. However, the distinguishing factor lies in the frequency of nonzero elements appearing in the expansion form. The w-NAF algorithm further enhances its computational efficiency by precomputing odd multiples of points. Nevertheless, these algorithms are not suitable for larger window widths when the cost of precomputation outweighs the reduction in precomputation costs. As the window size increases in the expansion, both the assignment computation stage and the precomputation stage incur a significant increase in overhead.

3.3. Fw-NAF Algorithm

When performing scalar dot product operations using the w-NAF expansion method, it becomes possible to effectively reduce the Hamming weight of the scale, thereby minimizing the number of point addition operations and lowering the computational complexity of scalar multiplication. However, this approach is not suitable for cases with larger window widths. As the window width increases, the computational cost of precomputation also sharply rises. To address this issue, this paper proposes a novel Fw-NAF algorithm that offers lower storage requirements and a reduced computational complexity. In this algorithm, the precomputation stage replaces odd numbers with prime numbers smaller than 2^w − 1 and employs these prime numbers to construct an addition chain that compensates for the difference between odd numbers and prime numbers.

In order to establish precise notation, let us define some symbols. Consider points P and Q on the elliptic curve; we draw a straight line passing through both P and Q, and this line intersects the elliptic curve at a third point, which we’ll call M. A line perpendicular to the x-axis is then constructed, passing through point M and intersecting the elliptic curve at another point N (usually symmetrical to point M with respect to the x-axis). This point N is defined as the addition operation of points P and Q, denoted as P + Q = N. Additionally, the point doubling operation, denoted as D, refers to the operation of adding P to itself, resulting in P + P.

3.3.1. Precomputation Based on Prime Numbers

For scalar dot product computations using window-based algorithms, significant reductions in precomputation requirements can be achieved by employing precomputed prime number points, particularly when larger window sizes are chosen. In

Table 1. The number of prime numbers when the window size is less than 25.

Window Size	The Number of Odd Numbers	The Number of Prime Numbers
1	1	1
2	2	2
3	4	4
4	8	6
5	16	11
6	32	18
7	64	31
8	128	54
9	256	97
10	512	172
11	1024	309
12	2048	564
13	4096	1028
14	8192	1900
15	16,384	3512
16	32,768	6542
17	65,536	12,251
18	131,072	23,000
19	262,144	43,390
20	524,288	82,025
21	1,048,576	155,611
22	2,097,152	295,947
23	4,194,304	564,143
24	8,388,608	564,143

, the number of precomputed points needed for different window widths is listed. It can be concluded that when the window width is greater than or equal to 4, the precomputation needed for the Fw-NAF algorithm is lower than that needed for the w-NAF algorithm. For instance, when the window width is set to 6, the w-NAF algorithm requires storing all odd points less than or equal to 63, totaling 32 points. This necessitates 1 point doubling operation and 31 point addition operations during precomputation. In contrast, the proposed Fw-NAF algorithm only requires storing 18 points and involves 1 point doubling operation and 18 point addition operations during precomputation. Consequently, the precomputation requirements exhibit a notable improvement.

3.3.2. Compensation for Differences Using Prime-Based Addition Chains

Using prime numbers smaller than 2^w − 1 as a replacement for odd numbers introduces differences. For example, when the window width is set to 5, the Fw-NAF algorithm requires 11 precomputed points, whereas the w-NAF window algorithm requires 16 precomputed points. There is a discrepancy between the two, which needs to be compensated for using prime-based addition chains. We summarized all prime numbers smaller than 255 and calculated the difference between each prime number and the preceding prime number. Additionally, we found that the differences between each prime number and its preceding prime number can take the following values: 1, 2, 3, 4, 8, 10, 12, and 14. Based on these difference values, an addition chain can be constructed to compute the required points that have not been precomputed.

The prime-based addition chain involves splitting an even number into the sum of two precomputed prime numbers, which can be directly obtained through table lookup, eliminating the need for tedious calculations and, thus, reducing the computational complexity of the algorithm. For example, when the window width is 8 and given k_j = 51, by precomputing prime-based points, the closest preceding prime-based point to 51P, 47P, is found. The difference between 51P and 47P is 4P, which can be expressed as 2P + 2P. Consequently, 51P = 47P + 2P + 2P. The algorithmic process for constructing the addition chain is shown in Algorithm 6.

Algorithm 6: Constructing an addition chain for odd points that have not been precomputed.

Input: Odd points that have not been precomputed Output: kjP addition chain (1) determine whether kj is a prime number, if False, goto step 2; if True, return (2) let s = the nearest prime number less than kj   let a = kj − s   find prime number pairs that sum up to a (3) return xP + yP + sP

For a window width ≤20, the maximum difference between an odd number and its preceding prime number is 90. Therefore, using Algorithm 6, we can provide an addition chain for even numbers between 1 and 90, as shown in

Table 2. The addition chain of the difference value.

a	2P	4P	6P	8P	10P	12P	14P	16P
Addtion chain	2P	2P + 2P	3P + 3P	3P + 5P	3P + 7P	5P + 7P	3P + 11P	3P + 11P
a	18P	20P	22P	24P	26P	28P	30P	32P
Addtion chain	5P + 13P	3P + 17P	3P + 19P	5P + 19P	3P + 23P	5P + 23P	7P + 23P	3P + 29P
a	34P	36P	38P	40P	42P	44P	46P	48P
Addtion chain	3P + 31P	5P + 31P	7P + 31P	3P + 37P	5P + 37P	3P + 41P	3P + 43P	5P + 43P
a	50P	52P	54P	56P	58P	60P	62P	64P
Addtion chain	3P + 47P	5P + 47P	7P + 47P	3P + 53P	5P + 53P	7P + 53P	3P + 59P	3P + 61P
a	66P	68P	70P	72P	74P	76P	78P	80P
Addtion chain	5P + 61P	7P + 61P	3P + 67P	5P + 67P	3P + 71P	3P + 73P	5P + 73P	7P + 73P
a	82P	84P	86P	88P	90P
Addtion chain	3P + 79P	5P + 79P	3P + 83P	5P + 83P	7P + 83P

. Based on this, we can conclude that constructing the addition chain requires one point addition operation.

3.3.3. Fw-NAF Scalar Multiplication Algorithm

During the precomputation phase, precomputed prime-based points are generated to replace the odd numbers in the w-NAF algorithm. In the computation phase, a shorter prime-based addition chain is constructed based on the differences between prime numbers and odd numbers [18]. Finally, the scalar multiplication algorithm is performed using a series of point addition and point doubling operations to obtain the final result. The improved Fw-NAF scalar multiplication algorithm is presented in Algorithm 7.

Algorithm 7: Fw-NAF scalar multiplication algorithm.

Input: Positive integers $k,P\in E(F_p)$, window width w Output: kP (1) calculate $NA{F}_w(k)={\displaystyle \sum _{i=0}^{l-1}{k}_j}{2}^j$, using Algorithm 4 (2) precompute $P_j=jP$, j denote all prime numbers smaller than 2w. (3) let $Q\leftarrow 0$ (4) for j = 0 : l − 1   $Q\leftarrow 2Q$   let s = the nearest prime number less than kj   let a = kj − s   let $a\leftarrow xP+yP$   let $Q\leftarrow Q+s+a$ (5) return Q

3.3.4. Fw-NAF Computational Complexity

We analyzed the computational complexity of the improved Fw-NAF scalar multiplication algorithm. In the precomputation phase, the algorithm precomputes prime numbers smaller than 2^w. According to the distribution characteristics of prime numbers, as we move further along the number line, the gaps between prime numbers become larger. This irregular distribution of prime numbers makes it impossible to predict the next prime number based on any specific pattern. The distribution of prime numbers exhibits a phenomenon known as “clustering” on the number line, which means that, within certain ranges, there is a relatively higher density of prime numbers, whereas in other ranges, the density of prime numbers is relatively lower.

Based on the prime number theorem, we can estimate the number of prime numbers less than or equal to x. Let π(x) present the count of prime numbers less than or equal to x.

$$\pi (x)~{\displaystyle {\int }_2^x\frac{dt}{\ln t}}~\frac{x}{\ln x-1.08366}~\frac{x}{\ln x}$$

(5)

which can be simplified as

$$\pi (x)~\lceil \frac{x}{\ln x}\rceil$$

(6)

Therefore, the computational complexity of the precomputation phase is solely dependent on the window width. The computational cost can be expressed as the following:

$$\lceil 2^w/\ln 2^w\rceil A+D$$

(7)

where A denotes a point addition operation, and D represents a point doubling operation. When the window width is 2 or 3, all odd numbers less than n are prime numbers. Therefore, the computational cost of the improved Fw-NAF scalar multiplication algorithm for the precomputation phase is consistent with that of the w-NAF algorithm.

Table 3. Computation cost of point addition operations in the precomputation phase.

w	2	3	4	5	6	7	8	9
Computation cost	A + D	3A + D	6A + D	10A + D	16A + D	27A + D	47A + D	83A + D
w	10	11	12	13	14	15	16	17
Computation cost	148A + D	269A + D	493A + D	910A + D	1689A + D	3152A + D	5910A + D	11,124A + D
w	18	19	20	21
Computation cost	21,010A + D	39,810A + D	75,639A + D	14,4074A + D

provides the computation costs of point addition operations in the precomputation phase for the Fw-NAF algorithm with window widths ranging from 2 to 21.

During the computation phase, the scalar k is expanded with a window size of l. This requires l point doubling operations. Hence, the Hamming weight of the w-NAF representation is given by 1/(w + 1). There are a total of l/(w + 1) non-zero digits, resulting in l/(w + 1) point addition operations. However, because some non-zero digits may correspond to odd points that have not been precomputed, additional point addition operations are necessary. When the difference between an odd digit and the previous prime digit is 1 or 2, two additional point addition operations are needed. In the case where the difference is an even number other than 1 or 2, three additional point addition operations are required. Therefore, the computational complexity of the computation phase can be determined based on the number of point doubling operations and the additional point addition operations, as outlined above.

$$lD+\lceil (1+\frac{T_2}{2^{w-1}}\ast 2+\frac{T_3}{2^{w-1}}\ast 3)\lceil \frac{l}{w+1}\rceil \rceil A$$

(8)

where T₂ represents the number of points that require two additional point additions, and T₃ represents the number of points that require three additional point additions. Therefore, the total computational complexity is determined using the sum of the precomputation complexity and the computation complexity.

$$(l+1)D+\lceil \lceil \frac{2^w}{\ln 2^w}\rceil +(1+\frac{T_2}{2^{w-1}}\ast 2+\frac{T_3}{2^{w-1}}\ast 3)\lceil \frac{l}{w+1}\rceil \rceil A$$

(9)

Taking a window width of w = 10 and using the elliptic curve P₂₅₆ as an example, the types and numbers of differences between non-precomputed points and precomputed points can be obtained based on prime numbers less than 2^w. The number of points requiring two additional point addition operations is 134, and the number of points requiring three additional point addition operations is 281. According to Formula (8), the computational complexity during the precomputation phase is 148A + D, and according to Formula (9), the computational complexity during the computation phase is 64A + 256D. Therefore, the total computational complexity is 212A + 257D.

4. Results

4.1. Building Blockchain Experimental System

To validate the proposed algorithm, a ten-node consortium blockchain system was constructed based on HyperLedger Fabric 1.4. The software and hardware environment of the system is presented in

Table 4. Software and hardware environment of the blockchain system.

Item	Details
CPU	Intel(R) Core(TM) i9-12900K 3.20 GHz
Memory	64.0 GB
Disk	512 GB
Operation system	Ubuntu18.04
Software	IntelliJ IDEA Ultimate 2020.2.4 x64 Go.1.15.10

.

4.2. Comparison between Fw-NAF and w-NAF

When using the elliptic curve P₂₅₆, the computational complexity of the w-NAF algorithm for window widths 5 ≤ w ≤ 20 is presented in

Table 5. Computational complexity of the w-NAF algorithm in P₂₅₆.

w	Computational Complexity in the Precomputation Phase	Computational Complexity in the Computation Phase	Total Computational Complexity	Total Computational Complexity of Jacobian Coordinates
5	$15A+D$	$43A+256D$	$58A+257D$	$3143.2M$
6	$31A+D$	$37A+256D$	$68A+257D$	$3295.2M$
7	$63A+D$	$32A+256D$	$95A+257D$	$3705.6M$
8	$127A+D$	$29A+256D$	$156A+257D$	$4632.8M$
9	$255A+D$	$26A+256D$	$281A+257D$	$6532.8M$
10	$511A+D$	$24A+256D$	$535A+257D$	$10393.6M$
11	$1023A+D$	$22A+256D$	$1045A+257D$	$18145.6M$
12	$2047A+D$	$20A+256D$	$2067A+257D$	$33680M$
13	$4095A+D$	$19A+256D$	$4115A+257D$	$64809.6M$
14	$8191A+D$	$18A+256D$	$8209A+257D$	$127053.6M$
15	$16383A+D$	$16A+256D$	$16399A+257D$	$251541.6M$
16	$32767A+D$	$16A+256D$	$32783A+257D$	$500578.4M$
17	$65535A+D$	$15A+256D$	$65550A+257D$	$998621.6M$
18	$131071A+D$	$14A+256D$	$131085A+257D$	$1994768.8M$
19	$262143A+D$	$13A+256D$	$262156A+257D$	$3987032.8M$
20	$524287A+D$	$13A+256D$	$524300A+257D$	$7971621.6M$

. As the window width gradually increases, the number of computations required in the precomputation phase grows exponentially. Therefore, the computational burden of the precomputation phase progressively increases and becomes a bottleneck for the algorithm. In the computation phase, each operation only requires determining whether to add the precomputed value based on the current bit value, leading to a gradual reduction in computational complexity. However, because of the substantial computational load in the precomputation phase, the overall computational complexity of the original window width w-NAF algorithm still exhibits exponential growth.

Table 6. Computational complexity of the Fw-NAF algorithm in P₂₅₆.

w	Computational Complexity in the Precomputation Phase	Computational Complexity in the Computation Phase	Total Computational Complexity	Total Computational Complexity of Jacobian Coordinates	Improvement Relative to w-NAF
5	$10A+D$	$82A+256D$	$82A+257D$	$3508M$	$0\%$
6	$16A+D$	$75A+256D$	$91A+257D$	$3644.8M$	$0\%$
7	$27A+D$	$72A+256D$	$99A+257D$	$3766.4M$	$0\%$
8	$47A+D$	$70A+256D$	$117A+257D$	$4040M$	$12\%$
9	$83A+D$	$67A+256D$	$150A+257D$	$4541.6M$	$30.5\%$
10	$148A+D$	$64A+256D$	$212A+257D$	$5484M$	$47.2\%$
11	$269A+D$	$61A+256D$	$330A+257D$	$7277.6M$	$59.9\%$
12	$493A+D$	$59A+256D$	$552A+257D$	$10652M$	$68.4\%$
13	$910A+D$	$56A+256D$	$966A+257D$	$17400.8M$	$73.2\%$
14	$1689A+D$	$54A+256D$	$1743A+257D$	$28755.2M$	$77.4\%$
15	$3152A+D$	$51A+256D$	$3203A+257D$	$50947.2M$	$79.8\%$
16	$5910A+D$	$49A+256D$	$5957A+257D$	$92808M$	$81.5\%$
17	$11124A+D$	$47A+256D$	$11171A+257D$	$172060.8M$	$82.8\%$
18	$21010A+D$	$45A+256D$	$21056A+257D$	$322312.8M$	$83.8\%$
19	$39810A+D$	$43A+256D$	$39853A+257D$	$608027.2M$	$84.7\%$
20	$75639A+D$	$42A+256D$	$75681A+257D$	$1152612.8M$	$85.5\%$

presents the computational complexity and efficiency improvement of the enhanced Fw-NAF scalar multiplication algorithm for window widths 5 ≤ w ≤ 20. It can be observed that, for smaller window widths, the Fw-NAF algorithm does not exhibit a significant advantage over the w-NAF algorithm. However, as the window width w gradually increases, the smaller number of prime numbers compared to odd numbers leads to a reduced precomputational complexity in the Fw-NAF algorithm compared to the w-NAF algorithm.

According to Table 6, it can be analyzed that if the window width is small and the proportion of prime to odd numbers is high, it means that the precomputation cost of the Fw-NAF algorithm is almost the same as the computation cost of the w-NAF algorithm. Therefore, when the window value is small, especially less than 7, the Fw-NAF algorithm does not have a significant advantage. However, as the window value increases, the proportion of prime to odd numbers decreases, making the improved algorithm more effective. However, when the window selection is too large, even with increased improvement, the algorithm requires a larger amount of computation. Therefore, in practical usage, it is important to choose an appropriate window width.

4.3. Performance of Blockchain System

Testing the on-chain latency of the blockchain system was conducted. In a blockchain system, the generation of each transaction requires a collective verification, packaging, and on-chain process via other nodes before it becomes a valid transaction on the blockchain. The signing algorithm plays a crucial role in the transaction verification process as it ensures the authenticity and integrity of the transaction, preventing tampering and forgery. However, some signing algorithms have high computational complexity, requiring a significant amount of computation and time to complete the signing process, thereby resulting in on-chain latency for transactions. The authors performed five rounds of testing on systems using w-NAF and Fw-NAF, separately, with different sizes of data being uploaded in each round.

Table 7. The on-chain latency time of the blockchain system using w-NAF algorithm.

No.	The Size of Upload Data (kb)	On-Chain Latency Time (ms)
1	512	1103
2	1024	1186
3	2048	1307
4	3072	1425
5	5120	1488
average	2355.2	1301.8

presents the on-chain latency time of the blockchain system using w-NAF algorithm, whereas

Table 8. The on-chain latency time of the blockchain system using Fw-NAF algorithm.

No.	The Size of Upload Data (kb)	On-Chain Latency Time (ms)
1	512	603
2	1024	632
3	2048	738
4	3072	799
5	5120	832
average	2355.2	720.8

shows the on-chain latency time of the blockchain system optimized with the Fw-NAF algorithm.

Based on the on-chain latency test results of the SM2 algorithm in the blockchain system optimized with Fw-NAF, it can be observed that as the size of uploaded data increases, the system’s on-chain latency experiences a slight increase. When the average uploaded data size is 2355.2 kb, the on-chain latency time is reduced by 45% compared to that of the SM algorithm using w-NAF, demonstrating a significant improvement in efficiency.

5. Conclusions

The present study aimed to improve the SM2 encryption algorithm within the context of the Chinese national cryptographic standard, with a focus on reducing its complexity and enhancing its operational speed. The optimized algorithm was subsequently applied to the field of blockchains to address the demand for low on-chain latency in consortium chains. Our experimental results demonstrate the effectiveness of the Fw-NAF algorithm, optimized in this study, in significantly reducing on-chain latency by 45% when compared to blockchain systems utilizing the w-NAF algorithm. This improvement has led to notable enhancements in the operational speed and overall performance of the blockchain system.

Furthermore, our findings highlight the potential of our optimization approach to contribute to the broader adoption and scalability of blockchain technology in consortium chain environments. By reducing on-chain latency, we have addressed a critical limitation of existing blockchain systems and paved the way for more efficient and responsive blockchain applications.

However, it is important to acknowledge the limitations of our research. First, our study focused primarily on the optimization of the SM2 encryption algorithm, and further research is needed to explore its impact on other aspects of blockchain performance. Additionally, while our results demonstrate significant improvements in on-chain latency, the applicability of the Fw-NAF algorithm to different blockchain architectures and network conditions requires further investigation.