Results 1  10
of
99
Optimal Extension Fields for Fast Arithmetic in PublicKey Algorithms
, 1998
"... Abstract. This contribution introduces a class of Galois field used to achieve fast finite field arithmetic which we call an Optimal Extension Field (OEF). This approach is well suited for implementation of publickey cryptosystems based on elliptic and hyperelliptic curves. Whereas previous reported ..."
Abstract

Cited by 73 (14 self)
 Add to MetaCart
Abstract. This contribution introduces a class of Galois field used to achieve fast finite field arithmetic which we call an Optimal Extension Field (OEF). This approach is well suited for implementation of publickey cryptosystems based on elliptic and hyperelliptic curves. Whereas previous reported optimizations focus on finite fields of the form GF (p) and GF (2 m), an OEF is the class of fields GF (p m), for p a prime of special form and m a positive integer. Modern RISC workstation processors are optimized to perform integer arithmetic on integers of size up to the word size of the processor. Our construction employs wellknown techniques for fast finite field arithmetic which fully exploit the fast integer arithmetic found on these processors. In this paper, we describe our methods to perform the arithmetic in an OEF and the methods to construct OEFs. We provide a list of OEFs tailored for processors with 8, 16, 32, and 64 bit word sizes. We report on our application of this approach to construction of elliptic curve cryptosystems and demonstrate a substantial performance improvement over all previous reported software implementations of Galois field arithmetic for elliptic curves.
Efficient Algorithms for Elliptic Curve Cryptosystems
, 1997
"... Elliptic curves are the basis for a relative new class of publickey schemes. It is predicted that elliptic curves will replace many existing schemes in the near future. It is thus of great interest to develop algorithms which allow efficient implementations of elliptic curve crypto systems. This th ..."
Abstract

Cited by 71 (9 self)
 Add to MetaCart
Elliptic curves are the basis for a relative new class of publickey schemes. It is predicted that elliptic curves will replace many existing schemes in the near future. It is thus of great interest to develop algorithms which allow efficient implementations of elliptic curve crypto systems. This thesis deals with such algorithms. Efficient algorithms for elliptic curves can be classified into lowlevel algorithms, which deal with arithmetic in the underlying finite field and highlevel algorithms, which operate with the group operation. This thesis describes three new algorithms for efficient implementations of elliptic curve cryptosystems. The first algorithm describes the application of the KaratsubaOfman Algorithm to multiplication in composite fields GF ((2 n ) m ). The second algorithm deals with efficient inversion in composite Galois fields of the form GF ((2 n ) m ). The third algorithm is an entirely new approach which accelerates the multiplication of points which i...
Efficient Arithmetic in Finite Field Extensions with Application in Elliptic Curve Cryptography
 Journal of Cryptology
, 2000
"... . This contribution focuses on a class of Galois field used to achieve fast finite field arithmetic which we call an Optimal Extension Field (OEF), first introduced in [3]. We extend this work by presenting an adaptation of Itoh and Tsujii's algorithm for finite field inversion applied to OEF ..."
Abstract

Cited by 53 (9 self)
 Add to MetaCart
(Show Context)
. This contribution focuses on a class of Galois field used to achieve fast finite field arithmetic which we call an Optimal Extension Field (OEF), first introduced in [3]. We extend this work by presenting an adaptation of Itoh and Tsujii's algorithm for finite field inversion applied to OEFs. In particular, we use the facts that the action of the Frobenius map in GF (p m ) can be computed with only m 1 subfield multiplications and that inverses in GF (p) may be computed cheaply using known techniques. As a result, we show that one extension field inversion can be computed with a logarithmic number of extension field multiplications. In addition, we provide new extension field multiplication formulas which give a performance increase. Further, we provide an OEF construction algorithm together with tables of Type I and Type II OEFs along with statistics on the number of pseudoMersenne primes and OEFs. We apply this new work to provide implementation results using these me...
QUANTUM ALGORITHMS FOR SOME HIDDEN SHIFT PROBLEMS
 SIAM J. COMPUT
, 2006
"... Almost all of the most successful quantum algorithms discovered to date exploit the ability of the Fourier transform to recover subgroup structures of functions, especially periodicity. The fact that Fourier transforms can also be used to capture shift structure has received far less attention in th ..."
Abstract

Cited by 53 (3 self)
 Add to MetaCart
Almost all of the most successful quantum algorithms discovered to date exploit the ability of the Fourier transform to recover subgroup structures of functions, especially periodicity. The fact that Fourier transforms can also be used to capture shift structure has received far less attention in the context of quantum computation. In this paper, we present three examples of “unknown shift” problems that can be solved efficiently on a quantum computer using the quantum Fourier transform. For one of these problems, the shifted Legendre symbol problem, we give evidence that the problem is hard to solve classically, by showing a reduction from breaking algebraically homomorphic cryptosystems. We also define the hidden coset problem, which generalizes the hidden shift problem and the hidden subgroup problem. This framework provides a unified way of viewing the ability of the Fourier transform to capture subgroup and shift structure.
A COMPLEXITY DICHOTOMY FOR PARTITION FUNCTIONS WITH MIXED SIGNS
, 2009
"... Partition functions, also known as homomorphism functions, form a rich family of graph invariants that contain combinatorial invariants such as the number of kcolourings or the number of independent sets of a graph and also the partition functions of certain “spin glass” models of statistical physi ..."
Abstract

Cited by 32 (7 self)
 Add to MetaCart
Partition functions, also known as homomorphism functions, form a rich family of graph invariants that contain combinatorial invariants such as the number of kcolourings or the number of independent sets of a graph and also the partition functions of certain “spin glass” models of statistical physics such as the Ising model. Building on earlier work by Dyer and Greenhill [7] and Bulatov and Grohe [6], we completely classify the computational complexity of partition functions. Our main result is a dichotomy theorem stating that every partition function is either computable in polynomial time or #Pcomplete. Partition functions are described by symmetric matrices with real entries, and we prove that it is decidable in polynomial time in terms of the matrix whether a given partition function is in polynomial time or #Pcomplete. While in general it is very complicated to give an explicit algebraic or combinatorial description of the tractable cases, for partition functions described by a Hadamard matrices — these turn out to be central in our proofs — we obtain a simple algebraic tractability criterion, which says that the tractable cases are those “representable” by a quadratic polynomial over the field F2.
Graph Homomorphisms with Complex Values: A Dichotomy Theorem
"... Graph homomorphism problem has been studied intensively. Given an m × m symmetric matrix A, the graph homomorphism function is defined as ZA(G) = Aξ(u),ξ(v), ξ:V →[m] (u,v)∈E where G = (V, E) is any undirected graph. The function ZA(G) can encode many interesting graph properties, including counting ..."
Abstract

Cited by 31 (14 self)
 Add to MetaCart
(Show Context)
Graph homomorphism problem has been studied intensively. Given an m × m symmetric matrix A, the graph homomorphism function is defined as ZA(G) = Aξ(u),ξ(v), ξ:V →[m] (u,v)∈E where G = (V, E) is any undirected graph. The function ZA(G) can encode many interesting graph properties, including counting vertex covers and kcolorings. We study the computational complexity of ZA(G) for arbitrary complex valued symmetric matrices A. Building on work by Dyer and Greenhill [6], Bulatov and Grohe [2], and especially the recent beautiful work by Goldberg,
Monomial and Quadratic Bent Functions over the Finite Fields of Odd Characteristic †
, 2005
"... We consider pary bent functions of the form f(x) = Trn Ès i=0 aixd i¡. A new class of ternary monomial regular bent function with the Dillon exponent is discovered. The existence of Dillon bent functions in the general case is an open problem of deciding whether a certain Kloosterman sum can take ..."
Abstract

Cited by 24 (4 self)
 Add to MetaCart
(Show Context)
We consider pary bent functions of the form f(x) = Trn Ès i=0 aixd i¡. A new class of ternary monomial regular bent function with the Dillon exponent is discovered. The existence of Dillon bent functions in the general case is an open problem of deciding whether a certain Kloosterman sum can take on the value −1. Also described is the general Goldlike form of a bent function that covers all the previously known monomial quadratic cases. We also discuss the (weak) regularity of our new as well as of known monomial bent functions and give the first example of a not weakly regular bent function. Finally we prove some criteria for an arbitrary quadratic functions to be bent. 1
T.: “HigherOrder Glitches Free Implementation of the AES Using
 Secure Multiparty Computation Protocols,” CHES 2011, LNCS 6917
, 2011
"... e.prouff(at)oberthur(dot)com Abstract. Higherorder side channel attacks (HOSCA) is a powerful technique against cryptographic implementations and the design of appropriate countermeasures is nowadays an important topic. In parallel, another class of attacks, called glitches attacks, have been inve ..."
Abstract

Cited by 22 (3 self)
 Add to MetaCart
e.prouff(at)oberthur(dot)com Abstract. Higherorder side channel attacks (HOSCA) is a powerful technique against cryptographic implementations and the design of appropriate countermeasures is nowadays an important topic. In parallel, another class of attacks, called glitches attacks, have been investigated which exploit the hardware glitches phenomena occurring during the physical execution of algorithms. Some solutions have been proposed to counteract HOSCA at any order or to defeat glitches attacks, but no work has until now focussed on the definition of a sound countermeasure thwarting both attacks. We introduce in this paper a circuit model in which sidechannel resistance in presence of glitches effects can be characterized. This allows us to construct the first glitches free HOSCA countermeasure. The new construction can be built from any Secure MultiParty Computation protocol and, as an illustration, we propose to apply the protocol introduced by Ben’Or et al. at STOC in 1988. The adaptation of the latter protocol to the context of sidechannel analysis results in a completely new higherorder masking scheme, particularly interesting when addressing resistance in the presence of glitches. An application of our scheme to the AES block cipher is detailed, as well as an information theoretic evaluation of the new masking function that we call polynomial masking. 1
Efficient Multiplier Architectures for Galois Fields GF(2 4n )
 IEEE Transactions on Computers
, 1998
"... This contribution introduces a new class of multipliers for finite fields GF ((2 n ) 4 ). The architecture is based on a modified version of the KaratsubaOfman algorithm (KOA). By determining optimized field polynomials of degree four, the last stage of the KOA and the modulo reduction can b ..."
Abstract

Cited by 15 (0 self)
 Add to MetaCart
(Show Context)
This contribution introduces a new class of multipliers for finite fields GF ((2 n ) 4 ). The architecture is based on a modified version of the KaratsubaOfman algorithm (KOA). By determining optimized field polynomials of degree four, the last stage of the KOA and the modulo reduction can be combined. This saves computation and area in VLSI implementations. The new algorithm leads to architectures which show a considerably improved gate complexity compared to traditional approaches and reduced delay if compared with KOAbased architectures with separate modulo reduction. The new multipliers lead to highly modular architectures an are thus well suited for VLSI implementations. Three types of field polynomials are introduced and conditions for their existence are established. For the small fields where n = 2; 3; : : : ; 8, which are of primary technical interest, optimized field polynomials were determined by an exhaustive search. For each field order, exact space and ti...
Comparison of Arithmetic Architectures for ReedSolomon Decoders in Reconfigurable Hardware
 IEEE Transactions on Computers
, 1997
"... ReedSolomon (RS) error correction codes are being widely used in modern communication systems such as compact disk players or satellite communication links. RS codes rely on arithmetic in finite, or Galois fields. The specific field GF (2 8 ) is of central importance for many practical systems. T ..."
Abstract

Cited by 15 (2 self)
 Add to MetaCart
(Show Context)
ReedSolomon (RS) error correction codes are being widely used in modern communication systems such as compact disk players or satellite communication links. RS codes rely on arithmetic in finite, or Galois fields. The specific field GF (2 8 ) is of central importance for many practical systems. The most costly, and thus most critical, elementary operations in RS decoders are multiplication and inversion in Galois fields. Although there have been considerable efforts in the area of Galois field arithmetic architectures, there appears to be very little reported work for Galois field arithmetic for reconfigurable hardware. This contribution provides a systematic comparison of two promising arithmetic architecture classes. The first one is based on a standard base representation, and the second one is based on composite fields. For both classes a multiplier and an inverter for GF (2 8 ) are described and theoretical gate counts are provided. Using a design entry based on a VHDL descr...