Results 1 
9 of
9
Aspects of Hyperelliptic Curves over Large Prime Fields in Software Implementations
, 2004
"... Abstract. We present an implementation of elliptic curves and of hyperelliptic curves of genus 2 and 3 over prime fields. To achieve a fair comparison between the different types of groups, we developed an adhoc arithmetic library, designed to remove most of the overheads that penalize implementati ..."
Abstract

Cited by 37 (5 self)
 Add to MetaCart
(Show Context)
Abstract. We present an implementation of elliptic curves and of hyperelliptic curves of genus 2 and 3 over prime fields. To achieve a fair comparison between the different types of groups, we developed an adhoc arithmetic library, designed to remove most of the overheads that penalize implementations of curvebased cryptography over prime fields. These overheads get worse for smaller fields, and thus for larger genera for a fixed group size. We also use techniques for delaying modular reductions to reduce the amount of modular reductions in the formulae for the group operations. The result is that the performance of hyperelliptic curves of genus 2 over prime fields is much closer to the performance of elliptic curves than previously thought. For groups of 192 and 256 bits the difference is about 14 % and 15 % respectively.
High Security PairingBased Cryptography Revisited
 In Algorithmic Number Theory Symposium – ANTS VII, SpringerVerlag LNCS XXXX, XXXX–XXXX
, 2006
"... The security and performance of pairing based cryptography has provoked a large volume of research, in part because of the exciting new cryptographic schemes that it underpins. We reexamine how one should implement pairings over ordinary elliptic curves for various practical levels of security. ..."
Abstract

Cited by 30 (5 self)
 Add to MetaCart
The security and performance of pairing based cryptography has provoked a large volume of research, in part because of the exciting new cryptographic schemes that it underpins. We reexamine how one should implement pairings over ordinary elliptic curves for various practical levels of security. We conclude, contrary to prior work, that the Tate pairing is more e#cient than the Weil pairing for all such security levels. This is achieved by using e#cient exponentiation techniques in the cyclotomic subgroup backed by e#cient squaring routines within the same subgroup.
Side Channel Attacks on Implementations of CurveBased Cryptographic Primitives
, 2005
"... The present survey deals with the recent research in side channel analysis and related attacks on implementations of cryptographic primitives. The focus is on software contermeasures for primitives built around algebraic groups. Many countermeasures are described, together with their extent of ap ..."
Abstract

Cited by 10 (0 self)
 Add to MetaCart
The present survey deals with the recent research in side channel analysis and related attacks on implementations of cryptographic primitives. The focus is on software contermeasures for primitives built around algebraic groups. Many countermeasures are described, together with their extent of applicability, and their weaknesses. Some suggestions are made, conclusion are drawn, some directions for future research are given. An extensive bibliography on recent developments concludes the survey.
Optimal Tower Fields for Hyperelliptic Curve Cryptosystems
"... Cryptographic primitives have increasingly emerged into embedded systems such as mobile phones, smart cards, and personal digital assistants. Elliptic Curve Cryptosystems (ECC) and Hyperelliptic curve cryptosystems (HECC) are the cryptosystems of choice for asymmetric data encryption in environments ..."
Abstract

Cited by 5 (0 self)
 Add to MetaCart
Cryptographic primitives have increasingly emerged into embedded systems such as mobile phones, smart cards, and personal digital assistants. Elliptic Curve Cryptosystems (ECC) and Hyperelliptic curve cryptosystems (HECC) are the cryptosystems of choice for asymmetric data encryption in environments where processor power and storage are limited [1]. We introduce the first cryptographic implementation of Optimal Tower Fields (OTF) [2], [3] for HECC. Furthermore, we introduce the first implementation of HECC over an extension field of odd characteristic on an embedded processor. With our implementation, a scalar multiplication for a 160 bit group order can be performed in 44ms on the ARM processor which is 57 % faster than the best previously known implementation on the same processor. Our implementations also target a general purpose processor.
Architectural Support for Arithmetic in Optimal Extension Fields
 15TH IEEE INTERNATIONAL CONFERENCE ON APPLICATIONSPECIFIC SYSTEMS, ARCHITECTURES AND PROCESSORS (ASAP 2004)
, 2004
"... Publickey cryptosystems generally involve computationintensive arithmetic operations, making them impractical for software implementation on constrained devices such as smart cards. In this paper we investigate the potential of architectural enhancements and instruction set extensions for lowleve ..."
Abstract

Cited by 5 (2 self)
 Add to MetaCart
Publickey cryptosystems generally involve computationintensive arithmetic operations, making them impractical for software implementation on constrained devices such as smart cards. In this paper we investigate the potential of architectural enhancements and instruction set extensions for lowlevel arithmetic used in publickey cryptography, most notably multiplication in finite fields of large order. The focus of the present work is directed towards a special type of finite fields, the socalled Optimal Extension Fields GF(p^m) where p is a pseudoMersenne (PM) prime of the form p = 2^n  c that fits into a single register. Based on the MIPS32 instruction set architecture, we introduce two new instructions to accelerate the reduction modulo a PM number. Moreover, we show that the multiplication in an Optimal Extension Field can take advantage of a multiply/accumulate unit with a wide accumulator so that a certain number of 64bit products can be summed up without overflow. The proposed extensions support a wide range of PM numbers and allow to perform a reduction modulo 2^n  c in only four clock cycles when n <= 32 and c < 4096.
On Computing Products of Pairings
, 2006
"... In many pairingbased protocols often the evaluation of the product of many pairing evaluations is required. In this paper we consider methods to compute such products e#ciently. Focusing on pairingfriendly fields in particular, we evaluate methods for the Weil, Tate and Ate pairing algorithms f ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
(Show Context)
In many pairingbased protocols often the evaluation of the product of many pairing evaluations is required. In this paper we consider methods to compute such products e#ciently. Focusing on pairingfriendly fields in particular, we evaluate methods for the Weil, Tate and Ate pairing algorithms for ordinary elliptic curves at various security levels. Our operation counts indicate that the minimal cost of each additional pairing relative to the cost of one is 0.61, 0.45, and 0.43, for each of these pairings respectively at the 128bit security level. For larger security levels the Ate pairing can have a relative additional cost of as low as 0.13 for each additional pairing.
Explicit formulas for efficient multiplication in F36m
 Selected Areas in Cryptography – SAC 2007, number 4876 in Lecture
"... ..."
(Show Context)
Faster 128EEA3 and 128EIA3 Software
"... Abstract. The 3GPP Task Force recently supplemented mobile LTE network security with an additional set of confidentiality and integrity algorithms, namely 128EEA3 and 128EIA3 built on top of ZUC, a new keystream generator. We propose two novel techniques to improve the software performance of thes ..."
Abstract
 Add to MetaCart
(Show Context)
Abstract. The 3GPP Task Force recently supplemented mobile LTE network security with an additional set of confidentiality and integrity algorithms, namely 128EEA3 and 128EIA3 built on top of ZUC, a new keystream generator. We propose two novel techniques to improve the software performance of these algorithms. We show how delayed modular reduction increases the efficiency of the LFSR feedback function, yielding performance gains for ZUC and thus both 128EEA3 and 128EIA3. We also show how to leverage carryless multiplication to evaluate the universal hash function making up the core of 128EIA3. Our software implementation results on Qualcomm’s Hexagon DSP architecture indicate significant performance gains when employing these techniques: up to roughly a 2fold and 2.5fold throughput improvement for 128EEA3 and 128EIA3, respectively.