Results 1  10
of
11
A Survey of Fast Exponentiation Methods
 Journal of Algorithms
, 1998
"... Publickey cryptographic systems often involve raising elements of some group (e.g. GF(2 n), Z/NZ, or elliptic curves) to large powers. An important question is how fast this exponentiation can be done, which often determines whether a given system is practical. The best method for exponentiation de ..."
Abstract

Cited by 155 (0 self)
 Add to MetaCart
Publickey cryptographic systems often involve raising elements of some group (e.g. GF(2 n), Z/NZ, or elliptic curves) to large powers. An important question is how fast this exponentiation can be done, which often determines whether a given system is practical. The best method for exponentiation depends strongly on the group being used, the hardware the system is implemented on, and whether one element is being raised repeatedly to different powers, different elements are raised to a fixed power, or both powers and group elements vary. This problem has received much attention, but the results are scattered through the literature. In this paper we survey the known methods for fast exponentiation, examining their relative strengths and weaknesses. 1
An Efficient Offline Electronic Cash System Based On The Representation Problem
, 1993
"... We present a new offline electronic cash system based on a problem, called the representation problem, of which little use has been made in literature thus far. Our system is the first to be based entirely on discrete logarithms. Using the representation problem as a basic concept, some technique ..."
Abstract

Cited by 136 (3 self)
 Add to MetaCart
We present a new offline electronic cash system based on a problem, called the representation problem, of which little use has been made in literature thus far. Our system is the first to be based entirely on discrete logarithms. Using the representation problem as a basic concept, some techniques are introduced that enable us to construct protocols for withdrawal and payment that do not use the cut and choose methodology of earlier systems. As a consequence, our cash system is much more efficient in both computation and communication complexity than previously proposed systems. Another
Speeding Up The Computations On An Elliptic Curve Using AdditionSubtraction Chains
 Theoretical Informatics and Applications
, 1990
"... We show how to compute x k using multiplications and divisions. We use this method in the context of elliptic curves for which a law exists with the property that division has the same cost as multiplication. Our best algorithm is 11.11% faster than the ordinary binary algorithm and speeds up acco ..."
Abstract

Cited by 100 (4 self)
 Add to MetaCart
We show how to compute x k using multiplications and divisions. We use this method in the context of elliptic curves for which a law exists with the property that division has the same cost as multiplication. Our best algorithm is 11.11% faster than the ordinary binary algorithm and speeds up accordingly the factorization and primality testing algorithms using elliptic curves. 1. Introduction. Recent algorithms used in primality testing and integer factorization make use of elliptic curves defined over finite fields or Artinian rings (cf. Section 2). One can define over these sets an abelian law. As a consequence, one can transpose over the corresponding groups all the classical algorithms that were designed over Z/NZ. In particular, one has the analogue of the p \Gamma 1 factorization algorithm of Pollard [29, 5, 20, 22], the Fermatlike primality testing algorithms [1, 14, 21, 26] and the public key cryptosystems based on RSA [30, 17, 19]. The basic operation performed on an elli...
ADDITION REQUIREMENTS FOR MATRIX AND TRANSPOSED MATRIX PRODUCTS
 J. OF ALGORITHMS
, 1988
"... Let M be an s ×t matrix and let M T be the transpose of M . Let x and y be t  and s dimensional indeterminate column vectors, respectively. We show that any linear algorithm A that computes M x has associated with it a natural dual linear algorithm denoted A T that computes M T y . Further ..."
Abstract

Cited by 19 (1 self)
 Add to MetaCart
Let M be an s ×t matrix and let M T be the transpose of M . Let x and y be t  and s dimensional indeterminate column vectors, respectively. We show that any linear algorithm A that computes M x has associated with it a natural dual linear algorithm denoted A T that computes M T y . Furthermore, if M has no zero rows or columns then the number of additions used by A T exceeds the number of additions used by A by exactly s t . In addition, a strong correspondence is established between linear algorithms that compute the product M x and bilinear algorithms that compute the bilinear form y T M x .
Fast exponentiation with precomputation: Algorithms and lower bounds
 in Proc. of EUROCRYPT ’92
, 1995
"... In several cryptographic systems, a fixed element g of a group of order N is repeatedly raised to many different powers. In this paper we present a practical method of speeding up such systems, using precomputed values to reduce the number of multiplications needed. In practice this provides a subst ..."
Abstract

Cited by 11 (1 self)
 Add to MetaCart
In several cryptographic systems, a fixed element g of a group of order N is repeatedly raised to many different powers. In this paper we present a practical method of speeding up such systems, using precomputed values to reduce the number of multiplications needed. In practice this provides a substantial improvement over the level of performance that can be obtained using addition chains, and allows the computation of g n for n < N in O(log N / log log N) multiplicaitons. We show that this method is asymptotically optimal given polynomial storage, and for specific cases, within a small factor of optimal. We also show how these methods can be parallelized, to compute powers in time O(log log N) with O(log N / log 2 log N) processors.
Pippenger's Exponentiation Algorithm
, 2002
"... Pippenger's exponentiation algorithm computes a power, or a product of powers, or a sequence of powers, or a sequence of products of powers, with very few multiplications. Pippenger's algorithm was published twentyve years ago, but it is still not widely understood or appreciated, although certain ..."
Abstract

Cited by 9 (0 self)
 Add to MetaCart
Pippenger's exponentiation algorithm computes a power, or a product of powers, or a sequence of powers, or a sequence of products of powers, with very few multiplications. Pippenger's algorithm was published twentyve years ago, but it is still not widely understood or appreciated, although certain parts of it have recently been reinvented, republished, and popularized. This paper is an exposition of the state of the art in generic exponentiation algorithmsin particular, Pippenger's algorithm. 1.
Order computations in generic groups
 PHD THESIS MIT, SUBMITTED JUNE 2007. RESOURCES
, 2007
"... ..."
Analysis of DPA Countermeasures Based on Randomizing the Binary Algorithm
, 2003
"... One of the major threats to the security of cryptosystems nowadays is the information leaked through side channels. For instance, power analysis attacks have been successfully mounted on cryptosystems embedded into small devices such as smart cards. ..."
Abstract

Cited by 5 (2 self)
 Add to MetaCart
One of the major threats to the security of cryptosystems nowadays is the information leaked through side channels. For instance, power analysis attacks have been successfully mounted on cryptosystems embedded into small devices such as smart cards.
Implementation of the GBD cryptosystem
 In Cryptographic Algorithms and their Uses
, 2004
"... Abstract. We present our experience from implementing the publickey cryptosystem of González, Boyd and Dawson. We discuss different computational methods and compare their relative efficiency experimentally. We also compare the efficiency of this cryptosystem with that of the ElGamal cipher. 1 ..."
Abstract

Cited by 2 (1 self)
 Add to MetaCart
Abstract. We present our experience from implementing the publickey cryptosystem of González, Boyd and Dawson. We discuss different computational methods and compare their relative efficiency experimentally. We also compare the efficiency of this cryptosystem with that of the ElGamal cipher. 1
Faster Hashing to G2
"... Abstract. An asymmetric pairing e: G2 × G1 → GT is considered such ..."
Abstract

Cited by 2 (1 self)
 Add to MetaCart
Abstract. An asymmetric pairing e: G2 × G1 → GT is considered such