Results 1  10
of
19
On Small Characteristic Algebraic Tori in PairingBased Cryptography
, 2004
"... The output of the Tate pairing on an elliptic curve over a nite eld is an element in the multiplicative group of an extension eld modulo a particular subgroup. One ordinarily powers this element to obtain a unique representative for the output coset, and performs any further necessary arithmet ..."
Abstract

Cited by 38 (4 self)
 Add to MetaCart
The output of the Tate pairing on an elliptic curve over a nite eld is an element in the multiplicative group of an extension eld modulo a particular subgroup. One ordinarily powers this element to obtain a unique representative for the output coset, and performs any further necessary arithmetic in the extension eld. Rather than an obstruction, we show to the contrary that one can exploit this quotient group to eliminate the nal powering, to speed up exponentiations and to obtain a simple compression of pairing values which is useful during interactive identitybased cryptographic protocols. Speci cally we demonstrate that methods available for fast point multiplication on elliptic curves such as mixed addition, signed digit representations and Frobenius expansions, all transfer easily to the quotient group, and provide a signi cant improvement over the arithmetic of the extension eld.
Universal secure network coding via rankmetric codes
 IEEE Trans. Inf. Theory
, 2011
"... The problem of securing a network coding communication system against a wiretapper adversary is considered. The network implements linear network coding to deliver n packets from source to each receiver, and the wiretapper can eavesdrop on µ arbitrarily chosen links. A coding scheme is proposed that ..."
Abstract

Cited by 29 (6 self)
 Add to MetaCart
(Show Context)
The problem of securing a network coding communication system against a wiretapper adversary is considered. The network implements linear network coding to deliver n packets from source to each receiver, and the wiretapper can eavesdrop on µ arbitrarily chosen links. A coding scheme is proposed that can achieve the maximum possible rate of k = n−µ packets that are informationtheoretically secure from the adversary. The scheme, which is based on rankmetric codes, has the distinctive property of being universal: it can be applied on top of any communication network without requiring knowledge of or any modifications on the underlying network code. If the security requirements are relaxed to allow only meaningless information to be leaked to the wiretapper, then the scheme can be extended to achieve the full rate of k = n packets, while still preserving the property of universality. A further scenario is considered where the adversary is allowed not only to eavesdrop but also to inject up to t erroneous packets into the network. In this case, as long as µ + 2t < n, the proposed scheme can be extended to provide universal secure and reliable communication. I.
Hardware and software normal basis arithmetic for pairing based cryptography in characteristic three
 IEEE Transactions on Computers
, 2005
"... Department of Computer Science, ..."
(Show Context)
Fast Encoding and Decoding of Gabidulin Codes
, 901
"... Abstract—Gabidulin codes are the rankmetric analogs of ReedSolomon codes and have a major role in practical error control for network coding. This paper presents new encoding and decoding algorithms for Gabidulin codes based on lowcomplexity normal bases. In addition, a new decoding algorithm is p ..."
Abstract

Cited by 15 (3 self)
 Add to MetaCart
(Show Context)
Abstract—Gabidulin codes are the rankmetric analogs of ReedSolomon codes and have a major role in practical error control for network coding. This paper presents new encoding and decoding algorithms for Gabidulin codes based on lowcomplexity normal bases. In addition, a new decoding algorithm is proposed based on a transformdomain approach. Together, these represent the fastest known algorithms for encoding and decoding Gabidulin codes. I.
Explicit Construction of SelfDual Integral Normal Bases for the SquareRoot of the Inverse Different
 J. Number Theory, 129:1773
"... ar ..."
(Show Context)
Subquadratic Computational Complexity Schemes for Extended Binary Field Multiplication Using Optimal Normal Bases
, 2007
"... Based on a recently proposed Toeplitz matrixvector product approach, a subquadratic computational complexity scheme is presented for multiplications in binary extended finite fields using Type I and II optimal normal bases. basis. Index Terms Finite field, subquadratic computational complexity mult ..."
Abstract

Cited by 9 (3 self)
 Add to MetaCart
(Show Context)
Based on a recently proposed Toeplitz matrixvector product approach, a subquadratic computational complexity scheme is presented for multiplications in binary extended finite fields using Type I and II optimal normal bases. basis. Index Terms Finite field, subquadratic computational complexity multiplication, normal basis, optimal normal
Algebraic manipulation detection codes and their applications for design of secure cryptographic devices
 in IEEE 17th International OnLine Testing Symposium (IOLTS
"... Abstract—Cryptographic devices are vulnerable to fault injection attacks. All previous countermeasures against fault injection attacks based on error detecting codes assume that the attacker cannot simultaneously control the faultfree outputs of a deviceunderattack and error patterns. For advance ..."
Abstract

Cited by 7 (6 self)
 Add to MetaCart
(Show Context)
Abstract—Cryptographic devices are vulnerable to fault injection attacks. All previous countermeasures against fault injection attacks based on error detecting codes assume that the attacker cannot simultaneously control the faultfree outputs of a deviceunderattack and error patterns. For advanced attackers who are able to control both of the above two aspects, traditional protections can be easily compromised. In this paper, we propose optimal algebraic manipulation detection (AMD) codes based on the nonlinear encoding functions and the random number generators. The proposed codes can provide a guaranteed high error detecting probability even if the attacker can fully control the faultfree outputs of a deviceunderattack as well as the error patterns. As a case study, we present the protection architectures based on AMD codes for multipliers in Galois fields used for the elliptic curve cryptography. The results show that the proposed architecture can provide a very low error masking probability at the cost of a reasonable area overhead. The protected multiplier has no latency penalty when the predictor is pipelined.
On the bounded sumofdigits discrete logarithm problem in finite fields
 In Proc. of the 24th Annual International Cryptology Conference (CRYPTO
, 2004
"... Abstract. In this paper, we study the bounded sumofdigits discrete logarithm problem in finite fields. Our results concern primarily with fields Fqn where nq − 1. The fields are called Kummer extensions of Fq. It is known that we can efficiently construct an element g with order greater than 2 n ..."
Abstract

Cited by 5 (1 self)
 Add to MetaCart
Abstract. In this paper, we study the bounded sumofdigits discrete logarithm problem in finite fields. Our results concern primarily with fields Fqn where nq − 1. The fields are called Kummer extensions of Fq. It is known that we can efficiently construct an element g with order greater than 2 n in the fields. Let Sq(•) be the function from integers to the sum of digits in their qary expansions. We first present an algorithm that given g e (0 ≤ e < q n) finds e in random polynomial time, provided that Sq(e) < n. We then show that the problem is solvable in random polynomial time for most of the exponent e with Sq(e) < 1.32n, by exploring an interesting connection between the discrete logarithm problem and the problem of list decoding of ReedSolomon codes, and applying the GuruswamiSudan algorithm. As a side result, we obtain a sharper lower bound on the number of congruent polynomials generated by linear factors than the one based on StothersMason ABCtheorem. We also prove that in the field Fqq−1, the bounded sumofdigits discrete logarithm with respect to g can be computed in random time O(f(w) log 4 (q q−1)), where f is a subexponential function and w is the bound on the qary sumofdigits of the exponent, hence the problem is fixed parameter tractable. These results are shown to be generalized to ArtinSchreier extension Fpp where p is a prime. Since every finite field has an extension of reasonable degree which is a Kummer extension, our result reveals an unexpected property of the discrete logarithm problem, namely, the bounded sumofdigits discrete logarithm problem in any given finite field becomes polynomial time solvable in certain low degree extensions. 1
Iterated constructions of irreducible polynomials over finite fields with linearly independent roots
, 2003
"... The paper is devoted to constructive theory of synthesis of irreducible polynomials and irreducible Npolynomials (with linearly independent roots) over finite fields. For a suitably chosen initial Npolynomial F1ðxÞAF2s x of degree n; polynomials FkðxÞAF2s x of degrees 2k1n are constructed by ite ..."
Abstract

Cited by 3 (0 self)
 Add to MetaCart
(Show Context)
The paper is devoted to constructive theory of synthesis of irreducible polynomials and irreducible Npolynomials (with linearly independent roots) over finite fields. For a suitably chosen initial Npolynomial F1ðxÞAF2s x of degree n; polynomials FkðxÞAF2s x of degrees 2k1n are constructed by iteration of the transformation of variable xx þ d2x1; where dAF2s and da0: It is shown that the set of roots of the polynomials FkðxÞ forms a normal basis of F 22 k1sn over F2s: In addition, the sequences are tracecompatible in the sense that the trace relation maps the corresponding roots onto each other. Furthermore, for a prime power q ps; some recurrent methods for constructing families of monic irreducible polynomials of degree npk; kX1; over Fq is given. This construction is a generalization of Varshamov’s construction given for prime fields. The construction gives an iterative technique to construct sequences ðFkðxÞkX0Þ of Npolynomials of degree pkþ2 over Fq:
Reducing the Complexity of Normal Basis Multiplication
, 2014
"... In this paper we introduce a new transformation method and a multiplication algorithm for multiplying the elements of the field GF(2k) expressed in a normal basis. The number of XOR gates for the proposed multiplication algorithm is fewer than that of the optimal normal basis multiplication, not tak ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
In this paper we introduce a new transformation method and a multiplication algorithm for multiplying the elements of the field GF(2k) expressed in a normal basis. The number of XOR gates for the proposed multiplication algorithm is fewer than that of the optimal normal basis multiplication, not taking into account the cost of forward and backward transformations. The algorithm is more suitable for applications in which tens or hundreds of field multiplications are performed before needing to transform the results back.