Results 1  10
of
15
A note on efficient computation of cube roots in characteristic
, 2004
"... Abstract. The cost of the folklore algorithm for computing cube roots in F3m in standard polynomial basis is less that one multiplication, but still O(m 2). Here we show that, if F3m is represented in trinomial basis as F3[x]/(x m + ax k + b) with a, b = ±1, the actual cost of computing cube roots i ..."
Abstract

Cited by 20 (2 self)
 Add to MetaCart
Abstract. The cost of the folklore algorithm for computing cube roots in F3m in standard polynomial basis is less that one multiplication, but still O(m 2). Here we show that, if F3m is represented in trinomial basis as F3[x]/(x m + ax k + b) with a, b = ±1, the actual cost of computing cube roots in F3m is only O(m). 1
FPGA Accelerated Tate Pairing Based Cryptosystems over Binary Fields
 IN CRYPTOLOGY EPRINT ARCHIVE, REPORT 2006/179
, 2006
"... Though the implementation of the Tate pairing is commonly believed to be computationally more intensive than other cryptographic operations, such as ECC point multiplication, there has been a substantial progress in speeding up the Tate pairing computations. Because of their inherent parallelism, ..."
Abstract

Cited by 12 (0 self)
 Add to MetaCart
Though the implementation of the Tate pairing is commonly believed to be computationally more intensive than other cryptographic operations, such as ECC point multiplication, there has been a substantial progress in speeding up the Tate pairing computations. Because of their inherent parallelism, the existing Tate pairing algorithms are very suitable for hardware implementation aimed at achieving a high operation speed. Supersingular elliptic curves over binary fields are good candidates for hardware implementation due to their simple underlying algorithms and binary arithmetic. In this paper we propose e#cient Tate pairing implementations over binary fields F 2 239 and F 2 283 via FPGA. Though our field sizes are larger than those used in earlier architectures with the same security strength based on cubic elliptic curves or binary hyperelliptic curves, fewer multiplications in the underlying field are required, so that the computational latency for one pairing can be reduced. As a result, our pairing accelerators implemented via FPGA can run 15to25 times faster than other FPGA realizations at the same level of security strength, and at the same time achieve lower product of latency by area.
Software multiplication using Gaussian normal bases
 IEEE Trans. Comput
, 2006
"... Fast algorithms for multiplication in finite fields are required for several cryptographic applications, in particular for implementing elliptic curve operations over binary fields F2m. In this paper we present new software algorithms for efficient multiplication over F2m that use a Gaussian normal ..."
Abstract

Cited by 6 (2 self)
 Add to MetaCart
Fast algorithms for multiplication in finite fields are required for several cryptographic applications, in particular for implementing elliptic curve operations over binary fields F2m. In this paper we present new software algorithms for efficient multiplication over F2m that use a Gaussian normal basis representation. Two approaches are presented, direct normal basis multiplication, and a method that exploits a mapping to a ring where fast polynomialbased techniques can be employed. Our analysis including experimental results on an Intel Pentium family processor shows that the new algorithms are faster and can use memory more efficiently than previous methods. Despite significant improvements, we conclude that the penalty in multiplication is still sufficiently large to discourage the use of normal bases in software implementations of elliptic curve systems. Key words Multiplication in F2 m, Gaussian normal basis, elliptic curve cryptography. 1
Some Efficient Algorithms for the Final Exponentiation of η_T Pairing Masaaki Shirase
 IN CRYPTOLOGY EPRINT ARCHIVE, REPORT 2006/431
, 2006
"... Recently Tate pairing and its variations are attracted in cryptography. Their operations consist of a main iteration loop and a final exponentiation. The final exponentiation is necessary for generating a unique value of the bilinear pairing in the extension fields. The speed of the main loop has be ..."
Abstract

Cited by 5 (3 self)
 Add to MetaCart
Recently Tate pairing and its variations are attracted in cryptography. Their operations consist of a main iteration loop and a final exponentiation. The final exponentiation is necessary for generating a unique value of the bilinear pairing in the extension fields. The speed of the main loop has become fast by the recent improvements, e.g., the DuursmaLee algorithm and #T pairing. In this paper we discuss how to enhance the speed of the final exponentiation of the #T pairing in the extension field F 3 6n . Indeed, we propose some efficient algorithms using the torus T2 (F 3 3n) that can efficiently compute an inversion and a powering by 3 +1. Consequently, the total processing cost of computing the #T pairing can be reduced by 17% for n = 97.
New fast algorithms for arithmetic on elliptic curves over finite fields of characteristic three
, 2007
"... Abstract: In this paper we propose new formulae and algorithms for arithmetic on ordinary elliptic curve with a point of order 3 over finite field of characteristic three, by which the cost of a point multiplication on the curves decreases about 10~20 %. ..."
Abstract

Cited by 4 (1 self)
 Add to MetaCart
Abstract: In this paper we propose new formulae and algorithms for arithmetic on ordinary elliptic curve with a point of order 3 over finite field of characteristic three, by which the cost of a point multiplication on the curves decreases about 10~20 %.
Instruction Set Extensions for PairingBased Cryptography
, 2007
"... A series of recent algorithmic advances has delivered highly effective methods for pairing evaluation and parameter generation. However, the resulting multitude of options means many different variations of base field must ideally be supported on the target platform. Typical hardware accelerators in ..."
Abstract

Cited by 4 (3 self)
 Add to MetaCart
A series of recent algorithmic advances has delivered highly effective methods for pairing evaluation and parameter generation. However, the resulting multitude of options means many different variations of base field must ideally be supported on the target platform. Typical hardware accelerators in the form of coprocessors possess neither the flexibility nor the scalability to support fields of different characteristic and order. On the other hand, extending the instruction set of a generalpurpose processor by custom instructions for field arithmetic allows to combine the performance of hardware with the flexibility of software. To this end, we investigate the integration of a trifield multiplyaccumulate (MAC) unit into a SPARC V8 processor core to support arithmetic in Fp, F2n and F3n. Besides integer multiplication, the MAC unit can also execute dedicated multiply and MAC instructions for binary and ternary polynomials. Our results show that the trifield MAC unit adds only a small size overhead while significantly accelerating arithmetic in F2n and F3n, which sheds new light on the relative performance of Fp, F2n and F3n in the context of pairingbased cryptography.
Breaking pairingbased cryptosystems using ηT pairing over GF (3 97)
"... Abstract. There are many useful cryptographic schemes, such as IDbased encryption, short signature, keyword searchable encryption, attributebased encryption, functional encryption, that use a bilinear pairing. It is important to estimate the security of such pairingbased cryptosystems in cryptogr ..."
Abstract

Cited by 4 (0 self)
 Add to MetaCart
Abstract. There are many useful cryptographic schemes, such as IDbased encryption, short signature, keyword searchable encryption, attributebased encryption, functional encryption, that use a bilinear pairing. It is important to estimate the security of such pairingbased cryptosystems in cryptography. The most essential numbertheoretic problem in pairingbased cryptosystems is the discrete logarithm problem (DLP) because pairingbased cryptosystems are no longer secure once the underlining DLP is broken. One efficient bilinear pairing is the ηT pairing defined over a supersingular elliptic curve E on the finite field GF (3 n) for a positive integer n. The embedding degree of the ηT pairing is 6; thus, we can reduce the DLP over E on GF (3 n) to that over the finite field GF (3 6n). In this paper, for breaking the ηT pairing over GF (3 n), we discuss solving the DLP over GF (3 6n) by using the function field sieve (FFS), which is the asymptotically fastest algorithm for solving a DLP over finite fields of small characteristics. We chose the extension degree n = 97 because it has been intensively used in benchmarking tests for the implementation of the ηT pairing, and the order (923bit) of GF (3 6·97) is substantially larger than the previous world record (676bit) of solving the DLP by using the FFS. We implemented the FFS for the medium prime case (JL06FFS), and propose several improvements of the FFS, for example, the lattice sieve for JL06FFS and the filtering adjusted to the Galois action. Finally, we succeeded in solving the DLP over GF (3 6·97). The entire computational time of our improved FFS requires about 148.2 days using 252 CPU cores. Our computational results contribute to the secure use of pairingbased cryptosystems with the ηT pairing.
Efficient multiplication using type 2 optimal normal bases
"... Abstract. In this paper we propose a new structure for multiplication using optimal normal bases of type 2. The multiplier uses an efficient linear transformation to convert the normal basis representations of elements of Fqn to suitable polynomials of degree at most n over Fq. These polynomials ar ..."
Abstract

Cited by 3 (0 self)
 Add to MetaCart
Abstract. In this paper we propose a new structure for multiplication using optimal normal bases of type 2. The multiplier uses an efficient linear transformation to convert the normal basis representations of elements of Fqn to suitable polynomials of degree at most n over Fq. These polynomials are multiplied using any method which is suitable for the implementation platform, then the product is converted back to the normal basis using the inverse of the above transformation. The efficiency of the transformation arises from a special factorization of its matrix into sparse matrices. This factorization — which resembles the FFT factorization of the DFT matrix — allows to compute the transformation and its inverse using O(n log n) operations in Fq, rather than O(n 2) operations needed for a general change of basis. Using this technique we can reduce the asymptotic cost of multiplication in optimal normal bases of type 2 from 2M(n) + O(n) reported by Gao et al. (2000) to M(n) + O(n log n) operations in Fq, where M(n) is the number of Fqoperations to multiply two polynomials of degree n − 1 over Fq. We show that this cost is also smaller than other proposed multipliers for n> 160, values which are used in elliptic curve cryptography.
Software multiplication using normal bases
 Dept. of Combinatorics and Optimization, Univ. of
, 2004
"... Fast algorithms for multiplication in finite fields are required for several cryptographic applications, in particular for implementing elliptic curve operations over the NIST recommended binary fields. In this paper we present new software algorithms for efficient multiplication over the binary fie ..."
Abstract

Cited by 3 (0 self)
 Add to MetaCart
Fast algorithms for multiplication in finite fields are required for several cryptographic applications, in particular for implementing elliptic curve operations over the NIST recommended binary fields. In this paper we present new software algorithms for efficient multiplication over the binary field F2m that use a Gaussian normal basis representation. Two approaches are presented, direct normal basis multiplication, and a method that exploits a mapping to a ring where fast polynomialbased techniques can be employed. Our analysis including experimental results on an Intel Pentium family processor shows that the new algorithms are faster and can use memory more efficiently than previous methods. Despite significant improvements, we conclude that the penalty in multiplication is still sufficiently large to discourage the use of normal bases in software implementations of elliptic curve systems. Key words Multiplication in F2 m, normal basis, Gaussian normal basis, elliptic curve cryptography. 1
Efficient Implementation of the Pairing on Mobilephones using BREW
, 2007
"... Pairing based cryptosystems can accomplish novel security applications such as IDbased cryptosystems, which have not been constructed efficiently without the pairing. The processing speed of the pairing based cryptosystems is relatively slow compared with the other conventional public key cryptosys ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
Pairing based cryptosystems can accomplish novel security applications such as IDbased cryptosystems, which have not been constructed efficiently without the pairing. The processing speed of the pairing based cryptosystems is relatively slow compared with the other conventional public key cryptosystems. However, several efficient algorithms for computing the pairing have been proposed, namely DuursmaLee algorithm and its variant T pairing. In this paper, we present an efficient implementation of the pairing over some mobile phones. The processing speed of our implementation in ARM9 processors on BREW achieves under 100 milliseconds using the supersingular curve over F 3 97. It has become efficient enough to implement security applications, such as IDbased cryptosystems and broadcast encryption, using the pairing on BREW mobilephones.