Results 1 
9 of
9
A Survey of Fast Exponentiation Methods
 JOURNAL OF ALGORITHMS
, 1998
"... Publickey cryptographic systems often involve raising elements of some group (e.g. GF(2 n), Z/NZ, or elliptic curves) to large powers. An important question is how fast this exponentiation can be done, which often determines whether a given system is practical. The best method for exponentiation de ..."
Abstract

Cited by 155 (0 self)
 Add to MetaCart
Publickey cryptographic systems often involve raising elements of some group (e.g. GF(2 n), Z/NZ, or elliptic curves) to large powers. An important question is how fast this exponentiation can be done, which often determines whether a given system is practical. The best method for exponentiation depends strongly on the group being used, the hardware the system is implemented on, and whether one element is being raised repeatedly to different powers, different elements are raised to a fixed power, or both powers and group elements vary. This problem has received much attention, but the results are scattered through the literature. In this paper we survey the known methods for fast exponentiation, examining their relative strengths and weaknesses.
On Orders of Optimal Normal Basis Generators
 Math. Comp
, 1995
"... In this paper we give some computational results on the multiplicative orders of optimal normal basis generators in F2 n over F2 for n # 1200 whenever the complete factorization of 2  1 is known. Our results show that a subclass of optimal normal basis generators always have very high multiplic ..."
Abstract

Cited by 14 (6 self)
 Add to MetaCart
In this paper we give some computational results on the multiplicative orders of optimal normal basis generators in F2 n over F2 for n # 1200 whenever the complete factorization of 2  1 is known. Our results show that a subclass of optimal normal basis generators always have very high multiplicative orders and are very often primitive. For a given optimal normal basis generator # in F2 n and an arbitrary integer e, we show that # can be computed in O(n v(e)) bit operations, where v(e) is the number of 1's in the binary representation of e.
Fast exponentiation with precomputation: Algorithms and lower bounds
 in Proc. of EUROCRYPT ’92
, 1995
"... In several cryptographic systems, a fixed element g of a group of order N is repeatedly raised to many different powers. In this paper we present a practical method of speeding up such systems, using precomputed values to reduce the number of multiplications needed. In practice this provides a subst ..."
Abstract

Cited by 11 (1 self)
 Add to MetaCart
In several cryptographic systems, a fixed element g of a group of order N is repeatedly raised to many different powers. In this paper we present a practical method of speeding up such systems, using precomputed values to reduce the number of multiplications needed. In practice this provides a substantial improvement over the level of performance that can be obtained using addition chains, and allows the computation of g n for n < N in O(log N / log log N) multiplicaitons. We show that this method is asymptotically optimal given polynomial storage, and for specific cases, within a small factor of optimal. We also show how these methods can be parallelized, to compute powers in time O(log log N) with O(log N / log 2 log N) processors.
On Quasilinear Time Complexity Theory
, 1994
"... This paper furthers the study of quasilinear time complexity initiated by Schnorr and Gurevich and Shelah. We show that the fundamental properties of the polynomialtime hierarchy carry over to the quasilineartime hierarchy. ..."
Abstract

Cited by 3 (0 self)
 Add to MetaCart
This paper furthers the study of quasilinear time complexity initiated by Schnorr and Gurevich and Shelah. We show that the fundamental properties of the polynomialtime hierarchy carry over to the quasilineartime hierarchy.
Computing special powers in finite fields
 e7 ← −e2 + yq; (e7 = −ypr0 + yq) 7: e8 ← −e0 + e4; (e8 = −r 2 0 + ypyq) 8: e9 ← e7e8; (e9 = (−ypr0 + yq)(−r 2 0 + ypyq)) 9: a1 ← e9 − e3 − e5; a0 ← e3 − e5 − yp; 10: a3 ← −e1 + e6; a2 ← −yp; a4 ← 0; a5 ← −yq; B Techniques for Reducing Partial Products in
, 2003
"... Abstract. We study exponentiation in nonprime finite fields with very special exponents such as they occur, for example, in inversion, primitivity tests, and polynomial factorization. Our algorithmic approach improves the corresponding exponentiation problem from about quadratic to about linear time ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
Abstract. We study exponentiation in nonprime finite fields with very special exponents such as they occur, for example, in inversion, primitivity tests, and polynomial factorization. Our algorithmic approach improves the corresponding exponentiation problem from about quadratic to about linear time. 1.
Finite Fields in AXIOM
 ATR/5) (NP2522), The Numerical Algorithm Group, Downer’s
, 1992
"... Finite fields play an important role for many applications (e.g. coding theory, cryptography). There are different ways to construct a finite field for a given prime power. The paper describes the different constructions implemented in AXIOM. These are polynomial basis representation, cyclic group r ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
Finite fields play an important role for many applications (e.g. coding theory, cryptography). There are different ways to construct a finite field for a given prime power. The paper describes the different constructions implemented in AXIOM. These are polynomial basis representation, cyclic group representation, and normal basis representation. Furthermore, the concept of the implementation, the used algorithms and the various datatype coercions between these representations are discussed. Address of authors: Vangerowstr. 18, Postfach 10 30 68, D6900 Heidelberg, Germany, email: grabm@dhdibm1.bitnet resp. adscheer@dhdibm1.bitnet Contents 1 Introduction 4 2 Basic theory and notations 5 3 Categories for finite field domains 7 4 General finite field functions 8 4.1 E as an algebra of rank n over F : : : : : : : : : : : : : : : : : : 8 4.2 The F [X]module structure of E : : : : : : : : : : : : : : : : : : 10 4.3 The cyclic group E : : : : : : : : : : : : : : : : : : : : : : : : ...
Parallel Algorithm for Multiplication on Elliptic Curves
, 2002
"... Given a positive integer n and a point P on an elliptic curve E, the computation of nP , that is, the result of adding n times the point P to itself, called the scalar multiplication, is the central operation of elliptic curve cryptosystems. We present an algorithm that, using p processors, can comp ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
Given a positive integer n and a point P on an elliptic curve E, the computation of nP , that is, the result of adding n times the point P to itself, called the scalar multiplication, is the central operation of elliptic curve cryptosystems. We present an algorithm that, using p processors, can compute nP in time O(log n +H(n)=p+ log p), where H(n) is the Hamming weight of n. Furthermore, if this algorithm is applied to Koblitz curves, the running time can be reduced to O(H(n)=p + log p).
Efficient Parallel Exponentiation in GF(2^n) Using Normal Basis Representations
, 2001
"... Von zur Gathen proposed an ecient parallel exponentiation algorithm in nite elds using normal basis representations. In this paper we present a processorecient parallel exponentiation ) which improves upon von zur Gathen's algorithm. We also show that exponentiation ) can be done in O(log n) ..."
Abstract
 Add to MetaCart
Von zur Gathen proposed an ecient parallel exponentiation algorithm in nite elds using normal basis representations. In this paper we present a processorecient parallel exponentiation ) which improves upon von zur Gathen's algorithm. We also show that exponentiation ) can be done in O(log n) time using n=(log n) processors. Hence we get processor time bound O(n= log n), which is optimal. Finally, we present an online processor assignment scheme which was missing in von zur Gathen's algorithm, and show that its time complexity is negligible.