Results 1  10
of
13
On Small Characteristic Algebraic Tori in PairingBased Cryptography
, 2004
"... The output of the Tate pairing on an elliptic curve over a nite eld is an element in the multiplicative group of an extension eld modulo a particular subgroup. One ordinarily powers this element to obtain a unique representative for the output coset, and performs any further necessary arithmet ..."
Abstract

Cited by 32 (3 self)
 Add to MetaCart
The output of the Tate pairing on an elliptic curve over a nite eld is an element in the multiplicative group of an extension eld modulo a particular subgroup. One ordinarily powers this element to obtain a unique representative for the output coset, and performs any further necessary arithmetic in the extension eld. Rather than an obstruction, we show to the contrary that one can exploit this quotient group to eliminate the nal powering, to speed up exponentiations and to obtain a simple compression of pairing values which is useful during interactive identitybased cryptographic protocols. Speci cally we demonstrate that methods available for fast point multiplication on elliptic curves such as mixed addition, signed digit representations and Frobenius expansions, all transfer easily to the quotient group, and provide a signi cant improvement over the arithmetic of the extension eld.
Hardware and software normal basis arithmetic for pairing based cryptography in characteristic three
 IEEE Transactions on Computers
, 2005
"... Department of Computer Science, ..."
(Show Context)
Subquadratic Computational Complexity Schemes for Extended Binary Field Multiplication Using Optimal Normal Bases
, 2007
"... Based on a recently proposed Toeplitz matrixvector product approach, a subquadratic computational complexity scheme is presented for multiplications in binary extended finite fields using Type I and II optimal normal bases. basis. Index Terms Finite field, subquadratic computational complexity mult ..."
Abstract

Cited by 8 (3 self)
 Add to MetaCart
(Show Context)
Based on a recently proposed Toeplitz matrixvector product approach, a subquadratic computational complexity scheme is presented for multiplications in binary extended finite fields using Type I and II optimal normal bases. basis. Index Terms Finite field, subquadratic computational complexity multiplication, normal basis, optimal normal
Algebraic manipulation detection codes and their applications for design of secure cryptographic devices
 in IEEE 17th International OnLine Testing Symposium (IOLTS
"... Abstract—Cryptographic devices are vulnerable to fault injection attacks. All previous countermeasures against fault injection attacks based on error detecting codes assume that the attacker cannot simultaneously control the faultfree outputs of a deviceunderattack and error patterns. For advance ..."
Abstract

Cited by 5 (5 self)
 Add to MetaCart
(Show Context)
Abstract—Cryptographic devices are vulnerable to fault injection attacks. All previous countermeasures against fault injection attacks based on error detecting codes assume that the attacker cannot simultaneously control the faultfree outputs of a deviceunderattack and error patterns. For advanced attackers who are able to control both of the above two aspects, traditional protections can be easily compromised. In this paper, we propose optimal algebraic manipulation detection (AMD) codes based on the nonlinear encoding functions and the random number generators. The proposed codes can provide a guaranteed high error detecting probability even if the attacker can fully control the faultfree outputs of a deviceunderattack as well as the error patterns. As a case study, we present the protection architectures based on AMD codes for multipliers in Galois fields used for the elliptic curve cryptography. The results show that the proposed architecture can provide a very low error masking probability at the cost of a reasonable area overhead. The protected multiplier has no latency penalty when the predictor is pipelined.
On the bounded sumofdigits discrete logarithm problem in finite fields
 In Proc. of the 24th Annual International Cryptology Conference (CRYPTO
, 2004
"... Abstract. In this paper, we study the bounded sumofdigits discrete logarithm problem in finite fields. Our results concern primarily with fields Fqn where nq − 1. The fields are called Kummer extensions of Fq. It is known that we can efficiently construct an element g with order greater than 2 n ..."
Abstract

Cited by 4 (1 self)
 Add to MetaCart
Abstract. In this paper, we study the bounded sumofdigits discrete logarithm problem in finite fields. Our results concern primarily with fields Fqn where nq − 1. The fields are called Kummer extensions of Fq. It is known that we can efficiently construct an element g with order greater than 2 n in the fields. Let Sq(•) be the function from integers to the sum of digits in their qary expansions. We first present an algorithm that given g e (0 ≤ e < q n) finds e in random polynomial time, provided that Sq(e) < n. We then show that the problem is solvable in random polynomial time for most of the exponent e with Sq(e) < 1.32n, by exploring an interesting connection between the discrete logarithm problem and the problem of list decoding of ReedSolomon codes, and applying the GuruswamiSudan algorithm. As a side result, we obtain a sharper lower bound on the number of congruent polynomials generated by linear factors than the one based on StothersMason ABCtheorem. We also prove that in the field Fqq−1, the bounded sumofdigits discrete logarithm with respect to g can be computed in random time O(f(w) log 4 (q q−1)), where f is a subexponential function and w is the bound on the qary sumofdigits of the exponent, hence the problem is fixed parameter tractable. These results are shown to be generalized to ArtinSchreier extension Fpp where p is a prime. Since every finite field has an extension of reasonable degree which is a Kummer extension, our result reveals an unexpected property of the discrete logarithm problem, namely, the bounded sumofdigits discrete logarithm problem in any given finite field becomes polynomial time solvable in certain low degree extensions. 1
New Error Detecting Codes for the Design of Hardware Resistant to Strong Fault Injection Attacks
"... Abstract—Cryptographic devices suffer from fault injection attacks. The security of cryptosystems protected by traditional error detecting codes rely on the assumption that the information bits and the error patterns are not both controllable by the attacker. For applications where the assumption i ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
(Show Context)
Abstract—Cryptographic devices suffer from fault injection attacks. The security of cryptosystems protected by traditional error detecting codes rely on the assumption that the information bits and the error patterns are not both controllable by the attacker. For applications where the assumption is not valid, the security of systems protected by traditional error detecting codes can be easily compromised. In this paper, we present constructions for algebraic manipulation detection (AMD) codes based on the nonlinear encoding functions. For a (k, m, r) AMD code, a message contains three parts: kbit information data y, mbit random data x and rbit redundancy f(y, x). For any error e and information y, the fraction of x that masks the error e is less than 1. In this paper we describe lower and upper bounds on AMD codes and show that the presented constructions can generate optimal or close to optimal AMD codes in many cases. We presented efficient encoding and decoding methods for AMD codes minimizing the number of multipliers using the multivariate Horner scheme. The proposed codes can provide a guaranteed high error detecting probability even if both the information bits of the code and the nonzero error patterns are controllable by an attacker. These codes can be used for design of secure multipliers, secure memories or secure hardware implementing cryptography algorithms resistant to fault injection attacks.
Fast Encoding and Decoding of Gabidulin Codes
, 901
"... Abstract—Gabidulin codes are the rankmetric analogs of ReedSolomon codes and have a major role in practical error control for network coding. This paper presents new encoding and decoding algorithms for Gabidulin codes based on lowcomplexity normal bases. In addition, a new decoding algorithm is p ..."
Abstract
 Add to MetaCart
(Show Context)
Abstract—Gabidulin codes are the rankmetric analogs of ReedSolomon codes and have a major role in practical error control for network coding. This paper presents new encoding and decoding algorithms for Gabidulin codes based on lowcomplexity normal bases. In addition, a new decoding algorithm is proposed based on a transformdomain approach. Together, these represent the fastest known algorithms for encoding and decoding Gabidulin codes. I.
Iterated constructions of irreducible polynomials over finite fields with linearly independent roots
, 2003
"... The paper is devoted to constructive theory of synthesis of irreducible polynomials and irreducible Npolynomials (with linearly independent roots) over finite fields. For a suitably chosen initial Npolynomial F1ðxÞAF2s x of degree n; polynomials FkðxÞAF2s x of degrees 2k1n are constructed by ite ..."
Abstract
 Add to MetaCart
(Show Context)
The paper is devoted to constructive theory of synthesis of irreducible polynomials and irreducible Npolynomials (with linearly independent roots) over finite fields. For a suitably chosen initial Npolynomial F1ðxÞAF2s x of degree n; polynomials FkðxÞAF2s x of degrees 2k1n are constructed by iteration of the transformation of variable xx þ d2x1; where dAF2s and da0: It is shown that the set of roots of the polynomials FkðxÞ forms a normal basis of F 22 k1sn over F2s: In addition, the sequences are tracecompatible in the sense that the trace relation maps the corresponding roots onto each other. Furthermore, for a prime power q ps; some recurrent methods for constructing families of monic irreducible polynomials of degree npk; kX1; over Fq is given. This construction is a generalization of Varshamov’s construction given for prime fields. The construction gives an iterative technique to construct sequences ðFkðxÞkX0Þ of Npolynomials of degree pkþ2 over Fq:
On Small Degree Extension Fields in Cryptology
, 2005
"... that are based in, or map to, the multiplicative group of finite fields with small extension degree. A central observation is that the multiplicative group of extension fields essentially decomposes as a product of algebraic tori, whose properties allow for improved communication efficiency. ..."
Abstract
 Add to MetaCart
(Show Context)
that are based in, or map to, the multiplicative group of finite fields with small extension degree. A central observation is that the multiplicative group of extension fields essentially decomposes as a product of algebraic tori, whose properties allow for improved communication efficiency.