Results 1 
8 of
8
On Small Characteristic Algebraic Tori in PairingBased Cryptography
, 2004
"... The output of the Tate pairing on an elliptic curve over a nite eld is an element in the multiplicative group of an extension eld modulo a particular subgroup. One ordinarily powers this element to obtain a unique representative for the output coset, and performs any further necessary arithmet ..."
Abstract

Cited by 31 (3 self)
 Add to MetaCart
The output of the Tate pairing on an elliptic curve over a nite eld is an element in the multiplicative group of an extension eld modulo a particular subgroup. One ordinarily powers this element to obtain a unique representative for the output coset, and performs any further necessary arithmetic in the extension eld. Rather than an obstruction, we show to the contrary that one can exploit this quotient group to eliminate the nal powering, to speed up exponentiations and to obtain a simple compression of pairing values which is useful during interactive identitybased cryptographic protocols. Speci cally we demonstrate that methods available for fast point multiplication on elliptic curves such as mixed addition, signed digit representations and Frobenius expansions, all transfer easily to the quotient group, and provide a signi cant improvement over the arithmetic of the extension eld.
Hardware and software normal basis arithmetic for pairing based cryptography in characteristic three
 IEEE Transactions on Computers
, 2005
"... Department of Computer Science, ..."
Subquadratic Computational Complexity Schemes for Extended Binary Field Multiplication Using Optimal Normal Bases
, 2007
"... Based on a recently proposed Toeplitz matrixvector product approach, a subquadratic computational complexity scheme is presented for multiplications in binary extended finite fields using Type I and II optimal normal bases. basis. Index Terms Finite field, subquadratic computational complexity mult ..."
Abstract

Cited by 7 (3 self)
 Add to MetaCart
Based on a recently proposed Toeplitz matrixvector product approach, a subquadratic computational complexity scheme is presented for multiplications in binary extended finite fields using Type I and II optimal normal bases. basis. Index Terms Finite field, subquadratic computational complexity multiplication, normal basis, optimal normal
Algebraic manipulation detection codes and their applications for design of secure cryptographic devices
 in IEEE 17th International OnLine Testing Symposium (IOLTS
"... Abstract—Cryptographic devices are vulnerable to fault injection attacks. All previous countermeasures against fault injection attacks based on error detecting codes assume that the attacker cannot simultaneously control the faultfree outputs of a deviceunderattack and error patterns. For advance ..."
Abstract

Cited by 5 (5 self)
 Add to MetaCart
Abstract—Cryptographic devices are vulnerable to fault injection attacks. All previous countermeasures against fault injection attacks based on error detecting codes assume that the attacker cannot simultaneously control the faultfree outputs of a deviceunderattack and error patterns. For advanced attackers who are able to control both of the above two aspects, traditional protections can be easily compromised. In this paper, we propose optimal algebraic manipulation detection (AMD) codes based on the nonlinear encoding functions and the random number generators. The proposed codes can provide a guaranteed high error detecting probability even if the attacker can fully control the faultfree outputs of a deviceunderattack as well as the error patterns. As a case study, we present the protection architectures based on AMD codes for multipliers in Galois fields used for the elliptic curve cryptography. The results show that the proposed architecture can provide a very low error masking probability at the cost of a reasonable area overhead. The protected multiplier has no latency penalty when the predictor is pipelined.
On the bounded sumofdigits discrete logarithm problem in finite fields
 In Proc. of the 24th Annual International Cryptology Conference (CRYPTO
, 2004
"... Abstract. In this paper, we study the bounded sumofdigits discrete logarithm problem in finite fields. Our results concern primarily with fields Fqn where nq − 1. The fields are called Kummer extensions of Fq. It is known that we can efficiently construct an element g with order greater than 2 n ..."
Abstract

Cited by 4 (1 self)
 Add to MetaCart
Abstract. In this paper, we study the bounded sumofdigits discrete logarithm problem in finite fields. Our results concern primarily with fields Fqn where nq − 1. The fields are called Kummer extensions of Fq. It is known that we can efficiently construct an element g with order greater than 2 n in the fields. Let Sq(•) be the function from integers to the sum of digits in their qary expansions. We first present an algorithm that given g e (0 ≤ e < q n) finds e in random polynomial time, provided that Sq(e) < n. We then show that the problem is solvable in random polynomial time for most of the exponent e with Sq(e) < 1.32n, by exploring an interesting connection between the discrete logarithm problem and the problem of list decoding of ReedSolomon codes, and applying the GuruswamiSudan algorithm. As a side result, we obtain a sharper lower bound on the number of congruent polynomials generated by linear factors than the one based on StothersMason ABCtheorem. We also prove that in the field Fqq−1, the bounded sumofdigits discrete logarithm with respect to g can be computed in random time O(f(w) log 4 (q q−1)), where f is a subexponential function and w is the bound on the qary sumofdigits of the exponent, hence the problem is fixed parameter tractable. These results are shown to be generalized to ArtinSchreier extension Fpp where p is a prime. Since every finite field has an extension of reasonable degree which is a Kummer extension, our result reveals an unexpected property of the discrete logarithm problem, namely, the bounded sumofdigits discrete logarithm problem in any given finite field becomes polynomial time solvable in certain low degree extensions. 1
Subquadratic multiplication using optimal normal bases
, 2006
"... Based on a recently proposed Toeplitz matrixvector product approach, a subquadratic computational complexity scheme is presented for multiplications in binary extended finite fields using Type I and II optimal normal bases. basis. Index Terms Finite field, subquadratic computational complexity mult ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
Based on a recently proposed Toeplitz matrixvector product approach, a subquadratic computational complexity scheme is presented for multiplications in binary extended finite fields using Type I and II optimal normal bases. basis. Index Terms Finite field, subquadratic computational complexity multiplication, normal basis, optimal normal
New Error Detecting Codes for the Design of Hardware Resistant to Strong Fault Injection Attacks
"... Abstract—Cryptographic devices suffer from fault injection attacks. The security of cryptosystems protected by traditional error detecting codes rely on the assumption that the information bits and the error patterns are not both controllable by the attacker. For applications where the assumption i ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
Abstract—Cryptographic devices suffer from fault injection attacks. The security of cryptosystems protected by traditional error detecting codes rely on the assumption that the information bits and the error patterns are not both controllable by the attacker. For applications where the assumption is not valid, the security of systems protected by traditional error detecting codes can be easily compromised. In this paper, we present constructions for algebraic manipulation detection (AMD) codes based on the nonlinear encoding functions. For a (k, m, r) AMD code, a message contains three parts: kbit information data y, mbit random data x and rbit redundancy f(y, x). For any error e and information y, the fraction of x that masks the error e is less than 1. In this paper we describe lower and upper bounds on AMD codes and show that the presented constructions can generate optimal or close to optimal AMD codes in many cases. We presented efficient encoding and decoding methods for AMD codes minimizing the number of multipliers using the multivariate Horner scheme. The proposed codes can provide a guaranteed high error detecting probability even if both the information bits of the code and the nonzero error patterns are controllable by an attacker. These codes can be used for design of secure multipliers, secure memories or secure hardware implementing cryptography algorithms resistant to fault injection attacks.
Fast Encoding and Decoding of Gabidulin Codes
, 901
"... Abstract—Gabidulin codes are the rankmetric analogs of ReedSolomon codes and have a major role in practical error control for network coding. This paper presents new encoding and decoding algorithms for Gabidulin codes based on lowcomplexity normal bases. In addition, a new decoding algorithm is p ..."
Abstract
 Add to MetaCart
Abstract—Gabidulin codes are the rankmetric analogs of ReedSolomon codes and have a major role in practical error control for network coding. This paper presents new encoding and decoding algorithms for Gabidulin codes based on lowcomplexity normal bases. In addition, a new decoding algorithm is proposed based on a transformdomain approach. Together, these represent the fastest known algorithms for encoding and decoding Gabidulin codes. I.