An Algorithm for the η T Pairing Calculation in Characteristic Three and its Hardware Implementation
|
|
- Justina Andrews
- 6 years ago
- Views:
Transcription
1 An Algorithm for the η T Pairing Calculation in Characteristic Three and its Hardware Implementation Jean-Luc Beuchat 1 Masaaki Shirase 2 Tsuyoshi Takagi 2 Eiji Okamoto 1 1 Graduate School of Systems and Information Engineering University of Tsukuba, Japan 2 Future University-Hakodate, Japan Jean-Luc Beuchat (University of Tsukuba) η T Pairing in Characteristic Three Arith 18 1 / 25
2 Outline of the Talk 1 Example: Three-Party Key Agreement 2 Computation of the η T Pairing 3 Hardware Architecture 4 Conclusion Jean-Luc Beuchat (University of Tsukuba) η T Pairing in Characteristic Three Arith 18 2 / 25
3 Example: Three-Party Key Agreement Key agreement How can Alice, Bob, and Chris agree upon a shared secret key? Alice Bob? Chris Jean-Luc Beuchat (University of Tsukuba) η T Pairing in Characteristic Three Arith 18 3 / 25
4 Example: Three-Party Key Agreement Discrete logarithm problem (DLP) G = P : additively-written group of order n DLP: given P, Q, find the integer x {0,..., n 1} such that Q = xp Jean-Luc Beuchat (University of Tsukuba) η T Pairing in Characteristic Three Arith 18 4 / 25
5 Example: Three-Party Key Agreement Discrete logarithm problem (DLP) G = P : additively-written group of order n DLP: given P, Q, find the integer x {0,..., n 1} such that Q = xp Diffie-Hellman problem (DHP) Given P, ap, and bp, find abp. Alice a Bob b ap bp Jean-Luc Beuchat (University of Tsukuba) η T Pairing in Characteristic Three Arith 18 4 / 25
6 Example: Three-Party Key Agreement Discrete logarithm problem (DLP) G = P : additively-written group of order n DLP: given P, Q, find the integer x {0,..., n 1} such that Q = xp Diffie-Hellman problem (DHP) Given P, ap, and bp, find abp. Alice a ap Bob b ap bp bp Jean-Luc Beuchat (University of Tsukuba) η T Pairing in Characteristic Three Arith 18 4 / 25
7 Example: Three-Party Key Agreement Discrete logarithm problem (DLP) G = P : additively-written group of order n DLP: given P, Q, find the integer x {0,..., n 1} such that Q = xp Diffie-Hellman problem (DHP) Given P, ap, and bp, find abp. Alice a Bob b abp abp Jean-Luc Beuchat (University of Tsukuba) η T Pairing in Characteristic Three Arith 18 4 / 25
8 Example: Three-Party Key Agreement Alice ap a Bob bp b Chris cp c Jean-Luc Beuchat (University of Tsukuba) η T Pairing in Characteristic Three Arith 18 5 / 25
9 Example: Three-Party Key Agreement Alice a ap bp Bob bp b ap First round cp Chris cp c Jean-Luc Beuchat (University of Tsukuba) η T Pairing in Characteristic Three Arith 18 5 / 25
10 Example: Three-Party Key Agreement Alice abp a Bob bcp b Chris acp c Jean-Luc Beuchat (University of Tsukuba) η T Pairing in Characteristic Three Arith 18 5 / 25
11 Example: Three-Party Key Agreement Alice a abp bcp Bob bcp b abp Second round acp Chris acp c Jean-Luc Beuchat (University of Tsukuba) η T Pairing in Characteristic Three Arith 18 5 / 25
12 Example: Three-Party Key Agreement Alice abcp a Bob abcp b Chris abcp c Jean-Luc Beuchat (University of Tsukuba) η T Pairing in Characteristic Three Arith 18 5 / 25
13 Example: Three-Party Key Agreement Three-party two-round key agreement protocol Does a three-party one-round key agreement protocol exist? Jean-Luc Beuchat (University of Tsukuba) η T Pairing in Characteristic Three Arith 18 6 / 25
14 Example: Three-Party Key Agreement Bilinear pairing G 1 = P : additively-written group G 2 : multiplicatively-written group with identity 1 A bilinear pairing on (G 1, G 2 ) is a map ê : G 1 G 1 G 2 that satisfies the following conditions: 1 Bilinearity. For all Q, R, S G 1, ê(q + R, S) = ê(q, S)ê(R, S) and ê(q, R + S) = ê(q, R)ê(Q, S). 2 Non-degeneracy. ê(p, P) 1. 3 Computability. ê can be efficiently computed. Jean-Luc Beuchat (University of Tsukuba) η T Pairing in Characteristic Three Arith 18 7 / 25
15 Example: Three-Party Key Agreement Bilinear Diffie-Hellman problem (BDHP) Given P, ap, bp, and cp, compute ê(p, P) abc Assumption: the BDHP is difficult Jean-Luc Beuchat (University of Tsukuba) η T Pairing in Characteristic Three Arith 18 8 / 25
16 Example: Three-Party Key Agreement Alice ap a Bob bp b Chris cp c Jean-Luc Beuchat (University of Tsukuba) η T Pairing in Characteristic Three Arith 18 9 / 25
17 Example: Three-Party Key Agreement Alice ap a bp Bob bp b ap ap cp bp cp Chris cp c Jean-Luc Beuchat (University of Tsukuba) η T Pairing in Characteristic Three Arith 18 9 / 25
18 Example: Three-Party Key Agreement Alice ê(bp, cp) a a Bob ê(ap, cp) b b ê(bp, cp) a = ê(ap, cp) b = ê(ap, bp) c = ê(p, P) abc Chris ê(ap, bp) c c Jean-Luc Beuchat (University of Tsukuba) η T Pairing in Characteristic Three Arith 18 9 / 25
19 Example: Three-Party Key Agreement Examples of cryptographic bilinear maps Weil pairing Tate pairing η T pairing (Barreto et al.) Ate pairing (Hess et al.) Applications Identity based encryption Short signature Jean-Luc Beuchat (University of Tsukuba) η T Pairing in Characteristic Three Arith / 25
20 Computation of the η T Pairing Elliptic curve over F 3 m Q = (x q, y q ) P = (x p, y p ) P Q η T pairing calculation η T (P, Q) (F 3 6m) Exponentiation η T (P, Q) W F 3 6m Jean-Luc Beuchat (University of Tsukuba) η T Pairing in Characteristic Three Arith / 25
21 Computation of the η T Pairing Tower Field 1 ρ ρ 2 F 3 6m = F 3 2m[ρ]/(ρ 3 ρ 1) 1 σ F 3 2m = F 3 m[σ]/(σ 2 + 1) 1 x x 2 x m 3 x m 2 x m 1 F 3 m = F 3 [x]/(f (x)) F 3 = Z/3Z = {0, 1, 2} Jean-Luc Beuchat (University of Tsukuba) η T Pairing in Characteristic Three Arith / 25
22 Computation of the η T Pairing Tower Field F 3 2m F 3 2m F 32m 1 σ ρ σρ ρ 2 σρ 2 F 3 6m 12m bits 1 x x 2 x m 3 x m 2 x m 1 F 3 m 2m bits F 3 2 bits Jean-Luc Beuchat (University of Tsukuba) η T Pairing in Characteristic Three Arith / 25
23 Computation of the η T Pairing η T (P, Q) Addition Multiplication Cubing Cube root Jean-Luc Beuchat (University of Tsukuba) η T Pairing in Characteristic Three Arith / 25
24 Computation of the η T Pairing η T (P, Q) Addition Multiplication Cubing Cube root η T (P, Q) 3 m+1 2 Addition Multiplication Cubing Jean-Luc Beuchat (University of Tsukuba) η T Pairing in Characteristic Three Arith / 25
25 Computation of the η T Pairing η T (P, Q) Addition Multiplication Cubing Cube root η T (P, Q) 3 m+1 2 Addition Multiplication Cubing Bilinearity of η T (P, Q) W ( ([ η T (P, Q) W = 3m η T 3 m 1 2 ] P, Q ) m+1 ) W 3 2 Jean-Luc Beuchat (University of Tsukuba) η T Pairing in Characteristic Three Arith / 25
26 Computation of the η T Pairing Multiplication over F 3 6m Exponentiation Only one multiplication Operands: A and B F 3 6m Cost: 18 multiplications and 58 additions over F 3 m Jean-Luc Beuchat (University of Tsukuba) η T Pairing in Characteristic Three Arith / 25
27 Computation of the η T Pairing Multiplication over F 3 6m Only one multiplication Operands: A and B F 3 6m Exponentiation Cost: 18 multiplications and 58 additions over F 3 m Multiplication over F 3 6m η T (P, Q) m+1 2 multiplications Operands: A and B F 3 6m 1 with σ ρ σρ ρ 2 σρ 2 A = a 0 a 1 a a 0, a 1, and a 2 F 3 m Cost: 13 multiplications and 46 additions over F 3 m Jean-Luc Beuchat (University of Tsukuba) η T Pairing in Characteristic Three Arith / 25
28 Hardware Architecture P = (x p, y p ) Q = (x q, y q ) η T pairing calculation η T (P, Q) Exponentiation η T (P, Q) W Jean-Luc Beuchat (University of Tsukuba) η T Pairing in Characteristic Three Arith / 25
29 Hardware Architecture P = (x p, y p ) Q = (x q, y q ) η T pairing calculation η T (P, Q) Exponentiation η T (P, Q) W Multiplication over F 3 6m New algorithm 15 multiplications and 29 additions over F 3 m Allows one to share operands between multipliers (less registers) Architecture 9 multipliers Most significant coefficient first (Horner s rule) Jean-Luc Beuchat (University of Tsukuba) η T Pairing in Characteristic Three Arith / 25
30 Hardware Architecture Prototype Field: F 3 97 = F 3 [x]/(x 97 + x ) FPGA: Cyclone II EP2C35 (Altera) η T (P, Q) Arithmetic over F multipliers 2 adders 1 cubing unit Area: LEs Frequency: 149 MHz Computation time: 33 µs Exponentiation (Waifi 2007) Unified operator Area: 2787 LEs Frequency: 159 MHz Computation time: 26 µs Jean-Luc Beuchat (University of Tsukuba) η T Pairing in Characteristic Three Arith / 25
31 Hardware Architecture Comparisons Architecture Area Calculation time FPGA Our solution LEs 33 µs Cyclone II Grabher and Page (CHES 2005) 4481 slices 432 µs Virtex-II Pro Kerins et al. (CHES 2005) slices 850 µs Virtex-II Pro Ronan et al. (ITNG 2007) slices 178 µs Virtex-II Pro Beuchat et al. (CHES 2007) 1888 slices 222 µs Virtex-II Pro (1 slice 2 LEs) Jean-Luc Beuchat (University of Tsukuba) η T Pairing in Characteristic Three Arith / 25
32 Conclusion Future work Automatic generation of the control unit Application (e.g. short signature) Genus 2 Side-channel Jean-Luc Beuchat (University of Tsukuba) η T Pairing in Characteristic Three Arith / 25
33 Appendix Jean-Luc Beuchat (University of Tsukuba) η T Pairing in Characteristic Three Arith / 25
34 Multiplication over F 3 6m η T (P, Q) A ( r y p y q σ r 0 ρ ρ 2 ) = c 0 + c 1 σ + c 2 ρ + c 3 σρ + c 4 ρ 2 + c 5 σρ 2 c 0 c 1 σ c 2 ρ c 3 σρ c 4 ρ 2 c 5 σρ 2 a 4 r 0 a 5 r 0 a 0 r 0 a 1 r 0 a 2 r 0 a 3 r 0 a 2 a 3 a 4 a 5 a 0 a 1 a 2 a 3 a 4 a 5 a 4 r 0 a 5 r 0 a 0 r0 2 a 0 y p y q a 2 r0 2 a 2 y p y q a 4 r0 2 a 4 y p y q a 1 y p y q a 1 r0 2 a 3 y p y q a 3 r0 2 a 5 y p y q a 5 r0 2 Jean-Luc Beuchat (University of Tsukuba) η T Pairing in Characteristic Three Arith / 25
35 Multiplication over F 3 6m η T (P, Q) A ( r y p y q σ r 0 ρ ρ 2 ) = c 0 + c 1 σ + c 2 ρ + c 3 σρ + c 4 ρ 2 + c 5 σρ 2 c 0 c 1 σ c 2 ρ c 3 σρ c 4 ρ 2 c 5 σρ 2 a 4 r 0 a 5 r 0 a 0 r 0 a 1 r 0 a 2 r 0 a 3 r 0 a 2 a 3 a 4 a 5 a 0 a 1 a 2 a 3 a 4 a 5 a 4 r 0 a 5 r 0 a 0 r0 2 a 0 y p y q a 2 r0 2 a 2 y p y q a 4 r0 2 a 4 y p y q a 1 y p y q a 1 r0 2 a 3 y p y q a 3 r0 2 a 5 y p y q a 5 r0 2 1 Compute in parallel r 2 0, y py q, a 0 r 0, a 1 r 0, a 2 r 0, a 3 r 0, a 4 r 0, and a 5 r 0 (8 multiplications) Jean-Luc Beuchat (University of Tsukuba) η T Pairing in Characteristic Three Arith / 25
36 Multiplication over F 3 6m η T (P, Q) A ( r y p y q σ r 0 ρ ρ 2 ) = c 0 + c 1 σ + c 2 ρ + c 3 σρ + c 4 ρ 2 + c 5 σρ 2 c 0 c 1 σ c 2 ρ c 3 σρ c 4 ρ 2 c 5 σρ 2 a 4 r 0 a 5 r 0 a 0 r 0 a 1 r 0 a 2 r 0 a 3 r 0 a 2 a 3 a 4 a 5 a 0 a 1 a 2 a 3 a 4 a 5 a 4 r 0 a 5 r 0 a 0 r0 2 a 0 y p y q a 2 r0 2 a 2 y p y q a 4 r0 2 a 4 y p y q a 1 y p y q a 1 r0 2 a 3 y p y q a 3 r0 2 a 5 y p y q a 5 r0 2 1 Compute in parallel r 2 0, y py q, a 0 r 0, a 1 r 0, a 2 r 0, a 3 r 0, a 4 r 0, and a 5 r 0 (8 multiplications) 2 Apply Karatsuba s algorithm to compute the remaining products by means of 9 multipliers Jean-Luc Beuchat (University of Tsukuba) η T Pairing in Characteristic Three Arith / 25
37 Multiplication over F 3 6m η T (P, Q) A ( r y p y q σ r 0 ρ ρ 2 ) = c 0 + c 1 σ + c 2 ρ + c 3 σρ + c 4 ρ 2 + c 5 σρ 2 a 0 r0 2 a 0 y p y q a 2 r0 2 a 2 y p y q a 4 r0 2 a 4 y p y q a 1 y p y q a 1 r0 2 a 3 y p y q a 3 r0 2 a 5 y p y q a 5 r0 2 Karatsuba s algorithm (9 multiplications performed in parallel): a 0 y p y q a 1 r 2 0 = (a 0 + a 1 ) (y p y q r 2 0 ) + a 0 r 2 0 a 1 y p y q a 2 y p y q a 3 r 2 0 = (a 2 + a 3 ) (y p y q r 2 0 ) + a 2 r 2 0 a 3 y p y q a 4 y p y q a 5 r 2 0 = (a 4 + a 5 ) (y p y q r 2 0 ) + a 4 r 2 0 a 5 y p y q Jean-Luc Beuchat (University of Tsukuba) η T Pairing in Characteristic Three Arith / 25
38 Multiplication over F 3 6m η T (P, Q) Shift Load Load Load Load c4 D0 c3 c0 c1 c2 D1 M 0 M 1 M 2 a 0 r 0 a 2 r 0 a 4 r 0 a 0 r0 2 a 2 r0 2 a 4 r0 2 c5 Load Three multipliers c7 Clear Common operand: r 0 or r Synchronous reset c10 c6 c9 Select Load c8 Clear P Jean-Luc Beuchat (University of Tsukuba) η T Pairing in Characteristic Three Arith / 25
39 Multiplication over F 3 6m η T (P, Q) Shift Load Load Load Load c4 D0 c3 c0 c1 c2 D1 M 3 M 4 M 5 a 1 r 0 a 3 r 0 a 5 r 0 a 1 y p y q a 3 y p y q a 5 y p y q c5 Load Three multipliers c7 Clear Common operand: r 0 or y p y q Synchronous reset c10 c6 c9 Select Load c8 Clear P Jean-Luc Beuchat (University of Tsukuba) η T Pairing in Characteristic Three Arith / 25
40 Multiplication over F 3 6m η T (P, Q) Load Load Load D0 c0 c1 c2 D1 Load c10 Select c3 c5 Shift M 6 M 7 M 8 r0 2 y py q (a 0 + a 1) (a 2 + a 3) (a 4 + a 5) (y py q r0 2 ) (y py q r0 2 ) (y py q r0 2 ) c4 c6 c8 Load Load Clear c12 c11 Select Synchronous reset c7 c9 Load Clear P Jean-Luc Beuchat (University of Tsukuba) η T Pairing in Characteristic Three Arith / 25
41 A Coprocessor for the η T Pairing Computation d0 Mux0 1 0 d1 D0 Ctrl D1 pe_mult_block_t1_generic Q D0 Ctrl D1 pe_mult_block_t1_generic Q D0 Ctrl D1 pe_mult_block_t2_generic Q D0 Ctrl D1 pe_add S D2 Ctrl 0 1 Mux1 Qa D Ctrl pe_cubing C Mux2 0 1 RAM Qb Jean-Luc Beuchat (University of Tsukuba) η T Pairing in Characteristic Three Arith / 25
Arithmetic Operators for Pairing-Based Cryptography
Arithmetic Operators for Pairing-Based Cryptography Jean-Luc Beuchat Laboratory of Cryptography and Information Security Graduate School of Systems and Information Engineering University of Tsukuba 1-1-1
More informationArithmetic Operators for Pairing-Based Cryptography
Arithmetic Operators for Pairing-Based Cryptography J.-L. Beuchat 1 N. Brisebarre 2 J. Detrey 3 E. Okamoto 1 1 University of Tsukuba, Japan 2 École Normale Supérieure de Lyon, France 3 Cosec, b-it, Bonn,
More informationArithmetic operators for pairing-based cryptography
7. Kryptotag November 9 th, 2007 Arithmetic operators for pairing-based cryptography Jérémie Detrey Cosec, B-IT, Bonn, Germany jdetrey@bit.uni-bonn.de Joint work with: Jean-Luc Beuchat Nicolas Brisebarre
More informationSome Efficient Algorithms for the Final Exponentiation of η T Pairing
Some Efficient Algorithms for the Final Exponentiation of η T Pairing Masaaki Shirase 1, Tsuyoshi Takagi 1, and Eiji Okamoto 2 1 Future University-Hakodate, Japan 2 University of Tsukuba, Japan Abstract.
More informationArithmetic Operators for Pairing-Based Cryptography
Arithmetic Operators for Pairing-Based Cryptography Jean-Luc Beuchat 1, Nicolas Brisebarre 2,3, Jérémie Detrey 3, and Eiji Okamoto 1 1 Laboratory of Cryptography and Information Security, University of
More informationFaster F p -arithmetic for Cryptographic Pairings on Barreto-Naehrig Curves
Faster F p -arithmetic for Cryptographic Pairings on Barreto-Naehrig Curves Junfeng Fan, Frederik Vercauteren and Ingrid Verbauwhede Katholieke Universiteit Leuven, COSIC May 18, 2009 1 Outline What is
More informationParshuram Budhathoki FAU October 25, Ph.D. Preliminary Exam, Department of Mathematics, FAU
Parshuram Budhathoki FAU October 25, 2012 Motivation Diffie-Hellman Key exchange What is pairing? Divisors Tate pairings Miller s algorithm for Tate pairing Optimization Alice, Bob and Charlie want to
More informationOptimal Eta Pairing on Supersingular Genus-2 Binary Hyperelliptic Curves
CT-RSA 2012 February 29th, 2012 Optimal Eta Pairing on Supersingular Genus-2 Binary Hyperelliptic Curves Joint work with: Nicolas Estibals CARAMEL project-team, LORIA, Université de Lorraine / CNRS / INRIA,
More informationHardware Acceleration of the Tate Pairing in Characteristic Three
Hardware Acceleration of the Tate Pairing in Characteristic Three CHES 2005 Hardware Acceleration of the Tate Pairing in Characteristic Three Slide 1 Introduction Pairing based cryptography is a (fairly)
More informationAn Introduction to Pairings in Cryptography
An Introduction to Pairings in Cryptography Craig Costello Information Security Institute Queensland University of Technology INN652 - Advanced Cryptology, October 2009 Outline 1 Introduction to Pairings
More informationOne can use elliptic curves to factor integers, although probably not RSA moduli.
Elliptic Curves Elliptic curves are groups created by defining a binary operation (addition) on the points of the graph of certain polynomial equations in two variables. These groups have several properties
More informationMontgomery Algorithm for Modular Multiplication with Systolic Architecture
Montgomery Algorithm for Modular Multiplication with ystolic Architecture MRABET Amine LIAD Paris 8 ENIT-TUNI EL MANAR University A - MP - Gardanne PAE 016 1 Plan 1 Introduction for pairing Montgomery
More informationArithmetic Operators for Pairing-Based Cryptography
Arithmetic Operators for Pairing-Based Cryptography Jean-Luc Beuchat 1, Nicolas Brisebarre 2,3,Jérémie Detrey 3, and Eiji Okamoto 1 1 Graduate School of Systems and Information Engineering, University
More informationAsymmetric Pairings. Alfred Menezes (joint work with S. Chatterjee, D. Hankerson & E. Knapp)
Asymmetric Pairings Alfred Menezes (joint work with S. Chatterjee, D. Hankerson & E. Knapp) 1 Overview In their 2006 paper "Pairings for cryptographers", Galbraith, Paterson and Smart identified three
More informationShort Signature Scheme From Bilinear Pairings
Sedat Akleylek, Barış Bülent Kırlar, Ömer Sever, and Zaliha Yüce Institute of Applied Mathematics, Middle East Technical University, Ankara, Turkey {akleylek,kirlar}@metu.edu.tr,severomer@yahoo.com,zyuce@stm.com.tr
More informationAn FPGA-based Accelerator for Tate Pairing on Edwards Curves over Prime Fields
. Motivation and introduction An FPGA-based Accelerator for Tate Pairing on Edwards Curves over Prime Fields Marcin Rogawski Ekawat Homsirikamol Kris Gaj Cryptographic Engineering Research Group (CERG)
More informationA Dierential Power Analysis attack against the Miller's Algorithm
A Dierential Power Analysis attack against the Miller's Algorithm Nadia El Mrabet (1), G. Di Natale (2) and M.L. Flottes (2) (1) Team Arith, (2) Team CCSI/LIRMM, Université Montpellier 2 Prime 2009, UCC,
More informationA brief overwiev of pairings
Bordeaux November 22, 2016 A brief overwiev of pairings Razvan Barbulescu CNRS and IMJ-PRG R. Barbulescu Overview pairings 0 / 37 Plan of the lecture Pairings Pairing-friendly curves Progress of NFS attacks
More informationA Pipelined Karatsuba-Ofman Multiplier over GF(3 97 ) Amenable for Pairing Computation
A Pipelined Karatsuba-Ofman Multiplier over GF(3 97 ) Amenable for Pairing Computation Nidia Cortez-Duarte 1, Francisco Rodríguez-Henríquez 1, Jean-Luc Beuchat 2 and Eiji Okamoto 2 1 Computer Science Departament,
More informationCSC 774 Advanced Network Security
CSC 774 Advanced Network Security Topic 2.6 ID Based Cryptography #2 Slides by An Liu Outline Applications Elliptic Curve Group over real number and F p Weil Pairing BasicIdent FullIdent Extensions Escrow
More informationHigh Speed Cryptoprocessor for η T Pairing on 128-bit Secure Supersingular Elliptic Curves over Characteristic Two Fields
High Speed Cryptoprocessor for η T Pairing on 128-bit Secure Supersingular Elliptic Curves over Characteristic Two Fields Santosh Ghosh, Dipanwita Roychowdhury, and Abhijit Das Computer Science and Engineering
More informationCSC 774 Advanced Network Security
CSC 774 Advanced Network Security Topic 2.6 ID Based Cryptography #2 Slides by An Liu Outline Applications Elliptic Curve Group over real number and F p Weil Pairing BasicIdent FullIdent Extensions Escrow
More informationEfficient multiplication in characteristic three fields
Efficient multiplication in characteristic three fields Murat Cenk and M. Anwar Hasan Department of Electrical and Computer Engineering University of Waterloo, Waterloo, Ontario, Canada N2L 3G1 mcenk@uwaterloo.ca
More informationA Comparison between Hardware Accelerators for the Modified Tate Pairing over F 2
A Comparison between Hardware Accelerators for the Modified Tate Pairing over F m and F 3 m Jean-Luc Beuchat 1, Nicolas Brisebarre,Jérémie Detrey 3, Eiji Okamoto 1,andFranciscoRodríguez-Henríquez 4 1 Graduate
More informationElliptic curves: Theory and Applications. Day 4: The discrete logarithm problem.
Elliptic curves: Theory and Applications. Day 4: The discrete logarithm problem. Elisa Lorenzo García Université de Rennes 1 14-09-2017 Elisa Lorenzo García (Rennes 1) Elliptic Curves 4 14-09-2017 1 /
More informationPublic-key Cryptography and elliptic curves
Public-key Cryptography and elliptic curves Dan Nichols University of Massachusetts Amherst nichols@math.umass.edu WINRS Research Symposium Brown University March 4, 2017 Cryptography basics Cryptography
More informationThe Elliptic Curve in https
The Elliptic Curve in https Marco Streng Universiteit Leiden 25 November 2014 Marco Streng (Universiteit Leiden) The Elliptic Curve in https 25-11-2014 1 The s in https:// HyperText Transfer Protocol
More informationHigh Speed Cryptoprocessor for η T Pairing on 128-bit Secure Supersingular Elliptic Curves over Characteristic Two Fields
High Speed Cryptoprocessor for η T Pairing on 128-bit Secure Supersingular Elliptic Curves over Characteristic Two Fields Santosh Ghosh, Dipanwita Roy Chowdhury, and Abhijit Das Computer Science and Engineering
More informationID-based Encryption Scheme Secure against Chosen Ciphertext Attacks
ID-based Encryption Scheme Secure against Chosen Ciphertext Attacks ongxing Lu and Zhenfu Cao Department of Computer Science and Engineering, Shanghai Jiao Tong University, Shanghai 200030, P.. China {cao-zf,
More informationDefinition: For a positive integer n, if 0<a<n and gcd(a,n)=1, a is relatively prime to n. Ahmet Burak Can Hacettepe University
Number Theory, Public Key Cryptography, RSA Ahmet Burak Can Hacettepe University abc@hacettepe.edu.tr The Euler Phi Function For a positive integer n, if 0
More informationAspects of Pairing Inversion
Applications of Aspects of ECC 2007 - Dublin Aspects of Applications of Applications of Aspects of Applications of Pairings Let G 1, G 2, G T be groups of prime order r. A pairing is a non-degenerate bilinear
More informationBackground of Pairings
Background of Pairings Tanja Lange Department of Mathematics and Computer Science Technische Universiteit Eindhoven The Netherlands tanja@hyperelliptic.org 04.09.2007 Tanja Lange Background of Pairings
More informationPublic Key Cryptography
Public Key Cryptography Introduction Public Key Cryptography Unlike symmetric key, there is no need for Alice and Bob to share a common secret Alice can convey her public key to Bob in a public communication:
More informationSharing a Secret in Plain Sight. Gregory Quenell
Sharing a Secret in Plain Sight Gregory Quenell 1 The Setting: Alice and Bob want to have a private conversation using email or texting. Alice Bob 2 The Setting: Alice and Bob want to have a private conversation
More informationCryptanalysis and improvement of an ID-based ad-hoc anonymous identification scheme at CT-RSA 05
Cryptanalysis and improvement of an ID-based ad-hoc anonymous identification scheme at CT-RSA 05 Fangguo Zhang 1 and Xiaofeng Chen 2 1 Department of Electronics and Communication Engineering, Sun Yat-sen
More informationConstructing Pairing-Friendly Elliptic Curves for Cryptography
Constructing Pairing-Friendly Elliptic Curves for Cryptography University of California, Berkeley, USA 2nd KIAS-KMS Summer Workshop on Cryptography Seoul, Korea 30 June 2007 Outline 1 Pairings in Cryptography
More informationSecure Bilinear Diffie-Hellman Bits
Secure Bilinear Diffie-Hellman Bits Steven D. Galbraith 1, Herbie J. Hopkins 1, and Igor E. Shparlinski 2 1 Mathematics Department, Royal Holloway University of London Egham, Surrey, TW20 0EX, UK Steven.Galbraith@rhul.ac.uk,
More informationReprésentation RNS des nombres et calcul de couplages
Représentation RNS des nombres et calcul de couplages Sylvain Duquesne Université Rennes 1 Séminaire CCIS Grenoble, 7 Février 2013 Sylvain Duquesne (Rennes 1) RNS et couplages Grenoble, 07/02/13 1 / 29
More informationIntroduction to Elliptic Curve Cryptography. Anupam Datta
Introduction to Elliptic Curve Cryptography Anupam Datta 18-733 Elliptic Curve Cryptography Public Key Cryptosystem Duality between Elliptic Curve Cryptography and Discrete Log Based Cryptography Groups
More informationSM9 identity-based cryptographic algorithms Part 1: General
SM9 identity-based cryptographic algorithms Part 1: General Contents 1 Scope... 1 2 Terms and definitions... 1 2.1 identity... 1 2.2 master key... 1 2.3 key generation center (KGC)... 1 3 Symbols and abbreviations...
More informationOn the Efficiency and Security of Pairing-Based Protocols in the Type 1 and Type 4 Settings
On the Efficiency and Security of Pairing-Based Protocols in the Type 1 and Type 4 Settings Sanjit Chatterjee, Darrel Hankerson, and Alfred Menezes 1 Department of Combinatorics & Optimization, University
More informationAn Enhanced ID-based Deniable Authentication Protocol on Pairings
An Enhanced ID-based Deniable Authentication Protocol on Pairings Meng-Hui Lim*, Sanggon Lee**, Youngho Park***, Hoonjae Lee** *Department of Ubiquitous IT, Graduate school of Design & IT, Dongseo University,
More informationOn the complexity of computing discrete logarithms in the field F
On the complexity of computing discrete logarithms in the field F 3 6 509 Francisco Rodríguez-Henríquez CINVESTAV-IPN Joint work with: Gora Adj Alfred Menezes Thomaz Oliveira CINVESTAV-IPN University of
More informationMulti-core Implementation of the Tate Pairing over Supersingular Elliptic Curves
Multi-core Implementation of the Tate Pairing over Supersingular Elliptic Curves Jean-Luc Beuchat 1, Emmanuel López-Trejo, Luis Martínez-Ramos 3, Shigeo Mitsunari 4, and Francisco Rodríguez-Henríquez 3
More informationSide-Channel Attacks on Quantum-Resistant Supersingular Isogeny Diffie-Hellman
Side-Channel Attacks on Quantum-Resistant Supersingular Isogeny Diffie-Hellman Presenter: Reza Azarderakhsh CEECS Department and I-Sense, Florida Atlantic University razarderakhsh@fau.edu Paper by: Brian
More informationEfficient Implementation of Cryptographic pairings. Mike Scott Dublin City University
Efficient Implementation of Cryptographic pairings Mike Scott Dublin City University First Steps To do Pairing based Crypto we need two things l Efficient algorithms l Suitable elliptic curves We have
More informationReducing the Key Size of Rainbow using Non-Commutative Rings
Reducing the Key Size of Rainbow using Non-Commutative Rings Takanori Yasuda (Institute of systems, Information Technologies and Nanotechnologies (ISIT)), Kouichi Sakurai (ISIT, Kyushu university) and
More informationElliptic Curve Cryptography
The State of the Art of Elliptic Curve Cryptography Ernst Kani Department of Mathematics and Statistics Queen s University Kingston, Ontario Elliptic Curve Cryptography 1 Outline 1. ECC: Advantages and
More informationElliptic Curves: Theory and Application
s Phillips Exeter Academy Dec. 5th, 2018 Why Elliptic Curves Matter The study of elliptic curves has always been of deep interest, with focus on the points on an elliptic curve with coe cients in certain
More informationL7. Diffie-Hellman (Key Exchange) Protocol. Rocky K. C. Chang, 5 March 2015
L7. Diffie-Hellman (Key Exchange) Protocol Rocky K. C. Chang, 5 March 2015 1 Outline The basic foundation: multiplicative group modulo prime The basic Diffie-Hellman (DH) protocol The discrete logarithm
More informationElliptic Nets How To Catch an Elliptic Curve Katherine Stange USC Women in Math Seminar November 7,
Elliptic Nets How To Catch an Elliptic Curve Katherine Stange USC Women in Math Seminar November 7, 2007 http://www.math.brown.edu/~stange/ Part I: Elliptic Curves are Groups Elliptic Curves Frequently,
More informationCompact Ring LWE Cryptoprocessor
1 Compact Ring LWE Cryptoprocessor CHES 2014 Sujoy Sinha Roy 1, Frederik Vercauteren 1, Nele Mentens 1, Donald Donglong Chen 2 and Ingrid Verbauwhede 1 1 ESAT/COSIC and iminds, KU Leuven 2 Electronic Engineering,
More informationApplied Cryptography and Computer Security CSE 664 Spring 2018
Applied Cryptography and Computer Security Lecture 17: Elliptic Curves and Applications Department of Computer Science and Engineering University at Buffalo 1 Lecture Outline We previously looked at discrete
More informationSmall FPGA-Based Multiplication-Inversion Unit for Normal Basis over GF(2 m )
1 / 19 Small FPGA-Based Multiplication-Inversion Unit for Normal Basis over GF(2 m ) Métairie Jérémy, Tisserand Arnaud and Casseau Emmanuel CAIRN - IRISA July 9 th, 2015 ISVLSI 2015 PAVOIS ANR 12 BS02
More information標数 3 の超特異楕円曲線上の ηt ペアリングの高速実装
九州大学学術情報リポジトリ Kyushu University Institutional Repository 標数 3 の超特異楕円曲線上の ηt ペアリングの高速実装 川原, 祐人九州大学大学院数理学府 https://doi.org/10.15017/21704 出版情報 :Kyushu University, 2011, 博士 ( 機能数理学 ), 課程博士バージョン :published
More informationTate Bilinear Pairing Core Specification. Author: Homer Hsing
Tate Bilinear Pairing Core Specification Author: Homer Hsing homer.hsing@gmail.com Rev. 0.1 March 4, 2012 This page has been intentionally left blank. www.opencores.org Rev 0.1 ii Revision History Rev.
More informationABHELSINKI UNIVERSITY OF TECHNOLOGY
Identity-Based Cryptography T-79.5502 Advanced Course in Cryptology Billy Brumley billy.brumley at hut.fi Helsinki University of Technology Identity-Based Cryptography 1/24 Outline Classical ID-Based Crypto;
More informationApplied cryptography
Applied cryptography Identity-based Cryptography Andreas Hülsing 19 November 2015 1 / 37 The public key problem How to obtain the correct public key of a user? How to check its authenticity? General answer:
More informationCryptography from Pairings
DIAMANT/EIDMA Symposium, May 31st/June 1st 2007 1 Cryptography from Pairings Kenny Paterson kenny.paterson@rhul.ac.uk May 31st 2007 DIAMANT/EIDMA Symposium, May 31st/June 1st 2007 2 The Pairings Explosion
More informationEfficient Finite Field Multiplication for Isogeny Based Post Quantum Cryptography
Efficient Finite Field Multiplication for Isogeny Based Post Quantum Cryptography Angshuman Karmakar 1 Sujoy Sinha Roy 1 Frederik Vercauteren 1,2 Ingrid Verbauwhede 1 1 COSIC, ESAT KU Leuven and iminds
More informationEfficient Implementations of Pairing-Based Cryptography on Embedded Systems
Rochester Institute of Technology RIT Scholar Works Theses Thesis/Dissertation Collections 12-4-2015 Efficient Implementations of Pairing-Based Cryptography on Embedded Systems Rajeev Verma rv4560@rit.edu
More informationduring transmission safeguard information Cryptography: used to CRYPTOGRAPHY BACKGROUND OF THE MATHEMATICAL
THE MATHEMATICAL BACKGROUND OF CRYPTOGRAPHY Cryptography: used to safeguard information during transmission (e.g., credit card number for internet shopping) as opposed to Coding Theory: used to transmit
More informationAn Efficient Signature Scheme from Bilinear Pairings and Its Applications
An Efficient Signature Scheme from Bilinear Pairings and Its Applications Fangguo Zhang, Reihaneh Safavi-Naini and Willy Susilo School of Information Technology and Computer Science University of Wollongong,
More informationOther Public-Key Cryptosystems
Other Public-Key Cryptosystems Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-11/
More informationPublic-Key Cryptography. Public-Key Certificates. Public-Key Certificates: Use
Public-Key Cryptography Tutorial on Dr. Associate Professor Department of Computer Science and Engineering Indian Institute of Technology Kharagpur http://cse.iitkgp.ac.in/ abhij/ January 30, 2017 Short
More informationSecurity Analysis of Some Batch Verifying Signatures from Pairings
International Journal of Network Security, Vol.3, No.2, PP.138 143, Sept. 2006 (http://ijns.nchu.edu.tw/) 138 Security Analysis of Some Batch Verifying Signatures from Pairings Tianjie Cao 1,2,3, Dongdai
More informationVerifiable Security of Boneh-Franklin Identity-Based Encryption. Federico Olmedo Gilles Barthe Santiago Zanella Béguelin
Verifiable Security of Boneh-Franklin Identity-Based Encryption Federico Olmedo Gilles Barthe Santiago Zanella Béguelin IMDEA Software Institute, Madrid, Spain 5 th International Conference on Provable
More informationModular Multiplication in GF (p k ) using Lagrange Representation
Modular Multiplication in GF (p k ) using Lagrange Representation Jean-Claude Bajard, Laurent Imbert, and Christophe Nègre Laboratoire d Informatique, de Robotique et de Microélectronique de Montpellier
More informationOn A Large-scale Multiplier for Public Key Cryptographic Hardware
1,a) 1 1 1 1 1 Wallace tree n log n 64 128 Wallace tree,, Wallace tree,, VHDL On A Large-scale Multiplier for Public Key Cryptographic Hardware Masaaki Shirase 1,a) Kimura Keigo 1 Murayama Hiroyuki 1 Kato
More informationCPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Michael J. Fischer Lecture 11 February 21, 2013 CPSC 467b, Lecture 11 1/27 Discrete Logarithm Diffie-Hellman Key Exchange ElGamal Key Agreement Primitive Roots
More informationBreaking pairing-based cryptosystems using η T pairing over GF (3 97 )
Breaking pairing-based cryptosystems using η T pairing over GF (3 97 ) Takuya Hayashi 1, Takeshi Shimoyama 2, Naoyuki Shinohara 3, and Tsuyoshi Takagi 1 1 Kyushu University 2 FUJITSU LABORATORIES Ltd.
More informationOptimised versions of the Ate and Twisted Ate Pairings
Optimised versions of the Ate and Twisted Ate Pairings Seiichi Matsuda 1, Naoki Kanayama 1, Florian Hess 2, and Eiji Okamoto 1 1 University of Tsukuba, Japan 2 Technische Universität Berlin, Germany Abstract.
More informationHigh Performance GHASH Function for Long Messages
High Performance GHASH Function for Long Messages Nicolas Méloni 1, Christophe Négre 2 and M. Anwar Hasan 1 1 Department of Electrical and Computer Engineering University of Waterloo, Canada 2 Team DALI/ELIAUS
More informationMcBits: Fast code-based cryptography
McBits: Fast code-based cryptography Peter Schwabe Radboud University Nijmegen, The Netherlands Joint work with Daniel Bernstein, Tung Chou December 17, 2013 IMA International Conference on Cryptography
More informationImplementing the Weil, Tate and Ate pairings using Sage software
Sage days 10, Nancy, France Implementing the Weil, Tate and Ate pairings using Sage software Nadia EL MRABET LIRMM, I3M, Université Montpellier 2 Saturday 11 th October 2008 Outline of the presentation
More informationEfficient Implementation of Cryptographic pairings. Mike Scott Dublin City University
Efficient Implementation of Cryptographic pairings Mike Scott Dublin City University First Steps To do Pairing based Crypto we need two things Efficient algorithms Suitable elliptic curves We have got
More informationPairing-Based Cryptography An Introduction
ECRYPT Summer School Samos 1 Pairing-Based Cryptography An Introduction Kenny Paterson kenny.paterson@rhul.ac.uk May 4th 2007 ECRYPT Summer School Samos 2 The Pairings Explosion Pairings originally used
More informationCS-E4320 Cryptography and Data Security Lecture 11: Key Management, Secret Sharing
Lecture 11: Key Management, Secret Sharing Céline Blondeau Email: celine.blondeau@aalto.fi Department of Computer Science Aalto University, School of Science Key Management Secret Sharing Shamir s Threshold
More informationCryptography IV: Asymmetric Ciphers
Cryptography IV: Asymmetric Ciphers Computer Security Lecture 7 David Aspinall School of Informatics University of Edinburgh 31st January 2011 Outline Background RSA Diffie-Hellman ElGamal Summary Outline
More informationNumber Theory in Cryptology
Number Theory in Cryptology Abhijit Das Department of Computer Science and Engineering Indian Institute of Technology Kharagpur October 15, 2011 What is Number Theory? Theory of natural numbers N = {1,
More informationElliptic Curves. Giulia Mauri. Politecnico di Milano website:
Elliptic Curves Giulia Mauri Politecnico di Milano email: giulia.mauri@polimi.it website: http://home.deib.polimi.it/gmauri May 13, 2015 Giulia Mauri (DEIB) Exercises May 13, 2015 1 / 34 Overview 1 Elliptic
More informationKatherine Stange. ECC 2007, Dublin, Ireland
in in Department of Brown University http://www.math.brown.edu/~stange/ in ECC Computation of ECC 2007, Dublin, Ireland Outline in in ECC Computation of in ECC Computation of in Definition A integer sequence
More informationConstructing Abelian Varieties for Pairing-Based Cryptography
for Pairing-Based CWI and Universiteit Leiden, Netherlands Workshop on Pairings in Arithmetic Geometry and 4 May 2009 s MNT MNT Type s What is pairing-based cryptography? Pairing-based cryptography refers
More informationNon-generic attacks on elliptic curve DLPs
Non-generic attacks on elliptic curve DLPs Benjamin Smith Team GRACE INRIA Saclay Île-de-France Laboratoire d Informatique de l École polytechnique (LIX) ECC Summer School Leuven, September 13 2013 Smith
More informationA FPGA pairing implementation using the Residue Number System. Sylvain Duquesne, Nicolas Guillermin
A FPGA pairing implementation using the Residue Number System Sylvain Duquesne, Nicolas Guillermin IRMAR, UMR CNRS 6625 Université Rennes 1 Campus de Beaulieu 35042 Rennes cedex, France sylvain.duquesne@univ-rennes1.fr,
More informationFast Formulas for Computing Cryptographic Pairings
Fast Formulas for Computing Cryptographic Pairings Craig Costello craig.costello@qut.edu.au Queensland University of Technology May 28, 2012 1 / 47 Thanks: supervisors and co-authors Prof. Colin Boyd Dr.
More informationDual-Field Arithmetic Unit for GF(p) and GF(2 m ) *
Institute for Applied Information Processing and Communications Graz University of Technology Dual-Field Arithmetic Unit for GF(p) and GF(2 m ) * CHES 2002 Workshop on Cryptographic Hardware and Embedded
More informationThe Number Field Sieve for Barreto-Naehrig Curves: Smoothness of Norms
The Number Field Sieve for Barreto-Naehrig Curves: Smoothness of Norms by Michael Shantz A thesis presented to the University of Waterloo in fulfillment of the thesis requirement for the degree of Master
More informationPublic-Key Cryptosystems CHAPTER 4
Public-Key Cryptosystems CHAPTER 4 Introduction How to distribute the cryptographic keys? Naïve Solution Naïve Solution Give every user P i a separate random key K ij to communicate with every P j. Disadvantage:
More informationEfficient Computation for Pairing Based
Provisional chapter Chapter 3 Efficient Computation for Pairing Based Cryptography: Efficient Computation A Statefor ofpairing the Art Based Cryptography: A State of the Art Nadia El Mrabet Nadia El Mrabet
More information2. Cryptography 2.5. ElGamal cryptosystems and Discrete logarithms
CRYPTOGRAPHY 19 Cryptography 5 ElGamal cryptosystems and Discrete logarithms Definition Let G be a cyclic group of order n and let α be a generator of G For each A G there exists an uniue 0 a n 1 such
More informationCPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Instructor: Michael Fischer Lecture by Ewa Syta Lecture 13 March 3, 2013 CPSC 467b, Lecture 13 1/52 Elliptic Curves Basics Elliptic Curve Cryptography CPSC
More informationLecture 1: Introduction to Public key cryptography
Lecture 1: Introduction to Public key cryptography Thomas Johansson T. Johansson (Lund University) 1 / 44 Key distribution Symmetric key cryptography: Alice and Bob share a common secret key. Some means
More informationElliptic Curve Cryptosystems
Elliptic Curve Cryptosystems Santiago Paiva santiago.paiva@mail.mcgill.ca McGill University April 25th, 2013 Abstract The application of elliptic curves in the field of cryptography has significantly improved
More informationElliptic Curve Cryptography
Elliptic Curve Cryptography Elliptic Curves An elliptic curve is a cubic equation of the form: y + axy + by = x 3 + cx + dx + e where a, b, c, d and e are real numbers. A special addition operation is
More informationCIS 6930/4930 Computer and Network Security. Topic 5.2 Public Key Cryptography
CIS 6930/4930 Computer and Network Security Topic 5.2 Public Key Cryptography 1 Diffie-Hellman Key Exchange 2 Diffie-Hellman Protocol For negotiating a shared secret key using only public communication
More informationFoundations. P =! NP oneway function signature schemes Trapdoor oneway function PKC, IBS IBE
Foundations P =! NP oneway function signature schemes Trapdoor oneway function PKC, IBS IBE NP problems: IF, DL, Knapsack Hardness of these problems implies the security of cryptosytems? 2 Relations of
More informationAdvanced Constructions in Curve-based Cryptography
Advanced Constructions in Curve-based Cryptography Benjamin Smith Team GRACE INRIA and Laboratoire d Informatique de l École polytechnique (LIX) Summer school on real-world crypto and privacy Sibenik,
More informationElliptic Curve Cryptography and Security of Embedded Devices
Elliptic Curve Cryptography and Security of Embedded Devices Ph.D. Defense Vincent Verneuil Institut de Mathématiques de Bordeaux Inside Secure June 13th, 2012 V. Verneuil - Elliptic Curve Cryptography
More informationA Simple Architectural Enhancement for Fast and Flexible Elliptic Curve Cryptography over Binary Finite Fields GF(2 m )
A Simple Architectural Enhancement for Fast and Flexible Elliptic Curve Cryptography over Binary Finite Fields GF(2 m ) Stefan Tillich, Johann Großschädl Institute for Applied Information Processing and
More information