Montgomery Algorithm for Modular Multiplication with Systolic Architecture
|
|
- Amy Bradford
- 5 years ago
- Views:
Transcription
1 Montgomery Algorithm for Modular Multiplication with ystolic Architecture MRABET Amine LIAD Paris 8 ENIT-TUNI EL MANAR University A - MP - Gardanne PAE 016 1
2 Plan 1 Introduction for pairing Montgomery Multiplication (IO) 3 Architecture 4 Results 5 onclusion and Perspectives
3 Plan 1 Introduction for pairing Montgomery Multiplication (IO) 3 Architecture 4 Results 5 onclusion and Perspectives
4 General ontext This work is part of the hardware implementation of asymmetric cryptography primitives, such as Optimal-Ate pairing based on elliptic curves, the cryptographic systems based on elliptic curves and RA, 3
5 General ontext This work is part of the hardware implementation of asymmetric cryptography primitives, such as Optimal-Ate pairing based on elliptic curves, the cryptographic systems based on elliptic curves and RA, Which are the best known methods in asymmetric encryption 3
6 Definition Let G1 and G be two additive groups and let G3 be a multiplicative group Pairing is an application e : G1 G G3 with the following properties: 4
7 Definition Let G1 and G be two additive groups and let G3 be a multiplicative group Pairing is an application e : G1 G G3 with the following properties: e is non degenerate : if P G 1, P 0 it exists Q G such as e(p, Q) 1 and if Q G, Q 0 it exists P G 1 such as e(p, Q) 1 4
8 Definition Let G1 and G be two additive groups and let G3 be a multiplicative group Pairing is an application e : G1 G G3 with the following properties: e is non degenerate : if P G 1, P 0 it exists Q G such as e(p, Q) 1 and if Q G, Q 0 it exists P G 1 such as e(p, Q) 1 Bilinearity: e(xp, yq) = e(p,q) xy, e(xp, yq) z = e(yp, zq) x = e(zp, xq) y = e(p,q) xyz 4
9 Pairing protocols The bilinearity of the pairings allowed the construction of protocols 5
10 Pairing protocols The bilinearity of the pairings allowed the construction of protocols Diffie Hellman key exchange ( Joux 001) Identity-Based ryptography(boneh and Franklin) hort signature schemes (Boneh, Lynn, hacham) 5
11 Pairing protocols Example of ryptography Based on Identity : The secret of the trusted authority The Public keys are the identities of people Trusted authority Bob I B Alice I A 6
12 Pairing protocols Example of ryptography Based on Identity : The secret of the trusted authority The Public keys are the identities of people The private keys are onstructed by the trusted authority and Transmitted to users Trusted authority P B =*I B P A =*I A Bob I B Alice I A e (PB, IA) = e (IA, IB) s e (PA, IB) = e (IA, IB) s 6
13 Pairing protocols Example of ryptography Based on Identity Encryption step of the clear message M Alice wants to send a message to Bob: he chooses an integer a randomly, he retrieves Bob's public key : I B, he calculates the pairing e(i B ;Q 0 ) a, he sends to Bob : [ ap, M H (e(i B ;Q 0 ) a ) ]=[U,V] 7
14 Pairing protocols Example of ryptography Based on Identity Decryption step of the encrypted message Bob follows the following steps: He contacts the trusted authority to retrieve his private key P B = si B, He finds the message by calculating V H (e(p B,U)) The message : M The bilinearity of pairings : e(p B,U) = e(si B,aP) = e(i B,P) as = e(i B,sP) a 8
15 Different pairings Weil pairing e W : E (Fp)[r ] E(Fp k )/re (Fp k ) F * p k (P,Q) (-1) r f r, p (Q) / f r,q (P) Miller Lite f r, p (Q) Miller Full f r,q (P) Inversion Multiplication 9
16 Different pairings Weil pairing e W : E (Fp)[r ] E(Fp k )/re (Fp k ) F * p k (P,Q) (-1) r f r, p (Q) / f r,q (P) Tate pairing e T : E (Fp)[r ] E(Fp k )/re (Fp k ) F * p k (P,Q) [ f r, p (Q) ] (p^k- 1)/r Tate pairing is defined with the same parameters E, Fp, r, k than Weil pairing For the calculation of Tate pairing we make log(r) iterations during the Miller algorithm, where r is the order of the subgroups used 9
17 Different pairings Ate paring G1 = E[r] Ker(p-[1]) = E(Fp)[r], G = E[r] Ker(p-[p]) e A : G 1 G F * p k ; (P,Q) [ f T, Q (P) ] (p^k- 1)/r The main advantage compared to Tate pairing is the reduction of the number of iterations made during the Miller algorithm log(t) where T = t 1, and t is the Frobenius trace on E(Fp) The disadvantage of Ate pairing is that it corresponds to a Miller Full application 10
18 Different pairings Twisted Ate pairing G1 = E[r] Ker(p-[1]) = E(Fp)[r], G = E[r] Ker(p-[p]) e TA : G 1 G F * p k ; (P,Q) [ f T, p (Q) ] (p^k- 1)/r The calculation is made by an execution of Miller Lite, which would alleviate the complexity of the calculations 11
19 Different pairings Twisted Ate pairing G1 = E[r] Ker(p-[1]) = E(Fp)[r], G = E[r] Ker(p-[p]) e TA : G 1 G F * p k ; (P,Q) [ f T, p (Q) ] (p^k- 1)/r The calculation is made by an execution of Miller Lite, which would alleviate the complexity of the calculations Ate-Optimal (OATE) pairing Ate-Optimal pairing improves Ate pairing by reducing the number of iterations in the Miller algorithm used to calculate f,q(p) In the case of BN curves, OATE pairing is defined by: where = 6t+ (t the parameter of BN curves) 11
20 Basic operations The basic operations in the Finite field : Addition ubtraction Multiplication inversion 1
21 Basic operations The basic operations in the Finite field : Addition ubtraction Multiplication inversion onstitute the essential of calculation time of pairing That s why the optimization of these operation is the most important 1
22 Plan 1 Introduction for pairing Montgomery Multiplication (IO) 3 Architecture 4 Results 5 onclusion and Perspectives 13
23 Reminder: Montgomery algorithm 14
24 Reminder: Montgomery algorithm onversion between Ordinary Field and Montgomery Ordinary domain Montgomery domain a M(a)=aR mod p b M(b)=bR mod p ab M(ab)=abR mod p 14
25 The oarsely Integrated Operand canning method [1]? The IO method improves the Montgomery algorithm by integrating multiplication and reduction How? [1] Analyzing and omparing Montgomery Multiplication Algorithms, IEEE Micro, juin1996 etin Kaya Koç, Tolga Acar and Burton Kaliski Jr 15
26 The oarsely Integrated Operand canning method [1]? The IO method improves the Montgomery algorithm by integrating multiplication and reduction How? Instead of multiplying axb then performe to reduction, it allows to alternate between the iterations of multiplication and reduction [1] Analyzing and omparing Montgomery Multiplication Algorithms, IEEE Micro, juin1996 etin Kaya Koç, Tolga Acar and Burton Kaliski Jr 15
27 What is a systolic architecture? It s a network composed of a large number of cells, Each cell receives data from the neighboring cells, performs a simple calculation, and then transmits the results, always to neighboring cells 16
28 What is a systolic architecture? It s a network composed of a large number of cells, Each cell receives data from the neighboring cells, performs a simple calculation, and then transmits the results, always to neighboring cells 16
29 What is a systolic architecture? It s a network composed of a large number of cells, Each cell receives data from the neighboring cells, performs a simple calculation, and then transmits the results, always to neighboring cells A systolic architecture provides very simplified elementary cells Therefore, this architecture reduces resource requirements in hardware implementations 16
30 What is a systolic architecture? It s a network composed of a large number of cells, Each cell receives data from the neighboring cells, performs a simple calculation, and then transmits the results, always to neighboring cells A systolic architecture provides very simplified elementary cells Therefore, this architecture reduces resource requirements in hardware implementations Our contribution in this work is to combine a systolic architecture, which is supposed to be the best solution for FPGA implementations, with the IO method of the Montgomery modular multiplication 16
31 oarsely Integrated Operand canning oarsely Integrated Operand canning 17
32 oarsely Integrated Operand canning 17
33 utting the algorithm IO alpha : the lines 5 and 6 17
34 utting the algorithm IO alpha : the lines 5 and 6 _ alpha : the lines 7,8 and 9 17
35 utting the algorithm IO alpha : the lines 5 and 6 _ alpha : the lines 7,8 and 9 beta: the lines11 and 1 17
36 utting the algorithm IO alpha : the lines 5 and 6 _ alpha : the lines 7,8 and 9 beta: the lines11 and 1 gamma: the lines14 and 15 17
37 utting the algorithm IO alpha : the lines 5 and 6 _ alpha : the lines 7,8 and 9 beta: the lines11 and 1 gamma: the lines14 and 15 _ gamma: the lines16,17 and 18 17
38 Plan 1 Introduction Montgomery Multiplication (IO) 3 Architecture 4 Results 5 onclusion and Perspectives 18
39 IO in ystolic for s=8 a0 b0 a0 b1 a0 b a0 b3 a0 b4 a0 b5 a0 b6 a0 b7 i=0 j=0 j=1 j= j=3 j=4 j=5 j=7 j= _ 3 Multiplication tep _ Reduction tep 19
40 IO in ystolic for s=8 a0 b0 a0 b1 a0 b a0 b3 a0 b4 a0 b5 a0 b6 a0 b7 i=0 j=0 j=1 j= j=3 j=4 j=5 j=7 j= _ 3 Multiplication tep _ Reduction tep i= _ _ 19
41 IO in ystolic for s=8 a0 b0 a0 b1 a0 b a0 b3 a0 b4 a0 b5 a0 b6 a0 b7 i=0 j=0 j=1 j= j=3 j=4 j=5 j=7 j= _ 3 Multiplication tep _ Reduction tep i= _ _ In this architecture we also have an integration between the different iterations that loop on i In our case we have 3 iterations of i which can be executed at the same time 19
42 IO in ystolic for s=8 a0 b0 a0 b1 a0 b a0 b3 a0 b4 a0 b5 a0 b6 a0 b7 i=0 j=0 j=1 j= j=3 j=4 j=5 j=7 j= _ 3 Multiplication tep _ Reduction tep i= _ _ i= i=3 i=4 i=5 i=6 i= _ _ 19
43 IO in ystolic for s=8 a0 b0 a0 b1 a0 b a0 b3 a0 b4 a0 b5 a0 b6 a0 b7 i=0 j=0 j=1 j= j=3 j=4 j=5 j=7 j= _ 3 Multiplication tep _ Reduction tep i= _ _ i= i=3 i=4 i=5 i=6 i= _ _ a x b x R -1 mod p 19
44 IO in ystolic for s=8 =0 Multiplication tep Reduction tep i=1 i= i=3 i=4 i=5 i=6 i=7 a x b x R -1 mod p 0
45 IO in ystolic for s=8 =0 Multiplication tep Reduction tep i=1 i= ai bj i=3 i=4 i=5 i=6 i=7 a x b x R -1 mod p 0
46 IO in ystolic for s=8 =0 Multiplication tep Reduction tep i=1 i= m pj i=3 ai bj i=4 i=5 i=6 i=7 a x b x R -1 mod p 0
47 Data Flow B b0 b1 b b3 b4 b5 b6 b7 A a _ i=0 a _ 3 3 _ i=1 a _ i= P p0 p1 p p3 p4 p5 p6 p7 1
48 Data Flow B b0 b1 b b3 b4 b5 b6 b7 B1 B B3 b0 b1 b b3 b4 b5 b6 b7 A a _ i= _ a _ i= _ a i= P p0 p1 p p3 p4 p5 p6 p7 1
49 Data Flow B b0 b1 b b3 b4 b5 b6 b7 B1 B B3 b0 b1 b b3 b4 b5 b6 b7 A a _ i= _ a _ i= _ a7 p0 p1 p p3 p4 p5 p6 p i= P P3 P p0 p1 p p3 p4 p5 p6 p7 1
50 Data Flow B b0 b1 b b3 b4 b5 b6 b7 B1 B B3 b0 b1 b b3 b4 b5 b6 b7 A a _f i= _f a _f i= _f a7 P p0 p1 p p3 p4 p5 p6 p7 P P3 p0 p1 p p3 p4 p5 p6 p i= 1
51 Data Flow B b0 b1 b b3 b4 b5 b6 b7 B1 B B3 b1 b b0 b3 b4 b5 b6 b7 A a _f 3 _f i=0 a _f i= _f a7 P p0 p1 p p3 p4 p5 p6 p7 P P3 p0 p1 p p3 p4 p5 p6 p i= 1
52 Data Flow B b0 b1 b b3 b4 b5 b6 b7 B1 B B3 b b0 b1 b3 b4 b5 b6 b7 A a0 a _f _f i=0 3 3 _f i= _f a7 P p0 p1 p p3 p4 p5 p6 p7 P P3 p0 p1 p p3 p4 p5 p6 p i= 1
53 Data Flow B b0 b1 b b3 b4 b5 b6 b7 B1 B B3 b0 b1 b b3 b4 b5 b6 b7 A a0 a _f _f i=0 3 3 _f i= _f a7 P p0 p1 p p3 p4 p5 p6 p7 P P3 p0 p1 p p3 p4 p5 p6 p i= 1
54 Data Flow B b0 b1 b b3 b4 b5 b6 b7 B1 B B3 b1 b b0 b4 b5 b3 b6 b7 A a0 a _f _f i=0 3 3 _f i= _f a7 P p0 p1 p3 p4 p p5 p6 p7 P P3 p0 p1 p p3 p4 p5 p6 p i= 1
55 Data Flow B b0 b1 b b3 b4 b5 b6 b7 B1 B B3 b b0 b1 b5 b3 b4 b6 b7 A a0 a _f _f i=0 3 3 _f i= _f a7 P p0 p1 p4 p p3 p5 p6 p7 P P3 p0 p1 p p3 p4 p5 p6 p i= 1
56 Data Flow B b0 b1 b b3 b4 b5 b6 b7 B1 B B3 b0 b1 b b3 b4 b5 b6 b7 A a0 a _f 3 _f i=0 3 3 _f i= _f a a7 P p0 p1 p p3 p4 p5 p6 p7 P P3 p0 p1 p p3 p4 p5 p6 p i= 1
57 Data Flow B b0 b1 b b3 b4 b5 b6 b7 B1 B B3 b1 b b0 b4 b5 b3 b7 b6 A a0 a _f 3 _f i=0 3 3 _f i= _f a a7 P p0 p1 p3 p4 p p6 p7 p5 P P3 p0 p1 p p3 p4 p5 p6 p i= 1
58 Data Flow B b0 b1 b b3 b4 b5 b6 b7 B1 B B3 b b0 b1 b5 b3 b4 b7 b6 A a0 a _f 3, _f i=0 3 3 _f i= _f a a7 P p0 p1 p4 p p3 p7 p5 p6 P P3 p0 p1 p p3 p4 p5 p6 p i= 1
59 IO in ystolic for s=8 =0 i=1 i= i=3 i=4 Multiplication tep Reduction tep i=5 During execution of this algorithm there are always three iterations of the loop 'i' which are executed at the same time, which gives a maximum of three alphas and three gammas which are executed in parallel i=6 i=7 a x b x R -1 mod p
60 IO in ystolic for s=8 =0 0 1 i=1 0 1 i= According to the blocks that are repeated, we modeled our FM with 3 states, which allows us to perform all the multiplication in just 33 cycles (8+3)*3= i=3 0 1 i=4 Multiplication tep Reduction tep 0 1 i=5 0 1 i=6 0 1 i= a x b x R -1 mod p
61 IO in ystolic for s=16 a0 b0 a0 b1 a0 b a0 b3 a0 b4 a0 b5 a0 b14 a0 b15 j=0 j=1 j= j=3 j=4 j=5 j=14 j=15 i= _ _ 3
62 IO in ystolic for s=16 a0 b0 a0 b1 a0 b a0 b3 a0 b4 a0 b5 a0 b14 a0 b15 j=0 j=1 j= j=3 j=4 j=5 j=14 j=15 i= _ _ i= i=3 i= _ _ a x b x R -1 mod p 3
63 IO in ystolic for s=16 B b0 b1 b b3 b4 b5 b6 b7 b8 b9 b10 b11 b1 b13 b14 b15 B1 B3 B5 1 B b0 b1 b b3 b4 b5 3 4 B4 b6 b7 b8 b9 b10 b B6 b1 b13 b14 b15 4
64 IO in ystolic for s=16 B b0 b1 b b3 b4 b5 b6 b7 b8 b9 b10 b11 b1 b13 b14 b15 B1 B3 B5 1 B b0 b1 b b3 b4 b5 3 4 B4 b6 b7 b8 b9 b10 b B6 b1 b13 b14 b15 P p0 p1 p p3 p4 p5 p6 p7 p8 p9 p10 p11 p1 p13 p14 p15 p0 p p3 p4 4 p8 p9 p10 6 p14 p15 P P4 P6 1 p1 3 p5 p6 p7 5 p11 p1 p13 P1 P3 P5 4
65 IO in ystolic for s=8 alpha (1) alpha () alpha (3) alpha_ K=56, w=3, s=8 K=51, w=64, s=8 33 clock cycles beta gamma (1) gamma () gamma (3) gamma_ i++ 5
66 IO in ystolic for s=8 alpha (1) alpha () alpha (3) Alpha_f K=56, w=3, s=8 K=51, w=64, s=8 33 clock cycles beta gamma (1) gamma () gamma (3) gamma_ f i++ K=56, w=16, s=16 K=51, w=3, s=16 66 clock cycles alpha (1) alpha () alpha (3) alpha (4) alpha (5) alpha (6) alpha_f beta gamma (1) gamma () gamma (3) gamma (4) gamma (5) gamma (6) gamma_f i++ 5
67 omparison = cells 33 clock cycles = cells 66 clock cycles = cells 13 clock cycles = cells 64 clock cycles 6
68 The interest of each architecture =8 =16 =3 K= K= K= Number of cycles The interest of each architecture depends on our needs ecurity level Resources peed The method used 7
69 Architectures Digital signal processing (DP) Modern FPGAs are equipped with hardware extensions for arithmetic calculation 8
70 Architectures Digital signal processing (DP) Modern FPGAs are equipped with hardware extensions for arithmetic calculation Perform basic arithmetic calculations: multiplication, addition and subtraction of unsigned integers 8
71 Internal architectures - cells a[i] b[j] x + MB w bits REG LB w bits REG Out Out In In + alpha The arithmetic operations of each cell are designed to use the maximum of the DPs 9
72 Internal architectures - cells a[i] b[j] x + MB w bits REG LB w bits REG Out Out In In + alpha REG m p In P[0] x In x + REG Out beta 9
73 Internal architectures - cells m] p[j] x + MB w bits REG LB w bits REG Out Out In In + gamma 30
74 Internal architectures - cells m] p[j] x + MB w bits REG LB w bits REG Out Out In In + gamma 1 In + MB w bits REG LB w bits + w bits REG Out 1 Out In gamma_ 30
75 Internal architectures - cells m] p[j] x + MB w bits REG LB w bits REG Out Out In In + gamma 1 In + MB w bits REG LB w bits + w bits REG Out 1 Out In gamma In + MB w bits REG LB w bits REG Out 1 Out alpha_ 30
76 Internal architectures - Rotation X A (K bits) Mux ROTATION 31
77 Internal architectures - Rotation X A (K bits) Mux X B (3 w bits) Mux ROTATION ROTATION X B (3 w bits) Mux ROTATION X B ( w bits) Mux ROTATION 31
78 Internal architectures - Rotation X A (K bits) Mux X B (3 w bits) Mux X P (3 w bits) Mux ROTATION ROTATION ROTATION X B (3 w bits) Mux X P (3 w bits) Mux ROTATION ROTATION X B ( w bits) Mux ROTATION 31
79 Architectures Out _1_Out zero MUX _1_In sig_state _1_In MUX PE alpha (1) _1_Out A- alpha1 _1_Out 3
80 Architectures _3_Out Out _1_Out Out _1_Out zero MUX In sig_state PE alpha () MUX Out In MUX _1_In sig_state PE alpha (1) _1_In MUX _1_Out B- alpha Out A- alpha1 _1_Out 3
81 Architectures _3_Out Out _1_Out Out _1_Out zero MUX In sig_state PE alpha () MUX Out In MUX _1_In sig_state PE alpha (1) _1_In MUX _1_Out B- alpha Out A- alpha1 _1_Out 1 Out _3_Out Out MUX _3_In sig_state _3_In MUX PE alpha (3) _3_Out - alpha3 _3_Out 3
82 Architectures _ 1_In _ 1_In m p[0] PE gamma (1) _ 1_Out _ 1_Out D- gamma1 33
83 Architectures _ 1_In _ 1_In m p[0] PE gamma (1) _ 1_Out _ 1_Out D- gamma1 _ 1_Out MUX Out In sig_state In _ 1_Out MUX p[j] E- gamma m Out PE gamma () Out 33
84 Architectures _ 1_In _ 1_In m p[0] PE gamma (1) _ 1_Out _ 1_Out D- gamma1 Out _ 3_Out Out _ 1_Out Out _ 1_Out MUX _ 3_In sig_state _ 3_In MUX MUX In sig_state In MUX m p[j] PE gamma (3) _ 3_Out p[j] m PE gamma () Out F- gamma3 _ 3_Out E- gamma Out 33
85 Architectures 1 In In In PE gamma_ PE alpha_ H- gamma_ G- alpha_ 1 Out Out 1 Out Out In p P[0] PE beta I- beta m Out 34
86 Plan 1 Introduction Montgomery Multiplication (IO) 3 Architecture 4 Results 5 onclusion and Perspectives 35
87 Results Nexys 4 DP Frequency (MHz) ycles MMM(s=8/K=56) Alpha Gamma Beta Alpha_ Gamma_
88 Results Nexys 4 DP LUTs Reg Occupied slice MMM =8/k=56 MMM =16/k=56 MMM =8/k=51 MMM =16/k=51 Frequency ycles 37
89 Plan 1 Introduction Montgomery Multiplication (IO) 3 Architecture 4 Results 5 onclusion and Perspectives 38
90 conclusion and perspectives onclusion We have implemented the Montgomery multiplication with a systolic architecture in a number of fixed clock cycles We made our design in order to use the maximum of the DPs on FPGA card We implemented two architectures(s=8 and s=16) We used this two design to implement the scalar multiplication for the security level of 18-bits 39
91 Perspective Finalize the hardware implementation of the designs s= 3 s= 64 Perform a Mixed Implementation oft / hard (co-design) for the Optimal-Ate pairing on the BN curves in Jacobian coordinates using this multiplication algorithm 40
92
A Dierential Power Analysis attack against the Miller's Algorithm
A Dierential Power Analysis attack against the Miller's Algorithm Nadia El Mrabet (1), G. Di Natale (2) and M.L. Flottes (2) (1) Team Arith, (2) Team CCSI/LIRMM, Université Montpellier 2 Prime 2009, UCC,
More informationArithmetic operators for pairing-based cryptography
7. Kryptotag November 9 th, 2007 Arithmetic operators for pairing-based cryptography Jérémie Detrey Cosec, B-IT, Bonn, Germany jdetrey@bit.uni-bonn.de Joint work with: Jean-Luc Beuchat Nicolas Brisebarre
More informationHardware Acceleration of the Tate Pairing in Characteristic Three
Hardware Acceleration of the Tate Pairing in Characteristic Three CHES 2005 Hardware Acceleration of the Tate Pairing in Characteristic Three Slide 1 Introduction Pairing based cryptography is a (fairly)
More informationFaster F p -arithmetic for Cryptographic Pairings on Barreto-Naehrig Curves
Faster F p -arithmetic for Cryptographic Pairings on Barreto-Naehrig Curves Junfeng Fan, Frederik Vercauteren and Ingrid Verbauwhede Katholieke Universiteit Leuven, COSIC May 18, 2009 1 Outline What is
More informationCSC 774 Advanced Network Security
CSC 774 Advanced Network Security Topic 2.6 ID Based Cryptography #2 Slides by An Liu Outline Applications Elliptic Curve Group over real number and F p Weil Pairing BasicIdent FullIdent Extensions Escrow
More informationCSC 774 Advanced Network Security
CSC 774 Advanced Network Security Topic 2.6 ID Based Cryptography #2 Slides by An Liu Outline Applications Elliptic Curve Group over real number and F p Weil Pairing BasicIdent FullIdent Extensions Escrow
More informationIntroduction to Elliptic Curve Cryptography. Anupam Datta
Introduction to Elliptic Curve Cryptography Anupam Datta 18-733 Elliptic Curve Cryptography Public Key Cryptosystem Duality between Elliptic Curve Cryptography and Discrete Log Based Cryptography Groups
More informationAn Introduction to Pairings in Cryptography
An Introduction to Pairings in Cryptography Craig Costello Information Security Institute Queensland University of Technology INN652 - Advanced Cryptology, October 2009 Outline 1 Introduction to Pairings
More informationAn Algorithm for the η T Pairing Calculation in Characteristic Three and its Hardware Implementation
An Algorithm for the η T Pairing Calculation in Characteristic Three and its Hardware Implementation Jean-Luc Beuchat 1 Masaaki Shirase 2 Tsuyoshi Takagi 2 Eiji Okamoto 1 1 Graduate School of Systems and
More informationArithmetic Operators for Pairing-Based Cryptography
Arithmetic Operators for Pairing-Based Cryptography Jean-Luc Beuchat Laboratory of Cryptography and Information Security Graduate School of Systems and Information Engineering University of Tsukuba 1-1-1
More informationElliptic curves: Theory and Applications. Day 4: The discrete logarithm problem.
Elliptic curves: Theory and Applications. Day 4: The discrete logarithm problem. Elisa Lorenzo García Université de Rennes 1 14-09-2017 Elisa Lorenzo García (Rennes 1) Elliptic Curves 4 14-09-2017 1 /
More informationduring transmission safeguard information Cryptography: used to CRYPTOGRAPHY BACKGROUND OF THE MATHEMATICAL
THE MATHEMATICAL BACKGROUND OF CRYPTOGRAPHY Cryptography: used to safeguard information during transmission (e.g., credit card number for internet shopping) as opposed to Coding Theory: used to transmit
More informationEfficient Implementation of Cryptographic pairings. Mike Scott Dublin City University
Efficient Implementation of Cryptographic pairings Mike Scott Dublin City University First Steps To do Pairing based Crypto we need two things Efficient algorithms Suitable elliptic curves We have got
More informationCIS 6930/4930 Computer and Network Security. Topic 5.2 Public Key Cryptography
CIS 6930/4930 Computer and Network Security Topic 5.2 Public Key Cryptography 1 Diffie-Hellman Key Exchange 2 Diffie-Hellman Protocol For negotiating a shared secret key using only public communication
More informationDefinition: For a positive integer n, if 0<a<n and gcd(a,n)=1, a is relatively prime to n. Ahmet Burak Can Hacettepe University
Number Theory, Public Key Cryptography, RSA Ahmet Burak Can Hacettepe University abc@hacettepe.edu.tr The Euler Phi Function For a positive integer n, if 0
More informationSM9 identity-based cryptographic algorithms Part 1: General
SM9 identity-based cryptographic algorithms Part 1: General Contents 1 Scope... 1 2 Terms and definitions... 1 2.1 identity... 1 2.2 master key... 1 2.3 key generation center (KGC)... 1 3 Symbols and abbreviations...
More informationImplementing the Weil, Tate and Ate pairings using Sage software
Sage days 10, Nancy, France Implementing the Weil, Tate and Ate pairings using Sage software Nadia EL MRABET LIRMM, I3M, Université Montpellier 2 Saturday 11 th October 2008 Outline of the presentation
More informationModular Multiplication in GF (p k ) using Lagrange Representation
Modular Multiplication in GF (p k ) using Lagrange Representation Jean-Claude Bajard, Laurent Imbert, and Christophe Nègre Laboratoire d Informatique, de Robotique et de Microélectronique de Montpellier
More informationMontgomery-Suitable Cryptosystems
Montgomery-Suitable Cryptosystems [Published in G. Cohen, S. Litsyn, A. Lobstein, and G. Zémor, Eds., Algebraic Coding, vol. 781 of Lecture Notes in Computer Science, pp. 75-81, Springer-Verlag, 1994.]
More informationL7. Diffie-Hellman (Key Exchange) Protocol. Rocky K. C. Chang, 5 March 2015
L7. Diffie-Hellman (Key Exchange) Protocol Rocky K. C. Chang, 5 March 2015 1 Outline The basic foundation: multiplicative group modulo prime The basic Diffie-Hellman (DH) protocol The discrete logarithm
More informationPairings for Cryptography
Pairings for Cryptography Michael Naehrig Technische Universiteit Eindhoven Ñ ÐÖÝÔØÓ ºÓÖ Nijmegen, 11 December 2009 Pairings A pairing is a bilinear, non-degenerate map e : G 1 G 2 G 3, where (G 1, +),
More informationIntroduction to Modern Cryptography. Benny Chor
Introduction to Modern Cryptography Benny Chor RSA Public Key Encryption Factoring Algorithms Lecture 7 Tel-Aviv University Revised March 1st, 2008 Reminder: The Prime Number Theorem Let π(x) denote the
More informationParshuram Budhathoki FAU October 25, Ph.D. Preliminary Exam, Department of Mathematics, FAU
Parshuram Budhathoki FAU October 25, 2012 Motivation Diffie-Hellman Key exchange What is pairing? Divisors Tate pairings Miller s algorithm for Tate pairing Optimization Alice, Bob and Charlie want to
More information2.2. The Weil Pairing on Elliptic Curves If A and B are r-torsion points on some elliptic curve E(F q d ), let us denote the r-weil pairing of A and B
Weil Pairing vs. Tate Pairing in IBE systems Ezra Brown, Eric Errthum, David Fu October 10, 2003 1. Introduction Although Boneh and Franklin use the Weil pairing on elliptic curves to create Identity-
More informationAsymmetric Encryption
-3 s s Encryption Comp Sci 3600 Outline -3 s s 1-3 2 3 4 5 s s Outline -3 s s 1-3 2 3 4 5 s s Function Using Bitwise XOR -3 s s Key Properties for -3 s s The most important property of a hash function
More informationIntroduction to Cryptography. Lecture 8
Introduction to Cryptography Lecture 8 Benny Pinkas page 1 1 Groups we will use Multiplication modulo a prime number p (G, ) = ({1,2,,p-1}, ) E.g., Z 7* = ( {1,2,3,4,5,6}, ) Z p * Z N * Multiplication
More informationID-based Encryption Scheme Secure against Chosen Ciphertext Attacks
ID-based Encryption Scheme Secure against Chosen Ciphertext Attacks ongxing Lu and Zhenfu Cao Department of Computer Science and Engineering, Shanghai Jiao Tong University, Shanghai 200030, P.. China {cao-zf,
More informationOptimised versions of the Ate and Twisted Ate Pairings
Optimised versions of the Ate and Twisted Ate Pairings Seiichi Matsuda 1, Naoki Kanayama 1, Florian Hess 2, and Eiji Okamoto 1 1 University of Tsukuba, Japan 2 Technische Universität Berlin, Germany Abstract.
More informationElliptic Curve Cryptography
AIMS-VOLKSWAGEN STIFTUNG WORKSHOP ON INTRODUCTION TO COMPUTER ALGEBRA AND APPLICATIONS Douala, Cameroon, October 12, 2017 Elliptic Curve Cryptography presented by : BANSIMBA Gilda Rech BANSIMBA Gilda Rech
More informationABHELSINKI UNIVERSITY OF TECHNOLOGY
Identity-Based Cryptography T-79.5502 Advanced Course in Cryptology Billy Brumley billy.brumley at hut.fi Helsinki University of Technology Identity-Based Cryptography 1/24 Outline Classical ID-Based Crypto;
More informationLecture 1: Introduction to Public key cryptography
Lecture 1: Introduction to Public key cryptography Thomas Johansson T. Johansson (Lund University) 1 / 44 Key distribution Symmetric key cryptography: Alice and Bob share a common secret key. Some means
More informationEfficient Implementation of Cryptographic pairings. Mike Scott Dublin City University
Efficient Implementation of Cryptographic pairings Mike Scott Dublin City University First Steps To do Pairing based Crypto we need two things l Efficient algorithms l Suitable elliptic curves We have
More informationG Advanced Cryptography April 10th, Lecture 11
G.30-001 Advanced Cryptography April 10th, 007 Lecturer: Victor Shoup Lecture 11 Scribe: Kristiyan Haralambiev We continue the discussion of public key encryption. Last time, we studied Hash Proof Systems
More informationCPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Michael J. Fischer Lecture 11 February 21, 2013 CPSC 467b, Lecture 11 1/27 Discrete Logarithm Diffie-Hellman Key Exchange ElGamal Key Agreement Primitive Roots
More informationCRYPTOGRAPHY AND NUMBER THEORY
CRYPTOGRAPHY AND NUMBER THEORY XINYU SHI Abstract. In this paper, we will discuss a few examples of cryptographic systems, categorized into two different types: symmetric and asymmetric cryptography. We
More informationOptimal Eta Pairing on Supersingular Genus-2 Binary Hyperelliptic Curves
CT-RSA 2012 February 29th, 2012 Optimal Eta Pairing on Supersingular Genus-2 Binary Hyperelliptic Curves Joint work with: Nicolas Estibals CARAMEL project-team, LORIA, Université de Lorraine / CNRS / INRIA,
More informationCrypto math II. Alin Tomescu May 27, Abstract A quick overview on group theory from Ron Rivest s course in Spring 2015.
Crypto math II Alin Tomescu alinush@mit.edu May 7, 015 Abstract A quick overview on group theory from Ron Rivest s 6.857 course in Spring 015. 1 Overview Group theory review Diffie-Hellman (DH) key exchange
More informationTampering attacks in pairing-based cryptography. Johannes Blömer University of Paderborn September 22, 2014
Tampering attacks in pairing-based cryptography Johannes Blömer University of Paderborn September 22, 2014 1 / 16 Pairings Definition 1 A pairing is a bilinear, non-degenerate, and efficiently computable
More informationOWO Lecture: Modular Arithmetic with Algorithmic Applications
OWO Lecture: Modular Arithmetic with Algorithmic Applications Martin Otto Winter Term 2008/09 Contents 1 Basic ingredients 1 2 Modular arithmetic 2 2.1 Going in circles.......................... 2 2.2
More informationSecurity Issues in Cloud Computing Modern Cryptography II Asymmetric Cryptography
Security Issues in Cloud Computing Modern Cryptography II Asymmetric Cryptography Peter Schwabe October 21 and 28, 2011 So far we assumed that Alice and Bob both have some key, which nobody else has. How
More informationAsymmetric Pairings. Alfred Menezes (joint work with S. Chatterjee, D. Hankerson & E. Knapp)
Asymmetric Pairings Alfred Menezes (joint work with S. Chatterjee, D. Hankerson & E. Knapp) 1 Overview In their 2006 paper "Pairings for cryptographers", Galbraith, Paterson and Smart identified three
More informationBackground of Pairings
Background of Pairings Tanja Lange Department of Mathematics and Computer Science Technische Universiteit Eindhoven The Netherlands tanja@hyperelliptic.org 04.09.2007 Tanja Lange Background of Pairings
More information8 Elliptic Curve Cryptography
8 Elliptic Curve Cryptography 8.1 Elliptic Curves over a Finite Field For the purposes of cryptography, we want to consider an elliptic curve defined over a finite field F p = Z/pZ for p a prime. Given
More informationArithmetic Operators for Pairing-Based Cryptography
Arithmetic Operators for Pairing-Based Cryptography J.-L. Beuchat 1 N. Brisebarre 2 J. Detrey 3 E. Okamoto 1 1 University of Tsukuba, Japan 2 École Normale Supérieure de Lyon, France 3 Cosec, b-it, Bonn,
More informationLecture Notes, Week 6
YALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE CPSC 467b: Cryptography and Computer Security Week 6 (rev. 3) Professor M. J. Fischer February 15 & 17, 2005 1 RSA Security Lecture Notes, Week 6 Several
More information1 Number Theory Basics
ECS 289M (Franklin), Winter 2010, Crypto Review 1 Number Theory Basics This section has some basic facts about number theory, mostly taken (or adapted) from Dan Boneh s number theory fact sheets for his
More informationSide-Channel Attacks on Quantum-Resistant Supersingular Isogeny Diffie-Hellman
Side-Channel Attacks on Quantum-Resistant Supersingular Isogeny Diffie-Hellman Presenter: Reza Azarderakhsh CEECS Department and I-Sense, Florida Atlantic University razarderakhsh@fau.edu Paper by: Brian
More informationIntro to Public Key Cryptography Diffie & Hellman Key Exchange
Introduction to Modern Cryptography Lecture 5 Number Theory: 1. Quadratic residues. 2. The discrete log problem. Intro to Public Key Cryptography Diffie & Hellman Key Exchange Course Summary - Math Part
More informationLecture 19: Public-key Cryptography (Diffie-Hellman Key Exchange & ElGamal Encryption) Public-key Cryptography
Lecture 19: (Diffie-Hellman Key Exchange & ElGamal Encryption) Recall In private-key cryptography the secret-key sk is always established ahead of time The secrecy of the private-key cryptography relies
More informationCryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur
Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur Module No. # 01 Lecture No. # 33 The Diffie-Hellman Problem
More informationbasics of security/cryptography
RSA Cryptography basics of security/cryptography Bob encrypts message M into ciphertext C=P(M) using a public key; Bob sends C to Alice Alice decrypts ciphertext back into M using a private key (secret)
More informationOther Public-Key Cryptosystems
Other Public-Key Cryptosystems Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-11/
More informationLogic gates. Quantum logic gates. α β 0 1 X = 1 0. Quantum NOT gate (X gate) Classical NOT gate NOT A. Matrix form representation
Quantum logic gates Logic gates Classical NOT gate Quantum NOT gate (X gate) A NOT A α 0 + β 1 X α 1 + β 0 A N O T A 0 1 1 0 Matrix form representation 0 1 X = 1 0 The only non-trivial single bit gate
More informationPublic Key 9/17/2018. Symmetric Cryptography Review. Symmetric Cryptography: Shortcomings (1) Symmetric Cryptography: Analogy
Symmetric Cryptography Review Alice Bob Public Key x e K (x) y d K (y) x K K Instructor: Dr. Wei (Lisa) Li Department of Computer Science, GSU Two properties of symmetric (secret-key) crypto-systems: The
More informationHardware Implementation of Elliptic Curve Point Multiplication over GF (2 m ) for ECC protocols
Hardware Implementation of Elliptic Curve Point Multiplication over GF (2 m ) for ECC protocols Moncef Amara University of Paris 8 LAGA laboratory Saint-Denis / France Amar Siad University of Paris 8 LAGA
More informationConstructing Pairing-Friendly Elliptic Curves for Cryptography
Constructing Pairing-Friendly Elliptic Curves for Cryptography University of California, Berkeley, USA 2nd KIAS-KMS Summer Workshop on Cryptography Seoul, Korea 30 June 2007 Outline 1 Pairings in Cryptography
More informationReprésentation RNS des nombres et calcul de couplages
Représentation RNS des nombres et calcul de couplages Sylvain Duquesne Université Rennes 1 Séminaire CCIS Grenoble, 7 Février 2013 Sylvain Duquesne (Rennes 1) RNS et couplages Grenoble, 07/02/13 1 / 29
More informationPublic Key Cryptography
Public Key Cryptography Introduction Public Key Cryptography Unlike symmetric key, there is no need for Alice and Bob to share a common secret Alice can convey her public key to Bob in a public communication:
More informationElliptic Curves Cryptography and factorization. Part VIII. Elliptic curves cryptography and factorization. Historical Remarks.
Elliptic Curves Cryptography and factorization Part VIII Elliptic curves cryptography and factorization Cryptography based on manipulation of points of so called elliptic curves is getting momentum and
More informationFoundations. P =! NP oneway function signature schemes Trapdoor oneway function PKC, IBS IBE
Foundations P =! NP oneway function signature schemes Trapdoor oneway function PKC, IBS IBE NP problems: IF, DL, Knapsack Hardness of these problems implies the security of cryptosytems? 2 Relations of
More informationIntroduction to Modern Cryptography. Benny Chor
Introduction to Modern Cryptography Benny Chor RSA: Review and Properties Factoring Algorithms Trapdoor One Way Functions PKC Based on Discrete Logs (Elgamal) Signature Schemes Lecture 8 Tel-Aviv University
More informationRSA. Ramki Thurimella
RSA Ramki Thurimella Public-Key Cryptography Symmetric cryptography: same key is used for encryption and decryption. Asymmetric cryptography: different keys used for encryption and decryption. Public-Key
More informationCPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Instructor: Michael Fischer Lecture by Ewa Syta Lecture 13 March 3, 2013 CPSC 467b, Lecture 13 1/52 Elliptic Curves Basics Elliptic Curve Cryptography CPSC
More informationRSA-256bit 數位電路實驗 TA: 吳柏辰. Author: Trumen
RSA-256bit 數位電路實驗 TA: 吳柏辰 Author: Trumen Outline Introduction to Cryptography RSA Algorithm Montgomery Algorithm for RSA-256 bit 2 Introduction to Cryptography 3 Communication Is Insecure Alice Bob Paparazzi
More informationCosc 412: Cryptography and complexity Lecture 7 (22/8/2018) Knapsacks and attacks
1 Cosc 412: Cryptography and complexity Lecture 7 (22/8/2018) Knapsacks and attacks Michael Albert michael.albert@cs.otago.ac.nz 2 This week Arithmetic Knapsack cryptosystems Attacks on knapsacks Some
More informationPractice Assignment 2 Discussion 24/02/ /02/2018
German University in Cairo Faculty of MET (CSEN 1001 Computer and Network Security Course) Dr. Amr El Mougy 1 RSA 1.1 RSA Encryption Practice Assignment 2 Discussion 24/02/2018-29/02/2018 Perform encryption
More informationElliptic Curves. Giulia Mauri. Politecnico di Milano website:
Elliptic Curves Giulia Mauri Politecnico di Milano email: giulia.mauri@polimi.it website: http://home.deib.polimi.it/gmauri May 13, 2015 Giulia Mauri (DEIB) Exercises May 13, 2015 1 / 34 Overview 1 Elliptic
More informationLecture V : Public Key Cryptography
Lecture V : Public Key Cryptography Internet Security: Principles & Practices John K. Zao, PhD (Harvard) SMIEEE Amir Rezapoor Computer Science Department, National Chiao Tung University 2 Outline Functional
More informationElliptic Curve Cryptosystems
Elliptic Curve Cryptosystems Santiago Paiva santiago.paiva@mail.mcgill.ca McGill University April 25th, 2013 Abstract The application of elliptic curves in the field of cryptography has significantly improved
More informationLecture 17 - Diffie-Hellman key exchange, pairing, Identity-Based Encryption and Forward Security
Lecture 17 - Diffie-Hellman key exchange, pairing, Identity-Based Encryption and Forward Security Boaz Barak November 21, 2007 Cyclic groups and discrete log A group G is cyclic if there exists a generator
More informationEfficient Hardware Architecture for Scalar Multiplications on Elliptic Curves over Prime Field
Efficient Hardware Architecture for Scalar Multiplications on Elliptic Curves over Prime Field Khalid Javeed BEng, MEng A Disertation submitted in fulfilment of the requirements for the award of Doctor
More informationDiscrete Logarithm Problem
Discrete Logarithm Problem Finite Fields The finite field GF(q) exists iff q = p e for some prime p. Example: GF(9) GF(9) = {a + bi a, b Z 3, i 2 = i + 1} = {0, 1, 2, i, 1+i, 2+i, 2i, 1+2i, 2+2i} Addition:
More informationThe Elliptic Curve in https
The Elliptic Curve in https Marco Streng Universiteit Leiden 25 November 2014 Marco Streng (Universiteit Leiden) The Elliptic Curve in https 25-11-2014 1 The s in https:// HyperText Transfer Protocol
More informationLecture 28: Public-key Cryptography. Public-key Cryptography
Lecture 28: Recall In private-key cryptography the secret-key sk is always established ahead of time The secrecy of the private-key cryptography relies on the fact that the adversary does not have access
More informationPublic Key Cryptography. All secret key algorithms & hash algorithms do the same thing but public key algorithms look very different from each other.
Public Key Cryptography All secret key algorithms & hash algorithms do the same thing but public key algorithms look very different from each other. The thing that is common among all of them is that each
More informationChapter 8 Public-key Cryptography and Digital Signatures
Chapter 8 Public-key Cryptography and Digital Signatures v 1. Introduction to Public-key Cryptography 2. Example of Public-key Algorithm: Diffie- Hellman Key Exchange Scheme 3. RSA Encryption and Digital
More informationCryptography IV: Asymmetric Ciphers
Cryptography IV: Asymmetric Ciphers Computer Security Lecture 7 David Aspinall School of Informatics University of Edinburgh 31st January 2011 Outline Background RSA Diffie-Hellman ElGamal Summary Outline
More informationOverview. Background / Context. CSC 580 Cryptography and Computer Security. March 21, 2017
CSC 580 Cryptography and Computer Security Math for Public Key Crypto, RSA, and Diffie-Hellman (Sections 2.4-2.6, 2.8, 9.2, 10.1-10.2) March 21, 2017 Overview Today: Math needed for basic public-key crypto
More informationSome Efficient Algorithms for the Final Exponentiation of η T Pairing
Some Efficient Algorithms for the Final Exponentiation of η T Pairing Masaaki Shirase 1, Tsuyoshi Takagi 1, and Eiji Okamoto 2 1 Future University-Hakodate, Japan 2 University of Tsukuba, Japan Abstract.
More informationPublic-Key Encryption: ElGamal, RSA, Rabin
Public-Key Encryption: ElGamal, RSA, Rabin Introduction to Modern Cryptography Benny Applebaum Tel-Aviv University Fall Semester, 2011 12 Public-Key Encryption Syntax Encryption algorithm: E. Decryption
More informationDigital Signatures. Saravanan Vijayakumaran Department of Electrical Engineering Indian Institute of Technology Bombay
Digital Signatures Saravanan Vijayakumaran sarva@ee.iitb.ac.in Department of Electrical Engineering Indian Institute of Technology Bombay July 24, 2018 1 / 29 Group Theory Recap Groups Definition A set
More informationElliptic Curve Cryptography
Elliptic Curve Cryptography Elliptic Curves An elliptic curve is a cubic equation of the form: y + axy + by = x 3 + cx + dx + e where a, b, c, d and e are real numbers. A special addition operation is
More informationEfficient Implementations of Pairing-Based Cryptography on Embedded Systems
Rochester Institute of Technology RIT Scholar Works Theses Thesis/Dissertation Collections 12-4-2015 Efficient Implementations of Pairing-Based Cryptography on Embedded Systems Rajeev Verma rv4560@rit.edu
More informationAn Optimized Hardware Architecture of Montgomery Multiplication Algorithm
An Optimized Hardware Architecture of Montgomery Multiplication Algorithm Miaoqing Huang 1, Kris Gaj 2, Soonhak Kwon 3, and Tarek El-Ghazawi 1 1 The George Washington University, Washington, DC 20052,
More informationElliptic Nets How To Catch an Elliptic Curve Katherine Stange USC Women in Math Seminar November 7,
Elliptic Nets How To Catch an Elliptic Curve Katherine Stange USC Women in Math Seminar November 7, 2007 http://www.math.brown.edu/~stange/ Part I: Elliptic Curves are Groups Elliptic Curves Frequently,
More informationModular Reduction without Pre-Computation for Special Moduli
Modular Reduction without Pre-Computation for Special Moduli Tolga Acar and Dan Shumow Extreme Computing Group, Microsoft Research, Microsoft One Microsoft Way, Redmond, WA 98052, USA {tolga,danshu}@microsoft.com
More informationLecture 4 Chiu Yuen Koo Nikolai Yakovenko. 1 Summary. 2 Hybrid Encryption. CMSC 858K Advanced Topics in Cryptography February 5, 2004
CMSC 858K Advanced Topics in Cryptography February 5, 2004 Lecturer: Jonathan Katz Lecture 4 Scribe(s): Chiu Yuen Koo Nikolai Yakovenko Jeffrey Blank 1 Summary The focus of this lecture is efficient public-key
More informationPublic-key Cryptography and elliptic curves
Public-key Cryptography and elliptic curves Dan Nichols University of Massachusetts Amherst nichols@math.umass.edu WINRS Research Symposium Brown University March 4, 2017 Cryptography basics Cryptography
More informationMulti-key Hierarchical Identity-Based Signatures
Multi-key Hierarchical Identity-Based Signatures Hoon Wei Lim Nanyang Technological University 9 June 2010 Outline 1 Introduction 2 Preliminaries 3 Multi-key HIBS 4 Security Analysis 5 Discussion 6 Open
More informationCPSC 467: Cryptography and Computer Security
CPSC 467: Cryptography and Computer Security Michael J. Fischer 1 Lecture 13 October 16, 2017 (notes revised 10/23/17) 1 Derived from lecture notes by Ewa Syta. CPSC 467, Lecture 13 1/57 Elliptic Curves
More informationAspects of Pairing Inversion
Applications of Aspects of ECC 2007 - Dublin Aspects of Applications of Applications of Aspects of Applications of Pairings Let G 1, G 2, G T be groups of prime order r. A pairing is a non-degenerate bilinear
More informationT Advanced Course in Cryptology. March 28 th, ID-based authentication frameworks and primitives. Mikko Kiviharju
March 28 th, 2006 ID-based authentication frameworks and primitives Helsinki University of Technology mkivihar@cc.hut.fi 1 Overview Motivation History and introduction of IB schemes Mathematical basis
More informationElliptic Curve Cryptography
The State of the Art of Elliptic Curve Cryptography Ernst Kani Department of Mathematics and Statistics Queen s University Kingston, Ontario Elliptic Curve Cryptography 1 Outline 1. ECC: Advantages and
More informationPolynomial Interpolation in the Elliptic Curve Cryptosystem
Journal of Mathematics and Statistics 7 (4): 326-331, 2011 ISSN 1549-3644 2011 Science Publications Polynomial Interpolation in the Elliptic Curve Cryptosystem Liew Khang Jie and Hailiza Kamarulhaili School
More informationElliptic Curve Cryptography and Security of Embedded Devices
Elliptic Curve Cryptography and Security of Embedded Devices Ph.D. Defense Vincent Verneuil Institut de Mathématiques de Bordeaux Inside Secure June 13th, 2012 V. Verneuil - Elliptic Curve Cryptography
More informationCIS 551 / TCOM 401 Computer and Network Security
CIS 551 / TCOM 401 Computer and Network Security Spring 2008 Lecture 15 3/20/08 CIS/TCOM 551 1 Announcements Project 3 available on the web. Get the handout in class today. Project 3 is due April 4th It
More informationNumber Theory & Modern Cryptography
Number Theory & Modern Cryptography Week 12 Stallings: Ch 4, 8, 9, 10 CNT-4403: 2.April.2015 1 Introduction Increasing importance in cryptography Public Key Crypto and Signatures Concern operations on
More informationFast, twist-secure elliptic curve cryptography from Q-curves
Fast, twist-secure elliptic curve cryptography from Q-curves Benjamin Smith Team GRACE INRIA Saclay Île-de-France Laboratoire d Informatique de l École polytechnique (LIX) ECC #17, Leuven September 16,
More informationApplied Cryptography and Computer Security CSE 664 Spring 2018
Applied Cryptography and Computer Security Lecture 17: Elliptic Curves and Applications Department of Computer Science and Engineering University at Buffalo 1 Lecture Outline We previously looked at discrete
More informationSEMINAR SECURITY - REPORT ELLIPTIC CURVE CRYPTOGRAPHY
SEMINAR SECURITY - REPORT ELLIPTIC CURVE CRYPTOGRAPHY OFER M. SHIR, THE HEBREW UNIVERSITY OF JERUSALEM, ISRAEL FLORIAN HÖNIG, JOHANNES KEPLER UNIVERSITY LINZ, AUSTRIA ABSTRACT. The area of elliptic curves
More information