Speeding up the Scalar Multiplication on Binary Huff Curves Using the Frobenius Map
|
|
- Peter Campbell
- 5 years ago
- Views:
Transcription
1 International Journal of Algebra, Vol. 8, 2014, no. 1, 9-16 HIKARI Ltd, Speeding up the Scalar Multiplication on Binary Huff Curves Using the Frobenius Map Ahmed Youssef Ould Cheikh, Demba Sow and Djiby Sow Ecole Doctorale de Mathématiques et Informatique Laboratoire d Algèbre, de Cryptologie, de Géométrie Algèbrique et Applications Université Cheikh Anta Diop de Dakar, BP 5005 Dakar Fann, Sénégal Copyright c 2014 Ahmed Youssef Ould Cheikh, Demba Sow and Djiby Sow. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited. Abstract This paper introduces the scalar multiplication on Huff elliptic curves defined over a finite field of even characteristic using the Frobenius expansion. Introduction The use of elliptic curve in cryptography was suggested independently by Neal Koblitz [5] and Victor Miller [7] in The efficiency of elliptic curve cryptosystems relies essentially on the fundamental operation of the scalar multiplication, ie. for a given point P on an elliptic curve E and an integer n, compute the point Q = np = P + P P, (n copies of P ), where the operation + represent the group law on the curve. From here, two approaches are possible to solve this problem: find a good algorithm to efficiently compute np, or find families of curves where the group law can be evaluated efficiently. Among the techniques for computing np, the most common is the doubleand-add method (or binary method) where the scalar n is represented in its binary form. There exist also efficient algorithms such as the non-adjacent form (NAF )technique and all its variants (w-naf for example) introduced independently by Miyaji et al. [8] and Solinas [12]. Many other methods were introduced in [1, 9, 10].
2 10 Ahmed Youssef Ould Cheikh, Demba Sow and Djiby Sow Some arithmetic properties of certain families of elliptic curves can be exploited to devise fast group law, namely Koblitz elliptic curves over a finite field of characteristic two [6]. This curves were named anomalous binary curves by Solinas [11, 12]. The main interest of using this kind of curve is the fact that the scalar multiplication can be evaluated more efficiently by mean of the Frobenius endomorphism. In fact, the computing the Frobenius endomorphism on the curve is faster than the addition or the doubling on the curve [12]. Another approach for accelerating the scalar multiplication consist in finding families of curves where the group law can be evaluated efficiently. Among these curves we can cite Edwards curves [2], Hessian curves [4], Huff curves [3], etc. all in characteristic two. Binary Huff curves were introduced in [3] by Devigne and Joye. In [Huff], the authors show that every elliptic curve over a field F 2 m is isomorphic over F 2 m to an Huff curve. They also give fast addition and doubling formulæ on these curves: 12M for the cost of the addition of two points and 6M + 2D for doubling of a point. In this paper, we introduce the Frobenius endomorphism of a binary Huff curve and we show how to use it to accelerate the scalar multiplication on this curve. The rest of the paper is organized as follows: in the next section we recall some basic notions about the Frobenius endomorphism on elliptic curves and Huff curves. In section 2, we give the main result, ie the main theorem of the Frobenius endomorphism on Huff curves. We finish in section 3 by giving an application of the Frobenius endomorphism to speed up the scalar multiplication 1 Preliminaries 1.1 Frobenius endomorphism on Koblitz elliptic curves Let F q be a finite field of even characteristic(char(f q ) = 2, q = 2 m ). A Koblitz curve E over F q is given by a Weierstrass equation y 2 + xy = x 3 + ax + 1, with a, b F q and a {0, 1} and the point at infinity P. The q th -power Frobenius π q of E is defined as π q : E E (x, y) (x q, y q ).
3 Speeding up the scalar multiplication 11 Let N = #E(F q ), then by the Hasse theorem we have N = q + 1 t, with t 2 q is the trace of π q. The characteristic polynomial χ q (x) Z[x] of π q is given by and satisfies the equality χ q (x) = x 2 tx + q (π 2 q tπ q + q)p = P, for all P E(F q ), where F q is the algebraic closure of F q. 1.2 Huff curves in characteristic two Definition 1.1. A binary Huff curve is a set of projective points (X : Y : Z) P 2 (F 2 m) satisfying the equation E/F 2 m : ax(y 2 + Y Z + Z 2 ) = by (X 2 + XZ + Z 2 ), (1) where a, b F 2m and a b. On this curve there is three points at infinity satisfying the equation of the curve, namely (a : b : 0), (1 : 0 : 0) and (0 : 1 : 0). The corresponding affine model of Equation 1 is given by ax(y 2 + y + 1) = by(x 2 + x + 1). In [3], the authors show that every binary Huff curve is birationally equivalent to an elliptic curve given by a Weierstrass equation v(v + (a + b)u) = u(u + a 2 )(u + b 2 ). The set of rational points of E/F 2 m is equiped with the following group law: If P = (x, y) E(F 2 m) then P = ( x, ȳ), where 2P = (x 3, y 3 ), where x = y 1(b + ax 1 y 1 ) a + bx 1 y 1 and ȳ = x 1(a + bx 1 y 1 ) b + ax 1 y 1. x 3 = (a + b)x2 1(1 + y 2 1) b(1 + x 2 1)(1 + x 1 y 1 ) 2 and x 3 = (a + b)y2 1(1 + x 2 1) a(1 + y 2 1)(1 + x 1 y 1 ) 2
4 12 Ahmed Youssef Ould Cheikh, Demba Sow and Djiby Sow If P = (x 1, y 1 ) and Q = (x 2, y 2 ), then P + Q = (x 3, y 3 ) where x 3 = (x 1y 1 + x 2 y 2 )(1 + y 1 y 2 ) (y 1 + y 2 )(1 + x 1 x 2 y 1 y 2 ) and y 3 = (x 1y 1 + x 2 y 2 )(1 + x 1 x 2 ) (x 1 + x 2 )(1 + x 1 x 2 y 1 y 2 ). The authors present also unified addition formulæ, ie which can be used for doubling and addition. If P + Q = (x 3, y 3 ), then x 3 = b(x 1 + x 2 )(1 + x 1 x 2 y 1 y 2 ) + (a + b)x 1 x 2 (1 + y 1 y 2 ) b(1 + x 1 x 2 )(1 + x 1 x 2 y 1 y 2 ) y 3 = a(y (2) 1 + y 2 )(1 + x 1 x 2 y 1 y 2 ) + (a + b)y 1 y 2 (1 + x 1 x 2 ) a(1 + y 1 y 2 )(1 + x 1 x 2 y 1 y 2 ) They show also if G E(F 2 m) is a subgroup such that (a : b : 0), (1 : 0 : 0) and (0 : 1 : 0) / G, then the addition formulæ given by Equation 2 is complete. 2 Frobenius map on binary Huff curves Let F q be a finite field of characteristic two, ie q = 2 m and let E a,b be a Huff elliptic curve over F q. We define the q th -power Frobenius endomorphism φ q : E a,b E a,b (x, y) (x q, y q ). We introduce the following useful lemmas to demonstrate the main of this work. Lemme 2.1 ([3]). Let K be a finite field of characteristic 2. Then, every binary Huff curve E a,b is birationally equivalent over K to an elliptic curve E given by the Weierstrass equation Proof : See [3] Let σ be the isomorphism v(v + (a + b)u) = u(u + a 2 )(u + b 2 ). σ : E a,b E (x, y) (u, v), where (u, v) = ab ab(axy + b),. xy x 2 y
5 Speeding up the scalar multiplication 13 The inverse map is given by where σ 1 : E E a,b (u, v) (x, y), b(u + a 2 ) a(u + b 2 ) (x, y) =,. v v + (a + b)u Lemme 2.2. Let E a,b be a binary Huff curve over F q (q = 2 m ) and E be the birational equivalent curve of E a,b over F q. Let #E(F q ) = q + 1 t and let σ be the birational map defined above. Let π q be the q th power Frobenius endomorphism over E. Define ψ = σ 1 π q σ. Then, 1. ψ End(E a,b ), ie. ψ is an endomorphism of E a,b. 2. For all P E a,b (F q ) we have ψ 2 (P ) tψ(p ) + qp = O Ea,b Proof : ψ is an isogeny from E a,b to itself since σ is an isomorphism and π q is an isogeny from E to itself over F q. For P E a,b (F q ), let s denote σ(p ) = Q E(F q ). Then, (πq 2 tπ q + q)q = O E. Hence, Therefore We have the main theorem σ 1 (π 2 q tπ q + q)σ(p ) = O Ea,b. ψ 2 (P ) tψ(p ) + qp = O Ea,b. Theorem 2.3. Let E a,b be a binary Huff curve over F q, with #E a,b (F q ) = q + 1 t. Then, the Frobenius endomorphism of E a,b satisfies for all P E a,b (F q ) Proof of the theorem Let P = (x, y) E a,b (F q ). Then, (φ 2 q tφ q + q)p = P, ψ(x, y) = σ 1 π q σ(x, y) ab = σ 1 ab(axy + b) π q, xy x 2 y (ab) = σ 1 q (ab(axy + b))q, (xy) q (x 2 y) q = (α, β) = (x q, y q )
6 14 Ahmed Youssef Ould Cheikh, Demba Sow and Djiby Sow In fact, Then, α = b (ab) q + a 2 (xy) q (ab) q ((axy) q +b q ) x q (xy q ) = b((ab)q + a 2 (xy) q )x q (ab) q ((axy) q + b q ). α x q = xq (b((ab) q + a 2 (xy) q )) x q (ab) q ((axy) q + b q ) (ab) q ((axy) q + b q ) = xq (b((ab) q + a 2 (xy) q ) b q ((ab) q ) (ab) q (axy) q ) (ab) q ((axy) q + b q ) = xq ((ab) q (b b q ) + (a 2 b a 2q b q )(xy) q ) (ab) q ((axy) q + b q ) = 0 since b b q = and a 2 b a 2q b q = 0. Therefore, α = x q. By a similar computation, we have β = y q. Thus, which ends the proof. ψ(x, y) = (x q, y q ) = φ(x, y), 3 Applications to scalar multiplication 3.1 The τ-adic method Recall that the characteristic equation of the Frobenius endomorphism satisfies ϕ 2 + ϕ + 2 = 0. From this equation, it is clear that every integer k can be written in the form s 1 k = k i ϕ i, with k i { 1, 0, 1}. i=0 This representation is called τ-adic representation of the integer k. Therefore, the point kp can be computed as s 1 kp = k i ϕ i (P ). i=0
7 Speeding up the scalar multiplication 15 Algorithm 1 τ-adic method Require: a point P and the τ-adic representation (k s 1,..., k 0 ) of k 1: Q P 2: for (i = s 2; i 0; i ) do 3: if (k i = 0) then 4: Q ϕ(q)) 5: end if 6: if (k i = 1) then 7: Q ϕ(q) + P 8: end if 9: if (k i = 1) then 10: Q ϕ(q) P 11: end if 12: end for 13: return Q Example. A τ-adic expansion of 3 is 3 = = 1 + ( ϕ ϕ 2 ). For k = 5, we have 5 = = 1 + ( ϕ ϕ 2 ) 2 = 1 + ϕ 2 + 2ϕ 3 + ϕ 4 = 1 + ϕ 2 + ( ϕ ϕ 2 )ϕ 3 + ϕ 4 = 1 + ϕ 2 ϕ 5 Hence, 5P = P + ϕ 2 (P ) ϕ 5 (P ). The above algorithm, Algorithm 1 gives a nice way to compute the point kp with a τ-adic expansion of the integer k. References [1] R. Avanzi. A Note on the Signed Sliding Window Integer Recoding and a Left-to-Right Analogue. Proceedings of Selected Areas in Cryptography 2004, Waterloo, ON, Canada, 9-10 August 2004, Lecture Notes in Comput. Sci., Springer-Verlag, Berlin, [2] Bernstein, D.J., Lange, T., Farashahi, R.R. Binary Edwards curves. In Oswald, E., Rohatgi, P. (eds.) Cryptographic Hardware and Embedded Systems.. CHES Lecture Notes in Computer Science, vol. 5154, pp Springer (2008)
8 16 Ahmed Youssef Ould Cheikh, Demba Sow and Djiby Sow [3] J. Devigne, M. Joye. Binary Huff Curves. In A. Kiayias, Ed., Topics in Cryptology, CT-RSA 2011, vol of Lecture Notes in Computer Science, pp , Springer, [4] Farashahi, R.R., Joye, M. Efficient arithmetic on hessian curves. In Nguyen, P.Q., Pointcheval, D. (eds.), PKC LNCS, vol Springer, Heidelberg (2010), pp [5] N. Koblitz. Elliptic curve cryptosystems. Math. Comp., 48: , [6] N. Koblitz. CM-curves with good cryptographic properties. Advances in cryptology CRYPTO 91 (Santa Barbara, CA, 1991), Lecture Notes in Comput. Sci., vol. 576, Springer, Berlin, 1992, pp [7] V. S. Miller. Use of elliptic curves in cryptography. In H. C. Williams, editor, Advances in Cryptology - CRYPTO 85, volume 218 of Lect. Notes Comput. Sci., pages Springer, [8] A. Miyaji, T. Ono, and H. Cohen. Efficient elliptic curve exponentiation. Information and communications security. 1st international conference, ICICS 97, Beijing, China, November 11-14, Proceedings (Y. et al. Han, ed.), LNCS, vol. 1334, Springer-Verlag, 1997, pp [9] J. A. Muir and D. R. Stinson. Minimality and other properties of the width-w nonadjacent form. Tech. Report CORR , Centre for Applied Cryptographic Research, 2004, available at [10] J. A. Muir and D. R. Stinson. New minimal weight representations for left-to-right window methods. Tech. Report CACR , Centre for Applied Cryptographic Research, 2004, available at [11] J. A. Solinas. An improved algorithm for arithmetic on a family of elliptic curves. Advances in Cryptology - CRYPTO th annual international cryptology conference. Santa Barbara, CA, USA. August 17-21, Proceedings (B. S. jun. Kaliski, ed.), LNCS, vol. 1294, Springer, Berlin, 1997, pp [12] J. A. Solinas. Efficient arithmetic on Koblitz curves. Des. Codes Cryptogr. 19 (2000), no. 2-3, , Towards a quarter-century of public key cryptography. Received: November 11, 2013
SCALAR MULTIPLICATION ON KOBLITZ CURVES USING THE FROBENIUS ENDOMORPHISM AND ITS COMBINATION WITH POINT HALVING: EXTENSIONS AND MATHEMATICAL ANALYSIS
SCALAR MULTIPLICATION ON KOBLITZ CURVES USING THE FROBENIUS ENDOMORPHISM AND ITS COMBINATION WITH POINT HALVING: EXTENSIONS AND MATHEMATICAL ANALYSIS ROBERTO M. AVANZI, CLEMENS HEUBERGER, AND HELMUT PRODINGER
More informationA New Model of Binary Elliptic Curves with Fast Arithmetic
A New Model of Binary Elliptic Curves with Fast Arithmetic Hongfeng Wu 1 Chunming Tang 2 and Rongquan Feng 2 1 College of Science North China University of technology Beijing 100144 PR China whfmath@gmailcom
More informationElliptic curves in Huff s model
Elliptic curves in Huff s model Hongfeng Wu 1, Rongquan Feng 1 College of Sciences, North China University of Technology, Beijing 1001, China whfmath@gmailcom LMAM, School of Mathematical Sciences, Peking
More informationFast Simultaneous Scalar Multiplication on Elliptic Curve with Montgomery Form
Fast Simultaneous Scalar Multiplication on Elliptic Curve with Montgomery Form Toru Akishita Sony Corporation, 6-7-35 Kitashinagawa Shinagawa-ku, Tokyo, 141-0001, Japan akishita@pal.arch.sony.co.jp Abstract.
More informationFaster Point Multiplication on Elliptic Curves with Efficient Endomorphisms
Faster Point Multiplication on Elliptic Curves with Efficient Endomorphisms Robert P. Gallant 1, Robert J. Lambert 1, and Scott A. Vanstone 1,2 1 Certicom Research, Canada {rgallant,rlambert,svanstone}@certicom.com
More informationTwo Efficient Algorithms for Arithmetic of Elliptic Curves Using Frobenius Map
Two Efficient Algorithms for Arithmetic of Elliptic Curves Using Frobenius Map Jung Hee Cheon, Sungmo Park, Sangwoo Park, and Daeho Kim Electronics and Telecommunications Research Institute, 161 Kajong-Dong,Yusong-Gu,
More informationPairings on Generalized Huff Curves
Pairings on Generalized Huff Curves Abdoul Aziz Ciss and Djiby Sow Laboratoire d Algèbre, Codage, Cryptologie, Algèbre et Applications Université Cheikh Anta Diop de Dakar, Sénégal BP: 5005, Dakar Fann
More informationMathematical analysis of the computational complexity of integer sub-decomposition algorithm
Journal of Physics: Conference Series PAPER OPEN ACCESS Mathematical analysis of the computational complexity of integer sub-decomposition algorithm To cite this article: Ruma Kareem K Ajeena and Hailiza
More informationSoftware implementation of Koblitz curves over quadratic fields
Software implementation of Koblitz curves over quadratic fields Thomaz Oliveira 1, Julio López 2 and Francisco Rodríguez-Henríquez 1 1 Computer Science Department, Cinvestav-IPN 2 Institute of Computing,
More informationNew Composite Operations and Precomputation Scheme for Elliptic Curve Cryptosystems over Prime Fields
New Composite Operations and Precomputation Scheme for Elliptic Curve Cryptosystems over Prime Fields Patrick Longa 1 and Ali Miri 2 1 Department of Electrical and Computer Engineering University of Waterloo,
More informationElliptic Curve Cryptosystems and Scalar Multiplication
Annals of the University of Craiova, Mathematics and Computer Science Series Volume 37(1), 2010, Pages 27 34 ISSN: 1223-6934 Elliptic Curve Cryptosystems and Scalar Multiplication Nicolae Constantinescu
More informationFast point multiplication algorithms for binary elliptic curves with and without precomputation
Fast point multiplication algorithms for binary elliptic curves with and without precomputation Thomaz Oliveira 1 Diego F. Aranha 2 Julio López 2 Francisco Rodríguez-Henríquez 1 1 CINVESTAV-IPN, Mexico
More informationInteger Decomposition for Fast Scalar Multiplication on Elliptic Curves
Integer Decomposition for Fast Scalar Multiplication on Elliptic Curves Dongryeol Kim and Seongan Lim KISA (Korea Information Security Agency), 78, Garak-Dong, Songpa-Gu, Seoul 138-803, Korea {drkim, seongan}@kisa.or.kr
More informationOn the Optimal Pre-Computation of Window τ NAF for Koblitz Curves
On the Optimal Pre-Computation of Window τ NAF for Koblitz Curves William R. Trost and Guangwu Xu Abstract Koblitz curves have been a nice subject of consideration for both theoretical and practical interests.
More informationSummation polynomials and the discrete logarithm problem on elliptic curves
Summation polynomials and the discrete logarithm problem on elliptic curves Igor Semaev Department of Mathematics University of Leuven,Celestijnenlaan 200B 3001 Heverlee,Belgium Igor.Semaev@wis.kuleuven.ac.be
More informationSubring of a SCS-Ring
International Journal of Algebra, Vol. 7, 2013, no. 18, 867-871 HIKARI Ltd, www.m-hikari.com http://dx.doi.org/10.12988/ija.2013.3986 Subring of a SCS-Ring Ishagh ould EBBATT, Sidy Demba TOURE, Abdoulaye
More informationInstitute for Mathematical Research, Universiti Putra Malaysia, Serdang, Selangor, Malaysia ABSTRACT
Malaysian Journal of Mathematical Sciences 9(S) June: 71-88 (2015) Special Issue: The 4 th International Cryptology and Information Security Conference 2014 (Cryptology 2014) MALAYSIAN JOURNAL OF MATHEMATICAL
More informationAffine Precomputation with Sole Inversion in Elliptic Curve Cryptography
Affine Precomputation with Sole Inversion in Elliptic Curve Cryptography Erik Dahmen, 1 Katsuyuki Okeya, 2 and Daniel Schepers 1 1 Technische Universität Darmstadt, Fachbereich Informatik, Hochschulstr.10,
More informationImplementing Pairing-Based Cryptosystems
Implementing Pairing-Based Cryptosystems Zhaohui Cheng and Manos Nistazakis School of Computing Science, Middlesex University White Hart Lane, London N17 8HR, UK. {m.z.cheng, e.nistazakis}@mdx.ac.uk Abstract:
More informationNew Minimal Weight Representations for Left-to-Right Window Methods
New Minimal Weight Representations for Left-to-Right Window Methods James A. Muir 1 and Douglas R. Stinson 2 1 Department of Combinatorics and Optimization 2 School of Computer Science University of Waterloo
More informationHashing into Hessian Curves
Hashing into Hessian Curves Reza Rezaeian Farashahi Department of Computing Macquarie University Sydney, NSW 109, Australia Abstract We describe a hashing function from the elements of the finite field
More informationDefinition of a finite group
Elliptic curves Definition of a finite group (G, * ) is a finite group if: 1. G is a finite set. 2. For each a and b in G, also a * b is in G. 3. There is an e in G such that for all a in G, a * e= e *
More informationFaster Scalar Multiplication on Koblitz Curves combining Point Halving with the Frobenius Endomorphism
Faster Scalar Multiplication on Koblitz Curves combining Point Halving with the Frobenius Endomorphism Roberto Maria Avanzi 1, Mathieu Ciet 2, and Francesco Sica 3 1 IEM, University of Duisburg-Essen,
More informationA note on López-Dahab coordinates
A note on López-Dahab coordinates Tanja Lange Faculty of Mathematics, Matematiktorvet - Building 303, Technical University of Denmark, DK-2800 Kgs. Lyngby, Denmark tanja@hyperelliptic.org Abstract López-Dahab
More informationanomalous binary curves, also known as Koblitz curves. The application of our algorithm could lead to efficient implementations of elliptic curve cryp
Parallel Algorithm for Multiplication on Elliptic Curves Juan Manuel Garcia Garcia 1 and Rolando Menchaca Garcia 2 1 Department of Computer Systems Instituto Tecnologico de Morelia Morelia, Mexico jmgarcia@sekureit.com
More informationA Note on Scalar Multiplication Using Division Polynomials
1 A Note on Scalar Multiplication Using Division Polynomials Binglong Chen, Chuangqiang Hu and Chang-An Zhao Abstract Scalar multiplication is the most important and expensive operation in elliptic curve
More informationElliptic Curves I. The first three sections introduce and explain the properties of elliptic curves.
Elliptic Curves I 1.0 Introduction The first three sections introduce and explain the properties of elliptic curves. A background understanding of abstract algebra is required, much of which can be found
More informationConstructing genus 2 curves over finite fields
Constructing genus 2 curves over finite fields Kirsten Eisenträger The Pennsylvania State University Fq12, Saratoga Springs July 15, 2015 1 / 34 Curves and cryptography RSA: most widely used public key
More informationGröbner Bases over a Dual Valuation Domain
International Journal of Algebra, Vol. 7, 2013, no. 11, 539-548 HIKARI Ltd, www.m-hikari.com http://dx.doi.org/10.12988/ija.2013.3550 Gröbner Bases over a Dual Valuation Domain André Saint Eudes Mialébama
More informationOn a new generalization of Huff curves
On a new generalization of Huff curves Abdoul Aziz Ciss and Djiby Sow École doctorale de Mathématiques et d Informatique, Université Cheikh Anta Diop de Dakar, Sénégal BP: 5005, Dakar Fann abdoul.ciss@ucad.edu.sn,sowdjibab@ucad.sn
More informationParameterization of Edwards curves on the rational field Q with given torsion subgroups. Linh Tung Vo
Parameterization of Edwards curves on the rational field Q with given torsion subgroups Linh Tung Vo Email: vtlinh@bcy.gov.vn Abstract. This paper presents the basic concepts of the Edwards curves, twisted
More informationArithmetic of split Kummer surfaces: Montgomery endomorphism of Edwards products
1 Arithmetic of split Kummer surfaces: Montgomery endomorphism of Edwards products David Kohel Institut de Mathématiques de Luminy International Workshop on Codes and Cryptography 2011 Qingdao, 2 June
More informationScalar Multiplication on Koblitz Curves using
Scalar Multiplication on Koblitz Curves using τ 2 NAF Sujoy Sinha Roy 1, Chester Rebeiro 1, Debdeep Mukhopadhyay 1, Junko Takahashi 2 and Toshinori Fukunaga 3 1 Dept. of Computer Science and Engineering
More informationOrdinary Pairing Friendly Curve of Embedding Degree 3 Whose Order Has Two Large Prime Factors
Memoirs of the Faculty of Engineering, Okayama University, Vol. 44, pp. 60-68, January 2010 Ordinary Pairing Friendly Curve of Embedding Degree Whose Order Has Two Large Prime Factors Yasuyuki NOGAMI Graduate
More informationAn Alternate Decomposition of an Integer for Faster Point Multiplication on Certain Elliptic Curves
An Alternate Decomposition of an Integer for Faster Point Multiplication on Certain Elliptic Curves Young-Ho Park 1,, Sangtae Jeong 2, Chang Han Kim 3, and Jongin Lim 1 1 CIST, Korea Univ., Seoul, Korea
More informationFractional Windows Revisited: Improved Signed-Digit Representations for Efficient Exponentiation
Appears in C. Park, S. Chee (Eds.): Information Security and Cryptology ICISC 2004, Springer-Verlag LNCS 3506, pp. 137 153, ISBN-13 978-3-540-26226-8, 2005. Fractional Windows Revisited: Improved Signed-Digit
More informationRandomized Signed-Scalar Multiplication of ECC to Resist Power Attacks
Randomized Signed-Scalar Multiplication of ECC to Resist Power Attacks Jae Cheol Ha 1 and Sang Jae Moon 2 1 Division of Information Science, Korea Nazarene Univ., Cheonan, Choongnam, 330-718, Korea jcha@kornu.ac.kr
More informationDivison Polynomials for Alternate Models of Elliptic Curves
Divison Polynomials for Alternate Models of Elliptic Curves Dustin Moody December 0 00 Abstract In this paper we find division polynomials for Huff curves Jacobi quartics and Jacobi intersections. These
More informationCPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Instructor: Michael Fischer Lecture by Ewa Syta Lecture 13 March 3, 2013 CPSC 467b, Lecture 13 1/52 Elliptic Curves Basics Elliptic Curve Cryptography CPSC
More informationRandom Small Hamming Weight Products with Applications to Cryptography
Random Small Hamming Weight Products with Applications to Cryptography Jeffrey Hoffstein, Joseph H. Silverman NTRU Cryptosystems, Inc., 5 Burlington Woods, Burlington, MA 01803 USA, jhoff@ntru.com, jhs@ntru.com
More informationSYMMETRIC DIGIT SETS FOR ELLIPTIC CURVE SCALAR MULTIPLICATION WITHOUT PRECOMPUTATION
SYMMETRIC DIGIT SETS FOR ELLIPTIC CURVE SCALAR MULTIPLICATION WITHOUT PRECOMPUTATION CLEMENS HEUBERGER AND MICHELA MAZZOLI Abstract. We describe a method to perform scalar multiplication on two classes
More informationSpeeding Up the Fixed-Base Comb Method for Faster Scalar Multiplication on Koblitz Curves
Speeding Up the Fixed-Base Comb Method for Faster Scalar Multiplication on Koblitz Curves Christian Hanser and Christian Wagner Institute for Applied Information Processing and Communications (IAIK), Graz
More informationTwisted Jacobi Intersections Curves
Twisted Jacobi Intersections Curves Rongquan Feng 1, Menglong Nie 1, Hongfeng Wu 2 1 LMAM, School of Mathematical Sciences, Peking University, Beijing 100871, P.R. China 2 Academy of Mathematics and Systems
More informationCORRESPONDENCE BETWEEN ELLIPTIC CURVES IN EDWARDS-BERNSTEIN AND WEIERSTRASS FORMS
CORRESPONDENCE BETWEEN ELLIPTIC CURVES IN EDWARDS-BERNSTEIN AND WEIERSTRASS FORMS DEPARTMENT OF MATHEMATICS AND STATISTICS UNIVERSITY OF OTTAWA SUPERVISOR: PROFESSOR MONICA NEVINS STUDENT: DANG NGUYEN
More informationFast Point Multiplication on Elliptic Curves Without Precomputation
Published in J. von zur Gathen, J.L. Imaña, and Ç.K. Koç, Eds, Arithmetic of Finite Fields (WAIFI 2008), vol. 5130 of Lecture Notes in Computer Science, pp. 36 46, Springer, 2008. Fast Point Multiplication
More informationNew Strategy for Doubling-Free Short Addition-Subtraction Chain
Applied Mathematics & Information Sciences 2(2) (2008), 123 133 An International Journal c 2008 Dixie W Publishing Corporation, U. S. A. New Strategy for Doubling-Free Short Addition-Subtraction Chain
More informationMinimality of the Hamming Weight of the τ -NAF for Koblitz Curves and Improved Combination with Point Halving
Minimality of the Hamming Weight of the τ -NAF for Koblitz Curves and Improved Combination with Point Halving Roberto Maria Avanzi 1 Clemens Heuberger 2 and Helmut Prodinger 1 Faculty of Mathematics and
More informationCPSC 467: Cryptography and Computer Security
CPSC 467: Cryptography and Computer Security Michael J. Fischer 1 Lecture 13 October 16, 2017 (notes revised 10/23/17) 1 Derived from lecture notes by Ewa Syta. CPSC 467, Lecture 13 1/57 Elliptic Curves
More informationPower Analysis to ECC Using Differential Power between Multiplication and Squaring
Power Analysis to ECC Using Differential Power between Multiplication and Squaring Toru Akishita 1 and Tsuyoshi Takagi 2 1 Sony Corporation, Information Technologies Laboratories, Tokyo, Japan akishita@pal.arch.sony.co.jp
More informationFast Multiple Point Multiplication on Elliptic Curves over Prime and Binary Fields using the Double-Base Number System
Fast Multiple Point Multiplication on Elliptic Curves over Prime and Binary Fields using the Double-Base Number System Jithra Adikari, Vassil S. Dimitrov, and Pradeep Mishra Department of Electrical and
More informationFast, twist-secure elliptic curve cryptography from Q-curves
Fast, twist-secure elliptic curve cryptography from Q-curves Benjamin Smith Team GRACE INRIA Saclay Île-de-France Laboratoire d Informatique de l École polytechnique (LIX) ECC #17, Leuven September 16,
More informationPairing computation on Edwards curves with high-degree twists
Pairing computation on Edwards curves with high-degree twists Liangze Li 1, Hongfeng Wu 2, Fan Zhang 1 1 LMAM, School of Mathematical Sciences, Peking University, Beijing 100871, China 2 College of Sciences,
More informationTrading Inversions for Multiplications in Elliptic Curve Cryptography
Trading Inversions for Multiplications in Elliptic Curve Cryptography Mathieu Ciet and Marc Joye ({mathieu.ciet, marc.joye}@gemplus.com) Gemplus S.A., Card Security Group, La Vigie, Avenue du Jujubier,
More informationDifferential Addition in generalized Edwards Coordinates
Differential Addition in generalized Edwards Coordinates Benjamin Justus and Daniel Loebenberger Bonn-Aachen International Center for Information Technology Universität Bonn 53113 Bonn Germany Abstract.
More informationClassification and Comparison of Scalar Multiplication Algorithms in Elliptic Curve Cryptosystems
www.ijocit.org & www.ijocit.ir ISSN = 2345-3877 Classification and Comparison of Scalar Multiplication Algorithms in Elliptic Curve Cryptosystems Saeed Rahimi 1, Abdolrasoul Mirghadri 2 Department of cryptography,
More informationApplication of Explicit Hilbert s Pairing to Constructive Class Field Theory and Cryptography
Applied Mathematical Sciences, Vol. 10, 2016, no. 45, 2205-2213 HIKARI Ltd, www.m-hikari.com http://dx.doi.org/10.12988/ams.2016.64149 Application of Explicit Hilbert s Pairing to Constructive Class Field
More informationAPPLICATION OF ELLIPTIC CURVES IN CRYPTOGRAPHY-A REVIEW
APPLICATION OF ELLIPTIC CURVES IN CRYPTOGRAPHY-A REVIEW Savkirat Kaur Department of Mathematics, Dev Samaj College for Women, Ferozepur (India) ABSTRACT Earlier, the role of cryptography was confined to
More informationHybrid Binary-Ternary Joint Sparse Form and its Application in Elliptic Curve Cryptography
Hybrid Binary-Ternary Joint Sparse Form and its Application in Elliptic Curve Cryptography Jithra Adikari, Student Member, IEEE, Vassil Dimitrov, and Laurent Imbert Abstract Multi-exponentiation is a common
More informationFaster Group Operations on Elliptic Curves
Faster Group Operations on Elliptic Curves Huseyin Hisil 1 Kenneth Koon-Ho Wong 1 Gary Carter 1 Ed Dawson 1 1 Information Security Institute, Queensland University of Technology, Brisbane, QLD, Australia,
More informationAn introduction to the algorithmic of p-adic numbers
An introduction to the algorithmic of p-adic numbers David Lubicz 1 1 Universté de Rennes 1, Campus de Beaulieu, 35042 Rennes Cedex, France Outline Introduction 1 Introduction 2 3 4 5 6 7 8 When do we
More informationScalar multiplication in compressed coordinates in the trace-zero subgroup
Scalar multiplication in compressed coordinates in the trace-zero subgroup Giulia Bianco and Elisa Gorla Institut de Mathématiques, Université de Neuchâtel Rue Emile-Argand 11, CH-2000 Neuchâtel, Switzerland
More informationarxiv: v3 [cs.cr] 5 Aug 2014
Further Refinements of Miller Algorithm on Edwards curves Duc-Phong Le, Chik How Tan Temasek Laboratories, National University of Singapore 5A Engineering Drive 1, #09-02, Singapore 117411. arxiv:1305.2694v3
More informationMappings of elliptic curves
Mappings of elliptic curves Benjamin Smith INRIA Saclay Île-de-France & Laboratoire d Informatique de l École polytechnique (LIX) Eindhoven, September 2008 Smith (INRIA & LIX) Isogenies of Elliptic Curves
More informationIntroduction to Elliptic Curves
IAS/Park City Mathematics Series Volume XX, XXXX Introduction to Elliptic Curves Alice Silverberg Introduction Why study elliptic curves? Solving equations is a classical problem with a long history. Starting
More informationPower Analysis Attacks and Algorithmic Approaches to their Countermeasures for Koblitz Curve Cryptosystems
Power Analysis Attacks and Algorithmic Approaches to their Countermeasures for Koblitz Curve Cryptosystems M. Anwar Hasan Department of Electrical and Computer Engineering University of Waterloo, Waterloo,
More informationElliptic Curve of the Ring F q [ɛ]
International Mathematical Forum, Vol. 6, 2011, no. 31, 1501-1505 Elliptic Curve of the Ring F q [ɛ] ɛ n =0 Chillali Abdelhakim FST of Fez, Fez, Morocco chil2015@yahoo.fr Abstract Groups where the discrete
More informationElliptic Curve Cryptography and Security of Embedded Devices
Elliptic Curve Cryptography and Security of Embedded Devices Ph.D. Defense Vincent Verneuil Institut de Mathématiques de Bordeaux Inside Secure June 13th, 2012 V. Verneuil - Elliptic Curve Cryptography
More informationCyclic Groups in Cryptography
Cyclic Groups in Cryptography p. 1/6 Cyclic Groups in Cryptography Palash Sarkar Indian Statistical Institute Cyclic Groups in Cryptography p. 2/6 Structure of Presentation Exponentiation in General Cyclic
More informationCurves, Cryptography, and Primes of the Form x 2 + y 2 D
Curves, Cryptography, and Primes of the Form x + y D Juliana V. Belding Abstract An ongoing challenge in cryptography is to find groups in which the discrete log problem hard, or computationally infeasible.
More informationA Refined Power-Analysis Attack on Elliptic Curve Cryptosystems
A Refined Power-Analysis Attack on Elliptic Curve Cryptosystems Louis Goubin CP8 Crypto Lab, SchlumbergerSema 36-38 rue de la Princesse, BP45, 78430Louveciennes Cedex, France lgoubin@slb.com Abstract.
More informationTwo-sources Randomness Extractors for Elliptic Curves
Two-sources Randomness Extractors for Elliptic Curves Abdoul Aziz Ciss Laboratoire de Traitement de l Information et Systèmes Intelligents, École Polytechnique de Thiès, Sénégal aaciss@ept.sn Abstract.
More informationCo-Z Addition Formulæ and Binary Ladders on Elliptic Curves. Raveen Goundar Marc Joye Atsuko Miyaji
Co-Z Addition Formulæ and Binary Ladders on Elliptic Curves Raveen Goundar Marc Joye Atsuko Miyaji Co-Z Addition Formulæ and Binary Ladders on Elliptic Curves Raveen Goundar Marc Joye Atsuko Miyaji Elliptic
More informationSide-Channel Attacks in ECC: A General Technique for Varying the Parametrization of the Elliptic Curve
Side-Channel Attacks in ECC: A General Technique for Varying the Parametrization of the Elliptic Curve Loren D. Olson Dept. of Mathematics and Statistics University of Tromsø N-9037 Tromsø, Norway Abstract.
More informationExtended Double-Base Number System with Applications to Elliptic Curve Cryptography
Extended Double-Base Number System with Applications to Elliptic Curve Cryptography Christophe Doche, Laurent Imbert To cite this version: Christophe Doche, Laurent Imbert. Extended Double-Base Number
More informationEfficient Implementation of Elliptic Curve Point Operations Using Binary Edwards Curves
Efficient Implementation of Elliptic Curve Point Operations Using Binary Edwards Curves Richard Moloney, School of Mathematical Sciences, University College Dublin, Ireland richard.moloney@ucd.ie Pierre
More informationError-free protection of EC point multiplication by modular extension
Error-free protection of EC point multiplication by modular extension Martin Seysen February 21, 2017 Giesecke & Devrient GmbH, Prinzregentenstraße 159, D-81677 München, e-mail: m.seysen@gmx.de Abstract
More informationModels of Elliptic Curves
Models of Elliptic Curves Daniel J. Bernstein Tanja Lange University of Illinois at Chicago and Technische Universiteit Eindhoven djb@cr.yp.to tanja@hyperelliptic.org 26.03.2009 D. J. Bernstein & T. Lange
More informationFast hashing to G2 on pairing friendly curves
Fast hashing to G2 on pairing friendly curves Michael Scott, Naomi Benger, Manuel Charlemagne, Luis J. Dominguez Perez, and Ezekiel J. Kachisa School of Computing Dublin City University Ballymun, Dublin
More informationCo-Z Addition Formulæ and Binary Lad Elliptic Curves. Goundar, Raveen Ravinesh; Joye, Marc Author(s) Atsuko
JAIST Reposi https://dspace.j Title Co-Z Addition Formulæ and Binary Lad Elliptic Curves Goundar, Raveen Ravinesh; Joye, Marc Author(s) Atsuko Citation Lecture Notes in Computer Science, 6 79 Issue Date
More informationPerformance evaluation of a new coordinate system for elliptic curves
Performance evaluation of a new coordinate system for elliptic curves Daniel J. Bernstein 1 and Tanja Lange 2 1 Department of Mathematics, Statistics, and Computer Science (M/C 249) University of Illinois
More informationWeak Curves In Elliptic Curve Cryptography
Weak Curves In Elliptic Curve Cryptography Peter Novotney March 2010 Abstract Certain choices of elliptic curves and/or underlying fields reduce the security of an elliptical curve cryptosystem by reducing
More informationSkew-Frobenius maps on hyperelliptic curves
All rights are reserved and copyright of this manuscript belongs to the authors. This manuscript h been published without reviewing and editing received from the authors: posting the manuscript to SCIS
More informationPre-Hilbert Absolute-Valued Algebras Satisfying (x, x 2, x) = (x 2, y, x 2 ) = 0
International Journal of Algebra, Vol. 10, 2016, no. 9, 437-450 HIKARI Ltd, www.m-hikari.com http://dx.doi.org/10.12988/ija.2016.6743 Pre-Hilbert Absolute-Valued Algebras Satisfying (x, x 2, x = (x 2,
More informationFast Scalar Multiplication for Elliptic Curves over Binary Fields by Efficiently Computable Formulas
Fast Scalar Multiplication for Elliptic Curves over Binary Fields by Efficiently Computable Formulas Saud Al Musa and Guangwu Xu Department of EE & CS, University of Wisconsin-Milwaukee, USA, {salmusa,gxu4uwm}@uwm.edu
More informationEfficient Arithmetic on Koblitz Curves*
Designs, Codes and Cryptography, 19, 195 249 (2000) c 2000 Kluwer Academic Publishers, Boston. Manufactured in The Netherlands. Efficient Arithmetic on Koblitz Curves* JEROME A. SOLINAS National Security
More informationSide-Channel Analysis on Blinded Regular Scalar Multiplications
Side-Channel Analysis on Blinded Regular Scalar Multiplications Benoit Feix 1 and Mylène Roussellet 2 and Alexandre Venelli 3 1 UL Security Transactions, UK Security Lab benoit.feix@ul.com 2 Gemalto, La
More informationAte Pairing on Hyperelliptic Curves
Ate Pairing on Hyperelliptic Curves R. Granger, F. Hess, R. Oyono, N. Thériault F. Vercauteren EUROCRYPT 2007 - Barcelona Pairings Pairings Let G 1, G 2, G T be groups of prime order l. A pairing is a
More informationAspects of Pairing Inversion
Applications of Aspects of ECC 2007 - Dublin Aspects of Applications of Applications of Aspects of Applications of Pairings Let G 1, G 2, G T be groups of prime order r. A pairing is a non-degenerate bilinear
More informationFour-Dimensional GLV Scalar Multiplication
Four-Dimensional GLV Scalar Multiplication ASIACRYPT 2012 Beijing, China Patrick Longa Microsoft Research Francesco Sica Nazarbayev University Elliptic Curve Scalar Multiplication A (Weierstrass) elliptic
More informationNumber Theory in Cryptology
Number Theory in Cryptology Abhijit Das Department of Computer Science and Engineering Indian Institute of Technology Kharagpur October 15, 2011 What is Number Theory? Theory of natural numbers N = {1,
More informationSurvey of Elliptic Curve Scalar Multiplication Algorithms
Int. J. Advanced Networking and Applications 1581 Survey of Elliptic Curve Scalar Multiplication Algorithms Dr. E.Karthikeyan Department of Computer Science. Government Arts College, Udumalpet 6416. India.
More informationSPA Resistant Scalar Multiplication using Golden Ratio Addition Chain Method
SPA Resistant Scalar Multiplication using Golden Ratio Addition Chain Method Raveen R. Goundar, Ken-ichi Shiota and Masahio Toyonaga Abstract In this paper we propose an efficient and secure (SPA resistant)
More informationThe Jacobi Model of an Elliptic Curve and Side-Channel Analysis
The Jacobi Model of an Elliptic Curve and Side-Channel Analysis [Published in M. Fossorier, T. Høholdt, and A. Poli, Eds., Applied Algebra, Algebraic Algorithms and Error-Correcting Codes, vol. 2643 of
More informationA Remark on Implementing the Weil Pairing
A Remark on Implementing the Weil Pairing Cheol Min Park 1, Myung Hwan Kim 1 and Moti Yung 2 1 ISaC and Department of Mathematical Sciences, Seoul National University, Korea {mpcm,mhkim}@math.snu.ac.kr
More informationKatherine Stange. Pairing, Tokyo, Japan, 2007
via via Department of Mathematics Brown University http://www.math.brown.edu/~stange/ Pairing, Tokyo, Japan, 2007 Outline via Definition of an elliptic net via Definition (KS) Let R be an integral domain,
More information6. ELLIPTIC CURVE CRYPTOGRAPHY (ECC)
6. ELLIPTIC CURVE CRYPTOGRAPHY (ECC) 6.0 Introduction Elliptic curve cryptography (ECC) is the application of elliptic curve in the field of cryptography.basically a form of PKC which applies over the
More informationINJECTIVE ENCODINGS TO ELLIPTIC CURVES
INJECTIVE ENCODINGS TO ELLIPTIC CURVES PIERRE-ALAIN FOUQUE, ANTOINE JOUX, AND MEHDI TIBOUCHI Abstract. We investigate the problem of constructing efficient, efficiently invertible injective maps with large
More informationANALOGUES OF VÉLU S FORMULAS FOR ISOGENIES ON ALTERNATE MODELS OF ELLIPTIC CURVES
ANALOGUES OF VÉLU S FORMULAS FOR ISOGENIES ON ALTERNATE MODELS OF ELLIPTIC CURVES DUSTIN MOODY AND DANIEL SHUMOW Abstract. Isogenies are the morphisms between elliptic curves, and are accordingly a topic
More informationA Generalization of p-rings
International Journal of Algebra, Vol. 9, 2015, no. 8, 395-401 HIKARI Ltd, www.m-hikari.com http://dx.doi.org/10.12988/ija.2015.5848 A Generalization of p-rings Adil Yaqub Department of Mathematics University
More information