Speeding up Computation of Scalar Multiplication in Elliptic Curve Cryptosystem

Similar documents
The Minimum Universal Cost Flow in an Infeasible Flow Network

Formulas for the Determinant

Cryptanalysis of pairing-free certificateless authenticated key agreement protocol

A Novel Feistel Cipher Involving a Bunch of Keys supplemented with Modular Arithmetic Addition

A New Design of Multiplier using Modified Booth Algorithm and Reversible Gate Logic

Performance Analysis of the Postcomputation- Based Generic-Point Parallel Scalar Multiplication Method

Problem Set 9 Solutions

The Order Relation and Trace Inequalities for. Hermitian Operators

COMPARISON OF SOME RELIABILITY CHARACTERISTICS BETWEEN REDUNDANT SYSTEMS REQUIRING SUPPORTING UNITS FOR THEIR OPERATIONS

A Hybrid Variational Iteration Method for Blasius Equation

Application of Nonbinary LDPC Codes for Communication over Fading Channels Using Higher Order Modulations

Foundations of Arithmetic

On the Multicriteria Integer Network Flow Problem

Complement of Type-2 Fuzzy Shortest Path Using Possibility Measure

NON-CENTRAL 7-POINT FORMULA IN THE METHOD OF LINES FOR PARABOLIC AND BURGERS' EQUATIONS

Remarks on the Properties of a Quasi-Fibonacci-like Polynomial Sequence

Interactive Bi-Level Multi-Objective Integer. Non-linear Programming Problem

A PROBABILITY-DRIVEN SEARCH ALGORITHM FOR SOLVING MULTI-OBJECTIVE OPTIMIZATION PROBLEMS

COMPLEX NUMBERS AND QUADRATIC EQUATIONS

Cryptanalysis of a Public-key Cryptosystem Using Lattice Basis Reduction Algorithm

arxiv: v1 [math.co] 12 Sep 2014

General theory of fuzzy connectedness segmentations: reconciliation of two tracks of FC theory

VARIATION OF CONSTANT SUM CONSTRAINT FOR INTEGER MODEL WITH NON UNIFORM VARIABLES

Lecture 5 Decoding Binary BCH Codes

Use of Sparse and/or Complex Exponents in Batch Verification of Exponentiations

International Journal of Mathematical Archive-3(3), 2012, Page: Available online through ISSN

Numerical Heat and Mass Transfer

Calculation of time complexity (3%)

Finding Primitive Roots Pseudo-Deterministically

TOPICS MULTIPLIERLESS FILTER DESIGN ELEMENTARY SCHOOL ALGORITHM MULTIPLICATION

Journal of Universal Computer Science, vol. 1, no. 7 (1995), submitted: 15/12/94, accepted: 26/6/95, appeared: 28/7/95 Springer Pub. Co.

FUZZY GOAL PROGRAMMING VS ORDINARY FUZZY PROGRAMMING APPROACH FOR MULTI OBJECTIVE PROGRAMMING PROBLEM

On the Repeating Group Finding Problem

An efficient algorithm for multivariate Maclaurin Newton transformation

Kernel Methods and SVMs Extension

Comparative Studies of Law of Conservation of Energy. and Law Clusters of Conservation of Generalized Energy

Attacks on RSA The Rabin Cryptosystem Semantic Security of RSA Cryptology, Tuesday, February 27th, 2007 Nils Andersen. Complexity Theoretic Reduction

5 The Rational Canonical Form

Exercises. 18 Algorithms

Double Layered Fuzzy Planar Graph

A new Approach for Solving Linear Ordinary Differential Equations

LOW BIAS INTEGRATED PATH ESTIMATORS. James M. Calvin

Errors for Linear Systems

Introduction to Information Theory, Data Compression,

Hiding data in images by simple LSB substitution

One-sided finite-difference approximations suitable for use with Richardson extrapolation

Chapter 5. Solution of System of Linear Equations. Module No. 6. Solution of Inconsistent and Ill Conditioned Systems

Unit 2: Binary Numbering Systems

The internal structure of natural numbers and one method for the definition of large prime numbers

The Exact Formulation of the Inverse of the Tridiagonal Matrix for Solving the 1D Poisson Equation with the Finite Difference Method

A Novel, Low-Power Array Multiplier Architecture

PRIME NUMBER GENERATION BASED ON POCKLINGTON S THEOREM

Cube Attack on Reduced-Round Quavium

Single-Facility Scheduling over Long Time Horizons by Logic-based Benders Decomposition

The Synchronous 8th-Order Differential Attack on 12 Rounds of the Block Cipher HyRAL

EEL 6266 Power System Operation and Control. Chapter 3 Economic Dispatch Using Dynamic Programming

Section 8.3 Polar Form of Complex Numbers

College of Computer & Information Science Fall 2009 Northeastern University 20 October 2009

Appendix B: Resampling Algorithms

THE CHINESE REMAINDER THEOREM. We should thank the Chinese for their wonderful remainder theorem. Glenn Stevens

Bit Juggling. Representing Information. representations. - Some other bits. - Representing information using bits - Number. Chapter

Uncertainty in measurements of power and energy on power networks

The L(2, 1)-Labeling on -Product of Graphs

Hongyi Miao, College of Science, Nanjing Forestry University, Nanjing ,China. (Received 20 June 2013, accepted 11 March 2014) I)ϕ (k)

On the Interval Zoro Symmetric Single-step Procedure for Simultaneous Finding of Polynomial Zeros

Some Consequences. Example of Extended Euclidean Algorithm. The Fundamental Theorem of Arithmetic, II. Characterizing the GCD and LCM

Lecture 10 Support Vector Machines II

Application of B-Spline to Numerical Solution of a System of Singularly Perturbed Problems

Efficient Fixed Base Exponentiation and Scalar Multiplication based on a Multiplicative Splitting Exponent Recoding

Computing Correlated Equilibria in Multi-Player Games

Lecture 10: May 6, 2013

The Study of Teaching-learning-based Optimization Algorithm

U.C. Berkeley CS294: Beyond Worst-Case Analysis Luca Trevisan September 5, 2017

MEM 255 Introduction to Control Systems Review: Basics of Linear Algebra

RSA /2002/13(08) , ); , ) RSA RSA : RSA RSA [2] , [1,4]

Math Review. CptS 223 Advanced Data Structures. Larry Holder School of Electrical Engineering and Computer Science Washington State University

Discussion 11 Summary 11/20/2018

CHAPTER 4. Vector Spaces

Curve Fitting with the Least Square Method

DETERMINATION OF TEMPERATURE DISTRIBUTION FOR ANNULAR FINS WITH TEMPERATURE DEPENDENT THERMAL CONDUCTIVITY BY HPM

Fuzzy Boundaries of Sample Selection Model

Department of Electrical & Electronic Engineeing Imperial College London. E4.20 Digital IC Design. Median Filter Project Specification

Valuated Binary Tree: A New Approach in Study of Integers

Example: (13320, 22140) =? Solution #1: The divisors of are 1, 2, 3, 4, 5, 6, 9, 10, 12, 15, 18, 20, 27, 30, 36, 41,

Econ107 Applied Econometrics Topic 3: Classical Model (Studenmund, Chapter 4)

New modular multiplication and division algorithms based on continued fraction expansion

Self-complementing permutations of k-uniform hypergraphs

The lower and upper bounds on Perron root of nonnegative irreducible matrices

Some modelling aspects for the Matlab implementation of MMA

Appendix for Causal Interaction in Factorial Experiments: Application to Conjoint Analysis

Numerical Solutions of a Generalized Nth Order Boundary Value Problems Using Power Series Approximation Method

Dynamic Programming. Preview. Dynamic Programming. Dynamic Programming. Dynamic Programming (Example: Fibonacci Sequence)

THE SUMMATION NOTATION Ʃ

Exponential Type Product Estimator for Finite Population Mean with Information on Auxiliary Attribute

Comparison of the Population Variance Estimators. of 2-Parameter Exponential Distribution Based on. Multiple Criteria Decision Making Method

LETTER Skew-Frobenius Maps on Hyperelliptic Curves

Convexity preserving interpolation by splines of arbitrary degree

MMA and GCMMA two methods for nonlinear optimization

(Online First)A Lattice Boltzmann Scheme for Diffusion Equation in Spherical Coordinate

Yong Joon Ryang. 1. Introduction Consider the multicommodity transportation problem with convex quadratic cost function. 1 2 (x x0 ) T Q(x x 0 )

Transcription:

H.K. Pathak et. al. / (IJCSE) Internatonal Journal on Computer Scence and Engneerng Speedng up Computaton of Scalar Multplcaton n Ellptc Curve Cryptosystem H. K. Pathak Manju Sangh S.o.S n Computer scence & IT Department of Appled Mathematcs Pt. Ravshanker Shukla Unversty Rungta College of Engneerng &Technology Rapur - 492010 (C.G.) Inda Bhla- 490024 (C.G.) Inda Abstract. The basc operaton n ellptc curve cryptosystem s scalar multplcaton. It s the computaton of nteger multple of a gven pont on the curve. Computaton of scalar multple s faster by usng sgned bnary representaton as compared to bnary representaton. In ths paper Drect Recodng Method a new modfed algorthm for computaton of sgned bnary representaton s proposed. Our proposed method s effcent when compared to other standard methods such as NAF, MOF and complementary recodng method. Keywords. Ellptc curve cryptography, Scalar multplcaton, Sgned bnary method, NAF, MOF, Complementary recodng. 1. Introducton Ellptc curve Cryptography was ndepen dently ntroduced by Mller [1] and Kobltz [2] n 1985. Snce then t has ganed wde acceptance manly due to ts smaller key sze and greater securty. Scalar multp lcaton s the central operaton of ellptc curve cryptosystem. It nvolves comput aton of kp where k s the secret key (scalar) and P a pont on the ellptc curve. Sgnfcant methods to optmze ECC operatons have been proposed. In ths paper we ntroduce Drect Recodng an effcent method to compute KP effcently. For 2 (p+1) > k > 2 p, k = (2 p+1 ) 2 (2 p+1 k) 2. As ths computaton uses only btwse subtracton t gves the sgned bnary representaton wth the lowest hammng weght. The rest of the paper s organzed as follows. We start wth the ntroducton of Bnary method along wth the computaton of scalar multplcaton n secton 2. Sgned bnary NAF and MOF methods wth ther algorthms for computaton of scalar multplcatons are presented n Sectons 3 and 4 respectvely. In Secton 5 we explan the Complementary recodng method based on NAF and fnally n Secton 6 we explan our proposed method wth examples. Also the run tme of varous scalar multplcaton algorthms are presented n ths secton. 2. Bnary Method Scalar pont multplcaton s the man cryptographc operaton n ECC whch computes Q = kp, a pont P s multpled by an nteger k resultng n another pont Q on the ellptc curve. Bnary method [3] s the tradtonal scalar multplcaton method based on the bnary expanson of the scalar k usng (0, 1). If k has bnary representaton (k l-1, k l-2,,k 0 ) 2 where k Є (0, 1) then k = 0 k 0 k 2. Gven an ellptc pont P, kp 2 P = k 0 P + k 1 2 1 P + k 2 2 2 P +..+ k l-1 2 l-1 P. = k 0 P + 2(k 1 P + 2(k 2 P +. +2(k l-2 P +2(k l-1 P)..)..e., t uses repeated ellptc curve pont addton and doublng operatons. Ths method scans the bts of k ether from left to rght or rght to left. Algorthm for the computaton of KP s gven below. Algorthm 1. Left-to-rght bnary method for pont multplcaton. Input: Bnary representaton of k and pont P. Output: Q = kp. 1. Q =. 2. For = l-1 to 0 do 2.1 Q = 2Q (Doublng). 2.2 If k = 1 then Q = Q + P (Addton). 3. Return Q. The runnng tme of an algorthm s determned as how many operatons are performed throughout ts ISSN : 0975-3397 1024

H.K. Pathak et. al. / (IJCSE) Internatonal Journal on Computer Scence and Engneerng executon. If k s l then a pont addton s performed and the expected number of ones (hammng weght) n the bnary representaton of k s half of ts length.e., l/2. Fnally a doublng s performed for each value of I.e., l tmes. Therefore the expected runnng tme s l/2 addtons + l doublngs denoted as 2 l A + l D. Example 1. Let k = 26 and P a pont on the ellptc curve E. Gven the bnary expanson of k as 26 = 2 4 + 2 3 + 2 1 = (11010) 2. The scalar multplcaton denoted by 26P by usng Algorthm 1 would be as follows: 26 P = ( 2 ( 2 2 ( 2P + P) + P )..e., t requres 2 addtons and 4 doublngs. 3. Non Adjacent Form The densty of the bnary expanson can be effectvely reduced wth a sgned bnary representaton [7] that uses elements n the set (-1, 0, 1). Sgned bnary representaton was frst proposed by Booth [4] n 1951. Later Retwesner [5] gave a constructve proof that every postve nteger can be unquely represented wth fewest number of non-zero dgts (mnmum hammng weght) whch s called Non Adjacent Form or NAF. In ths form nteger k s represented as k = k 2 where K Є (-1, 0, 1). 0 Algorthm 2. Computaton of NAF of an nteger k. Input: A Postve nteger k. Output: NAF of k (k l-1.k 2 k 1 k 0 ) NAF. 1. = 0. 2. Whle k 0 do 2.1 If k s odd k = 2 - (k mod4), k = k - k ; 2.2 Else k = 0. 2.3 k = k/2, = +1. 3. Return (k -1 k -2.k 1 k 0 ). NAF method uses both addton and subtracton operatons [6] but subtracton of ponts on ellktc curves s smlar to addton operaton. Hence runnng l tme of NAF s A + ld.e., t reduces the 3 l l hammng weght from to 2 3. Example 2. NAF of k = 687 s 687 = 2 10-2 8-2 6-2 4-2 0 = (10-10-10-1000-1) NAF = 1024 256 64 16 1, the hammng weght s 5.e. t uses 5 addton (subtracton equvalent to ad dton) operatons whle the bnary representaton of 687 s 2 9 + 2 7 +2 5 +2 3 +2 2 +2 1 +2 0 = (1010101111) 2. the hammng weght s 7. By NAF hammng weght of k s reduced from 7 to 5.e. 2 addton operatons have been saved. 4. Mutual Opposte Form (MOF) MOF Mutual Opposte form s an effcent left to rght recodng scheme proposed by Okeya [7] that satsfes the followng propertes: 1. The sgns of adjacent non-zero bts (wthout consderng 0 bts) are opposte. 2. The most nonzero bt and the least nonzero bt are 1 and -1 respectvely. Convertng bnary strng to MOF: The n-bt bnary strng k can be converted to a sgned bnary strng by computng mk = 2k - k where - stands for a btwse subtracton. 2k = k n-1 k n-2... k -1...k 1 k 0. - k = k n-1... k...k 2 k 1 k 0. mk = k n-1 k n-2 - k n-1 k -1 - k.k 1 - k 2 k 0 - k 1 k 0 Algorthm 3: Left to rght generaton from Bnary to MOF. Input: A non-zero n-bt bnary strng k = k n 1 k n 2..k 1 k 0. Output: MOF of k (mk n...mk 1 mk 0 ). 1. mk n = k n-1 2. For = n -1 to 0 do 2.1 mk = k 1 - k. 2.1 mk 0 = - k. 3. Return mk n, mk n 1,...mk 1, mk 0. ISSN : 0975-3397 1025

H.K. Pathak et. al. / (IJCSE) Internatonal Journal on Computer Scence and Engneerng Example 3. Let k = 27, MOF of k s 2 5 2 3 + 2 2-2 0 = (10-110-1). Lke bnary method MOF scans the bts ether from left to rght [8] or from rght to left. 5. Complementary Recodng Technque Gven the bnary representaton of a scalar k = (k l 1.k 1 k 0 ) 2 the procedure for convertng bnary strng nto sgned bnary strng usng complementary method ([9], [10]) s gven below: K = 0 where k = 1 k 2 = (1000...0) (l+1) bts - k - 1 k k 2 k 0 and k = 0 f k = 1 k = 1 f k = 0 for = 0, 1,..., l-1. Example 4. For k = 687 = (1010101111) 2, by the above method K = (100...0) (10 +1) bts - (0101010000) - 1 = (10-10-10-1000-1).e., t gves the same output as NAF but by usng the complement of k. 6. Proposed method (Drect Recodng method) Accordng to our proposed method the procedure for convertng the scalar k nto sgned bnary representaton s as follows: For any scalar k where 2 p+1 > k > 2 p, we have K = (2 p+1 ) 2 - (2 p+1 -k) 2. Snce ths method uses only sngle operaton of btwse subtracton wth 0-1 = 1 t gves the sgned bnary representaton wth the lowest hammng weght and n the least possble tme. Hence ths method can be called as Drect recodng method. The output of ths method s also smlar to other standard recodng methods such as NAF, MOF, and complementary recodng. Algorthm 4: Scalar multplcaton usng Proposed method. Input: Sgned bnary representaton usng proposed method. Output: Q = kp. 1. Q = 0. 2. For = n-1 to 0 do 2.1 Q = 2Q. 2.1 If k = 1, Q = Q + P; 2.2 Else If k = -1, Q = Q P. 3. End If. 4. Return Q. Example 5. For k = 686 () By bnary method, we have 686 = (1010101110) 2. Clearly, the hammng weght of 686 s 6. () By NAF we fnd that 686 = (10-10-10-100-10). In ths case, the hammng weght of 686 s reduced from 6 to 5. () By complementary recodng we have 686 = (10000000000) - (0101010001)- 1 = (10-10-10-1000-1) - 1 The hammng weght s 6 (5 nternal and 1 external). (v) By our proposed method, for 2 10 > 686 > 2 9 we have 686 = (2 10 ) 2 - (2 10-686) 2 = (10000000000) - (101010010) = (10-10-10-100-10). Thus the hammng weght of 686 s 5 but by usng only sngle operaton of btwse subtracton. Example 6. For k = 240 () By bnary method we fnd that 240 = (11110000) 2. Clearly, the hammng weght of 240 s 4. () By complementary recodng, we have 240 = (100000000) ((00001111) 1) = (10000-1-1-1-1) 1. Here, the hammng weght of 240 s ncreased to 6 (5 nternal and 1 external). () By our proposed method for 2 8 > 240 > 2 7 we have, 240 = (2 8 ) 2 - (2 8-240) 2 ISSN : 0975-3397 1026

H.K. Pathak et. al. / (IJCSE) Internatonal Journal on Computer Scence and Engneerng = (100000000) - (10000) = (1000-10000). Here, the hammng weght of 240 s reduced from 4 to 2.e., the least hammng weght when compared to all other exstng methods. We know that one addton operaton requres 2 squarng, 2 multplcatons and 1 nverson. Hence our proposed method saves computatonal cost and tme for performng 4 squarng, 4 multplcatons and 2 nversons. TABLE 1 COMPARISION OF RUN TIMES The followng table gves the comparson of run tme of varous sgned bnary represen tatons NAF the Non Adjacent form, MOF the Mutual Opposte form, CRM the Complementary Recodng method and DRM Drect Recodng, the proposed method n seconds. Bt sze Sgned bnary representatons NAF MOF CRM DRM 25 15.80 13.78 11.16 9.0 37 19.42 17.56 15.09 12.46 44 21.76 19.26 17.29 15.51 52 23.28 20.71 19.36 17.51 Fg 1 Tme rato of the drect recodng method wth other algorthms (NAF, MOF, CRM, DRM). 7. Concluson In the mplementaton of ECC scalar multplcaton s not only the basc computaton but also the most tme consumng operaton. Its Operatonal effcency drectly determnes the performance of ECC. In ths paper we proposed a scalar multplcaton usng drect recodng method. Theoretcal tasks and numercal tests reveal that ths algorthm can remarkably enhance the computng effcency of scalar multplcaton compared wth other tradtonal algorthms and therefore has practcal sgnfcance for the mplementaton of ECC. Moreover, Fg. 1 shown above earnestly justfes our concluson. We mplemented our algorthm on Intel p4 dual core processor 1.6 GHz and 782 MHz and 504 MB of memory usng Matlab. From the table we fnd that our proposed method takes the least tme to fnd the sgned bnary representaton of any nteger k when compared to the other known methods (See, for nstance, Fg.1 below). 8. References [1] V. S. Mller, Use of ellptc curves n cryptography, Advances n Cryptology, Proceedngs of CRYPTO'85, LNCS, 218 (1986), 417-426. [2] N. Kobltz, Ellptc curve cryptosystem, Mathematcs of Computaton, 48 (1987) 203-209. [3] Standard specfcatons for Publc key cryptography, IEEE Standard 1363, 2000. [4] A.D. Booth, A sgned bnary multplcaton technque, Journal of Appled Mathematcs, 4(2) (1951), 236-240. [5] G. W. Retwesner, Bnary Arthmetc, Advances n computers, 1 (1960), 231-308. [6] F. Moran, J.Olvos, Speedng up the computatons on an ellptc curve usng addton subtracton chans, RAIRO Theoretcal Informatcs and Applcatons, 24 (1990), 531-543. [7] K. Okeya, Sgned bnary representatons revsted, Proceedngs of CRYPTO'04 (2004), 123-139. [8] M. Joye, S. Yen, Optmal left to rght bnary sgned dgt recodng, IEEE Transactons on Computers, 49 (2000), 740-748. [9] P. Balasubramanam, E. Karthkeyan, Ellptc curve scalar multplcaton algorthm usng complementary ISSN : 0975-3397 1027

H.K. Pathak et. al. / (IJCSE) Internatonal Journal on Computer Scence and Engneerng recodng, Appled Mathematcs and Computaton, 190 (2007), 51-56. [10] P.Balasubramanam, E. Karthkeyan, Fast Smultaneous scalar multplcaton, Appled Mathematcs and Computaton, 192 (2007), 399-404. Authors Profle 1. Dr. H. K. Pathak receved Post Graduate degree n Mathematcs from Pt. Ravshanker Shukla Unversty, Rapur. He was awarded Ph.D n 1988 by the same Unversty. He has publshed more than 185 research papers n varous nternatonal journals n the feld of non lnear analyss-approxmaton and expanson, Calculus of varatons and optmal controls Optmzaton, Feld theory and polynomals, Fourer analyss, General topology, Integral equatons, Number theory, Operatons research, Mathematcal programmng, Operator theory, Sequences, Seres, summablty. At present he s Professor and Head n S.o.S n Computer scence & IT n Pt. Ravshanker Shukla Unversty. 2. Mrs. Manju Sangh receved the post graduate degree n Mathematcs from Ravshanker Unversty Rapur n 1996. Snce 2001 she has been workng as lecturer n Rungta college of Engneerng & Technology Bhla. Currently she s pursung PhD from School of studes n Mathematcs Ravshanker Shukla Unversty Rapur. Her research nterests nclude Cryptography. ISSN : 0975-3397 1028

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback