J. Solinas, Generalized Mersenne Numbers, Technical Report CORR 99-39, University of Waterloo, 1999.  Home/Search   Document Details and Download   Summary   Related Articles   Check

.... Mersenne prime, that is, a prime of the form B 2 The 5 NIST elliptic curves over large prime elds are de ned with the Mersenne primes 2 64 1 (curve P 224) 2 256 2 384 128 2 32 1 (curve P 384) and 2 521 1 (curve P 521) 2] where B is chosen small [24]. Hence, if p is Mersenne prime with B 4 (this includes all NIST curves) it can be stored much more economically as f 0 ; 1 k 1 ; 2 k 2 ; 3 k 3 ; 4 g and reconstructed in working memory as i 2 4 (6) with 1 ; 2 ; 3 2 f1; 0; 1g and 4 2 f1; 1g. In this case, an ....

Jerome A. Solinas. Generalized Mersenne numbers. Technical Report CORR-9939, Dept of C&O, University of Waterloo, Canada, 1999.

....fields (with q = 2 1 as a Mersenne number) and fields of characteristic 2, i.e. q = 2 . Large prime fields: There is a good reason to choose q as a Mersenne number. No integer division is required for modular reduction in modular multiplication modulo a Mersenne number q = 2 1, see [23] [9] Suppose a, b, t, u F q , and c = ab = 2 t u, we have c = t u) mod q. There is no Mersenne number between 2 and 2 . Therefore, ECC cannot take advantage of the shortcut for modular multiplication modulo a Mersenne number, when 2 . However, things are di#erent for HCC ....

J.A. Solinas, Generalized Mersenne number, Technical Reports, CACR, Waterloo, 1999. Available at:

....Boneh Franklin identity based cryptosystem [2] with Miller s algorithm can bene t from the above observations with a careful choice of parameters, particularly the size q of the sub eld F q of F p where calculations are performed. Instead of choosing a random sub eld prime, use a Solinas prime [22] of form q = 2 2 1 (it is always possible to nd such primes for practical subgroup sizes) since qP = 2 (2 1) 1)P involves only two additions or subtractions plus doublings. With this technique, the contribution of the underlying scalar multiplication to the complexity of ....

J. Solinas, \Generalized Mersenne numbers," technical report CORR-39, Department of C&O, University of Waterloo, 1999, available at http://www.cacr.math. uwaterloo.ca/. 13

....k 1 c. 2. r (x mod b k 1 ) q p mod b k 1 ) 3. If r 0 then r r b k 1 . 4. While r p do: r r p. 5. Return(r) The arithmetic in Barrett reduction can be reduced by choosing b to be a power of 2. Note that calculation of may be done once per eld. For the NIST primes Solinas [26] gives the following fast reduction algorithms. Algorithm 7. Fast reduction modulo p192 = 2 192 2 64 1 Input: Integer c = c5 ; c4 ; c3 ; c2 ; c1 ; c0 ) where each c i is a 64 bit word, and 0 c p 2 192 . Output: c mod p192 . 1. De ne 192 bit ints: s1 = c2 ; c1 ; c0 ) s2 = 0; c3 ; c3 ....

J. Solinas, \Generalized Mersenne numbers", Technical Report CORR 99-39, Dept. of C&O, University of Waterloo, 1999.

....of any message sent is at most 392 bits, a reduction of 80 in comparison to the RSA protocol shown earlier. 3.2. 1 Details of the Elliptic Curve We use the elliptic curve P Gamma 192 as recommended by NIST [6] This curve is based on a field of 192 bits defined by a Generalised Mersenne Prime [7], given by p = 2 192 Gamma 2 64 Gamma 1. Such a field is advantageous since it allows for efficient field operations. Each field element fits in six 32 bit words and so one obtains 192 bits of security for almost the same computing cost of a field size of 163 bits. The elliptic curve P ....

J.A. Solinas. Generalized Mersenne Numbers. preprint, 1999.

....AES Large [66] 521 571 Table 1: Recommended field sizes for U.S. Federal Government use. ii) For prime fields F p , the prime moduli p are of a special type (called generalized Mersenne numbers) for which modular multiplication can be carried out more efficiently than in general; see [65] and [89]. The Elliptic Curve Digital Signature Algorithm (ECDSA) 37 (iii) For binary fields F 2 m , m was chosen so that there exists a Koblitz curve of almost prime order over F 2 m . Since #E(F 2 l ) divides #E(F 2 m) whenever l divides m, this requirement imposes the condition that m be prime. ....

J. Solinas, "Generalized Mersenne numbers", Technical report CORR-39, Dept. of C&O, University of Waterloo, 1999. Available from http://www.cacr.math.uwaterloo.ca

No context found.

J. Solinas, Generalized Mersenne Numbers, Technical Report CORR 99-39, University of Waterloo, 1999.

No context found.

J.A. Solinas. Generalized Mersenne Numbers. preprint, 1999.

No context found.

J. Solinas. Generalized mersenne numbers. Technical Report CORR-39, University of Waterloo, 1999.

No context found.

J. Solinas, "Generalized mersenne numbers," citeseer.nj.nec.com/ solinas99generalized.html, University of Waterloo, Tech. Rep. CORR-39, 1999.

No context found.

J. Solinas. Generalized mersenne numbers, 1999.

No context found.

J. Solinas, \Generalized Mersenne numbers," technical report CORR-39, Department of C&O, University of Waterloo, 1999, available at http://www.cacr.math.uwaterloo.ca/.

No context found.

J. Solinas. Generalized mersenne numbers. Technical Report CORR-39, University of Waterloo, 1999.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC