Results 1 - 10
of
34
On the Selection of Pairing-Friendly Groups
, 2003
"... We propose a simple algorithm to select group generators suitable for pairing-based cryptosystems. The selected parameters are shown to favor implementations of the Tate pairing that are at once conceptually simple and very efficient, with an observed performance about 2 to 10 times better than prev ..."
Abstract
-
Cited by 56 (13 self)
- Add to MetaCart
(Show Context)
We propose a simple algorithm to select group generators suitable for pairing-based cryptosystems. The selected parameters are shown to favor implementations of the Tate pairing that are at once conceptually simple and very efficient, with an observed performance about 2 to 10 times better than previously reported implementations.
Efficient and secure elliptic curve point multiplication using double-base chains
- In Advances in Cryptology - ASIACRYPT 2005, Lecture Notes in Computer Science 3788
, 2005
"... Abstract. In this paper, we propose a efficient and secure point multiplication algorithm, based on double-base chains. This is achieved by taking advantage of the sparseness and the ternary nature of the socalled double-base number system (DBNS). The speed-ups are the results of fewer point additio ..."
Abstract
-
Cited by 47 (10 self)
- Add to MetaCart
(Show Context)
Abstract. In this paper, we propose a efficient and secure point multiplication algorithm, based on double-base chains. This is achieved by taking advantage of the sparseness and the ternary nature of the socalled double-base number system (DBNS). The speed-ups are the results of fewer point additions and improved formulæ for point triplings and quadruplings in both even and odd characteristic. Our algorithms can be protected against simple and differential side-channel analysis by using side-channel atomicity and classical randomization techniques. Our numerical experiments show that our approach leads to speed-ups compared to windowing methods, even with window size equal to 4, and other SCA resistant algorithms. 1
Trading Inversions for Multiplications in Elliptic Curve Cryptography
- in Designs, Codes and Cryptography
, 2003
"... Recently, Eisentrager et al. proposed a very elegant method for speeding up scalar multiplication on elliptic curves. Their method relies on improved formul for evaluating S = (2P + Q) from given points P and Q on an elliptic curve. Compared to the naive approach, the improved formul save a field mu ..."
Abstract
-
Cited by 39 (2 self)
- Add to MetaCart
Recently, Eisentrager et al. proposed a very elegant method for speeding up scalar multiplication on elliptic curves. Their method relies on improved formul for evaluating S = (2P + Q) from given points P and Q on an elliptic curve. Compared to the naive approach, the improved formul save a field multiplication each time the operation is performed.
Twisted Edwards Curves Revisited
, 2008
"... This paper introduces fast algorithms for performing group operations on twisted Edwards curves, pushing the recent speed limits of Elliptic Curve Cryptography (ECC) forward in a wide range of applications. Notably, the new addition algorithm uses 1 8M for suitably selected curve constants. In compa ..."
Abstract
-
Cited by 35 (2 self)
- Add to MetaCart
This paper introduces fast algorithms for performing group operations on twisted Edwards curves, pushing the recent speed limits of Elliptic Curve Cryptography (ECC) forward in a wide range of applications. Notably, the new addition algorithm uses 1 8M for suitably selected curve constants. In comparison, the fastest point addition algorithms for (twisted) Edwards curves stated in the literature use 9M + 1S. It is also shown that the new addition algorithm can be implemented with four processors dropping the effective cost to 2M. This implies an effective speed increase by the full factor of 4 over the sequential case. Our results allow faster implementation of elliptic curve scalar multiplication. In addition, the new point addition algorithm can be used to provide a natural protection from side channel attacks based on simple power analysis (SPA).
New Composite Operations and Precomputation Scheme for Elliptic Curve Cryptosystems over Prime Fields
- in Public Key Cryptography (PKC’08), LNCS
, 2008
"... Abstract. We present a new methodology to derive faster composite operations of the form dP+Q, where d is a small integer ≥ 2, for generic ECC scalar multiplications over prime fields. In particular, we present an efficient Doubling-Addition (DA) operation that can be exploited to accelerate most sc ..."
Abstract
-
Cited by 16 (7 self)
- Add to MetaCart
(Show Context)
Abstract. We present a new methodology to derive faster composite operations of the form dP+Q, where d is a small integer ≥ 2, for generic ECC scalar multiplications over prime fields. In particular, we present an efficient Doubling-Addition (DA) operation that can be exploited to accelerate most scalar multiplication methods, including multiscalar variants. We also present a new precomputation scheme useful for window-based scalar multiplications that is shown to achieve the lowest cost among all known methods using only one inversion. In comparison to the remaining approaches that use none or several inversions, our scheme offers higher performance for most common I/M ratios. By combining the benefits of our precomputation scheme and the new DA operation, we can save up to 6.2 % in the scalar multiplication using fractional wNAF.
The Double-base Number System and its Application to Elliptic Curve Cryptography
- in Mathematics of Computation
, 2008
"... Abstract. We describe an algorithm for point multiplication on generic elliptic curves, based on a representation of the scalar as a sum of mixed powers of 2 and 3. The sparseness of this so-called double-base number system, combined with some efficient point tripling formulae, lead to efficient poi ..."
Abstract
-
Cited by 15 (5 self)
- Add to MetaCart
(Show Context)
Abstract. We describe an algorithm for point multiplication on generic elliptic curves, based on a representation of the scalar as a sum of mixed powers of 2 and 3. The sparseness of this so-called double-base number system, combined with some efficient point tripling formulae, lead to efficient point multiplication algorithms for curves defined over both prime and binary fields. Side-channel resistance is provided thanks to side-channel atomicity.
Refinements of Miller's Algorithm for Computing Weil/Tate Pairing
, 2003
"... In this paper we propose three re nements to Miller's algorithm for computing Weil/Tate Pairing. The rst one is an overall improvement and achieves its optimal behavior if the binary expansion of the involved integer has more zeros. If more ones are presented in the binary expansion, secon ..."
Abstract
-
Cited by 15 (0 self)
- Add to MetaCart
(Show Context)
In this paper we propose three re nements to Miller's algorithm for computing Weil/Tate Pairing. The rst one is an overall improvement and achieves its optimal behavior if the binary expansion of the involved integer has more zeros. If more ones are presented in the binary expansion, second improvement is suggested. The third one is especially ecient in the case base three. We also have some performance analysis.
Efficient computation of tate pairing in projective coordinate over general characteristic fields
- IN: ICISC
"... We consider the use of Jacobian coordinates for Tate pairing over general characteristics. The idea of encapsulated double-and-line computation and add-and-line computation has been introduced. We also describe the encapsulated version of iterated doubling. Detailed algorithms are presented in each ..."
Abstract
-
Cited by 14 (0 self)
- Add to MetaCart
(Show Context)
We consider the use of Jacobian coordinates for Tate pairing over general characteristics. The idea of encapsulated double-and-line computation and add-and-line computation has been introduced. We also describe the encapsulated version of iterated doubling. Detailed algorithms are presented in each case and memory requirement has been considered. The inherent parallelism in each of the algorithms have been identified leading to optimal two-multiplier algorithm. The cost compar-ison of our algorithm with previously best known algorithms shows an efficiency improvement of around 33 % in the general case and an efficiency improvement of 20 % for the case of the curve parameter a = −3.
Accelerating the Scalar Multiplication on Elliptic Curve Cryptosystems Over Prime Fields
, 2007
"... Elliptic curve cryptography (ECC), independently introduced by Koblitz and Miller in the 80’s, has attracted increasing attention in recent years due to its shorter key length requirement in comparison with other public-key cryptosystems such as RSA. Shorter key length means reduced power consumptio ..."
Abstract
-
Cited by 10 (2 self)
- Add to MetaCart
Elliptic curve cryptography (ECC), independently introduced by Koblitz and Miller in the 80’s, has attracted increasing attention in recent years due to its shorter key length requirement in comparison with other public-key cryptosystems such as RSA. Shorter key length means reduced power consumption and computing effort, and less storage requirement, factors that are fundamental in ubiquitous portable devices such as PDAs, cellphones, smartcards, and many others. To that end, a lot of research has been carried out to speed-up and improve ECC implementations, mainly focusing on the most important and time-consuming ECC operation: scalar multiplication. In this thesis, we focus in optimizing such ECC operation at the point and scalar arithmetic levels, specifically targeting standard curves over prime fields. At the point arithmetic level, we introduce two innovative methodologies to accelerate ECC formulae: the use of new composite operations, which are built on top of basic point doubling and addition operations; and the substitution of field multiplications by squarings and other cheaper operations. These techniques are efficiently exploited, individually or jointly, in several contexts: to accelerate computation of scalar multiplications, and the computation of
Group Law Computations on Jacobians of Hyperelliptic Curves
- SELECTED AREAS IN CRYPTOGRAPHY. LNCS
, 2011
"... We derive an explicit method of computing the composition step in Cantor’s algorithm for group operations on Jacobians of hyperelliptic curves. Our technique is inspired by the geometric description of the group law and applies to hyperelliptic curves of arbitrary genus. While Cantor’s general comp ..."
Abstract
-
Cited by 9 (3 self)
- Add to MetaCart
(Show Context)
We derive an explicit method of computing the composition step in Cantor’s algorithm for group operations on Jacobians of hyperelliptic curves. Our technique is inspired by the geometric description of the group law and applies to hyperelliptic curves of arbitrary genus. While Cantor’s general composition involves arithmetic in the polynomial ring Fq[x], the algorithm we propose solves a linear system over the base field which can be written down directly from the Mumford coordinates of the group elements. We apply this method to give more efficient formulas for group operations in both affine and projective coordinates for cryptographic systems based on Jacobians of genus 2 hyperelliptic curves in general form.
