Results 1 - 10
of
36
Efficient Pairing Computation on Supersingular Abelian Varieties
- Designs, Codes and Cryptography
, 2004
"... We present a general technique for the efficient computation of pairings on supersingular Abelian varieties. As particular cases, we describe efficient pairing algorithms for elliptic and hyperelliptic curves in characteristic 2. The latter is faster than all previously known pairing algorithms, and ..."
Abstract
-
Cited by 179 (25 self)
- Add to MetaCart
(Show Context)
We present a general technique for the efficient computation of pairings on supersingular Abelian varieties. As particular cases, we describe efficient pairing algorithms for elliptic and hyperelliptic curves in characteristic 2. The latter is faster than all previously known pairing algorithms, and as a bonus also gives rise to faster conventional Jacobian arithmetic.
Aggregated path authentication for efficient BGP security
- IN ACM CONFERERNCE ON COMPUTER AND COMMUNICATION SECURITY (CCS
, 2005
"... The Border Gateway Protocol (BGP) controls inter-domain routing in the Internet. BGP is vulnerable to many attacks, since routers rely on hearsay information from neighbors. Secure BGP (S-BGP) uses DSA to provide route authentication and mitigate many of these risks. However, many performance and de ..."
Abstract
-
Cited by 42 (1 self)
- Add to MetaCart
The Border Gateway Protocol (BGP) controls inter-domain routing in the Internet. BGP is vulnerable to many attacks, since routers rely on hearsay information from neighbors. Secure BGP (S-BGP) uses DSA to provide route authentication and mitigate many of these risks. However, many performance and deployment issues prevent S-BGP’s real-world deployment. Previous work has explored improving S-BGP processing latencies, but space problems, such as increased message size and memory cost, remain the major obstacles. In this paper, we design aggregated path authentication schemes by combining two efficient cryptographic techniques— signature amortization and aggregate signatures. We propose six constructions for aggregated path authentication that substantially improve efficiency of S-BGP’s path authentication on both speed and space criteria. Our performance evaluation shows that the new schemes achieve such an efficiency that they may overcome the space obstacles and provide a real-world practical solution for BGP security.
Efficient hardware for the tate pairing calculation in characteristic three
- in Proceedings of the 7th International Workshop on Cryptographic Hardware and Embedded Systems (CHES), Josyula R. Rao and Berk Sunar
"... Abstract. In this paper the benefits of implementation of the Tate pairing computation on dedicated hardware are discussed. The main observation lies in the fact that arithmetic architectures in the extension field GF (3 6m) are good candidates for parallelization, leading to a similar calculation t ..."
Abstract
-
Cited by 28 (1 self)
- Add to MetaCart
(Show Context)
Abstract. In this paper the benefits of implementation of the Tate pairing computation on dedicated hardware are discussed. The main observation lies in the fact that arithmetic architectures in the extension field GF (3 6m) are good candidates for parallelization, leading to a similar calculation time in hardware as for operations over the base field GF (3 m). Using this approach, an architecture for the hardware implementation of the Tate pairing calculation based on a modified Duursma-Lee algorithm is proposed.
Hardware and software normal basis arithmetic for pairing based cryptography in characteristic three
- IEEE Transactions on Computers
, 2005
"... Department of Computer Science, ..."
(Show Context)
Parallel Hardware Architectures for the Cryptographic Tate Pairing
, 2008
"... Identity-based cryptography uses pairing functions,which are sophisticated bilinear maps defined on elliptic curves.Computing pairings efficiently in software is presently a relevant research topic. Since such functions are very complex and slow in software, dedicated hardware (HW) implementations a ..."
Abstract
-
Cited by 17 (0 self)
- Add to MetaCart
Identity-based cryptography uses pairing functions,which are sophisticated bilinear maps defined on elliptic curves.Computing pairings efficiently in software is presently a relevant research topic. Since such functions are very complex and slow in software, dedicated hardware (HW) implementations are worthy of being studied, but presently only very preliminary research is available. This work affords the problem of designing parallel dedicated HW architectures, i.e.,co-processors, for the Tate pairing, in the case of the Duursma-Lee algorithm in characteristic 3. Formal scheduling methodologies are applied to carry out an extensive exploration of the architectural solution space, evaluating the obtained structures by means of different figures of merit such as computation time, circuit area and combinations thereof. Comparisons with the (few) existing proposals are carried out, showing that a large space exists for the efficient parallelHW computation of pairings.
Hardware acceleration of the Tate pairing in characteristic three
, 2005
"... Although identity based cryptography offers many functional advantages over conventional public key alternatives, the computational costs are significantly greater. The core computational task is evaluation of a bilinear map, or pairing, over elliptic curves. In this paper we prototype and evaluate ..."
Abstract
-
Cited by 17 (0 self)
- Add to MetaCart
Although identity based cryptography offers many functional advantages over conventional public key alternatives, the computational costs are significantly greater. The core computational task is evaluation of a bilinear map, or pairing, over elliptic curves. In this paper we prototype and evaluate polynomial and normal basis field arithmetic on an FPGA device and use it to construct a hardware accelerator for pairings over fields of characteristic three. The performance of our prototype improves roughly ten-fold on previous known hardware implementations and orders of magnitude on the fastest known software implementation. As a result we reason that even on constrained devices one can usefully evaluate the pairing, a fact that gives credence to the idea that identity based cryptography is an ideal partner for identity aware smart-cards.
FPGA Accelerated Tate Pairing Based Cryptosystems over Binary Fields
- IN CRYPTOLOGY EPRINT ARCHIVE, REPORT 2006/179
, 2006
"... Though the implementation of the Tate pairing is commonly believed to be computationally more intensive than other cryptographic operations, such as ECC point multiplication, there has been a substantial progress in speeding up the Tate pairing computations. Because of their inherent parallelism, ..."
Abstract
-
Cited by 16 (0 self)
- Add to MetaCart
Though the implementation of the Tate pairing is commonly believed to be computationally more intensive than other cryptographic operations, such as ECC point multiplication, there has been a substantial progress in speeding up the Tate pairing computations. Because of their inherent parallelism, the existing Tate pairing algorithms are very suitable for hardware implementation aimed at achieving a high operation speed. Supersingular elliptic curves over binary fields are good candidates for hardware implementation due to their simple underlying algorithms and binary arithmetic. In this paper we propose e#cient Tate pairing implementations over binary fields F 2 239 and F 2 283 via FPGA. Though our field sizes are larger than those used in earlier architectures with the same security strength based on cubic elliptic curves or binary hyperelliptic curves, fewer multiplications in the underlying field are required, so that the computational latency for one pairing can be reduced. As a result, our pairing accelerators implemented via FPGA can run 15-to-25 times faster than other FPGA realizations at the same level of security strength, and at the same time achieve lower product of latency by area.
Multi-core implementation of the Tate pairing over supersingular elliptic curves
- Cryptology and Network Security (CANS 2009), LNCS 5888 (2009
"... Abstract. This paper describes the design of a fast multi-core library for the cryptographic Tate pairing over supersingular elliptic curves. For the computation of the reduced modified Tate pairing over F 3 509, we report calculation times of just 2.94 ms and 1.87 ms on the Intel Core2 and Intel Co ..."
Abstract
-
Cited by 16 (4 self)
- Add to MetaCart
Abstract. This paper describes the design of a fast multi-core library for the cryptographic Tate pairing over supersingular elliptic curves. For the computation of the reduced modified Tate pairing over F 3 509, we report calculation times of just 2.94 ms and 1.87 ms on the Intel Core2 and Intel Core i7 architectures, respectively. We also try to answer one important design question that arises: how many cores should be utilized for a given application?
Faster squaring in the cyclotomic subgroup of sixth degree extensions
, 2009
"... This paper describes an extremely efficient squaring operation in the so-called ‘cyclotomic subgroup’ of F × q6, for q ≡ 1 mod 6. This result arises from considering the Weil restriction of scalars of this group from Fq6 to Fq2, and provides efficiency improvements for both pairing-based and torus- ..."
Abstract
-
Cited by 16 (0 self)
- Add to MetaCart
(Show Context)
This paper describes an extremely efficient squaring operation in the so-called ‘cyclotomic subgroup’ of F × q6, for q ≡ 1 mod 6. This result arises from considering the Weil restriction of scalars of this group from Fq6 to Fq2, and provides efficiency improvements for both pairing-based and torus-based cryptographic protocols.
Breaking 128-bit secure supersingular binary curves (or how to solve discrete logarithms in F24·1223 and F212·367), 2014. arXiv report 1402.3668
"... Abstract. In late 2012 and early 2013 the discrete logarithm problem (DLP) in finite fields of small characteristic underwent a dramatic series of breakthroughs, culminating in a heuristic quasi-polynomial time algorithm, due to Barbulescu, Gaudry, Joux and Thomé. Using these developments, Adj, Men ..."
Abstract
-
Cited by 16 (2 self)
- Add to MetaCart
(Show Context)
Abstract. In late 2012 and early 2013 the discrete logarithm problem (DLP) in finite fields of small characteristic underwent a dramatic series of breakthroughs, culminating in a heuristic quasi-polynomial time algorithm, due to Barbulescu, Gaudry, Joux and Thomé. Using these developments, Adj, Menezes, Oliveira and Rodŕıguez-Henŕıquez analysed the concrete security of the DLP, as it arises from pairings on (the Jacobians of) various genus one and two supersingular curves in the literature, which were originally thought to be 128-bit secure. In particular, they suggested that the new algorithms have no impact on the security of a genus one curve over F21223, and reduce the security of a genus two curve over F2367 to 94.6 bits. In this paper we propose a new field representation and efficient general descent principles which together make the new techniques far more practical. Indeed, at the ‘128-bit security level ’ our analysis shows that the aforementioned genus one curve has approximately 59 bits of security, and we report a total break of the genus two curve.
