An x-Coordinate Point Compression Method for Elliptic Curves over Fp

Slides:



Advertisements
Similar presentations
Number Theory Algorithms and Cryptography Algorithms Prepared by John Reif, Ph.D. Analysis of Algorithms.
Advertisements

Optimizing Regular Expression Matching with SR-NFA on Multi-Core Systems Authors : Yang, Y.E., Prasanna, V.K. Yang, Y.E. Prasanna, V.K. Publisher : Parallel.
An Efficient Regular Expressions Compression Algorithm From A New Perspective Authors : Tingwen Liu,Yifu Yang,Yanbing Liu,Yong Sun,Li Guo Tingwen LiuYifu.
Computability and Complexity
Agrawal-Kayal-Saxena Presented by: Xiaosi Zhou
Primality Testing Patrick Lee 12 July 2003 (updated on 13 July 2003)
Notation Intro. Number Theory Online Cryptography Course Dan Boneh
Efficient generation of cryptographically strong elliptic curves Shahar Papini Michael Krel Instructor : Barukh Ziv 1.
The RSA Cryptosystem and Factoring Integers (II) Rong-Jaye Chen.
Introduction Polynomials
Chapter 4 – Finite Fields Introduction  will now introduce finite fields  of increasing importance in cryptography AES, Elliptic Curve, IDEA, Public.
Dan Boneh Intro. Number Theory Modular e’th roots Online Cryptography Course Dan Boneh.
Topic 18: RSA Implementation and Security
Peter Lam Discrete Math CS.  Sometimes Referred to Clock Arithmetic  Remainder is Used as Part of Value ◦ i.e Clocks  24 Hours in a Day However, Time.
Let’s do some Further Maths

High-Performance Packet Classification on GPU Author: Shijie Zhou, Shreyas G. Singapura and Viktor K. Prasanna Publisher: HPEC 2014 Presenter: Gang Chi.
Selecting Class Polynomials for the Generation of Elliptic Curves Elisavet Konstantinou joint work with Aristides Kontogeorgis Department of Information.
Leveraging Traffic Repetitions for High- Speed Deep Packet Inspection Author: Anat Bremler-Barr, Shimrit Tzur David, Yotam Harchol, David Hay Publisher:
Scalable Many-field Packet Classification on Multi-core Processors Authors : Yun R. Qu, Shijie Zhou, Viktor K. Prasanna Publisher : International Symposium.
Deterministic Finite Automaton for Scalable Traffic Identification: the Power of Compressing by Range Authors: Rafael Antonello, Stenio Fernandes, Djamel.
CS/ECE Advanced Network Security Dr. Attila Altay Yavuz
DBS A Bit-level Heuristic Packet Classification Algorithm for High Speed Network Author : Baohua Yang, Xiang Wang, Yibo Xue, Jun Li Publisher : th.
Solve by factoring. x² = - 4 – 5x 2,. Solve by factoring. n² = -30 – 11n -4 and -1.
©thevisualclassroom.com To solve equations of degree 2, we can use factoring or use the quadratic formula. For equations of higher degree, we can use the.
2017/4/26 Rethinking Packet Classification for Global Network View of Software-Defined Networking Author: Takeru Inoue, Toru Mano, Kimihiro Mizutani, Shin-ichi.
11 RSA Variants.  Scheme ◦ Select s.t. p and q = 3 mod 4 ◦ n=pq, public key =n, private key =p,q ◦ y= e k (x)=x (x+b) mod n ◦ x=d k (y)=  y mod n.
Updating Designed for Fast IP Lookup Author : Natasa Maksic, Zoran Chicha and Aleksandra Smiljani´c Conference: IEEE High Performance Switching and Routing.
TFA: A Tunable Finite Automaton for Regular Expression Matching Author: Yang Xu, Junchen Jiang, Rihua Wei, Yang Song and H. Jonathan Chao Publisher: ACM/IEEE.
Binary-tree-based high speed packet classification system on FPGA Author: Jingjiao Li*, Yong Chen*, Cholman HO**, Zhenlin Lu* Publisher: 2013 ICOIN Presenter:
Range Enhanced Packet Classification Design on FPGA Author: Yeim-Kuan Chang, Chun-sheng Hsueh Publisher: IEEE Transactions on Emerging Topics in Computing.
Table of Contents Solving Quadratic Equations – The Discriminant The Discriminant is the expression found under the radical symbol in the quadratic formula.
9.1 Primes and Related Congruence Equations 23 Sep 2013.
Lossy Compression of Packet Classifiers Author: Ori Rottenstreich, J’anos Tapolcai Publisher: 2015 IEEE International Conference on Communications Presenter:
Packet Classification Using Dynamically Generated Decision Trees
GFlow: Towards GPU-based High- Performance Table Matching in OpenFlow Switches Author : Kun Qiu, Zhe Chen, Yang Chen, Jin Zhao, Xin Wang Publisher : Information.
Ch. 6.4 Solving Polynomial Equations. Sum and Difference of Cubes.
Lecture 2-3 Basic Number Theory and Algebra. In modern cryptographic systems, the messages are represented by numerical values prior to being encrypted.
LOP_RE: Range Encoding for Low Power Packet Classification Author: Xin He, Jorgen Peddersen and Sri Parameswaran Conference : IEEE 34th Conference on Local.
CS480 Cryptography and Information Security
SRD-DFA Achieving Sub-Rule Distinguishing with Extended DFA Structure Author: Gao Xia, Xiaofei Wang, Bin Liu Publisher: IEEE DASC (International Conference.
Practical Multituple Packet Classification Using Dynamic Discrete Bit Selection Author: Baohua Yang, Fong J., Weirong Jiang, Yibo Xue, Jun Li Publisher:
Hierarchical Hybrid Search Structure for High Performance Packet Classification Authors : O˜guzhan Erdem, Hoang Le, Viktor K. Prasanna Publisher : INFOCOM,
Scalable Multi-match Packet Classification Using TCAM and SRAM Author: Yu-Chieh Cheng, Pi-Chung Wang Publisher: IEEE Transactions on Computers (2015) Presenter:
JA-trie: Entropy-Based Packet Classification Author: Gianni Antichi, Christian Callegari, Andrew W. Moore, Stefano Giordano, Enrico Anastasi Conference.
Reorganized and Compact DFA for Efficient Regular Expression Matching
Probabilistic Algorithms
A DFA with Extended Character-Set for Fast Deep Packet Inspection
Handbook of Applied Cryptography - CH4, from 4.1~4.3
2018/6/26 An Energy-efficient TCAM-based Packet Classification with Decision-tree Mapping Author: Zhao Ruan, Xianfeng Li , Wenjun Li Publisher: 2013.
Copyright © 2017, 2013, 2009 Pearson Education, Inc.
Elliptic Curves.
5.6 The Quadratic Formula and the Discriminant
SigMatch Fast and Scalable Multi-Pattern Matching
Parallel Processing Priority Trie-based IP Lookup Approach
2018/12/29 A Novel Approach for Prefix Minimization using Ternary trie (PMTT) for Packet Classification Author: Sanchita Saha Ray, Abhishek Chatterjee,
Binary Prefix Search Author: Yeim-Kuan Chang
2019/1/3 Exscind: Fast Pattern Matching for Intrusion Detection Using Exclusion and Inclusion Filters Next Generation Web Services Practices (NWeSP) 2011.
Memory-Efficient Regular Expression Search Using State Merging
Quadratic Equations.
Scalable Multi-Match Packet Classification Using TCAM and SRAM
A New String Matching Algorithm Based on Logical Indexing
Compact DFA Structure for Multiple Regular Expressions Matching
2019/5/8 BitCoding Network Traffic Classification Through Encoded Bit Level Signatures Author: Neminath Hubballi, Mayank Swarnkar Publisher/Conference:
Power-efficient range-match-based packet classification on FPGA
Large-scale Packet Classification on FPGA
A Hybrid IP Lookup Architecture with Fast Updates
Lecture 2-3 Basic Number Theory and Algebra
Packet Classification Using Binary Content Addressable Memory
Presentation transcript:

An x-Coordinate Point Compression Method for Elliptic Curves over Fp 2019/7/17 An x-Coordinate Point Compression Method for Elliptic Curves over Fp Author: Alina Dudeanu, George-Razvan Oancea, Sorin Iftene Publisher: IEEE, 12th International Symposium on Symbolic and Numeric Algorithms for Scientific Computing, 2010 Presenter: 柯懷貿 Date: 2019/04/17 Department of Computer Science and Information Engineering National Cheng Kung University, Taiwan R.O.C. 1 CSIE CIAL Lab

Background Usually, a point P on an elliptic curve over a finite field Fq, is represented by its affine coordinates (Xp , Yp ), thus requiring at most dlog2 bits for its representation. The main idea of point compression is to solve EC equation from when X or Y is known. The classical y-coordinate point compression needs , and the extra bit is used to identify correct value as have two roots. National Cheng Kung University CSIE Computer & Internet Architecture Lab

Quadratic Residue If there exists X such that , we , we call d is p’s quadratic residue. For determining if an integer is a quadratic residue, we use following formulas: 1. Fermat‘s little theorem : → 2. Euler‘s Criterion : Since a = X^2, a^((p-1)/2) ≡ X^(p-1) ≡ 1 (mod p is odd), vice versa. We can solve modular quadratic equation by finding square root of a. National Cheng Kung University CSIE Computer & Internet Architecture Lab

Tonelli–Shanks Algorithm Find s, t such that p-1 = t*(2^s), and a random number d, which is not a quadratic residue. (d^((p-1)/2) = -1) Let b = a^((t+1)/2), r = a^t, c = d^t, and we know r^(2^s) = (a^t)^(2^s) = a^((2^s)*t) = a^(p-1) = 1, c^(2^s) = (d^t)^(2^s) = d^((2^s)*t) = d^(p-1) = 1 Let b^2 = a^(t+1) = (a^t)*a = r*a, b is square root of a if r = 1. In the case r is not 1, let (b^2)*(c^(2^(s-i-1))^2) = r*a* (c^(2^(s-i-1))^2) = (b*c^(2^(s-i-1)))^2. We can get b*c^(2^(s-i-1)) is square root of a if r* (c^(2^(s-i-1))^2) is 1. National Cheng Kung University CSIE Computer & Internet Architecture Lab

y-Coordinate Compression The complexity of y-Coordinate Compression is O(1). -y -y ≡ p - y (mod p) The algorithms for computing square roots have worst-case complexity thus, the algorithm y-Coordinate Decompression has the same complexity. National Cheng Kung University CSIE Computer & Internet Architecture Lab

Cube Roots If p ≡ 2 (mod 3), because If p ≡ 1 (mod 3) and a = 1, then a (trivial) cube root of a is 1. Moreover, we can determine a non-trivial cube root of 1 as If p ≡ 1 (mod 3) and a is not 1, then a is a cubic residue if and only if We will consider three subcases: 1. If p ≡ 7 (mod 9), 2. If p ≡ 4 (mod 9), 3. If p ≡ 1 (mod 9) then use the cubic variant of Tonelli-Shanks algorithm. National Cheng Kung University CSIE Computer & Internet Architecture Lab

Cubic Tonelli-Shanks Algo.rithm The other two cube roots can be obtained as follows. Let U be a non-trivial cube root of 1. If is a cube root of a then U* and (U^2)* are also cube roots of a. using Pohlig-Hellman DLA to find k such that National Cheng Kung University CSIE Computer & Internet Architecture Lab

Modular Cubic Equation The most popular polynomial factorization algorithms are Berlekamp with and Cantor-Zassenhaus , where n is the degree of the polynomial. Let us consider the equation with discriminant D = , and when D is not 0, the number of solutions Np is : When D = 0, Np = 3 and solutions are : National Cheng Kung University CSIE Computer & Internet Architecture Lab

Modular Cubic Equation with Single Solution In this case, D is a quadratic non-residue modulo p in Assume , , if and the only solution is : There is an efficient algorithm for evaluating Lucas sequences based on the following properties which costs : National Cheng Kung University CSIE Computer & Internet Architecture Lab

Modular Cubic Equation with Three Solution In this case, D is a quadratic residue modulo p in Assume , , if and there are three solutions for p ≡ 1 (mod 3) when existing Y such that Also, we can get a cubic residue 4(b − y), with three cube roots (z0, z1, z2) indicating three solutions of a cubic equation: The part of p ≡ 2 (mod 3) is rather complicated and thus we omit it. National Cheng Kung University CSIE Computer & Internet Architecture Lab

Modular Cubic Equation Algorithm The most time-consuming part is computing square roots and cube roots. Thus, the worst-case complexity of the algorithm is National Cheng Kung University CSIE Computer & Internet Architecture Lab

x-Coordinate Point Compression The size of the compressed point is at most for The main idea is to sort the solutions of the cubic and identify the component Xp by its index. National Cheng Kung University CSIE Computer & Internet Architecture Lab

x-Coordinate Point Compression In our compression algorithm, because Xp ∈ {(00),(01),(10)}, we may use (11) to signal whether a cubic equation is a quadratic non-residue - thus, computing the discriminant is not required in the decompression phase. The worst-case complexities of x-Coordinate Compression and x-Coordinate Decompression algorithm are the same, namely We have to remark that in case of the equations with p ≡ 1 (mod 3) : The following are available: National Cheng Kung University CSIE Computer & Internet Architecture Lab

Experiments The implementation is written in Visual Studio 2008 on a Intel Core 2 Duo, running on a 2.53 GHz Dell laptop, under Windows 7 operating system. We have compared our algorithms with the algorithms implemented in NTL lib in case of solving cubic equations or finding a cube root. The average times have been measured in milliseconds. For the case of cubic equations with a single solution, we have implemented a binary algorithm for computing the Lucas number and we have compared our Cubic Equation algorithm with FindRoot from NTL lib. National Cheng Kung University CSIE Computer & Internet Architecture Lab

Experiments In case p ≡ 1 (mod 3) and the discriminant is a quadratic residue (the cubic equation has three solutions), we have compared our Cubic Equation algorithm with FindRoots from NTL. The results are presented in Table II. Finally, we have compared our Cubic Tonelli-Shanks algorithm (denoted as CTS) with FindRoot from NTL for the case of computing a cube root. The results are presented in Table III. National Cheng Kung University CSIE Computer & Internet Architecture Lab

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.