Fast Multi-Scalar Multiplication Methods on Elliptic Curves with Precomputation Strategy using Montgomery Trick Hitachi Ltd. Katsuyuki Okeya Kouichi Sakurai.

Slides:



Advertisements
Similar presentations
Yuan Ma, Zongbin Liu, Wuqiong Pan, Jiwu Jing
Advertisements

Computer Organization, Bus Structure
Randomized Signed-Scalar Multiplication of ECC to Resist Power Attacks JaeCheol Ha * and SangJae Moon ** * Korea Nazarene University **
Maintaining Sliding Widow Skylines on Data Streams.
Integers less than 0 are (positive, negative) integers.
Lecture Implementations. The efficiency of a particular cryptographic scheme based on any one of the algebraic structures will depend on a number.
Input & Output Machines
Graduate School of Natural Science and Technology Okayama University Yumi Sakemi, Hidehiro Kato, Shoichi Takeuchi, Yasuyuki Nogami and Yoshitaka Morikawa.
Advanced Information Security 2 SCALAR MULTIPLICATION Dr. Turki F. Al-Somani 2015.
HCI Final Project Robust Real Time Face Detection Paul Viola, Michael Jones, Robust Real-Time Face Detetion, International Journal of Computer Vision,
Lecture #17 INTRODUCTION TO THE FAST FOURIER TRANSFORM ALGORITHM Department of Electrical and Computer Engineering Carnegie Mellon University Pittsburgh,
Advanced in Cryptology – CRYPT 2004, Santa Barbara, August 16, 2004 Signed Binary Representations Revisited Katsuyuki Okeya, Hitachi Katja Schmidt-Samoa,
Elliptic Curve Cryptography Shane Almeida Saqib Awan Dan Palacio.
Area-Time-Efficient Montgomery Modular Multiplication
Digital Kommunikationselektronik TNE027 Lecture 3 1 Multiply-Accumulator (MAC) Compute Sum of Product (SOP) Linear convolution y[n] = f[n]*x[n] = Σ f[k]
Inverse Kinematics Problem: Input: the desired position and orientation of the tool Output: the set of joints parameters.
1 Simulation Modeling and Analysis Verification and Validation.
CHES20021 Scalable and Unified Hardware to Compute Montgomery Inverse in GF(p) and GF(2 n ) A. Gutub, A. Tenca, E. Savas, and C. Koc Information Security.
D Nagesh Kumar, IIScOptimization Methods: M5L4 1 Dynamic Programming Other Topics.
Code Generation CS 480. Can be complex To do a good job of teaching about code generation I could easily spend ten weeks But, don’t have ten weeks, so.
1 Section 2.3 Complexity of Algorithms. 2 Computational Complexity Measure of algorithm efficiency in terms of: –Time: how long it takes computer to solve.
An Efficient Identity-based Cryptosystem for
Computer Organization and Architecture Reduced Instruction Set Computers (RISC) Chapter 13.
Quantum Computing Presented by: Don Davis PHYS
Mathematics in OI Prepared by Ivan Li. Mathematics in OI Greatest Common Divisor Finding Primes High Precision Arithmetic Partial Sum and Differencing.
External Sorting Sort n records/elements that reside on a disk. Space needed by the n records is very large.  n is very large, and each record may be.
HW/SW PARTITIONING OF FLOATING POINT SOFTWARE APPLICATIONS TO FIXED - POINTED COPROCESSOR CIRCUITS - Nalini Kumar Gaurav Chitroda Komal Kasat.
Discrete Methods in Mathematical Informatics Lecture 4: Elliptic Curve Cryptography Implementation(I) 27 th November 2012 Vorapong Suppakitpaisarn
Intro to Multiplying. What you “know” Times tables to ________ Rules for multiplying integers.
Multivariate Signature Scheme using Quadratic Forms Takanori Yasuda (ISIT) Joint work with Tsuyoshi Takagi (Kyushu Univ.), Kouichi Sakurai (Kyushu Univ.)
Multivariate Signature Scheme using Quadratic Forms Takanori Yasuda (ISIT) Joint work with Tsuyoshi Takagi (Kyushu Univ.), Kouichi Sakurai (Kyushu Univ.)
Quick and Easy Binary to dB Conversion George Weistroffer, Jeremy Cooper, and Jerry Tucker Electrical and Computer Engineering Virginia Commonwealth University.
Images Similarity by Relative Dynamic Programming M. Sc. thesis by Ady Ecker Supervisor: prof. Shimon Ullman.
DPA Countermeasures by Improving the Window Method Kouichi Itoh, Jun Yajima, Masahiko Takenaka and Naoya Torii Workshop on Cryptographic Hardware and Embedded.
Kouichi Itoh, Tetsuya Izu and Masahiko Takenaka Workshop on Cryptographic Hardware and Embedded Systems (CHES 2002) August, 2002 Address-bit Differential.
Fast Census Transform-based Stereo Algorithm using SSE2
Cryptographic coprocessor
Multiplication Facts Table of Contents 0’s 1’s 2’s 3’s 4’s 5’s 6’s 7’s 8’s 9’s 10’s.
Composite and Inverse Functions
Muhammad Shoaib Bin Altaf. Outline Motivation Actual Flow Optimizations Approach Results Conclusion.
1 Analysis of Fractional Window Recoding Methods and Their Application to Elliptic Curve Cryptosystems 片斷視窗編碼法的分析及應用到 ECC IEEE Transactions on Computers,
DOMAIN and RANGE SOL 8.18 By Paul Jordan Objective Students will be able to use the terms: domain, range, independent and dependent variable appropriately.
2.3 Multiplying Rational Numbers The product of numbers having the same sign is positive. The product of numbers having different signs is negative.
Coordinate Systems Lecture 1 Fri, Sep 2, The Coordinate Systems The points we create are transformed through a series of coordinate systems before.
The Functions of Operating Systems Spooling. Learning Objectives Describe spooling, explaining why it is used.
Circuits, Truth Tables & Boolean Algebra. Expressions Can describe circuits in terms of Boolean expression.
Computer Graphics CC416 Lecture 04: Bresenham Line Algorithm & Mid-point circle algorithm Dr. Manal Helal – Fall 2014.
Efficient Montgomery Modular Multiplication Algorithm Using Complement and Partition Techniques Speaker: Te-Jen Chang.
Motivation Basis of modern cryptosystems
POWER OPTIMIZATION IN RANDOM PATTERN GENERATOR By D.Girish Kumar 108W1D8007.
Function Let be a mapping. If both A and B are sets of real numbers, we say that f is a function or, more precisely, a real function in one variable. When.
Computers’ Basic Organization
Implementing Subprograms Chapter 10
External Sorting Sort n records/elements that reside on a disk.
Multiplication table. x
Technology Mapping into General Programmable Cells
Fast Truncated Multiplication for Cryptographic Applications
Algorithms Furqan Majeed.
Database Performance Tuning and Query Optimization
Instruction Level Parallelism and Superscalar Processors
Elliptic Curve Cryptography over GF(2m) on a Reconfigurable Computer:
Lecture #17 INTRODUCTION TO THE FAST FOURIER TRANSFORM ALGORITHM
Circuits, Truth Tables & Boolean Algebra
Create an input-output table from the following rule or scenario
Circuits, Truth Tables & Boolean Algebra
Chapter 11 Database Performance Tuning and Query Optimization
1: multiple representations
Lecture #17 INTRODUCTION TO THE FAST FOURIER TRANSFORM ALGORITHM
Design and Analysis of Algorithms
Presentation transcript:

Fast Multi-Scalar Multiplication Methods on Elliptic Curves with Precomputation Strategy using Montgomery Trick Hitachi Ltd. Katsuyuki Okeya Kouichi Sakurai Kyushu Univ.

2/22 Abstract The use of multi-scalar multiplication in the verification of ECDSA Speeding up the multi-scalar multiplication The transformation from scalar multiplication to multi-scalar multiplication Motivation Problem Result Efficient Precomputation provides speedup for multi-scalar multiplication 3 times faster [GLV01] [ANSI]

3/22 Contents Multi-Scalar Multiplication Target of Speedup Proposed Method Comparison

4/22 What is Multi-Scalar Multiplication? Scalar multiplication Multi-scalar multiplication an integer an elliptic point Scalar multiplication integers elliptic points

5/22 Two Computation Methods for Multi-Scalar Multiplication Compute separately two scalar multiplications Separate Method Compute simultaneously two scalar multiplications Scalar multiplication addition Multi-scalar multiplication Simultaneous Method [Aki01, Moe01] [Elg85, HHM00] Shamir’s trick Improvement Window method Comb method [Knu81, CMO98] [LL94] addition

6/22 Computation Process Precomputa- tion stage Evaluation stage InputOutput Preparation of a table Actual computation Table addition Precomputation table

7/22 Target of Speedup Precomputation Stage Evaluation Stage Separate Method Simultaneous Method Slow Fast Many researches exist Controversial ! Not so much studies as evaluation stage [Aki01, Moe01, Sol01] [CC87, MO90, LL94, CMO98, …][CMO98]

8/22 What are Obstacles to Speed up the Precomputation Stage? Many precomputation points Inversions are required (1 per point) Some points are not used in evaluation stage Obstacles Multi-scalar multiplication only

9/22 What are Obstacles to Speed up the Precomputation Stage? Points are computed in affine coordinates Reason Table should be saved points in affine coordinates for speeding up evaluation stage The operation in affine coordinates requires inversion Inversions are required (1 per point) Obstacles Many precomputation points Some points are not used in evaluation stage Multi-scalar multiplication only

10/22 What are Obstacles to Speed up the Precomputation Stage? Reason 2 dimensionsInversions are required (1 per point) Obstacles Multi-scalar multiplication only Some points are not used in evaluation stage Many precomputation points

11/22 What are Obstacles to Speed up the Precomputation Stage? Reason Precomputation stage Points to compute: 64 points Evaluation stage Points to use: 54 points 160 bits, window width 3 Inversions are required (1 per point) Obstacles Multi-scalar multiplication only Many precomputation points Some points are not used in evaluation stage

12/22 Contents Multi-Scalar Multiplication Target of Speedup Proposed Method Comparison

13/22 Simple Improvements has same x-coordinates Simultaneous inversion Negate the y-coordinate Omit computation

14/22 MMMM I MM MM MM Montgomery Trick of Simultaneous Inversions Input Output Cost MM I M: multiplication I: inversion [Coh93] It speeds up the ECM of factorization [Coh93]

15/22 Use of Montgomery Trick (Scalar Multiplication) Montgomery trick reduces from plural inversions to 1 inversion doubling Compute inversion using Montgomery trick addition Preparation of precomputation table addition [CMO98] doubling Use of Montgomery trick

16/22 Use of Montgomery Trick (Multi-Scalar Multiplication) doubling addition Compute inversion using Montgomery trick addition Preparation of precomputation table addition Complicated because of 2 dimensions Montgomery trick reduces from plural inversions to 1 inversion

17/22 Preparation of Precomputation Table Step 0 Step 1 Step 2 Step 3 Precomputation Table Each step uses Montgomery trick of simultaneous inversion

18/22 They cannot be computed in Step 2 Some Points Do Not Need to be Computed Precomputation Table Consider how the points are computed! Step 0 Step 1 Step 2 Step 3

19/22 Proposed Method Step 0 Step 1 Step 2 Step 3 Precomputation Table are first, the middles are last

20/22 Some Points Do Not Need to be Computed Step 0 Step 1 Step 2 Step 3 Precomputation Table It does not affect the computation for the other points

21/22 Comparison Precompu- tation stage Evaluation stage Separate Method Simultaneous Method M Total M M M M M Proposed method 160 bits [CMO98] M M M Conventional Method [HHM00][Moe01]

22/22 Conclusion Speeding up the verification of ECDSA Speeding up the Multi-scalar multiplication Speeding up the scalar multiplication using multi-scalar multiplication Application Problem Result Points Montgomery trick of simultaneous inversions Simplification of precomputation procedures Efficient Precomputation provides speedup for multi-scalar multiplication 3 times faster

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.