Graduate School of Natural Science and Technology Okayama University Yumi Sakemi, Hidehiro Kato, Shoichi Takeuchi, Yasuyuki Nogami and Yoshitaka Morikawa.

Slides:



Advertisements
Similar presentations
CRT RSA Algorithm Protected Against Fault Attacks WISTP - 5/10/07 Arnaud BOSCHER Spansion EMEA Robert NACIRI Oberthur Card Systems Emmanuel PROUFF Oberthur.
Advertisements

Pairing Friendly Elliptic Curves of Prime Order with Embedding degree 12 Paulo Barreto and Michael Naehrig Presented by Mike Scott.
An Introduction to Pairing Based Cryptography Dustin Moody October 31, 2008.
Are standards compliant Elliptic Curve Cryptosystems feasible on RFID?
Mathematics of Cryptography Part II: Algebraic Structures
Cryptography and Network Security
Chapter 4 Finite Fields. Introduction of increasing importance in cryptography –AES, Elliptic Curve, IDEA, Public Key concern operations on “numbers”
Russell Martin August 9th, Contents Introduction to CPABE Bilinear Pairings Group Selection Key Management Key Insulated CPABE Conclusion & Future.
Parshuram Budhathoki FAU October 25, /25/2012 Ph.D. Preliminary Exam, Department of Mathematics, FAU.
Efficient Implementation of Cryptographic pairings Mike Scott Dublin City University.
COM 5336 Cryptography Lecture 7a Primality Testing
Notation Intro. Number Theory Online Cryptography Course Dan Boneh
The XTR public key system (extended version of Crypto 2000 presentation) Arjen K. Lenstra Citibank, New York Technical University Eindhoven Eric R. Verheul.
Implementing Cryptographic Pairings on Smartcards Mike Scott.
CNS2010handout 8 :: introduction to number theory1 computer and network security matt barrie.
Hidden pairings and trapdoor DDH groups Alexander W. Dent Joint work with Steven D. Galbraith.
Chapter 4 – Finite Fields Introduction  will now introduce finite fields  of increasing importance in cryptography AES, Elliptic Curve, IDEA, Public.
CHES20021 Scalable and Unified Hardware to Compute Montgomery Inverse in GF(p) and GF(2 n ) A. Gutub, A. Tenca, E. Savas, and C. Koc Information Security.
Theory I Algorithm Design and Analysis (9 – Randomized algorithms) Prof. Dr. Th. Ottmann.
WS Algorithmentheorie 03 – Randomized Algorithms (Public Key Cryptosystems) Prof. Dr. Th. Ottmann.
IHP Im Technologiepark Frankfurt (Oder) Germany IHP Im Technologiepark Frankfurt (Oder) Germany ©
UMass Lowell Computer Science Analysis of Algorithms Prof. Karen Daniels Fall, 2001 Lecture 7 Tuesday, 11/6/01 Number-Theoretic Algorithms Chapter.
ASYMMETRIC CIPHERS.
Peter Lam Discrete Math CS.  Sometimes Referred to Clock Arithmetic  Remainder is Used as Part of Value ◦ i.e Clocks  24 Hours in a Day However, Time.
LECTURE 5 Learning Objectives  To apply division algorithm  To apply the Euclidean algorithm.
Chapter 9 Mathematics of Cryptography Part III: Primes and Related Congruence Equations Copyright © The McGraw-Hill Companies, Inc. Permission required.
Implementing Cryptographic Pairings Mike Scott TexPoint fonts used in EMF: AAAA A A AAAA A AA A A A.
Mathematics of Cryptography Part I: Modular Arithmetic
FINITE FIELDS 7/30 陳柏誠.
An Efficient Identity-based Cryptosystem for
CPSC 3730 Cryptography and Network Security
Cryptography and Network Security Introduction to Finite Fields.
AES Background and Mathematics CSCI 5857: Encoding and Encryption.
Monoids, Groups, Rings, Fields
Computer Science CSC 774 Advanced Network Security Topic 2.6 ID Based Cryptography #2 Slides by An Liu.
Introduction to Modern Cryptography Sharif University Spring 2015 Data and Network Security Lab Sharif University of Technology Department of Computer.
Elliptical Curve Cryptography Manish Kumar Roll No - 43 CS-A, S-7 SOE, CUSAT.
Chapter 4 – Finite Fields
Data Security and Encryption (CSE348) 1. Lecture # 12 2.
Scott CH Huang COM 5336 Cryptography Lecture 6 Public Key Cryptography & RSA Scott CH Huang COM 5336 Cryptography Lecture 6.
Information Security Lab. Dept. of Computer Engineering 87/121 PART I Symmetric Ciphers CHAPTER 4 Finite Fields 4.1 Groups, Rings, and Fields 4.2 Modular.
Cryptography and Network Security Chapter 4. Introduction  will now introduce finite fields  of increasing importance in cryptography AES, Elliptic.
Notation Intro. Number Theory Online Cryptography Course Dan Boneh
Introduction PreparationMain result Conclusion A Method for Constructing A Self-Dual Normal Basis in Odd Characteristic Extension Field Department of Communication.
Copyright 2012, Toshiba Corporation. A Survey on the Algebraic Surface Cryptosystems Koichiro Akiyama ( TOSHIBA Corporation ) Joint work with Prof. Yasuhiro.
Lecture 9 Elliptic Curves. In 1984, Hendrik Lenstra described an ingenious algorithm for factoring integers that relies on properties of elliptic curves.
Assignment #3 Solutions January 24, Practical Aspects of Modern Cryptography Problem #1 Use Fermat’s Little Theorem and induction on k to prove.
Introduction to Number Theory
9.1 Primes and Related Congruence Equations 23 Sep 2013.
Dan Boneh Intro. Number Theory Arithmetic algorithms Online Cryptography Course Dan Boneh.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
1 The RSA Algorithm Rocky K. C. Chang February 23, 2007.
Efficient Montgomery Modular Multiplication Algorithm Using Complement and Partition Techniques Speaker: Te-Jen Chang.
Motivation Basis of modern cryptosystems
Public Key Cryptography. Asymmetric encryption is a form of cryptosystem in which Encryption and decryption are performed using the different keys—one.
Number-Theoretic Algorithms
Computer Science 210 Computer Organization
An Introduction to Pairing Based Cryptography
D. Cheung – IQC/UWaterloo, Canada D. K. Pradhan – UBristol, UK
Identity Based Encryption
An Introduction to Pairing Based Cryptography
Unified Architectures for Efficient and Compact Crypto-Processing
MIRACL & PBC Yung-Hsiang Liu.
The Application of Elliptic Curves Cryptography in Embedded Systems
CSE 311 Foundations of Computing I
Practical Aspects of Modern Cryptography
Lecture 30 CSE 331 Nov 12, 2012.
Mathematical Background for Cryptography
Presentation transcript:

Graduate School of Natural Science and Technology Okayama University Yumi Sakemi, Hidehiro Kato, Shoichi Takeuchi, Yasuyuki Nogami and Yoshitaka Morikawa Two Improvements of Twisted Ate Pairing with Barreto–Naehrig Curve by Dividing Miller’s Algorithm

Elliptic curve cryptography Finite field theory Background Pairing based cryptography Identity(ID)-based cryptography ( Sakai et al ) Group signature ( Boneh et al ) An efficient algorithm for pairing calculation is required. 2 expensive operation!! Pairing Pairing based cryptography

Elliptic Curve over Finite Field ○ Finite fields ○ Elliptic curve over ● : rational point Prime field Extension Field order of : 3 Group of rational points on the curve : : embedding degree

Pairing 4 Group 1 Group 2 Group 3 order= r e additive multiplicative

Pairing 5 Group 1 Group 2 Group 3 order = r

Pairing 6 Group 1 Group 2 Group 3 order = r

Pairing 7 Group 1 Group 2 Group 3 order = r Bilinearity Innovative cryptographic applications are based on bilinearity of pairing.

Pairing 8 Group 1 Group 2 Group 3 order = r Final exponentiation Miller’s algorithm Weil Tate Ate Twisted Ate slow fast Miller’s algorithm Several improvements for pairing (1946) (2006) (1994) (2006)

Barreto-Naehrig(BN) Curve Elliptic curve of k =12 Parameters p, r and t of BN curve are given by integer variable as 9

Miller’s Algorithm Output : i-th bit of the binary representation of s from the lower Hw(s) : Hamming Weight of s Hw(s) is large → computationally expensive 10 yes no yes no additional operation main loop Input :

Twisted Ate Pairing with BN Curve It is not easy to control the Hw(s) small !! 11 : integer We can select of small hamming weight.

Improvement 1 conventional method Miller’s algorithm ( s ) 12 Out put Improvement 1 is based on divisor theorem proposed method Miller’s algorithm ( ) Miller’s algorithm ( ) Miller’s algorithm ( ) Combining Output

Improvement 2 Miller’s algorithm ( a ) Miller’s algorithm ( ab ) Output f ab Miller’s algorithm ( b ) combining fafa fbfb f ab = f a b ・ f b An exponentiation is additionally required !! f ap = f a p ・ f p Frobenius mapping 12

Improvement 2 conventional method Miller’s algorithm ( s ) Out put 13 proposed method Miller’s algorithm ( ) Miller’s algorithm ( p ) combining and some calculations Output s = ( 6  - 3 ) p + ( 6  - 1) s = 36  3 - 18  2 + 6  - 1 f s is given by f  and f p.

Computational environment

Experimental results [ms] % 14 conventionalImprovement 1Improvement 2 Miller’s algorithm Final exponentiation4.70 total

Conclusion ○ We proposed two improvements for twisted Ate pairing. ○ It was shown that they have almost the same efficiency. 16

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.