Download presentation
Presentation is loading. Please wait.
1
Discrete Methods in Mathematical Informatics Lecture 4: Elliptic Curve Cryptography Implementation(I) 27 th November 2012 Vorapong Suppakitpaisarn vorapong@mist.i.u-tokyo.ac.jp, Eng. 6 Room 363 Download Slide: http://misojiro.t.u-tokyo.ac.jp/~vorapong/
2
Course Information (Many Changes from Last Week) 10/9 – Elliptic Curve I (2 Exercises) (What is Elliptic Curve?) 10/16 – Elliptic Curve II (1 Exercises) (Elliptic Curve Cryptography[1]) 10/23 – Elliptic Curve III (2 Exercises) (Elliptic Curve Cryptography[2]) 10/30 – Cancelled 11/6 – Online Algorithm I (Prof. Han) 11/13 – Online Algorithm II (Prof. Han) 11/20 – Cancelled 11/27 – Elliptic Curve IV (2 Exercises) (ECC Implementation I) 12/4 – Cancelled From 12/11 – To be Announced 10/9 – Elliptic Curve I (2 Exercises) (What is Elliptic Curve?) 10/16 – Elliptic Curve II (1 Exercises) (Elliptic Curve Cryptography[1]) 10/23 – Elliptic Curve III (2 Exercises) (Elliptic Curve Cryptography[2]) 10/30 – Cancelled 11/6 – Online Algorithm I (Prof. Han) 11/13 – Online Algorithm II (Prof. Han) 11/20 – Cancelled 11/27 – Elliptic Curve IV (2 Exercises) (ECC Implementation I) 12/4 – Cancelled From 12/11 – To be Announced Schedule For my part, you need to submit 2 Reports. - Report 1: Select 3 from 6 exercises in Elliptic Curve I – III Submission Deadline: 14 November - Report 2: Select 2 from 4 exercises in Elliptic Curve IV – V Submission Deadline: TBD - Submit your report at Department of Mathematical Informatics’ office [1 st floor of this building] For my part, you need to submit 2 Reports. - Report 1: Select 3 from 6 exercises in Elliptic Curve I – III Submission Deadline: 14 November - Report 2: Select 2 from 4 exercises in Elliptic Curve IV – V Submission Deadline: TBD - Submit your report at Department of Mathematical Informatics’ office [1 st floor of this building] Grading
![Course Information (Many Changes from Last Week) 10/9 – Elliptic Curve I (2 Exercises) (What is Elliptic Curve ) 10/16 – Elliptic Curve II (1 Exercises) (Elliptic Curve Cryptography[1]) 10/23 – Elliptic Curve III (2 Exercises) (Elliptic Curve Cryptography[2]) 10/30 – Cancelled 11/6 – Online Algorithm I (Prof.](http://images.slideplayer.com./25/7905590/slides/slide_2.jpg "Han) 11/13 – Online Algorithm II (Prof. Han) 11/20 – Cancelled 11/27 – Elliptic Curve IV (2 Exercises) (ECC Implementation I) 12/4 – Cancelled From 12/11 – To be Announced 10/9 – Elliptic Curve I (2 Exercises) (What is Elliptic Curve ) 10/16 – Elliptic Curve II (1 Exercises) (Elliptic Curve Cryptography[1]) 10/23 – Elliptic Curve III (2 Exercises) (Elliptic Curve Cryptography[2]) 10/30 – Cancelled 11/6 – Online Algorithm I (Prof. Han) 11/13 – Online Algorithm II (Prof. Han) 11/20 – Cancelled 11/27 – Elliptic Curve IV (2 Exercises) (ECC Implementation I) 12/4 – Cancelled From 12/11 – To be Announced Schedule For my part, you need to submit 2 Reports. - Report 1: Select 3 from 6 exercises in Elliptic Curve I – III Submission Deadline: 14 November - Report 2: Select 2 from 4 exercises in Elliptic Curve IV – V Submission Deadline: TBD - Submit your report at Department of Mathematical Informatics’ office [1 st floor of this building] For my part, you need to submit 2 Reports. - Report 1: Select 3 from 6 exercises in Elliptic Curve I – III Submission Deadline: 14 November - Report 2: Select 2 from 4 exercises in Elliptic Curve IV – V Submission Deadline: TBD - Submit your report at Department of Mathematical Informatics’ office [1 st floor of this building] Grading.")
3
Report I Submitted IDs 48126109 48126119 48126122 48126141 48126143 48126144 48117204 48116219 48126202 48126203 48126206 48126207 48126210 48126212 48126219 48126220 48126228 48126229 48126230 48126232 37126946 37126947
4
Elliptic Curve Cryptography Field Arithmetic Elliptic Curve Arithmetic Point Addition A = -4, B = 4 Scalar Multiplication Compute rP = 14P r = 14 = (0 1 1 1 0) 2 P3P3P7P7P14P 6P6P2P2P O 2 Point Additions 3 Point Doubles ECC Protocol Generate P 2 E(F) Generate positive integers a Receive Q = bP Compute aQ = abP Receive P Receive S = aP Generate positive integer b Compute bS = abP P aP bP
5
Elliptic Curve Cryptography Field Arithmetic Elliptic Curve Arithmetic Point Addition A = -4, B = 4 Scalar Multiplication Compute rP = 14P r = 14 = (0 1 1 1 0) 2 P3P3P7P7P14P 6P6P2P2P O 2 Point Additions 3 Point Doubles ECC Protocol Generate P 2 E(F) Generate positive integers a Receive Q = bP Compute aQ = abP Receive P Receive S = aP Generate positive integer b Compute bS = abP P aP bP
6
Classical Method: O(n 2 ) Karatsuba’s Method (Practical):O(n lg 3 ) = O(n 1.585… ) Furer’s Method (STOC2007):O(n logn 2 O(lg* n) ) Field Multiplication Slow Division Algorithm??? Montgomery Multiplication [Montgomery 1985] As Fast As Multiplication
7
Montgomery Reduction Example
8
Field Squaring Montgomery Multiplication Let the computation time of one field multiplication be [m], one field squaring be [s], one field inversion be [i].
![Field Squaring Montgomery Multiplication Let the computation time of one field multiplication be [m], one field squaring be [s], one field inversion be [i].](http://images.slideplayer.com./25/7905590/slides/slide_8.jpg "Field Squaring Montgomery Multiplication Let the computation time of one field multiplication be [m], one field squaring be [s], one field inversion be [i].")
9
Elliptic Curve Cryptography Field Arithmetic Elliptic Curve Arithmetic Point Addition A = -4, B = 4 Scalar Multiplication Compute rP = 14P r = 14 = (0 1 1 1 0) 2 P3P3P7P7P14P 6P6P2P2P O 2 Point Additions 3 Point Doubles ECC Protocol Generate P 2 E(F) Generate positive integers a Receive Q = bP Compute aQ = abP Receive P Receive S = aP Generate positive integer b Compute bS = abP P aP bP
10
Projective Coordinate [cf. Cohen, Miyaji, Ono, 1998] Affine CoordinateProjective Coordinate P3P3P7P7P14P 6P6P2P2P O 2 Point Additions > 2 [i] 3 Point Doubles > 3 [i] P = (x 1,y 1 ) (x 1 : y 1 : 1) Point Double in Projective Coordinate 2P = (x 2,y 2 ) (X 2 : Y 2 : Z 2 ) Point Addition in Projective Coordinate 3P = (x 3,y 3 ) (X 3 : Y 3 : Z 3 ) … (X 14 : Y 14 : Z 14 ) 5 Point Inversions 2 Point Inversions
11
Point Addition In Projective Coordinate Goal Projective Coordinate Affine Coordinate
12
Efficiency Affine Coordinate [i]+[m] [s][s] [m][m] Projective Coordinate [m][m][m][m] 2[m] [s]+2[m][s]+[m][m][m] [m][m] [m][m][m][m] [m][m] Cost
![Efficiency Affine Coordinate [i]+[m] [s][s] [m][m] Projective Coordinate [m][m][m][m] 2[m] [s]+2[m][s]+[m][m][m] [m][m] [m][m][m][m] [m][m] Cost](http://images.slideplayer.com./25/7905590/slides/slide_12.jpg "Efficiency Affine Coordinate [i]+[m] [s][s] [m][m] Projective Coordinate [m][m][m][m] 2[m] [s]+2[m][s]+[m][m][m] [m][m] [m][m][m][m] [m][m] Cost")
13
Exercise Exercise 6 Affine Coordinate
14
Other Coordinates CoordinateCost for Point Addition Cost for Point Double Affine[i] + 2[m] + [s] = 102.8[m] [i] + 2[m] + 2[s] = 103.6[m] Projective(X : Y : Z) (X/Z, Y/Z) 12[m] + 2[s] = 13.6[m] 7[m] + 5[s] = 11[m] Jacobian [Chudnovsky 1986] (X : Y : Z) (X/Z 2, Y/Z 3 ) 12[m] + 4[s] = 15.2[m] 8[m] + 3[s] = 10.4[m] Chudnovsky Jocobian [Chudnovsky 1986] (X : Y : Z : Z 2 : Z 3 ) (X/Z 2, Y/Z 3 ) 11[m] + 3[s] = 13.4[m] 5[m] + 6[s] = 9.8[m] Modified Jocobian [Cohen, Ono, Miyaji 1998] (X : Y : Z : αZ 4 ) (X/Z 2, Y/Z 3 ) 13[m] + 6[s] = 17.8[m] 4[m] + 4[s] = 7.6[m]
![Other Coordinates CoordinateCost for Point Addition Cost for Point Double Affine[i] + 2[m] + [s] = 102.8[m] [i] + 2[m] + 2[s] = 103.6[m] Projective(X : Y : Z) (X/Z, Y/Z) 12[m] + 2[s] = 13.6[m] 7[m] + 5[s] = 11[m] Jacobian [Chudnovsky 1986] (X : Y : Z) (X/Z 2, Y/Z 3 ) 12[m] + 4[s] = 15.2[m] 8[m] + 3[s] = 10.4[m] Chudnovsky Jocobian [Chudnovsky 1986] (X : Y : Z : Z 2 : Z 3 ) (X/Z 2, Y/Z 3 ) 11[m] + 3[s] = 13.4[m] 5[m] + 6[s] = 9.8[m] Modified Jocobian [Cohen, Ono, Miyaji 1998] (X : Y : Z : αZ 4 ) (X/Z 2, Y/Z 3 ) 13[m] + 6[s] = 17.8[m] 4[m] + 4[s] = 7.6[m]](http://images.slideplayer.com./25/7905590/slides/slide_14.jpg "Other Coordinates CoordinateCost for Point Addition Cost for Point Double Affine[i] + 2[m] + [s] = 102.8[m] [i] + 2[m] + 2[s] = 103.6[m] Projective(X : Y : Z) (X/Z, Y/Z) 12[m] + 2[s] = 13.6[m] 7[m] + 5[s] = 11[m] Jacobian [Chudnovsky 1986] (X : Y : Z) (X/Z 2, Y/Z 3 ) 12[m] + 4[s] = 15.2[m] 8[m] + 3[s] = 10.4[m] Chudnovsky Jocobian [Chudnovsky 1986] (X : Y : Z : Z 2 : Z 3 ) (X/Z 2, Y/Z 3 ) 11[m] + 3[s] = 13.4[m] 5[m] + 6[s] = 9.8[m] Modified Jocobian [Cohen, Ono, Miyaji 1998] (X : Y : Z : αZ 4 ) (X/Z 2, Y/Z 3 ) 13[m] + 6[s] = 17.8[m] 4[m] + 4[s] = 7.6[m]")
15
Elliptic Curve Cryptography Field Arithmetic Elliptic Curve Arithmetic Point Addition A = -4, B = 4 Scalar Multiplication Compute rP = 14P r = 14 = (0 1 1 1 0) 2 P3P3P7P7P14P 6P6P2P2P O 2 Point Additions 3 Point Doubles ECC Protocol Generate P 2 E(F) Generate positive integers a Receive Q = bP Compute aQ = abP Receive P Receive S = aP Generate positive integer b Compute bS = abP P aP bP
16
Scalar Multiplication and Binary Representation Scalar Multiplication on Elliptic Curve Cryptography S = P + P + … + P = rP when r1 is positive integer, S,P is a member of the curve Double-and-add method Let r = 14 = (01110)2 Compute rP = 14P r = 14 = (0 1 1 1 0)2 Weight = 3 P3P3P7P7P14P 6P6P2P2P 3 – 1 = 2 Point Additions 4 – 1 = 3 Point Doubles r times O For [0,2 n -1], n - 1 times? Average # of Point Doubles? For [0,2 n -1], n/2 - 1 times? (Average Weight = n/2) Average # of Point Additions?
![Scalar Multiplication and Binary Representation Scalar Multiplication on Elliptic Curve Cryptography S = P + P + … + P = rP when r1 is positive integer, S,P is a member of the curve Double-and-add method Let r = 14 = (01110)2 Compute rP = 14P r = 14 = ( )2 Weight = 3 P3P3P7P7P14P 6P6P2P2P 3 – 1 = 2 Point Additions 4 – 1 = 3 Point Doubles r times O For [0,2 n -1], n - 1 times.](http://images.slideplayer.com./25/7905590/slides/slide_16.jpg "Average # of Point Doubles. For [0,2 n -1], n/2 - 1 times. (Average Weight = n/2) Average # of Point Additions .")
17
Redundant Binary Representation Change Digit Set can help Scalar Multiplication faster Represent each digit using {0, 1, -1} instead of {0,1}. Redundant, then use Minimum Weight Conversion to find Minimum Weight Expansion (the expansion that have the minimum joint weight) Weight = 2 P2P2P4P4P 7P 7P 4P4P2P2P 8P O Compute rP = 14P r = 14 = (1 0 0 -1 0) 2 14P 2 – 1 = 1 Point Additions 5 – 1 = 4 Point Doubles 3 – 1 = 2 Point Additions 4 – 1 = 3 Point Doubles For [0,2 n -1], n times? Average # of Point Doubles? For [0,2 n -1], n/3 - 1 times? (Average Weight = n/3) Average # of Point Additions? For [0,2 n -1], n - 1 times? Average # of Point Doubles? For [0,2 n -1], n/2 - 1 times? (Average Weight = n/2) Average # of Point Additions?
18
Non-Adjacent Form S = (s n-1 s n-2 … s 0 ) is Non-Adjacent Form of positive integer r iff Definition S is Minimum Weight {0, ±1}-Expansion of r if S is Non-Adjacent Form of r Optimality S = (s n-1 s n-2 … s 0 ) is D S -Expansion of positive integer r iff Definition S = (s n-1 s n-2 … s 0 ) is Minimum Weight D S -Expansion of positive integer r iff Definition
19
Algorithm Simple Fact n - 1 consecutive 1’sn - 2 consecutive 1’s Ex Example 1 0 0 0 -1 Algorithm
20
Average Hamming Density Definition Proposition Algorithm Proof Pr[s t = 0] = 0.5 Pr[s t = 1] = 0.5 0.5 0.25 0.5 0.25 0.5 2/3 1/3 1 2 3 3 2 2/3 1/3 12/6 0 1 1 1 1 2/3 1/3 4/6
![Average Hamming Density Definition Proposition Algorithm Proof Pr[s t = 0] = 0.5 Pr[s t = 1] = /3 1/ /3 1/3 12/ /3 1/3 4/6](http://images.slideplayer.com./25/7905590/slides/slide_20.jpg "Average Hamming Density Definition Proposition Algorithm Proof Pr[s t = 0] = 0.5 Pr[s t = 1] = /3 1/ /3 1/3 12/ /3 1/3 4/6")
21
Redundant Binary Representation Change Digit Set can help Scalar Multiplication faster Represent each digit using {0, 1, -1} instead of {0,1}. Redundant, then use Minimum Weight Conversion to find Minimum Weight Expansion (the expansion that have the minimum joint weight) Weight = 2 P2P2P4P4P 7P 7P 4P4P2P2P 8P O Compute rP = 14P r = 14 = (1 0 0 -1 0) 2 14P 2 – 1 = 1 Point Additions 5 – 1 = 4 Point Doubles 3 – 1 = 2 Point Additions 4 – 1 = 3 Point Doubles For [0,2 n -1], n times? Average # of Point Doubles? For [0,2 n -1], n/3 - 1 times? (Average Weight = n/3) Average # of Point Additions? For [0,2 n -1], n - 1 times? Average # of Point Doubles? For [0,2 n -1], n/2 - 1 times? (Average Weight = n/2) Average # of Point Additions?
22
Double-Base Number System [Dimitrov, Cooklev, IEEE Trans. on Circuits and Systems, 1995] 00 0) 2 (1 14 = O P 2P2P4P4P8P8P14P 2P2P4P4P7P7P 2424 23232 2121 2020 Base 2 1 -1) 2 (0 14 = O 3P3P6P6P15P P2P2P5P5P14P 3434 3 3232 3131 3030 Base 3 1 Point Additions 4 Point Doubles 3 Point Additions 3 Point Triples 24342434 24332433 24322432 24312431 24302430 23342334 23332333 23322332 23312331 23302330 22342234 22332233 22322232 22312231 22302230 21342134 21332133 21322132 21312131 21302130 20342034 20332033 20322032 20312031 20302030 24342434 24332433 24322432 24312431 24302430 23342334 23332333 23322332 23312331 23302330 22342234 22332233 22322232 22312231 22302230 21342134 21332133 21322132 21312131 21302130 20342034 20332033 20322032 20312031 20302030 1 1 14 = 2 3 3 0 + 2 1 3 1 Hard to introduce to Scalar Multiplication Too General
23
Double-Base Chain [Dimitrov, Imbert, Mishra, Math of Computation, 2008] whenand Double-Base Number System With More Restriction
![Double-Base Chain [Dimitrov, Imbert, Mishra, Math of Computation, 2008] whenand Double-Base Number System With More Restriction](http://images.slideplayer.com./25/7905590/slides/slide_23.jpg "Double-Base Chain [Dimitrov, Imbert, Mishra, Math of Computation, 2008] whenand Double-Base Number System With More Restriction")
24
Double Base Number System (DBNS) Double-Base Number System [Dimitrov, Cooklev, IEEE Trans. on Circuits and Systems, 1995] 24342434 24332433 24322432 24312431 24302430 23342334 23332333 23322332 23312331 23302330 22342234 22332233 22322232 22312231 22302230 21342134 21332133 21322132 21312131 21302130 20342034 20332033 20322032 20312031 20302030 1 1 14 = 2 3 3 0 + 2 1 3 1 Double Base Chains (DBC) 24342434 24332433 24322432 24312431 24302430 23342334 23332333 23322332 23312331 23302330 22342234 22332233 22322232 22312231 22302230 21342134 21332133 21322132 21312131 21302130 20342034 20332033 20322032 20312031 20302030 1 1 14 = 2 2 3 1 + 2 1 3 0 24342434 24332433 24322432 24312431 24302430 23342334 23332333 23322332 23312331 23302330 22342234 22332233 22322232 22312231 22302230 21342134 21332133 21322132 21312131 21302130 20342034 20332033 20322032 20312031 20302030 1 1 127 = 2 2 3 3 + 2 1 3 2 + 2 1 3 0 1 24342434 24332433 24322432 24312431 24302430 23342334 23332333 23322332 23312331 23302330 22342234 22332233 22322232 22312231 22302230 21342134 21332133 21322132 21312131 21302130 20342034 20332033 20322032 20312031 20302030 1 1 1
25
Double-Base Chain [Dimitrov, Imbert, Mishra, Math of Computation, 2008] k = 127 = 2 2 3 3 + 2 1 3 2 + 2 0 3 0 Digit 101001 Base2 2 3 3 2 1 3 3 2 1 3 2 2 0 3 2 2 0 3 1 3 0 3 0 O P 2P2P 2P2P 6P6P 7P7P 14P 42P 126P 127P whenand 2 Point Additions, 2 Point Doubles, 3 Point Triples Given k Given C add - Computation time of a Point Addition Given C dbl - Computation time of a Point Double Given C tpl - Computation time of a Point Triple Find the Chain With Smallest Total Computation Time Problem Double-Base Number System With More Restriction Similar to Double-and- add Methods
![Double-Base Chain [Dimitrov, Imbert, Mishra, Math of Computation, 2008] k = 127 = Digit Base O P 2P2P 2P2P 6P6P 7P7P 14P 42P 126P 127P whenand 2 Point Additions, 2 Point Doubles, 3 Point Triples Given k Given C add - Computation time of a Point Addition Given C dbl - Computation time of a Point Double Given C tpl - Computation time of a Point Triple Find the Chain With Smallest Total Computation Time Problem Double-Base Number System With More Restriction Similar to Double-and- add Methods](http://images.slideplayer.com./25/7905590/slides/slide_25.jpg "Double-Base Chain [Dimitrov, Imbert, Mishra, Math of Computation, 2008] k = 127 = Digit Base O P 2P2P 2P2P 6P6P 7P7P 14P 42P 126P 127P whenand 2 Point Additions, 2 Point Doubles, 3 Point Triples Given k Given C add - Computation time of a Point Addition Given C dbl - Computation time of a Point Double Given C tpl - Computation time of a Point Triple Find the Chain With Smallest Total Computation Time Problem Double-Base Number System With More Restriction Similar to Double-and- add Methods")
26
Algorithms [Suppakitpaisarn, Edahiro, Imai, 2012] k = 10, C tpl = 1, C dbl = 1, C add = 1 How to compute kP = 10P 1.Compute 5P 2.Double the point to 10P = 2. 5P 1.Compute 5P 2.Double the point to 10P = 2. 5P Plan A 1.Compute 3P 2.Triple the point to 9P = 3. 3P 3.Add the point with P (9P + P = 10P) 1.Compute 3P 2.Triple the point to 9P = 3. 3P 3.Add the point with P (9P + P = 10P) Plan B Optimize Computation Time of 5P + Point Double = C(5P) + C dbl = 3 + 1 = 4 Optimize Computation Time of 5P + Point Double = C(5P) + C dbl = 3 + 1 = 4 Cost Optimize Computation Time of 3P + Point Triple + Point Addition = C(3P) + C tpl + C add = 1 + 1 + 1 = 3 Optimize Computation Time of 3P + Point Triple + Point Addition = C(3P) + C tpl + C add = 1 + 1 + 1 = 3 Cost Our Results
![Algorithms [Suppakitpaisarn, Edahiro, Imai, 2012] k = 10, C tpl = 1, C dbl = 1, C add = 1 How to compute kP = 10P 1.Compute 5P 2.Double the point to 10P = 2.](http://images.slideplayer.com./25/7905590/slides/slide_26.jpg "5P 1.Compute 5P 2.Double the point to 10P = 2. 5P Plan A 1.Compute 3P 2.Triple the point to 9P = 3. 3P 3.Add the point with P (9P + P = 10P) 1.Compute 3P 2.Triple the point to 9P = 3. 3P 3.Add the point with P (9P + P = 10P) Plan B Optimize Computation Time of 5P + Point Double = C(5P) + C dbl = = 4 Optimize Computation Time of 5P + Point Double = C(5P) + C dbl = = 4 Cost Optimize Computation Time of 3P + Point Triple + Point Addition = C(3P) + C tpl + C add = = 3 Optimize Computation Time of 3P + Point Triple + Point Addition = C(3P) + C tpl + C add = = 3 Cost Our Results.")
27
Algorithm C(k) =min(, ) if k mod 6 == 0 min(, ) if k mod 6 == 1 min(, ) if k mod 6 == 2 min(, ) if k mod 6 == 3 min(, ) if k mod 6 == 4 min(, ) if k mod 6 == 5 C(k/2) + P dbl C(k/2) + P dbl + P add C(k/3) + P tpl C(k/3) + P tpl + P add infinity Dynamic Programming Time : lg 2 k Memory : lg 2 k 1 1 0 0 0 0 3 3 1 1 3 3 Our Results
28
Prime Field (F p ) Experiments on Inverted Edward Coordinates [Bernstein, Lange, AAECC 2007] C dbl = 6.2[m], C tpl = 12.2[m], C add = 9.8[m] Algorithm192 bits256 bits320 bits384 bits512 bits NAF [Egecioglu, Koc, Theo. Comp. Sci., 1994] 1817.62423.53029.33635.24241.1 Ternary/Binary [Dimitrov, Jullien, Miller, Information Processing Letters, 1998] 1761.22353.62944.93537.24129.6 DB-Chain [Dimitrov, Imbert, Mishra, Math. of Comp., April 2008] 1725.52302.02879.13455.24032.4 Tree-Based Approach [Doche, Habsieger, ACISP 2008, July 2008] 1691.32255.82821.03386.03950.3 Optimized DB-Chain [Our Result] 1624.52168.22710.93254.13796.3 3.95 %3.88 %3.90 % Our Results
![Prime Field (F p ) Experiments on Inverted Edward Coordinates [Bernstein, Lange, AAECC 2007] C dbl = 6.2[m], C tpl = 12.2[m], C add = 9.8[m] Algorithm192 bits256 bits320 bits384 bits512 bits NAF [Egecioglu, Koc, Theo.](http://images.slideplayer.com./25/7905590/slides/slide_28.jpg "Comp. Sci., 1994] Ternary/Binary [Dimitrov, Jullien, Miller, Information Processing Letters, 1998] DB-Chain [Dimitrov, Imbert, Mishra, Math. of Comp., April 2008] Tree-Based Approach [Doche, Habsieger, ACISP 2008, July 2008] Optimized DB-Chain [Our Result] %3.88 %3.90 % Our Results.")
29
Double-Base Chain [Dimitrov, Imbert, Mishra, Math of Computation, 2008] k = 127 = 2 2 3 3 + 2 1 3 2 + 2 0 3 0 Digit 101001 Base2 2 3 3 2 1 3 3 2 1 3 2 2 0 3 2 2 0 3 1 3 0 3 0 O P 2P2P 2P2P 6P6P 7P7P 14P 42P 126P 127P whenand 2 Point Additions, 2 Point Doubles, 3 Point Triples Given k Given C add - Computation time of a Point Addition Given C dbl - Computation time of a Point Double Given C tpl - Computation time of a Point Triple Find the Chain With Smallest Total Computation Time Double-Base Number System With More Restriction Similar to Double-and- add Methods Given k Given C add = 1, C dbl = 0, C tpl = 0 Find the Chain With Smallest Total Computation Time Given k Given C add = 1, C dbl = 0, C tpl = 0 Find the shortest chain (the chain with smallest number of terms) Problem
![Double-Base Chain [Dimitrov, Imbert, Mishra, Math of Computation, 2008] k = 127 = Digit Base O P 2P2P 2P2P 6P6P 7P7P 14P 42P 126P 127P whenand 2 Point Additions, 2 Point Doubles, 3 Point Triples Given k Given C add - Computation time of a Point Addition Given C dbl - Computation time of a Point Double Given C tpl - Computation time of a Point Triple Find the Chain With Smallest Total Computation Time Double-Base Number System With More Restriction Similar to Double-and- add Methods Given k Given C add = 1, C dbl = 0, C tpl = 0 Find the Chain With Smallest Total Computation Time Given k Given C add = 1, C dbl = 0, C tpl = 0 Find the shortest chain (the chain with smallest number of terms) Problem](http://images.slideplayer.com./25/7905590/slides/slide_29.jpg "Double-Base Chain [Dimitrov, Imbert, Mishra, Math of Computation, 2008] k = 127 = Digit Base O P 2P2P 2P2P 6P6P 7P7P 14P 42P 126P 127P whenand 2 Point Additions, 2 Point Doubles, 3 Point Triples Given k Given C add - Computation time of a Point Addition Given C dbl - Computation time of a Point Double Given C tpl - Computation time of a Point Triple Find the Chain With Smallest Total Computation Time Double-Base Number System With More Restriction Similar to Double-and- add Methods Given k Given C add = 1, C dbl = 0, C tpl = 0 Find the Chain With Smallest Total Computation Time Given k Given C add = 1, C dbl = 0, C tpl = 0 Find the shortest chain (the chain with smallest number of terms) Problem")
30
On-Going… DBNS Double-Base Chain Input: k Output: m k * Solved by DP [Our Results] Input: k Output: m k * Tractable??? SAT??? [Dimitrov, Cooklev, 1995] [Our Results]
![On-Going… DBNS Double-Base Chain Input: k Output: m k * Solved by DP [Our Results] Input: k Output: m k * Tractable .](http://images.slideplayer.com./25/7905590/slides/slide_30.jpg "SAT . [Dimitrov, Cooklev, 1995] [Our Results].")
31
Exercise Exercise 7 Exercise 6
32
Thank you for your attention Please feel free to ask questions or comment.
Similar presentations
