SlideShare ist ein Scribd-Unternehmen logo

Fp12_Efficient_SCM

Als PPTX, PDF herunterladen
Md. Al-Amin Khandaker Nipu
Md. Al-Amin Khandaker Nipu
1 von 20
Introduction Preparation Proposal Conclusion An Improvement of Scalar Multiplication on Elliptic Curve Defined over Extension Field Khandaker Md. Al-Amin (PhD Student) & Dr. Yasuyuki Nogami Secure Wireless System Lab Department of Information and Communication Systems Faculty of Engineering, Okayama University, Japan
Outline Introduction • Background • Motivation Preparation • Preparing extension field arithmetic • Finding out good parameters Our Proposal • Construction procedure • Result evaluation Conclusion and Future work Introduction Preparation Proposal Conclusion 2
Background Public key cryptography • Elliptic curve cryptography • Pairing-based cryptographic applications Introduction Preparation Proposal Conclusion RSA is widely used. Public key cryptography • Elliptic curve cryptography • Pairing-based cryptographic applications ECC has faster key generation, shorter key size with same security level than RSA. 3
Background Public key cryptography • Elliptic curve cryptography • Pairing-based cryptographic applications ID-based cryptography, Group signature, Broadcast encryption Finite field • Prime field • Extension field Introduction Preparation Proposal Conclusion Need arithmetic operations in a certain extension field. ECDLP encourages Elliptic Curve Scalar Multiplication is the most time consuming operation 4
Background Paring Based cryptography requires • Paring friendly curve • Barreto-Naehrig (BN) curve is well known Introduction Preparation Proposal Conclusion where • Systematically generated parameters Here t is almost half size of r 5
Background Elliptic Curve cryptography Introduction Preparation Proposal Conclusion Let two rational points on is the tangent at the point on EC is the Point at Infinity 6
Background Introduction Preparation Proposal Conclusion Their addition , where Coordinates of is calculated as follows. P Q, then P + Q = R is elliptic curve addition (ECA). P = Q, then P +Q =2P = R is elliptic curve doubling (ECD).7 Elliptic Curve cryptography Let two rational points on
Background Elliptic Curve cryptography • Elliptic Curve Addition Introduction Preparation Proposal Conclusion 8 ECA Draw the line throw P and Q Intersects at point -R Symmetric to -R is R R is the result of P+Q
Background Elliptic Curve cryptography Introduction Preparation Proposal Conclusion 9 ECD Tangent through P,Q Intersects curve at point -R Symmetric to -R is R R is the result of P+Q=2Q Elliptic Curve cryptography • Elliptic Curve Doubling
Motivation Introduction Preparation Proposal Conclusion Scalar Multiplication of EC defined over , here n is a natural number ECA • If n has k binary digits, then complexity • Better performance in Double and Add algorithm. • But still also required (k-1) doubling. That is why we tried to make it efficient in BN curve by applying Frobenius Mapping. 10
Preparation Preparation Proposal Conclusion 11 We need extension field arithmetic operations. We need to find good parameter in BN curve. Finally we need find certain rational point in . Rational point groups Multiplicative group over
Getting Rational Point in G2 Proposal Conclusion • Randomly obtained rational point . • If • Then is the rational point whose order becomes r • Using we can get certain rational point in . 13
• Check if • Then belongs to Getting Rational Point in G2 Proposal Conclusion • Frobenius mapping of , 14
Proposed Scalar Multiplication Proposal Conclusion • Let, is a scalar and is the Scalar Multiplication • Here • Taking mod r, • From BN- curve, • -adic representation 15 From BN curve t is almost half size of p
Proposed Scalar Multiplication Proposal Conclusion • Let, is a scalar and is the Scalar Multiplication • Here • -adic representation • Resulted Scalar Multiplication 16
Example of Previous Scalar Multiplication Proposal Conclusion 1 2 3 4 5 6 7 14 S 1 0 1 1 0 1 1 … 1 (Q)2(Q)2(2(Q))+Q2(2(2(Q))+Q)+Q 17 • Let, is a scalar and is the Scalar Multiplication Let S is 14 bit ECD is 13 times, which is about the size of S
Example of Efficient Scalar Multiplication Proposal Conclusion S0 1 0 1 1 0 1 1 S1 1 1 0 1 1 0 1 (C)2(C)+B2(2(C)+B)+A2(2(2(C)+B)+A)+C 18 Let S is 14 bit and then S0,S1 will have half of the size of S. ECD is about half of total bit size of S 1 2 3 4 5 6 7
Result Evaluation Proposal Conclusion Size of scalar bit Existing Method Proposed Method Percentile #ECA #ECD #ECA #ECD 72 37 71 25 36 ~40% to 50% 254 124 253 43 127 ~50% Bit size of S Execution time for 1 Scalar Multiplication in Second Existing Method Proposed Method Percentile 72 0.077651 0.042132 55.55% 254 0.323006 0.156368 48.30% 19
Conclusion Conclusion Our proposed approach reduces the number of ECD by half of existing approach Future work Test and evaluate the performance in Paring based protocol implementation. 20
Thank you

Empfohlen

Efficiently Performing Arithmetic Operation over Fq18 Extension Field
Efficiently Performing Arithmetic Operation over Fq18 Extension FieldEfficiently Performing Arithmetic Operation over Fq18 Extension Field
Efficiently Performing Arithmetic Operation over Fq18 Extension Field
Md. Al-Amin Khandaker Nipu
 
Discrete Logarithmic Problem- Basis of Elliptic Curve Cryptosystems
Discrete Logarithmic Problem- Basis of Elliptic Curve CryptosystemsDiscrete Logarithmic Problem- Basis of Elliptic Curve Cryptosystems
Discrete Logarithmic Problem- Basis of Elliptic Curve Cryptosystems
NIT Sikkim
 
Lecture 1
Lecture 1Lecture 1
Lecture 1
guest6c6268
 
4A_ 3_Parallel k-means clustering using gp_us for the geocomputation of real-...
4A_ 3_Parallel k-means clustering using gp_us for the geocomputation of real-...4A_ 3_Parallel k-means clustering using gp_us for the geocomputation of real-...
4A_ 3_Parallel k-means clustering using gp_us for the geocomputation of real-...
GISRUK conference
 
Presentation on Degree of field extension
Presentation on Degree of field extensionPresentation on Degree of field extension
Presentation on Degree of field extension
RajKoirala2
 
Pda to cfg h2
Pda to cfg h2Pda to cfg h2
Pda to cfg h2
Rajendran
 
Efficient HPR-based Rendering of Point Clouds
Efficient HPR-based Rendering of Point CloudsEfficient HPR-based Rendering of Point Clouds
Efficient HPR-based Rendering of Point Clouds
Roger Hernando Buch
 
How to design a linear control system
How to design a linear control systemHow to design a linear control system
How to design a linear control system
Alireza Mirzaei
 

Empfohlen

Efficiently Performing Arithmetic Operation over Fq18 Extension Field
Efficiently Performing Arithmetic Operation over Fq18 Extension FieldEfficiently Performing Arithmetic Operation over Fq18 Extension Field
Efficiently Performing Arithmetic Operation over Fq18 Extension Field
Md. Al-Amin Khandaker Nipu
 
Discrete Logarithmic Problem- Basis of Elliptic Curve Cryptosystems
Discrete Logarithmic Problem- Basis of Elliptic Curve CryptosystemsDiscrete Logarithmic Problem- Basis of Elliptic Curve Cryptosystems
Discrete Logarithmic Problem- Basis of Elliptic Curve Cryptosystems
NIT Sikkim
 
Lecture 1
Lecture 1Lecture 1
Lecture 1
guest6c6268
 
4A_ 3_Parallel k-means clustering using gp_us for the geocomputation of real-...
4A_ 3_Parallel k-means clustering using gp_us for the geocomputation of real-...4A_ 3_Parallel k-means clustering using gp_us for the geocomputation of real-...
4A_ 3_Parallel k-means clustering using gp_us for the geocomputation of real-...
GISRUK conference
 
Presentation on Degree of field extension
Presentation on Degree of field extensionPresentation on Degree of field extension
Presentation on Degree of field extension
RajKoirala2
 
Pda to cfg h2
Pda to cfg h2Pda to cfg h2
Pda to cfg h2
Rajendran
 
Efficient HPR-based Rendering of Point Clouds
Efficient HPR-based Rendering of Point CloudsEfficient HPR-based Rendering of Point Clouds
Efficient HPR-based Rendering of Point Clouds
Roger Hernando Buch
 
How to design a linear control system
How to design a linear control systemHow to design a linear control system
How to design a linear control system
Alireza Mirzaei
 
Graph theory discrete mathmatics
Graph theory discrete mathmaticsGraph theory discrete mathmatics
Graph theory discrete mathmatics
Biplab Debnath
 
Passing stuctures to function
Passing stuctures to functionPassing stuctures to function
Passing stuctures to function
ALI RAZA
 
Labreportofai
LabreportofaiLabreportofai
Labreportofai
ilias ahmed
 
35th 36th Lecture
35th 36th Lecture35th 36th Lecture
35th 36th Lecture
babak danyal
 
Ripple look-ahead-header
Ripple look-ahead-headerRipple look-ahead-header
Ripple look-ahead-header
Abid Ali
 
Research Summary: Scalable Algorithms for Nearest-Neighbor Joins on Big Traje...
Research Summary: Scalable Algorithms for Nearest-Neighbor Joins on Big Traje...Research Summary: Scalable Algorithms for Nearest-Neighbor Joins on Big Traje...
Research Summary: Scalable Algorithms for Nearest-Neighbor Joins on Big Traje...
Alex Klibisz
 
Discrete Math Lab Cheminformatics Joint Project
Discrete Math Lab Cheminformatics Joint ProjectDiscrete Math Lab Cheminformatics Joint Project
Discrete Math Lab Cheminformatics Joint Project
京都大学大学院情報学研究科数理工学専攻
 
Reducing Structural Bias in Technology Mapping
Reducing Structural Bias in Technology MappingReducing Structural Bias in Technology Mapping
Reducing Structural Bias in Technology Mapping
satrajit
 
Linear Probability Models and Big Data: Kosher or Not?
Linear Probability Models and Big Data: Kosher or Not?Linear Probability Models and Big Data: Kosher or Not?
Linear Probability Models and Big Data: Kosher or Not?
Galit Shmueli
 
Filter Designing
Filter DesigningFilter Designing
Filter Designing
COMSATS Abbottabad
 
Ninth session
Ninth sessionNinth session
Ninth session
AliMohammad155
 
Phase Responce of Pole zero
Phase Responce of Pole zeroPhase Responce of Pole zero
Phase Responce of Pole zero
COMSATS Abbottabad
 
Analysis of different bit carry look ahead adder using verilog code 2
Analysis of different bit carry look ahead adder using verilog code 2Analysis of different bit carry look ahead adder using verilog code 2
Analysis of different bit carry look ahead adder using verilog code 2
IAEME Publication
 
A Multicore Parallelization of Continuous Skyline Queries on Data Streams
A Multicore Parallelization of Continuous Skyline Queries on Data StreamsA Multicore Parallelization of Continuous Skyline Queries on Data Streams
A Multicore Parallelization of Continuous Skyline Queries on Data Streams
Tiziano De Matteis
 
Lecture13
Lecture13Lecture13
Lecture13
vaishali_singh
 
Ch07
Ch07Ch07
Ch07
waiwai28
 
carry look ahead adder
carry look ahead addercarry look ahead adder
carry look ahead adder
ASHISH MANI
 
Minimum phase, All pass and Magnitude Squared Function
Minimum phase, All pass and Magnitude Squared FunctionMinimum phase, All pass and Magnitude Squared Function
Minimum phase, All pass and Magnitude Squared Function
COMSATS Abbottabad
 
Model Checking Base on Interoplation
Model Checking Base on InteroplationModel Checking Base on Interoplation
Model Checking Base on Interoplation
leticia2307
 
Cilk - An Efficient Multithreaded Runtime System
Cilk - An Efficient Multithreaded Runtime SystemCilk - An Efficient Multithreaded Runtime System
Cilk - An Efficient Multithreaded Runtime System
Shareek Ahamed
 
Socket programing
Socket programingSocket programing
Socket programing
Pankil Agrawal
 
Remote authentication via biometrics1
Remote authentication via biometrics1Remote authentication via biometrics1
Remote authentication via biometrics1
Omkar Salunke
 

Weitere ähnliche Inhalte

Was ist angesagt?

Reducing Structural Bias in Technology Mapping
Reducing Structural Bias in Technology MappingReducing Structural Bias in Technology Mapping
Reducing Structural Bias in Technology Mapping
satrajit
 
Analysis of different bit carry look ahead adder using verilog code 2
Analysis of different bit carry look ahead adder using verilog code 2Analysis of different bit carry look ahead adder using verilog code 2
Analysis of different bit carry look ahead adder using verilog code 2
IAEME Publication
 
A Multicore Parallelization of Continuous Skyline Queries on Data Streams
A Multicore Parallelization of Continuous Skyline Queries on Data StreamsA Multicore Parallelization of Continuous Skyline Queries on Data Streams
A Multicore Parallelization of Continuous Skyline Queries on Data Streams
Tiziano De Matteis
 

Was ist angesagt? (20)

Graph theory discrete mathmatics
Graph theory discrete mathmaticsGraph theory discrete mathmatics
Graph theory discrete mathmatics
 
Passing stuctures to function
Passing stuctures to functionPassing stuctures to function
Passing stuctures to function
 
Labreportofai
LabreportofaiLabreportofai
Labreportofai
 
35th 36th Lecture
35th 36th Lecture35th 36th Lecture
35th 36th Lecture
 
Ripple look-ahead-header
Ripple look-ahead-headerRipple look-ahead-header
Ripple look-ahead-header
 
Research Summary: Scalable Algorithms for Nearest-Neighbor Joins on Big Traje...
Research Summary: Scalable Algorithms for Nearest-Neighbor Joins on Big Traje...Research Summary: Scalable Algorithms for Nearest-Neighbor Joins on Big Traje...
Research Summary: Scalable Algorithms for Nearest-Neighbor Joins on Big Traje...
 
Discrete Math Lab Cheminformatics Joint Project
Discrete Math Lab Cheminformatics Joint ProjectDiscrete Math Lab Cheminformatics Joint Project
Discrete Math Lab Cheminformatics Joint Project
 
Reducing Structural Bias in Technology Mapping
Reducing Structural Bias in Technology MappingReducing Structural Bias in Technology Mapping
Reducing Structural Bias in Technology Mapping
 
Linear Probability Models and Big Data: Kosher or Not?
Linear Probability Models and Big Data: Kosher or Not?Linear Probability Models and Big Data: Kosher or Not?
Linear Probability Models and Big Data: Kosher or Not?
 
Filter Designing
Filter DesigningFilter Designing
Filter Designing
 
Ninth session
Ninth sessionNinth session
Ninth session
 
Phase Responce of Pole zero
Phase Responce of Pole zeroPhase Responce of Pole zero
Phase Responce of Pole zero
 
Analysis of different bit carry look ahead adder using verilog code 2
Analysis of different bit carry look ahead adder using verilog code 2Analysis of different bit carry look ahead adder using verilog code 2
Analysis of different bit carry look ahead adder using verilog code 2
 
A Multicore Parallelization of Continuous Skyline Queries on Data Streams
A Multicore Parallelization of Continuous Skyline Queries on Data StreamsA Multicore Parallelization of Continuous Skyline Queries on Data Streams
A Multicore Parallelization of Continuous Skyline Queries on Data Streams
 
Lecture13
Lecture13Lecture13
Lecture13
 
Ch07
Ch07Ch07
Ch07
 
carry look ahead adder
carry look ahead addercarry look ahead adder
carry look ahead adder
 
Minimum phase, All pass and Magnitude Squared Function
Minimum phase, All pass and Magnitude Squared FunctionMinimum phase, All pass and Magnitude Squared Function
Minimum phase, All pass and Magnitude Squared Function
 
Model Checking Base on Interoplation
Model Checking Base on InteroplationModel Checking Base on Interoplation
Model Checking Base on Interoplation
 
Cilk - An Efficient Multithreaded Runtime System
Cilk - An Efficient Multithreaded Runtime SystemCilk - An Efficient Multithreaded Runtime System
Cilk - An Efficient Multithreaded Runtime System
 

Andere mochten auch

Gsm based smart card information for lost atm cards
Gsm based smart card information for lost atm cardsGsm based smart card information for lost atm cards
Gsm based smart card information for lost atm cards
Somanchi Aditya
 
DNA secret writing project first review
DNA secret writing project first reviewDNA secret writing project first review
DNA secret writing project first review
Thomas George C
 
DNA based Cryptography_Final_Review
DNA based Cryptography_Final_ReviewDNA based Cryptography_Final_Review
DNA based Cryptography_Final_Review
Rasheed Karuvally
 

Andere mochten auch (20)

Socket programing
Socket programingSocket programing
Socket programing
 
Remote authentication via biometrics1
Remote authentication via biometrics1Remote authentication via biometrics1
Remote authentication via biometrics1
 
Age verification in real time keeping children safe online biometric solution
Age verification in real time keeping children safe online biometric solutionAge verification in real time keeping children safe online biometric solution
Age verification in real time keeping children safe online biometric solution
 
Designing Hybrid Cryptosystem for Secure Transmission of Image Data using Bio...
Designing Hybrid Cryptosystem for Secure Transmission of Image Data using Bio...Designing Hybrid Cryptosystem for Secure Transmission of Image Data using Bio...
Designing Hybrid Cryptosystem for Secure Transmission of Image Data using Bio...
 
Gsm based smart card information for lost atm cards
Gsm based smart card information for lost atm cardsGsm based smart card information for lost atm cards
Gsm based smart card information for lost atm cards
 
Biometric Hashing technique for Authentication
Biometric Hashing technique for AuthenticationBiometric Hashing technique for Authentication
Biometric Hashing technique for Authentication
 
Privacy Preserving Biometrics-Based and User Centric Authentication Protocol
Privacy Preserving Biometrics-Based and User Centric Authentication ProtocolPrivacy Preserving Biometrics-Based and User Centric Authentication Protocol
Privacy Preserving Biometrics-Based and User Centric Authentication Protocol
 
DNA secret writing project first review
DNA secret writing project first reviewDNA secret writing project first review
DNA secret writing project first review
 
Ppt1
Ppt1Ppt1
Ppt1
 
Vc pred
Vc predVc pred
Vc pred
 
DNA based Cryptography_Final_Review
DNA based Cryptography_Final_ReviewDNA based Cryptography_Final_Review
DNA based Cryptography_Final_Review
 
Big Data (security Issue)
Big Data (security Issue)Big Data (security Issue)
Big Data (security Issue)
 
Visual Cryptography
Visual CryptographyVisual Cryptography
Visual Cryptography
 
ATM USER ACCOUNT SECURE BY USING GSM TECHNOLOGY
ATM USER ACCOUNT SECURE BY USING GSM TECHNOLOGYATM USER ACCOUNT SECURE BY USING GSM TECHNOLOGY
ATM USER ACCOUNT SECURE BY USING GSM TECHNOLOGY
 
5G Mobile Technology
5G Mobile Technology5G Mobile Technology
5G Mobile Technology
 
Digital Watermarking Of Medical(DICOM) Images
Digital Watermarking Of Medical(DICOM) ImagesDigital Watermarking Of Medical(DICOM) Images
Digital Watermarking Of Medical(DICOM) Images
 
Visual CryptoGraphy
Visual CryptoGraphyVisual CryptoGraphy
Visual CryptoGraphy
 
Security
SecuritySecurity
Security
 
biometric technology
biometric technologybiometric technology
biometric technology
 
Biometric slideshare
Biometric slideshareBiometric slideshare
Biometric slideshare
 

Ähnlich wie Fp12_Efficient_SCM

Efficient Scalar Multiplication for Ate Based Pairing over KSS Curve of Embed...
Efficient Scalar Multiplication for Ate Based Pairing over KSS Curve of Embed...Efficient Scalar Multiplication for Ate Based Pairing over KSS Curve of Embed...
Efficient Scalar Multiplication for Ate Based Pairing over KSS Curve of Embed...
Md. Al-Amin Khandaker Nipu
 
Low Power FPGA Based Elliptical Curve Cryptography
Low Power FPGA Based Elliptical Curve CryptographyLow Power FPGA Based Elliptical Curve Cryptography
Low Power FPGA Based Elliptical Curve Cryptography
IOSR Journals
 
Low Power FPGA Based Elliptical Curve Cryptography
Low Power FPGA Based Elliptical Curve CryptographyLow Power FPGA Based Elliptical Curve Cryptography
Low Power FPGA Based Elliptical Curve Cryptography
IOSR Journals
 
FPGA implementation of universal modulator using CORDIC algorithm for commun...
FPGA implementation of universal modulator using CORDIC algorithm for commun...FPGA implementation of universal modulator using CORDIC algorithm for commun...
FPGA implementation of universal modulator using CORDIC algorithm for commun...
IJMER
 
Implementation of Energy Efficient Scalar Point Multiplication Techniques for...
Implementation of Energy Efficient Scalar Point Multiplication Techniques for...Implementation of Energy Efficient Scalar Point Multiplication Techniques for...
Implementation of Energy Efficient Scalar Point Multiplication Techniques for...
idescitation
 
Design and minimization of reversible programmable logic arrays and its reali...
Design and minimization of reversible programmable logic arrays and its reali...Design and minimization of reversible programmable logic arrays and its reali...
Design and minimization of reversible programmable logic arrays and its reali...
Sajib Mitra
 
(Slides) Efficient Evaluation Methods of Elementary Functions Suitable for SI...
(Slides) Efficient Evaluation Methods of Elementary Functions Suitable for SI...(Slides) Efficient Evaluation Methods of Elementary Functions Suitable for SI...
(Slides) Efficient Evaluation Methods of Elementary Functions Suitable for SI...
Naoki Shibata
 
Computer Organization1CS1400Feng JiangBoolean al.docx
Computer Organization1CS1400Feng JiangBoolean al.docxComputer Organization1CS1400Feng JiangBoolean al.docx
Computer Organization1CS1400Feng JiangBoolean al.docx
ladonnacamplin
 

Ähnlich wie Fp12_Efficient_SCM (20)

Efficient Scalar Multiplication for Ate Based Pairing over KSS Curve of Embed...
Efficient Scalar Multiplication for Ate Based Pairing over KSS Curve of Embed...Efficient Scalar Multiplication for Ate Based Pairing over KSS Curve of Embed...
Efficient Scalar Multiplication for Ate Based Pairing over KSS Curve of Embed...
 
Predicting SPARQL query execution time and suggesting SPARQL queries based on...
Predicting SPARQL query execution time and suggesting SPARQL queries based on...Predicting SPARQL query execution time and suggesting SPARQL queries based on...
Predicting SPARQL query execution time and suggesting SPARQL queries based on...
 
Waveform_codingUNIT-II_DC_-PPT.pptx
Waveform_codingUNIT-II_DC_-PPT.pptxWaveform_codingUNIT-II_DC_-PPT.pptx
Waveform_codingUNIT-II_DC_-PPT.pptx
 
Waveform_codingUNIT-II_DC_-PPT.pptx
Waveform_codingUNIT-II_DC_-PPT.pptxWaveform_codingUNIT-II_DC_-PPT.pptx
Waveform_codingUNIT-II_DC_-PPT.pptx
 
ellipticcurvecryptography.pptx
ellipticcurvecryptography.pptxellipticcurvecryptography.pptx
ellipticcurvecryptography.pptx
 
Elliptic curvecryptography Shane Almeida Saqib Awan Dan Palacio
Elliptic curvecryptography Shane Almeida Saqib Awan Dan PalacioElliptic curvecryptography Shane Almeida Saqib Awan Dan Palacio
Elliptic curvecryptography Shane Almeida Saqib Awan Dan Palacio
 
Low Power FPGA Based Elliptical Curve Cryptography
Low Power FPGA Based Elliptical Curve CryptographyLow Power FPGA Based Elliptical Curve Cryptography
Low Power FPGA Based Elliptical Curve Cryptography
 
Low Power FPGA Based Elliptical Curve Cryptography
Low Power FPGA Based Elliptical Curve CryptographyLow Power FPGA Based Elliptical Curve Cryptography
Low Power FPGA Based Elliptical Curve Cryptography
 
Ds36715716
Ds36715716Ds36715716
Ds36715716
 
LSH
LSHLSH
LSH
 
Elliptic curve cryptography
Elliptic curve cryptographyElliptic curve cryptography
Elliptic curve cryptography
 
FPGA implementation of universal modulator using CORDIC algorithm for commun...
FPGA implementation of universal modulator using CORDIC algorithm for commun...FPGA implementation of universal modulator using CORDIC algorithm for commun...
FPGA implementation of universal modulator using CORDIC algorithm for commun...
 
Implementation of Energy Efficient Scalar Point Multiplication Techniques for...
Implementation of Energy Efficient Scalar Point Multiplication Techniques for...Implementation of Energy Efficient Scalar Point Multiplication Techniques for...
Implementation of Energy Efficient Scalar Point Multiplication Techniques for...
 
High-dimensional polytopes defined by oracles: algorithms, computations and a...
High-dimensional polytopes defined by oracles: algorithms, computations and a...High-dimensional polytopes defined by oracles: algorithms, computations and a...
High-dimensional polytopes defined by oracles: algorithms, computations and a...
 
Design and minimization of reversible programmable logic arrays and its reali...
Design and minimization of reversible programmable logic arrays and its reali...Design and minimization of reversible programmable logic arrays and its reali...
Design and minimization of reversible programmable logic arrays and its reali...
 
(Slides) Efficient Evaluation Methods of Elementary Functions Suitable for SI...
(Slides) Efficient Evaluation Methods of Elementary Functions Suitable for SI...(Slides) Efficient Evaluation Methods of Elementary Functions Suitable for SI...
(Slides) Efficient Evaluation Methods of Elementary Functions Suitable for SI...
 
CSBP: A Fast Circuit Similarity-Based Placement for FPGA Incremental Design a...
CSBP: A Fast Circuit Similarity-Based Placement for FPGA Incremental Design a...CSBP: A Fast Circuit Similarity-Based Placement for FPGA Incremental Design a...
CSBP: A Fast Circuit Similarity-Based Placement for FPGA Incremental Design a...
 
SCALABLE PATTERN MATCHING OVER COMPRESSED GRAPHS VIA DE-DENSIFICATION
SCALABLE PATTERN MATCHING OVER COMPRESSED GRAPHS VIA DE-DENSIFICATIONSCALABLE PATTERN MATCHING OVER COMPRESSED GRAPHS VIA DE-DENSIFICATION
SCALABLE PATTERN MATCHING OVER COMPRESSED GRAPHS VIA DE-DENSIFICATION
 
Oracle-based algorithms for high-dimensional polytopes.
Oracle-based algorithms for high-dimensional polytopes.Oracle-based algorithms for high-dimensional polytopes.
Oracle-based algorithms for high-dimensional polytopes.
 
Computer Organization1CS1400Feng JiangBoolean al.docx
Computer Organization1CS1400Feng JiangBoolean al.docxComputer Organization1CS1400Feng JiangBoolean al.docx
Computer Organization1CS1400Feng JiangBoolean al.docx
 

Fp12_Efficient_SCM

  • 1. Introduction Preparation Proposal Conclusion An Improvement of Scalar Multiplication on Elliptic Curve Defined over Extension Field Khandaker Md. Al-Amin (PhD Student) & Dr. Yasuyuki Nogami Secure Wireless System Lab Department of Information and Communication Systems Faculty of Engineering, Okayama University, Japan
  • 2. Outline Introduction • Background • Motivation Preparation • Preparing extension field arithmetic • Finding out good parameters Our Proposal • Construction procedure • Result evaluation Conclusion and Future work Introduction Preparation Proposal Conclusion 2
  • 3. Background Public key cryptography • Elliptic curve cryptography • Pairing-based cryptographic applications Introduction Preparation Proposal Conclusion RSA is widely used. Public key cryptography • Elliptic curve cryptography • Pairing-based cryptographic applications ECC has faster key generation, shorter key size with same security level than RSA. 3
  • 4. Background Public key cryptography • Elliptic curve cryptography • Pairing-based cryptographic applications ID-based cryptography, Group signature, Broadcast encryption Finite field • Prime field • Extension field Introduction Preparation Proposal Conclusion Need arithmetic operations in a certain extension field. ECDLP encourages Elliptic Curve Scalar Multiplication is the most time consuming operation 4
  • 5. Background Paring Based cryptography requires • Paring friendly curve • Barreto-Naehrig (BN) curve is well known Introduction Preparation Proposal Conclusion where • Systematically generated parameters Here t is almost half size of r 5
  • 6. Background Elliptic Curve cryptography Introduction Preparation Proposal Conclusion Let two rational points on is the tangent at the point on EC is the Point at Infinity 6
  • 7. Background Introduction Preparation Proposal Conclusion Their addition , where Coordinates of is calculated as follows. P Q, then P + Q = R is elliptic curve addition (ECA). P = Q, then P +Q =2P = R is elliptic curve doubling (ECD).7 Elliptic Curve cryptography Let two rational points on
  • 8. Background Elliptic Curve cryptography • Elliptic Curve Addition Introduction Preparation Proposal Conclusion 8 ECA Draw the line throw P and Q Intersects at point -R Symmetric to -R is R R is the result of P+Q
  • 9. Background Elliptic Curve cryptography Introduction Preparation Proposal Conclusion 9 ECD Tangent through P,Q Intersects curve at point -R Symmetric to -R is R R is the result of P+Q=2Q Elliptic Curve cryptography • Elliptic Curve Doubling
  • 10. Motivation Introduction Preparation Proposal Conclusion Scalar Multiplication of EC defined over , here n is a natural number ECA • If n has k binary digits, then complexity • Better performance in Double and Add algorithm. • But still also required (k-1) doubling. That is why we tried to make it efficient in BN curve by applying Frobenius Mapping. 10
  • 11. Preparation Preparation Proposal Conclusion 11 We need extension field arithmetic operations. We need to find good parameter in BN curve. Finally we need find certain rational point in . Rational point groups Multiplicative group over
  • 12. Getting Rational Point in G2 Proposal Conclusion • Randomly obtained rational point . • If • Then is the rational point whose order becomes r • Using we can get certain rational point in . 13
  • 13. • Check if • Then belongs to Getting Rational Point in G2 Proposal Conclusion • Frobenius mapping of , 14
  • 14. Proposed Scalar Multiplication Proposal Conclusion • Let, is a scalar and is the Scalar Multiplication • Here • Taking mod r, • From BN- curve, • -adic representation 15 From BN curve t is almost half size of p
  • 15. Proposed Scalar Multiplication Proposal Conclusion • Let, is a scalar and is the Scalar Multiplication • Here • -adic representation • Resulted Scalar Multiplication 16
  • 16. Example of Previous Scalar Multiplication Proposal Conclusion 1 2 3 4 5 6 7 14 S 1 0 1 1 0 1 1 … 1 (Q)2(Q)2(2(Q))+Q2(2(2(Q))+Q)+Q 17 • Let, is a scalar and is the Scalar Multiplication Let S is 14 bit ECD is 13 times, which is about the size of S
  • 17. Example of Efficient Scalar Multiplication Proposal Conclusion S0 1 0 1 1 0 1 1 S1 1 1 0 1 1 0 1 (C)2(C)+B2(2(C)+B)+A2(2(2(C)+B)+A)+C 18 Let S is 14 bit and then S0,S1 will have half of the size of S. ECD is about half of total bit size of S 1 2 3 4 5 6 7
  • 18. Result Evaluation Proposal Conclusion Size of scalar bit Existing Method Proposed Method Percentile #ECA #ECD #ECA #ECD 72 37 71 25 36 ~40% to 50% 254 124 253 43 127 ~50% Bit size of S Execution time for 1 Scalar Multiplication in Second Existing Method Proposed Method Percentile 72 0.077651 0.042132 55.55% 254 0.323006 0.156368 48.30% 19
  • 19. Conclusion Conclusion Our proposed approach reduces the number of ECD by half of existing approach Future work Test and evaluate the performance in Paring based protocol implementation. 20

Hinweis der Redaktion

  1. Good morning, This is Khandaker Md. Al-Amin, I am a PhD student of Okayama university, Japan under the supervision of Professor Dr. Yasuyuki Nogami. Today, I will give my presentation on this title “An Improvement of Scalar Multiplication on Elliptic Curve Defined over Extension Field Fq2 ”
  2. This is the top-level outline of my presentation. First, I will introduce some background of ECC and our motivation behind making scalar multiplication efficient. Then, I will give a brief overview to prepare for efficient scalar multiplication. After that, I will describe out proposal of scalar multiplication by Frobenius mapping with (t-1) adic representation of Scalar. Finally give result evaluation .
  3. The emerging information security of computer system stands on the strong base of public key cryptography. Among the PKC’s RSA is mostly used technique. But compared to RSA cryptography, elliptic curve cryptography gained much attention for its faster key generation, shorter key size with same security level and less memory and computing power consumption.
  4. Intractability of Elliptic Curve Discrete Logarithm Problem (ECDLP) encourages many innovative cryptographic protocols. Recently, several unique and innovative pairing based cryptographic applications such as Identity based encryption scheme group signature authentication and broadcast encryption increased the popularity of pairing based cryptography. Some of these applications needs arithmetic operations in a certain extension field. Among all the operations elliptic curve scalar multiplication is the most time consuming operation.
  5. In pairing based cryptography we need pairing friendly curve. but it is difficult to find good pairing friendly curve. Barreto-Naehrig (BN) curve is well studied such kind of curve of embedding degree 12. Its parameters are systematically given by these equations where p is the characteristics, r is the order and t is the trace function. The most important property that will be useful in our proposal is trace is almost half size of the r and p.
  6. Let us consider two rational point P, Q, then the tangent lamda can be calculated as like this equation. Here O is considered to be the unity which is the point at infinity of the curve.
  7. coordinates of R can be obtained by this equation. when the rational point P not equal Q then we perform elliptic curve addition. when p=q then we do elliptic curve doubling.
  8. Draw the line through P and Q. The line intersects a third point -R. The point symmetric to it ,is R, is the result of P+Q.
  9. Let is consider p=q. so the tangent to q intersects the curve at point -R. . The point symmetric to it ,is R, is the result of P+Q.
  10. Scalar Multiplication of EC defined over Fq2 ,..here n is natural number. so it seems that to multiply we need n number of additions. so if n is k binary digit then this will be its complexity.
  11. To implement efficient scalar multiplication we need arithmetic operation in extension field of degree 12. We also need to find good parameters in BN curve. Finally we will find certain rational point in in G2 by some calculation procedure.
  12. At first we randomly obtained rational point R in BN curve. To get rational point in in G2 we divide the total number of rational points of BN curve by the square of order r. It will return another rational point T. Then we will check if T ’s order is r or not. Now T will be used to obtain G2 rational point.
  13. Frobenius mapping of T minus 1 gives the Q. If Q is a G2 rational point then will have this property. So we check if Frobenius mapping of Q minus scalar multiplication of Q equal point at infinity then we confirm Q is G2 point. (phi-1)(phi-p)R G1 ,G2
  14. Now let us consider S is scalar that is smaller than order r. From BN curve we know this relation order r is = characteristics + 1 minus trace. If we take mod r of this equation then we get p is congruent to t-1. After that we get the t-1 adic representation of the scalar. here S0,S1 will be less than (t-1) and we already know from bn curve know that t is half of P from BN curve.
  15. So the final scalar multiplication we get from these equations. here Scalar mul of Q = s0 mul Q and s1(t-1)Q
  16. That’s all of my presentation. Thank you for your attention.