fp12_efficient_scm
TRANSCRIPT
Introduction Preparation Proposal Conclusion
An Improvement of Scalar Multiplication
on Elliptic Curve Defined over Extension
Field Khandaker Md. Al-Amin (PhD Student) & Dr. Yasuyuki Nogami
Secure Wireless System LabDepartment of Information and Communication Systems
Faculty of Engineering, Okayama University, Japan
Outline Introduction
• Background• Motivation
Preparation• Preparing extension field arithmetic • Finding out good parameters
Our Proposal• Construction procedure• Result evaluation
Conclusion and Future work
Introduction Preparation Proposal Conclusion
Background Public key cryptography
• Elliptic curve cryptography• Pairing-based cryptographic applications
Introduction Preparation Proposal Conclusion
RSA is widely used.
Public key cryptography• Elliptic curve cryptography• Pairing-based cryptographic applications
ECC has faster key generation, shorter key
size with same security level than
RSA.
Background Public key cryptography
• Elliptic curve cryptography• Pairing-based cryptographic applications
ID-based cryptography, Group signature, Broadcast encryption Finite field
• Prime field• Extension field
Introduction Preparation Proposal Conclusion
Need arithmetic operations in a
certain extension field.
ECDLP encourages
Elliptic Curve Scalar Multiplication is the most
time consuming operation
Background Paring Based cryptography requires
• Paring friendly curve • Barreto-Naehrig (BN) curve is well known
Introduction Preparation Proposal Conclusion
where
• Systematically generated parameters
Here t is almost
half size of r
Background Elliptic Curve cryptography
Introduction Preparation Proposal Conclusion
Let two rational points on
is the tangent at the point on EC
is the Point at Infinity
BackgroundIntroduction Preparation Proposal Conclusion
Their addition , where
Coordinates of is calculated as follows.
P Q, then P + Q = R is elliptic curve addition (ECA).
P = Q, then P +Q =2P = R is elliptic curve doubling (ECD).
Elliptic Curve cryptography
Let two rational points on
Background Elliptic Curve cryptography
• Elliptic Curve Addition
Introduction Preparation Proposal Conclusion
ECA
Draw the line throw P and Q
Intersects at point -R
Symmetric to -R is R
R is the result of P+Q
Background Elliptic Curve cryptography
Introduction Preparation Proposal Conclusion
ECD
Tangent through P,Q
Intersects curve at point -R
Symmetric to -R is R
R is the result of P+Q=2Q
Elliptic Curve cryptography• Elliptic Curve Doubling
MotivationIntroduction Preparation Proposal Conclusion
Scalar Multiplication of EC defined over ,
here n is a natural number
ECA
• If n has k binary digits, then complexity
• Better performance in Double and Add algorithm.
• But still also required (k-1) doubling.
That is why we tried to make it efficient in BN curve by applying Frobenius Mapping.
PreparationPreparation Proposal Conclusion
We need extension field arithmetic operations.
We need to find good parameter in BN curve.
Finally we need find certain rational point in .
Rational
point groups
Multiplicative group
over
Getting Rational Point in G2Proposal Conclusion
• Randomly obtained rationalpoint .
• If
• Then is the rational point whose order becomes r
• Using we can get certain rational point in .
• Check if
• Then belongs to
Getting Rational Point in G2Proposal Conclusion
• Frobenius mapping of ,
Proposed Scalar MultiplicationProposal Conclusion
• Let, is a scalar and is the Scalar Multiplication
• Here
• Taking mod r,
• From BN- curve,
• -adic representation
From BN curve t is almost half size of p
Proposed Scalar MultiplicationProposal Conclusion
• Let, is a scalar and is the Scalar Multiplication
• Here • -adic representation
• Resulted Scalar Multiplication
Example of Previous Scalar Multiplication
Proposal Conclusion
1 2 3 4 5 6 7 14S 1 0 1 1 0 1 1 … 1
(Q)2(Q)2(2(Q))+Q2(2(2(Q))+Q)+Q
• Let, is a scalar and is the Scalar MultiplicationLet S is 14 bit
ECD is 13 times, which is about the size of S
Example of Efficient Scalar Multiplication
Proposal Conclusion
S0 1 0 1 1 0 1 1S1 1 1 0 1 1 0 1
(C)2(C)+B2(2(C)+B)+A2(2(2(C)+B)+A)+C
Let S is 14 bit and then S0,S1 will have half of the size of S.
ECD is about half of total bit size of S
1 2 3 4 5 6 7
Result EvaluationProposal Conclusion
Size of scalar bit Existing Method Proposed Method Percentile
#ECA #ECD #ECA #ECD
72 37 71 25 36 ~40% to 50%
254 124 253 43 127 ~50%
Bit sizeofS
Execution time for 1 Scalar Multiplicationin Second
Existing Method Proposed Method Percentile
72 0.077651 0.042132 55.55%254 0.323006 0.156368 48.30%
Conclusion
ConclusionOur proposed approach reduces the number ofECD by half of existing approach
Future workTest and evaluate the performance in Paring based protocol
implementation.
Thank you