Graduate School of Natural Science and Technology Okayama University Yumi Sakemi, Hidehiro Kato,...
-
Upload
roberta-parrish -
Category
Documents
-
view
218 -
download
0
Transcript of Graduate School of Natural Science and Technology Okayama University Yumi Sakemi, Hidehiro Kato,...
![Page 1: Graduate School of Natural Science and Technology Okayama University Yumi Sakemi, Hidehiro Kato, Shoichi Takeuchi, Yasuyuki Nogami and Yoshitaka Morikawa.](https://reader030.fdocuments.net/reader030/viewer/2022032721/56649cd95503460f949a230a/html5/thumbnails/1.jpg)
Graduate School of Natural Science and Technology Okayama University
Yumi Sakemi, Hidehiro Kato, Shoichi Takeuchi,Yasuyuki Nogami and Yoshitaka Morikawa
Two Improvements of Twisted Ate Pairing with Barreto–Naehrig Curveby Dividing Miller’s Algorithm
![Page 2: Graduate School of Natural Science and Technology Okayama University Yumi Sakemi, Hidehiro Kato, Shoichi Takeuchi, Yasuyuki Nogami and Yoshitaka Morikawa.](https://reader030.fdocuments.net/reader030/viewer/2022032721/56649cd95503460f949a230a/html5/thumbnails/2.jpg)
Elliptic curve cryptography
Finite field theory
Background
Pairing based cryptography
Identity(ID)-based cryptography (Sakai et al. 2000) Group signature (Boneh et al. 2003)
An efficient algorithm for pairing calculation is required.
2
・・・
expensive operation!!
Pairing
Pairing based cryptography
![Page 3: Graduate School of Natural Science and Technology Okayama University Yumi Sakemi, Hidehiro Kato, Shoichi Takeuchi, Yasuyuki Nogami and Yoshitaka Morikawa.](https://reader030.fdocuments.net/reader030/viewer/2022032721/56649cd95503460f949a230a/html5/thumbnails/3.jpg)
Elliptic Curve over Finite Field
○ Finite fields
○ Elliptic curve over pF
pFx
pFy
1R2R 3R
213 RRR
21 ,RRl21 RRv
)( pFE
pFbybaxxyxE 0),( 23
●: rational point
,},1,,1,0{: pFp
,},|),,{(: 1 pikkpFaaaF
Prime field
Extension FieldpF
pF k
order of :
3
)( pFEGroup of rational points on the curve :
r
},][,,][,,2,{ RrRaRR :)( pFE
)( pFE
embedding degree
![Page 4: Graduate School of Natural Science and Technology Okayama University Yumi Sakemi, Hidehiro Kato, Shoichi Takeuchi, Yasuyuki Nogami and Yoshitaka Morikawa.](https://reader030.fdocuments.net/reader030/viewer/2022032721/56649cd95503460f949a230a/html5/thumbnails/4.jpg)
),( QRe
Pairing
)( pFE
)( kpFE
kpF
4
R
Q
Group1
Group2
Group3order= r
order = r
order = r
e
additive multiplicative
![Page 5: Graduate School of Natural Science and Technology Okayama University Yumi Sakemi, Hidehiro Kato, Shoichi Takeuchi, Yasuyuki Nogami and Yoshitaka Morikawa.](https://reader030.fdocuments.net/reader030/viewer/2022032721/56649cd95503460f949a230a/html5/thumbnails/5.jpg)
),( QRe
Pairing
)( pFE
)( kpFE
kpF
5
1
0
a
i
RR
Q
Group1
Group2
Group3order = r
order = r
order = r
][a
a
![Page 6: Graduate School of Natural Science and Technology Okayama University Yumi Sakemi, Hidehiro Kato, Shoichi Takeuchi, Yasuyuki Nogami and Yoshitaka Morikawa.](https://reader030.fdocuments.net/reader030/viewer/2022032721/56649cd95503460f949a230a/html5/thumbnails/6.jpg)
),( QRe
Pairing
)( pFE
)( kpFE
kpF
6
RGroup1
Group2
Group3order = r
order = r
order = r
][b
b
1
0
b
i
![Page 7: Graduate School of Natural Science and Technology Okayama University Yumi Sakemi, Hidehiro Kato, Shoichi Takeuchi, Yasuyuki Nogami and Yoshitaka Morikawa.](https://reader030.fdocuments.net/reader030/viewer/2022032721/56649cd95503460f949a230a/html5/thumbnails/7.jpg)
),( QRe
Pairing
)( pFE
)( kpFE
kpF
7
R
Q
Group1
Group2
Group3order = r
order = r
order = r
][a
][b
ab
Bilinearity
Innovative cryptographic applications are based on bilinearity of pairing.
![Page 8: Graduate School of Natural Science and Technology Okayama University Yumi Sakemi, Hidehiro Kato, Shoichi Takeuchi, Yasuyuki Nogami and Yoshitaka Morikawa.](https://reader030.fdocuments.net/reader030/viewer/2022032721/56649cd95503460f949a230a/html5/thumbnails/8.jpg)
),( QRe
Pairing
)( pFE
)( kpFE
kpF
8
R
Q
Group1
Group2
Group3
order = r
order = r
order = r
Final exponentiation
Miller’salgorithm
)(, Qf Rs
Weil Tate AteTwisted Ate
slow fast
Miller’salgorithm
Several improvements for pairing
(1946) (2006)(1994) (2006)
![Page 9: Graduate School of Natural Science and Technology Okayama University Yumi Sakemi, Hidehiro Kato, Shoichi Takeuchi, Yasuyuki Nogami and Yoshitaka Morikawa.](https://reader030.fdocuments.net/reader030/viewer/2022032721/56649cd95503460f949a230a/html5/thumbnails/9.jpg)
Barreto-Naehrig(BN) Curve
Elliptic curve of k =12
Parameters p, r and t of BN curve are given by integer variable as
pFbbxy ,32
16243636)( 234 p
16)( 2 t
16183636)( 234 r
9
![Page 10: Graduate School of Natural Science and Technology Okayama University Yumi Sakemi, Hidehiro Kato, Shoichi Takeuchi, Yasuyuki Nogami and Yoshitaka Morikawa.](https://reader030.fdocuments.net/reader030/viewer/2022032721/56649cd95503460f949a230a/html5/thumbnails/10.jpg)
Miller’s Algorithm
0),(, QQTT yxlTTT RTT
0),(, QQRT yxl
RTfsi s ,1,)(log2
1i1 ii
),(,2
QQTTss yxlff ),(, QQRTss yxlff
)(),(,)(),( 12pQQpRR FEyxQFEyxR
)(, Qf RsOutput :
i-th bit of the binary
representation of s from the lower
Hw(s) : Hamming Weight of s
Hw(s) is large → computationally expensive
10
1][ is
yesno
yes
no
additional operation
main loop
Input :
![Page 11: Graduate School of Natural Science and Technology Okayama University Yumi Sakemi, Hidehiro Kato, Shoichi Takeuchi, Yasuyuki Nogami and Yoshitaka Morikawa.](https://reader030.fdocuments.net/reader030/viewer/2022032721/56649cd95503460f949a230a/html5/thumbnails/11.jpg)
Twisted Ate Pairing with BN Curve
161836)( 23 s
It is not easy to control the Hw(s) small !!
11
: integer
We can select of small hamming weight.
![Page 12: Graduate School of Natural Science and Technology Okayama University Yumi Sakemi, Hidehiro Kato, Shoichi Takeuchi, Yasuyuki Nogami and Yoshitaka Morikawa.](https://reader030.fdocuments.net/reader030/viewer/2022032721/56649cd95503460f949a230a/html5/thumbnails/12.jpg)
Improvement 1
conventional method
Miller’s
algorithm ( s )
12
161836 s 3 2
sfOut put
Improvement 1 is based on divisor theorem
proposed method
Miller’salgorithm ( )
Miller’salgorithm ( )
Miller’salgorithm ( )
Combining
f
2f
3f
sfOutput
32 and, fff
![Page 13: Graduate School of Natural Science and Technology Okayama University Yumi Sakemi, Hidehiro Kato, Shoichi Takeuchi, Yasuyuki Nogami and Yoshitaka Morikawa.](https://reader030.fdocuments.net/reader030/viewer/2022032721/56649cd95503460f949a230a/html5/thumbnails/13.jpg)
Improvement 2
Miller’salgorithm ( a )
Miller’s algorithm ( ab )
Output fab
Miller’salgorithm ( b )
combining
fa
fb
fab = fab ・ fb
An exponentiation is additionally required !!
fap = fap ・ fp
Frobenius mapping
12
![Page 14: Graduate School of Natural Science and Technology Okayama University Yumi Sakemi, Hidehiro Kato, Shoichi Takeuchi, Yasuyuki Nogami and Yoshitaka Morikawa.](https://reader030.fdocuments.net/reader030/viewer/2022032721/56649cd95503460f949a230a/html5/thumbnails/14.jpg)
Improvement 2
conventional method
Miller’s
algorithm ( s )
sfOut put 13
proposed method
Miller’salgorithm ( )
Miller’salgorithm ( p )
combining and some calculations
f
pf
sfOutput
rp mod6 2s = ( 6 - 3 ) p + ( 6 - 1)s = 363 - 182 + 6 - 1
fs is given by f and fp.
![Page 15: Graduate School of Natural Science and Technology Okayama University Yumi Sakemi, Hidehiro Kato, Shoichi Takeuchi, Yasuyuki Nogami and Yoshitaka Morikawa.](https://reader030.fdocuments.net/reader030/viewer/2022032721/56649cd95503460f949a230a/html5/thumbnails/15.jpg)
Computational environment
![Page 16: Graduate School of Natural Science and Technology Okayama University Yumi Sakemi, Hidehiro Kato, Shoichi Takeuchi, Yasuyuki Nogami and Yoshitaka Morikawa.](https://reader030.fdocuments.net/reader030/viewer/2022032721/56649cd95503460f949a230a/html5/thumbnails/16.jpg)
Experimental results
[ms]
-14.8%
14
conventional Improvement 1 Improvement 2
Miller’s algorithm 15.7 12.9 12.8
Final exponentiation 4.70
total 20.4 17.6 17.5
![Page 17: Graduate School of Natural Science and Technology Okayama University Yumi Sakemi, Hidehiro Kato, Shoichi Takeuchi, Yasuyuki Nogami and Yoshitaka Morikawa.](https://reader030.fdocuments.net/reader030/viewer/2022032721/56649cd95503460f949a230a/html5/thumbnails/17.jpg)
Conclusion
○ We proposed two improvements for twisted Ate pairing.
○ It was shown that they have almost the same efficiency.
16