scispace - formally typeset
Search or ask a question

Generalized Mersenne Numbers in Pairing-Based Cryptography

01 Jan 2006-
TL;DR: The author’s home country, the United States, and some of the characters from the film adaptation are fictitious.
Abstract: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi Chapter

Content maybe subject to copyright    Report

Citations
More filters
References
More filters
Journal Article
TL;DR: In this article, the authors describe a fast software implementation of the elliptic curve version of DSA, as specified in draft standard documents ANSI X9.62 and IEEE P1363.
Abstract: This paper describes a fast software implementation of the elliptic curve version of DSA, as specified in draft standard documents ANSI X9.62 and IEEE P1363. We did the implementations for the fields GF(2n), using a standard basis, and GF(p). We discuss various design decisions that have to be made for the operations in the underlying field and the operations on elliptic curve points. In particular, we conclude that it is a good idea to use projective coordinates for GF(p), but not for GF(2n). We also extend a number of exponentiation algorithms, that result in considerable speed gains for DSA, to ECDSA, using a signed binary representation. Finally, we present timing results for both types of fields on a PPro-200 based PC, for a C/C++ implementation with small assembly-language optimizations, and make comparisons to other signature algorithms, such as RSA and DSA. We conclude that for practical sizes of fields and moduli, GF(p) is roughly twice as fast as GF(2n). Furthermore, the speed of ECDSA over GF(p) is similar to the speed of DSA; it is approximately 7 times faster than RSA for signing, and 40 times slower than RSA for verification (with public exponent 3).

88 citations

Book ChapterDOI
21 Jun 1998
TL;DR: This paper describes a fast software implementation of the elliptic curve version of DSA, as specified in draft standard documents ANSI X9.62 and IEEE P1363, and concludes that for practical sizes of fields and moduli, GF(p) is roughly twice as fast as GF(2n).
Abstract: This paper describes a fast software implementation of the elliptic curve version of DSA, as specified in draft standard documents ANSI X9.62 and IEEE P1363. We did the implementations for the fields GF(2n), using a standard basis, and GF(p). We discuss various design decisions that have to be made for the operations in the underlying field and the operations on elliptic curve points. In particular, we conclude that it is a good idea to use projective coordinates for GF(p), but not for GF(2n). We also extend a number of exponentiation algorithms, that result in considerable speed gains for DSA, to ECDSA, using a signed binary representation. Finally, we present timing results for both types of fields on a PPro-200 based PC, for a C/C++ implementation with small assembly-language optimizations, and make comparisons to other signature algorithms, such as RSA and DSA. We conclude that for practical sizes of fields and moduli, GF(p) is roughly twice as fast as GF(2n). Furthermore, the speed of ECDSA over GF(p) is similar to the speed of DSA; it is approximately 7 times faster than RSA for signing, and 40 times slower than RSA for verification (with public exponent 3).

88 citations

Journal ArticleDOI
TL;DR: The concept of Discrete Weighted Transforms (DWTs) are introduced which substantially improve the speed of multiplication by obviating costly zero-padding of digits.
Abstract: It is well known that Discrete Fourier Transform (DFT) techniques may be used to multiply large integers. We introduce the concept of Discrete Weighted Transforms (DWTs) which, in certain situations, substantially improve the speed of multiplication by obviating costly zero-padding of digits. In particular, when arithmetic is to be performed modulo Fermât Numbers 22\"1 + 1 , or Mersenne Numbers 29 1 , weighted transforms effectively reduce FFT run lengths. We indicate how these ideas can be applied to enhance known algorithms for general multiplication, division, and factorization oflarge integers.

87 citations

Posted Content
TL;DR: In this article, the eta pairing algorithm was proposed for supersingular Abelian varieties and was shown to be about twice as fast as the Duursma-Lee method.
Abstract: We present a general technique for the efficient computation of pairings on supersingular Abelian varieties. This formulation, which we call the eta pairing, generalises results of Duursma and Lee for computing the Tate pairing on supersingular elliptic curves in characteristic three. We then show how our general technique leads to a new algorithm which is about twice as fast as the Duursma-Lee method. These ideas are then used for elliptic and hyperelliptic curves in characteristic 2 with very efficient results. In particular, the hyperelliptic case is faster than all previously known pairing algorithms.

83 citations

Journal ArticleDOI
Nigel P. Smart1
TL;DR: It is shown how to speed up the multiplication step on elliptic curves defined over small odd characteristic finite fields using a generalization of a recent method of Müller and Solinas.
Abstract: In this paper it is shown how to speed up the multiplication step on elliptic curves defined over small odd characteristic finite fields. The method used is a generalization of a recent method of Muller and Solinas. Various implementation issues are discussed and described with the use of timings from an implementation of the methods.

68 citations