Fp12_Efficient_SCM
Download as PPTX, PDF0 likes169 views
The document proposes a more efficient method for scalar multiplication on elliptic curves defined over extension fields. The proposed method reduces the number of elliptic curve doublings (ECD) needed by around half compared to existing methods. It achieves this by using the Frobenius mapping to represent the scalar value with coefficients in the extension field's subfield, allowing half the bit size. An example shows the proposed method requires around half as many ECD operations. Evaluation on sample scalars confirms a 40-50% reduction in ECD operations and a similar improvement in execution times for scalar multiplication. Future work involves testing the approach in pairing-based cryptographic protocols.
Fp12_Efficient_SCM
- 1. Introduction Preparation Proposal Conclusion An Improvement of Scalar Multiplication on Elliptic Curve Defined over Extension Field Khandaker Md. Al-Amin (PhD Student) & Dr. Yasuyuki Nogami Secure Wireless System Lab Department of Information and Communication Systems Faculty of Engineering, Okayama University, Japan
- 2. Outline Introduction • Background • Motivation Preparation • Preparing extension field arithmetic • Finding out good parameters Our Proposal • Construction procedure • Result evaluation Conclusion and Future work Introduction Preparation Proposal Conclusion 2
- 3. Background Public key cryptography • Elliptic curve cryptography • Pairing-based cryptographic applications Introduction Preparation Proposal Conclusion RSA is widely used. Public key cryptography • Elliptic curve cryptography • Pairing-based cryptographic applications ECC has faster key generation, shorter key size with same security level than RSA. 3
- 4. Background Public key cryptography • Elliptic curve cryptography • Pairing-based cryptographic applications ID-based cryptography, Group signature, Broadcast encryption Finite field • Prime field • Extension field Introduction Preparation Proposal Conclusion Need arithmetic operations in a certain extension field. ECDLP encourages Elliptic Curve Scalar Multiplication is the most time consuming operation 4
- 5. Background Paring Based cryptography requires • Paring friendly curve • Barreto-Naehrig (BN) curve is well known Introduction Preparation Proposal Conclusion where • Systematically generated parameters Here t is almost half size of r 5
- 6. Background Elliptic Curve cryptography Introduction Preparation Proposal Conclusion Let two rational points on is the tangent at the point on EC is the Point at Infinity 6
- 7. Background Introduction Preparation Proposal Conclusion Their addition , where Coordinates of is calculated as follows. P Q, then P + Q = R is elliptic curve addition (ECA). P = Q, then P +Q =2P = R is elliptic curve doubling (ECD).7 Elliptic Curve cryptography Let two rational points on
- 8. Background Elliptic Curve cryptography • Elliptic Curve Addition Introduction Preparation Proposal Conclusion 8 ECA Draw the line throw P and Q Intersects at point -R Symmetric to -R is R R is the result of P+Q
- 9. Background Elliptic Curve cryptography Introduction Preparation Proposal Conclusion 9 ECD Tangent through P,Q Intersects curve at point -R Symmetric to -R is R R is the result of P+Q=2Q Elliptic Curve cryptography • Elliptic Curve Doubling
- 10. Motivation Introduction Preparation Proposal Conclusion Scalar Multiplication of EC defined over , here n is a natural number ECA • If n has k binary digits, then complexity • Better performance in Double and Add algorithm. • But still also required (k-1) doubling. That is why we tried to make it efficient in BN curve by applying Frobenius Mapping. 10
- 11. Preparation Preparation Proposal Conclusion 11 We need extension field arithmetic operations. We need to find good parameter in BN curve. Finally we need find certain rational point in . Rational point groups Multiplicative group over
- 12. Getting Rational Point in G2 Proposal Conclusion • Randomly obtained rational point . • If • Then is the rational point whose order becomes r • Using we can get certain rational point in . 13
- 13. • Check if • Then belongs to Getting Rational Point in G2 Proposal Conclusion • Frobenius mapping of , 14
- 14. Proposed Scalar Multiplication Proposal Conclusion • Let, is a scalar and is the Scalar Multiplication • Here • Taking mod r, • From BN- curve, • -adic representation 15 From BN curve t is almost half size of p
- 15. Proposed Scalar Multiplication Proposal Conclusion • Let, is a scalar and is the Scalar Multiplication • Here • -adic representation • Resulted Scalar Multiplication 16
- 16. Example of Previous Scalar Multiplication Proposal Conclusion 1 2 3 4 5 6 7 14 S 1 0 1 1 0 1 1 … 1 (Q)2(Q)2(2(Q))+Q2(2(2(Q))+Q)+Q 17 • Let, is a scalar and is the Scalar Multiplication Let S is 14 bit ECD is 13 times, which is about the size of S
- 17. Example of Efficient Scalar Multiplication Proposal Conclusion S0 1 0 1 1 0 1 1 S1 1 1 0 1 1 0 1 (C)2(C)+B2(2(C)+B)+A2(2(2(C)+B)+A)+C 18 Let S is 14 bit and then S0,S1 will have half of the size of S. ECD is about half of total bit size of S 1 2 3 4 5 6 7
- 18. Result Evaluation Proposal Conclusion Size of scalar bit Existing Method Proposed Method Percentile #ECA #ECD #ECA #ECD 72 37 71 25 36 ~40% to 50% 254 124 253 43 127 ~50% Bit size of S Execution time for 1 Scalar Multiplication in Second Existing Method Proposed Method Percentile 72 0.077651 0.042132 55.55% 254 0.323006 0.156368 48.30% 19
- 19. Conclusion Conclusion Our proposed approach reduces the number of ECD by half of existing approach Future work Test and evaluate the performance in Paring based protocol implementation. 20
- 20. Thank you
Editor's Notes
- #2: Good morning, This is Khandaker Md. Al-Amin, I am a PhD student of Okayama university, Japan under the supervision of Professor Dr. Yasuyuki Nogami. Today, I will give my presentation on this title “An Improvement of Scalar Multiplication on Elliptic Curve Defined over Extension Field Fq2 ”
- #3: This is the top-level outline of my presentation. First, I will introduce some background of ECC and our motivation behind making scalar multiplication efficient. Then, I will give a brief overview to prepare for efficient scalar multiplication. After that, I will describe out proposal of scalar multiplication by Frobenius mapping with (t-1) adic representation of Scalar. Finally give result evaluation .
- #4: The emerging information security of computer system stands on the strong base of public key cryptography. Among the PKC’s RSA is mostly used technique. But compared to RSA cryptography, elliptic curve cryptography gained much attention for its faster key generation, shorter key size with same security level and less memory and computing power consumption.
- #5: Intractability of Elliptic Curve Discrete Logarithm Problem (ECDLP) encourages many innovative cryptographic protocols. Recently, several unique and innovative pairing based cryptographic applications such as Identity based encryption scheme group signature authentication and broadcast encryption increased the popularity of pairing based cryptography. Some of these applications needs arithmetic operations in a certain extension field. Among all the operations elliptic curve scalar multiplication is the most time consuming operation.
- #6: In pairing based cryptography we need pairing friendly curve. but it is difficult to find good pairing friendly curve. Barreto-Naehrig (BN) curve is well studied such kind of curve of embedding degree 12. Its parameters are systematically given by these equations where p is the characteristics, r is the order and t is the trace function. The most important property that will be useful in our proposal is trace is almost half size of the r and p.
- #7: Let us consider two rational point P, Q, then the tangent lamda can be calculated as like this equation. Here O is considered to be the unity which is the point at infinity of the curve.
- #8: coordinates of R can be obtained by this equation. when the rational point P not equal Q then we perform elliptic curve addition. when p=q then we do elliptic curve doubling.
- #9: Draw the line through P and Q. The line intersects a third point -R. The point symmetric to it ,is R, is the result of P+Q.
- #10: Let is consider p=q. so the tangent to q intersects the curve at point -R. . The point symmetric to it ,is R, is the result of P+Q.
- #11: Scalar Multiplication of EC defined over Fq2 ,..here n is natural number. so it seems that to multiply we need n number of additions. so if n is k binary digit then this will be its complexity.
- #12: To implement efficient scalar multiplication we need arithmetic operation in extension field of degree 12. We also need to find good parameters in BN curve. Finally we will find certain rational point in in G2 by some calculation procedure.
- #14: At first we randomly obtained rational point R in BN curve. To get rational point in in G2 we divide the total number of rational points of BN curve by the square of order r. It will return another rational point T. Then we will check if T ’s order is r or not. Now T will be used to obtain G2 rational point.
- #15: Frobenius mapping of T minus 1 gives the Q. If Q is a G2 rational point then will have this property. So we check if Frobenius mapping of Q minus scalar multiplication of Q equal point at infinity then we confirm Q is G2 point. (phi-1)(phi-p)R G1 ,G2
- #16: Now let us consider S is scalar that is smaller than order r. From BN curve we know this relation order r is = characteristics + 1 minus trace. If we take mod r of this equation then we get p is congruent to t-1. After that we get the t-1 adic representation of the scalar. here S0,S1 will be less than (t-1) and we already know from bn curve know that t is half of P from BN curve.
- #17: So the final scalar multiplication we get from these equations. here Scalar mul of Q = s0 mul Q and s1(t-1)Q
- #21: That’s all of my presentation. Thank you for your attention.