arithmetic of pairings performance and weakness toward
play

Arithmetic of pairings, performance and weakness toward side channel - PowerPoint PPT Presentation

Oct 18, 2022 •428 likes •1.55k views

Arithmetic of pairings, performance and weakness toward side channel attacks Nadia El Mrabet GREYC - LMNO Universit e de Caen Darmstadt 29th of April 2010 1 / 59 Outline Pairing over elliptic curves 1 Definition and properties of

  1. Miller’s equality Example Let f 1 , P = 1 by construction and i = 1. i := 2 i ( i = 2) f 2 , P = f 1 , P × f 1 , P × l P , P v [2] P f 2 , P = l P , P v [2] P 19 / 59

  2. Miller’s equality Example Let f 1 , P = 1 by construction and i = 1. i := 2 i ( i = 4) i := 2 i ( i = 2) l [2] P , [2] P f 4 , P = f 2 , P × f 2 , P × f 2 , P = f 1 , P × f 1 , P × l P , P v [4] P v [2] P l [2] P , [2] P f 4 , P = f 2 f 2 , P = l P , P 2 , P × v [4] P v [2] P i := i + 1 ( i = 5) l [4] P , P f 5 , P = f 4 , P × v [5] P 19 / 59

  3. Miller’s equality Example Let f 1 , P = 1 by construction and i = 1. i := 2 i ( i = 4) i := 2 i ( i = 2) l [2] P , [2] P f 4 , P = f 2 , P × f 2 , P × f 2 , P = f 1 , P × f 1 , P × l P , P v [4] P v [2] P l [2] P , [2] P f 4 , P = f 2 f 2 , P = l P , P 2 , P × v [4] P v [2] P i := i + 1 ( i = 5) l [4] P , P f 5 , P = f 4 , P × v [5] P �� l P , P � � 2 × l [2] P , [2] P × l [4] P , P f 5 , P = v [2] P v [4] P v [5] P 19 / 59

  4. Computation of pairings Miller’s algorithm returns f r , P ( Q ) Data : r = ( r N . . . r 0 ) 2 , P ∈ G 1 ⊂ E ( F p )[ r ] Result : [ r ] P T ← P for i = N − 1 to 0 do T ← [2] T if r i = 1 then T ← T + P end end return T = [ r ] P 20 / 59

  5. Computation of pairings Miller’s algorithm returns f r , P ( Q ) Data : r = ( r N . . . r 0 ) 2 , P ∈ G 1 ⊂ E ( F p )[ r ] et Q ∈ G 2 ⊂ E ( F p k )[ r ] Result : f r , P ( Q ) ∈ G 3 ⊂ F ∗ p k T ← P , f 1 ← 1, f 2 ← 1 for i = N − 1 to 0 do T ← [2] T if r i = 1 then T ← T + P end end f 1 return f 2 21 / 59

  6. Computation of pairings Miller’s algorithm returns f r , P ( Q ) Data : r = ( r N . . . r 0 ) 2 , P ∈ G 1 ⊂ E ( F p )[ r ] et Q ∈ G 2 ⊂ E ( F p k )[ r ] Result : f r , P ( Q ) ∈ G 3 ⊂ F ∗ p k T ← P , f 1 ← 1, f 2 ← 1 for i = N − 1 to 0 do T ← [2] T − f 12 × l d ( Q ) f 1 ← − f 22 × v d ( Q ) f 2 ← if r i = 1 then T ← T + P end end f 1 return f 2 21 / 59

  7. Computation of pairings Miller’s algorithm returns f r , P ( Q ) Data : r = ( r N . . . r 0 ) 2 , P ∈ G 1 ⊂ E ( F p )[ r ] et Q ∈ G 2 ⊂ E ( F p k )[ r ] Result : f r , P ( Q ) ∈ G 3 ⊂ F ∗ p k T ← P , f 1 ← 1, f 2 ← 1 for i = N − 1 to 0 do T ← [2] T − f 12 × l d ( Q ) f 1 ← − f 22 × v d ( Q ) f 2 ← if r i = 1 then T ← T + P f 1 ← − f 1 × l a ( Q ) f 2 ← − f 2 × v a ( Q ) end end f 1 return f 2 21 / 59

  8. Computation of pairings Miller’s algorithm returns f r , P ( Q ) Data : r = ( r N . . . r 0 ) 2 , P ∈ G 1 ⊂ E ( F p )[ r ] et Q ∈ G 2 ⊂ E ( F p k )[ r ] Result : f r , P ( Q ) ∈ G 3 ⊂ F ∗ p k T ← P , f 1 ← 1, f 2 ← 1 for i = N − 1 to 0 do T ← [2] T − f 12 × l d ( Q ) f 1 ← − f 22 × v d ( Q ) f 2 ← if r i = 1 then T ← T + P f 1 ← − f 1 × l a ( Q ) f 2 ← − f 2 × v a ( Q ) end end f 1 return f 2 21 / 59

  9. Outline Pairing over elliptic curves 1 Definition and properties of pairing Construction and example of pairings Computation of pairings Arithmetic of pairing based cryptography A more efficient arithmetic based on adapted bases 2 Definition of adapted bases Multiplication in F p k using DFT Complexity of our method Fault attack 3 Identity based cryptography Fault attack Fault attack against Miller’s algorithm Conclusion and perspectives 4 22 / 59

  10. The security of pairing Security level in bit 80 128 192 256 Minimal numbers of bit for r 160 256 384 512 Minimal numbers of bit for p k 1 024 3 072 7 680 15 360 Table : Security level 23 / 59

  11. Computing pairings over elliptic curves Let M p be the cost of a multiplication in F p , S p k the cost of a square and M p k of a multiplication in F p k . Miller’s algorithm needs N = [log 2 ( r )] + 1 iterations the complexity of the doubling step is 8 S p + (12 + 4 k ) M p + 2 S p k + 2 M p k the complexity of the addition step is 6 S p + (20 + 3 k ) M p + 2 S p k + 2 M p k 24 / 59

  12. Computing pairings over elliptic curves Let M p be the cost of a multiplication in F p , S p k the cost of a square and M p k of a multiplication in F p k . Miller’s algorithm needs N = [log 2 ( r )] + 1 iterations the complexity of the doubling step is 8 S p + (12 + 4 k ) M p + 2 S p k + 2 M p k the complexity of the addition step is 6 S p + (20 + 3 k ) M p + 2 S p k + 2 M p k To improve pairing computation we can : reduce the number of operation in F p k . improve the arithmetic in F p k . 24 / 59

  13. Outline Pairing over elliptic curves 1 Definition and properties of pairing Construction and example of pairings Computation of pairings Arithmetic of pairing based cryptography A more efficient arithmetic based on adapted bases 2 Definition of adapted bases Multiplication in F p k using DFT Complexity of our method Fault attack 3 Identity based cryptography Fault attack Fault attack against Miller’s algorithm Conclusion and perspectives 4 25 / 59

  14. The traditional representation The representation of elements in F p influences the arithmetic over F p . Usually we used positional number representation, it is a representation using a base to represent integers : n − 1 � a i β i with a i ∈ { 0 , . . . , β − 1 } and β n > p . a = i =0 Example : The decimal representation in F 90001 . Let β = 10, and a = 71209 in F 90001 . This element can be write a = 7 × 10 4 + 1 × 10 3 + 2 × 10 2 + 9. 26 / 59

  15. Outline Pairing over elliptic curves 1 Definition and properties of pairing Construction and example of pairings Computation of pairings Arithmetic of pairing based cryptography A more efficient arithmetic based on adapted bases 2 Definition of adapted bases Multiplication in F p k using DFT Complexity of our method Fault attack 3 Identity based cryptography Fault attack Fault attack against Miller’s algorithm Conclusion and perspectives 4 27 / 59

  16. An adapted base Representation in adapted base : Let p be a prime, 0 < γ < p and n > 0, such that γ n ≡ λ mod p for a small λ . 28 / 59

  17. An adapted base Representation in adapted base : Let p be a prime, 0 < γ < p and n > 0, such that γ n ≡ λ mod p for a small λ . The representation in adapted base is : n − 1 � a i γ i mod p with | a i | < ρ, where ρ ≥ p 1 / n . a = i =0 28 / 59

  18. An adapted base Representation in adapted base : Let p be a prime, 0 < γ < p and n > 0, such that γ n ≡ λ mod p for a small λ . The representation in adapted base is : n − 1 � a i γ i mod p with | a i | < ρ, where ρ ≥ p 1 / n . a = i =0 n − 1 � a i t i the polynomial representation of a in adapted We denote a ( t ) = i =0 base. 28 / 59

  19. An adapted base Representation in adapted base : Let p be a prime, 0 < γ < p and n > 0, such that γ n ≡ λ mod p for a small λ . The representation in adapted base is : n − 1 � a i γ i mod p with | a i | < ρ, where ρ ≥ p 1 / n . a = i =0 Example Let p = 19. Let n = 3, the element of F p such that γ 3 ≡ 1 mod p is γ = 7. The element of F p in adapted base will be polynomials in γ of degree 2 ; and coefficients will be 0, 1 et − 1. 29 / 59

  20. An adapted base Example 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 30 / 59

  21. An adapted base Example 1 2 3 4 5 6 1 γ − 1 7 8 9 10 11 12 γ 2 − 1 γ 2 + 1 γ 2 γ γ + 1 13 14 15 16 17 18 − 1 30 / 59

  22. An adapted base Example 1 2 3 4 5 6 γ 2 − γ − 1 1 γ − 1 7 8 9 10 11 12 γ 2 − 1 γ 2 + 1 γ 2 γ γ + 1 13 14 15 16 17 18 − γ − 1 − 1 30 / 59

  23. An adapted base Example 1 2 3 4 5 6 γ 2 − γ − 1 γ 2 − γ γ 2 − γ + 1 1 γ − 1 7 8 9 10 11 12 γ 2 − 1 γ 2 + 1 γ 2 γ γ + 1 13 14 15 16 17 18 − γ − 1 − 1 30 / 59

  24. An adapted base Example 1 2 3 4 5 6 γ 2 − γ − 1 γ 2 − γ γ 2 − γ + 1 1 γ − 1 7 8 9 10 11 12 − γ 2 + 1 γ 2 − 1 γ 2 + 1 γ 2 γ γ + 1 13 14 15 16 17 18 − γ 2 + γ + 1 − γ 2 + γ − γ 2 + γ + 1 γ 2 + γ − 1 − γ − 1 − 1 30 / 59

  25. An adapted base Example 1 2 3 4 5 6 − γ 2 − γ − 1 γ 2 − γ − 1 γ 2 − γ γ 2 − γ + 1 1 γ − 1 7 8 9 10 11 12 − γ 2 + 1 γ 2 − 1 γ 2 + 1 γ 2 γ γ + 1 13 14 15 16 17 18 − γ 2 + γ + 1 − γ 2 + γ − γ 2 + γ + 1 γ 2 + γ − 1 − γ − 1 − 1 30 / 59

  26. Arithmetic in adapted base Reduction of the coefficient using Montgomery representation (Plantard-Negre 07) To find the representation in adapted basis, we used an algorithm due to : Thomas Plantard in 2005. Arithmetic in adapted base Efficient Modular Arithmetic in Adapted Modular Number System Using Lagrange Representation , of C. N` egre and T. Plantard in ACISP ’08. The arithmetic is constructed in Montgomery way, thus it has the same complexity. We have an efficient arithmetic over F p . 31 / 59

  27. Outline Pairing over elliptic curves 1 Definition and properties of pairing Construction and example of pairings Computation of pairings Arithmetic of pairing based cryptography A more efficient arithmetic based on adapted bases 2 Definition of adapted bases Multiplication in F p k using DFT Complexity of our method Fault attack 3 Identity based cryptography Fault attack Fault attack against Miller’s algorithm Conclusion and perspectives 4 32 / 59

  28. The multiplication by interpolation in F p k Let U and V be elements of F p k . They are polynomials U ( X ) , V ( X ) ∈ F p [ X ] of degree k − 1. The multiplication between U and V can be done like this : 1 Polynomial multiplication W ( X ) = U ( X ) × V ( X ), using interpolation. 2 Modular reduction using a polynomial of degree k in F p . 33 / 59

  29. Multiplication by interpolation Let l ≥ 2 k − 1 distinct elements α 0 , . . . , α l − 1 in F p . 34 / 59

  30. Multiplication by interpolation Let l ≥ 2 k − 1 distinct elements α 0 , . . . , α l − 1 in F p . 1 Evaluation : Let U ( X ) and V ( X ) of degree k − 1. We compute U = ( U ( α 0 ) , . . . , U ( α l − 1 )) and � � V = ( V ( α 0 ) , . . . , V ( α l − 1 )) using a matrix vector product :     α k − 1 1 α 1 · · · u 0 1     α k − 1 1 α 2 · · · u 1     2 � U =  ×  .  . .   .  . . .   . . . α k − 1 u k − 1 1 α l · · · l 34 / 59

  31. Multiplication by interpolation Let l ≥ 2 k − 1 distinct elements α 0 , . . . , α l − 1 in F p . 1 Evaluation : Let U ( X ) and V ( X ) of degree k − 1. We compute U = ( U ( α 0 ) , . . . , U ( α l − 1 )) and � � V = ( V ( α 0 ) , . . . , V ( α l − 1 )) using a matrix vector product :     α k − 1 1 α 1 · · · u 0 1     α k − 1 1 α 2 · · · u 1     2 � U =  ×  .  . .   .  . . .   . . . α k − 1 u k − 1 1 α l · · · l 2 Multiplication : � W = ( � u 0 × � v 0 , � u 1 × � v 1 , . . . , � u l − 1 × � v l − 1 ) . 34 / 59

  32. Multiplication by interpolation Let l ≥ 2 k − 1 distinct elements α 0 , . . . , α l − 1 in F p . 1 Evaluation : Let U ( X ) and V ( X ) of degree k − 1. We compute U = ( U ( α 0 ) , . . . , U ( α l − 1 )) and � � V = ( V ( α 0 ) , . . . , V ( α l − 1 )) using a matrix vector product :     α k − 1 1 α 1 · · · u 0 1     α k − 1 1 α 2 · · · u 1     2 � U =  ×  .  . .   .  . . .   . . . α k − 1 u k − 1 1 α l · · · l 2 Multiplication : � W = ( � u 0 × � v 0 , � u 1 × � v 1 , . . . , � u l − 1 × � v l − 1 ) . 3 Interpolation : reconstruction of coefficients of W ( X ). 34 / 59

  33. Polynomial multiplication using DFT. Let α be a l primitive roots of unity in F p α i = α i . 35 / 59

  34. Polynomial multiplication using DFT. Let α be a l primitive roots of unity in F p α i = α i . The evaluation is the product by the matrix Ω :   1 1 1 · · · 1  α 2 α l − 1  1 α · · ·     α 2 α 4 α ( l − 1)2 1 · · · Ω =     . . . .   . . α l − 1 α 2( l − 1) α ( l − 1)( l − 1) 1 · · · 35 / 59

  35. Polynomial multiplication using DFT. Let α be a l primitive roots of unity in F p α i = α i . The evaluation is the product by the matrix Ω :   1 1 1 · · · 1  α 2 α l − 1  1 α · · ·     α 2 α 4 α ( l − 1)2 1 · · · Ω =     . . . .   . . α l − 1 α 2( l − 1) α ( l − 1)( l − 1) 1 · · · Denoting α ′ = α − 1 , the interpolation is the product by :   1 1 1 · · · 1   α ′ 2 α ′ l − 1 1 α ′ · · ·   Ω − 1 = 1   α ′ 2 α ′ 4 α ′ ( l − 1)2 1 · · ·   l  . .  . .   . . α ′ l − 1 α ′ 2( l − 1) α ′ ( l − 1)( l − 1) 1 · · · 35 / 59

  36. Polynomial multiplication using DFT. Complexity The complexity of the multiplication is : Evaluation : product by the matrix Ω, Multiplications : 2 l products in F p , Interpolation : product by the matrix Ω − 1 . 36 / 59

  37. Polynomial multiplication using DFT. Complexity The complexity of the multiplication is : Evaluation : product by the matrix Ω, Multiplications : 2 l products in F p , Interpolation : product by the matrix Ω − 1 . Products by Ω et Ω − 1 are composed with multiplication with powers of α i . 36 / 59

  38. Using the DFT with the adapted base We combine the utilisation of the adapted base and the DFT multiplication to improve the multiplication in F p k . 37 / 59

  39. Using the DFT with the adapted base We combine the utilisation of the adapted base and the DFT multiplication to improve the multiplication in F p k . l = k , γ such that γ l = − 1, α = γ is a 2 k primitive root of unity in F p . 37 / 59

  40. Using the DFT with the adapted base We combine the utilisation of the adapted base and the DFT multiplication to improve the multiplication in F p k . l = k , γ such that γ l = − 1, α = γ is a 2 k primitive root of unity in F p . Consequences Multiplications by power of γ i are composed of shift and addition in F p : ( � n − 1 mod t n + 1 a γ j i =0 a i t i ) t j = ( � j − 1 i =0 − a n − j + i t i ) + ( � n − 1 i = j a i − j t i ) . = Multiplications by Ω and Ω − 1 are uniquely composed by additions in F p . 37 / 59

  41. Outline Pairing over elliptic curves 1 Definition and properties of pairing Construction and example of pairings Computation of pairings Arithmetic of pairing based cryptography A more efficient arithmetic based on adapted bases 2 Definition of adapted bases Multiplication in F p k using DFT Complexity of our method Fault attack 3 Identity based cryptography Fault attack Fault attack against Miller’s algorithm Conclusion and perspectives 4 38 / 59

  42. Complexity of a multiplication in F p k Using Karatsuba and Toom Cook : pour k = 2 i 3 j then M p k = 3 i 5 j M p . Using DFT and adapted base : M p k = 2 kM p . 39 / 59

  43. Results Table : Complexities of several values of k Method k M p k Ratio M p # A p # M p A p Karatsuba/Toom-Cook 8 72 27 Our method t 8 + 1 8 192 16 < 11 Karatsuba/Toom-Cook 9 160 25 Our method t 8 + 1 9 208 18 < 7 Karatsuba/Toom-Cook 16 248 81 Our method t 16 + 1 16 480 32 < 5 Karatsuba/Toom-Cook 18 480 75 Our method t 16 + 1 18 576 39 < 3 40 / 59

  44. Conclusion [ACISP’09] avec C. N` egre We introduced a multiplication in F p k using DFT and adapted base. Our results are good for big values of k . 41 / 59

  45. Outline Pairing over elliptic curves 1 Definition and properties of pairing Construction and example of pairings Computation of pairings Arithmetic of pairing based cryptography A more efficient arithmetic based on adapted bases 2 Definition of adapted bases Multiplication in F p k using DFT Complexity of our method Fault attack 3 Identity based cryptography Fault attack Fault attack against Miller’s algorithm Conclusion and perspectives 4 42 / 59

  46. Outline Pairing over elliptic curves 1 Definition and properties of pairing Construction and example of pairings Computation of pairings Arithmetic of pairing based cryptography A more efficient arithmetic based on adapted bases 2 Definition of adapted bases Multiplication in F p k using DFT Complexity of our method Fault attack 3 Identity based cryptography Fault attack Fault attack against Miller’s algorithm Conclusion and perspectives 4 43 / 59

  47. Cryptography from pairing Identity based cryptography Identity based protocols are asymmetric protocols where the user’s public key it is his identity, a trusted authority gives him the associated private key. 44 / 59

  48. Cryptography from pairing Identity based cryptography Identity based protocols are asymmetric protocols where the user’s public key it is his identity, a trusted authority gives him the associated private key. Example Alice and Bob key exchange 44 / 59

  49. Cryptography from pairing Secure key exchange between Alice and Bob 45 / 59

  50. Cryptography from pairing Secure key exchange between Alice and Bob 45 / 59

  51. Outline Pairing over elliptic curves 1 Definition and properties of pairing Construction and example of pairings Computation of pairings Arithmetic of pairing based cryptography A more efficient arithmetic based on adapted bases 2 Definition of adapted bases Multiplication in F p k using DFT Complexity of our method Fault attack 3 Identity based cryptography Fault attack Fault attack against Miller’s algorithm Conclusion and perspectives 4 46 / 59

  52. Side channels attacks During an identity based protocole, we know : the pairing algorithm, the number of iterations ( N = [log 2 ( r )] + 1). The secret is one the parameter of pairing. The secret does not influence the algorithm. 47 / 59

  53. Side channel attacks side channel attacks use the implementation of algorithm to find information about the secret. Fault attacks consist in disturbing the execution of an algorithm. 48 / 59

  54. Side channel attacks side channel attacks use the implementation of algorithm to find information about the secret. Fault attacks consist in disturbing the execution of an algorithm. First fault attack in pairing based cryptography was developed by Page and Vercauteren for the Duursma and lee algorithm. 48 / 59

  55. Side channel attacks side channel attacks use the implementation of algorithm to find information about the secret. Fault attacks consist in disturbing the execution of an algorithm. First fault attack in pairing based cryptography was developed by Page and Vercauteren for the Duursma and lee algorithm. We study the vulnerability of Miller’s algorithm toward fault attacks. 48 / 59

  56. Outline Pairing over elliptic curves 1 Definition and properties of pairing Construction and example of pairings Computation of pairings Arithmetic of pairing based cryptography A more efficient arithmetic based on adapted bases 2 Definition of adapted bases Multiplication in F p k using DFT Complexity of our method Fault attack 3 Identity based cryptography Fault attack Fault attack against Miller’s algorithm Conclusion and perspectives 4 49 / 59

  57. Description of the fault attacks We suppose that the pairing is used in Identity based protocol. The secret is point P , first parameter during the computation of e ( P , Q ). The second parameter Q is known. 50 / 59

  58. Description of the fault attacks We suppose that the pairing is used in Identity based protocol. The secret is point P , first parameter during the computation of e ( P , Q ). The second parameter Q is known. Purpose of the fault attack The aim of the attack is to modify the number of iterations of the Miller’s algorithm, in order to obtain the result of two consecutive iterations : τ and τ + 1 iterations for τ ∈ { 1 , . . . , N } . We denote F τ, P ( Q ) and F τ +1 , P ( Q ) the results of these iterations. 50 / 59

  59. Description of the fault attack Target of the attack The register where N is stocked. We modify it using lasers. 51 / 59

  60. Description of the fault attack Target of the attack The register where N is stocked. We modify it using lasers. Scheme of the attack We execute several Miller’s algorithm with the same point Q and modifying the register for each iterations. 51 / 59

  61. Description of the fault attack Target of the attack The register where N is stocked. We modify it using lasers. Scheme of the attack We execute several Miller’s algorithm with the same point Q and modifying the register for each iterations. Using the clock cycles we can find after the number of iteration made. We repeat the operation until we obtain two consecutive iterations τ and τ + 1. 51 / 59

  62. Description of the fault attack Probability We want to find two consecutive numbers randomly taken from 1 to N. 52 / 59

  63. Description of the fault attack Probability We want to find two consecutive numbers randomly taken from 1 to N. This problem is like the anniversary problem. We can compute the probability of success. Example For r an integer of size 256 bits, 15 tries are enough to obtain two consecutive numbers with a probability higher than 0 , 5 ; and 26 for a probability higher than 0 , 9. 52 / 59

  64. The ratio R = F τ +1 , P ( Q ) F τ, P ( Q ) 2 We denote F τ, P ( Q ) the result of τ -th iteration and F τ +1 , P ( Q ) the result of the τ + 1-th. The ratio R = F τ +1 , P ( Q ) F τ, P ( Q ) 2 gives us information about the secret. 53 / 59

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

A brief overwiev of pairings Razvan Barbulescu CNRS and IMJ-PRG R. Barbulescu Overview

A brief overwiev of pairings Razvan Barbulescu CNRS and IMJ-PRG R. Barbulescu Overview

Bordeaux November 22, 2016 A brief overwiev of pairings Razvan Barbulescu CNRS and IMJ-PRG R. Barbulescu Overview pairings 0 / 37 Plan of the lecture Pairings Pairing-friendly curves Progress of NFS attacks

744 views • 72 slides
Optimal pairings on abelian varieties 2014/10/10 ECC 2014, Chennai David Lubicz, Damien Robert

Optimal pairings on abelian varieties 2014/10/10 ECC 2014, Chennai David Lubicz, Damien Robert

Optimal pairings on abelian varieties 2014/10/10 ECC 2014, Chennai David Lubicz, Damien Robert Inria Bordeaux Sud-Ouest Millers algorithm Pairings on abelian varieties Theta functions Pairings with theta functions Performance Outline

676 views • 50 slides
Computing optimal pairings on abelian varieties with theta functions 06/06/2013 AGCT David

Computing optimal pairings on abelian varieties with theta functions 06/06/2013 AGCT David

Computing optimal pairings on abelian varieties with theta functions 06/06/2013 AGCT David Lubicz, Damien Robert June 6, 2013 Pairings on curves Abelian varieties Theta functions Pairings with theta functions Performance Outline 1

833 views • 33 slides
Arithmetic operators on GF ( 2 m ) for cryptographic applications: performance - power

Arithmetic operators on GF ( 2 m ) for cryptographic applications: performance - power

Introduction Arithmetic in GF ( 2 m ) Summary - results, comments, future prospects Arithmetic operators on GF ( 2 m ) for cryptographic applications: performance - power consumption - security tradeoffs Danuta Pamua 17th December 2012

695 views • 32 slides
Implement all the pairings in software! CARAMBA Seminar Diego F. Aranha Department of

Implement all the pairings in software! CARAMBA Seminar Diego F. Aranha Department of

Implement all the pairings in software! CARAMBA Seminar Diego F. Aranha Department of Engineering Aarhus University Bilinear pairings 1 Bilinear pairings e ( P + R , Q ) = e ( P , Q ) e ( R , Q ) and e ( P , Q + S ) = e ( P , Q ) e (

1.52k views • 55 slides
Pairings are not dead, just resting ECC 2017 Diego F. Aranha December 8, 2018 Institute of

Pairings are not dead, just resting ECC 2017 Diego F. Aranha December 8, 2018 Institute of

Pairings are not dead, just resting ECC 2017 Diego F. Aranha December 8, 2018 Institute of Computing University of Campinas Bilinear pairings 1 Bilinear pairings e ( P + R , Q ) = e ( P , Q ) e ( R , Q ) and e ( P , Q + S ) = e ( P , Q

1.02k views • 58 slides
Processor Architecture Stream Arithmetic Logic Unit Programming ALU for high-performance

Processor Architecture Stream Arithmetic Logic Unit Programming ALU for high-performance

Processor Architecture Stream Arithmetic Logic Unit Programming ALU for high-performance computing 7 8 2 Memory CS334 F09 Prof. McGuire Williams College 1 2 Multi-Processor Stream Programming Arithmetic Logic Unit Arithmetic Logic

706 views • 3 slides
Digital Design Discussion: Arithmetic Binary Arithmetic Floating-Point Arithmetic Binary

Digital Design Discussion: Arithmetic Binary Arithmetic Floating-Point Arithmetic Binary

Principles Of Digital Design Discussion: Arithmetic Binary Arithmetic Floating-Point Arithmetic Binary Arithmetic Same basic methodology as decimal arithmetic Important to know number representation Unsigned Signed

704 views • 11 slides
Pairings implementation in the PARI computer algebra system (explained by a mere programmer)

Pairings implementation in the PARI computer algebra system (explained by a mere programmer)

Pairings implementation in the PARI computer algebra system (explained by a mere programmer) jerome.milan (at) lix.polytechnique.fr Outline 1 Motivations and context 2 Pairings over elliptic curves 3 Pairing computation 4 Implementation in PARI

739 views • 51 slides
Group pairings with equivalent rigidity properties for bar-joint and point-hyperplane frameworks

Group pairings with equivalent rigidity properties for bar-joint and point-hyperplane frameworks

Group pairings with equivalent rigidity properties for bar-joint and point-hyperplane frameworks Bernd Schulze (with Katie Clinch, Anthony Nixon and Walter Whiteley) Lancaster University June 13, 2019 Bernd Schulze Group pairings with

746 views • 49 slides
With All the Hype on the PS3 With All the Hype on the PS3 We Became Interested We Became

With All the Hype on the PS3 With All the Hype on the PS3 We Became Interested We Became

Computer Science and Mathematics Division Seminar Exploiting the Performance of 32- Exploiting the Performance of 32 -bit bit Floating- -Point Point Floating Arithmetic in Obtaining 64- -bit Accuracy bit Accuracy Arithmetic in Obtaining

656 views • 28 slides
Arithmetic for Computers October 31, 2008 Arithmetic for Computers ALU Arithmetic Logic Unit

Arithmetic for Computers October 31, 2008 Arithmetic for Computers ALU Arithmetic Logic Unit

Arithmetic for Computers October 31, 2008 Arithmetic for Computers ALU Arithmetic Logic Unit Performs most processor operations Control signal predicates addition subtraction logic operations shifting (w / or w / o sign extension) Figure:

205 views • 8 slides
The Realm of the Pairings Paulo S. L. M. Barreto Prolegomena Thanks to the organizers of SAC

The Realm of the Pairings Paulo S. L. M. Barreto Prolegomena Thanks to the organizers of SAC

The Realm of the Pairings Paulo S. L. M. Barreto Prolegomena Thanks to the organizers of SAC 2013 for the invitation! Accompanying paper: joint work with D. Aranha, P. Longa and J. Ricardini. I know Im speaking in a marvelous

648 views • 45 slides
High performance numerical validation with stochastic arithmetic Pacme Eberhart Joint work

High performance numerical validation with stochastic arithmetic Pacme Eberhart Joint work

High performance numerical validation with stochastic arithmetic Pacme Eberhart Joint work with : Fabienne Jzquel, Pierre Fortin In collaboration with Julien Brajard from LOCEAN RAIM2015 April 7, 2015 IRISA, Rennes Pacme Eberhart

574 views • 31 slides
AM P A R CudA Multiple Precision ARithmetic librarY When do we need more precision? 1 /

AM P A R CudA Multiple Precision ARithmetic librarY When do we need more precision? 1 /

Implementation and performance evaluation of an extended precision floating-point arithmetic library for high-accuracy semidefinite programming Mioara Joldes, Jean-Michel Muller and Valentina Popescu ARITH 24 July 2017 AM P A R CudA

358 views • 35 slides
Estimating size requirements for pairings: Simulating the Tower-NFS algorithm in GF( p n ) Quentin

Estimating size requirements for pairings: Simulating the Tower-NFS algorithm in GF( p n ) Quentin

Estimating size requirements for pairings: Simulating the Tower-NFS algorithm in GF( p n ) Quentin Deschamps, Aurore Guillevic , Shashank Singh ENS Lyon, Inria Nancy, Loria, CNRS, Universit de Lorraine November 15, 1027 Elliptic Curve

753 views • 43 slides
MAP Testing New London Public Schools BOE Meeting January 9, 2014 NLPS Mission To prepare

MAP Testing New London Public Schools BOE Meeting January 9, 2014 NLPS Mission To prepare

MAP Testing New London Public Schools BOE Meeting January 9, 2014 NLPS Mission To prepare young people for successful lives as adults What are we trying to do here? Ensure that students have the skills and knowledge they need to be

698 views • 50 slides
Data Class XII ( As per CBSE Board) visualizati on using Pyplot New Syllabus 2019-20 Visit

Data Class XII ( As per CBSE Board) visualizati on using Pyplot New Syllabus 2019-20 Visit

Chapter 7 : Computer Science Data Class XII ( As per CBSE Board) visualizati on using Pyplot New Syllabus 2019-20 Visit : python.mykvs.in for regular updates Data visualization using Pyplot Matplotlib is the whole python package/

607 views • 8 slides
Teachers Name X Grade KCCT Assessment The Kentucky Core Content Test (KCCT) is a

Teachers Name X Grade KCCT Assessment The Kentucky Core Content Test (KCCT) is a

Kenton Elementary KCCT Test Analysis Emily Teagle EDA 669 Welcome, Students! Teachers Name X Grade KCCT Assessment The Kentucky Core Content Test (KCCT) is a criterion- referenced test based on Kentuckys content standards. The

1.21k views • 41 slides
RNNs for Image Caption Generation James Guevara Recurrent Neural Networks Contain at least

RNNs for Image Caption Generation James Guevara Recurrent Neural Networks Contain at least

RNNs for Image Caption Generation James Guevara Recurrent Neural Networks Contain at least one directed cycle. Applications include: pattern classification, stochastic sequence modeling, speech recognition. Train using

681 views • 22 slides
Getting Started Welcome to the Idaho Standards Math Working Group Meeting! Thank you for joining

Getting Started Welcome to the Idaho Standards Math Working Group Meeting! Thank you for joining

Getting Started Welcome to the Idaho Standards Math Working Group Meeting! Thank you for joining us today. Zoom tip: Make sure you minimize Zoom While you are waiting please include the following in the to find your chat: chat box and 1.

653 views • 37 slides
EDAL 664 School Leadership By Franklyn Baldeo, Ph.D November 13, 2017 1 Learning Objectives /

EDAL 664 School Leadership By Franklyn Baldeo, Ph.D November 13, 2017 1 Learning Objectives /

University of the Southern Caribbean School of Education &amp; Humanities Graduate Education Department The Controlling Influence of Leadership (Module # 17) Professional Presentation for Course: EDAL 664 School Leadership By Franklyn

618 views • 42 slides
Reliability Improvement Project Reliability Improvement Project Multi Multi-Stage Centrifugal

Reliability Improvement Project Reliability Improvement Project Multi Multi-Stage Centrifugal

Reliability Improvement Project Reliability Improvement Project Multi Multi-Stage Centrifugal Blowers Stage Centrifugal Blowers For Piedmont Chapter Vibration Institute Charleston, SC Sept 9, 2011 Steve Quillen Ken Singleton Eastman

1.17k views • 102 slides
Wednesday 26 th February 2014 Exeter SMMT, the S symbol and the Driving the motor

Wednesday 26 th February 2014 Exeter SMMT, the S symbol and the Driving the motor

SMMT Type Approval Workshop Wednesday 26 th February 2014 Exeter SMMT, the S symbol and the Driving the motor SOCIETY OF MOTOR MANUFACTURERS AND TRADERS LIMITED industry brandline are trademarks of SMMT Ltd Welcome address Allan

1.64k views • 159 slides

More recommend