double base chains for scalar multiplications on elliptic
play

Double-Base Chains for Scalar Multiplications on Elliptic Curves Wei - PowerPoint PPT Presentation

Oct 02, 2022 •362 likes •741 views

Double-Base Chains for Scalar Multiplications on Elliptic Curves Wei Yu , Saud Al Musa, and Bao Li Institute of Information Engineering, Chinese Academy of Sciences yuwei_1_yw@163.com May, 2020 Abstract Introduction Wei Yu , Saud Al Musa, and

  1. Double-Base Chains for Scalar Multiplications on Elliptic Curves Wei Yu , Saud Al Musa, and Bao Li Institute of Information Engineering, Chinese Academy of Sciences yuwei_1_yw@163.com May, 2020

  2. Abstract Introduction Wei Yu , Saud Al Musa, and Bao Li Double-Base Chains for Scalar Multiplications on Elliptic Curves

  3. Abstract Introduction The Number of Double-Base Chains Wei Yu , Saud Al Musa, and Bao Li Double-Base Chains for Scalar Multiplications on Elliptic Curves

  4. Abstract Introduction The Number of Double-Base Chains Hamming Weight of Double-Base Chains Wei Yu , Saud Al Musa, and Bao Li Double-Base Chains for Scalar Multiplications on Elliptic Curves

  5. Abstract Introduction The Number of Double-Base Chains Hamming Weight of Double-Base Chains Dynamic Programming to Generate Optimal Double-Base Chains Wei Yu , Saud Al Musa, and Bao Li Double-Base Chains for Scalar Multiplications on Elliptic Curves

  6. Abstract Introduction The Number of Double-Base Chains Hamming Weight of Double-Base Chains Dynamic Programming to Generate Optimal Double-Base Chains Scalar Multiplication using Double-Base Chains Wei Yu , Saud Al Musa, and Bao Li Double-Base Chains for Scalar Multiplications on Elliptic Curves

  7. Introduction:Double-Base Chain Double-base chains (DBCs) are used to speed up scalar multiplications on elliptic curves. A DBC represents an integer n as l c i 2 b i 3 t i � i = 1 c i ∈ C = { ± 1 }, b l ≥ b l − 1 ≥ ... ≥ b 1 ≥ 0 and t l ≥ t l − 1 ≥ ... ≥ t 1 ≥ 0 . 2 b i 3 t i : a term 2 b l 3 t l : the leading term l : the Hamming weight Wei Yu , Saud Al Musa, and Bao Li Double-Base Chains for Scalar Multiplications on Elliptic Curves

  8. Introduction:Double-Base Chain Dimitrov, Imbert, and Mishra: The canonic DBCs of a 1 positive integer n are the ones with minimal Hamming weight. An optimal DBC of n is the DBC with the smallest value in 2 the set { val ( w ) | w ∈ X } where X is the set containing all DBCs of n . w is defined by the cost of scalar multiplication. Wei Yu , Saud Al Musa, and Bao Li Double-Base Chains for Scalar Multiplications on Elliptic Curves

  9. Introduction:Contributions Contributions structure, asymptotic lower bound dynamic programming iterative algorithm Hamming weights of DBCs generate an optimal DBC number of DBCs the first polynomial answer an open question 6 times faster time algorithm Wei Yu , Saud Al Musa, and Bao Li Double-Base Chains for Scalar Multiplications on Elliptic Curves

  10. The Number of DBCs Counting the number of DBCs: To show DBC is redundant 1 To generate an optimal DBC 2 Each positive integer has at least one DBC such as binary representation. Imbert and Philippe 2010: an elegant algorithm to compute the number of unsigned DBCs for a given integer. Wei Yu , Saud Al Musa, and Bao Li Double-Base Chains for Scalar Multiplications on Elliptic Curves

  11. The Number of DBCs Doche 2014 calculate the number of DBCs with a leading term dividing 1 2 b 3 t for a positive integer efficient for less than 70 − bit integers with a leading term 2 dividing 2 b 3 t for the most b and t exponential time algorithm 3 Wei Yu , Saud Al Musa, and Bao Li Double-Base Chains for Scalar Multiplications on Elliptic Curves

  12. The Number of DBCs:The Structure of the Set Containing All DBCs Φ ( b , t , n ) : the set containing all DBCs of an integer n ≥ 0 with a leading term strictly dividing 2 b 3 t . ¯ Φ ( b , t , n ) : the set containing all DBCs of an integer n ≤ 0 with a leading term strictly dividing 2 b 3 t . Wei Yu , Saud Al Musa, and Bao Li Double-Base Chains for Scalar Multiplications on Elliptic Curves

  13. The Number of DBCs:The Structure of the Set Containing All DBCs Let n be a positive integer, b ≥ 0 , t ≥ 0 , and b + t > 0 . The structure of Φ ( b , t ) and that of ¯ Φ ( b , t ) are described as follows. Figure: The Structure of DBCs Φ ( b , t ) , ¯ Φ ( b , t ) Φ ( b − 1 , t ) , ¯ Φ ( b , t − 1 ) , ¯ Φ ( b − 1 , t ) Φ ( b , t − 1 ) Wei Yu , Saud Al Musa, and Bao Li Double-Base Chains for Scalar Multiplications on Elliptic Curves

  14. The Number of DBCs:The Structure of the Set Containing All DBCs Figure: The Cardinality of the Set Containing All DBCs | Φ ( b , t ) | , | ¯ Φ ( b , t ) | | Φ ( b − 1 , t ) | , | ¯ | Φ ( b , t − 1 ) | , | ¯ | Φ ( b − 1 , t − 1 ) | , | ¯ Φ ( b − 1 , t ) | Φ ( b , t − 1 ) | Φ ( b − 1 , t − 1 ) | Wei Yu , Saud Al Musa, and Bao Li Double-Base Chains for Scalar Multiplications on Elliptic Curves

  15. The Number of DBCs: Iterative Algorithm Input : A positive integer n , b ≥ 0 , and t ≥ 0 Output : | Φ ( b , t ) | , | ¯ Φ ( b , t ) | | Φ ( 0 , 0 ) | ← 1 , | ¯ 1. Φ ( 0 , 0 ) | ← 0 For i from 0 to b , | Φ ( i , − 1 ) | = | ¯ 2. Φ ( i , − 1 ) | ← 0 For j from 0 to t , | Φ ( − 1 , j ) | = | ¯ 3. Φ ( − 1 , j ) | ← 0 4. For j from 0 to t 5. For i from 0 to b If i + j > 0 , compute | Φ ( i , j ) | and | ¯ 6. Φ ( i , j ) | return | Φ ( b , t ) | , | ¯ 7. Φ ( b , t ) | �� log n � 3 � The time complexity of our iterative algorithm is in O bit � log n � . operations when both b and t are O Wei Yu , Saud Al Musa, and Bao Li Double-Base Chains for Scalar Multiplications on Elliptic Curves

  16. The Number of DBCs 100 has 2590 DBCs with a leading term dividing 2 30 3 4 . 1 1000 has 28364 DBCs with a leading term dividing 2 30 3 6 . 2 π × 10 120 � with a leading term � the number of DBCs of 3 dividing 2 240 3 120 is 40569451268980332857047527244802033238443617954504 67273281157843672719846213086211542270726702592261 7970361 05303878574879 . Wei Yu , Saud Al Musa, and Bao Li Double-Base Chains for Scalar Multiplications on Elliptic Curves

  17. Hamming Weight of DBCs:Open Question Open question Whether the average Hamming weight of DBCs � log n � produced by the greedy approach is O or not loglog n Doche and Habsieger 2008 Wei Yu , Saud Al Musa, and Bao Li Double-Base Chains for Scalar Multiplications on Elliptic Curves

  18. Hamming Weight of DBCs Efforts to investigate the lower bound of DBCs Dimitrov and Howe: there exist infinitely many integers n 1 whose shortest double-base number system � � log n representations have Hamming weights Ω . loglog n logloglog n � log n � Lou, Sun, and Tartary: there exists at least one − bit 2 integer such that any DBC representing this integer needs �� terms. at least Ω �� log n Wei Yu , Saud Al Musa, and Bao Li Double-Base Chains for Scalar Multiplications on Elliptic Curves

  19. Hamming Weight of DBCs The number of DBCs of a positive integer is infinite 1 The leading term of its DBC may be infinite 2 Wei Yu , Saud Al Musa, and Bao Li Double-Base Chains for Scalar Multiplications on Elliptic Curves

  20. Hamming Weight of DBCs:The Range of the Leading Term of Optimal DBCs and Canonic DBCs Disanto, Imbert, and Philippe 2014 showed 2 b l 3 t l > n 2 . Let n be a positive integer represented as a DBC. This work shows n 2 < 2 b l 3 t l < 2 n when w is an optimal DBC 1 16 n 21 < 2 b l 3 t l < 9 n 7 when w is a canonic DBC 2 Wei Yu , Saud Al Musa, and Bao Li Double-Base Chains for Scalar Multiplications on Elliptic Curves

  21. Hamming Weight of DBCs An asymptotic lower bound of the average Hamming weights of canonic DBCs for ( log n ) − bit integers is log n 8 . 25 . This answers Doche’s open question. Wei Yu , Saud Al Musa, and Bao Li Double-Base Chains for Scalar Multiplications on Elliptic Curves

  22. Hamming Weight of DBCs Figure: The Hamming weight of canonic DBCs of integers 0 . 2 Hamming weight divided by log n 0 . 19 0 . 18 7 0 1 2 3 4 5 6 8 9 10 hundred bits of integers ( log n ) Wei Yu , Saud Al Musa, and Bao Li Double-Base Chains for Scalar Multiplications on Elliptic Curves

  23. Hamming Weight of DBCs 0 . 182887log n for 1000 − bit integers, 1 0 . 181101log n for 2000 − bit integers, 2 0 . 179822log n for 3000 − bit integers. 3 This value of the Hamming weight given for 3000 − bit integers still has a distance from the theoretical lower bound log n 8 . 25 . Wei Yu , Saud Al Musa, and Bao Li Double-Base Chains for Scalar Multiplications on Elliptic Curves

  24. Dynamic Programming Algorithm to Produce Optimal DBCs algorithm time complexity ( O ) space complexity ( O ) � 2 � log n Doche 2014 exponential � 4 � 3 Capuñay and Thériault 2015 � log n � log n Bernstein, Chuengsatiansup, � 2 . 5 � 2 . 5 � log n � log n and Lange 2017 � 2 loglog n � 2 Dynamic Programming (new) � log n � log n Wei Yu , Saud Al Musa, and Bao Li Double-Base Chains for Scalar Multiplications on Elliptic Curves

  25. Dynamic Programming Algorithm to Produce Optimal DBCs Dynamic programming solves problems by combining the solutions of subproblems. Two key characteristics optimal substructure 1 overlapping subproblems 2 Wei Yu , Saud Al Musa, and Bao Li Double-Base Chains for Scalar Multiplications on Elliptic Curves

  26. Dynamic Programming Algorithm to Produce Optimal DBCs:Blueprint Characterize the structure of an optimal solution Recursively define the value of an optimal solution Compute a DBC with the smallest Hamming weight in a bottom-up fashion Construct an optimal DBC from computed information Wei Yu , Saud Al Musa, and Bao Li Double-Base Chains for Scalar Multiplications on Elliptic Curves

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Side-Channel Analysis on Blinded Regular Scalar Multiplications Benoit Feix Mylne Roussellet

Side-Channel Analysis on Blinded Regular Scalar Multiplications Benoit Feix Mylne Roussellet

Side-Channel Analysis on Blinded Regular Scalar Multiplications Benoit Feix Mylne Roussellet Alexandre Venelli Thales Communications &amp; Security Target of our paper 2 / 2 / Elliptic Curve Cryptosystems (ECC) implemented on

471 views • 46 slides
Scalar Multiplication and Addition Chains Peter Birkner Department of Mathematics, Technical

Scalar Multiplication and Addition Chains Peter Birkner Department of Mathematics, Technical

Motivation Left-To-Right Binary Right-To-Left Binary Signed Digit Representations Windowing Methods Scalar Multiplication and Addition Chains Peter Birkner Department of Mathematics, Technical University of Denmark Summer School on Elliptic

773 views • 17 slides
Recent Advances in Parallel Implementations of Scalar Multiplication over Binary Elliptic Curves

Recent Advances in Parallel Implementations of Scalar Multiplication over Binary Elliptic Curves

Recent Advances in Parallel Implementations of Scalar Multiplication over Binary Elliptic Curves C. Negre and J.M. Robert april 8, 2015 1 / 39 Outline Overview of elliptic curve cryptography 1 Implementation of F 2 m arithmetic 2 Elliptic

781 views • 75 slides
Symmetric Digit Sets for Elliptic Curve Scalar Multiplication Clemens Heuberger Michela Mazzoli

Symmetric Digit Sets for Elliptic Curve Scalar Multiplication Clemens Heuberger Michela Mazzoli

Symmetric Digit Sets for Elliptic Curve Scalar Multiplication Clemens Heuberger Michela Mazzoli Alpen-Adria-Universit at Klagenfurt, Austria Linz, 2013-11-15 1 Outline Introduction 1 Complex Base 2 Symmetry 3 2 Introduction 1

977 views • 29 slides
Scalar decomposition on elliptic curves GLV, GLS, and beyond Benjamin Smith Laboratoire

Scalar decomposition on elliptic curves GLV, GLS, and beyond Benjamin Smith Laboratoire

Scalar decomposition on elliptic curves GLV, GLS, and beyond Benjamin Smith Laboratoire dInformatique de l Ecole polytechnique (LIX) and INRIA Saclay Ile-de-France BAC May 24, 2013 Smith (INRIA/LIX) Scalar decomposition on

1.92k views • 23 slides
Elliptic Curve Cryptography on Embedded Devices Scalar Multiplication and Side-Channel Attacks

Elliptic Curve Cryptography on Embedded Devices Scalar Multiplication and Side-Channel Attacks

Elliptic Curves Side-Channel Countermeasures Conclusion Elliptic Curve Cryptography on Embedded Devices Scalar Multiplication and Side-Channel Attacks Vincent Verneuil 1 , 2 1 Inside Secure 2 Institut de Math ematiques de Bordeaux S

2.22k views • 188 slides
Lattice Attacks against Elliptic-Curve Signatures with Blinded Scalar Multiplication Dahmun

Lattice Attacks against Elliptic-Curve Signatures with Blinded Scalar Multiplication Dahmun

Lattice Attacks against Elliptic-Curve Signatures with Blinded Scalar Multiplication Dahmun Goudarzi, Matthieu Rivain, Damien Vergnaud SAC 2016, 12 Aug, St. Johns Outline EC signature schemes based on random nonces computed from [ k ]

696 views • 52 slides
Pushing the Limits of High-Speed GF (2 m ) Elliptic Curve Scalar Multiplier on FPGAs Chester

Pushing the Limits of High-Speed GF (2 m ) Elliptic Curve Scalar Multiplier on FPGAs Chester

Pushing the Limits of High-Speed GF (2 m ) Elliptic Curve Scalar Multiplier on FPGAs Chester Rebeiro, Sujoy Sinha Roy, and Debdeep Mukhopadhyay Secured Embedded Architecture Lab Indian Institute of Technology Kharagpur India 9/12/2012 CHES

720 views • 45 slides
A scalar conservation law with discontinuous flux for supply chains with finite buffers. Dieter

A scalar conservation law with discontinuous flux for supply chains with finite buffers. Dieter

A scalar conservation law with discontinuous flux for supply chains with finite buffers. Dieter Armbruster School of Mathematical and Statistical Sciences, Arizona State University &amp; Department of Mechanical Engineering Eindhoven

613 views • 30 slides
Improved regularity for elliptic equations in the double-divergence form Edgard A. Pimentel

Improved regularity for elliptic equations in the double-divergence form Edgard A. Pimentel

Improved regularity for elliptic equations in the double-divergence form Edgard A. Pimentel PUC-Rio, Rio de Janeiro Swedish Summer PDEs KTH, Stockholm 26 August 2019 General overview General overview 1. Elliptic equations in the

1.43k views • 106 slides
Use of Markov Chains to Design an Agent Bidding Strategy for Continuous Double Auctions Sunju

Use of Markov Chains to Design an Agent Bidding Strategy for Continuous Double Auctions Sunju

Use of Markov Chains to Design an Agent Bidding Strategy for Continuous Double Auctions Sunju Park Management Science and Information Systems Department Rutgers Business School, Rutgers University Edmund H. Durfee Artificial Intelligence

841 views • 24 slides
Practical Evaluation of Protected RNS Scalar Multiplication CHES 2019 By Louiza

Practical Evaluation of Protected RNS Scalar Multiplication CHES 2019 By Louiza

Practical Evaluation of Protected RNS Scalar Multiplication CHES 2019 By Louiza Papachristodoulou Joint work with A. Fournaris, K. Papagiannopoulos, L. Batina Out utli line Residue Number System in Elliptic Curve Cryptography

468 views • 17 slides
msb( x ) in O(1) steps using 5 multiplications [M.L. Fredman, D.E. Willard, Surpassing the

msb( x ) in O(1) steps using 5 multiplications [M.L. Fredman, D.E. Willard, Surpassing the

msb( x ) in O(1) steps using 5 multiplications [M.L. Fredman, D.E. Willard, Surpassing the information theoretic bound with fusion trees , Journal of Computer and [ , , p g f f , p System Sciences 47 (3): 424436, 1993] Word size n =

184 views • 16 slides
msb( x ) in O(1) steps using 5 multiplications [M.L. Fredman, D.E. Willard, Surpassing the

msb( x ) in O(1) steps using 5 multiplications [M.L. Fredman, D.E. Willard, Surpassing the

msb( x ) in O(1) steps using 5 multiplications [M.L. Fredman, D.E. Willard, Surpassing the information-theoretic bound with fusion trees , Journal of Computer and System Sciences 47 (3): 424 436, 1993] Word size n = g g , g a power of 2

511 views • 17 slides
Optimizing multiplications with vector instructions Chitchanok Chuengsatiansup INRIA and ENS de

Optimizing multiplications with vector instructions Chitchanok Chuengsatiansup INRIA and ENS de

Optimizing multiplications with vector instructions Chitchanok Chuengsatiansup INRIA and ENS de Lyon 4 June 2018 Chitchanok Chuengsatiansup Optimizing multiplications with vector instructions 1 Introduction Current position: Postdoc (INRIA

1.32k views • 82 slides
Classical and Quantum Aspects of Introduction and Motivation the String Double Sigma Model

Classical and Quantum Aspects of Introduction and Motivation the String Double Sigma Model

Classical and Quantum Aspects of the String Double Sigma Model Franco Pezzella Classical and Quantum Aspects of Introduction and Motivation the String Double Sigma Model Hodge-Dual Symmetric Free Scalar Fields in 2D Double Sigma

1.09k views • 96 slides
Neither Snow Nor Rain Nor MITM... Real World Email Delivery Security Zakir Durumeric

Neither Snow Nor Rain Nor MITM... Real World Email Delivery Security Zakir Durumeric

Neither Snow Nor Rain Nor MITM... Real World Email Delivery Security Zakir Durumeric University of Michigan How is your everyday email protected? Neither Snow Nor Rain Nor MITM... An Empirical Analysis of Email Delivery Security

943 views • 44 slides
CSE543 - Introduction to Computer and Network Security Module: Spam Professor Trent Jaeger Fall

CSE543 - Introduction to Computer and Network Security Module: Spam Professor Trent Jaeger Fall

534 views • 22 slides
#NODES #2k19 Earth (Milky Road), 10/10/2019 larus-ba.it/neo4j @AgileLARUS Agenda Agenda

#NODES #2k19 Earth (Milky Road), 10/10/2019 larus-ba.it/neo4j @AgileLARUS Agenda Agenda

larus-ba.it/neo4j @AgileLARUS Streaming Graph Data with Kafka Andrea Santurbano / @santand84 #NODES #2k19 Earth (Milky Road), 10/10/2019 larus-ba.it/neo4j @AgileLARUS Agenda Agenda Introduction Partnership Neo4j and Larus What

728 views • 41 slides
Time-Varying Rates of Return, Bonds, Yield Curves (Welch, Chapter 05) Ivo Welch Maintained

Time-Varying Rates of Return, Bonds, Yield Curves (Welch, Chapter 05) Ivo Welch Maintained

Time-Varying Rates of Return, Bonds, Yield Curves (Welch, Chapter 05) Ivo Welch Maintained Assumptions Perfect Markets 1. No differences in opinion. 2. No taxes. 3. No transaction costs. 4. No big sellers/buyersinfinitely many clones

1.1k views • 64 slides
Overview Weak entity sets and keys Design principles CS 235: Examples Introduction to

Overview Weak entity sets and keys Design principles CS 235: Examples Introduction to

Overview Weak entity sets and keys Design principles CS 235: Examples Introduction to Databases Svetlozar Nestorov Lecture Notes #3 CS 235: Intro to DB; S. Nestorov 12 Example: Email Addresses Weak Entity Sets Sometimes an

522 views • 3 slides
Thank you for joining us for this AmerisourceBergen webinar. The broadcast has not started yet.

Thank you for joining us for this AmerisourceBergen webinar. The broadcast has not started yet.

Thank you for joining us for this AmerisourceBergen webinar. The broadcast has not started yet. Both audio and visuals are available through the Skype Meeting Broadcast link and are accessible via any mobile browser. Fifth Manufacturer

372 views • 16 slides
accessing Outlook via the Outlook Web App (OWA) This user guide will show you how to access

accessing Outlook via the Outlook Web App (OWA) This user guide will show you how to access

User guide for accessing Outlook via the Outlook Web App (OWA) This user guide will show you how to access Outlook via Outlook Web App (OWA), including: 1. How to logon to the OWA for the first time 2. How to view the new Outlook 3. How to

358 views • 9 slides
Extreme Value Analysis Amir AghaKouchak Email: amir.a@uci.edu Web:

Extreme Value Analysis Amir AghaKouchak Email: amir.a@uci.edu Web:

Stationary and Non-Stationary Extreme Value Analysis Amir AghaKouchak Email: amir.a@uci.edu Web: http://amir.eng.uci.edu/ Nonstationary Extreme Value Analysis Extreme Value Analysis

736 views • 50 slides

More recommend