1 / 17

Graduate School of Natural Science and Technology Okayama University

Two Improvements of Twisted Ate Pairing with Barreto–Naehrig Curve by Dividing Miller’s Algorithm. Graduate School of Natural Science and Technology Okayama University Yumi Sakemi, Hidehiro Kato, Shoichi Takeuchi, Yasuyuki Nogami and Yoshitaka Morikawa. Pairing based cryptography.

andrewijohnson
Télécharger la présentation

Graduate School of Natural Science and Technology Okayama University

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Two Improvements of Twisted Ate Pairing with Barreto–Naehrig Curve by Dividing Miller’s Algorithm Graduate School of Natural Science and Technology Okayama University Yumi Sakemi, Hidehiro Kato, Shoichi Takeuchi, Yasuyuki Nogami and Yoshitaka Morikawa

  2. Pairing based cryptography Elliptic curve cryptography Finite field theory Background • Pairing based cryptography • Identity(ID)-based cryptography (Sakai et al. 2000) • Group signature (Boneh et al. 2003) ・・・ expensive operation!! Pairing An efficient algorithm for pairing calculation is required. 2

  3. Elliptic Curve over Finite Field • Finite fields Prime field Extension Field embedding degree • Elliptic curve over Group of rational points on the curve:  order of : : ●: rational point 3

  4. Pairing Group1 e Group3 order= r order = r Group2 order = r multiplicative additive 4

  5. Pairing Group1 order = r Group3 order = r Group2 order = r 5

  6. Pairing Group1 order = r Group3 order = r Group2 order = r 6

  7. Pairing Bilinearity Group1 order = r Group3 order = r Group2 order = r Innovative cryptographic applications are based on bilinearity of pairing. 7

  8. Final exponentiation Pairing Miller’s algorithm Miller’s algorithm Group1 order = r Group3 order = r Group2 order = r Several improvements for pairing Ate Weil Twisted Ate Tate (1994) (2006) (1946) (2006) slow fast 8

  9. Elliptic curve of k =12 Parameters p, r and t of BN curve are given by integer variable as Barreto-Naehrig(BN) Curve 9

  10. Miller’s Algorithm Input : i-th bit of the binary representation of s from the lower main loop yes no additional operation no yes Hw(s) is large → computationally expensive Output : Hw(s) : Hamming Weight of s 10

  11. Twisted Ate Pairing with BN Curve We can select of small hamming weight. : integer It is not easy to control the Hw(s) small !! 11

  12. proposed method Miller’s algorithm ( ) Miller’s algorithm ( ) Miller’s algorithm ( ) Combining Output Improvement 1 Improvement 1 is based on divisor theorem conventional method Miller’s algorithm ( s ) Out put 12

  13. fab = fab・fb An exponentiation is additionally required !! fap= fap・fp Frobenius mapping Improvement 2 Miller’s algorithm ( ab) Miller’s algorithm ( a) fa fb Miller’s algorithm ( b) combining Output fab 12

  14. proposed method Miller’s algorithm ( ) Miller’s algorithm (p) combining and some calculations Output Improvement 2 fsis given by fc and fp. s = ( 6c- 3 ) p + ( 6c- 1) s = 36c3- 18c2+ 6c- 1 conventional method Miller’s algorithm ( s ) Out put 13

  15. Computational environment

  16. Experimental results [ms] -14.8% 14

  17. Conclusion • We proposed two improvements for twisted Ate pairing. • It was shown that they have almost the same efficiency. 16

More Related