An O(M(n) log n) algorithm for the Jacobi symbol

The best known algorithm to compute the Jacobi symbol of two n-bit integers runs in time O(M(n) log n), using Sch\"onhage's fast continued fraction algorithm combined with an identity due to Gauss. We give a different O(M(n) log n) algorithm based on the binary recursive gcd algorithm of Stehl\'e and Zimmermann. Our implementation - which to our knowledge is the first to run in time O(M(n) log n) - is faster than GMP's quadratic implementation for inputs larger than about 10000 decimal digits.Comment: Submitted to ANTS IX (Nancy, July 2010

Efficient Algorithms for gcd and Cubic Residuosity in the Ring of Eisenstein Integers

We present simple and efficient algorithms for computing gcd and cubic residuosity in the ring of Eisenstein integers, Z[zeta] , i.e. the integers extended with zeta , a complex primitive third root of unity. The algorithms are similar and may be seen as generalisations of the binary integer gcd and derived Jacobi symbol algorithms. Our algorithms take time O(n^2) for n bit input. This is an improvement from the known results based on the Euclidian algorithm, and taking time O(n· M(n)), where M(n) denotes the complexity of multiplying n bit integers. The new algorithms have applications in practical primality tests and the implementation of cryptographic protocols. The technique underlying our algorithms can be used to obtain equally fast algorithms for gcd and quartic residuosity in the ring of Gaussian integers, Z[i]

Secure Sealed-Bid Online Auctions Using Discreet Cryptographic Proofs

Abstract This work describes the design and implementation of an auction system using secure multiparty computation techniques. Our aim is to produce a system that is practical under actual field constraints on computation, memory, and communication. The underlying protocol is privacy-preserving, that is, the winning bid is determined without information about the losing bids leaking to either the auctioneer or other bidders. Practical implementation of the protocol is feasible using circuit-based cryptographic proofs along with additively homomorphic bit commitment. Moreover, we propose the development of a Proof Certificate standard. These certificates convey sufficient information to recreate the cryptographic proofs and verify them offline

Reconfigurable Architectures for Cryptographic Systems

Field Programmable Gate Arrays (FPGAs) are suitable platforms for implementing cryptographic algorithms in hardware due to their flexibility, good performance and low power consumption. Computer security is becoming increasingly important and security requirements such as key sizes are quickly evolving. This creates the need for customisable hardware designs for cryptographic operations capable of covering a large design space. In this thesis we explore the four design dimensions relevant to cryptography - speed, area, power consumption and security of the crypto-system - by developing parametric designs for public-key generation and encryption as well as side-channel attack countermeasures. There are four contributions. First, we present new architectures for Montgomery multiplication and exponentiation based on variable pipelining and variable serial replication. Our implementations of these architectures are compared to the best implementations in the literature and the design space is explored in terms of speed and area trade-offs. Second, we generalise our Montgomery multiplier design ideas by developing a parametric model to allow rapid optimisation of a general class of algorithms containing loops with dependencies carried from one iteration to the next. By predicting the throughput and the area of the design, our model facilitates and speeds up design space exploration. Third, we develop new architectures for primality testing including the first hardware architecture for the NIST approved Lucas primality test. We explore the area, speed and power consumption trade-offs by comparing our Lucas architectures on CPU, FPGA and ASIC. Finally, we tackle the security issue by presenting two novel power attack countermeasures based on on-chip power monitoring. Our constant power framework uses a closed-loop control system to keep the power consumption of any FPGA implementation constant. Our attack detection framework uses a network of ring-oscillators to detect the insertion of a shunt resistor-based power measurement circuit on a device's power rail. This countermeasure is lightweight and has a relatively low power overhead compared to existing masking and hiding countermeasures

A Binary Algorithm for the Jacobi Symbol

We present a new algorithm to compute the Jacobi symbol, based on Stein's binary algorithm for the greatest common divisor, and we determine the worst-case behavior of this algorithm. Our implementation of the algorithm runs approximately 7--25% faster than traditional methods on inputs of size 100--1000 decimal digits. 1 Introduction Efficient computation of the Jacobi symbol \Gamma a n \Delta is an important component of the Monte Carlo primality test of Solovay and Strassen [9]. Algorithms for computing the Jacobi symbol can also be found on symbolic algebra systems such as Mathematica and Maple. Several efficient algorithms modeled on Euclid's algorithm for computing the greatest common divisor (gcd) have been proposed and analyzed; see, for example, [12, 3, 8]. Indeed, it is possible to compute \Gamma a n \Delta in O((log a)(log n)) bit operations using the "naive arithmetic" model. Using Schonhage's result [7], it is possible (see [1]) to compute \Gamma a n \Delta (..