96 research outputs found
Fast, uniform, and compact scalar multiplication for elliptic curves and genus 2 Jacobians with applications to signature schemes
We give a general framework for uniform, constant-time one-and
two-dimensional scalar multiplication algorithms for elliptic curves and
Jacobians of genus 2 curves that operate by projecting to the x-line or Kummer
surface, where we can exploit faster and more uniform pseudomultiplication,
before recovering the proper "signed" output back on the curve or Jacobian.
This extends the work of L{\'o}pez and Dahab, Okeya and Sakurai, and Brier and
Joye to genus 2, and also to two-dimensional scalar multiplication. Our results
show that many existing fast pseudomultiplication implementations (hitherto
limited to applications in Diffie--Hellman key exchange) can be wrapped with
simple and efficient pre-and post-computations to yield competitive full scalar
multiplication algorithms, ready for use in more general discrete
logarithm-based cryptosystems, including signature schemes. This is especially
interesting for genus 2, where Kummer surfaces can outperform comparable
elliptic curve systems. As an example, we construct an instance of the Schnorr
signature scheme driven by Kummer surface arithmetic
Computer Architectures for Cryptosystems Based on Hyperelliptic Curves
Security issues play an important role in almost all modern communication and computer networks. As Internet applications continue to grow dramatically, security requirements have to be strengthened. Hyperelliptic curve cryptosystems (HECC) allow for shorter operands at the same level of security than other public-key cryptosystems, such as RSA or Diffie-Hellman. These shorter operands appear promising for many applications. Hyperelliptic curves are a generalization of elliptic curves and they can also be used for building discrete logarithm public-key schemes. A major part of this work is the development of computer architectures for the different algorithms needed for HECC. The architectures are developed for a reconfigurable platform based on Field Programmable Gate Arrays (FPGAs). FPGAs combine the flexibility of software solutions with the security of traditional hardware implementations. In particular, it is possible to easily change all algorithm parameters such as curve coefficients and underlying finite field. In this work we first summarized the theoretical background of hyperelliptic curve cryptosystems. In order to realize the operation addition and doubling on the Jacobian, we developed architectures for the composition and reduction step. These in turn are based on architectures for arithmetic in the underlying field and for arithmetic in the polynomial ring. The architectures are described in VHDL (VHSIC Hardware Description Language) and the code was functionally verified. Some of the arithmetic modules were also synthesized. We provide estimates for the clock cycle count for a group operation in the Jacobian. The system targeted was HECC of genus four over GF(2^41)
Proxy Blind Signature using Hyperelliptic Curve Cryptography
Blind signature is the concept to ensure anonymity of e-coins. Untracebility and unlinkability are two main properties of real coins and should also be mimicked electronically. A user has to fulll above two properties of blind signature for permission to spend an e-coin. During the last few years, asymmetric cryptosystems based on curve based cryptographiy have become very popular, especially for embedded applications. Elliptic curves(EC) are a special case of hyperelliptic curves (HEC). HEC operand size is only a fraction of the EC operand size. HEC cryptography needs a group order of size at least 2160. In particular, for a curve of genus two eld Fq with p 280 is needeed. Therefore, the eld arithmetic has to be performed using 80-bit long operands. Which is much better than the RSA using 1024 bit key length. The hyperelliptic curve is best suited for the resource constraint environments. It uses lesser key and provides more secure transmisstion of data
Hyperelliptic Curve Cryptosystems: Closing the Performance Gap to Elliptic Curves (Update)
For most of the time since they were proposed, it was widely
believed that hyperelliptic curve cryptosystems (HECC) carry a
substantial performance penalty compared to elliptic curve
cryptosystems (ECC) and are, thus, not too attractive for
practical applications. Only quite recently improvements have been
made, mainly restricted to curves of genus 2. The work at hand
advances the state-of-the-art considerably in several aspects.
First, we generalize and improve the closed formulae for the group
operation of genus 3 for HEC defined over fields of characteristic
two. For certain curves we achieve over 50% complexity improvement
compared to the best previously published results. Second, we
introduce a new complexity metric for ECC and HECC defined over
characteristic two fields which allow performance comparisons of
practical relevance. It can be shown that the HECC performance is
in the range of the performance of an ECC; for specific
parameters HECC can even possess a lower complexity than an ECC at
the same security level. Third, we describe the first
implementation of a HEC cryptosystem on an embedded (ARM7)
processor. Since HEC are particularly attractive for constrained
environments, such a case study should be of relevance
Pairing computation on hyperelliptic curves of genus 2
Bilinear pairings have been recently used to construct cryptographic schemes with new and novel properties, the most celebrated example being the Identity Based Encryption scheme of Boneh and Franklin. As pairing computation is generally the most computationally intensive part of any painng-based cryptosystem, it is essential to investigate new ways in which to compute pairings efficiently.
The vast majority of the literature on pairing computation focuscs solely on using elliptic curves. In this thesis we investigate pairing computation on supersingular hyperelliptic curves of genus 2 Our aim is to provide a practical alternative to using elliptic curves for pairing based cryptography. Specifically, we illustrate how to implement pairings efficiently using genus 2 curves, and how to attain performance comparable to using elliptic curves.
We show that pairing computation on genus 2 curves over F2m can outperform elliptic curves by using a new variant of the Tate pairing, called the r¡j pairing, to compute the fastest pairing implementation in the literature to date We also show for the first time how the final exponentiation required to compute the Tate pairing can be avoided for certain hyperelliptic curves.
We investigate pairing computation using genus 2 curves over large prime fields, and detail various techniques that lead to an efficient implementation, thus showing that these curves are a viable candidate for practical use
A Generic Approach to Searching for Jacobians
We consider the problem of finding cryptographically suitable Jacobians. By
applying a probabilistic generic algorithm to compute the zeta functions of low
genus curves drawn from an arbitrary family, we can search for Jacobians
containing a large subgroup of prime order. For a suitable distribution of
curves, the complexity is subexponential in genus 2, and O(N^{1/12}) in genus
3. We give examples of genus 2 and genus 3 hyperelliptic curves over prime
fields with group orders over 180 bits in size, improving previous results. Our
approach is particularly effective over low-degree extension fields, where in
genus 2 we find Jacobians over F_{p^2) and trace zero varieties over F_{p^3}
with near-prime orders up to 372 bits in size. For p = 2^{61}-1, the average
time to find a group with 244-bit near-prime order is under an hour on a PC.Comment: 22 pages, to appear in Mathematics of Computatio
Co-Z Divisor Addition Formulae in Jacobian of Genus 2 Hyperelliptic Curves over Prime Fields
In this paper we proposed a new approach to divisor scalar multiplication in Jacobian of genus 2 hyperelliptic curves over fields with odd characteristic, without field inversion. It is based on improved addition formulae of the weight 2 divisors in projective divisor representation in most frequent case that suit very well to scalar multiplication algorithms based on Euclidean addition chains
- …